diff --git a/src/db/session-db.ts b/src/db/session-db.ts
index ca152763d..addc39dbf 100644
--- a/src/db/session-db.ts
+++ b/src/db/session-db.ts
@@ -32,6 +32,14 @@ export function openOutboundDb(dbPath: string): Database.Database {
   return db;
 }
 
+/** Open the outbound DB for a session with write access. Only safe to call when no container is running. */
+export function openOutboundDbRw(dbPath: string): Database.Database {
+  const db = new Database(dbPath);
+  db.pragma('journal_mode = DELETE');
+  db.pragma('busy_timeout = 5000');
+  return db;
+}
+
 export function upsertSessionRouting(
   db: Database.Database,
   routing: { channel_type: string | null; platform_id: string | null; thread_id: string | null },
diff --git a/src/host-sweep.ts b/src/host-sweep.ts
index 30cdc642f..09c82ac76 100644
--- a/src/host-sweep.ts
+++ b/src/host-sweep.ts
@@ -43,7 +43,7 @@ import {
   type ContainerState,
 } from './db/session-db.js';
 import { log } from './log.js';
-import { openInboundDb, openOutboundDb, inboundDbPath, heartbeatPath } from './session-manager.js';
+import { openInboundDb, openOutboundDb, openOutboundDbRw, inboundDbPath, heartbeatPath } from './session-manager.js';
 import { isContainerRunning, killContainer, wakeContainer } from './container-runner.js';
 import type { Session } from './types.js';
 
@@ -302,8 +302,17 @@ function resetStuckProcessingRows(
   // agent-runner has a chance to run clearStaleProcessingAcks() on startup.
   // We're safe to write outbound.db here because we just killed the container
   // that owned it (or it crashed and left no writer behind).
-  const cleared = deleteOrphanProcessingClaims(outDb);
-  if (cleared > 0) {
-    log.info('Cleared orphan processing claims', { sessionId: session.id, cleared, reason });
+  // outDb was opened readonly for reads above; reopen with write access for this delete.
+  let outDbRw: Database.Database | null = null;
+  try {
+    outDbRw = openOutboundDbRw(session.agent_group_id, session.id);
+    const cleared = deleteOrphanProcessingClaims(outDbRw);
+    if (cleared > 0) {
+      log.info('Cleared orphan processing claims', { sessionId: session.id, cleared, reason });
+    }
+  } catch (err) {
+    log.warn('Failed to clear orphan processing claims', { sessionId: session.id, err });
+  } finally {
+    outDbRw?.close();
   }
 }
diff --git a/src/session-manager.ts b/src/session-manager.ts
index 6b0065593..e3f3f7a0c 100644
--- a/src/session-manager.ts
+++ b/src/session-manager.ts
@@ -30,6 +30,7 @@ import {
   ensureSchema,
   openInboundDb as openInboundDbRaw,
   openOutboundDb as openOutboundDbRaw,
+  openOutboundDbRw as openOutboundDbRwRaw,
   upsertSessionRouting,
   insertMessage,
   migrateMessagesInTable,
@@ -355,6 +356,11 @@ export function openOutboundDb(agentGroupId: string, sessionId: string): Databas
   return openOutboundDbRaw(outboundDbPath(agentGroupId, sessionId));
 }
 
+/** Open the outbound DB for a session with write access. Only safe to call when no container is running. */
+export function openOutboundDbRw(agentGroupId: string, sessionId: string): Database.Database {
+  return openOutboundDbRwRaw(outboundDbPath(agentGroupId, sessionId));
+}
+
 /**
  * Write a message directly to a session's outbound DB so the host delivery
  * loop picks it up. Used by the command gate to send denial responses