OpenClaw Issue Digest: Event Loop Bottlenecks, Regression Trends, and Security Gaps

Open Issues

Recent activity in the OpenClaw repository reveals a series of critical architectural bottlenecks and regressions following the 2026.5.12 update. The most pressing issues center around event loop starvation, where synchronous operations in the gateway are causing massive latencies and disconnecting sensitive channels like WhatsApp.

Critical Performance & Stability

• Event Loop Starvation: Multiple reports (#78861, #78165, #78100) highlight a fundamental bottleneck where the single-threaded Node.js event loop is pegged at 100% during agent preparation (model resolution, prompt building). This results in WebSocket response times spiking to 100s and triggers a "reconnect storm" for WhatsApp, as the loop block exceeds the 30s keepalive window.
• Memory & Resource Leaks: Memory creep is appearing in the skills refresh state (#77997), where workspaceVersions and chokidar watchers accumulate without a production removal path. Similarly, the Discord entity cache (#77975) and agent-job run cache (#77976) grow unbounded over the bot's lifetime.
• TUI & UI Regressions: Long messages in the TUI are vanishing due to a fullRender call that clears the terminal scrollback (#78017), and the WebChat UI is stripping leading whitespace from code blocks, breaking ASCII diagrams (#81339).

Channel & Delivery Regressions (v2026.5.12)

• Sub-agent Announcement Failures: A significant regression in 5.12 has broken sub-agent completion notifications to Telegram (#82330). The change to flow announces through the agent-handoff path, combined with the suppression of internal prompts from transcripts (#79618), appears to leave the pipeline with no deliverable result.
• Telegram Forum Topic Routing: Reports indicate that replies in Telegram forum topics can "jump" to the General topic or the wrong topic despite topic-qualified session keys (#81874).
• WhatsApp Hot-Reload Wedge: Enabling channels.whatsapp.enabled at runtime is currently unsupported; the gateway silently reverts the value to false if the plugin isn't already loaded, creating a "wedge" for integrators (#78404).

Security & Authorization Vulnerabilities

• Bootstrap Token Races: A high-severity race condition (#78276) allows consumed setup codes to be revived if a concurrent issuer process writes a stale snapshot back to devices/bootstrap.json, potentially allowing unauthorized node pairing.
• Exec Approval Bypass: A critical failure in the exec approval boundary (#78415) allows commands to execute even when the user has not approved the prompt, specifically in async follow-up paths.
• Privilege Escalation: The trusted-operator plugin HTTP routes are escalating shared-secret callers to implicit admin scopes (#78712), violating least-privilege boundaries.
• Node Allowlist Restoration: A race condition in the node-host (#78225) allows a write-scoped caller to restore revoked exec approvals by writing a stale exec-approvals.json snapshot back to the host.

Key Themes

1. The "Sync-in-Async" Bottleneck

There is a recurring theme of synchronous filesystem or cryptographic work blocking the main thread. Whether it is the realpathSync calls during plugin discovery (#78100), the Baileys auth-state load in WhatsApp (#78165), or the model-resolution stage of agent dispatch (#78861), the result is the same: the gateway becomes unresponsive to all other traffic during these operations.

2. State Persistence & Race Conditions

Many of the high-severity bugs stem from a "load-modify-save" pattern using whole-file JSON replacements without cross-process locking. This is evident in the bootstrap token revival (#78276) and the node allowlist restoration (#78225), where stale snapshots overwrite recent admin changes.

3. Delivery Pipeline Fragility

Recent refactors to the delivery and announce pipelines have introduced silent failures. The transition from raw-sending child results to agent-mediated handoffs has created a gap where completions are successfully generated but never reach the user, particularly in Telegram and Slack thread sessions (#82330, #78061).

Action Required

High Severity / Immediate Attention

• #78415 (Exec Approval Bypass): This is a primary security failure. The async follow-up path must be audited to ensure no command executes without an explicit allow decision.
• #78276 & #78225 (Auth/Policy Races): These require the implementation of cross-process file locking (e.g., withFileLock) or a transactional API for devices/bootstrap.json and exec-approvals.json.
• #78861 (Event Loop Starvation): The gateway requires an architectural shift toward async agent preparation and worker-thread offloading for channel polling to remain viable for production use.

Blocked or Regressed Features

• #82330 (Sub-agent Announces): This is a high-visibility regression in 5.12 that breaks the core sub-agent feedback loop for Telegram users.
• #82360 (Cron Delivery): Isolated cron announce deliveries to Slack are silently broken due to a missing allowBootstrap: true flag in the runtime path.
• #78196 (Extension Loader): Extension plugins are being silently skipped by the gateway daemon in v5.3+, rendering security plugins like ClawGuard inactive.