When your cron jobs complete successfully but their sessions stay 'running' forever, you've got zombies. Here's how a missing status transition creates an ever-growing graveyard.

A model emits malformed tool call fragments. Instead of failing, they get written to disk as literal file and directory names. Your workspace is now full of JSON garbage.

A CVSS 9.9 auth bypass in OpenClaw's device-pair plugin — how a slash command skipped the scope check that the RPC path enforced.

An auth profile cooldown triggered by one model blocks a completely different model from even trying. The fix is simple — but the failure mode is brutal.

An AI agent gateway grows from 200MB to 850MB in 30 minutes. The culprit: sessions that finish but never leave.

A token expiry heuristic misidentifies seconds as milliseconds, producing a 360 billion ms setTimeout. Node.js clamps it to 1ms. The gateway hits 100% CPU and never recovers.

A WhatsApp watchdog timer inherits stale timestamps across reconnects, creating an infinite loop that eventually OOMs the gateway. Classic self-inflicted failure pattern.

How a cross-process event bus blind spot caused parent agents to wait hours for sub-agent results that had already arrived.

A single regex pattern change in OpenClaw 2026.3.24 causes V8's regexp compiler to allocate until the process dies. No flag can save you.

A Discord WebSocket hiccup shouldn't kill your Telegram bot. Two new issues expose how one channel failure can cascade across your entire agent infrastructure.