We built an org-wide AI agent in 4 days. Here's what broke in the weeks after.

daily.dev built 'Smith', a 29K-line TypeScript AI agent integrated into their Slack workspace in just 4 days using Codex. The post covers the production incidents and security challenges that followed: credential leaks in a shared runtime requiring a growing command sanitizer, GitHub token bleeding between user sessions, a Node.js event-loop hang that systemd couldn't detect (fixed with a watchdog + health checks), memory exhaustion from a power user's long conversations (fixed with cgroup limits), and a progressive tool disclosure system to manage 60+ tools. Smith self-authors its own reusable skills via a git-backed 'brain' repo and now runs autonomous nightly tasks like spam sweeps and A/B experiment audits. Known remaining issues include an unaudited skill brain, incomplete command sanitizer, and an unsolved crash pattern from one heavy user.