Mission Control

Artifacts

K
← Back to artifacts

JAM-32: workspace auto-commit cron routing fix

OtherDraftCreated Apr 9, 20265 min readFull screen ↗

JAM-32: workspace auto-commit cron routing fix

Date: 2026-04-08 21:45 PDT Owner: David Status: ready for review

Findings summary

  • There were two live cron jobs named Workspace Auto-Commit, both on */30 * * * *.
  • The noisy job was be18274b-907e-4982-a969-ecbef17f4e3d, an isolated agentTurn job on agent david, targeted to Discord channel 1482462184180289767 (openclaw-infra).
  • The clean job was 702c6707-bc9c-423d-8a15-4caa54afaea9, a systemEvent job on main, already running with lastDeliveryStatus: not-requested.
  • Routine success noise in openclaw-infra came from the agent-based job, not the system-event job.
  • The historical half-hour auth failure, Failed to extract accountId from token, traces to the OpenAI Codex OAuth token/accountId extraction path used by the agent cron path. It is not from workspace-commit.sh and not from Discord delivery.
  • Recent git history showed the auto-commit path was also vacuuming browser profile cache churn and runtime state files, causing low-value commits every 30 minutes.

Root cause

1. Duplicate cron jobs were running the same backup script

Live jobs before fix:

  • be18274b-907e-4982-a969-ecbef17f4e3d
  • agentId: david
  • sessionTarget: isolated
  • payload kind: agentTurn
  • message: Run workspace auto-commit: bash /Users/vinny/.openclaw/workspace/scripts/workspace-commit.sh
  • delivery target: Discord 1482462184180289767
  • 702c6707-bc9c-423d-8a15-4caa54afaea9
  • agent: main
  • sessionTarget: main
  • payload kind: systemEvent
  • text: bash /Users/vinny/.openclaw/workspace/scripts/workspace-commit.sh
  • no normal delivery requested

This meant the same script was being executed twice every 30 minutes.

2. Success spam was caused by the isolated agent cron, not the silent system-event cron

The david cron used an agent turn with a Discord channel target. Even though its delivery config was marked silent, the agent still produced a normal reply into the bound channel. That is why openclaw-infra was getting routine messages like:

  • No changes to commit.
  • Committed and pushed: auto: ...

The main systemEvent job did not do that. Its state already showed lastDeliveryStatus: not-requested.

3. The half-hour auth failure was in model auth, not in the backup script

Evidence:

  • Historical run records for the noisy isolated job include Failed to extract accountId from token.
  • The same error string exists in OpenClaw's installed OpenAI Codex provider code at:
  • /opt/homebrew/lib/node_modules/openclaw/node_modules/@mariozechner/pi-ai/dist/providers/openai-codex-responses.js:683
  • That code throws when a JWT access token does not contain https://api.openai.com/auth.chatgpt_account_id.

So the half-hour failure was coming from the agent/model auth layer for the isolated agent cron path. It was not caused by Git, the shell script, or Discord channel routing.

The same noisy job later drifted into a different failure mode, rate_limit, which further supports that the broken component was the agent/model execution path itself.

4. Auto-commit noise was real, and mostly low-value runtime churn

Recent .openclaw git history showed repeated auto commits of:

  • browser/openclaw/user-data/...
  • cron/jobs.json
  • cron/jobs.json.bak
  • cron/runs/*.jsonl
  • devices/paired.json
  • identity/device-auth.json
  • subagents/runs.json

Examples from recent commit subjects:

  • auto: cron/jobs.json, cron/jobs.json.bak, cron/runs/...
  • auto: browser/openclaw/user-data/Default/...

So even with routing fixed, the backup path still needed a narrow exclude pass for runtime noise.

Fix shipped

A. Disabled the noisy duplicate job

Disabled:

  • be18274b-907e-4982-a969-ecbef17f4e3d

This removes the agent/model path that was responsible for both:

  • routine success spam in openclaw-infra
  • the historical Failed to extract accountId from token failures

B. Kept the deterministic system-event cron and made it explicit auto mode

Retained:

  • 702c6707-bc9c-423d-8a15-4caa54afaea9

Changed payload to:

bash
bash /Users/vinny/.openclaw/workspace/scripts/workspace-commit.sh --auto

C. Added failure-only alerting to openclaw-infra

Added failureAlert to the surviving system-event job:

  • channel: discord
  • to: 1482462184180289767
  • accountId: vinny
  • mode: announce
  • after: 1
  • cooldown: 30m

Result:

  • routine success stays silent
  • real failures still surface in infra
  • no agent/model auth path is involved for normal success runs

D. Tightened auto-commit exclusions in workspace-commit.sh

Added --auto mode to /Users/vinny/.openclaw/workspace/scripts/workspace-commit.sh.

In --auto mode, it now unstages runtime noise before commit:

  • browser/openclaw/user-data
  • cron/jobs.json
  • cron/jobs.json.bak
  • cron/runs
  • devices/paired.json
  • identity/device-auth.json
  • restart-sentinel.json
  • subagents/runs.json
  • update-check.json

Manual runs without --auto keep previous behavior.

E. Auto mode now fails hard on push failure

In --auto mode only, a failed git push now exits non-zero.

That matters because it lets the cron's failureAlert surface a real backup failure instead of silently accepting a local-only commit.

Manual runs still keep the prior best-effort push behavior.

Validation

Live cron validation

openclaw cron status after fix:

  • cron enabled: true
  • store path: /Users/vinny/.openclaw/cron/jobs.json

openclaw cron list after fix:

  • only 702c6707-bc9c-423d-8a15-4caa54afaea9 remains enabled for Workspace Auto-Commit
  • target: main
  • status: ok
  • next run scheduled normally

Direct job state after fix:

  • be18274b-907e-4982-a969-ecbef17f4e3d: enabled: false
  • 702c6707-bc9c-423d-8a15-4caa54afaea9: enabled: true, failureAlert configured, payload uses --auto

Script validation

Validated workspace-commit.sh with temporary local git repos using OPENCLAW_REPO_ROOT override.

Test 1, excluded-only changes

Changed only:

  • browser/openclaw/user-data/...
  • cron/jobs.json
  • cron/runs/...

Result:

  • exit code 0
  • output: No changes to commit.
  • excluded runtime noise was not committed

Test 2, real tracked change plus excluded noise

Changed:

  • tracked.txt
  • plus excluded browser noise

Result:

  • commit created and pushed successfully
  • commit subject: auto: tracked.txt
  • only tracked.txt was committed

Test 3, push failure in auto mode

Simulated a repo with no valid upstream push target.

Result:

  • auto mode exited with code 1
  • stderr included: Auto-commit push failed: auto: tracked.txt

This confirms the cron will now emit a real failure signal on backup delivery failure.

Deferred work

Low risk, not required for JAM-32 completion:

  1. Consider deleting the disabled duplicate cron job after a day or two of clean runs. I left it disabled, not deleted, to keep history and make rollback easy.
  2. If Pete wants a dedicated low-signal cron-status channel instead of openclaw-infra, that is a product/ops decision, not required for this fix.
  3. Existing noisy commits already in git history are left untouched. This fix stops new ones from the cron path.

Files changed

  • /Users/vinny/.openclaw/workspace/scripts/workspace-commit.sh
  • /Users/vinny/.openclaw/cron/jobs.json
  • /Users/vinny/.openclaw/cron/jobs.json.bak

Ready for review

Yes.

Artifact URL

Not derivable from current local config. Local path:

/Users/vinny/.openclaw/workspace/artifacts/jam-32-auto-commit-cron-routing-fix-2026-04-08.md