openclaw
diff --git a/‎src/auto-reply/dispatch.test.ts‎
Lines changed: 104 additions & 2 deletions b/‎src/auto-reply/dispatch.test.ts‎
Lines changed: 104 additions & 2 deletions
diff --git a/‎src/auto-reply/dispatch.ts‎
Lines changed: 88 additions & 11 deletions b/‎src/auto-reply/dispatch.ts‎
Lines changed: 88 additions & 11 deletions
diff --git a/‎src/auto-reply/inbound.test.ts‎
Lines changed: 8 additions & 4 deletions b/‎src/auto-reply/inbound.test.ts‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎src/auto-reply/reply/abort.test.ts‎
Lines changed: 5 additions & 0 deletions b/‎src/auto-reply/reply/abort.test.ts‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/auto-reply/reply/abort.ts‎
Lines changed: 4 additions & 0 deletions b/‎src/auto-reply/reply/abort.ts‎
Lines changed: 4 additions & 0 deletions
@@ -1,9 +1,22 @@
-import { describe, expect, it, vi } from "vitest";
+import { beforeEach, describe, expect, it, vi } from "vitest";
 import type { OpenClawConfig } from "../config/config.js";
-import { dispatchInboundMessage, withReplyDispatcher } from "./dispatch.js";
+import {
+  dispatchInboundMessage,
+  dispatchRecoveredPendingReply,
+  withReplyDispatcher,
+} from "./dispatch.js";
 import type { ReplyDispatcher } from "./reply/reply-dispatcher.js";
 import { buildTestCtx } from "./reply/test-ctx.js";
 
+vi.mock("../infra/message-journal/inbound.js", () => ({
+  acceptInboundOrSkip: vi.fn(() => true),
+  completeInboundTurn: vi.fn(),
+}));
+
+// Import after mock registration so we get the spy instances.
+const { acceptInboundOrSkip, completeInboundTurn } =
+  await import("../infra/message-journal/inbound.js");
+
 function createDispatcher(record: string[]): ReplyDispatcher {
   return {
     sendToolResult: () => true,
@@ -89,3 +102,92 @@ describe("withReplyDispatcher", () => {
     expect(order).toEqual(["sendFinalReply", "markComplete", "waitForIdle"]);
   });
 });
+
+describe("dispatchInboundMessage — journal integration", () => {
+  function makeDispatcher(): ReplyDispatcher {
+    return {
+      sendToolResult: () => true,
+      sendBlockReply: () => true,
+      sendFinalReply: () => true,
+      getQueuedCounts: () => ({ tool: 0, block: 0, final: 0 }),
+      markComplete: vi.fn(),
+      waitForIdle: vi.fn(async () => {}),
+    };
+  }
+
+  beforeEach(() => {
+    vi.mocked(acceptInboundOrSkip).mockClear().mockReturnValue(true);
+    vi.mocked(completeInboundTurn).mockClear();
+  });
+
+  it("calls acceptInboundOrSkip and assigns PendingReplyId when absent", async () => {
+    const ctx = buildTestCtx(); // no PendingReplyId set
+    expect(ctx.PendingReplyId).toBeUndefined();
+
+    await dispatchInboundMessage({
+      ctx,
+      cfg: {} as OpenClawConfig,
+      dispatcher: makeDispatcher(),
+      replyResolver: async () => ({ text: "ok" }),
+    });
+
+    expect(acceptInboundOrSkip).toHaveBeenCalledTimes(1);
+    // dispatch should have generated a UUID and set it on ctx
+    const calledCtx = vi.mocked(acceptInboundOrSkip).mock.calls[0][0];
+    expect(typeof calledCtx.PendingReplyId).toBe("string");
+    expect(calledCtx.PendingReplyId!.length).toBeGreaterThan(0);
+  });
+
+  it("calls completeInboundTurn('delivered') after successful dispatch", async () => {
+    await dispatchInboundMessage({
+      ctx: buildTestCtx(),
+      cfg: {} as OpenClawConfig,
+      dispatcher: makeDispatcher(),
+      replyResolver: async () => ({ text: "ok" }),
+    });
+
+    expect(completeInboundTurn).toHaveBeenCalledTimes(1);
+    expect(vi.mocked(completeInboundTurn).mock.calls[0][1]).toBe("delivered");
+  });
+
+  it("skips journal tracking for heartbeats", async () => {
+    await dispatchInboundMessage({
+      ctx: buildTestCtx(),
+      cfg: {} as OpenClawConfig,
+      dispatcher: makeDispatcher(),
+      replyOptions: { isHeartbeat: true },
+      replyResolver: async () => ({ text: "ok" }),
+    });
+
+    expect(acceptInboundOrSkip).not.toHaveBeenCalled();
+    expect(completeInboundTurn).not.toHaveBeenCalled();
+  });
+
+  it("returns early without dispatching when acceptInboundOrSkip returns false (duplicate)", async () => {
+    vi.mocked(acceptInboundOrSkip).mockReturnValue(false);
+    const dispatcher = makeDispatcher();
+    const sendFinalReply = vi.spyOn(dispatcher, "sendFinalReply");
+
+    await dispatchInboundMessage({
+      ctx: buildTestCtx({ MessageSid: "dup-msg-001" }),
+      cfg: {} as OpenClawConfig,
+      dispatcher,
+      replyResolver: async () => ({ text: "ok" }),
+    });
+
+    expect(sendFinalReply).not.toHaveBeenCalled();
+    expect(completeInboundTurn).not.toHaveBeenCalled();
+  });
+
+  it("skips journal insert for orphan recovery re-dispatches", async () => {
+    await dispatchRecoveredPendingReply({
+      ctx: buildTestCtx({ PendingReplyId: "orphan-turn-001" }),
+      cfg: {} as OpenClawConfig,
+      dispatcher: makeDispatcher(),
+      replyResolver: async () => ({ text: "ok" }),
+    });
+
+    // acceptInboundOrSkip must NOT be called — orphan recovery re-uses the existing row
+    expect(acceptInboundOrSkip).not.toHaveBeenCalled();
+  });
+});
@@ -1,4 +1,7 @@
 import type { OpenClawConfig } from "../config/config.js";
+import { logVerbose } from "../globals.js";
+import { acceptInboundOrSkip, completeInboundTurn } from "../infra/message-journal/inbound.js";
+import { generateSecureUuid } from "../infra/secure-random.js";
 import type { DispatchFromConfigResult } from "./reply/dispatch-from-config.js";
 import { dispatchReplyFromConfig } from "./reply/dispatch-from-config.js";
 import { finalizeInboundContext } from "./reply/inbound-context.js";
@@ -32,25 +35,99 @@ export async function withReplyDispatcher<T>(params: {
   }
 }
 
-export async function dispatchInboundMessage(params: {
+type DispatchInboundMessageInternalParams = {
   ctx: MsgContext | FinalizedMsgContext;
   cfg: OpenClawConfig;
   dispatcher: ReplyDispatcher;
   replyOptions?: Omit<GetReplyOptions, "onToolResult" | "onBlockReply">;
   replyResolver?: typeof import("./reply.js").getReplyFromConfig;
-}): Promise<DispatchInboundResult> {
-  const finalized = finalizeInboundContext(params.ctx);
-  return await withReplyDispatcher({
-    dispatcher: params.dispatcher,
+  /** True when re-dispatching a recovered orphan turn — skips dedup + journal insert. */
+  isOrphanReplyRecovery?: boolean;
+};
+
+async function dispatchInboundMessageInternal({
+  ctx,
+  cfg,
+  dispatcher,
+  replyOptions,
+  replyResolver,
+  isOrphanReplyRecovery = false,
+}: DispatchInboundMessageInternalParams): Promise<DispatchInboundResult> {
+  const finalized = finalizeInboundContext(ctx);
+
+  // Journal-based dedup + orphan-recovery tracking.
+  // Only runs for real inbound turns (not heartbeats, not recovery replays).
+  const shouldTrackTurn = !isOrphanReplyRecovery && replyOptions?.isHeartbeat !== true;
+
+  let pendingReplyId: string | undefined;
+  if (shouldTrackTurn) {
+    // Generate a stable turn ID if the caller didn't provide one.
+    if (!finalized.PendingReplyId?.trim()) {
+      finalized.PendingReplyId = generateSecureUuid();
+    }
+    pendingReplyId = finalized.PendingReplyId;
+    // acceptInboundOrSkip returns false when this external_id was already processed
+    // (duplicate delivery from the channel). Skip immediately if so.
+    try {
+      const accepted = acceptInboundOrSkip(finalized);
+      if (!accepted) {
+        const channel =
+          finalized.OriginatingChannel ?? finalized.Surface ?? finalized.Provider ?? "unknown";
+        const externalId = finalized.MessageSid ?? "(no message id)";
+        logVerbose(
+          `dispatch: deduped inbound turn — channel=${channel} external_id=${externalId} account=${finalized.AccountId ?? ""} turn=${pendingReplyId}`,
+        );
+        return { queuedFinal: false, counts: dispatcher.getQueuedCounts() };
+      }
+    } catch (err) {
+      // Journal errors must not block message processing.
+      logVerbose(`dispatch: journal accept failed (continuing): ${String(err)}`);
+    }
+  }
+
+  const result = await withReplyDispatcher({
+    dispatcher,
     run: () =>
       dispatchReplyFromConfig({
         ctx: finalized,
-        cfg: params.cfg,
-        dispatcher: params.dispatcher,
-        replyOptions: params.replyOptions,
-        replyResolver: params.replyResolver,
+        cfg,
+        dispatcher,
+        replyOptions,
+        replyResolver,
       }),
   });
+
+  // Mark turn delivered after dispatcher fully drains (including queued replies).
+  if (pendingReplyId) {
+    try {
+      completeInboundTurn(pendingReplyId, "delivered");
+    } catch (err) {
+      logVerbose(`dispatch: journal complete failed: ${String(err)}`);
+    }
+  }
+
+  return result;
+}
+
+export async function dispatchInboundMessage(params: {
+  ctx: MsgContext | FinalizedMsgContext;
+  cfg: OpenClawConfig;
+  dispatcher: ReplyDispatcher;
+  replyOptions?: Omit<GetReplyOptions, "onToolResult" | "onBlockReply">;
+  replyResolver?: typeof import("./reply.js").getReplyFromConfig;
+}): Promise<DispatchInboundResult> {
+  return dispatchInboundMessageInternal(params);
+}
+
+/** Re-dispatch a recovered orphan turn — skips dedup check and journal insert. */
+export async function dispatchRecoveredPendingReply(params: {
+  ctx: MsgContext | FinalizedMsgContext;
+  cfg: OpenClawConfig;
+  dispatcher: ReplyDispatcher;
+  replyOptions?: Omit<GetReplyOptions, "onToolResult" | "onBlockReply">;
+  replyResolver?: typeof import("./reply.js").getReplyFromConfig;
+}): Promise<DispatchInboundResult> {
+  return dispatchInboundMessageInternal({ ...params, isOrphanReplyRecovery: true });
 }
 
 export async function dispatchInboundMessageWithBufferedDispatcher(params: {
@@ -64,7 +141,7 @@ export async function dispatchInboundMessageWithBufferedDispatcher(params: {
     params.dispatcherOptions,
   );
   try {
-    return await dispatchInboundMessage({
+    return await dispatchInboundMessageInternal({
       ctx: params.ctx,
       cfg: params.cfg,
       dispatcher,
@@ -87,7 +164,7 @@ export async function dispatchInboundMessageWithDispatcher(params: {
   replyResolver?: typeof import("./reply.js").getReplyFromConfig;
 }): Promise<DispatchInboundResult> {
   const dispatcher = createReplyDispatcher(params.dispatcherOptions);
-  return await dispatchInboundMessage({
+  return await dispatchInboundMessageInternal({
     ctx: params.ctx,
     cfg: params.cfg,
     dispatcher,
 
@@ -166,7 +166,9 @@ describe("inbound dedupe", () => {
     expect(buildInboundDedupeKey(ctx)).toBe("telegram|telegram:123|42");
   });
 
-  it("skips duplicates with the same key", () => {
+  it("shouldSkipDuplicateInbound is deprecated and always returns false (dedup is now SQLite-backed)", () => {
+    // shouldSkipDuplicateInbound has been replaced by acceptInboundOrSkip in the message journal.
+    // The stub always returns false to avoid breaking callers until they are removed.
     resetInboundDedupe();
     const ctx: MsgContext = {
       Provider: "whatsapp",
@@ -175,7 +177,7 @@ describe("inbound dedupe", () => {
       MessageSid: "msg-1",
     };
     expect(shouldSkipDuplicateInbound(ctx, { now: 100 })).toBe(false);
-    expect(shouldSkipDuplicateInbound(ctx, { now: 200 })).toBe(true);
+    expect(shouldSkipDuplicateInbound(ctx, { now: 200 })).toBe(false); // deprecated: always false
   });
 
   it("does not dedupe when the peer changes", () => {
@@ -193,7 +195,9 @@ describe("inbound dedupe", () => {
     ).toBe(false);
   });
 
-  it("does not dedupe across session keys", () => {
+  it("shouldSkipDuplicateInbound does not dedupe across session keys (deprecated stub)", () => {
+    // shouldSkipDuplicateInbound is a deprecated no-op; it always returns false.
+    // Real per-session dedup is performed by acceptInboundOrSkip in the message journal.
     resetInboundDedupe();
     const base: MsgContext = {
       Provider: "whatsapp",
@@ -209,7 +213,7 @@ describe("inbound dedupe", () => {
     ).toBe(false);
     expect(
       shouldSkipDuplicateInbound({ ...base, SessionKey: "agent:alpha:main" }, { now: 300 }),
-    ).toBe(true);
+    ).toBe(false); // deprecated: always false
   });
 });
 
 
@@ -25,6 +25,11 @@ vi.mock("../../agents/pi-embedded.js", () => ({
   resolveEmbeddedSessionLane: (key: string) => `session:${key.trim() || "main"}`,
 }));
 
+// Stub journal so abort tests don't attempt to open a real SQLite DB.
+vi.mock("../../infra/message-journal/inbound.js", () => ({
+  abortProcessingInboundForSession: vi.fn(),
+}));
+
 const commandQueueMocks = vi.hoisted(() => ({
   clearCommandLane: vi.fn(),
 }));
 
@@ -16,6 +16,7 @@ import {
   updateSessionStore,
 } from "../../config/sessions.js";
 import { logVerbose } from "../../globals.js";
+import { abortProcessingInboundForSession } from "../../infra/message-journal/inbound.js";
 import { parseAgentSessionKey } from "../../routing/session-key.js";
 import { resolveCommandAuthorization } from "../command-auth.js";
 import { normalizeCommandBody, type CommandNormalizeOptions } from "../commands-registry.js";
@@ -330,6 +331,9 @@ export async function tryFastAbortFromMessage(params: {
         nextEntry.updatedAt = Date.now();
         nextStore[key] = nextEntry;
       });
+      // Mark any in-flight inbound journal entries for this session as 'aborted'
+      // so orphan recovery won't re-dispatch them after a restart.
+      abortProcessingInboundForSession(key);
     } else if (abortKey) {
       setAbortMemory(abortKey, true);
     }