Bug type
Behavior bug (incorrect output/state without crash)
Beta release blocker
No
Summary
When an agent is deleted from openclaw.json, its existing sessions (.jsonl files and sessions.json entries) remain on disk and are still accessible via sessions_send, allowing continued execution of privileged operations under the deleted agent's identity.
Steps to reproduce
- Create an agent with elevated privileges (e.g., exec, write, gateway tools) in openclaw.json
- Create one or more sessions for this agent
- Delete the agent from openclaw.json (remove the agent entry)
- Restart the gateway
- Use sessions_send with the deleted agent's sessionKey
- Observe that the session is still accessible and can execute privileged operations
Expected behavior
When an agent is deleted, all its sessions should be automatically invalidated or removed. sessions_send should reject requests for sessions belonging to deleted agents with a clear error message indicating the agent no longer exists.
Actual behavior
After deleting an agent from openclaw.json and restarting the gateway, the agent's .jsonl session files and sessions.json entries remain on disk. sessions_send successfully injects messages into these orphaned sessions, and the agent continues to execute with its original tool permissions, including privileged operations like exec, write, and gateway config changes.
OpenClaw version
2026.4.9
Operating system
Ubuntu 22.04.5 LTS
Install method
npm global
Model
z-ai/glm4.7
Provider / routing chain
openclaw gateway -> nvidia-nim
Additional provider/model setup details
No response
Logs, screenshots, and evidence
Impact and severity
Affected: All OpenClaw deployments where agents are deleted from openclaw.json
Severity: High (security risk - allows unauthorized access to privileged operations)
Frequency: Always (reproducible on any agent deletion)
Consequence: Orphaned sessions can continue executing with full tool permissions, including exec, write, gateway config changes, and other privileged operations, even after the agent is removed from configuration
Additional information
NOT_ENOUGH_INFO - This bug was discovered through code analysis of session.ts and openclaw.json schema. The session management code does not cross-reference the agents defined in openclaw.json when loading sessions, allowing any .jsonl file in the sessions directory to be loaded regardless of whether its parent agent still exists in configuration.
Bug type
Behavior bug (incorrect output/state without crash)
Beta release blocker
No
Summary
When an agent is deleted from openclaw.json, its existing sessions (.jsonl files and sessions.json entries) remain on disk and are still accessible via sessions_send, allowing continued execution of privileged operations under the deleted agent's identity.
Steps to reproduce
Expected behavior
When an agent is deleted, all its sessions should be automatically invalidated or removed. sessions_send should reject requests for sessions belonging to deleted agents with a clear error message indicating the agent no longer exists.
Actual behavior
After deleting an agent from openclaw.json and restarting the gateway, the agent's .jsonl session files and sessions.json entries remain on disk. sessions_send successfully injects messages into these orphaned sessions, and the agent continues to execute with its original tool permissions, including privileged operations like exec, write, and gateway config changes.
OpenClaw version
2026.4.9
Operating system
Ubuntu 22.04.5 LTS
Install method
npm global
Model
z-ai/glm4.7
Provider / routing chain
openclaw gateway -> nvidia-nim
Additional provider/model setup details
No response
Logs, screenshots, and evidence
Impact and severity
Affected: All OpenClaw deployments where agents are deleted from openclaw.json
Severity: High (security risk - allows unauthorized access to privileged operations)
Frequency: Always (reproducible on any agent deletion)
Consequence: Orphaned sessions can continue executing with full tool permissions, including exec, write, gateway config changes, and other privileged operations, even after the agent is removed from configuration
Additional information
NOT_ENOUGH_INFO - This bug was discovered through code analysis of session.ts and openclaw.json schema. The session management code does not cross-reference the agents defined in openclaw.json when loading sessions, allowing any .jsonl file in the sessions directory to be loaded regardless of whether its parent agent still exists in configuration.