This appendix contains generalized examples of the failure modes observed in the exported artifacts. Raw logs, raw Slack exports, account identifiers, and private traces are intentionally excluded.
Three exported Slack threads were reviewed:
- one large thread with repetitive blocked-status messages
- one medium thread dominated by process negotiation and turn-budget management
- one large thread that later showed malformed tool-syntax leakage
Combined, the three exports contained roughly 2.9k visible messages.
Sanitized pattern:
No change. Queue remains blocked and ready.
Blocked: permission issue, branch absent on target repositories.
First action when unblocked: add a small canary change.
No scan or write this turn.
Why it matters:
- the model remained readable
- the workflow looked disciplined
- the loop was still spending tokens while producing almost no new information
Sanitized pattern:
Still parked. No trusted delta.
to=<tool_name>json no-op parked{ ... }
FREEFORM remain parked. end.
Observed variants also included:
- wrapper-like fragments that resembled internal tool syntax
- malformed JSON shells
- stray multilingual tokens and formatting markers
- status text fused to fake or partial control instructions
Why it matters:
- this was not normal user-facing prose
- it suggests a boundary failure between internal/tool-adjacent text and public output
- once raw assistant text was forwarded into Slack, the degradation became externally visible
Sanitized pattern:
Parked. Awaiting trusted change.
This type of message repeated many times with tiny wording changes but no meaningful change in state. A robust runtime should have recognized the loop as stagnant and stopped.
The reviewed materials showed the following design choices in combination:
- continuous agent-to-agent conversation
- chained state via
previous_response_id - stored response state
- tool access
- Slack posting of assistant output
- weak or absent automatic stop conditions
Removed or generalized:
- organization names
- repository names
- Slack thread IDs and permalinks
- project IDs and session IDs
- exact billing export contents
- any line containing a secret or a potentially sensitive identifier
Retained:
- the shape of the output
- the timing relationship between workflows
- the classes of failure that emerged