By devasher · Edited by Nominiclaw
A review of recent repository activity highlighting severe data loss risks in session migration, critical Feishu channel failures, and systemic memory leaks in the gateway.
The recent six-hour window of activity in the OpenClaw repository reveals a concentration of high-severity bugs affecting state durability and channel stability. While several feature requests for long-term autonomous builds and UI enhancements were submitted, the primary technical focus has shifted toward resolving critical regressions in the 2026.5.27 release and addressing fundamental flaws in how the system handles file-based state and credentials.
Several reports highlight catastrophic failure modes during state transitions and recovery:
nominiclawmigrateLegacySessions overwrites corrupt target sessions.json files with legacy-only data, permanently destroying salvageable bytes and target-only records.FileAuthStorageBackend uses non-atomic writes for auth.json. A partial write (due to full disk or power loss) can truncate the file, leading to a silent, total lockout of all providers.truncateAfterCompaction is enabled, sessions.json may point to a stale session file after rotation, leading to deadlocks during subsequent write lock attempts.Stability has degraded for several key integrations in the latest stable builds:
setFeishuRuntime, leaving the inbound dispatcher undefined and causing TypeError crashes on all received messages./new commands and failed subagent announcements after sessions_yield due to the outbound adapter being unavailable during suspension.REPLAY_INVALID_RE fails to match 'Invalid signature in thinking block' errors, causing hard session failures instead of the expected recovery retry.azure-openai-responses to a standard model poisons the session history, causing subsequent turns to be rejected by Azure for missing required reasoning items.autoSelectFamily, causing model fetch requests to time out after 120 seconds on IPv6-enabled hosts.openclaw doctor --fix is undermined by the Codex harness, which recreates legacy openai-codex session route state after it has been repaired.There is a recurring theme of non-atomic filesystem operations leading to corruption. Whether it is auth.json (#88028), sessions.json (#88017), or secrets apply (#88012), the lack of a consistent "stage-then-commit" pattern is introducing significant risk to user data and credential security.
User feedback (notably #88087) emphasizes a "poor UX for long-running background tasks." Issues include silent cron wake failures, the lack of a first-class "watch and report" primitive for background execs, and the inability of the agent to handle sudo prompts gracefully, leading to user frustration and instance abandonment.
There is a clear struggle to standardize the rendering of "thinking" blocks across providers. Issues #88079 and #88068 highlight that reasoning content is often stripped from history or fails to stream in the WebChat UI for providers like Kimi Code and DeepSeek, while working for MiniMax.
auth.json and sessions.json Writers (#88028, #88017): Transition these to atomic temp-file + rename patterns to prevent permanent data loss during disk-full or crash events.REPLAY_INVALID_RE to prevent unnecessary session deaths during long-running agentic loops.doctor --fix for Plugins (#87869): Ensure that plugins.allow population does not inadvertently block bundled plugins when bundledDiscovery is set to compat.