惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
小众软件
小众软件
博客园_首页
博客园 - 聂微东
V
V2EX
WordPress大学
WordPress大学
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - 司徒正美
博客园 - 三生石上(FineUI控件)
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
S
SegmentFault 最新的问题
J
Java Code Geeks
Last Week in AI
Last Week in AI
The Cloudflare Blog
月光博客
月光博客
雷峰网
雷峰网
宝玉的分享
宝玉的分享
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Hugging Face - Blog
Hugging Face - Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
有赞技术团队
有赞技术团队
人人都是产品经理
人人都是产品经理
博客园 - Franky
腾讯CDC
Jina AI
Jina AI
博客园 - 叶小钗
大猫的无限游戏
大猫的无限游戏
阮一峰的网络日志
阮一峰的网络日志
量子位
爱范儿
爱范儿
美团技术团队
T
Tailwind CSS Blog
博客园 - 【当耐特】
D
Docker
IT之家
IT之家
V
Visual Studio Blog
P
Proofpoint News Feed
L
LangChain Blog
Engineering at Meta
Engineering at Meta
C
Check Point Blog
G
Google Developers Blog
Google DeepMind News
Google DeepMind News
云风的 BLOG
云风的 BLOG
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Microsoft Azure Blog
Microsoft Azure Blog
B
Blog RSS Feed
Recorded Future
Recorded Future

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
docs(tools): rewrite loop detection, code execution, and tighten elev… · openclaw/openclaw@180e295
vincentkoc · 2026-05-06 · via Recent Commits to openclaw:main

@@ -5,37 +5,45 @@ read_when:

55

- A user reports agents getting stuck repeating tool calls

66

- You need to tune repetitive-call protection

77

- You are editing agent tool/runtime policies

8+

- You hit `compaction_loop_persisted` aborts after a context-overflow retry

89

---

91010-

OpenClaw can keep agents from getting stuck in repeated tool-call patterns.

11-

The guard is **disabled by default**.

11+

OpenClaw has two cooperating guardrails for repetitive tool-call patterns:

121213-

Enable it only where needed, because it can block legitimate repeated calls with strict settings.

13+

1. **Loop detection** (`tools.loopDetection.enabled`) — disabled by default. Watches the rolling tool-call history for repeated patterns and unknown-tool retries.

14+

2. **Post-compaction guard** (`tools.loopDetection.postCompactionGuard`) — enabled by default unless `tools.loopDetection.enabled` is explicitly `false`. Arms after every compaction-retry and aborts the run when the agent emits the same `(tool, args, result)` triple within the window.

15+16+

Both are configured under the same `tools.loopDetection` block, but the post-compaction guard runs whenever the master switch is not explicitly off. Set `tools.loopDetection.enabled: false` to silence both surfaces.

14171518

## Why this exists

16191720

- Detect repetitive sequences that do not make progress.

1821

- Detect high-frequency no-result loops (same tool, same inputs, repeated errors).

1922

- Detect specific repeated-call patterns for known polling tools.

23+

- Prevent context-overflow then compaction then same-loop cycles from running indefinitely.

20242125

## Configuration block

222623-

Global defaults:

27+

Global defaults, with every documented field shown:

24282529

```json5

2630

{

2731

tools: {

2832

loopDetection: {

29-

enabled: false,

33+

enabled: false, // master switch for the rolling-history detectors

3034

historySize: 30,

3135

warningThreshold: 10,

3236

criticalThreshold: 20,

37+

unknownToolThreshold: 10,

3338

globalCircuitBreakerThreshold: 30,

3439

detectors: {

3540

genericRepeat: true,

3641

knownPollNoProgress: true,

3742

pingPong: true,

3843

},

44+

postCompactionGuard: {

45+

windowSize: 3, // armed after compaction-retry; runs unless enabled is explicitly false

46+

},

3947

},

4048

},

4149

}

@@ -64,67 +72,83 @@ Per-agent override (optional):

64726573

### Field behavior

667467-

- `enabled`: Master switch. `false` means no loop detection is performed.

68-

- `historySize`: number of recent tool calls kept for analysis.

69-

- `warningThreshold`: threshold before classifying a pattern as warning-only.

70-

- `criticalThreshold`: threshold for blocking repetitive loop patterns.

71-

- `globalCircuitBreakerThreshold`: global no-progress breaker threshold.

72-

- `detectors.genericRepeat`: detects repeated same-tool + same-params patterns.

73-

- `detectors.knownPollNoProgress`: detects known polling-like patterns with no state change.

74-

- `detectors.pingPong`: detects alternating ping-pong patterns.

75-76-

For `exec`, no-progress checks compare stable command outcomes and ignore volatile runtime metadata such as duration, PID, session ID, and working directory.

77-

When a run id is available, recent tool-call history is evaluated only within that run so scheduled heartbeat cycles and fresh runs do not inherit stale loop counts from earlier runs.

75+

| Field | Default | Effect |

76+

| -------------------------------- | ------- | ------------------------------------------------------------------------------------------------------------------------------- |

77+

| `enabled` | `false` | Master switch for the rolling-history detectors. Setting `false` also disables the post-compaction guard. |

78+

| `historySize` | `30` | Number of recent tool calls kept for analysis. |

79+

| `warningThreshold` | `10` | Threshold before a pattern is classified as warning-only. |

80+

| `criticalThreshold` | `20` | Threshold for blocking repetitive loop patterns. |

81+

| `unknownToolThreshold` | `10` | Block repeated calls to the same unavailable tool after this many misses. |

82+

| `globalCircuitBreakerThreshold` | `30` | Global no-progress breaker threshold across all detectors. |

83+

| `detectors.genericRepeat` | `true` | Detects repeated same-tool + same-params patterns. |

84+

| `detectors.knownPollNoProgress` | `true` | Detects known polling-like patterns with no state change. |

85+

| `detectors.pingPong` | `true` | Detects alternating ping-pong patterns. |

86+

| `postCompactionGuard.windowSize` | `3` | Number of post-compaction tool calls during which the guard stays armed and the count of identical triples that aborts the run. |

87+88+

For `exec`, no-progress checks compare stable command outcomes and ignore volatile runtime metadata such as duration, PID, session ID, and working directory. When a run id is available, recent tool-call history is evaluated only within that run so scheduled heartbeat cycles and fresh runs do not inherit stale loop counts from earlier runs.

78897990

## Recommended setup

809181-

- For smaller models, start with `enabled: true`, defaults unchanged. Flagship models rarely need loop detection and can leave it disabled.

92+

- For smaller models, set `enabled: true` and leave the thresholds at their defaults. Flagship models rarely need rolling-history detection and can leave the master switch at `false` while still benefiting from the post-compaction guard.

8293

- Keep thresholds ordered as `warningThreshold < criticalThreshold < globalCircuitBreakerThreshold`.

8394

- If false positives occur:

84-

- raise `warningThreshold` and/or `criticalThreshold`

85-

- (optionally) raise `globalCircuitBreakerThreshold`

86-

- disable only the detector causing issues

87-

- reduce `historySize` for less strict historical context

95+

- Raise `warningThreshold` and/or `criticalThreshold`.

96+

- Optionally raise `globalCircuitBreakerThreshold`.

97+

- Disable only the specific detector causing issues (`detectors.<name>: false`).

98+

- Reduce `historySize` for less strict historical context.

99+

- To disable everything (including the post-compaction guard), set `tools.loopDetection.enabled: false` explicitly.

8810089101

## Post-compaction guard

9010291-

When the runner completes an auto-compaction-retry (after a context-overflow), it arms a short-window guard that watches the next few tool calls. If the agent emits the _same_ `(toolName, args, result)` triple multiple times within that window, the guard concludes that compaction did not break the loop and aborts the run with a `compaction_loop_persisted` error.

103+

When the runner completes a compaction-retry after a context-overflow, it arms a short-window guard that watches the next few tool calls. If the agent emits the same `(toolName, argsHash, resultHash)` triple multiple times within the window, the guard concludes that compaction did not break the loop and aborts the run with a `compaction_loop_persisted` error.

9210493-

This is a separate code path from the global `tools.loopDetection` detectors. It is independently configurable:

105+

The guard is gated by the master `tools.loopDetection.enabled` flag with one twist: it stays **enabled when the flag is unset or `true`** and only deactivates when the flag is explicitly `false`. This is intentional. The guard exists to escape compaction loops that would otherwise burn unbounded tokens, so a no-config user still gets the protection.

9410695107

```json5

96108

{

97109

tools: {

98110

loopDetection: {

99-

enabled: true, // existing master switch; set false to disable loop guards

111+

// master switch; set false to disable the guard along with the rolling detectors

112+

enabled: true,

100113

postCompactionGuard: {

101-

windowSize: 3, // default: 3

114+

windowSize: 3, // default

102115

},

103116

},

104117

},

105118

}

106119

```

107120108-

- `windowSize`: number of post-compaction tool calls during which the guard stays armed _and_ the count of identical (tool, args, result) triples that triggers an abort.

121+

- Lower `windowSize` is stricter (fewer attempts before abort).

122+

- Higher `windowSize` gives the agent more recovery attempts.

123+

- The guard never aborts when results are changing, only when results are byte-identical across the window.

124+

- It is intentionally narrow: it fires only in the immediate aftermath of a compaction-retry.

109125110-

The guard never aborts when results are changing, only when results are byte-identical across the window. It is intentionally narrow: it fires only in the immediate aftermath of a compaction-retry.

126+

<Note>

127+

The post-compaction guard runs whenever the master flag is not explicitly `false`, even if you never wrote a `tools.loopDetection` block. To verify, look for `post-compaction guard armed for N attempts` in the gateway log immediately after a compaction event.

128+

</Note>

111129112130

## Logs and expected behavior

113131114-

When a loop is detected, OpenClaw reports a loop event and blocks or dampens the next tool-cycle depending on severity.

115-

This protects users from runaway token spend and lockups while preserving normal tool access.

116-117-

- Prefer warning and temporary suppression first.

118-

- Escalate only when repeated evidence accumulates.

119-120-

## Notes

132+

When a loop is detected, OpenClaw reports a loop event and either dampens or blocks the next tool-cycle depending on severity. This protects users from runaway token spend and lockups while preserving normal tool access.

121133122-

- `tools.loopDetection` is merged with agent-level overrides.

123-

- Per-agent config fully overrides or extends global values.

124-

- If no config exists, guardrails stay off.

134+

- Warnings come first.

135+

- Suppression follows when patterns persist past the warning threshold.

136+

- Critical thresholds block the next tool-cycle and surface a clear loop-detection reason in the run record.

137+

- The post-compaction guard emits `compaction_loop_persisted` errors with the offending tool name and identical-call count.

125138126139

## Related

127140128-

- [Exec approvals](/tools/exec-approvals)

129-

- [Thinking levels](/tools/thinking)

130-

- [Sub-agents](/tools/subagents)

141+

<CardGroup cols={2}>

142+

<Card title="Exec approvals" href="/tools/exec-approvals" icon="shield">

143+

Allow/deny policy for shell execution.

144+

</Card>

145+

<Card title="Thinking levels" href="/tools/thinking" icon="brain">

146+

Reasoning effort levels and provider-policy interaction.

147+

</Card>

148+

<Card title="Sub-agents" href="/tools/subagents" icon="users">

149+

Spawning isolated agents to bound runaway behavior.

150+

</Card>

151+

<Card title="Configuration reference" href="/gateway/configuration-reference" icon="gear">

152+

Full `tools.loopDetection` schema and merging semantics.

153+

</Card>

154+

</CardGroup>