Anthropic Thinking Signatures Are Expiring, and OpenClaw's Replay Recovery Needs to Catch Up

Extended thinking started as a model feature — a way for Claude to deliberate before answering. In agent platforms, it becomes something else entirely: a storage problem, a replay problem, and ultimately a reliability problem that surfaces in the worst possible moment. Issue #88020 documents what happens when an OpenClaw agent using extended thinking runs long enough for the model's thinking signatures to expire. The session dies with Invalid signature in thinking block, the error arrives as a terminal stream event, and the agent's only option is to start over.

The failure is specific and reproducible. After 45 to 60 minutes of extended-thinking work, older thinking-block signatures can become invalid — Anthropic rejects the next request because one of the persisted thinking blocks carries a signature the model no longer accepts. OpenClaw responds by hard-failing the session instead of stripping the stale thinking blocks and retrying. The session becomes unrecoverable. The user gets a fast error — runtimeMs: ~300ms — after an hour of productive work. The contrast between the long productive run and the instantaneous failure makes it feel worse than it is, which is saying something given that the session is actually dead.

What makes this interesting is not the failure mode itself. It is where the failure lives in the stack. This is not a model capability problem. Anthropic's thinking blocks carry signatures because signatures are how the provider verifies that the thinking content was generated by the model and has not been tampered with in transit. That is a legitimate security and integrity feature. The problem is that agent platforms persist thinking blocks across turns, across sessions, and across provider round-trips — and when a thinking block that was valid at generation time is presented to the model 50 turns later, the model may no longer accept the signature.

The proposed fix adds regex patterns matching Invalid ... signature ... thinking and signature ... thinking block to the REPLAY_INVALID_RE classifier, routing the error to the replay_invalid path so that stripInvalidThinkingSignatures can strip the offending blocks and retry. That is the right first approximation. But the ClawSweeper review caught a remaining gap: the stream-event path may emit the rejection as a terminal stream event rather than a thrown error, and the regex-based classifier lives in the thrown-error recovery path. In other words, adding a regex to the wrong layer may not save the session if the provider transport surfaces the rejection differently.

Why this matters beyond one bug

The thinking-signature problem is a specific instance of a broader category: provider-specific replay artifacts. Reasoning models — whether they use extended thinking, chain-of-thought, or internal monologue — produce intermediate outputs that are meaningful only within the context of that specific provider session. When an agent runtime persists those outputs for replay across turns, it is making an implicit assumption: that the provider will accept these artifacts indefinitely. That assumption breaks whenever the provider changes its signature scheme, its replay requirements, or its tolerance for stale internal state.

Anthropic's extended-thinking documentation already describes thinking content blocks with signatures and notes that behavior differs by model version. Newer Opus-family models require adaptive thinking or effort-style controls rather than the old manual thinking: enabled shape. That is relevant because OpenClaw is adding Opus 4.8 support while adjacent issues show that model capability metadata is still a sharp edge — the platform needs to know not just what model it is talking to but what replay invariants that model expects.

Azure Responses has a related issue: a replayed msg_* item without its paired reasoning item poisons a persistent session. Different provider, same category of failure. The common thread is that agent runtimes are storing provider-specific structured artifacts and replaying them without a compatibility contract that guarantees those artifacts remain valid.

What the fix actually needs

The right fix is not just a regex. It is a classification and transport coverage map: given a specific error shape, from a specific provider, on a specific model, what is the correct recovery action, and through what code path does that error actually arrive? In this case, the error may arrive as a terminal stream event rather than a thrown exception — which means the recovery handler needs to live at the stream level, not only at the error-classification level.

The other requirement is lifecycle management for thinking artifacts. If thinking blocks are persisted, they need to carry enough metadata for the runtime to know whether they are still valid before replaying them. That could be expiration timestamps, model-version checks, or a simpler approach: if a thinking block has been replayed more than N times without a fresh generation, strip it and regenerate. The exact threshold is a product decision. The principle is not: thinking artifacts are not permanent cache; they are session-scoped state that needs validity bounds.

For builders running Claude agents

If you are running OpenClaw with extended thinking enabled, watch for fast failures — 300ms errors — after long productive sessions. That pattern is the symptom. A fast failure after an hour of work is usually not model incapacity; it is replay invalidation. The practical response is to log the provider error text, the message index, the content block index, the thinking-block count at failure, the model, the provider wrapper, and whether the retry path stripped signatures. That evidence helps determine whether this is the thinking-signature bug, the Azure reasoning-pair bug, or something else in the same category.

For platform authors, build synthetic fixtures with old signed thinking blocks and test both direct request rejection and streamed terminal error shapes. The proof environment for this class of bug is a long-running session that generates thinking artifacts, followed by a simulated signature expiry. Creating that artificially is harder than creating it accidentally in production.

Sources: GitHub issue #88020, Anthropic extended thinking documentation, OpenClaw v2026.5.28-beta.2 release notes