OpenClaw Issue Digest: Memory Sync Regressions, Sandbox Security, and Runtime Parity

Open Issues

Recent activity in the OpenClaw repository reveals a mix of critical performance regressions, security gaps in the sandboxing layer, and a significant architectural push toward runtime parity between the Pi and Codex engines.

Performance & Stability

One of the most severe regressions reported is a performance degradation in session memory sync (#40919). The current implementation uses a full delete-and-reinsert pattern for .claude/session.jsonl files every 1.5 seconds. As conversations grow, this creates massive database write pressure and CPU spikes, leading to noticeable UI responsiveness issues.

Similarly, a critical bug in the openclaw update command on Windows (#40540) causes EBUSY errors because the process attempts to rename its own running directory, effectively blocking self-updates.

Security & Sandboxing

Several high-severity security issues have been identified in the sandbox implementation:

Fork Bomb Vulnerability (#38604): Sandbox containers are created without a default pidsLimit, allowing a compromised agent to exhaust host PID slots via a fork bomb.
Path Guard Failures (#39497): The read tool path guard rejects valid /agent/ mount paths in read-only sandboxed sessions, breaking file access for sub-agents.
SSRF Risks (#38931): Users have requested a "confirm" mode for internal network access to balance the current binary choice between total block and total allow.

Runtime Parity & QA

There is a major effort underway to ensure parity between the Pi and Codex runtimes (#80171). This includes the development of a QA harness to detect "drift" in tool-call shapes and result interpretations. Initial findings already show a regression where the Codex app-server returns unsupported read results in approval follow-throughs (#80236), which the new harness is designed to catch before Codex becomes the default OpenAI runtime.

Key Themes

1. Memory and Context Management

There is a recurring theme of "context bloat" and inefficient memory handling. Beyond the session sync bug, users are requesting "Smart Context Assembly" (#80218) to replace the current practice of injecting entire bootstrap files (like MEMORY.md) into every turn with a RAG-based filtering approach. This is echoed by requests for better visibility into context window usage in the UI (#40215).

2. Channel-Specific Integration Gaps

Several issues highlight the friction in multi-platform deployments:

Telegram: Issues with media placeholders (#40991) and session key mismatches for cron-initiated DM threads (#80212).
Discord: A lack of reaction event support in the Hooks system (#38714) and routing fallbacks to the default agent instead of matching by account name (#39428).
Feishu: Identity confusion in group chats where multiple bots are present (#40194).

3. Plugin SDK Architecture

Issue #80219 outlines a comprehensive plan to consolidate the Plugin SDK. The goal is to move away from a flat OpenClawPluginApi toward a grouped family model (e.g., api.session.workflow, api.agent.events) and introduce explicit lifecycle semantics (declaration vs late_call_live) to reduce API sprawl.

Action Required

High Severity / Blockers

#40919 (Memory Sync): Immediate transition to incremental sync is required to prevent system instability in long-running sessions.
#38604 (PIDs Limit): A default pidsLimit must be implemented to prevent host-level DoS via fork bombs.
#40540 (Windows Update): The self-update logic needs to be decoupled from the running process to enable Windows users to upgrade.

Blocked / Critical Attention

#79026 (Active-Memory Deadlock): The recall sub-agent can deadlock on the main lane; a dedicated lane for active-memory is needed.
#80158 (Transcript Rotation): Consumers of session history (like memory-core) are reading tail-only JSONL files as complete history, leading to silent data loss during indexing.
#76063 (MCP Tool Regression): MCP server tools are missing from agent request bodies in recent versions, causing agents to fabricate capabilities.