openclaw: context lens — durable run history, ship sync, run-capture hardening#5936
openclaw: context lens — durable run history, ship sync, run-capture hardening#5936patosullivan wants to merge 1 commit into
Conversation
patosullivan
changed the title
…e hardening Streams bot-run introspection (trigger, context sources, tool calls, writes, timeline) from the gateway, models runs beyond replies (cron/background/ internal), and hardens tool lifecycle tracking, event delivery, and run-queue handling. - Durable run history: finalized runs persist to a disk store and mirror to the bot ship's %context-lens agent (payloads as serialized-JSON cords), fanning out to owner ships — no gateway reachability required from devices. - Config & auth: zod config schema, bearer-token routes, effective-enablement gating, botShip stamping in the reference blob. - Full tool arguments as expandable detail (argumentDetail) for the client inspector. Migrated from tloncorp/openclaw-tlon#161 (authored by ~wsa). Rebased onto current master, relocated to packages/openclaw under monorepo conventions, and stacked on the #160 presence-fixes sync. Security note: argumentDetail ships raw tool parameters in run payloads synced to the ship. Run visibility is owner-only today; these payloads must gain redaction before visibility is ever widened. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
patosullivan
force-pushed
the
po/migrate-context-lens
branch
from
9bc08d6 to
9a757f3
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9bc08d6e93
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (owners.length === 0) { | ||
| api.logger.info( | ||
| '[tlon] Context lens ship sync disabled: no owners configured (set contextLens.owners or ownerShip)' | ||
| ); | ||
| return false; |
There was a problem hiding this comment.
If a previously-enabled process is re-initialized with contextLens.enabled still true for the HTTP routes but with owners/ownerShip removed, this early return leaves the old listener from shipSyncUnsubscribeSlot subscribed. Subsequent lens events are still poked to the old owner ships even though sync was disabled in the new config, so the disabled path should unsubscribe and clear the shared slot before returning.
Useful? React with 👍 / 👎.
| const lensConfig = resolveTlonAccount(api.config).contextLens; | ||
| if (!lensConfig.enabled || !lensConfig.store.enabled) { | ||
| return null; | ||
| } |
There was a problem hiding this comment.
When a reload changes only contextLens.store.enabled to false while another reader path keeps context lens active, this return does not clear storeSlot or unsubscribe the previous store writer. Final lens events will continue to be appended to the old JSONL path, and /run can still fall back to that stale store, which violates the disabled store setting.
Useful? React with 👍 / 👎.
| return; | ||
| } | ||
|
|
||
| unsubscribe = subscribeToContextLensEvents((event) => { |
There was a problem hiding this comment.
The SSE handler snapshots and replays recent events before the live listener is attached, so an event published after listRecentContextLensEvents() but before this subscribeToContextLensEvents() call is neither in the replay nor delivered live. Clients connecting during an active run can permanently miss that transition; attach the listener before taking/replaying the snapshot, or re-scan after subscribing using maxSentSeq.
Useful? React with 👍 / 👎.
2 participants
Summary
Streams bot-run introspection events (trigger, context sources, tool calls, writes, timeline) from the gateway, models runs beyond replies (cron/background/internal), and hardens tool lifecycle tracking, event delivery, and run-queue handling.
%context-lensagent (payloads as serialized-JSON cords), fanning out to owner ships — no gateway reachability required from devices.botShipstamping in the reference blob.argumentDetail) for the client inspector.Stacking / migration
master, relocated topackages/openclaw, squashed.developonce that merges.%context-lensagent (Add %context-lens agent for durable owner-side bot run history #5926) consume what it produces.Security note
argumentDetailships raw tool parameters in run payloads synced to the ship. Run visibility is owner-only today; these payloads must gain redaction/filtering before visibility is ever widened (secrets/tokens/file contents can appear in tool args).Test plan
pnpm tsc --noEmitcleanpnpm testinpackages/openclaw)media.tsneeded reconciliation — #161's positive allowlist supersedes it and still skips a2ui)