The most useful sentence in an agent runtime may be the one that tells the agent what did not happen.
That sounds small until a tool call is denied, a provider catalog changes under a CLI, a model rollout sits behind an availability flag, or a privacy policy check needs to explain what posture the workspace is actually in. In those moments, vague failure is dangerous. The runtime needs a specific instruction: do not retry, use this fallback, route through this policy, emit this finding.
That is the pattern in a fresh set of commits from LangChain, Charmbracelet Crush, Google Gemini CLI, and OpenClaw. These projects are not implementing one shared standard. They are independently tightening the language around bad or gated states so agents and operators have something concrete to do next.
A rejected tool call now carries guidance
LangChain commit 17d1c274c changes the default behavior for a human-in-the-loop reject decision.
Before this patch, the default rejection message told the model that the user rejected the tool call. The new default is sharper: it says the tool was not executed and tells the model not to retry the same tool call unless the user explicitly asks for it.
That is more than copy editing. In an agent loop, a rejected tool call is still part of the transcript the model sees. If the message only says "rejected," a model can treat the denial as a temporary obstacle and try again. LangChain's new default turns the denial into a runtime instruction.
The tests show the intent. Unit coverage asserts the exact default error ToolMessage. A new integration test runs the middleware through a real agent, resumes with a reject decision, and checks that the model does not trigger the same tool call again. The commit also points to a matching docs pull request for custom rejection messages, so teams can supply domain-specific guidance instead of relying only on the default.
Missing models become fallbacks, not startup blockers
Charmbracelet Crush commit ffaeec192f handles a different kind of bad state: a provider's configured default model is no longer present.
The commit message names the edge case directly. A model can be removed from a provider catalog, and that should not be important enough to stop Crush from starting when another model is available. The code now warns when the default large or small model is missing, then uses the first configured provider model as a fallback.
The boundary is still explicit. If the provider has no models, Crush still returns an error. The change is narrower and more useful than pretending nothing went wrong: model missing means warn and choose a fallback; no models means fail.
Rollout state moves into model policy
Google Gemini CLI commit 665228e983 shows the same instinct in model routing. The patch adds Gemini 3.5 Flash configuration and threads a useGemini3_5Flash availability condition through model policy resolution.
The important part is not a broad availability claim. The evidence is narrower: the CLI's model config and policy helpers now have a way to route Flash aliases toward gemini-3.5-flash when the relevant flag is present, while preserving fallback paths when it is not.
That is how a rollout becomes operational state. The choice is not only "which string is the default model?" It is "which model chain should this user see under these conditions?" For agent tools that route requests automatically, that distinction is part of reliability.
Policy drift gets named as data-handling posture
OpenClaw commit 1d3cfc4b adds data-handling conformance checks to the policy plugin.
The new policy evidence covers sensitive logging redaction, telemetry content capture, session retention maintenance, and session transcript memory indexing. The doctor checks add named findings for disabled redaction, telemetry content capture, unenforced session retention, and enabled session transcript memory indexing.
The docs caveat is important: these checks observe configuration conformance. They do not inspect raw logs, telemetry exports, transcripts, memory files, secrets, or personal data. Even with that limit, the move matters. A privacy-sensitive posture becomes a visible finding instead of an invisible assumption.
The pattern is explicit next state
This is not the same story as yesterday's agent recovery piece. Recovery asks how a user backs out after work has begun. Today's commits ask what the system says when a step is denied, unavailable, gated, or nonconforming.
LangChain says the rejected tool did not run, so do not retry it unless asked. Crush says the default model is missing, so warn and use the first available model. Gemini CLI says model routing depends on an availability condition. OpenClaw says data-handling posture should produce explicit policy evidence and findings.
Those are small changes with a shared consequence: agent infrastructure is becoming less tolerant of ambiguous states. A serious agent runtime cannot only know that something went wrong. It has to encode what kind of wrong it was, what remains safe to do, and what the user or operator should see next.