Multi-agent orchestration is unstable: concurrent agents add/config overwrites, session-lock failures, and detached child work

[waliddafif]

Summary

I tried to orchestrate a small parallel coding batch from the OpenClaw CLI on 2026.3.8 and hit a cluster of failures that make multi-agent runs unreliable in practice:

1. openclaw agents add appears unsafe when invoked concurrently: config gets overwritten repeatedly and only a subset of agents persist.
2. openclaw agent concurrent runs hit session lock timeouts even with isolated agents/workspaces.
3. After the lock failure path, the model failover chain eventually hits openai-codex OAuth refresh races (refresh_token_reused).
4. Some agent runs appear to fail at the CLI layer but continue detached in the background, leaving session locks and child work (for example next build, npm install) running without a clean handle.

This makes it hard to use OpenClaw as an orchestrator for parallel coding tasks, even when each agent has its own workspace.

Version / environment

• OpenClaw CLI: 2026.3.8 (3caab92)
• Host: Linux
• Gateway mode: local
• Main model default: openai-codex/gpt-5.3-codex
• Per-agent test model: anthropic/claude-sonnet-4-6

Reproduction

I created 4 isolated git worktrees for the same repo, then tried to create and run 4 isolated agents for parallel work.

1. Concurrent agent creation

Commands like:

openclaw agents add lane125 --non-interactive --workspace /path/to/worktree1 --json
openclaw agents add lane128 --non-interactive --workspace /path/to/worktree2 --json
openclaw agents add lane129 --non-interactive --workspace /path/to/worktree3 --json
openclaw agents add lane130 --non-interactive --workspace /path/to/worktree4 --json

Observed behavior:

• repeated output like:

Config overwrite: /home/user/.openclaw/openclaw.json (... -> ..., backup=...)

• after the parallel adds completed, openclaw agents list --json showed only a subset of the agents.
• creating the same agents sequentially worked much more reliably.

2. Concurrent agent runs

After recreating the agents sequentially, I launched multiple runs in parallel, for example:

openclaw agent --agent lane125 --message "..." --json --timeout 2400
openclaw agent --agent lane128 --message "..." --json --timeout 2400
openclaw agent --agent lane129 --message "..." --json --timeout 2400
openclaw agent --agent lane130 --message "..." --json --timeout 2400

I also tested --local.

Observed failures included:

Gateway agent failed; falling back to embedded: Error: Error: All models failed (3): anthropic/claude-sonnet-4-6: session file locked (timeout 10000ms): pid=57884 /home/user/.openclaw/agents/lane129/sessions/2eb87792-30e5-4284-9d30-50f4b384f884.jsonl.lock (timeout) | google-gemini-cli/gemini-3-pro-preview: session file locked (timeout 10000ms): pid=57884 /home/user/.openclaw/agents/lane129/sessions/2eb87792-30e5-4284-9d30-50f4b384f884.jsonl.lock (timeout) | openai-codex/gpt-5.3-codex: OAuth token refresh failed for openai-codex: Failed to refresh OAuth token for openai-codex. Please try again or re-authenticate. (auth)

and:

[openai-codex] Token refresh failed: 401 {
  "error": {
    "message": "Your refresh token has already been used to generate a new access token. Please try signing in again.",
    "type": "invalid_request_error",
    "param": null,
    "code": "refresh_token_reused"
  }
}

The lock files were agent-specific, for example:

• /home/user/.openclaw/agents/lane129/sessions/...jsonl.lock
• /home/user/.openclaw/agents/lane130/sessions/...jsonl.lock

Unexpected detached work

In at least one case, the CLI path reported failure or became unusable, but the underlying agent had clearly kept working in the background:

• session lock file remained active
• openclaw-agent processes were still running
• child processes in the isolated worktrees were still running, for example:
  • next build --turbopack
  • npm install

So from the operator perspective:

• the command looked failed or unrecoverable
• but the agent was still mutating the worktree in the background
• cleanup had to be manual (kill, worktree cleanup, agent deletion)

Expected behavior

• Concurrent agents add should not race on the global config file.
• Isolated agents/workspaces should be able to run in parallel without tripping per-agent session locks for normal orchestration scenarios.
• If a run truly fails, the CLI should retain control and ensure child work is canceled or clearly surfaced.
• Model failover should not end up surfacing unrelated provider auth races when the primary failure is local session locking.

Actual behavior

• concurrent config writes race
• parallel agent runs hit lock timeouts
• failover path cascades into OAuth refresh race noise
• some failed runs continue detached in the background

Related issues

I found partial overlap with existing issues, especially around session locks and OAuth refresh races, for example:

• #42160 Session store monolithic JSON with global lock causes ...
• #32799 Session file lock not released when holding process dies ...
• #26322 OAuth token refresh race condition causes spurious failover ...

But the scenario here is specifically the end-to-end multi-agent orchestration path: create multiple isolated agents + launch multiple coding runs + observe config races, session locks, auth noise, and detached child work.

What would help

A fix or guardrail in any of these areas would help a lot:

• serialize or file-lock agents add config writes
• make concurrent isolated-agent runs not compete on the wrong session locks
• avoid falling through to unrelated providers after a local lock error
• add a clear kill/cancel path for detached agent work when the CLI command fails
• improve operator visibility when a run is still active in the background

If helpful, I can also provide the exact command transcript / cleanup steps I used.

[IIIyban]

Adding production data: we documented 9+ separate incidents of subagent completion loss (results computed but never delivered to parent session). Also 2+ incidents of subagent timeout with zero auto-recovery. Filed detailed report with all incident references: #44925

[1052326311]

Real-world validation from a 17-agent production deployment

We're running OpenClaw with 17 fixed agents (1 King + 4 Scene Leads + 12 specialist agents) for ToG/ToB project delivery. This issue is the #1 blocker preventing us from relying on multi-agent orchestration in production.

Our specific failure mode: "Idle Race" → Session Death Spiral

When multiple agents finish tasks simultaneously and send messages to each other:

1. Receiving agent's run queue grows exponentially (each inbound message triggers a new run)
2. Responses are based on stale context (200+ timestamps behind)
3. Session becomes unresponsive, effectively "dead"

What we've tried (workarounds, not fixes)

Workaround	Effectiveness
Serial communication via "team lead as relay"	⚠️ Helps but doesn't prevent race when leads talk to each other
Increased sessions_send timeoutSeconds to 300	⚠️ Prevents false timeouts but doesn't prevent queue explosion
Removed message tool from sub-agents (deny list)	✅ Prevents channel leakage but doesn't solve race

Our proposed solution: Token Ring for session activation

Instead of every inbound message triggering a new run, implement a token ring pattern:

Agent A ──→ [acquire token] ──→ process message ──→ respond ──→ [release token]
Agent B ──→ [token busy, enqueue] ──→ wait ──→ [acquire token] ──→ process

This would require:

1. A session-level "processing" lock (not just session-lock, but a message-processing semaphore)
2. Message queue instead of direct run-trigger
3. Configurable concurrency per agent (some agents can handle parallel, others cannot)

Related internal tracking

We've documented this as PP-004 in our internal pain-point registry with a detailed root-cause analysis. Happy to share more details or contribute a PoC if the maintainers are interested in this direction.

Environment

• OpenClaw: latest (2026.3.x)
• Agents: 17 concurrent, mixed model backends (zhipu-coding, elbnt, deepseek)
• Deployment: macOS ARM64, single gateway

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 11, 2026, 10:44 AM ET / 14:44 UTC.

Summary
Codex review failed: retryable codex transport failure (exit 1).

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Include the exact command, prompt, or workflow that triggered it.

Next step
Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Remaining risk / open question:

• No close action taken because the review did not complete.

Codex review notes: model internal, reasoning high; reviewed against 3d6252a51772.

Label changes

Label changes:

• add issue-rating: 🦪 silver shellfish: Current issue advisory state selects this label.
• add clawsweeper:needs-info: Current issue advisory state selects this label.
• remove P1: Current review triage priority is none.
• remove clawsweeper:no-new-fix-pr: Current issue advisory state no longer selects this label.
• remove clawsweeper:fix-shape-clear: Current issue advisory state no longer selects this label.
• remove clawsweeper:needs-maintainer-review: Current issue advisory state no longer selects this label.
• remove clawsweeper:needs-product-decision: Current issue advisory state no longer selects this label.
• remove clawsweeper:linked-pr-open: Current issue advisory state no longer selects this label.
• remove clawsweeper:needs-live-repro: Current issue advisory state no longer selects this label.
• remove impact:session-state: Current review selected no impact labels.
• remove impact:message-loss: Current review selected no impact labels.
• remove impact:auth-provider: Current review selected no impact labels.
• remove issue-rating: 🐚 platinum hermit: Current issue advisory state no longer selects this label.

Evidence reviewed

What I checked:

• failure reason: retryable codex transport failure.
• codex failure detail: Codex review failed for this issue with exit 1.
• codex stderr: (e.g. openai-codex), concurrent token refresh attempts cause a race condition. The first refresh succeeds, but subsequent attempts fail with:\n\n\n[openai-codex] Token refresh failed: 401 {\n \"error\": {\n \"message\": \"Your refresh token has already been used to generate a new access token. Please try signing in again.\",\n \"type\": \"invalid_request_error\",\n \"code\": \"refresh_token_reused\"\n }\n}\n\n\nThis triggers FailoverError: OAuth token refresh failed for openai-codex and cascades to model fallback, even though auth is perfectly valid.\n\n## Root Cause\n\nOAuth refresh tokens are single-use (per OpenAI spec). When multiple sessions/agents attempt to refresh the same profile's token simultaneously:\n\n1. Agent A refreshes → gets new access_token + new refresh_token → writes to auth-profiles.json\n2. Agent B (concurrent) refreshes with the old refresh_token → 401 refresh_token_reused\n3. Agent B triggers failover to fallback model instead of retrying with Agent A's refreshed token\n\n## Expected Behavior\n\nToken refresh should be serialized (mutex/lock per provider profile). When a refresh is in-flight, other requests should wait for it to complete and reuse the result, not attempt a parallel refresh.\n\nAfter a refresh_token_reused error, the gateway should re-read auth-profiles.json and retry with the (now-updated) access token before triggering failover.\n\n## Impa.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[kinthaiofficial]

Multi-agent orchestration stability: our workarounds

We run 31 concurrent agents on a single OpenClaw gateway and hit every one of these issues in the first week. Here is what stabilized things for us:

1. Sequential agent registration, parallel execution
openclaw agents add is not concurrency-safe — the config file has no file-level locking. We serialize all agents add calls through a single init script that runs at deploy time (not at runtime). Once registered, parallel openclaw agent runs are fine because each agent has its own session scope.

2. Session lock contention fix
The default session lock timeout is too aggressive for multi-agent. We extended it via:

sessions:
  lock_timeout_ms: 30000  # default was 5000
  lock_retry_interval_ms: 500

This eliminated ~90% of our lock timeout failures. The remaining 10% were genuine resource contention (two agents writing to the same memory store simultaneously), which we fixed by giving each agent its own memory namespace.

3. Model failover chain stability
We pinned each agent to a single model provider instead of using the failover chain. Failover chains + concurrent agents = token refresh race conditions (exactly the OAuth issue you describe). If a provider is down, we'd rather fail the agent's turn than have cascading auth failures across the swarm.

4. Detached child work recovery
When a spawned subagent's parent session dies, the child becomes orphaned. We added a reaper job that runs every 60 seconds, checks for sessions with no parent and no recent activity, and cleans them up. Without this, you accumulate zombie sessions that hold locks.

The meta-lesson: OpenClaw's multi-agent support works, but needs careful orchestration at the deployment level. The primitives are there; the operational tooling around them needs to mature.

More details: 221 Agents: Multi-Agent Coordination Lessons

[kinthaiofficial]

We run a 31-agent OpenClaw gateway on a shared server (port 18789) and have hit every one of these failure modes. Here's what we found and how we worked around them:

1. Concurrent agents add config overwrites

The root cause is that agents add does a read-modify-write on the config file without any locking. When two calls race, the second write clobbers the first. Our workaround: we serialize all config mutations through a single "config manager" agent that owns the file lock. Other agents request config changes via message passing, never direct file access.

2. Session lock timeouts

OpenClaw's session locks are per-workspace, not per-agent. When multiple agents share a workspace, they contend on the same lock. We moved to isolated workspaces per agent (each agent gets its own git worktree) — this eliminated lock contention entirely. The tradeoff is disk space, but git worktree is cheap.

3. OAuth refresh races on failover

The refresh_token_reused error happens because OpenClaw's model failover chain tries multiple providers in parallel during a failure, and the OAuth client isn't designed for concurrent refresh. We added a token refresh mutex and a short circuit breaker (closed → half-open → open) on the model failover path — if the primary model fails, we wait for the refresh to complete before trying the fallback.

4. Detached child work after CLI failure

This is the nastiest one. We track it with an agent-authoritative execution state machine — the agent itself owns a single-writer projection of its state (running/paused/failed/completed). If the CLI layer dies, the agent's state machine transitions to "orphaned" after a heartbeat timeout, and a supervisor agent can then clean up child processes.

More detail on how we handle multi-agent coordination at scale (221 agents, including the delegation chain tracking and cost governance): https://blog.kinthai.ai/221-agents-multi-agent-coordination-lessons

The multi-tenancy architecture that makes per-agent isolation work without per-agent VMs: https://blog.kinthai.ai/openclaw-multi-tenancy-why-vm-per-user-doesnt-scale