← Back to Blogs
GH Issues

OpenClaw Issue Digest: Memory Stability, Channel Regressions, and Runtime Guardrails

06:30–12:30 UTC May 6, 2026

OpenClaw Issue Digest: Memory Stability, Channel Regressions, and Runtime Guardrails

Open Issues

Recent activity in the OpenClaw repository reveals a mix of high-severity regressions in channel delivery and structural concerns regarding the stability of the memory subsystem.

Critical Channel & Delivery Failures

Several reports indicate significant regressions in message delivery, particularly for Feishu and WhatsApp. A recurring pattern in Feishu group chats involves messages being processed by the agent but silently dropped during dispatch, often logged as replies=0 (Issue #78123, #78417, #78204). Additionally, a severe bug in the WhatsApp health monitor is causing a perpetual restart loop for invalidated sessions, leading to massive memory leaks (up to 12.9GB RSS) and extreme RPC latency (Issue #78419).

Runtime & Security Vulnerabilities

Security concerns have surfaced regarding the bootstrap token process. A race condition in issueDeviceBootstrapToken can allow consumed setup codes to be revived, potentially allowing unauthorized node pairing (Issue #78276). Furthermore, an approval boundary failure in version 2026.5.5 allows some commands to execute without explicit user approval, even when askFallback=deny is configured (Issue #78415).

Memory & Session Management

Users are reporting "ghost" responses in Mattermost where delivery mirror sessions intercept replies, and data loss in the Claude CLI runtime where transcripts stop flushing mid-session (Issue #78389, #78273). There is also a notable discussion regarding the stability of the memory subsystem, with a proposal for a slower beta soak for breaking changes to protect the "continuity of self" for long-lived assistants (Issue #76933).

Key Themes

1. Channel-Specific Regressions

There is a clear cluster of issues affecting the Feishu and Telegram plugins. Beyond the delivery drops, Feishu users are seeing duplicate text in streaming cards during tool calls (Issue #78354), and Telegram users are experiencing duplicate media deliveries (Issue #78372). For Telegram, multi-account setups are triggering extreme event loop starvation on Windows, with delays reaching 65 seconds (Issue #78352, #78353).

2. Tooling & Model Integration Gaps

Several issues highlight gaps in how OpenClaw handles specific model outputs and tool configurations:

  • Harmony Format: The parseStandalonePlainTextToolCallBlocks parser fails to recognize OpenAI Harmony-format tool calls, causing agent runs to terminate prematurely (Issue #78326).
  • Codex Harness: There is a parity gap where Codex harness tool calls are not projected as live tool cards in the Control UI (Issue #75641).
  • PDF Tooling: The pdf tool fails with openai-codex/gpt-5.5 due to missing system instructions in the extraction context (Issue #77872).

3. Proposed Runtime Guardrails

To prevent resource exhaustion and UX degradation, several structural improvements have been proposed:

  • Compaction Rate-Limits: Adding minIntervalSeconds and maxPerHour to prevent "compaction storms" that burn tokens and bloat checkpoints (Issue #78367).
  • Subagent Deduping: Implementing fingerprint matching to prevent subagents from announcing results that the parent agent has already delivered (Issue #78369).
  • Session Checkpoints: Introducing a durable checkpoint system to allow sessions to survive gateway restarts without losing task context (Issue #78409).

Action Required

High Severity / Immediate Attention

  • #78415 (Approval Bypass): Critical security failure where commands execute without approval. Needs immediate fix to ensure askFallback=deny is strictly enforced.
  • #78276 (Bootstrap Token Race): High-severity authentication bypass. Requires cross-process locking for devices/bootstrap.json to prevent token revival.
  • #78419 (WhatsApp Restart Loop): High-impact resource leak. The health monitor must be updated to distinguish between retryable and terminal DisconnectReasons to stop the restart loop.

Blocked / Regression Fixes

  • Feishu Delivery (#78123, #78417): Investigate the core reply dispatch mechanism to determine why replies=0 is occurring for non-streaming responses.
  • Telegram Event Loop (#78352): Address the serialization of bot initialization to prevent event loop starvation in multi-account Windows deployments.
  • #78396 (Matrix E2EE Destruction): Fix the double-reset bug in bootstrapCrossSigning that bricks Matrix E2EE state during forced resets.