OpenClaw Issue Digest: Stability Regressions and Tooling Gaps

Open Issues

The recent activity window for OpenClaw has been characterized by a significant number of regressions following the v2026.5.18 and v2026.4.x updates. These issues span across core session management, provider-specific integrations, and the user interface.

Critical Stability and Session Failures

Several reports highlight severe session-level failures. A critical issue (#84059) involves EmbeddedAttemptSessionTakeoverError, where the embedded runner's session file fingerprint mechanism is overly sensitive to nanosecond mtime changes, causing every message via the Feishu channel to fail. Similarly, session transcripts are entering "doomloops" (#63998), where crash-restart cycles inflate transcripts until the gateway suffers an Out-of-Memory (OOM) failure.

Other session-related bugs include:

• Session Locks: Sessions getting stuck in a "running" state after request timeouts (#63819).
• Context Overflow: Deterministic overflow/restart loops in heartbeat sessions due to the replay of prior heartbeat context (#84218).
• Session Sprawl: Orchestrator agents spawning duplicate sessions because status fields like "failed" or "timeout" are misinterpreted as terminal states (#64103).

Provider and Channel Regressions

Integration with external providers and channels has seen several regressions:

• Prompt Caching: In the Codex app-server, prompt rewriting on tool-call continuation turns is busting the OpenAI prompt cache, increasing per-token costs by approximately 3.5x (#84110).
• Feishu Integration: Tool delivery is failing for the message tool in v2026.5.16+ (#84134), and bot responses are blocked by ReferenceError during group chat mentions (#64783).
• Telegram Delivery: Reports of final replies getting stuck in pendingFinalDelivery without actual outbound delivery (#84238), and heartbeat events interrupting in-progress user replies in topic sessions (#64810).
• Discord Connectivity: The gateway can enter a "zombie" state after system CA rotation, where internal reconnect loops fail to recover from expired certificates (#63223).

Tooling and Feature Gaps

There is a recurring theme of tools not behaving as expected or missing critical capabilities:

• Tool Exposure: The memory_store tool from @openclaw/memory-lancedb is registered but not exposed as a callable agent tool (#84242).
• Schedules: deleteAfterRun is ignored for non-at schedule kinds, such as every or cron (#63770).
• MCP Servers: Agents are not notified when an MCP server fails to start, leading to silent degradation of capabilities (#64205).

Key Themes

1. The "Fragile Update" Pattern

Many reports follow a pattern where a specific version upgrade (e.g., 2026.5.7 $\rightarrow$ 2026.5.18) introduces a breaking change in a previously stable workflow. This is particularly evident in the Claude CLI integration (#84222) and the Feishu channel tools (#84241).

2. Observability Gaps

There is a strong demand for better forensic trails. Users are reporting "silent fallbacks" where the primary model fails, but the trigger is not logged, leaving only a model-snapshot record (#64902). Similarly, the lack of a "logged in" READY line for Discord makes it difficult for watchdogs to verify bot health (#63223).

3. Security and Access Control

Several high-severity security concerns have emerged:

• MCP Spoofing: A high-severity vulnerability (#64993) allows for loopback scope spoofing via mutable request headers, potentially enabling privilege escalation to "owner" scope.
• Mattermost Forgery: Interaction tokens in the Mattermost extension are forgeable due to a hardcoded HMAC derivation key (#64545).
• Prompt Injection: A proposal for structural delimiters (#62939) highlights the ongoing risk of prompt injection from untrusted tool results and messages.

Action Required

Immediate Attention (High Severity/Blocked)

• #84059 (Feishu Session Takeover): This is a complete blocker for Feishu users; the fingerprint check in pi-agent-core needs to be relaxed.
• #64993 (MCP Scope Spoofing): High-severity security flaw requiring a move to scope-bound bearer tokens.
• #64545 (Mattermost HMAC): Critical security flaw requiring the replacement of the hardcoded HMAC key with per-account secrets.
• #63998 (Transcript Doomloop): Requires a session transcript size guard to prevent gateway OOM crashes.

High Priority (Regressions/Stability)

• #84110 (OpenAI Cache Busting): Significant cost impact for users; requires stabilizing the prompt prefix during tool continuations.
• #84238 (Telegram Delivery): Critical for reliability; necessitates treating pendingFinalDelivery as a durable outbox.
• #84218 (Heartbeat Overflow): Prevents maintenance tasks from running on models with smaller context windows.

Contributor Opportunities

• #65251 & #65252 (LSP Enhancements): Proposals for zero-config LSP auto-detection and real-time diagnostics dashboards.
• #64086 (TUI Status API): A request for a registerStatusProvider API to allow plugins to contribute to the TUI footer.