< cd ..

OpenClaw

~/openclaw/openclaw

--harness github web

Personal AI assistant platform — run your own AI on any device, any channel

latest

v2026.4.27

total

stable

pre

first tracked

Apr 13, 2026

updated

9h ago

last checked: 9h ago │ Tier 2 refresh

#ai #coding-assistant #open-source #extensible

●●● clwatch

Check if your agent is current:

$ clwatch diff openclaw

$ clwatch refresh openclaw

learn more about clwatch →

●●● quick start // get running in 60s

install

$ npm install -g openclaw

first command

$ openclaw onboard --install-daemon

📖 official docs →

/changelog

v2026.4.27 BREAKING [Apr 29, 2026] (18h ago) details → github →

# openclaw 2026.4.27

2026.4.27

Highlights

Codex Computer Use setup now ships with status/install commands, marketplace discovery, and fail-closed MCP checks for Codex-mode desktop control. Thanks @pash-openai.
DeepInfra joins the bundled provider set with model discovery, media generation/editing, TTS, embeddings, and provider-owned onboarding policy. Thanks @ats3v.
Tencent Yuanbao and QQBot support expand channel coverage with Yuanbao docs/catalog entries and QQBot group chat, streaming, media upload, and pipeline refactors. Thanks @loongfay and @cxyhhhhh.
Plugin startup and model catalogs move toward manifest-first metadata, reducing Gateway boot work and making provider rows/aliases/suppressions easier to audit. Thanks @shakkernerd.
Reliability fixes cover Telegram startup/sends, Slack socket/media stalls, gateway startup prewarm, session/history defaults, update sync, and Windows restart handoffs. Thanks @joerod26, @obviyus, @shivasymbl, @freerk, @bassboy2k, @jpreagan, @islandpreneur007, and @Thatgfsj.

Changes

Sandbox/Docker: add opt-in sandbox.docker.gpus passthrough for Docker sandbox containers so local GPU workloads can run inside sandboxed agents when the host Docker runtime supports --gpus. Fixes #57976; carries forward #58124. Thanks @cyan-ember.
iOS/Gateway: add an authenticated node.presence.alive protocol event and node.list last-seen fields so background iOS wakes can mark paired nodes recently alive without treating them as connected. Carries forward #63123. Thanks @ngutman.
Android: publish authenticated node.presence.alive events after node connect and background transitions so paired Android nodes retain durable last-seen metadata after disconnects. Carries forward #63123. Thanks @ngutman.
Gateway/chat: accept non-image attachments through chat.send by staging them as agent-readable media paths, while keeping unsupported RPC attachment paths explicit instead of silently dropping files. Fixes #48123. (#67572) Thanks @samzong.
Security/networking: add opt-in operator-managed outbound proxy routing (proxy.enabled + proxy.proxyUrl/OPENCLAWPROXYURL) with strict http:// forward-proxy validation, loopback-only Gateway bypass, and cleanup of proxy env/dispatcher state on exit. (#70044) Thanks @jesse-merhi and @joshavant.
Dependencies: refresh provider and tooling dependencies, including AWS SDK, PI runtime packages, AJV, Feishu SDK, Anthropic SDK, tokenjuice, and native TypeScript/oxlint tooling. Thanks @dependabot.
Matrix/QA: add live Matrix approval scenarios for exec metadata, chunked fallback, plugin approvals, deny reactions, thread targeting, and target: "both" delivery, with redacted artifacts preserving safe approval summaries. Thanks @gumadeiras.
Codex: add Computer Use setup for Codex-mode agents, including /codex computer-use status/install, marketplace discovery, optional auto-install, and fail-closed MCP server checks before Codex-mode turns start. Fixes #72094. (#71842) Thanks @pash-openai.
Apps: consume Peekaboo 3.0.0-beta4 and ElevenLabsKit 0.1.1, align Swabble on Commander 0.2.2, and refresh macOS/iOS SwiftPM resolutions against the released dependency graph. Thanks @Blaizzy.
Plugin SDK: expose shared channel route normalization, parser-driven target resolution, raw-target compact keys, parsed-target types, and route comparison helpers through openclaw/plugin-sdk/channel-route, switch native approval origin matching onto that route contract with optional delivery and match-only target normalization, and retire the internal channel-route shim behind dated compatibility aliases for legacy key/comparable-target helpers. Thanks @vincentkoc.
Docs/Codex: document how Codex Computer Use, direct cua-driver mcp, and OpenClaw.app's PeekabooBridge fit together so desktop-control setup choices are clearer. Thanks @pash-openai and @trycua.
Matrix/streaming: stream tool-progress updates into live Matrix preview edits by default when preview streaming is active, with streaming.preview.toolProgress: false to keep answer previews while hiding interim tool lines. Thanks @gumadeiras.
Plugins/models: wire manifest modelCatalog.aliases and modelCatalog.suppressions into model-catalog planning and built-in model suppression, with stale Spark and Qwen Coding Plan suppressions now declared in plugin manifests instead of runtime fallback hooks. Thanks @shakkernerd.
Plugin SDK/models: add a shared manifest-backed provider catalog builder and move Qianfan, Xiaomi, NVIDIA, Cerebras, Mistral, Moonshot, DeepSeek, Tencent TokenHub, and StepFun provider catalogs onto their plugin manifest modelCatalog rows. Thanks @shakkernerd.
Plugin SDK/models: move BytePlus and Volcano Engine standard and plan-provider catalogs into plugin manifest modelCatalog rows and remove the now-unused Volcengine-family shared catalog SDK subpath. Thanks @shakkernerd.
CLI/models: move Fireworks and Together AI fixed provider catalogs into plugin manifest modelCatalog rows so provider-filtered listing can use manifest-backed static rows. Thanks @shakkernerd.
Channels/Yuanbao: register the Tencent Yuanbao external channel plugin (openclaw-plugin-yuanbao) in the official channel catalog, contract suites, and community plugin docs, with a new docs/channels/yuanbao.md quick-start guide for WebSocket bot DMs and group chats. (#72756) Thanks @loongfay.
Channels/Yuanbao: add a channel docs entrance so the Tencent Yuanbao bot appears in the channel listing and sidebar navigation. (#73443) Thanks @loongfay.
Channels/QQBot: add full group chat support (history tracking, @-mention gating, activation modes, per-group config, FIFO message queue with deliver debounce), C2C stream_messages streaming with a StreamingController lifecycle manager, unified sendMedia with chunked upload for large files, and refactor the engine into pipeline stages, focused outbound submodules, builtin slash-command modules, and explicit DI ports via createEngineAdapters(). (#70624) Thanks @cxyhhhhh.
Plugins/startup: migrate bundled plugin manifests to explicit activation.onStartup declarations so Gateway startup imports only the bundled plugins that intentionally register startup-time runtime surfaces. Thanks @shakkernerd.
Plugins/startup: add an opt-in future-mode gate for disabling deprecated implicit startup sidecar loading while preserving explicit startup and narrower activation triggers. Thanks @shakkernerd.
Plugins/startup: add plugin compatibility warnings for deprecated implicit startup loading so authors can migrate to explicit activation.onStartup metadata. Thanks @shakkernerd.
Plugins/runtime: load bundled agent tool-result middleware from manifest contracts on demand so tokenjuice stays startup-lazy without losing Pi/Codex tool-output compaction. Thanks @shakkernerd.
Plugins/startup: add explicit activation.onStartup metadata so plugins can declare Gateway startup import behavior while the deprecated implicit sidecar fallback remains for legacy plugins. Thanks @shakkernerd.
Gateway/startup: reuse lookup-table plugin manifests when loading startup plugins so Gateway boot avoids rebuilding plugin discovery and manifest metadata. Thanks @shakkernerd.
CLI/models: declare fixed Qianfan, Xiaomi, NVIDIA, Cerebras, Mistral, Chutes, Kilo, OpenAI, and OpenCode Go model catalogs in refreshable plugin manifests, keep broad models list --all on raw registry and supplement rows without runtime normalization, and avoid duplicate supplement resolution. Thanks @shakkernerd.
Gateway/runtime: reuse the current plugin metadata snapshot for provider discovery so repeated model-provider discovery avoids rebuilding plugin manifest metadata. Thanks @shakkernerd.
Gateway/startup: pass the plugin metadata snapshot from config validation into plugin bootstrap so startup reuses one manifest product instead of rebuilding plugin metadata. Thanks @shakkernerd.
Plugin SDK/testing: move core-only channel contract fixtures under the channel contract test tree and retire the old test/helpers/channels bridge directory so plugin tests stay on focused SDK surfaces. Thanks @vincentkoc.
Plugin SDK/testing: expose native agent-runtime contract fixtures through plugin-sdk/agent-runtime-test-contracts, move sandbox config fixtures into the focused generic fixture subpath, and block extension tests from importing repo-only test/helpers bridges. Thanks @vincentkoc.
Plugin SDK/testing: expose generic module reload, bundled-path, Node builtin mock, channel pairing/envelope, HTTP server, temp-home, replay-policy, and live STT helpers through focused SDK test subpaths so extension tests no longer depend on repo-only helper bridges. Thanks @vincentkoc.
Plugin SDK: move maintained bundled channels off the deprecated channel-config-schema-legacy subpath, add an explicit bundled-channel schema SDK surface, and track both remaining legacy test/config compatibility barrels with dated removal windows. Thanks @vincentkoc.
Plugin SDK/testing: expose media provider capability assertions and provider HTTP mocks through focused SDK test subpaths, and retire the repo-only media-generation test helper bridge. Thanks @vincentkoc.
Plugin SDK/testing: promote bundled plugin/provider/channel contract helpers to focused SDK test subpaths and retire the repo-only test/helpers/plugins TypeScript bridge. Thanks @vincentkoc.
Plugin SDK/testing: expose generic channel action, setup, status, and directory contract helpers through plugin-sdk/channel-test-helpers so bundled extension tests no longer import repo-only channel helper bridges. Thanks @vincentkoc.
Plugin SDK/testing: add plugin-sdk/channel-target-testing for shared channel target-resolution cases, document channel reaction helpers on plugin-sdk/channel-feedback, and keep the old plugin-sdk/test-utils alias as compatibility-only. Thanks @vincentkoc.
Plugin SDK/testing: add a focused generic fixture subpath for CLI capture, sandbox, skill, agent-message, system-event, terminal, chunking, auth-token, and typed-case helpers. Thanks @vincentkoc.
Plugin SDK/testing: add focused plugin runtime and environment fixture subpaths so plugin tests can avoid the broad plugin-sdk/testing barrel for common setup helpers. Thanks @vincentkoc.
Plugin SDK/testing: add a focused plugin-sdk/plugin-test-api helper subpath and move bundled plugin registration tests off the repo-only plugin API bridge. Thanks @vincentkoc.
Plugin SDK: add generic host hooks for session state, next-turn context, trusted tool policy, UI descriptors, events, scheduler cleanup, and run-scoped plugin context. (#72287) Thanks @100yenadmin.
Plugin SDK/testing: expose provider catalog, wizard, registry, manifest, public-artifact, outbound, and TTS contract helpers through documented SDK testing seams so bundled plugin tests no longer import repo src/** internals. Thanks @vincentkoc.
Providers/DeepInfra: add a bundled DeepInfra provider with DEEPINFRAAPIKEY onboarding, dynamic OpenAI-compatible model discovery, image generation/editing, image/audio media understanding, TTS, text-to-video, memory embeddings, static catalog metadata, and provider-owned base URL policy. Carries forward #53805, #48088, #37576, #43896, #11533, and #2554. Thanks @ats3v.
Matrix: attach versioned structured approval metadata to pending approval messages so capable Matrix clients can render richer approval UI while body text and reaction fallback keep working. (#72432) Thanks @kakahu2015.

Fixes

Gateway/sessions: align chat.history and sessions.list thinking defaults with owning-agent and catalog-aware resolution so Control UI session defaults match backend runtime state. (#63418) Thanks @jpreagan.
Devices/pairing: recover array-shaped device and node pairing state files before persisting approvals, so UUID-keyed pending and paired entries no longer disappear after a malformed JSON store write. Fixes #63035. Thanks @sar618.
Gateway/auth: clear reused stale device tokens and stop reconnecting on device-token mismatch in the Control UI and Node gateway clients, avoiding rate-limit loops after scope-upgrade or token-rotation handoffs. Fixes #71609. Thanks @ricksayhi.
Gateway/approvals: treat duplicate same-decision approval resolves as idempotent during the resolved-entry grace window, including consumed allow-once approvals, while returning an explicit already-resolved error for conflicting repeats. Fixes #59162; refs #58479 and #65486. Thanks @wikithoughts, @sajazuniga7-coder, and @mjmai20682068-create.
Channels/Telegram: honor approvals.exec/plugin.targets[].accountId when routing native approvals across multi-bot Telegram accounts while preserving unscoped Telegram targets for any account. Fixes #69916. Thanks @joerod26.
Telegram/gateway: bound outbound Bot API calls and cache bundled plugin alias lookup so slow Telegram sends or WSL2 filesystem scans no longer wedge gateway replies. (#74210) Thanks @obviyus.
Agents/exec: omit the internal session-resume fallback preface from successful async exec completion messages sent directly back to chat. Fixes #67181. Thanks @raistlin88.
Agents/media: register detached videogenerate and musicgenerate tool run contexts until terminal status, so Discord-backed provider jobs stay live in /tasks instead of becoming lost when the parent chat run context disappears. Thanks @vincentkoc.
Agents/media: prefer OpenAI image and video providers when the default model uses the OpenAI Codex auth alias, so auto media generation no longer falls through to Fal before GPT Image or Sora. Thanks @vincentkoc.
Tasks/media: infer agent ownership for session-scoped task records so /tasks agent-local fallback includes session-backed video_generate and other async media jobs even when the current chat session has no linked rows. Thanks @vincentkoc.
Agents/media: keep long-running videogenerate and musicgenerate tasks fresh while provider jobs are still pending, so task maintenance does not mark active Discord media renders lost before completion. Thanks @vincentkoc.
CLI/status: treat scope-limited gateway probes as reachable-but-degraded in shared status scans, so openclaw status --all no longer reports a live gateway as unreachable after missing scope: operator.read. Fixes #49180; supersedes #47981. Thanks @openjay.
CLI/update: skip tracked plugins disabled in config during post-update plugin sync before npm, ClawHub, or marketplace update checks, preserving their install records without failing the update. Fixes #73880. Thanks @islandpreneur007.
Slack/Socket Mode: use a 15s Slack SDK pong timeout by default and add channels.slack.socketMode.clientPingTimeout, serverPingTimeout, and pingPongLoggingEnabled overrides so stale-websocket handling no longer depends on app-event health heuristics. Fixes #14248; refs #58519, #64009, and #63488. Thanks @shivasymbl and @freerk.
Slack/media: bound private file and forwarded attachment downloads with idle and total timeouts while preserving placeholder fallback, so stalled Slack file_share media no longer wedges inbound message handling. Fixes #61850. Thanks @bassboy2k.
Plugins/inspector: keep bundled plugin runtime capture quiet and config-tolerant for Codex, memory-lancedb, Feishu, Mattermost, QQBot, and Tlon so plugin-inspector JSON checks can validate the full bundled set. Thanks @vincentkoc.
Slack/auto-reply: keep fully consumed text reset triggers such as new session out of BodyForAgent after directive cleanup, so configured Slack reset phrases do not leak into the fresh model turn. Fixes #73137. Thanks @neeravmakwana.
Plugins/runtime deps: prune stale retained bundled runtime deps and keep doctor/secret channel contract scans on lightweight artifacts, so disabled bundled channels stop preserving old dependency trees or importing heavy plugin surfaces. Thanks @SymbolStar and @vincentkoc.
Plugins/runtime deps: cache unchanged bundled runtime mirror dist-file materialization decisions and close file-lock handles on owner-write failures, reducing repeated startup chunk scans and avoiding FileHandle-GC recovery stalls. Refs #73532. Thanks @oadiazp and @bstanbury.
Auto-reply: bound the post-run pending tool-result delivery drain with a progress-aware idle timeout, so a never-settling tool-result task no longer leaves the session active forever while slow healthy deliveries can keep draining. Fixes #53889; supersedes #64733 and #73434. Thanks @zijunl and @wujiaming88.
Gateway/startup: start chat channels without waiting for primary model prewarm, keeping model warmup bounded in the background so Slack and other channels come online promptly when provider discovery is slow. Supersedes #73420. Thanks @dorukardahan.
Gateway/install: carry env-backed config SecretRefs such as channels.discord.token into generated service environments when they are present only in the installing shell, while keeping gateway auth SecretRefs non-persisted. Fixes #67817; supersedes #73426. Thanks @wdimaculangan and @ztexydt-cqh.
Auto-reply/commands: stop bare /reset and /new after reset hooks acknowledge the command, so non-ACP channels no longer fall through into empty provider calls while /reset <message> and /new <message> still seed the next model turn. Fixes #73367 and #73412. Thanks @hoyanhan, @wenxu007, and @amdhelper.
Providers/DeepSeek: backfill DeepSeek V4 reasoning_content on plain assistant replay messages as well as tool-call turns, so thinking sessions with prior tool use no longer fail follow-up requests with missing reasoning content. Fixes #73417; refs #71372. Thanks @34262315716 and @Bartok9.
Agents/gateway tool: strip full config payloads from config.patch and config.apply tool responses while preserving direct RPC responses, so config-heavy sessions no longer replay large redacted configs into transcript history. Fixes #47610; supersedes #73439. Thanks @HanenVit and @juan-flores077.
Auto-reply: preserve voice-note media from silent turns while continuing to suppress text and non-voice media, so NO_REPLY TTS replies still deliver the requested audio bubble. (#73406) Thanks @zqchris.
Channels/Mattermost: stop enqueueing regular inbound posts as system events, so Mattermost user messages reach the model only as user-role inbound-envelope content instead of also appearing as System: Mattermost message... directives. Fixes #71795. Thanks @juan-flores077.
Agents/media: qualify bare agents.defaults.imageModel and pdfModel refs from unique configured image-capable providers, so Ollama vision models such as moondream and qwen2.5vl:7b do not fall through to the default provider. Fixes #38816; supersedes #73396. Thanks @alainasclaw and @vincentkoc.
Agents/Anthropic: send implicit Anthropic beta headers only to direct public Anthropic endpoints, including OAuth, so custom Anthropic-compatible providers no longer mis-handle unsupported beta flags unless explicitly configured. Refs #73346. Thanks @byBrodowski.
Skills: require explicit skills.entries.coding-agent.enabled before exposing the bundled coding-agent skill, so installs with Codex on PATH but no OpenAI auth do not silently offer Codex delegation. Fixes #73358. Thanks @LaFleurAdvertising and @Sanjays2402.
Plugins/startup: treat manifestless Claude bundles as valid installed-plugin registry entries instead of stale missing manifests, so workspace bundles no longer force repeated derived registry rebuilds or noisy plugins.entries.workspace warnings during Gateway startup. Fixes #73433. Thanks @AnneVoss.
Agents/subagents: preserve sessions_yield as a paused subagent state and ignore its wait text while freezing completion output, so parent sessions wait for the final post-compaction answer instead of receiving intermediate progress or (no output). Fixes #73413. Thanks @Ask-sola.
Plugins/startup: precompute bundled runtime mirror fingerprints before taking the mirror lock and keep Docker bundled plugin runtime deps/mirrors in a Docker-managed volume instead of the Windows/WSL config bind mount, so cold starts avoid slow host-volume mirror writes. Fixes #73339. Thanks @1yihui.
Plugins/runtime deps: refresh bundled runtime mirrors without deleting active import trees, so config-triggered restarts do not see transient missing plugin files during registration. Thanks @shakkernerd.
Channels/LINE: persist inbound image, video, audio, and file downloads in ~/.openclaw/media/inbound/ instead of temporary files so agents can still read LINE media after /tmp cleanup. Fixes #73370. Thanks @hijirii and @wenxu007.
CLI/plugins: keep bundled plugin installs out of plugins.load.paths while preserving install records, so install/inspect/doctor loops no longer warn about the current bundled plugin directory. Thanks @vincentkoc.
CLI/plugins: scope plugins inspect <id> runtime loading to the matched plugin so single-plugin inspection does not load every plugin before checking the target. Thanks @shakkernerd.
CLI/plugins: remove managed copied-path plugin directories during uninstall and plan uninstall from metadata instead of runtime-loading plugins, so plugin lifecycle commands avoid unnecessary bundled runtime-deps work. Thanks @shakkernerd.
Cron tool: infer the creating session's agentId for cron.add jobs when agentId is omitted or passed as undefined, keeping scheduled agentTurn jobs routed to the session agent; #40571 identified the guard bug and supplied the focused regression coverage. Thanks @ChanningYul.
Cron/Telegram: add --thread-id to openclaw cron add and openclaw cron edit, preserving Telegram forum topic delivery targets across scheduled announcements. Carries forward #51581, #60373, and #60890. Thanks @ChunHao-dev.
Cron/Telegram: preserve session-derived Telegram topic thread IDs when isolated cron delivery explicitly targets the parent chat, keeping bare chat targets in the active forum topic without leaking stale topics to other chats. Carries forward #64708. Thanks @addelh.
Memory/compaction: keep pre-compaction memory-flush prompts runtime-only so session transcripts and chat.history no longer expose them as normal user turns. Fixes #54408 and #58956; refs #43567. Thanks @markgong and @guoyuhang9.
Control UI/WebChat: keep large attachment payloads out of Lit state and optimistic chat messages, using object URL previews plus send-time payload serialization so PDF/image uploads no longer trigger RangeError: Maximum call stack size exceeded. Fixes #73360; refs #54378 and #63432. Thanks @hejunhui-73, @Ansub, and @christianhernandez3-afk.
Agents/Anthropic: cancel stalled Anthropic Messages SSE body reads when abort signals fire, so active-memory timeouts release transport resources instead of leaving hidden recall runs parked on reader.read(). Refs #72965 and #73120. Thanks @wdeveloper16.
Control UI/WebChat: keep pending run and typing state attached to the active client run, so unowned inject/announce/side-result finals no longer unlock unrelated active runs while completed owned runs still clear promptly. Fixes #57795; carries forward the narrow diagnosis from #57887. Thanks @haoyu-haoyu.
Sandbox/Docker: stop satisfying a missing default sandbox image by tagging plain Debian as openclaw-sandbox:bookworm-slim, preserving the Python tooling required by sandbox write/edit helpers and directing users to build the default image. Fixes #51185; refs #45108, #51099, #51609, and #57713. Thanks @dpalis, @Tin55FoilDev, @jbcohen2-coder, @macminihal-cyber, and @PraxoOnline.
Control UI/WebChat: confirm toolbar New Session button resets before dispatching /new while leaving typed /new and /reset commands immediate. Fixes #45800; refs #27065, #56611, #54499, and #27110. Thanks @aethnova, @kosta228-huli, @adambezemek, and @xss925175263 (xianshishan).
Agents/models: keep per-agent primary models strict when fallbacks is omitted, so probe-only custom providers are not tried as hidden fallback candidates unless the agent explicitly opts in. Fixes #73332. Thanks @haumanto.
Gateway/models: add models.pricing.enabled so offline or restricted-network installs can skip startup OpenRouter and LiteLLM pricing-catalog fetches while keeping explicit model costs working. Fixes #53639. Thanks @callebtc, @palewire, and @rjdjohnston.
Gateway/startup: warn when legacy CLAWDBOT or MOLTBOT environment variables are still present, pointing users to OPENCLAW_* names instead of failing silently. Fixes #53482; carries forward #53667. Thanks @lndyzwdxhs.
Onboarding: pin interactive and non-interactive health checks to the just-configured setup token/password so stale OPENCLAWGATEWAYTOKEN or OPENCLAWGATEWAYPASSWORD values do not produce false gateway-token-mismatch failures after setup. Fixes #72203. Thanks @galiniliev.
Doctor/state: require an interactive confirmation before archiving orphan transcript files, so openclaw doctor --fix no longer silently renames recoverable session history after upgrades regenerate sessions.json. Fixes #73106. Thanks @scottgl9.
Cron/Telegram: preserve explicit :topic: delivery targets over stale session-derived thread IDs when isolated cron announces to Telegram forum topics. Carries forward #59069; refs #49704 and #43808. Thanks @roytong9.
Build/runtime: write the runtime-postbuild stamp after pnpm build writes the build stamp, so the next CLI invocation does not re-sync runtime artifacts after a successful build. Fixes #73151. Thanks @bittoby.
Build/runtime: preserve staged bundled-plugin runtime dependency caches across source-checkout tsdown rebuilds, so local CLI and gateway-watch rebuilds no longer recreate large plugin dependency trees before starting. Refs #73205. Thanks @SymbolStar.
CLI/channels: list configured chat channel accounts from read-only setup metadata even when the standalone CLI has not loaded the runtime channel registry, so openclaw channels list shows Telegram accounts before auth providers. Fixes #73319 and #73322. Thanks @mlaihk.
CLI/model probes: keep infer model run --gateway raw by skipping prior session transcript, bootstrap context, context-engine assembly, tools, and bundled MCP servers, so local backends can be tested without full agent-context overhead. Fixes #73308. Thanks @ScientificProgrammer.
CLI/image describe: pass --prompt and --timeout-ms through infer image describe and describe-many, so custom vision instructions and slow local model budgets reach media-understanding providers such as Ollama, OpenAI, Google, and OpenRouter. Addresses #63700. Thanks @cedricjanssens.
Providers/Ollama: reject long non-linguistic Kimi/GLM symbol runs as provider failures instead of storing them as successful visible assistant replies, so fallback or error handling can recover from garbled cloud output. Fixes #64262; refs #67019. Thanks @Kloz813 and @xiaomenger123.
CLI/model probes: reject empty or whitespace-only infer model run --prompt values before calling local providers or the Gateway, so smoke checks do not spend provider calls on invalid turns. Fixes #73185. Thanks @iot2edge.
Gateway/media: route text-only chat.send image offloads through media-understanding fields so agents.defaults.imageModel can describe WebChat attachments instead of leaving only an opaque media://inbound marker. Fixes #72968. Thanks @vorajeeah.
Gateway/Windows: route no-listener restart handoffs through the Windows supervisor without leaving restart tokens in flight, so failed task scheduling can be retried and successful handoffs do not coalesce later restart requests. (#69056) Thanks @Thatgfsj.
Gateway/model pricing: skip plugin manifest discovery during background pricing refreshes when plugins.enabled: false, so disabled-plugin setups do not keep rebuilding plugin metadata from the Gateway hot path. Fixes #73291. Thanks @slideshow-dingo and @fishgills.
Ollama/thinking: validate /think commands against live Ollama catalog reasoning metadata and preserve explicit native params.think/params.thinking, so models whose /api/show capabilities include thinking expose low, medium, high, and max instead of being stuck on off. Fixes #73366. Thanks @cymise.
Gateway/sessions: remove automatic oversized sessions.json rotation backups, deprecate session.maintenance.rotateBytes, and teach openclaw doctor --fix to remove the ignored key so hot session writes no longer copy multi-MB stores. Refs #72338. Thanks @midhunmonachan and @DougButdorf.
Channels/Telegram: fail fast when Telegram rejects the startup getMe token probe with 401, so invalid or stale BotFather tokens are reported as token auth failures instead of misleading deleteWebhook cleanup failures. Fixes #47674. Thanks @samaedan-arch.
ACPX: keep generated Codex and Claude ACP wrapper startup paths working when remote or special state filesystems reject chmod, since OpenClaw invokes the wrappers through Node instead of executing them directly. Fixes #73333. Thanks @david-garcia-garcia.
CLI/onboarding: infer image input for common custom-provider vision model IDs, ask only for unknown models, and keep --custom-image-input/--custom-text-input overrides so vision-capable proxies do not get saved as text-only configs. Fixes #51869. Thanks @Antsoldier1974.
Models/OpenAI Codex: stop listing or resolving unsupported openai-codex/gpt-5.4-mini rows through Codex OAuth, keep stale discovery rows suppressed with a clear API-key-route hint, and leave direct openai/gpt-5.4-mini available. Fixes #73242. Thanks @0xCyda.
Plugin SDK: restore the root stringEnum and optionalStringEnum exports on both the published SDK entry and runtime root-alias bridge, so older external plugins can keep building and loading while migrating to focused SDK subpaths. Fixes #68279. Thanks @marzliak.
Plugin SDK: restore the root-alias bridge for registerContextEngine and expose missing legacy compat helpers normalizeAccountId and resolvePreferredOpenClawTmpDir so older external plugins such as openclaw-weixin can keep loading while migrating to focused SDK subpaths. Fixes #53497. Thanks @alanxchen85.
Auth profiles: make openclaw doctor --fix migrate legacy flat auth-profiles.json files such as { "ollama-windows": { "apiKey": "ollama-local" } } to canonical provider default API-key profiles with a backup, so custom Ollama/OpenAI-compatible providers recover cleanly after upgrading. Fixes #59629; supersedes #59642. Thanks @Xsanders555 and @Linux2010.
Memory/Dreaming: retry Dream Diary once with the session default when a configured dreaming model is unavailable, while leaving subagent trust and allowlist errors visible instead of silently masking configuration problems. Refs #67409 and #69209. Thanks @Ghiggins18 and @everySympathy.
Feishu/inbound files: recover CJK filenames from plain Content-Disposition: filename= download headers when Feishu exposes UTF-8 bytes through Latin-1 header decoding, while leaving valid Latin-1 and JSON-derived names unchanged. (#48578, #50435, #59431) Thanks @alex-xuweilong, @lishuaigit, and @DoChaoing.
Channels/Telegram: normalize accidental full /bot<TOKEN> Telegram apiRoot values at runtime and teach openclaw doctor --fix to remove the suffix, so startup control calls no longer 404 when direct Bot API curl commands work. Fixes #55387. Thanks @brendanmatthewjones-cmyk, @techfindubai-ux, and @Sivlerback-Chris.
Zalo Personal: persist refreshed zca-js session cookies after QR login, session restore, and successful API calls so gateway restarts restore the freshest local session. (#73277) Thanks @darkamenosa.
Logging/security: redact sensitive tokens (sk-\* keys, Bearer/Authorization values, etc.) at the subsystem console sink so createSubsystemLogger().info/warn/error output that bypasses the patched console-capture handler still applies the same redaction the file transport already does. Fixes #73284; refs #67953 and #64046. Thanks @edwin-rivera-dev.
Plugins/runtime deps: reuse enclosing versioned cache roots when bundled plugins resolve from nested staged paths, so plugin-runtime-deps no longer mints openclaw-unknown-* directories or loops on ENOTEMPTY. Fixes #72956. (#73205) Thanks @SymbolStar.
Agents/failover: classify CJK provider transport, quota, billing, auth, and overload error text so Chinese-language provider failures trigger fallback and user-facing transport copy instead of surfacing as unclassified raw errors. (#56242) Thanks @tomcatzh.
Agents/failover: seed non-claude-cli fallback prompts with Claude Code session context when a claude-cli attempt fails, so fallback models do not restart cold after billing or quota failover. (#72069) Thanks @stainlu.
Agents/CLI runner: transfer bundle-MCP tempDir cleanup from the per-turn runner finally to the Claude live-session lifecycle, so persistent Claude CLI sessions keep their --mcp-config directory until the live subprocess closes. Fixes #73244. Thanks @edwin-rivera-dev.
Gateway/nodes: allow Windows companion nodes to use safe declared commands such as canvas, camera list, location, device info, and screen snapshot by default while keeping dangerous media commands opt-in. (#71884) Thanks @shanselman.
Agents/cron: clarify agent-tool and CLI cron timezone guidance so supplied tz values use local wall-clock cron fields and omitted cron tz falls back to the Gateway host local timezone. Fixes #53669; carries forward #46177. (#73372) Thanks @chen-zhang-cs-code and @maranello-o.
Providers/Qwen: allow explicitly configured qwen/qwen3.6-plus to resolve on Qwen Coding Plan endpoints while keeping the built-in catalog from advertising it there. Fixes #63654; carries forward #63987. Thanks @jepson-liu.
Channels/Telegram: keep Bot API network fallbacks sticky after failed attempts and retry timed-out startup control calls once on the fallback route, so deleteWebhook IPv6 stalls no longer trigger slow multi-account retry storms. Fixes #73255. Thanks @ttomiczek and @sktbrd.
Gateway/agents: accept heartbeat, cron, and webhook as internal channel hints for agent runs so sessions_spawn works from non-delivery parent sessions while unknown channel hints still fail closed. Fixes #73237. Thanks @KeWang0622.
Gateway/models: merge explicit models.providers.*.models rows into the Gateway model catalog with normalized provider/model dedupe, and use normalized image-capability lookup so custom vision models keep native image attachments even when Pi discovery omits them or model ID casing differs. Fixes #64213 and #65165. Thanks @billonese and @202233a.
Gateway/reload: publish canonical post-write source config to in-process reloaders so simple config saves no longer create phantom plugin diffs or trigger unnecessary Gateway restarts. (#73267) Thanks @szsip239.
Gateway/Docker: keep config-triggered restarts in-process inside containers instead of spawning a detached child and exiting PID 1 cleanly, so Docker Swarm and other on-failure supervisors do not leave the service stuck at 0/1 replicas. Fixes #73178. Thanks @du-nguyen-IT007.
CLI/tasks: ship the task-registry control runtime in npm packages so openclaw tasks cancel can load ACP/subagent cancellation helpers from published builds. Fixes #68997. Thanks @1OAKDesign.
Channels/Telegram: preserve unsent generated media after partial reply streaming has already delivered the text, so image_generate outputs still reach Telegram as photos instead of being dropped from the final payload. Fixes #73253. Thanks @mlaihk.
Memory-core/dreaming: cap detached Dream Diary narrative subagents across cron sweeps so multi-workspace dreaming no longer fans out unbounded subagent sessions, lock contention, and cascading narrative timeouts. Fixes #73198. (#73287) Thanks @KeWang0622.
CLI/agents: close local one-shot Claude live stdio sessions and bundled MCP loopback resources after embedded openclaw agent --local runs, while keeping gateway-owned MCP loopback cleanup internal to the Gateway. Thanks @frankekn.
Export/session: keep inline export HTML scripts and vendor libraries injected after template formatting so generated session exports open with the app code, markdown renderer, and syntax highlighter present. Fixes #41862 and #49957; carries forward #41861 and #68947. Thanks @briannewman, @martenzi, and @armanddp.
Agents/ACPX: stage the patched Claude ACP adapter as an ACPX runtime dependency and route known Codex/Claude ACP commands through local wrappers, so Gateway runtime no longer depends on live npx adapter resolution. Fixes #73202. Thanks @joerod26.
Memory/compaction: let pre-compaction memory flush use an exact agents.defaults.compaction.memoryFlush.model override such as ollama/qwen3:8b without inheriting the active session fallback chain, so local housekeeping can avoid paid conversation models. Fixes #53772. Thanks @limen96.
macOS/update: stop managed Gateway services before package replacement and keep LaunchAgent service secrets out of world-readable plist metadata by loading them from owner-only env files. Fixes #72996. Thanks @Mathewb7.
Google Meet: keep observe-only Chrome joins and setup checks from requiring BlackHole or audio bridge commands, avoid granting or selecting the microphone in observe-only mode, and make test_speech report fresh realtime output-byte verification instead of only confirming a queued utterance. Refs #72478. Thanks @DougButdorf.
Gateway/hooks: route non-delivered hook completion and error summaries to the target agent's main session instead of the default agent session, preserving multi-agent hook isolation. Fixes #24693; carries forward #68667. Thanks @abersonFAC and @bluesky6868.
Control UI/models: request the configured Gateway model-list view so dashboards with only models.providers.*.models show those configured models first instead of flooding the picker with the full built-in catalog. Fixes #65405. Thanks @wbyanclaw.
CLI/models: keep default-model and allowlist pickers on explicit models.providers.*.models entries when models.mode is replace instead of loading the full built-in catalog. Fixes #64950. Thanks @mrozentsvayg.
Media/security: tighten media-understanding MIME sanitization so parameterized MIME values stay end-anchored and malformed whitespace or suffix payloads are rejected before file-context handling. Fixes #9795; carries forward #68225 with related review/test context from #61016/#68456. Thanks @ymaxgit, @bluesky6868, and @shamsulalam1114.
Discord: own the Carbon interaction listener and hand off Discord slash/component handling asynchronously, so compaction or long session locks no longer trip InteractionEventListener listener timeouts. Fixes #73204. Thanks @slideshow-dingo.
Compaction/diagnostics: keep unknown compaction failure classifications stable while logging sanitized detail for unclassified provider errors such as missing Ollama provider adapters. Thanks @gzsiang.
Models/fallbacks: record first-class model.fallback_step trajectory events with from/to models, failure detail, chain position, and final outcome so support exports preserve the primary model failure even when a later fallback also fails. Fixes #71744. Thanks @nikolaykazakovvs-ux.
Gateway/agents: block agent exec from launching interactive openclaw channels login flows and abort active agent runs after invalid-config recovery restores last-known-good config, preventing known channel-login and reload paths from wedging replies. Refs #72338. Thanks @midhunmonachan.
Gateway/diagnostics: emit payload-free liveness warnings with event-loop delay, event-loop utilization, CPU-core ratio, active-session counts, and OTEL warning metrics/spans so live-but-stalled Gateways capture CPU-spin context in stability bundles and telemetry. Refs #72338. Thanks @midhunmonachan and @DougButdorf.
Gateway/startup: keep value-option foreground starts on the gateway fast path and skip proxy bootstrap unless proxy env is configured, reducing normal gateway startup RSS and avoiding full CLI graph loading. Thanks @vincentkoc.
Heartbeat/models: show heartbeat model bleed guidance on context-overflow resets when the last runtime model matches configured heartbeat.model, so smaller local heartbeat models point users to isolatedSession or lightContext instead of only compaction-buffer tuning. Fixes #67314. Thanks @Knightmare6890.
Subagents/models: persist sessions_spawn.model and configured subagent models as child-session model overrides before the first turn, so spawned subagents actually run on the requested provider/model instead of reverting to the target agent default. Fixes #73180. Thanks @danielzinhu99.
Channels/Telegram: keep webhook-mode local listeners alive and retry Telegram setWebhook registration after recoverable startup network failures, so transient Bot API timeouts no longer leave reverse proxies pointing at a closed listener. Fixes #71834. Thanks @jinon86.
Agents/ACPX: bundle the Codex ACP adapter and launch it from the isolated CODEX_HOME wrapper before falling back to npm, so Codex ACP startup no longer depends on live npx resolution or the stale @zed-industries/codex-acp@^0.11.1 range. Fixes #72037; refs #73202. Thanks @jasonftl, @sazora, and @joerod26.
Agents/ACPX: register the embedded ACP backend at Gateway startup through a lightweight ACP backend SDK path and without importing the heavy ACPX runtime until an ACP session or explicit startup probe needs it, reducing baseline Gateway RSS. Thanks @vincentkoc.
CLI/update: keep restart health polling when the restarted Gateway is reachable but has not reported its version yet, so macOS service restarts do not fail early with actual unavailable. Thanks @ProspectOre.
Backup: skip installed plugin extensions/*/node_modules dependency trees while keeping plugin manifests and source files in archives, so local backups avoid rebuildable npm payload bloat. Fixes #64144. Thanks @BrilliantWang.
Cron/models: fail isolated cron runs closed when an explicit payload.model is not allowed or cannot be resolved, so scheduled jobs do not silently fall back to an unrelated agent default or paid route before configured provider proxies such as LiteLLM can run. Fixes #73146. Thanks @oneandrewwang.
Memory/QMD: back off repeated chat-turn QMD open failures while still letting memory status and CLI probes recheck immediately, so a broken sidecar dependency cannot trigger active-memory or cron retry storms. Fixes #73188 and #73176. Thanks @leonlushgit and @w3i-William.
Talk Mode: resolve messages.tts.providers.<id>.apiKey through the active runtime snapshot for talk.config, so Talk overlays can discover SecretRef-backed speech providers without falling back to local speech. Fixes #73109. (#73111) Thanks @omarshahine.
Memory/Ollama: resolve memorySearch.provider custom provider ids through their configured models.providers.<id>.api owner, so multi-GPU Ollama setups can dedicate embeddings to providers such as ollama-5080 without losing the Ollama adapter or local auth semantics. Fixes #73150. Thanks @oneandrewwang.
CLI/memory: skip eager context-window warmup for openclaw memory commands so memory search does not race unrelated model metadata discovery. Fixes #73123. Thanks @oalansilva and @neeravmakwana.
CLI/Telegram: route Telegram message send and poll actions through the running Gateway when available, so packaged installs use the staged grammy runtime deps and CLI sends return instead of hanging after the Telegram channel is active. Fixes #73140. Thanks @oalansilva.
Plugins/runtime deps: prepare staged bundled plugin dependencies before loading packaged public surfaces, so OpenClaw's Telegram runtime/test facade loads resolve grammy from the managed runtime-deps stage without copying dependencies into the global package root. Refs #73140. Thanks @oalansilva.
Agents/exec: emit (no output) for silent exec update and node-host result blocks so Anthropic-compatible providers no longer reject empty tool-result text after quiet commands. Fixes #73117. Thanks @pfrederiksen and @Sanjays2402.
Cron/providers: preflight local Ollama and OpenAI-compatible provider endpoints before isolated cron agent turns, record unreachable local providers as skipped runs, and cache dead-endpoint probes so many jobs do not hammer the same stopped local server. Fixes #58584. Thanks @jpeghead.
Gateway/config: let config reload continue in degraded mode when invalidity is scoped to plugin entries, so incompatible plugin configs can be skipped and the Gateway restart can still pick up the rest of the config after rollbacks. Fixes #73131. Thanks @Adam-Researchh.
Doctor/channels: suppress disabled bundled-plugin blocker warnings when a trusted external plugin owns the configured channel, so Lark/Feishu installs no longer get Feishu repair noise after switching to openclaw-lark. Fixes #56794. Thanks @wuji-tech-dev.
CLI/status: show skipped fast-path memory checks as not checked and report active custom memory plugin runtime status from status --json --all without requiring built-in agents.defaults.memorySearch, so plugins such as memory-lancedb-pro and memory-cms no longer look unavailable when their own runtime is healthy. Fixes #56968. Thanks @Tony-ooo and @aderius.
Gateway/channels: record and log unexpected clean channel monitor exits so channels that return without throwing no longer appear stopped with no error. Fixes #73099. Thanks @balaji1968-kingler.
Discord/group chats: keep group/channel replies private by default unless the agent explicitly uses the message tool, so always-on rooms can lurk without leaking automatic final, block, preview, or status-reaction output; messages.groupChat.visibleReplies: "automatic" restores legacy auto-posting. (#73046) Thanks @scoootscooob.
Plugins/package: force nested bundled-plugin runtime dependency installs out of inherited npm dry-run mode during prepack and package smoke checks, so packed installs materialize required plugin modules instead of reporting missing bundled files. Refs #73128. Thanks @Adam-Researchh.
Discord: skip reaction events before REST channel fetch when notifications are off, guild reactions are disabled, or allowlist mode cannot match without channel overrides, reducing reconnect bursts that caused slow listener warnings. Fixes #73133. Thanks @isaacsummers.
Channels/Telegram: centralize polling update tracking so accepted offsets remain durable across restarts, same-process handler failures can still retry, and slow offset writes cannot overwrite newer accepted watermarks. Refs #73115. Thanks @vdruts.
Agents/models: classify empty, reasoning-only, and planning-only terminal agent runs before accepting a model fallback candidate, so invalid or incompatible models can advance to the next configured fallback instead of returning a 30-second terminal failure. Fixes #73115. Thanks @vdruts.
Memory/LanceDB: let embedding config use provider-backed auth profiles, environment credentials, or provider config without a separate plugin embedding.apiKey, so OAuth-capable embedding providers can power auto-recall/capture. Fixes #68950. Thanks @malshaalan-ai.
CLI/parents: invoking openclaw <parent> (memory, channels, plugins, approvals, devices, cron, mcp) without a subcommand now prints the parent's help and exits 0, matching <parent> --help and the existing agents / sessions defaults so shell && chains and pnpm wrappers no longer surface a misleading ELIFECYCLE Command failed with exit code 1. line. Fixes #73077. Thanks @hclsys.
Plugins/hooks: time out never-settling agent_end observation hooks after 30 seconds and log the plugin failure, so hung embedding endpoints no longer leave memory capture silently pending forever. Fixes #65544. Thanks @ghoc0099.
Gateway/config: serve runtime config schemas from the current plugin metadata snapshot and generated bundled channel schema metadata instead of rebuilding plugin channel config modules on every config.get/config.schema, preventing idle plugin-discovery CPU churn after upgrades. Fixes #73088. Thanks @sleitor and @geovansb.
Memory/LanceDB: call OpenAI-compatible embedding endpoints through the raw SDK transport without sending encoding_format, then normalize float-array or base64 responses so providers such as ZhiPu and DashScope no longer fail recall with wrong vector dimensions or rejected parameters. Fixes #63655. Thanks @kinthaiofficial.
Plugins/install: run dependency installs with npm error-level logging instead of silent mode so failed plugin or hook installs surface actionable npm errors such as EUNSUPPORTEDPROTOCOL instead of npm install failed: with no detail. (#73093) Thanks @sanctrl.
Memory/LanceDB: bound memory recall embedding queries with a new recallMaxChars setting, prefer the latest user message over channel prompt metadata during auto-recall, and document the knob so small Ollama embedding models avoid context-length failures. Fixes #56780. Thanks @rungmc357 and @zak-collaborator.
CLI/skills: resolve workspace-backed skills commands from --agent, then the current agent workspace, before falling back to the default agent, so multi-agent ClawHub installs, updates, and status checks stay scoped to the active workspace. Fixes #56161; carries forward #72726. Thanks @langbowang and @luyao618.
Plugin SDK: fall back from partial bundled plugin directory overrides to package source public surfaces while preserving OPENCLAWDISABLEBUNDLED_PLUGINS as a hard disable. (#72817) Thanks @serkonyc.
Agents/ACPX: stop forwarding Codex ACP timeout config controls that Codex rejects while preserving OpenClaw's run-timeout watchdog for ACP subagents. Fixes #73052. Thanks @pfrederiksen and @richa65.
Memory Core: stream fallback vector search scoring with a bounded top-K result set so large indexes do not materialize every chunk embedding when sqlite-vec is unavailable. (#73069) Thanks @parkertoddbrooks.
Memory Core: stream embedding-cache seeding during safe reindex so large local caches do not materialize every row into the V8 heap before the atomic rebuild. (#73067) Thanks @parkertoddbrooks.
Memory/Ollama: add memorySearch.remote.nonBatchConcurrency for inline embedding indexing, default Ollama non-batch indexing to one request at a time, and keep batch concurrency separate from non-batch concurrency so local embedding backfills avoid timeout storms on smaller hosts. Carries forward #57733. Thanks @itilys.
macOS app: update Peekaboo, ElevenLabsKit, and MLX TTS helper dependencies, make canvas file watching and config/exec-approval state writes reliable under concurrent app/test activity, and keep the app plus helper builds warning-free. Thanks @Blaizzy.
iOS app: refresh SwiftPM/XcodeGen source hygiene, make app, extension, watch, and curated shared Swift files pass the prebuild SwiftFormat and SwiftLint checks, move relay registration off deprecated StoreKit receipt APIs, and keep simulator builds and logic tests warning-free. Thanks @ngutman.
Agents/models: keep models.json readiness and provider-hook caches warm across repeated agent and subagent model resolution while preserving external models.json invalidation, reducing repeated provider-plugin loads on slower ARM64 hosts. Fixes #73075. Thanks @jochen.
Docs/tools: clarify that tools.profile: "messaging" is intentionally narrow and that tools.profile: "full" is the unrestricted baseline for broader command/control access. Carries forward #39954. Thanks @posigit.
Control UI/Agents: redact tool-call args, partial/final results, derived exec output, and configured custom secret patterns before streaming tool events to the Control UI, so tool output cannot expose provider or channel credentials. Fixes #72283. (#72319) Thanks @volcano303 and @BunsDev.
Agents/sessions: keep sessions_history recall redaction enabled even when general log redaction is disabled, and clarify that safety-boundary UI/tool/diagnostic payloads still redact independently of logging.redactSensitive. Carries forward #72319. Thanks @volcano303 and @BunsDev.
Providers/Codex: pass agent and workspace directories into provider stream wrappers so Codex native web_search activation can evaluate the correct auth context, and smoke-test the built status-message runtime by resolving the emitted bundle name. Carries forward #67843; refs #65909. Thanks @neilofneils404.
Cron/models: keep payload.model as a per-job primary that can use configured fallbacks, while still letting payload.fallbacks: [] make cron runs strict and avoid hidden agent-primary retries. Refs #73023. Thanks @pavelyortho-cyber.
Models/fallbacks: treat user-selected session models as exact choices, so /model ollama/... and model-picker switches fail visibly when the selected provider is unreachable instead of answering from an unrelated configured fallback. Fixes #73023. Thanks @pavelyortho-cyber.
Codex harness: keep ChatGPT subscription app-server runs from inheriting CODEXAPIKEY or OPENAIAPIKEY, and fall back to CODEXAPIKEY / OPENAIAPIKEY app-server login only when no Codex account is available. Fixes #73057. Thanks @holgergruenhagen and @pashpashpash.
CLI/model probes: fail local infer model run probes when the provider returns no text output, so unreachable local providers and empty completions no longer look like successful smoke tests. Refs #73023. Thanks @pavelyortho-cyber.
CLI/Ollama: run local infer model run through the lean provider completion path and skip global model discovery for one-shot local probes, so Ollama smoke tests no longer pay full chat-agent/tool startup cost or hang before the native /api/chat request. Fixes #72851. Thanks @TotalRes2020.
Doctor/gateway services: ignore launchd/systemd companion services that only reference the gateway as a dependency, suppress inactive Linux extra-service warnings, and avoid rewriting a running systemd gateway command/entrypoint during doctor repair. Carries forward #39118. Thanks @therk.
Daemon/service: only emit hard-coded version-manager paths such as ~/.volta/bin, ~/.asdf/shims, ~/.bun/bin, and fnm/pnpm fallbacks into gateway and node service PATHs when the directories exist, so openclaw doctor no longer flags gateway.path.non-minimal against a PATH the daemon just wrote. Env-driven roots and stable user-bin dirs remain unconditional. Fixes #71944; carries forward #71964. Thanks @Sanjays2402.
CLI/startup: disable Node's module compile cache automatically for live source-checkout launchers so in-place pnpm build updates are visible to the next openclaw CLI invocation. Fixes #73037. Thanks @LouisGameDev.
Agents/group chat: keep silent-allowed empty and reasoning-only turns on the NO_REPLY path without injecting visible-answer retry prompts, and clarify the group prompt so agents use the exact silent token instead of prose. Thanks @vincentkoc.
Agents/group chat: move NO_REPLY mechanics into channel-aware direct/group prompts and suppress the duplicate generic silent-reply section for auto-reply runs, so always-on group agents get one consistent stay-silent instruction. Thanks @vincentkoc.
Providers/OpenAI: preserve encrypted empty-summary Responses reasoning items in WebSocket replay and request reasoning.encryptedcontent on reasoning turns so GPT-5.4/GPT-5.5 sessions do not lose required rs state beside msg_ items. Fixes #73053. Thanks @odb36777.
Gateway/startup: treat plugins.enabled=false as an early plugin fast path, skipping plugin auto-enable discovery, gateway plugin lookup/runtime-dependency staging, and stale-plugin cleanup warnings while preserving channel blocker warnings. (#73041) Thanks @WuKongAI-CMU.
Channels/commands: make generated /dock-* commands switch the active session reply route through session.identityLinks instead of falling through to normal chat. Fixes #69206; carries forward #73033. Thanks @clawbones and @michaelatamuk.
Providers/Cloudflare AI Gateway: strip assistant prefill turns from Anthropic Messages payloads when thinking is enabled, so Claude requests through Cloudflare AI Gateway no longer fail Anthropic conversation-ending validation. Fixes #72905; carries forward #73005. Thanks @AaronFaby and @sahilsatralkar.
Gateway/startup: keep primary-model startup prewarm on scoped metadata preparation, let native approval bootstraps retry outside channel startup, and skip the global hook runner when no gateway_start hook is registered, so clean post-ready sidecar work stays off the critical path. Refs #72846. Thanks @RayWoo, @livekm0309, and @mrz1836.
Gateway/channels: start bundled channel accounts with a lightweight runtimeContexts surface instead of importing the full reply/routing/session channel runtime before startAccount, so Discord, Telegram, Slack, Matrix, and QQBot startup no longer block on unrelated channel helper graphs. Refs #72846 and #72960. Thanks @mrz1836, @RayWoo, and @rollingshmily.
Gateway/supervisor: exit cleanly when a supervised restart finds an existing healthy gateway and bound retries when the existing gateway stays unhealthy, so stale lock contention cannot loop indefinitely. Refs #72846. Thanks @azgardtek.
Gateway/startup: scope primary-model provider discovery during channel prewarm to the configured provider owner and add split startup trace timings, so boot avoids staging unrelated bundled provider dependencies while setup discovery remains broad. Fixes #73002. Thanks @Schnup03.
Plugins/runtime deps: declare retained staged bundled plugin dependencies in the npm staging manifest while installing only newly missing packages, so Gateway restarts avoid reinstalling the full retained dependency set when one runtime dependency is absent. Fixes #73055. Thanks @GCorp2026.
CLI/status: keep default openclaw status off the heavyweight security audit, plugin compatibility, and memory-vector probes while still showing configured Telegram channels through setup metadata, so routine health checks stay fast and no longer render an empty Channels table. Fixes #72993. Thanks @comick1.
Channels/Telegram: send a best-effort native typing cue immediately after an inbound message is accepted, so slow pre-dispatch turns show Telegram liveness before queueing, compaction, model, or tool work starts. Fixes #63759. Thanks @alessandropcostabr.
Channels/Telegram: stop native approval startup auth failures from retrying every second, while still waiting through retryable Gateway auth handoffs, so Telegram approval setup problems no longer create a reconnect/log loop during channel startup. Refs #72846 and #72867. Thanks @kiranvk-2011 and @porly1985.
Channels/Microsoft Teams: unwrap staged CommonJS JWT runtime dependencies before Bot Connector token validation so inbound Teams messages no longer 401 after the bundled runtime-deps move. Fixes #73026. Thanks @kbrown10000.
Gateway/auth: allow local direct callers in trusted-proxy mode to use the configured gateway password as an internal fallback while keeping token fallback rejected. Fixes #17761. Thanks @dashed, @vincentkoc, and @jetd1.
Gateway/auth: add explicit trustedProxy.allowLoopback support for same-host loopback reverse proxies while keeping loopback trusted-proxy auth fail-closed by default and preserving required-header and allowlist checks. Fixes #59167; carries forward #63379. Thanks @Matir, @jeremyakers, and @mrosmarin.
Channels/sessions: prevent guarded inbound session recording from creating route-only phantom sessions while still allowing last-route updates for sessions that already exist. Carries forward #73009. Thanks @jzakirov.
Cron: accept delivery.threadId in Gateway cron add/update schemas so scheduled announce delivery can target Telegram forum topics and other threaded channel destinations through the documented delivery path. Fixes #73017. Thanks @coachsootz.
Plugins/runtime deps: stage bundled plugin dependencies imported by mirrored root dist chunks, so packaged memory and status commands do not miss chokidar or similar root-chunk dependencies after update. Fixes #72882 and #72970; carries forward #72992. Thanks @shrimpy8, @colin-chang, and @Schnup03.
Plugins/runtime deps: reuse unchanged bundled plugin runtime mirrors instead of rebuilding plugin trees on every load, cutting avoidable writes and restart/reconnect I/O on slow storage. Fixes #72933. Thanks @jasonftl.
Agents/runtime context: deliver hidden runtime context through prompt-local system context while keeping the transcript-only custom entry out of provider user turns, and strip stale copied runtime-context prefaces from user-facing replies. Fixes #72386; carries forward #72969. Thanks @jhsmith409.
Channels/Telegram: skip the optional webhook-info API call during polling-mode status checks and startup bot-label probes so long-polling setups avoid an unnecessary Telegram round trip. Carries forward #72990. Thanks @danielgruneberg.
CLI/message: resolve targeted openclaw message channels to their owning plugin before loading the registry, and fall back to configured channel plugins when the channel must be inferred, so scripted sends avoid full bundled plugin registry scans without assuming channel ids match plugin ids. Fixes #73006. Thanks @jasonftl.
Plugins/startup: parse strict JSON plugin manifests with native JSON first and keep JSON5 as the compatibility fallback, reducing manifest registry CPU during Gateway boot and CLI startup. Fixes #73011. Thanks @jasonftl.
CLI/models: keep route-first models status --json stdout reserved for the JSON payload by routing auth-profile and startup diagnostics to stderr. Fixes #72962. Thanks @vishutdhar.
Gateway/runtime: keep dirty-tree status calls from rebuilding live dist, clear stale task and restart state across in-process restarts, retry transient Discord lazy imports, and let channel startup continue after slow model warmup so browser, Discord, and voice-call sidecars come online. Thanks @vincentkoc.
Security/CodeQL: replace file SecretRef id gateway schema regex validation with segment-aligned predicates and set empty permissions on release summary/backfill jobs so the narrowed CodeQL profile stays clean. Thanks @vincentkoc.
Sessions: ignore future-dated session activity timestamps during reset freshness checks and cap future updatedAt values at the merge boundary so clock-skewed messages cannot keep stale sessions alive forever. Fixes #72989. Thanks @martingarramon.
Sessions: apply search, activity filters, and limits before gateway row enrichment so bounded session lists avoid scanning discarded transcripts. Carries forward #72978. Thanks @yeager.
Sessions: remove trajectory runtime and pointer sidecars when session maintenance prunes, caps, or disk-evicts their owning session, while preserving sidecars still referenced by live rows. Fixes #73000. Thanks @jared-rebel.
Plugins/CLI: allow managed plugin installs when the active extensions root is a symlink to a real state directory, while keeping nested target symlinks blocked and suppressing misleading hook-pack fallback errors for install-boundary failures. Fixes #72946. Thanks @mayank6136.
Providers/Ollama: mark discovered Ollama catalog models as supporting streaming usage metadata so token accounting stays enabled for local models. (#72976) Thanks @sdeyang.
Media understanding: reject malformed MIME values with trailing junk while preserving standard parameter tails before enrichment uses them. (#72914) Thanks @volcano303.
WebChat: keep bare /new and /reset prompts from producing empty transcript text by inserting the hidden session marker when the visible tail is blank. (#72863) Thanks @mahopan.
CLI/update: explain completion-cache refresh timeouts with manual refresh guidance instead of surfacing a raw low-level timeout. Fixes #72842. (#72850) Thanks @iot2edge.
Memory-core/dreaming: give narrative generation a 60-second timeout so slower local or remote models can finish instead of timing out at 15 seconds. Fixes #72837. (#72852) Thanks @RayWoo.
Plugins/hooks: inject each plugin's resolved config into internal hook event context without mutating the shared event object. (#72888) Thanks @jalapeno777.
Agents/ACP: pass the resolved ACP agent directory into media understanding so per-agent media caches and config are used for ACP-dispatched image turns. (#72832) Thanks @luyao618.
Gateway/Bonjour: truncate mDNS service names and host labels to the 63-byte DNS label limit at valid UTF-8 boundaries. (#72809) Thanks @luyao618.
Feishu: treat groups explicitly configured under channels.feishu.groups as admitted even when groupAllowFrom is empty, while preserving groupPolicy: "disabled" as a hard group block and keeping groups.\* wildcard defaults non-admitting. Fixes #67687. (#72789) Thanks @MoerAI.
Gateway/startup: keep hot Gateway boot paths on leaf config imports and add max-RSS reporting to the gateway startup bench so low-memory startup regressions are visible before release. Thanks @vincentkoc.
WebChat: read chat.history from active transcript branches, drop stale streamed assistant tails once final history catches up, and coalesce duplicate in-flight Control UI submits, so rewritten prompts, completed replies, and rapid send events no longer render or process twice. Fixes #72975, #72963, and #72974. Thanks @dmagdici, @lhtpluto, and @Benjamin5281999.
WebChat/TTS: persist automatic final-mode TTS audio as a supplemental audio-only transcript update instead of adding a second assistant message with the same visible text. Fixes #72830. Thanks @lhtpluto.
Agents/LSP: terminate bundled stdio LSP process trees during runtime disposal and Gateway shutdown, so nested children such as tsserver do not survive stop or restart. Fixes #72357. Thanks @ai-hpc and @bittoby.
Diagnostics/OTEL: capture privacy-safe model-call request payload bytes, streamed response bytes, first-response latency, and total duration in diagnostic events, plugin hooks, stability snapshots, and OTEL model-call spans/metrics without logging raw model content. Fixes #33832. Thanks @wwh830.
Logging: write validated diagnostic trace context as top-level traceId, spanId, parentSpanId, and traceFlags fields in file-log JSONL records so traced requests and model calls are easier to correlate in log processors. Refs #40353. Thanks @liangruochong44-ui.
Logging/sessions: apply configured redaction patterns to persisted session transcript text and accept escaped character classes in safe custom redaction regexes, so transcript JSONL no longer keeps matching sensitive text in the clear. Fixes #42982. Thanks @panpan0000.
Providers/Ollama: honor /api/show capabilities when registering local models so non-tool Ollama models no longer receive the agent tool surface, and keep native Ollama thinking opt-in instead of enabling it by default. Fixes #64710 and duplicate #65343. Thanks @yuan-b, @netherby, @xilopaint, and @Diyforfun2026.
Control UI/Agents: remount the Overview model controls when switching agents so the primary-model picker cannot retain stale per-agent selection. Fixes #39392; carries forward #39401, notes the duplicate #39495 approach, and keeps #46275/#54724 broader stabilization out of scope. Thanks @daijunyi002, @SergioChan, @aworki, and @wsyjh8.
Auto-reply: poison inbound message dedupe after replay-unsafe provider/runtime failures so retries stay safe before visible progress but cannot duplicate messages after block output, tool side effects, or session progress. Fixes #69303; keeps #58549 and #64606 as duplicate validation. Thanks @martingarramon, @NikolaFC, and @zeroth-blip.
Agents/model fallback: jump directly to a known later live-session model redirect instead of walking unrelated fallback candidates, while preserving the already-landed live-session/fallback loop guard. Fixes #57471; related loop family already closed via #58496. Thanks @yuxiaoyang2007-prog.
Gateway/Bonjour: keep @homebridge/ciao cancellation handlers registered across advertiser restarts so late probing cancellations cannot crash Linux and other mDNS-churned gateways. Thanks @vincentkoc.
Plugins/startup: load the default memory-core slot during Gateway startup when permitted so active-memory recall can call memorysearch and memoryget without requiring an explicit plugins.slots.memory entry, while preserving plugins.slots.memory: "none". Thanks @vincentkoc.
Gateway/plugins: resolve gateway_start cron hooks from live Gateway runtime state before the legacy deps fallback, so memory-core dreaming cron reconciliation keeps working on installs where deps.cron is not populated during service startup. Fixes #72835. Thanks @RayWoo.
Plugins/CLI: prefer native require for compiled bundled plugin JavaScript before jiti so read-only config, status, device, and node commands avoid unnecessary transform overhead on slow hosts. Fixes #62842. Thanks @Effet.
Plugins/compat: inventory doctor-side deprecation migrations separately from runtime plugin compatibility so release sweeps preserve needed repairs while enforcing dated removal windows. Thanks @vincentkoc.
Plugins/compat: add missing dated compatibility records for legacy extension-api, memory registration, provider hook/type aliases, runtime aliases, channel SDK helpers, and approval/test utility shims. Thanks @vincentkoc.
Plugins/CLI: refresh the persisted registry after managed plugin files are removed so ClawHub uninstall cannot leave stale plugins list entries. Thanks @vincentkoc.
Plugins/CLI: make plugin install and uninstall config writes conflict-aware, clear stale denylist entries on explicit reinstall/removal, and delete managed plugin files only after config/index commit succeeds. Thanks @vincentkoc.
Plugins: fail plugins update when tracked plugin or hook updates error, keep bundled runtime-dependency repair behind restrictive allowlists, and reject package installs with unloadable extension entries. Thanks @vincentkoc.
WebChat/Control UI: support non-video file attachments in chat uploads while preserving the existing image attachment path and MIME-sniff fallback for generic image uploads. (#70947) Thanks @IAMSamuelRodda.
Skills/memory: restore Chokidar v5 hot reloads by watching concrete skill and memory roots with filters, including SKILL.md removals and deleted skill folders without broad workspace recursion. Fixes #27404, #33585, and #41606. Thanks @shelvenzhou, @08820048, and @rocke2020.
Gateway/chat: keep duplicate attachment-backed chat.send retries with the same idempotency key on the documented in-flight path so aborts still target the real active run. Fixes #70139. Thanks @Feelw00.
Gateway/chat: preserve repeated boundary characters while merging assistant chat stream deltas, including repeated digits, CJK characters, and markdown/table tokens. Fixes #63769; carries forward #63994 and #65457. Thanks @yon950905 and @mohuaxiao.
Plugins: share package entrypoint resolution between install and discovery, reject mismatched runtimeExtensions, and cache bundled runtime-dependency manifest reads during scans. Thanks @vincentkoc.
WhatsApp/Web: keep quiet but healthy linked-device sessions connected by basing the watchdog on WhatsApp Web transport activity, while retaining a longer app-silence cap so frame activity cannot mask a stuck session forever. Fixes #70678; carries forward the focused #71466 approach and keeps #63939 as related configurable-timeout follow-up. Thanks @vincentkoc and @oromeis.
Discord/gateway: count failed health-monitor restart attempts toward cooldown and hourly caps, and evict stale account lifecycle state during channel reloads so repeated Discord gateway recovery cannot loop on old status. Fixes #38596. (#40413) Thanks @jellyAI-dev and @vashquez.
TTS/BlueBubbles: pre-transcode synthesized MP3 audio to opus-in-CAF (mono, 24 kHz — validated against macOS 15.x Messages.app's native voice-memo CAF descriptor) on macOS hosts before handing the file to BlueBubbles, so iMessage renders the result as a native voice-memo bubble with proper duration and waveform UI instead of a plain file attachment. Adds an opt-in tts.voice.preferAudioFileFormat channel capability and a magic-byte sniff for the CAF container so the host-local-media validator (which uses file-type and didn't recognize CAF natively) can verify the pre-transcoded buffer. Channels that don't opt in are unaffected. (#72586) Fixes #72506. Thanks @omarshahine.
Feishu: retry WebSocket startup failures with monitor-owned backoff while preserving SDK-local heartbeat defaults, so persistent-connection startup failures no longer leave the monitor hung. Fixes #68766; related #42354 and #55532. Thanks @alex-xuweilong, @120106835, @sirfengyu, and @tianhaocui.

v2026.4.26 BREAKING [Apr 28, 2026] (2d ago) details → github →

# OpenClaw 2026.4.26

2026.4.26

Changes

Control UI/Talk: add a generic browser realtime transport contract, Google Live browser Talk sessions with constrained ephemeral tokens, and a Gateway relay for backend-only realtime voice plugins. Thanks @VACInc.
CLI/models: route provider-filtered model listing through an explicit source plan so user config, installed manifest rows, Provider Index previews, and scoped runtime fallbacks keep a stable authority order without adding another catalog cache. Thanks @shakkernerd.
Providers: add Cerebras as a bundled plugin with onboarding, static model catalog, docs, and manifest-owned endpoint metadata.
Memory/OpenAI-compatible: add optional memorySearch.inputType, queryInputType, and documentInputType config for asymmetric embedding endpoints, including direct query embeddings and provider batch indexing. Carries forward #63313 and #60727. Thanks @HOYALIM and @prospect1314521.
Ollama/memory: add model-specific retrieval query prefixes for nomic-embed-text, qwen3-embedding, and mxbai-embed-large memory-search queries while leaving document batches unchanged. Carries forward #45013. Thanks @laolin5564.
Plugins/providers: move pre-runtime model-id normalization, provider endpoint host metadata, and OpenAI-compatible request-family hints into plugin manifests so core no longer carries bundled-provider routing tables.
Plugins/config: deprecate direct plugin config load/write helpers in favor of passed runtime snapshots plus transactional mutation helpers with explicit restart follow-up policy, scanner guardrails, runtime warnings, and revision-based cache invalidation.
Plugins/install: allow OPENCLAWPLUGINSTAGE_DIR to contain layered runtime-dependency roots, resolving read-only preinstalled deps before installing missing deps into the final writable root. Fixes #72396. Thanks @liorb-mountapps.
Control UI: add a raw config pending-changes diff panel that parses JSON5, redacts sensitive values until reveal, and avoids fake raw-edit callbacks when opening the panel. Refs #39831; supersedes #48621 and #46654. Thanks @JiajunBernoulli and @BunsDev.
Control UI: polish the quick settings dashboard grid so common cards align across desktop, tablet, and mobile layouts without wasting horizontal space. Thanks @BunsDev.
Matrix/E2EE: add openclaw matrix encryption setup to enable Matrix encryption, bootstrap recovery, and print verification status from one setup flow. Thanks @gumadeiras.
Agents/compaction: add an opt-in agents.defaults.compaction.maxActiveTranscriptBytes preflight trigger that runs normal local compaction when the active JSONL grows too large, requiring transcript rotation so successful compaction moves future turns onto a smaller successor file instead of raw byte-splitting history. Thanks @vincentkoc.
CLI/migration: add a bundled Claude importer that previews and applies Claude Code and Claude Desktop instructions, MCP servers, skills, command prompts, and safe archive/manual-review state. Thanks @vincentkoc.
CLI/migration: add openclaw migrate with plan, dry-run, JSON, pre-migration backup, onboarding detection, archive-only report copies, and a bundled Hermes importer for configuration, memory/plugin hints, model providers, MCP servers, skills, and supported credentials. Thanks @NousResearch.

Fixes

Gateway/device tokens: stop echoing rotated bearer tokens from shared/admin device.token.rotate responses while preserving the same-device token handoff needed by token-only clients before reconnect. (#66773) Thanks @MoerAI.
Agents/sessions_spawn: resolve configured bare model aliases for spawn model overrides using the target agent runtime default provider, carrying forward the alias-specific #69029 review fixes from #59681 without the unrelated active-session pruning path. Fixes #59681. Thanks @HowdyDooToYou.
Control UI/Talk: keep Google Live browser sessions on the WebSocket transport instead of falling back to WebRTC, validate browser Google Live WebSocket endpoints, cap Gateway relay sessions per browser connection, and remove stale browser-native voice buttons that did not use the configured Talk/TTS provider. Thanks @BunsDev.
Gateway/startup: reuse config snapshot plugin manifests for startup auto-enable before plugin bootstrap plans plugin loading. Thanks @shakkernerd.
Agents/subagents: enforce subagents.allowAgents for explicit same-agent sessions_spawn(agentId=...) calls instead of auto-allowing requester self-targets. Fixes #72827. Thanks @oiGaDio.
ACP/sessionsspawn: let explicit sessionsspawn(runtime="acp") bootstrap turns run while acp.dispatch.enabled=false still blocks automatic ACP thread dispatch. Fixes #63591. Thanks @moeedahmed.
CLI/update: install npm global updates into a verified temporary prefix before swapping the package tree into place, preventing mixed old/new installs and stale packaged files from breaking openclaw update verification. Thanks @shakkernerd.
Gateway: skip CLI startup self-respawn for foreground gateway runs so low-memory Linux/Node 24 hosts start through the same path as direct dist/index.js without hanging before logs. Fixes #72720. Thanks @sign-2025.
Google Meet: grant Meet media permissions through browser control and pin local Chrome audio defaults to BlackHole 2ch, so joined agents no longer show Permission needed or use macOS default audio devices. Thanks @DougButdorf.
Gateway: treat uncaught broken-pipe stream errors like EPIPE as non-fatal so Discord delivery or closed pipes no longer crash the Gateway after a reply is ready.
Google Meet: route local Chrome joins through OpenClaw browser control instead of raw default Chrome, so agents use the configured OpenClaw browser profile when opening Meet. Thanks @oromeis.
Plugins/discovery: follow symlinked plugin directories in global and workspace plugin roots while keeping broken links ignored and existing package safety checks in place. Fixes #36754; carries forward #72695 and #63206. Thanks @Quackstro, @ming1523, and @xsfX20.
Plugins/install: skip test files and directories during install security scans while still force-scanning declared runtime entrypoints, so packaged test mocks no longer block plugin installs. Fixes #66840; carries forward #67050. Thanks @saurabhjain1592 and @Magicray1217.
Plugins/install: allow exact package-manager peer links back to the trusted OpenClaw host package during install security scans while continuing to block spoofed or nested escaping node_modules symlinks. Carries forward #70819. Thanks @fgabelmannjr.
Plugins/install: resolve plugin install destinations from the active profile state dir across CLI, ClawHub, marketplace, local path, and channel setup installs, so openclaw --profile <name> plugins install ... no longer writes into the default profile. Fixes #69960; carries forward #69971. Thanks @FrancisLyman and @Sanjays2402.
Plugins/registry: suppress duplicate-plugin startup warnings when a tracked npm-installed plugin intentionally overrides the bundled plugin with the same id. Carries forward #48673. Thanks @abdushsk.
Plugins/startup: reuse canonical realpath lookups throughout each plugin discovery pass, including package and manifest boundary checks, so Windows npm-global startups no longer repeat expensive path resolution for the same plugin roots. Fixes #65733. Thanks @welfo-beo.
Gateway/proxy: pass ALLPROXY / allproxy into the global Undici env-proxy dispatcher and provider proxy-fetch helper while keeping SSRF trusted-proxy auto-upgrade on HTTPPROXY / HTTPSPROXY only, so gateway/provider calls honor all-proxy setups without weakening guarded fetches. Fixes #43821; carries forward #43919. Thanks @RickyTong1.
Providers/LiteLLM: honor --custom-base-url during non-interactive API-key onboarding without adding proxy discovery side effects, so scripted remote LiteLLM setup keeps the requested endpoint instead of falling back to localhost. Carries forward #66160. Thanks @dongs0104.
Reply/link understanding: keep media and link preprocessing on stable runtime entrypoints and continue with raw message content if optional enrichment fails, so URL-bearing messages are no longer dropped after stale runtime chunk upgrades. Fixes #68466. Thanks @songshikang0111.
Discord: persist routed model-picker overrides when the hidden /model dispatch succeeds but the bound thread session store is still stale, including LM Studio suffixed model ids. Carries forward #61473. Thanks @Nanako0129.
Nodes/CLI: add openclaw nodes remove --node <id|name|ip> and node.pair.remove so stale gateway-owned node pairing records can be cleaned without hand-editing state files.
Gateway: include the connecting client and fresh presence version in the initial hello-ok snapshot, so clients no longer need a follow-up event before seeing themselves online.
Docker: install the CA certificate bundle in the slim runtime image so HTTPS calls from containerized gateways no longer fail TLS setup after the bookworm-slim base switch. Fixes #72787. Thanks @ryuhaneul.
Providers/OpenRouter: remove retired Hunter Alpha and Healer Alpha static catalog rows and disable proxy reasoning injection for stale Hunter Alpha configs, so replies are not hidden when OpenRouter returns answer text in reasoning fields. Fixes #43942. Thanks @EvanDataForge.
Providers/reasoning: let Groq and LM Studio declare provider-native reasoning effort values, so Qwen thinking models receive none/default or off/on instead of OpenAI-only low/medium values. Fixes #32638. Thanks @Aqu1bp, @mgoulart, @Norpps, and @BSTail.
Local models: default custom providers with only baseUrl to the Chat Completions adapter and trust loopback model requests automatically, so local OpenAI-compatible proxies receive /v1/chat/completions without timing out. Fixes #40024. Thanks @parachuteshe.
Channels/message tool: surface Discord, Slack, and Mattermost user:/channel: target syntax in the shared message target schema and Discord ambiguity errors, so DM sends by numeric id stop burning retries before finding user:<id>. Fixes #72401. Thanks @garyd9, @hclsys, and @praveen9354.
Agents/tools: scope tool-loop detection history to the active run when available, so scheduled heartbeat cycles no longer inherit stale repeated-call counts from previous runs. Fixes #40144. Thanks @mattbrown319.
Agents/subagents: preserve requester delivery for completion announces when a child agent is bound to a different channel account while keeping same-channel thread completions routed to the child thread. Thanks @sfuminya.
Agents/subagents: fail closed instead of selecting a single child thread binding when completion delivery lacks requester conversation signal. Thanks @suyua9.
Agents/status: persist the post-compaction token estimate from auto-compaction when providers omit usage metadata, so /status and session lists keep showing fresh context usage after compaction. Fixes #67667; carries forward #72822. Thanks @Jimmy-xuzimo and @skylight-9.
Control UI: show loading, reload, and retry states when a lazy dashboard panel cannot load after an upgrade, so the Logs tab no longer appears blank on stale browser bundles. Fixes #72450. Thanks @sobergou.
Gateway/plugins: start the Gateway in degraded mode when a single plugin entry has invalid schema config, and let openclaw doctor --fix quarantine that plugin config instead of crash-looping every channel. Fixes #62976 and #70371. Thanks @Doraemon-Claw and @pksidekyk.
Agents/plugins: skip malformed plugin tools with missing schema objects and report plugin diagnostics, so one broken tool no longer crashes Anthropic agent runs. Fixes #69423. Thanks @jmnickels.
Agents/reasoning: recover fully wrapped unclosed <think> replies that would otherwise sanitize to empty text while keeping strict stripping for closed reasoning blocks and unclosed tails after visible text. Fixes #37696; supersedes #51915. Thanks @druide67 and @okuyam2y.
Control UI/Gateway: bind WebChat handshakes to their active socket and reject post-close server registrations, so aborted connects no longer leave zombie clients or misleading duplicate WebSocket connection logs. Fixes #72753. Thanks @LumenFromTheFuture.
Agents/fallback: split ambiguous provider failures into emptyresponse, noerror_details, and unclassified, and add flat fallback-step fields to structured fallback logs so primary-model failures stay visible when later fallbacks also fail. Fixes #71922; refs #71744. Thanks @andyk-ms and @nikolaykazakovvs-ux.
Gateway/startup: reuse the plugin manifest registry inside config validation so restrictive plugin allowlists avoid a duplicate manifest pass during startup. Thanks @shakkernerd.
Gateway/startup: run plugin auto-enable from authored source config and skip disabled setup probes, avoiding runtime-default plugin allowlist writes and a second config snapshot read during startup. Thanks @shakkernerd.
Plugins/Windows: normalize Windows absolute paths before handing bundled plugin modules to Jiti, so Feishu/Lark message sending no longer fails with unsupported c: ESM loader URLs. Fixes #72783. Thanks @jackychen-png.
CLI/doctor: run bundled plugin runtime-dependency repairs through the async npm installer with spinner/line progress and heartbeat updates, so long openclaw doctor --fix installs no longer look hung in TTY or piped output. Fixes #72775. Thanks @dfpalhano.
Feishu/Windows: normalize bundled channel sidecar loads before Jiti evaluates them, so Feishu outbound sends no longer fail with raw C: ESM loader errors on Windows. Fixes #72783. Thanks @jackychen-png.
Agents/tools: ignore volatile exec runtime metadata when comparing tool-loop outcomes, so enabled loop detection can stop repeated identical shell-command results instead of resetting on duration, PID, session, or cwd changes. Fixes #34574; supersedes #41502. Thanks @gucasbrg and @Zcg2021.
Agents/fallback: classify internal live-session model switch conflicts as unknown fallback failures instead of provider overloads, preventing local vLLM endpoints from receiving misleading overloaded cooldowns. Refs #63229. Thanks @clawdia-lobster.
Discord: let thread sessions inherit the parent channel's session-level /model override as a model-only fallback without enabling parent transcript inheritance. Fixes #72755. Thanks @solavrc.
Gateway/plugins: skip stale configured channels whose matching plugin is no longer discoverable, point cleanup at openclaw doctor --fix, and keep unrelated channel typos fatal so one missing channel plugin no longer crash-loops the Gateway. Fixes #53311. Thanks @futhgar.
Control UI: keep session-specific assistant identity loads authoritative after WebSocket connect, so non-main agent chat sessions do not show the main agent name in the header after bootstrap refreshes. Fixes #72776. Thanks @rockytian-top.
Agents/Qwen: preserve exact custom modelstudio provider configs with foreign api owners so explicit OpenAI-compatible Model Studio endpoints no longer get normalized into the bundled Qwen plugin path. Fixes #64483. Thanks @FiredMosquito831.
MCP/bundle-mcp: normalize CLI-native type: "http" MCP server entries to OpenClaw transport: "streamable-http" on save, repair existing configs with doctor, and keep embedded Pi from falling back to legacy SSE GET-first startup for those servers. Fixes #72757. Thanks @Studioscale.
OpenCode: expose Anthropic Opus/Sonnet 4.x thinking levels for proxied Claude models, so /think xhigh, /think adaptive, and /think max validate consistently with the direct Anthropic provider. Fixes #72729. Thanks @haishmg and @aaajiao.
Media-understanding/audio: migrate deprecated {input} placeholders in legacy audio.transcription.command configs to {{MediaPath}}, so custom audio transcribers no longer receive the literal placeholder after doctor repair. Fixes #72760. Thanks @krisfanue3-hash.
Ollama/WSL2: warn when GPU-backed WSL2 installs combine CUDA visibility with an autostarting ollama.service using Restart=always, and document the systemd, .wslconfig, and keep-alive mitigation for crash loops. Carries forward #61022; fixes #61185. Thanks @yhyatt.
Ollama/onboarding: de-dupe suggested bare local models against installed :latest tags and skip redundant pulls, so setup shows the installed model once and no longer says it is downloading an already available model. Fixes #68952. Thanks @tleyden.
Memory-core/doctor: keep doctor.memory.status on the cached path by default and only run live embedding pings for explicit deep probes, preventing slow local embedding backends from blocking Gateway status checks. Fixes #71568. Thanks @apex-system.
Memory/QMD: group same-source collections into one QMD search invocation when the installed QMD supports multiple -c filters, while keeping older QMD builds on the per-collection fallback. Fixes #72484; supersedes #72485 and #69583. Thanks @BsnizND and @zeroaltitude.
Memory/QMD: accept QMD status vector-count variants such as Vectors = 42, Vectors:42, and Vectors: 42 embedded, so memory status --deep no longer reports embeddings unavailable for healthy QMD wrappers. Fixes #63652; carries forward #63678. Thanks @apoapostolov and @WarrenJones.
Memory/QMD: skip QMD vector status probes and embedding maintenance in lexical searchMode: "search", so BM25-only QMD setups on ARM do not trigger llama.cpp/Vulkan builds during status checks or embed cycles. Fixes #59234 and #67113. Thanks @PrinceOfEgypt, @Vksh07, @Snipe76, @NomLom, @t4r3e2q1-commits, and @dmak.
Memory/QMD: report the live watcher dirty state in memory status, so changed QMD-backed memory files show as dirty until the queued sync finishes. Fixes #60244. Thanks @xinzf.
Compaction: skip oversized pre-compaction checkpoint snapshots and prune duplicate long user turns from compaction input and rotated successor transcripts, preventing retry storms from being preserved across checkpoint cycles. Fixes #72780. Thanks @SweetSophia.
Control UI/Cron: render cron job prompts and run summaries as sanitized markdown in the dashboard, with full-width block content, safer link clicks, and no duplicate error text when a failed run has no summary. Supersedes #48504. Thanks @garethdaine.
Control UI/Gateway: preserve WebChat client version labels across localhost, 127.0.0.1, and IPv6 loopback aliases on the same port, avoiding misleading vcontrol-ui connection logs while investigating duplicate-message reports. Refs #72753 and #72742. Thanks @LumenFromTheFuture and @allesgutefy.
Agents/reasoning: treat orphan closing reasoning tags with following answer text as a privacy boundary across delivery, history, streaming, and Control UI sanitizers so malformed local-model output cannot leak chain-of-thought text. Fixes #67092. Thanks @AnildoSilva.
Memory-core: run one-shot memory CLI commands through transient builtin and QMD managers so memory index, memory status --index, and memory search no longer start long-lived file watchers that can hit macOS EMFILE limits. Fixes #59101; carries forward #49851. Thanks @mbear469210-coder and @maoyuanxue.
Agents/ACP: ship the Claude ACP adapter with OpenClaw and require Claude result messages before idle can complete a prompt, preventing parent agents from waking early on long-running sessions_spawn(runtime: "acp", agentId: "claude") children. Fixes #72080. Thanks @siavash-saki and @iannwu.
CLI/tasks: route tasks --json, tasks list --json, and tasks audit --json through a lean JSON path so read-only task inspection no longer loads unrelated plugin/runtime command graphs. Fixes #66238. Thanks @ChuckChambers.
Memory-core: re-resolve the active runtime config whenever memorysearch or memoryget executes, so provider changes made by config.patch stop leaving stale embedding backends behind in existing tool instances. Fixes #61098. Thanks @BradGroux and @Linux2010.
WebChat: keep bare /new and /reset startup instructions out of visible chat history while preserving /reset <note> as user-visible transcript text. Fixes #72369. Thanks @collynes and @haishmg.
Tasks/memory: checkpoint and truncate SQLite WAL sidecars on a timer and before close for task, Task Flow, proxy capture, and builtin memory databases, bounding long-running gateway *.sqlite-wal growth. Fixes #72774. Thanks @dfpalhano.
CLI/doctor: remove dangling channel config, heartbeat targets, and channel model overrides when stale plugin repair removes a missing channel plugin, preventing Gateway boot loops after failed plugin reinstalls. Fixes #65293. Thanks @yidecode.
Control UI/Gateway: cache, coalesce, stale-refresh, and invalidate effective tool inventory on channel registry changes while reusing the gateway-bound plugin registry and avoiding model/auth discovery, so chat runs no longer stall Control UI requests on repeated plugin/model setup. Fixes #72365; supersedes #72558. Thanks @Gabiii2398 and @1yihui.
Channels/setup: treat bundled channel plugins as already bundled during channels add and onboarding, enabling them without writing redundant plugins.load.paths entries or path install records. Fixes #72740. Thanks @iCodePoet.
WhatsApp: honor gateway HTTPSPROXY / HTTPPROXY env vars for QR-login WebSocket connections, while respecting NO_PROXY, so proxied networks no longer fall back to direct mmg.whatsapp.net connections that time out with 408. Fixes #72547; supersedes #72692. Thanks @mebusw and @SymbolStar.
Bonjour: default mDNS advertisements to the system hostname when it is DNS-safe, avoiding openclaw.local probing conflicts and Gateway restart loops on hosts such as Lobster or ubuntu. Fixes #72355 and #72689; supersedes #72694. Thanks @mscheuerlein-bot, @gcusms, @moyuwuhen601, @pavan987, @zml-0912, @hhq365, and @SymbolStar.
Agents/OpenAI-compatible: retry replay-safe empty stop turns once for openai-completions endpoints, so transient empty local backend responses no longer surface as “Agent couldn't generate a response” when a continuation succeeds, and restore openclaw agent --model for one-shot CLI runs. Fixes #72751. Thanks @moooV252.
Git hooks: skip ignored staged paths when formatting and restaging pre-commit files, so merge commits no longer abort when .gitignore newly ignores staged merged content. Fixes #72744. Thanks @100yenadmin.
Memory-core/dreaming: add a supported dreaming.model knob for Dream Diary narrative subagents, wired through phase config and the existing plugin subagent model-override trust gate. Refs #65963. Thanks @esqandil and @mjamiv.
Agents/Anthropic: remove trailing assistant prefill payloads when extended thinking is enabled, so Opus 4.7/Sonnet 4.6 requests do not fail Anthropic's user-final-turn validation. Fixes #72739. Thanks @superandylin.
Agents/vLLM/Qwen: add plugin-owned Qwen thinking controls for vLLM chat-template kwargs and DashScope-style top-level enable_thinking flags, including preserved thinking for agent loops. Fixes #72329. Thanks @stavrostzagadouris.
Memory-core/dreaming: treat request-scoped narrative fallback as expected, skip session cleanup when no subagent run was created, and remove duplicate phase-level cleanup so fallback no longer emits warning noise. Fixes #67152. Thanks @jsompis.
Agents/exec: apply configured tools.exec.timeoutSec to background, yieldMs, and node system.run commands when no per-call timeout is set, preventing auto-backgrounded and remote node commands from running indefinitely. Fixes #67600; supersedes #67603. Thanks @dlmpx and @kagura-agent.
Config/doctor: stop masking unknown-key validation diagnostics such as agents.defaults.llm, and have openclaw doctor --fix remove the retired agents.defaults.llm timeout block. Thanks @aidiffuser.
CLI/startup: keep the built pre-dispatch CLI graph free of package-level imports and extend packaged CLI smoke coverage to onboard and doctor help paths, preventing missing runtime dependencies such as tslog from killing onboarding before repair code can run. Fixes #63024. Thanks @hu19940121.
CLI/plugins: preserve unversioned ClawHub install specs so plugins update can follow newer ClawHub releases instead of pinning to the initially resolved version. Fixes #63010; supersedes #58426. Thanks @kangsen1234 and @robinspt.
Memory-core/subagents: tag plugin-created subagent sessions with their plugin owner so dreaming narrative cleanup can delete its own ephemeral sessions without granting broad admin session deletion. Fixes #72712. Thanks @BSG2000.
Gateway/models: move local-provider pricing opt-outs, OpenRouter/LiteLLM aliases, and proxy passthrough pricing lookup into plugin manifest metadata so core no longer carries extension-specific pricing tables.
CLI/update: honor OPENCLAWNOAUTO_UPDATE=1 as a gateway startup kill-switch for configured background package auto-updates, so operators can hold a deliberate downgrade during incident recovery without editing config first. Fixes #72715. Thanks @Xivi08.
Agents/Claude CLI: force live-session launches to include --output-format stream-json whenever OpenClaw adds --input-format stream-json, so new Claude CLI sessions no longer fail immediately while reusable sessions keep working. Fixes #72206. Thanks @kwangwonkoh and @Xivi08.
CLI/plugins: accept ClawHub plugin API wildcard ranges such as * without rejecting compatible plugin installs, while still requiring a valid runtime API version. Fixes #56446; supersedes #56466. Thanks @darconada and @claygeo.
CLI/plugins: add an explicit npm:<package> install prefix that skips ClawHub lookup for known npm packages while keeping bare package specs ClawHub-first. Fixes #55805; supersedes #54377. Thanks @Zeoy2020 and @vagusX.
CLI/plugins: let config-gated bundled plugins install without persisting invalid placeholder config entries, so install/uninstall sweeps can cover plugins such as memory-lancedb before the user configures credentials. Thanks @vincentkoc.
CLI/plugins: reject malformed ClawHub plugin specs with trailing @ before registry lookup, so empty-version typos report as invalid specs instead of package-not-found errors. Fixes #56579; supersedes #56582. Thanks @Kansodata.
Agents/sessions: acquire the session write lock only after cold bootstrap, plugin, and tool setup so fallback runs are not blocked by stalled pre-model startup work.
Browser/plugins: auto-start the bundled browser plugin when root browser config is present, including restrictive plugin allowlists, and ignore stale persisted plugin registries whose package paths no longer exist.
Browser: circuit-break repeated managed Chrome launch failures per profile so browser requests stop spawning Chromium indefinitely when CDP cannot start. Fixes #64271. Thanks @TheophilusChinomona.
Gateway/models: skip external OpenRouter and LiteLLM pricing refreshes for local/self-hosted model endpoints so startup does not wait on remote pricing catalogs for local-only Ollama, vLLM, and compatible providers.
CLI/plugins: stop security-blocked plugin installs from retrying as hook packs, so normal plugin packages report the scanner failure without a misleading "not a valid hook pack" follow-up. Fixes #61175; supersedes #64102. Thanks @KonsultDigital and @ziyincody.
Agents/Anthropic: strip stale trailing assistant prefill turns from outbound replay so context-engine short circuits cannot send unsupported assistant-prefill payloads to provider APIs. Fixes #72556. Thanks @Veda-openclaw.
Agents/Google: strip stale trailing assistant/model prefill turns from Gemini outbound replay so Google Generative AI requests end with a user turn or function response. Follow-up to #72556. Thanks @Veda-openclaw.
Control UI/Dreaming: require explicit confirmation before applying restart-impacting Dreaming mode changes, with restart warning copy and loading feedback. Fixes #63804. (#63807) Thanks @bbddbb1.
CLI/agent: mark Gateway-to-embedded fallback runs with meta.transport: "embedded" and meta.fallbackFrom: "gateway" in JSON output, and make the terminal diagnostic explicit so scripts and operators can distinguish fallback runs from Gateway runs. Fixes #71416. Thanks @amknight.
Agents/tools: normalize null or missing tool-call arguments to {} for parameterless object schemas before Pi validation, so empty-argument tools run instead of failing argument validation. Fixes #72587. Thanks @amknight.
Agents/subagents: clear active embedded-run state before terminal lifecycle events so post-completion cleanup no longer treats finished child runs as still active and skips archive or announcement bookkeeping. (#70187) Thanks @amknight.
CLI/update: keep the automatic post-update completion refresh on the core-command tree so it no longer stages bundled plugin runtime deps before the Gateway restart path, avoiding .24 update hangs and 1006 disconnect cascades. Fixes #72665. Thanks @sakalaboator and @He-Pin.
Control UI: make explicit Reload Config actions discard stale local config edits while passive refreshes and failed-save recovery keep pending drafts intact. Fixes #40352; carries forward #40443. Thanks @realmikechong-dotcom.
Agents/Bedrock: stop heartbeat runs from persisting blank user transcript turns and repair existing blank user text messages before replay, preventing AWS Bedrock ContentBlock blank-text validation failures. Fixes #72640 and #72622. Thanks @goldzulu.
Agents/LM Studio: promote standalone bracketed local-model tool requests into registered tool calls and hide unsupported bracket blocks from visible replies, so MemPalace MCP lookups do not print raw [tool] JSON scaffolding in chat. Fixes #66178. Thanks @detroit357.
Local models: warn when an assistant reply looks like a tool call but the provider emitted plain text instead of a structured tool invocation, making fake/non-executed tool calls visible in logs. Fixes #51332. Thanks @emilclaw.
Local models: accept persisted non-secret local auth markers for private-LAN custom OpenAI-compatible providers, so LAN Ollama configs no longer fail with missing auth when ollama-local is saved as the key. Fixes #49736. Thanks @charles-zh.
TUI/local models: treat visible gateway client labels such as openclaw-tui as the current requester session for session-aware tools, so Ollama tool calls no longer fail by resolving the UI label as a session id. Fixes #66391. Thanks @kickingzebra.
Local models: route self-hosted OpenAI-compatible model discovery through the guarded fetch path pinned to the configured host, covering vLLM and SGLang setup without reopening local/LAN SSRF probes. Supersedes #46359. Thanks @cdxiaodong.
Local models: classify terminated, reset, closed, timeout, and aborted model-call failures and attach a process memory snapshot to the diagnostic event, making LM Studio/Ollama RAM-pressure failures easier to prove from stability bundles. Refs #65551. Thanks @BigWiLLi111.
Local models: pass configured provider request timeouts through OpenAI SDK transports and the model idle watchdog so long-running local or custom OpenAI-compatible streams use one timeout knob instead of hitting the SDK's 10-minute default or the 120s idle default. Fixes #63663. Thanks @aidiffuser.
LM Studio: trust configured LM Studio loopback, LAN, and tailnet endpoints for guarded model requests by default, preserving explicit private-network opt-outs. Refs #60994. Thanks @tnowakow.
Docker/setup: route Docker onboarding defaults for host-side LM Studio and Ollama through host.docker.internal and add the Linux host-gateway mapping to the bundled Compose file, so containerized gateways can reach local providers without using container loopback. Fixes #68684; supersedes #68702. Thanks @safrano9999 and @skolez.
Agents/LM Studio: strip prior-turn Gemma 4 reasoning from OpenAI-compatible replay while preserving active tool-call continuation reasoning. Fixes #68704. Thanks @chip-snomo and @Kailigithub.
LM Studio: allow interactive onboarding to leave the API key blank for unauthenticated local servers, using local synthetic auth while clearing stale LM Studio auth profiles. Fixes #66937. Thanks @olamedia.
Plugins/startup: use a PluginLookUpTable during Gateway startup so channel ownership, deferred channel loading, and startup plugin IDs reuse the same installed manifest registry instead of rebuilding manifest metadata on the boot path. Thanks @shakkernerd.
Plugins/startup: pass the Gateway PluginLookUpTable through plugin loading so auto-enable checks and startup-scope fallback reuse the same manifest registry instead of doing another manifest pass. Thanks @shakkernerd.
Plugins/startup: carry the Gateway PluginLookUpTable into deferred channel full-runtime reloads so post-listen startup does not rebuild manifest metadata after the provisional setup-runtime load. Thanks @shakkernerd.
Gateway/models: reuse Gateway plugin manifest metadata during the initial model-pricing refresh so pricing policies and configured plugin web-search models do not rebuild plugin lookups during startup. Thanks @shakkernerd.
Gateway/startup: extend OPENCLAWGATEWAYSTARTUP_TRACE=1 with per-phase event-loop delay plus plugin lookup-table timing and count metrics for installed-index, manifest, startup-plan, and owner-map work, and include the new timing fields in startup benchmark summaries. Thanks @shakkernerd.
Plugins/channels: resolve read-only channel command defaults from one plugin index plus manifest pass instead of reloading plugin metadata while checking candidate plugin enablement. Thanks @shakkernerd.
Plugins/capabilities: cache manifest-derived capability provider plugin IDs per config snapshot so repeated TTS, media, realtime, memory, image, video, and music provider resolution avoids redundant manifest scans. Thanks @shakkernerd.
Plugins/contracts: resolve runtime manifest-contract plugin owners from one plugin index plus manifest pass instead of rebuilding manifest metadata separately for all owners and enabled owners. Thanks @shakkernerd.
Plugins/extractors: reuse one manifest registry pass while resolving bundled document and web-content extractor plugins instead of rereading manifests for compatibility and enablement filtering. Thanks @shakkernerd.
Plugins/providers: reuse one plugin registry snapshot and manifest registry while resolving provider discovery entries instead of rebuilding manifest metadata after provider owner discovery. Thanks @shakkernerd.
Plugins/registry: resolve lookup-table owner maps for providers, CLI backends, setup providers, command aliases, model catalogs, channel configs, and manifest contracts while preserving setup-only CLI backend ownership. Thanks @shakkernerd.
Plugins/registry: cache repeated installed-index manifest registry fallback rebuilds behind a bounded invalidating cache so cold provider-discovery paths avoid rereading unchanged manifests. Thanks @mcaxtr.
Plugins/web: reuse manifest records already loaded for bundled web provider candidate discovery when falling back to public artifact provider loading. Thanks @shakkernerd.
Mattermost: keep direct-message replies top-level by suppressing reply roots for DM delivery while preserving channel and group thread roots, and derive inbound chat kind from the trusted channel lookup instead of the websocket event channel type. Carries forward #60115, #55186, #72305, and #72659; refs #59758, #59981, #59791, and #57565. Thanks @vincentkoc, @jwchmodx, and @hnykda.
Docker: pre-create /home/node/.openclaw with node ownership and private permissions so first-run Docker Compose named volumes no longer fail startup with EACCES. (#48072, #63959; fixes #61279) Thanks @timoxue and @jeanibarz.
CLI/Gateway: treat local restart probe policy closes for connect, exact device required, pairing, and auth failures as Gateway reachability proof without accepting empty, broad standalone token/password/scope/role, or pair-substring 1008 close reasons. Fixes #48771; carries forward #48801; related #63491. Thanks @MarsDoge and @genoooool.
Feishu: send outgoing interactive reply payloads as native cards with clickable buttons while preserving text, media, and document-comment fallbacks. Fixes #13175 and #58298; carries forward #47891. Thanks @Horacehxw.
Control UI/WebChat: skip redundant final-event history reloads when the assistant payload already rendered, and keep deferred session.message reloads attached to the active run so final reconciliation no longer splits, duplicates, or drops assistant bubbles. Fixes #66875 and #66274; follows #66997 and #67037. Thanks @BiznessFish, @scotthuang, and @hansolo949.
CLI/Agents: route new openclaw agent --to sessions through the configured default agent while migrating legacy agent:main:<mainKey> rows into the default-agent store, preserving the default-agent fix from #64108. Fixes #63992; related #56370, #56453, and #42009. Thanks @mushuiyu886 and @voocel.
Process/Windows: decode command stdout and stderr from raw bytes with console-codepage awareness, while preserving valid UTF-8 output and multibyte characters split across chunks. Fixes #50519. Thanks @iready, @kevinten10, @zhangyongjie1997, @knightplat-blip, @heiqishi666, and @slepybear.
Bonjour/Windows: hide the bundled mDNS advertiser's Windows ARP shell probe so Gateway startup no longer flashes command-prompt windows. Fixes #70238. Thanks @alexandre-leng, @PratikRai0101, @infinitypacific, and @tomerpeled.
Agents/bootstrap: dedupe hook-injected bootstrap context files by workspace-relative path and store normalized resolved paths so duplicate relative and absolute hook paths no longer depend on the process cwd. (#59344; fixes #59319; related #56721, #56725, and #57587) Thanks @koen666.
Agents/bootstrap: refresh cached workspace bootstrap snapshots on long-lived main-session turns when AGENTS.md, SOUL.md, MEMORY.md, or TOOLS.md change on disk, while preserving unchanged snapshot identity through the workspace file cache. (#64871; related #43901, #26497, #28594, #30896) Thanks @aimqwest and @mikejuyoon.
macOS Gateway: detect installed-but-unloaded LaunchAgent split-brain states during status, doctor, and restart, and re-bootstrap launchd supervision before falling back to unmanaged listener restarts. Fixes #67335, #53475, and #71060; refs #58890, #60885, and #70801. Thanks @ze1tgeist88, @dafacto, and @vishutdhar.
Plugins/install: treat mirrored core logger dependencies as staged bundled runtime deps so packaged Gateway starts do not crash when the external plugin-runtime-deps root is missing tslog. Fixes #72228; supersedes #72493. Thanks @deepujain.
Build/plugins: preserve active bundled runtime-dependency staging temp directories owned by live build processes so overlapping postbuild runs no longer delete each other's staged deps mid-prune. Supersedes #72220. Thanks @VACInc.
Plugins/install: hide bundled runtime-dependency npm child windows on Windows across Gateway startup, postinstall, and packaged staging paths so Telegram/Anthropic dependency repair no longer flashes shell windows. Fixes #72315. Thanks @athuljayaram and @joshfeng.
Agents/Windows: normalize lazy agent runtime imports before Node ESM loading so Windows drive-letter subagent-registry runtime paths no longer fail every agent task with ERRUNSUPPORTEDESMURLSCHEME. Fixes #72636; carries forward #72716. Thanks @Andyz-CData and @xialonglee.
Plugins/Windows: normalize lazy plugin service override imports before Node ESM loading so drive-letter browser-control module paths no longer fail with ERRUNSUPPORTEDESMURLSCHEME. Fixes #72573; supersedes #72599 and #72582. Thanks @llzzww316, @feineryonah-byte, and @WuKongAI-CMU.
Browser/plugins: load playwright-core through the browser runtime shim so packaged installs can run Playwright actions from staged plugin runtime deps after doctor/startup repair. Fixes #72168; supersedes #72238. Thanks @zdg1110 and @yetval.
Plugins/install: stage bundled plugin runtime dependencies before Gateway startup, drain update restarts, and materialize plugin-owned root chunks in external mirrors so staged deps resolve under native ESM. Fixes #72058; supersedes #72084. Thanks @amnesia106 and @drvoss.
TTS/SecretRef: resolve messages.tts.providers.*.apiKey from the active runtime snapshot so SecretRef-backed MiniMax and other TTS provider keys work in runtime reply/audio paths. Fixes #68690. Thanks @joshavant.
Gateway/install: surface systemd user-bus recovery hints during Linux service activation and retry via the target user scope when systemctl --user reports no-medium bus failures, without letting stale SUDO_USER override sudo -u installs. Fixes #39673; refs #44417 and #63561. Thanks @Arbor4, @myrsu, @mssteuer, and @boyuaner.
CLI/nodes: make unfiltered openclaw nodes list prefer the effective paired-node view used by nodes status while preserving pending rows, pairing-scope fallback, terminal-safe table rendering, and paired JSON metadata. Fixes #46871; carries forward #65772 through the ProjectClownfish #72619 repair. Thanks @skainguyen1412.
CLI/startup: read generated startup metadata from the bundled dist layout before falling back to live help rendering, so root/browser help and channel-option bootstrap stay on the fast path. Thanks @vincentkoc.
Feishu/Lark: stop treating broadcast-only @all/@_all messages as bot mentions while preserving direct bot mentions, including messages that also include @all. Fixes #37706. Thanks @JosepLee.
CLI/help: treat positional help invocations like openclaw channels help as help paths for startup gating, avoiding model/auth warmup while preserving positional arguments such as openclaw docs help. Thanks @gumadeiras.
Web search: route plugin-scoped web_search SecretRefs through the active runtime config snapshot so provider execution receives resolved credentials across app/runtime paths, including plugins.entries.brave.config.webSearch.apiKey. Fixes #68690. Thanks @VACInc.
Voice Call: allow SecretRef-backed Twilio auth tokens and call-specific OpenAI/ElevenLabs TTS API keys through the plugin config surface. Fixes #68690. Thanks @joshavant.
Google Meet: clean stale chrome-node realtime audio bridges by URL before rejoining, expose active node bridge inspection, and tolerate transient node input pull failures instead of dropping the Meet session. Fixes #72371. (#72372) Thanks @BsnizND.
Google Meet: use 24 kHz PCM16 for Chrome command-pair realtime audio by default, preserve legacy 8 kHz G.711 mu-law custom command pairs, and let realtime providers negotiate the selected bridge audio format. Fixes #72525. Thanks @BsnizND.
Google Meet: clear queued Gemini Live playback when realtime interruptions arrive, restart Chrome command-pair audio output after clears, and expose Google Live interruption/VAD config knobs for Meet and Voice Call realtime bridges. Fixes #72523. (#72524) Thanks @BsnizND.
Google Meet: add realtime.agentId so live meeting consults can target a named OpenClaw agent instead of always using main. (#72381) Thanks @BsnizND.
Google Meet: route stateful google_meet tool actions through the gateway-owned runtime so created or joined realtime sessions remain visible to status, speak, and leave after the agent turn ends. Fixes #72440. (#72441) Thanks @BsnizND.
Google Meet/Voice Call: send Gemini Live a non-blocking consult continuation before long OpenClaw agent consults finish, then deliver the final result when idle so calls and meetings do not sit silent during tool-backed answers. (#72189) Thanks @VACInc.
Google Meet: preserve Gemini Live function names when replying to realtime tool calls so Google SDK validation accepts the FunctionResponse payload. Fixes #72425. (#72426) Thanks @BsnizND.
Discord/media: keep incidental Markdown image badges in final replies as text unless a channel opts into Markdown-image media extraction, while preserving Telegram Markdown-image media replies and explicit MEDIA: attachments. Fixes #72642. Thanks @solavrc and @Bartok9.
Matrix/E2EE: stabilize recovery and broken-device QA flows while avoiding Matrix device-cleanup sync races that could leave shutdown-time crypto work running. Thanks @gumadeiras.
Cron: apply cron.maxConcurrentRuns to a dedicated cron-nested isolated agent-turn lane as well as cron dispatch, so parallel cron jobs no longer serialize on inner LLM execution while non-cron nested flows keep their existing lane behavior. Fixes #72707. Thanks @kagura-agent.
Cron: report isolated runs as successful when verified cron delivery already delivered the reply, while keeping unresolved Message/Canvas tool failures fatal. Fixes #72732 and #50170; follow-up to #54188. Thanks @zNatix, @pixeldyn, and @ChickenEggRoll.
Cron: treat isolated run-level agent failures as job errors even when no reply payload is produced, synthesizing a safe error payload so model/provider failures increment error counters and trigger failure notifications instead of clearing as successful. Fixes #43604; carries forward #43631. Thanks @SPFAdvisors.
Cron: preserve exact NO_REPLY tool results from isolated jobs with empty final assistant turns as quiet successes instead of surfacing incomplete-turn errors. Fixes #68452; carries forward #68453. Thanks @anyech.
Cron: resolve failure alerts and failure-destination announcements against session:<id> targets before falling back to the creator session, so jobs created from group chats can notify the targeted direct session without cross-account routing errors. Refs #62777; carries forward #68535. Thanks @slideshow-dingo and @likewen-tech.
Discord: preserve explicit user: and channel: delivery targets through plugin routing so cron announcements and failure alerts keep their intended recipient kind. Refs #62777; carries forward #62798. Thanks @neeravmakwana.
Cron: add failureAlert.includeSkipped and openclaw cron edit --failure-alert-include-skipped so persistently skipped jobs can alert without counting skips as execution errors or affecting retry backoff. Fixes #60846. Thanks @slideshow-dingo.
Cron: invalidate stale pending runtime slots after live or offline jobs.json schedule edits, while preserving due slots for formatting-only rewrites. Fixes #27996 and #71607; carries forward #71651. Thanks @xialonglee and @fagnersouza666.
Cron: keep legacy flat jobs.json rows loadable while comparing split-state schedule identities, so old cron stores do not crash before in-memory hydration can normalize them.
Cron: start isolated agent-turn execution timeouts after the runner enters its effective execution lane, so queued cron/manual runs no longer spend their whole timeout budget before useful work begins. Fixes #41783. Thanks @ayanesakura and @Hurray0.
Cron/Telegram: preserve direct-chat thread IDs and optional account IDs when inferring reminder delivery from Telegram direct-thread session keys. Fixes #44270; carries forward #44325, #44351, #44412, and #72657. Thanks @RunMintOn, @arkyu2077, @0xsline, and @vincentkoc.
Cron: omit synthetic delivery.resolved errors from --no-deliver run records while preserving explicit no-deliver target traces for agent-initiated messages. Fixes #72210; carries forward #72219. Thanks @hatemclawbot-collab and @xydigit-sj.
Cron: classify isolated runs as errors from structured embedded-run execution-denial metadata, with final-output marker fallback for SYSTEMRUNDENIED, INVALID_REQUEST, and approval-binding refusals, so blocked commands no longer appear green in cron history. Fixes #67172; carries forward #67186. Thanks @oc-gh-dr, @hclsys, and @1yihui.
Subagents: keep the delegated task only in the subagent system prompt and send a short initial kickoff message, avoiding duplicate task tokens while preserving multiline task formatting. Fixes #72019; carries forward #72053. Thanks @Wizongod and @ly85206559.
Onboarding/GitHub Copilot: add manifest-owned --github-copilot-token support for non-interactive setup, including env fallback, tokenRef storage in ref mode, saved-profile reuse, and current Copilot default-model wiring. Refs #50002 and supersedes #50003. Thanks @scottgl9.
Gateway/install: add a validated --wrapper/OPENCLAW_WRAPPER service install path that persists executable LaunchAgent/systemd wrappers across forced reinstalls, updates, and doctor repairs instead of falling back to raw node/bun ProgramArguments. Fixes #69400. (#72445) Thanks @willtmc.
Plugins: fail plugin registration when loader-owned acceptance gates reject missing hook names or memory-only capability registration from non-memory plugins, surfacing the issue through plugin status and doctor instead of silently dropping the registration. Fixes #72459. Thanks @amknight.
macOS Gateway: write launchd services with a state-dir WorkingDirectory, use a durable state-dir temp path instead of freezing macOS session TMPDIR, create that temp directory before bootstrap, and label abort-shaped launchd exits as SIGABRT/abort in status output. Fixes #53679 and #70223; refs #71848. Thanks @dlturock, @stammi922, and @palladius.
Control UI/update: make Update now require a real gateway process replacement, report skipped/error update outcomes with stable reasons, and verify the running gateway version after restart so global installs cannot silently keep old code in memory. Fixes #62492; addresses #64892 and #63562. Thanks @IAMSamuelRodda.
Exec approvals: accept runtime-owned source: "allow-always" and commandText allowlist metadata in gateway and node approval-set payloads so Control UI round-trips no longer fail with unexpected property 'source'. Fixes #60000; carries forward #60064. Thanks @sd1471123, @sharkqwy, and @luoyanglang.
Exec/node: skip approval-plan preparation for full-trust host=node runs so interpreter and script commands no longer fail with SYSTEMRUNDENIED: approval cannot safely bind when effective policy is security=full and ask=off. Fixes #48457 and duplicate #69251. Thanks @ajtran303, @jaserNo1, @Blakeshannon, @lesliefag, and @AvIsBeastMC.
Exec/node: synthesize a local approval plan when a paired node advertises system.run without system.run.prepare, unblocking approval-required host=node exec on current macOS companion nodes while preserving remote prepare for node hosts that support it. Fixes #37591 and duplicate #66839; carries forward #69725. Thanks @soloclz.
Memory/QMD: prefer QMD's --mask collection pattern flag so root memory indexing stays scoped to MEMORY.md instead of widening to every markdown file in the workspace. Fixes #65480; supersedes #65481 and #66259. Thanks @ccage-simp, @Bortlesboat, @seank-com, and @crazyscience.
Memory/doctor: treat the specific gateway timeout after ... gateway memory probe result as inconclusive instead of reporting embeddings not ready, while preserving warnings for explicit failures. Fixes #44426; carries forward #46576 with the Greptile review feedback applied. Thanks Cengiz (@ghost).
Gateway/memory: defer QMD startup for implicit non-default agents and scope memory runtime loading to the selected memory slot so Gateway boot and first memory recall avoid broad plugin runtime fanout. Thanks @vincentkoc.
Gateway/startup: keep core request handlers, setup wizard, and channel runtime helpers off the boot path until the first matching request, wizard run, or channel start, reducing no-plugin Gateway ready RSS and avoidable startup imports. Thanks @vincentkoc.
Gateway/startup: keep CLI outbound channel send dependencies as lazy request-time senders so Gateway boot no longer imports channel plugin registration just to construct default deps. Thanks @vincentkoc.
Gateway/startup: split lightweight HTTP auth helpers away from model-override helpers so Gateway bind no longer imports model catalog selection while wiring base HTTP routes. Thanks @vincentkoc.
Gateway/startup: lazy-load plugin HTTP route dispatch when active plugin routes exist so no-plugin Gateway boot skips plugin route runtime scope setup. Thanks @vincentkoc.
Gateway/startup: move chat run/subscriber registries onto a lightweight state module and defer chat/session event projection until the first event so Gateway boot skips session IO imports. Thanks @vincentkoc.
Gateway/startup: keep node session runtime on a lightweight JSON parser instead of importing gateway method validation helpers during boot. Thanks @vincentkoc.
Gateway/startup: read embedded-run activity from a lightweight shared state module so restart deferral no longer imports the embedded runner during Gateway boot. Thanks @vincentkoc.
Gateway/startup: defer MCP loopback server imports until Gateway shutdown so normal boot no longer loads the loopback HTTP/tool schema stack just to register close handlers. Thanks @vincentkoc.
Gateway/startup: resolve channel runtime helpers asynchronously only when an enabled/configured channel starts, so no-channel Gateway boot skips auto-reply, media, pairing, and outbound channel helper imports. Thanks @vincentkoc.
Gateway/startup: lazy-load HTTP auth, canvas auth, and plugin route scope helpers from their request paths so Gateway bind no longer pays those utility graphs during boot. Thanks @vincentkoc.
Gateway/startup: defer isolated cron runner imports until /hooks/agent dispatch so Gateway boot skips the agent-turn runtime on installs that only need normal HTTP bind. Thanks @vincentkoc.
Gateway/startup: split hook request parsing into a request-path module and load the Gateway hook dispatcher only when a request matches the hooks base path, keeping hook mapping and throttle helpers off plain HTTP bind. Thanks @vincentkoc.
CLI/Gateway: use a parse-only config snapshot for plain gateway status reads and reuse same-path service config context so status no longer spends tens of seconds in full config validation before printing. Thanks @vincentkoc.
Lobster/Gateway: memoize repeated Ajv schema compilation before loading the embedded Lobster runtime so scheduled workflows and llm.invoke loops stop growing gateway heap on content-identical schemas. Fixes #71148. Thanks @cmi525, @vsolaz, and @vincentkoc.
Codex harness: normalize cached input tokens before session/context accounting so prompt cache reads are not double-counted in /status, session_status, or persisted sessionEntry.totalTokens. Fixes #69298. Thanks @richardmqq.
Hooks/session-memory: use the host local timezone for memory filenames, fallback timestamp slugs, and markdown headers instead of UTC dates. Fixes #46703. (#46721) Thanks @Astro-Han.
Gateway health: preserve live runtime-backed channel/account state in gateway.health snapshots and cached refreshes while keeping raw probe payloads on sensitive/admin paths only. (#39921, #42586, #46527, #52770, #42543) Thanks @FAL1989, @rstar327, @0xble, and @ajayr.
Feishu: extract quoted/replied interactive-card text across schema 1.0, schema 2.0, i18n, template-variable, and post-format fallback shapes without carrying broad generated/config churn from related parser experiments. (#38776, #60383, #42218, #45936) Thanks @lishuaigit, @lskun, @just2gooo, and @Br1an67.
Telegram/agents: hide raw failed write/edit warning messages in Telegram when the assistant already explicitly acknowledges the failed action, while keeping warnings when the reply claims success or omits the failure; #39406 remains the broader configurable delivery-policy follow-up. Fixes #51065; covers #39631. Thanks @Bartok9 and @Bortlesboat.
Exec approvals: accept a symlinked OPENCLAW_HOME as the trusted approvals root while still rejecting symlinked .openclaw path components below it. (#64663) Thanks @FunJim.
Logging: add top-level hostname, flattened message, and available agentid, sessionid, and channel fields to file-log JSONL records for multi-agent filtering without removing existing structured log arguments. Fixes #51075. Thanks @stevengonsalvez.
ACP: route server logs to stderr before Gateway config/bootstrap work so ACP stdout remains JSON-RPC only for IDE integrations. Fixes #49060. Thanks @Hollychou924.
Logging: propagate internal request trace scopes through Gateway HTTP requests and WebSocket frames so file logs, diagnostic events, agent run traces, model-call traces, OTEL spans, and trusted provider traceparent headers share a correlatable traceId without logging raw request or model content. Fixes #40353. Thanks @liangruochong44-ui.
Diagnostics/OTEL: capture privacy-safe model-call request payload bytes, streamed response bytes, first-response latency, and total duration in diagnostic events, plugin hooks, stability snapshots, and OTEL model-call spans/metrics without logging raw model content. Fixes #33832. Thanks @wwh830.
Logging: write validated diagnostic trace context as top-level traceId, spanId, parentSpanId, and traceFlags fields in file-log JSONL records so traced requests and model calls are easier to correlate in log processors. Refs #40353. Thanks @liangruochong44-ui.
Logging/sessions: apply configured redaction patterns to persisted session transcript text and accept escaped character classes in safe custom redaction regexes, so transcript JSONL no longer keeps matching sensitive text in the clear. Fixes #42982. Thanks @panpan0000.
Agents/sessions: let sessions_spawn runtime="subagent" ignore ACP-only streamTo and resumeSessionId fields while keeping ACP passthrough and documenting streamTo as ACP-only. Fixes #43556 and #63120; covers #56326, #61724, #64714, and #67248; carries forward #68397, #65282, #58686, #56342, and #40102. Thanks @skernelx, @damselem, @Br1an67, @Mintalix, @IsaacAPerez, @vvitovec, @Sanjays2402, @shenkq97, and @1034378361.
Providers/Ollama: honor /api/show capabilities when registering local models so non-tool Ollama models no longer receive the agent tool surface, and keep native Ollama thinking opt-in instead of enabling it by default. Fixes #64710 and duplicate #65343. Thanks @yuan-b, @netherby, @xilopaint, and @Diyforfun2026.
Image tool/media: honor tools.media.image.timeoutSeconds and matching per-model image timeouts in explicit image analysis, including the MiniMax VLM fallback path, so slow local vision models are not capped by hardcoded 30s/60s aborts. Fixes #67889; supersedes #67929. Thanks @AllenT22 and @alchip.
Providers/Ollama: read larger custom Modelfile PARAMETER num_ctx values from /api/show so auto-discovered Ollama models with expanded context no longer stay pinned to the base model context. Fixes #68344. Thanks @neeravmakwana.
Providers/Ollama: honor configured model params.num_ctx in native and OpenAI-compatible Ollama requests so local models can cap runtime context without rebuilding Modelfiles. Fixes #44550 and #52206; supersedes #69464. Thanks @taitruong, @armi0024, and @LokiCode404.
Providers/Ollama: stop forcing native Ollama requests to use the full configured contextWindow as options.numctx unless params.numctx is explicit, so local models can keep Ollama's VRAM/env default instead of looking hung on first turns. Fixes #49684 and #68662. Thanks @zhouZcong and @dshenster-byte.
Providers/Ollama: forward whitelisted native Ollama model params such as temperature, top_p, and top-level think so users can disable API-level thinking or tune local models from config without proxy shims. Fixes #48010. Thanks @tangzhi, @pandego, @maweibin, @Adam-Researchh, and @EmpireCreator.
Providers/Ollama: expose native Ollama thinking effort levels so /think max is accepted for reasoning-capable Ollama models and maps to Ollama's highest supported think effort. Fixes #71584. Thanks @g0st1n.
Providers/Ollama: strip the active custom Ollama provider prefix before native chat and embedding requests, so custom provider ids like ollama-spark/qwen3:32b reach Ollama as the real model name. Fixes #72353. Thanks @maximus-dss and @hclsys.
Providers/Ollama: parse stringified native tool-call arguments before dispatch, preserving unsafe integer values so Ollama tool use receives structured parameters. Fixes #69735; supersedes #69910. Thanks @rongshuzhao and @yfge.
Providers/Ollama: skip ambient localhost discovery unless Ollama auth or meaningful config opts in, preventing unexpected probes to 127.0.0.1:11434 for users who are not using Ollama. Fixes #56939; supersedes #57116. Thanks @IanxDev and @tsukhani.
Providers/Ollama: skip implicit localhost discovery when a custom remote api: "ollama" provider is configured, while still treating 127/8 loopback hosts as local. Carries forward #43224. Thanks @issacthekaylon.
Providers/models: honor provider-level contextWindow, contextTokens, and maxTokens as defaults when resolving discovered models, so local Ollama and other self-hosted providers can cap all models without repeating per-model entries. Fixes #44786; carries forward #44955. Thanks @voltwake and @maweibin.
Providers/Ollama: move memory embeddings to Ollama's current /api/embed endpoint with batched input requests while preserving vector normalization and custom provider auth/header overrides. Fixes #39983. Thanks @sskkcc and @LiudengZhang.
Providers/Ollama: route local web search through Ollama's signed /api/experimental/websearch daemon proxy, use hosted /api/websearch directly for ollama.com, and keep OLLAMAAPIKEY scoped to cloud fallback auth. Fixes #69132. Thanks @yoon1012 and @hyspacex.
Providers/Ollama: accept OpenAI SDK-style baseURL as an alias for baseUrl across discovery, streaming, setup pulls, embeddings, and web search so remote Ollama hosts are not silently ignored. Fixes #62533; supersedes #62549. Thanks @Julien-BKK and @Linux2010.
Providers/Ollama: scope synthetic local auth and embedding bearer headers to declared Ollama host boundaries so cloud keys are not sent to local/self-hosted embedding endpoints and remote/cloud Ollama endpoints no longer receive the ollama-local marker as if it were a real token. Supersedes #69261 and #69857; refs #43945. Thanks @hyspacex, @maxramsay, and @Meli73.
Providers/Ollama: resolve custom-named local Ollama providers such as ollama-remote through the Ollama synthetic-auth hook so subagents no longer miss ollama-local auth and silently fall back to cloud models. Fixes #43945. Thanks @Meli73 and @maxramsay.
Providers/Ollama: add provider-scoped model request timeouts, thread them through guarded fetch connect/header/body/abort handling, and document params.keep_alive for cold local models so first-turn Ollama loads no longer require global agent timeout changes. Fixes #64541 and #68796; supersedes #65143 and #66511. Thanks @LittleJakub, @Juankcba, @uninhibite-scholar, and @yfge.
Providers/Ollama: preserve explicit configured model input modalities when merging discovered provider metadata so custom vision models keep image support instead of silently dropping attachments. Fixes #39690; carries forward #39785. Thanks @Skrblik and @Mriris.
Providers/Ollama: estimate native Ollama transcript usage when /api/chat omits prompt/eval counters while preserving exact zero counters, keeping local model runs visible in usage surfaces. Carries forward #39112. Thanks @TylonHH.
Agents/Ollama: retry native Ollama turns that finish without user-visible text, including unsigned thinking-only responses, so constrained reasoning turns can continue instead of surfacing an empty reply. Carries forward #66552 and #61223. Thanks @yfge and @L3G.
Docs/Ollama: expand setup recipes for local, LAN, cloud, multi-host, web search, embeddings, thinking control, and large-context troubleshooting.
Providers/PDF/Ollama: add bounded network timeouts for Ollama model pulls and native Anthropic/Gemini PDF analysis requests so unresponsive provider endpoints no longer hang sessions indefinitely. Fixes #54142; supersedes #54144 and #54145. Thanks @jinduwang1001-max and @arkyu2077.
LLM Task/Ollama: accept model overrides that already include the selected provider prefix, avoiding doubled ids such as ollama/ollama/llama3.2:latest, and live-verify local Ollama JSON tasks return parsed output. Fixes #50052. Thanks @ralphy-maplebots and @Hollychou924.
Memory/doctor: treat Ollama memory embeddings as key-optional so openclaw doctor no longer warns about a missing API key when the gateway reports embeddings are ready. Fixes #46584. Thanks @fengly78.
Agents/Ollama: apply provider-owned replay turn normalization to native Ollama chat so Cloud models no longer reject non-alternating replay history in agent/Gateway runs. Fixes #71697. Thanks @ismael-81.
Control UI/Ollama: show the resolved configured thinking default in chat and session thinking dropdowns so inherited adaptive/per-model thinking config no longer appears as Default (off) or a generic inherit value. Fixes #72407. Thanks @NotecAG.
Agents/Ollama: validate explicit --thinking max against catalog-discovered Ollama reasoning metadata so local agent runs accept the same native thinking levels shown in the model catalog. Fixes #71584. Thanks @g0st1n.
CLI/models: include explicitly configured provider models in openclaw models list --provider <id> without requiring the full catalog path, so configured Ollama models are visible. Fixes #65207. Thanks @drzeast-png.
Docker/QA: add observability coverage to the normal Docker aggregate so QA-lab OTEL and Prometheus diagnostics run inside Docker. Thanks @vincentkoc.
Auto-reply: poison inbound message dedupe after replay-unsafe provider/runtime failures so retries stay safe before visible progress but cannot duplicate messages after block output, tool side effects, or session progress. Fixes #69303; keeps #58549 and #64606 as duplicate validation. Thanks @martingarramon, @NikolaFC, and @zeroth-blip.
Agents/model fallback: keep auto-persisted fallback model overrides selected across turns until /new or reset clears them, avoiding repeated probes of a known-bad primary while /status shows the selected and active models. Thanks @kibedu.
Agents/model fallback: jump directly to a known later live-session model redirect instead of walking unrelated fallback candidates, while preserving the already-landed live-session/fallback loop guard. Fixes #57471; related loop family already closed via #58496. Thanks @yuxiaoyang2007-prog.
Gateway/Bonjour: keep @homebridge/ciao cancellation handlers registered across advertiser restarts so late probing cancellations cannot crash Linux and other mDNS-churned gateways.
Plugins/startup: load the default memory-core slot during Gateway startup when permitted so active-memory recall can call memorysearch and memoryget without requiring an explicit plugins.slots.memory entry, while preserving plugins.slots.memory: "none".
Plugins/CLI: prefer native require for compiled bundled plugin JavaScript before jiti so read-only config, status, device, and node commands avoid unnecessary transform overhead on slow hosts. Fixes #62842. Thanks @Effet.
Plugins/compat: inventory doctor-side deprecation migrations separately from runtime plugin compatibility so release sweeps preserve needed repairs while enforcing dated removal windows. Thanks @vincentkoc.
Plugins/compat: add missing dated compatibility records for legacy extension-api, memory registration, provider hook/type aliases, runtime aliases, channel SDK helpers, and approval/test utility shims. Thanks @vincentkoc.
Plugins/CLI: refresh the persisted registry after managed plugin files are removed so ClawHub uninstall cannot leave stale plugins list entries.
Plugins/CLI: make plugin install and uninstall config writes conflict-aware, clear stale denylist entries on explicit reinstall/removal, and delete managed plugin files only after config/index commit succeeds.
Plugins: fail plugins update when tracked plugin or hook updates error, keep bundled runtime-dependency repair behind restrictive allowlists, and reject package installs with unloadable extension entries.
WebChat/Control UI: support non-video file attachments in chat uploads while preserving the existing image attachment path and MIME-sniff fallback for generic image uploads. (#70947) Thanks @IAMSamuelRodda.
Skills/memory: restore Chokidar v5 hot reloads by watching concrete skill and memory roots with filters, including SKILL.md removals and deleted skill folders without broad workspace recursion. Fixes #27404, #33585, and #41606. Thanks @shelvenzhou, @08820048, and @rocke2020.
Gateway/chat: keep duplicate attachment-backed chat.send retries with the same idempotency key on the documented in-flight path so aborts still target the real active run. Fixes #70139. Thanks @Feelw00.
Gateway/session rows: report the same config-resolved thinking default that runtime sessions use, including global and per-agent defaults, so Control UI and TUI default labels stay aligned. (#71779, #70981, #71033, #70302) Thanks @chen-zhang-cs-code, @SymbolStar, and @cholaolu-boop.
Plugins: share package entrypoint resolution between install and discovery, reject mismatched runtimeExtensions, and cache bundled runtime-dependency manifest reads during scans.
WhatsApp/Web: keep quiet but healthy linked-device sessions connected by basing the watchdog on WhatsApp Web transport activity, while retaining a longer app-silence cap so frame activity cannot mask a stuck session forever. Fixes #70678; carries forward the focused #71466 approach and keeps #63939 as related configurable-timeout follow-up. Thanks @vincentkoc and @oromeis.
Discord/gateway: count failed health-monitor restart attempts toward cooldown and hourly caps, and evict stale account lifecycle state during channel reloads so repeated Discord gateway recovery cannot loop on old status. Fixes #38596. (#40413) Thanks @jellyAI-dev and @vashquez.
Cron/context engine: run isolated cron jobs under run-scoped context-engine session keys so prior runs of the same job are not inherited unless the job is explicitly session-bound. (#72292) Thanks @jalehman.
Control UI: localize command palette labels, categories, skill shortcuts, footer hints, and connect-command copy labels while preserving localized command palette search matching. (#61130, #61119) Thanks @rubensfox20.
Plugins/memory-lancedb: request float embedding responses from OpenAI-compatible servers so local providers that default SDK requests to base64 no longer return dimension-mismatched LanceDB vectors while preserving configured dimensions. Fixes #45982. (#59048, #46069, #45986) Thanks @deep-introspection, @xiaokhkh, @caicongyang, and @thiswind.
Plugins/memory-lancedb: advance auto-capture cursors per session only after messages are processed or intentionally skipped, retry failed messages, survive compacted histories, and clear cursor state on session end. Fixes #71349; carries forward #42083. Thanks @as775116191.
Plugins/memory-core: respect configured memory-search embedding concurrency during non-batch indexing so local Ollama embedding backends can serialize indexing instead of flooding the server. Fixes #66822. (#66931) Thanks @oliviareid-svg and @LyraInTheFlesh.
Docker/update smoke: keep the package-derived update-channel fixture on package-shipped files and make its UI build stub create the asset the updater verifies. Thanks @vincentkoc.
Gateway/models: repair legacy models.providers.*.api = "openai" config values to openai-completions, and skip providers with future stale API enum values during startup instead of bricking the gateway. Fixes #72477. (#72542) Thanks @JooyoungChoi14 and @obviyus.
Gateway/skills: redact apiKey and secret-named env values from the skills.update RPC response to prevent leaking credentials into WebSocket traffic, client logs, or session transcripts. Config is still written to disk in full; only the response payload is redacted. (#69998) Thanks @Ziy1-Tan.

Plugins/CLI: let flag-driven openclaw channels add install the selected channel plugin from its default source without opening an interactive prompt, fixing published npm Telegram setup in stdin-closed automation.
Onboarding/setup: keep first-run config reads, plugin compatibility notices, and post-model sanity checks on cold metadata paths unless the user chooses to browse all models, avoiding full plugin/runtime catalog work between prompts. Thanks @shakkernerd.
Onboarding/auth: run manifest-owned provider auth choices through scoped setup providers so selecting OpenAI Codex browser/device auth no longer loads every provider runtime before OAuth starts. Thanks @shakkernerd.
Onboarding/auth: keep the post-auth default-model policy lookup on manifest/setup metadata so the next prompt appears without loading broad provider runtime. Thanks @shakkernerd.
Onboarding/models: keep skip-auth and provider-scoped model picker prompts off the full global model catalog path, and cache provider catalog hook resolution so setup no longer stalls after auth on large plugin registries. Thanks @shakkernerd.
Gateway/Bonjour: suppress known @homebridge/ciao cancellation and network assertion failures through scoped process handlers so malformed mDNS packets or restricted VPS networking disable/restart Bonjour instead of crashing the gateway. Fixes #67578. Thanks @zenassist26-create.
Discord: keep late clicks on already-resolved exec approval buttons quiet when elevated mode auto-resolved the request, while still surfacing real approval submission failures. Fixes #66906. Thanks @rlerikse.
Telegram: send a fresh final message for long-lived preview-streamed replies so the visible Telegram timestamp reflects completion time instead of the preview creation time. Thanks @rubencu.

v2026.4.25 BREAKING [Apr 27, 2026] (3d ago) details → github →

# OpenClaw 2026.4.25

2026.4.25

Highlights

Voice replies get a full TTS upgrade: /tts latest, chat-scoped auto-TTS controls, personas, per-agent/per-account overrides, and new Azure Speech, Xiaomi, Local CLI, Inworld, Volcengine, and ElevenLabs v3 provider coverage. Thanks @leonchui, @zoujiejun, @solar2ain, @cshape, @xuruiray, @itsuzef, and @barronlroth.
Plugin startup and install paths move to the cold persisted registry, cutting broad manifest scans while making plugin update, repair, provider discovery, and install metadata more deterministic. Thanks @vincentkoc and @shakkernerd.
OpenTelemetry coverage expands across model calls, token usage, tool loops, harness runs, exec processes, outbound delivery, context assembly, and memory pressure with bounded low-cardinality attributes. Thanks @vincentkoc, @jlapenna, @Lidang-Jiang, and @oc-factus.
Browser automation gets safer tab URLs, iframe-aware role snapshots, CDP readiness tuning, headless one-shot launch, and deeper browser doctor probes for slow hosts. Thanks @beat843796 and @BenediktSchackenberg.
Control UI and setup flows add PWA/Web Push support, Crestodian first-run repair, TUI setup, context mode selection, and a shorter startup greeting. Thanks @eduardocruz, @SebTardif, and @kevinlin-openai.
Install/update hardening covers Windows, macOS, Linux, Docker, bundled plugin runtime deps, Node service restarts, LaunchAgent token rotation, and mixed-version gateway verification. Thanks @Kobevictor, @igormf, @abhinas90, @jsompis, @Solvely-Colin, and @gucasbrg.

Changes

TTS/WhatsApp: add /tts latest read-aloud support with duplicate suppression and /tts chat on|off|default session-scoped auto-TTS overrides, completing the on-demand voice-note UX for current-chat replies. Fixes #66032.
TTS/channels: resolve channel and account TTS overrides generically, enabling Feishu and QQBot accounts to deep-merge channels.<channel>.accounts.<id>.tts over global and per-agent TTS config. Thanks @sahilsatralkar.
TTS/agents: allow agents.list[].tts to override global messages.tts for per-agent voices, and make /tts audio, /tts status, and the tts agent tool honor the active voice/provider override while keeping shared provider credentials and preferences in the existing TTS config surface.
Providers/Azure Speech: add Azure Speech as a bundled TTS provider with Speech-resource auth, voice listing, SSML escaping, native Ogg/Opus voice-note output, and telephony output. (#51776) Thanks @leonchui.
Google Meet: add calendar-backed attendance export workflows, export manifests, dry-run previews, and tool parity for meeting records.
Control UI: add PWA install support and Web Push notifications for Gateway chat. (#44590) Thanks @eduardocruz.
Browser automation: add safe tab URLs in agent responses plus a CDP-native role snapshot fallback with iframe-aware refs, cursor-clickable detection, target attach preparation, and openclaw browser doctor --deep live snapshot probing.
CLI/image generation: expose generic --background on openclaw infer image generate and openclaw infer image edit, keep --openai-background as an OpenAI alias, and let fal image generation honor --output-format png|jpeg.
Browser/config: allow local managed Chrome launch discovery and post-launch CDP readiness timeouts to be raised for slower hosts such as Raspberry Pi. Fixes #66803. Thanks @beat843796.
Discord: allow channels.discord.voice.model to override the LLM used for voice channel responses while keeping STT and TTS on their existing media settings. (#64368) Thanks @mrdavey.
Browser/CLI: add openclaw browser start --headless as a one-shot local managed browser launch override without rewriting persisted browser config. Thanks @BenediktSchackenberg.
CLI/Crestodian/TUI: add the first-run setup helper, local planner fallback, full-TUI interactive Crestodian, startup progress indicators, context mode selector, and a shorter startup greeting. (#71720, #71760) Thanks @SebTardif and @kevinlin-openai.
Plugins: migrate the local plugin registry automatically during package install/update, keeping install metadata in the plugin index while indexing existing plugin manifests for the new cold registry path. Thanks @vincentkoc and @shakkernerd.
Plugins/doctor: make openclaw doctor --fix refresh the plugin index and cold registry index when needed without treating plugin install records as authored config. Thanks @vincentkoc and @shakkernerd.
Plugins/hooks: add before-agent-finalize hooks, cron jobId hook context, bounded native permission fingerprints, and Codex MCP hook relay support. (#71765, #71758, #71707) Thanks @vincentkoc and @pashpashpash.
Plugins/tokenjuice: bump the bundled tokenjuice runtime to 0.6.3. Thanks @vincentkoc.
Diagnostics/OTEL: align model-call GenAI span attributes with OpenTelemetry stability opt-in semantics, keeping legacy genai.system by default while emitting genai.provider.name under OTELSEMCONVSTABILITYOPTIN=genailatest_experimental. Thanks @vincentkoc.
Diagnostics/OTEL: support signal-specific OTLP endpoint overrides for traces, metrics, and logs via config or standard OTEL environment variables. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded telemetry exporter health diagnostics for startup and log-export failures without exporting raw error text. Thanks @vincentkoc.
Diagnostics/OTEL: export agent harness lifecycle telemetry as bounded openclaw.harness.run spans and openclaw.harness.duration_ms metrics so QA-lab, Codex, and future harnesses share one trace shape. Thanks @vincentkoc.
Diagnostics/trace: propagate W3C traceparent headers from trusted model-call trace context to provider transports while replacing caller-supplied traceparent values. Thanks @vincentkoc.
Diagnostics/Prometheus: add a bundled diagnostics-prometheus plugin with a protected gateway scrape route for low-cardinality diagnostics metrics. Thanks @vincentkoc.
Plugins/CLI: add openclaw plugins registry for explicit persisted-registry inspection and --refresh repair without making normal startup rescan plugin locations. Thanks @vincentkoc.
Plugins/CLI: make openclaw plugins list read the cold persisted registry snapshot by default, leaving module-aware diagnostics to plugins doctor and plugins inspect. Thanks @vincentkoc.
Plugins/startup: move gateway startup plugin planning onto the versioned cold registry index, with postinstall repair for older registry files that predate startup metadata. Thanks @vincentkoc.
Plugins/startup: normalize startup and provider plugin enablement through registry aliases so boot paths do not need the legacy manifest alias scan. Thanks @vincentkoc.
Providers/plugins: resolve provider ownership, provider discovery scopes, and catalog-hook provider ids from the cold plugin registry instead of rescanning manifests on those paths. Thanks @vincentkoc.
Plugins/registry: keep installed plugin index records focused on install/state/load paths and resolve plugin capabilities from manifests scoped to indexed plugins. Thanks @shakkernerd.
Plugins/registry: route cold manifest and capability lookups through the installed plugin index so setup, channels, config, secrets, doctor, and provider metadata paths avoid broad plugin-root scans before runtime execution. Thanks @shakkernerd.
CLI/models: speed up models list --all --provider <id> for static manifest-backed providers by loading catalog rows through the installed plugin index instead of broad manifest scans or runtime suppression hooks. Thanks @shakkernerd.
CLI/models: use OpenClaw Provider Index preview rows as the final cold fallback for installable providers, while keeping user config, installed manifests, and refreshed cache rows above provider-index metadata. Thanks @vincentkoc.
Providers/plugins: keep onboarding and auth-choice setup lists on cold manifest/install metadata and add Provider Index install metadata for not-yet-installed provider plugins. Thanks @vincentkoc.
Providers/plugins: keep provider setup guidance and configure auth imports on cold manifest metadata, with a regression guard against static provider-runtime imports on setup/configure list paths. Thanks @vincentkoc.
CLI/capabilities: keep capability command registration from importing the models auth runtime until model auth login actually runs. Thanks @vincentkoc.
CLI/configure: keep web-search configure prompts on cold plugin registry metadata until the user chooses managed search setup. Thanks @vincentkoc.
Plugins/chat commands: refresh the persisted plugin registry after /plugins enable and /plugins disable, matching the CLI mutation path. Thanks @vincentkoc.
Plugins/compat: mark OPENCLAWDISABLEPERSISTEDPLUGINREGISTRY as a deprecated break-glass switch and point operators at registry repair instead. Thanks @vincentkoc.
Plugins/compat: expand the central compatibility registry with dated owners, replacements, and maximum three-month removal targets for legacy SDK, manifest, setup, registry-migration, and agent-runtime surfaces. Thanks @vincentkoc.
Plugins/registry: ignore stale persisted registry reads when plugin policy no longer matches current config, and stamp generated registry files with a do-not-edit warning. Thanks @vincentkoc.
Config/plugins: keep plugin command-alias validation on cold manifest metadata instead of importing the runtime alias resolver. Thanks @vincentkoc.
Security/plugins: keep web-search credential presence checks on cold config, env, and manifest metadata instead of importing web-search provider runtime. Thanks @vincentkoc.
Diagnostics/OTEL: surface provider request identifiers as bounded hashes on model-call diagnostics and span events, without exporting raw request IDs or metric labels. Thanks @Lidang-Jiang and @vincentkoc.
Plugins/diagnostics: add metadata-only modelcallstarted and modelcallended hooks for provider/model call telemetry without exposing prompts, responses, headers, request bodies, or raw provider request IDs. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded context assembly diagnostics and export openclaw.context.assembled spans with prompt/history sizes but no prompt, history, response, or session-key content. Thanks @vincentkoc.
Diagnostics/OTEL: export existing tool-loop diagnostics as openclaw.tool.loop counters and spans without loop messages, session identifiers, params, or tool output. Thanks @vincentkoc.
Diagnostics/OTEL: export diagnostic memory samples and pressure as bounded memory histograms, counters, and pressure spans to help spot leak regressions without session or payload data. Thanks @vincentkoc.
Diagnostics/OTEL: add the GenAI gen_ai.client.token.usage histogram for input/output model usage while keeping session identifiers and aggregate cache counters out of the semantic metric. Thanks @vincentkoc.
Diagnostics/OTEL: add a bounded openclaw.agent label to OpenClaw token metrics so per-agent Grafana dashboards can group usage without exporting session identifiers. Thanks @oc-factus.
Plugins/install: consolidate managed plugin install metadata into the state-managed plugin index at plugins/installs.json, replacing the temporary plugins/installed-index.json path and removing plugins.installs as an authored config surface. Thanks @vincentkoc and @shakkernerd.
Diagnostics/OTEL: add the GenAI gen_ai.client.operation.duration histogram for model-call latency in seconds with bounded provider/model/API and error attributes. Thanks @vincentkoc.
Diagnostics/OTEL: add GenAI usage token attributes to model-usage spans, including cache read/write input token counts without session identifiers or prompt/response content. Thanks @vincentkoc.
Diagnostics/OTEL: include bounded GenAI operation, provider, and request-model attributes on model-usage spans so token usage remains self-describing without diagnostic identifiers. Thanks @vincentkoc.
Diagnostics/OTEL: keep model-usage span GenAI provider attributes aligned with the existing semantic-convention opt-in policy, using legacy gen_ai.system unless latest experimental GenAI conventions are enabled. Thanks @vincentkoc.
Diagnostics/OTEL: keep gen_ai.request.model present on GenAI token usage metrics with a bounded unknown fallback when model usage events do not include a model. Thanks @vincentkoc.
Docs/OTEL: document the GenAI token and model-call duration metrics, model-usage span attributes, and OTELSEMCONVSTABILITYOPTIN=genailatest_experimental provider-attribute behavior. Thanks @vincentkoc.
Docs: refresh the MCP, model provider, doctor, troubleshooting, BlueBubbles, media generation, TTS, subagents, skills, cron/tasks, exec approvals, and voice-call guides with structured Steps, Tabs, and Accordion content.
Diagnostics/trace: add an internal traceparent propagation helper that only formats trusted dispatcher metadata, keeping plugin-emitted diagnostic traces out of outbound propagation by default. Thanks @vincentkoc.
Diagnostics/OTEL: add bounded outbound message delivery lifecycle diagnostics and export them as low-cardinality delivery spans/metrics without message body, recipient, room, or media-path data. (#71471) Thanks @vincentkoc and @jlapenna.
Diagnostics/OTEL: emit bounded exec-process diagnostics and export them as openclaw.exec spans without exposing command text, working directories, or container identifiers. (#71451) Thanks @vincentkoc and @jlapenna.
Diagnostics/OTEL: support OPENCLAWOTELPRELOADED=1 so the plugin can reuse an already-registered OpenTelemetry SDK while keeping OpenClaw diagnostic listeners wired. (#71450) Thanks @vincentkoc and @jlapenna.
Providers/Xiaomi: add MiMo TTS as a bundled speech provider with MP3/WAV output and voice-note Opus transcoding. Fixes #52376. (#55614) Thanks @zoujiejun.
Providers/ElevenLabs: include eleven_v3 in the bundled TTS model catalog so model selection surfaces can offer ElevenLabs v3. (#68321) Thanks @itsuzef.
Providers/Local CLI TTS: add a bundled local command speech provider with file/stdout input, voice-note Opus conversion, and telephony PCM output. (#56239) Thanks @solar2ain.
Providers/Inworld: add Inworld as a bundled speech provider with streaming TTS synthesis, voice listing, voice-note output, and PCM telephony output. (#55972) Thanks @cshape.
Providers/Volcengine: add Volcengine/BytePlus Seed Speech as a bundled TTS provider with API-key auth, native Ogg/Opus voice-note output, and MP3 audio-file output. (#55641) Thanks @xuruiray.
Android/Talk Mode: expose Talk Mode in the Voice tab with runtime-owned voice capture modes and microphone foreground-service escalation. Thanks @alex-latitude.
Providers/LiteLLM: register litellm as an image-generation provider so image_generate model=litellm/... calls and agents.defaults.imageGenerationModel.fallbacks entries resolve through the LiteLLM proxy. Thanks @zqchris.
Providers/fal: add Seedance 2.0 reference-to-video models with multi-image, video, and audio reference input mapping plus model-specific capability limits for video_generate. Thanks @shivanker.
Codex harness: require Codex app-server 0.125.0 or newer and cover native MCP PreToolUse, PostToolUse, and PermissionRequest payloads through the OpenClaw hook relay.
Agents/Codex: teach prompts and agents_list to surface native Codex app-server availability so agents prefer /codex ... over Codex ACP unless ACP/acpx is explicit. Thanks @vincentkoc.
ACPX/Droid: add Factory Droid to the live ACP bind Docker matrix, including .factory settings staging, FACTORYAPIKEY forwarding, and the single-agent test:docker:live-acp-bind:droid recipe.
TTS/personas: add provider-aware TTS personas with deterministic provider binding merges, /tts persona controls, gateway/CLI persona state, Google Gemini audio-profile-v1 prompt wrapping, and OpenAI instruction mapping. (#70748) Thanks @barronlroth.
Voice Wake: add trigger-based routing so macOS voice wake phrases can select a configured agent or session target, with Gateway routing APIs and node update events. (#30354) Thanks @longbiaochen.

Fixes

Auto-reply: poison inbound message dedupe after replay-unsafe provider/runtime failures so retries stay safe before visible progress but cannot duplicate messages after block output, tool side effects, or session progress. Fixes #69303; keeps #58549 and #64606 as duplicate validation. Thanks @martingarramon, @NikolaFC, and @zeroth-blip.
Logging/sessions: apply configured redaction patterns to persisted session transcript text and accept escaped character classes in safe custom redaction regexes, so transcript JSONL no longer keeps matching sensitive text in the clear. Fixes #42982. Thanks @panpan0000.
Agents/OpenAI: keep Responses web search compatible with minimal thinking by raising web_search requests to the lowest supported reasoning effort instead of sending a rejected minimal payload.
Agents/tools: honor the bundle-mcp allowlist token when deciding whether bundled MCP tools are available, so restricted tool policies can still enable bundled MCP without exposing unrelated tools.
Agents/model fallback: jump directly to a known later live-session model redirect instead of walking unrelated fallback candidates, while preserving the already-landed live-session/fallback loop guard. Fixes #57471; related loop family already closed via #58496. Thanks @yuxiaoyang2007-prog.
Skills/memory: restore Chokidar v5 hot reloads by watching concrete skill and memory roots with filters, including SKILL.md removals and deleted skill folders without broad workspace recursion. Fixes #27404, #33585, and #41606. Thanks @shelvenzhou, @08820048, and @rocke2020.
Discord/gateway: count failed health-monitor restart attempts toward cooldown and hourly caps, and evict stale account lifecycle state during channel reloads so repeated Discord gateway recovery cannot loop on old status. Fixes #38596. (#40413) Thanks @jellyAI-dev and @vashquez.
Plugins/CLI: let flag-driven openclaw channels add install the selected channel plugin from its default source without opening an interactive prompt, fixing published npm Telegram setup in stdin-closed automation.
Plugins/startup: load the default memory-core slot during Gateway startup when permitted so active-memory recall can call memorysearch and memoryget without requiring an explicit plugins.slots.memory entry, while preserving plugins.slots.memory: "none".
Plugins/install: materialize plugin-owned root chunks in external bundled-runtime mirrors so staged plugin dependencies resolve under native ESM in packaged installs. Fixes #72058; supersedes #72084. Thanks @amnesia106 and @drvoss.
Plugins/CLI: prefer native require for compiled bundled plugin JavaScript before jiti so read-only config, status, device, and node commands avoid unnecessary transform overhead on slow hosts. Fixes #62842. Thanks @Effet.
Plugins/compat: inventory doctor-side deprecation migrations separately from runtime plugin compatibility so release sweeps preserve needed repairs while enforcing dated removal windows. Thanks @vincentkoc.
Plugins/compat: add missing dated compatibility records for legacy extension-api, memory registration, provider hook/type aliases, runtime aliases, channel SDK helpers, and approval/test utility shims. Thanks @vincentkoc.
Plugins/CLI: refresh the persisted registry after managed plugin files are removed so ClawHub uninstall cannot leave stale plugins list entries.
Plugins/CLI: make plugin install and uninstall config writes conflict-aware, clear stale denylist entries on explicit reinstall/removal, and delete managed plugin files only after config/index commit succeeds.
Plugins: fail plugins update when tracked plugin or hook updates error, keep bundled runtime-dependency repair behind restrictive allowlists, and reject package installs with unloadable extension entries.
Gateway/chat: keep duplicate attachment-backed chat.send retries with the same idempotency key on the documented in-flight path so aborts still target the real active run. Fixes #70139. Thanks @Feelw00.
Plugins: share package entrypoint resolution between install and discovery, reject mismatched runtimeExtensions, and cache bundled runtime-dependency manifest reads during scans.
WhatsApp/Web: keep quiet but healthy linked-device sessions connected by basing the watchdog on WhatsApp Web transport activity, while retaining a longer app-silence cap so frame activity cannot mask a stuck session forever. Fixes #70678; carries forward the focused #71466 approach and keeps #63939 as related configurable-timeout follow-up. Thanks @vincentkoc and @oromeis.
Onboarding/setup: keep first-run config reads, plugin compatibility notices, and post-model sanity checks on cold metadata paths unless the user chooses to browse all models, avoiding full plugin/runtime catalog work between prompts. Thanks @shakkernerd.
Onboarding/auth: run manifest-owned provider auth choices through scoped setup providers so selecting OpenAI Codex browser/device auth no longer loads every provider runtime before OAuth starts. Thanks @shakkernerd.
Onboarding/auth: keep the post-auth default-model policy lookup on manifest/setup metadata so the next prompt appears without loading broad provider runtime. Thanks @shakkernerd.
Onboarding/models: keep skip-auth and provider-scoped model picker prompts off the full global model catalog path, and cache provider catalog hook resolution so setup no longer stalls after auth on large plugin registries. Thanks @shakkernerd.
Gateway/Bonjour: suppress known @homebridge/ciao cancellation and network assertion failures through scoped process handlers so malformed mDNS packets or restricted VPS networking disable/restart Bonjour instead of crashing the gateway. Fixes #67578. Thanks @zenassist26-create.
Discord: keep late clicks on already-resolved exec approval buttons quiet when elevated mode auto-resolved the request, while still surfacing real approval submission failures. Fixes #66906. Thanks @rlerikse.
Agents/subagents: deliver completed yielded-subagent results back to no-thread requester routes via direct fallback when the dormant parent announce turn produces no visible reply, and add QA-lab coverage for the regression. Thanks @vincentkoc.
Gateway/Tailscale: let Tailscale-authenticated Control UI operator sessions with browser device identity skip the device-pairing round trip while still rejecting device-less and node-role connections. Refs #71986. Thanks @jokedul.
Doctor: honor OPENCLAWSERVICEREPAIR_POLICY=external by reporting gateway service health while skipping service install/start/restart/bootstrap, supervisor rewrites, and legacy service cleanup for externally managed environments. Thanks @shakkernerd.
CLI/update: run package post-update doctor with --fix so package updates repair config migrations before restart. Thanks @shakkernerd.
CLI/update: retry failed npm global updates with --omit=optional and ignore the superseded first failure when the fallback succeeds. Thanks @shakkernerd.
Plugins/uninstall: migrate and reset plugins.slots.contextEngine alongside memory slots when plugin ids change or selected plugins are removed. Thanks @shakkernerd.
Agents/Discord: keep raw Agent failed before reply runner failures out of Discord group/channel chats and show detailed runner errors in direct chats only when /verbose is enabled.
UI/Windows: quote resolved pnpm .cmd launcher paths before spawning UI install/build/test commands so Node installs under C:\Program Files no longer fail as C:\Program. Fixes #45275. Thanks @Kobevictor, @stoppieboy, and @iubns.
Codex/agent: translate --thinking minimal to low for modern Codex models (gpt-5.5, gpt-5.4, gpt-5.4-mini, gpt-5.2) at request build time so the first turn is accepted instead of paying a wasted call + retry-with-low fallback. Older Codex models still receive minimal directly. Fixes #71946. Thanks @hclsys.
Plugins/uninstall: remove tracked plugin files from their recorded managed extensions root even when the current state directory points somewhere else, so openclaw plugins uninstall --force does not leave the plugin discoverable. Thanks @shakkernerd.
Agents/runtime: add agentRuntime.id as the canonical config key, migrate legacy runtime-policy configs with openclaw doctor --fix, route canonical Anthropic models through claude-cli without passing CLI backend aliases to embedded harness selection, and load CLI backend owner plugins before channel startup. Fixes #71957. Thanks @WolvenRA.
CLI/update: guard Windows scheduled-task stops by state and timeout so auto-update restart cannot hang indefinitely on schtasks /End before stale-listener cleanup. Fixes #69970. Thanks @yangswld and @sherlock-huang.
Windows install/Lobster: execute pnpm.exe directly when npm_execpath points at the native pnpm binary, add an installed-package fallback for the Lobster embedded runtime, and include the Lobster runner regression test in Windows CI. Fixes #69456. Thanks @igormf.
Gateway/install: refresh loaded gateway service installs when the current service embeds stale gateway auth instead of returning already-installed, avoiding LaunchAgent token-mismatch loops after token rotation. Fixes #70752. Thanks @hyspacex.
Update: ignore bundled plugin .openclaw-install-stage directories during global install verification and packaged dist pruning so leftover runtime-dep staging files do not turn successful updates into unexpected packaged dist file failures. Fixes #71752. Thanks @waynegault.
CLI/update: fail package updates when post-update plugin sync fails and refresh legacy npm plugin install records before trusting unchanged artifacts, preventing successful updates from restarting with stale or failed plugin state. Thanks @vincentkoc and @shakkernerd.
Release/update: reject pre-populated bundled plugin .openclaw-install-stage directories, including mixed-case path variants, before package inventory generation so release tarballs cannot ship poisoned runtime-dependency staging debris. Fixes #71752. Thanks @hclsys.
Node runtime: keep node-host retry timers alive across Gateway restarts and exit on terminal credential pauses so supervised nodes do not become silent zombies. Fixes #69800. Thanks @meroli28.
Gateway/plugins: stop persisted WhatsApp auth state from activating bundled channel runtime-dependency repair during startup when channels.whatsapp is absent, avoiding npm/git stalls on packaged Linux installs. Fixes #71994. Thanks @xiao398008.
Gateway/device tokens: enforce caller-scope containment inside token rotation and revocation so pairing-only sessions cannot mutate higher-scope operator tokens. Fixes #71990. Thanks @coygeek.
Plugins/channels: keep security checks, thread-binding placement, provider summaries, health formatting, and message action labels on read-only or already-loaded channel metadata instead of importing full channel runtime. Thanks @shakkernerd.
Plugins/status: keep config-only channel labels and status security summaries from importing plugin runtime modules just to render metadata. Thanks @shakkernerd.
Sessions/channels: stop group-session metadata from loading bundled channel runtime just to classify #channel subjects, using only already-loaded channel capabilities on that path. Thanks @shakkernerd.
Plugins/channels: keep native command and native skill auto defaults on static channel metadata so config, audit, and command-list checks do not load channel runtime just to read those defaults. Thanks @shakkernerd.
CLI/channels: keep channel remove selection and all-channel capabilities summaries on read-only plugin metadata, loading channel runtime only for the selected mutation path. Thanks @shakkernerd.
CLI/models: keep Provider Index preview rows out of models list --all --provider <id> when the owning provider plugin is disabled, preserving config authority for cold catalog fallbacks. Thanks @shakkernerd.
CLI/model runs: keep openclaw infer model run on explicit OpenRouter models from loading the full provider catalog or inheriting chat-agent silent-reply policy, restoring non-empty one-shot probe output. Fixes #68791. Thanks @limpredator.
Installer/macOS: rerun Homebrew install steps without the gum spinner when raw-mode ioctl failures occur, and avoid claiming node@24 was installed when the Homebrew keg binary is missing. Fixes #70411. Thanks @1fanwang and @dad-io.
Installer: load nvm before Node.js detection so curl | bash installs respect nvm-managed Node instead of stale system Node. Fixes #49556. Thanks @heavenlxj.
Installer/Windows: route PowerShell install failures through a top-level handler so iwr ... | iex returns control to the current shell while direct script-file runs still exit non-zero. Fixes #38054. Thanks @PwrSrg.
CLI/Volta: respawn raw openclaw CLI runs through the named node shim when the current Node executable resolves to volta-shim, avoiding direct shim execution failures in non-interactive shells. Fixes #68672. Thanks @sanchezm86.
Installer: warn when multiple npm global roots contain OpenClaw installs, showing active Node/npm/openclaw plus each install path and version so stale version-manager installs are visible. Fixes #40839. Thanks @zhixianio.
Cron/tasks: recover completed cron task ledger records from durable run logs and job state before marking them lost, reducing false backing session missing audit errors for isolated cron runs and keeping offline CLI audit from treating its empty local cron active-job set as authoritative. Fixes #71963.
Docker: copy patched dependency files into runtime images so downstream pnpm install layers keep working. Fixes #69224. Thanks @gucasbrg.
Package: include patched dependency files in the published npm package so downstream installs can resolve patchedDependencies. (#69224) Thanks @gucasbrg and @vincentkoc.
Plugins/channels: treat malformed bundled channel plugin loaders that return undefined as unavailable instead of crashing config and help paths. Fixes #69044. Thanks @frankhli843 and @vincentkoc.
Scripts/watch: show corrupted dependency package-config recovery guidance when gateway:watch fails during watcher startup, without double-logging unrelated import failures. (#58780) Thanks @roytong9 and @vincentkoc.
Signal: read signal-cli RPC, health checks, and SSE events through Node's HTTP client so Node 24/25 fetch regressions do not break Signal sends or inbound events. Fixes #51716 and #53040. Thanks @Barukimang, @minupla, and @vincentkoc.
Skills/Docker: run npm-backed skill dependency installs with an OpenClaw-managed user prefix so non-root Docker images do not write to /usr/local. Fixes #59601. Thanks @chanjarster and @vincentkoc.
Agents/runtime: submit heartbeat, cron, and exec wakeups as transient runtime context instead of visible user prompts, keeping synthetic system work out of chat transcripts. Fixes #66496 and #66814. Thanks @jeades and @mandomaker.
Telegram: include native quote excerpts automatically for threaded replies and reply tags when the original Telegram text is available, without adding another config knob. Fixes #6975. Thanks @rex05ai.
Node/Linux: make openclaw node install enable and restart the openclaw-node systemd unit instead of the gateway unit on node-only VMs. Fixes #68287. Thanks @dlebee-agent.
Browser/CDP: retry transient raw-CDP WebSocket handshake failures before any browser command is sent, and reconnect stale persistent Playwright CDP sessions for safe tab-list reads without replaying mutating browser actions. Fixes #67728.
Gateway/Linux: retry systemctl --user enable after a second daemon reload when the freshly written gateway unit is not visible yet on migrated systemd installs. Fixes #65184. Thanks @liushuaiiu.
Telegram: preserve exact selected quote text when sending native quote replies, and retry with legacy replies if Telegram rejects quote parameters. (#71952) Thanks @rubencu.
Plugins/CLI: preserve manifest name, description, format, and source metadata in cold openclaw plugins list output without importing plugin runtime. Thanks @shakkernerd.
Security/audit: read channel exposure and plugin allowlist ownership from read-only plugin index metadata so cold audits do not depend on loaded channel runtime. Thanks @shakkernerd.
Plugins/chat: keep /plugins list, /plugins enable, and /plugins disable on the persisted plugin index path so chat plugin management does not load diagnostic/runtime plugin registries before execution. Thanks @shakkernerd.
Plugins/doctor: read workspace plugin status and legacy web-search ownership through installed-index manifest metadata instead of broad manifest registry scans. Thanks @shakkernerd.
CLI/agents: read channel provider status from read-only plugin index metadata for text agents list output instead of the loaded channel registry. Thanks @shakkernerd.
Logging: redact configured secret patterns at console and file-log sink exits so credentials that reach the logger are masked before terminal display or JSONL persistence. Fixes #67953. Thanks @Ziy1-Tan.
Gateway/services: refuse process and service mutations from an older OpenClaw binary when the config was last written by a newer version, preventing split-brain installs from stopping or rewriting newer gateway services. Fixes #57079.
Gateway: reserve /healthz and /readyz ahead of plugin, canvas, and Control UI HTTP stages so liveness/readiness probes still answer when a later route handler stalls. Fixes #69674. Thanks @Xike-Creek.
Logging: load logging.file and redaction settings directly from the active OpenClaw config path in bundled runtimes, so packaged gateways stop falling back to /tmp/openclaw. Fixes #59370, #67168, and #61295. Thanks @KeaneYan, @Pan9hu, and @zsjlovelike.
Logging: rotate file logs at logging.maxFileBytes, keep bounded numbered archives, and make long-lived rolling loggers follow the current-day file instead of suppressing diagnostics or writing stale dated files. Fixes #58583 and #62381. Thanks @jpeghead and @zhaoleink.
Agents/groups: treat clean empty assistant stops as silent NO_REPLY only for always-on groups where silent replies are allowed, while keeping direct and mention-gated sessions on the incomplete-turn retry path. Thanks @MagnaAI.
macOS/Node: keep native remote app nodes from advertising browser.proxy, start browser-capable CLI node services through the restored openclaw node start command, and show an actionable browser-control error when the local control service is missing. Fixes #66637.
Gateway/update: fail package updates when the restarted managed gateway reports the wrong version, including fallback restarts and JSON mode, avoiding false-success mixed-version restarts after macOS LaunchAgent updates. Fixes #71835. Thanks @abhinas90 and @jsompis.
Gateway/update: warn before package updates and bundled plugin runtime-dependency repairs when the target volume appears low on disk space, without blocking installs on best-effort filesystem checks. Fixes #71835. Thanks @abhinas90 and @jsompis.
Plugins/runtime deps: surface activated plugin load failures in health and fail package-update restart verification or doctor repair when bundled runtime deps still cannot load, avoiding false-success repairs. (#71883) Thanks @Solvely-Colin.
Gateway/Linux: include fnm aliases/default/bin in generated service PATHs and let doctor accept either modern fnm aliases or the legacy current/bin symlink, avoiding false PATH repair prompts. Fixes #68169. Thanks @richard-scott.
Installer/Linux: run apt installs with noninteractive dpkg and needrestart settings so fresh Ubuntu 24.04 curl | bash installs do not hang while installing Node.js, Git, or build tools. Fixes #41146. Thanks @iht76, @alexcarv318, @cs3gallery, @firofame, and @cgdusek.
Providers/Bedrock: defer the AWS SDK import until Bedrock discovery actually runs so plugin registration and setup stay lightweight on cold start. Fixes #71690. Thanks @jarvis-ai-gregmoser.
Installer/macOS: stop immediately when Homebrew node@24 installation fails and avoid printing PATH advice for missing Homebrew Node installs. Fixes #70411. Thanks @1fanwang.
WhatsApp: remove ack reactions after a visible reply when messages.removeAckAfterReply is enabled, matching other reaction-capable channels. Fixes #26183. Thanks @MrUnforsaken.
Providers/Z.AI: map OpenClaw thinking controls to Z.AI's thinking payload and add opt-in preserved thinking replay via params.preserveThinking, so GLM 5.x can keep prior reasoning_content when requested. Fixes #58680. Thanks @xuanmingguo.
Channels/status: keep read-only channel lists on manifest and package metadata by default, loading setup runtime only for explicit fallback callers. Thanks @shakkernerd.
Plugins: scope setup and web-provider metadata manifest reads to explicit plugin ids when callers already know the owning plugin set. Thanks @vincentkoc.
Plugins/onboarding: defer onboarding install-record index writes until the guarded config commit so setup failures cannot leave the plugin index ahead of openclaw.json. Thanks @shakkernerd.
Plugins/registry: resolve web provider ownership from the installed plugin index instead of broad manifest scans on secret, tool, and pricing paths. Thanks @shakkernerd.
Config/providers: accept video and audio in configured model input values and preserve them in provider catalog entries. Fixes #20721. Thanks @alvinttang.
Models/auth: honor the parent --agent flag for auth write commands (add, login, setup-token, paste-token, and the GitHub Copilot shortcut) so OAuth/API-key/token results are written to the requested agent store instead of the default agent. Fixes #71864. (#71933) Thanks @balric-seo.
TTS: strip model-emitted TTS directives from streamed block text before channel delivery, including directives split across adjacent blocks, while preserving the accumulated raw reply for final-mode synthesis. Fixes #38937.
TTS: keep explicit provider=... directive keys scoped to that provider and warn on unsupported keys instead of letting another speech provider consume overlapping keys. Fixes #60131.
TTS/Feishu: normalize final-mode streamed TTS-only audio before delivery so generated voice-note files use the same safe media path and native voice routing as normal final replies. Fixes #71920.
Feishu: transcribe inbound voice-note audio with the shared media audio path before agent dispatch and keep raw Feishu file_key payloads out of message text. Fixes #67120 and #61876.
Tasks: terminalize async Gateway agent task records from the Gateway run result while preserving aborted, failed, and cancelled outcomes instead of leaving completed runs stuck as active or lost. (#71905) Thanks @likewen-tech.
WhatsApp: let authorized group voice-note transcripts satisfy mention gating before reply dispatch, while keeping unmentioned transcripts in pending group history. Fixes #44908.
Media understanding: carry channel voice-note preflight state into attachment selection so WhatsApp, Feishu, Telegram, and Discord do not transcribe the same inbound audio twice. Fixes #70580.
TTS/BlueBubbles: deliver compatible auto-TTS audio as iMessage voice memo bubbles instead of plain MP3/CAF file attachments. Fixes #16848.
TTS: resolve voice-note and voice-memo routing from channel plugin capabilities instead of speech-core-owned channel id lists.
ACP: send subagent and async-task completion wakes to external ACP harnesses as plain prompts instead of OpenClaw internal runtime-context envelopes, while keeping those envelopes out of ACP transcripts.
TTS/status: show configured TTS model, voice, and sanitized custom endpoint in /status, preserve OpenAI-compatible TTS instructions on custom endpoints, and retry empty Microsoft/Edge TTS output once. Addresses #46602, #47232, and #43936. Thanks @leekuangtao, @Huntterxx, and @rex993.
Agents/Gateway: steer agent-driven config edits and restarts through the owner-only gateway tool, document config.schema.lookup as the field-doc source, and warn against using gateway stop && gateway start as a restart substitute on macOS. Fixes #71929. Thanks @ygc3817922006-sketch.
Media understanding/audio: inject a deterministic transcript placeholder for too-small voice notes so agents do not hallucinate transcription or provider failures. Fixes #48944. Thanks @eulicesl.
Providers/vLLM: send Nemotron 3 chat-template kwargs when thinking is off and honor configured params.chattemplatekwargs for OpenAI-compatible completions, so vLLM/Nemotron replies stay visible instead of becoming thinking-only. Fixes #71891. Thanks @jmystaki-create and @dennis-lynch.
Channels/replies: strip copied inbound metadata blocks from user-facing assistant replies and model replay history, so Discord/vLLM sessions do not leak Conversation info / UNTRUSTED ... message body envelopes after a model echoes them. Fixes #71847. Thanks @jmystaki-create.
Subagents/memory: keep inter-session completion wakes out of memory and dreaming session exports, and strip internal runtime-context blocks from realtime Control UI chat events.
Agents/Claude: treat zero-token empty stop turns as failed provider output, retry once, repair replay, and allow configured model fallback instead of preserving them as successful silent replies. Fixes #71880. Thanks @MagnaAI.
Tasks: normalize task lifecycle timestamps at create, update, and restore time, and report retained lost tasks as audit warnings until their cleanup window expires. (#71871) Thanks @likewen-tech.
Diagnostics/OTEL: treat normal early model stream cleanup as a completed model call instead of exporting a misleading StreamAbandoned error span. Thanks @vincentkoc.
Gateway/pairing: stop corrupt or unreadable device/node pairing stores from being treated as empty state, preserving paired.json for repair instead of overwriting approved pairings. Fixes #71873. Thanks @iret77.
ACP: keep /acp management commands, plus local /status and /unfocus, on the Gateway path inside ACP-bound threads so they are not consumed as ACP prompt text. Fixes #66298. Thanks @kindomLee.
ACPX: stop probing ACP agents during normal Gateway startup; the embedded backend now registers without spawning Codex/ACP child processes unless OPENCLAWACPXRUNTIMESTARTUPPROBE=1 is explicitly set.
CLI/image edit: accept --size, --aspect-ratio, and --resolution on openclaw infer image edit and report all supported edit flags from capability inspect image.edit. Thanks @Pinghuachiu.
ACP: wait for the configured runtime backend to become healthy before startup identity reconciliation, avoiding transient acpx warnings during Gateway boot. Fixes #40566.
Channels/ACP bindings: time out configured binding readiness checks instead of letting Discord preflight hang forever when an ACP target never settles. Fixes #68776.
Control UI: hide the chat loading skeleton during background history reloads when existing messages or active stream content are already visible, avoiding reload flashes on high-latency local gateways. Fixes #71844. Thanks @WolvenRA.
Control UI: keep locally optimistic chat messages visible when a history reload temporarily returns empty, avoiding lost first-turn messages on high-latency gateways. Fixes #71878. Thanks @WolvenRA.
Control UI: keep chat history limits based on visible messages after filtering heartbeat and control-only transcript rows, so recent hidden entries no longer make older visible replies disappear. Thanks @WolvenRA.
Agents/images: scrub old [media attached: ...], [Image: source: ...], and media://inbound/... markers from pruned model replay context so stale media refs are not rehydrated as fresh prompt images. Fixes #71868. Thanks @jmeadlock.
Docker/Bonjour: disable Bonjour/mDNS advertising by default for bundled Compose gateways on bridge networking, while keeping host/macvlan opt-in with OPENCLAWDISABLEBONJOUR=0. Fixes #71879. Thanks @gbballpack.
CLI/status: label the OpenClaw Serve/Funnel setting as Tailscale exposure and show daemon state separately when available, so gateway.tailscale.mode: "off" no longer reads like the Tailscale daemon is stopped. Fixes #71790. Thanks @pesvobodak.
Plugins/Bonjour: stop ciao mDNS watchdog failures from looping forever when the advertiser stays stuck in probing or announcing; Bonjour now disables itself for the current Gateway process after repeated failed restarts while the Gateway keeps running. Fixes #69011. Thanks @siddharthaagarwalofficial-ux, @FiredMosquito831, and @spikefcz.
Gateway/Fly.io: seed Control UI allowed origins from the actual runtime bind and port so CLI-driven non-loopback starts do not crash before config exists. Fixes #71823.
macOS/remote SSH: keep discovered gateway hosts in gateway.remote.sshTarget while pinning SSH transport URLs to the local loopback tunnel, so browser automation does not regress into blocked non-loopback ws:// endpoints. Fixes #67336.
Gateway/proxy: bootstrap env proxy dispatching from direct Gateway startup so provider and plugin network requests honor HTTPSPROXY/HTTPPROXY before the first embedded agent attempt runs. (#71833) Thanks @mjamiv.
Plugins/runtime deps: verify clean npm installs actually place requested bundled runtime packages in the managed install root, reporting exact missing specs instead of a false successful repair. (#71883) Thanks @Solvely-Colin.
Plugins/discovery: ignore stale plugins.load.paths aliases that point back at packaged bundled plugin directories and have doctor remove them, keeping bundled plugins on the runtime-deps staging path.
Models/LM Studio: preserve @iq* quant suffixes in model refs and provider matching so /model lmstudio/...@iq3_xxs keeps the exact LM Studio variant. Fixes #71474. (#71486) Thanks @Bartok9, @XinwuC, and @Sanjays2402.
Matrix/cron: preserve the live Matrix delivery target when creating implicit announce reminder jobs so mixed-case room IDs are not reconstructed from lowercased session keys. Fixes #71798.
Feishu: accept Schema 2.0 card action callbacks that report context.openchatid instead of legacy context.chat_id, so button callbacks no longer drop as malformed. Fixes #71670. Thanks @eddy1068.
Feishu: keep synthetic card-action and bot-menu ids out of platform reply targets, using the real card callback message id when Feishu provides one and plain-sending otherwise. Fixes #71673. Thanks @eddy1068.
Plugins/QQ Bot: prefer an installed QQ Bot plugin that declares it replaces the bundled qqbot channel, preventing duplicate qqbotchannelapi and qqbot_remind tool registration noise. Fixes #63102.
Browser automation: keep stable tab ids and labels attached when Chromium replaces the raw target after form submissions or other action-triggered navigations, and return the replacement targetId from /act when the match is provable. Fixes #46137.
QQ Bot: make qqbot_remind schedule, list, and remove Gateway cron jobs directly for owner-authorized senders instead of returning cronParams and relying on a follow-up generic cron tool call. Fixes #70865. (#70937) Thanks @GaosCode.
Agents/ACP: hide sessions_spawn ACP runtime options unless an ACP backend is loaded, and make /acp doctor call out plugins.allow blocking bundled acpx. Thanks @vincentkoc.
Agents/Codex: keep ACP prompt/skill routing hidden unless an ACP runtime backend is available, and warn in doctor when enabled Codex plugin configs still route openai-codex/* models through PI. Thanks @vincentkoc.
Media delivery: avoid sending generated image attachments twice when the assistant reply already includes explicit MEDIA: lines for the same turn, and reject unsafe remote MEDIA: URLs before delivery. Thanks @pashpashpash.
Codex harness: ignore retryable app-server error notifications after Codex recovers, and preserve the real nested error message for terminal app-server failures instead of replacing it with a generic failure. Thanks @pashpashpash.
Agents/Codex: prepare native Codex sub-agent session metadata without a nested Gateway session patch and add a focused Docker smoke for the app-server sub-agent path. Thanks @vincentkoc.
Agents/subagents: keep queued subagent announces session-only when the requester has no external channel target, avoiding ambiguous multi-channel delivery failures. Fixes #59201. Thanks @larrylhollan.
Image understanding: preserve configured provider-prefixed vision model metadata when callers request the model without the provider prefix, so custom image models keep their input: ["text", "image"] capability. Fixes #33185. Thanks @Kobe9312 and @vincentkoc.
Plugins/install: restore the previous plugin index records if a concurrent config write conflict interrupts install, update, or uninstall metadata commits. Thanks @shakkernerd.
Plugins/install: reject native plugin archives that do not include a valid openclaw.plugin.json, preventing manifestless archives from writing install records that later show missing-manifest diagnostics. Thanks @shakkernerd.
Plugins/uninstall: remove tracked managed plugin install directories even when the persisted install path differs from the default id-derived target, while still refusing deletes outside the managed extensions root. Thanks @shakkernerd.
Plugins/update: restore previous plugin index records if core update or channel setup hits a concurrent config write conflict after plugin metadata changes. Thanks @shakkernerd.
Plugins/onboarding: defer channel/provider plugin install records until the owning config write commits, keeping setup failures from advancing the plugin index ahead of openclaw.json. Thanks @shakkernerd.
Plugins/config: route configure and agent setup writes with pending plugin install records through the plugin index commit helper so provider onboarding metadata is not stripped by plain config writes. Thanks @shakkernerd.
Plugins/channels: merge pending channel plugin install records with the existing plugin index before config writes, preserving unrelated tracked installs during channel setup, resolve, remove, and capability repair flows. Thanks @shakkernerd.
Plugins/config: defer shipped plugins.installs index migration during config writes until the guarded config commit window and roll it back if the config write fails before commit. Thanks @shakkernerd.
Sessions: keep embedded runtime context out of the visible user prompt by sending it as a hidden next-turn custom message, and teach doctor to repair affected 2026.4.24 transcripts with duplicated prompt-rewrite branches. Fixes #71761.
Gateway/subagents: keep direct-loopback backend RPCs authenticated with the shared gateway token/password off stale CLI paired-device scope baselines, so internal calls no longer hit scope-upgrade pairing prompts while remote, browser, node, device-token, and explicit-device paths still require normal pairing approval. Fixes #63548.
Providers/Azure OpenAI: give deployment-scoped image generation requests a longer 600s default timeout so slow gpt-image-2 generations can complete without a per-call timeoutMs. Fixes #71705. Thanks @voytas75.
Gateway/plugins: link source-checkout bundled runtime dependency caches instead of recursively copying node_modules on the gateway main thread, preventing local status, node, and skill probes from timing out during startup cache restores.
Skills/remote nodes: only expose remote macOS skill bins for connected nodes, clear stale bin matches when node probes fail, and include probe command, timeout, bin count, and connection state in timeout logs.
Skills/remote nodes: recognize system.which object-map responses when probing connected macOS nodes, so Linux gateways can expose macOS-only skills such as Apple Notes when the required binaries are installed remotely. Fixes #71877. Thanks @miguelarios.
CLI/gateway: keep diagnostic probes from creating first-time read-only device pairings, while still reusing cached device tokens for detailed read probes. Fixes #71766. Thanks @SunboZ.
CLI/plugins: keep message startup, channels logs, agents delete, and agents set-identity off broad plugin preloading; message delivery still loads plugins when the action actually runs.
Image understanding: resolve configured image models such as local LM Studio vision entries before reporting Unknown model when the discovery registry has not registered that provider. Fixes #66486. Thanks @zhanggpcsu.
QQ Bot: ignore self-echoed bot messages using the outbound ref-index marker, preventing mirrored replies from re-entering the agent loop while still allowing users to quote bot replies. Fixes #71912. Thanks @wangyc6003.
Sessions: separate reset freshness from session-store updatedAt, so heartbeat, cron, exec, and gateway bookkeeping no longer prevent configured daily/idle resets from rolling long-running channel sessions. Fixes #68315, #63732, #63820, and #69083. Thanks @maxatv, @longhairedsi, @bradfreels, and @akessel56.
Sessions: clear queued system-event notices during /new, /reset, gateway sessions.reset, and daily/idle rollover so stale background updates cannot leak into the first prompt of the fresh session. Fixes #66864. Thanks @opeyio, @Magicray1217, and @cedillarack.
CLI/agents: keep agents bind, agents unbind, and agents bindings on setup-safe channel metadata paths so they do not preload bundled plugin runtimes or stage runtime dependencies. Fixes #71743.
Plugins/registry: preserve explicit disabled plugin records during registry migration without persisting every unused bundled plugin discovered on disk. Thanks @shakkernerd.
Windows/native: keep CLI startup and bundled provider plugin loading off Windows ESM raw-path failure paths, fixing native onboarding/install smoke on Node 24.
Plugins/doctor: read bundled channel doctor capabilities through the same packaged plugin directory resolver used by plugin loading, so published installs keep Matrix DM allowlist repairs on channels.matrix.dm.* instead of writing invalid top-level dmPolicy keys. Fixes #71757.
Plugins/Windows: keep bundled plugin Jiti loaders off the native import path on Windows so channel plugins such as Telegram no longer crash with ERRUNSUPPORTEDESMURLSCHEME on C:\... paths. Fixes #71749. Thanks @smeyer9.
Providers/Ollama: use Ollama's current /api/web_search endpoint and honor https://ollama.com model-provider base URLs for Ollama Web Search. Fixes #71741. Thanks @madhvidua.
Memory/Ollama: serialize Ollama memory embedding batches and add an inline batch timeout override, with longer defaults for local/self-hosted embedding providers.
Sessions/usage: exclude compaction checkpoint transcript snapshots from usage totals and session discovery, while keeping old checkpoint files removable.
CLI/agents: keep openclaw agents list --json on the config-only path by default, avoiding bundled plugin loading unless callers request --bindings. Fixes #71739. Thanks @kaloster.
Plugins/install: force plugin dependency installs to stay project-local even when inherited npm config requests global installs, so successful installs still materialize the plugin's staged node_modules.
Providers/Google: transcode Gemini TTS PCM to Opus for voice-note targets so WhatsApp and other native voice-note replies can play as voice messages.
TTS/WhatsApp: mark non-Opus provider output as voice-note intent so channel delivery transcodes MP3/WebM replies to Ogg/Opus PTT audio.
Plugins/runtime deps: reuse existing external bundled-plugin stage roots when mirrored plugin roots are inspected again, avoiding second-generation openclaw-unknown-* stages and repeated first-turn restaging. Fixes #71599.
iOS/macOS Talk Mode: allow talk.speechLocale to set the speech recognition locale for non-English voice conversations. Fixes #44688.
Plugins/providers: honor explicit plugin candidate lists instead of reading a persisted registry snapshot from local state, keeping candidate-scoped provider discovery hermetic.
Plugins/doctor: keep bundled plugin runtime-dependency repairs inside the managed OpenClaw stage even when user npm prefix/global config points npm at $HOME/node_modules. Fixes #71730.
ACP/sessions_spawn: reject normal OpenClaw config agent ids when callers explicitly request runtime="acp", while allowing agents configured with runtime.type="acp" to resolve to their ACP harness id. Fixes #63914.
ACP/sessions_spawn: apply runTimeoutSeconds to ACP child turns and dispatch those turns on the background subagent lane, so quota-stalled ACP harnesses do not occupy the main agent lane indefinitely. Fixes #68823.
ACP/oneshot: reconcile runtime session identity before closing completed oneshot ACP runs, so finished sessions.json entries do not stay stuck with acp.identity.state="pending".
ACPX: bundle acpx@0.6.1 so unsupported generic model overrides fail clearly instead of silently falling back to the target adapter default.
ACP/models: document that non-Codex ACP model overrides require adapter support for ACP models plus session/set_model, so unsupported harnesses fail clearly instead of silently falling back to their defaults.
Plugins/Voice Call: treat missing provider credentials as setup-incomplete during Gateway startup and log the missing keys as a warning instead of a runtime startup error, while keeping explicit command/tool errors when used.
Android/Talk Mode: prevent duplicate TTS playback when fast or repeated final chat events arrive while Talk Mode is waiting for its own response. Fixes #46546.
Tooling/check:changed: pass parent heavy-check lock markers to lint lanes so pnpm check:changed no longer waits on its own lint:extensions child.
CLI/completion: dedupe provider auth flags before registering openclaw onboard options, so completion-cache refresh during update no longer fails when stale core fallback flags overlap plugin manifest flags. Fixes #71667.
Diagnostics/trace: report live context usage from the current prompt snapshot instead of provider turn totals, avoiding false near-full context spikes on cached or tool-heavy runs.
Providers/Google: honor models.providers.google.request.allowPrivateNetwork for Gemini TTS and telephony TTS, matching Google image generation and media understanding. (#71723) Thanks @ro-hansolo.
Providers/MiniMax: register minimax-portal for music and video generation, preserving OAuth auth and regional MiniMax base URLs across the shared musicgenerate and videogenerate tools. (#63241) Thanks @tars90percent.
Providers/onboarding: keep Runway and Alibaba Model Studio out of the text-inference setup picker by scoping their video-generation auth choices to the media setup flow. (#65856) Thanks @Jah-yee.
Plugins/Bonjour: stop the gateway from crash-looping on CIAO PROBING CANCELLED when the mDNS watchdog cancels a stuck probe. Restores the rejection-handler wiring dropped during the bonjour plugin migration and shares unhandled-rejection state across module instances so plugin-staged copies of openclaw/plugin-sdk/runtime register into the same handler set the host consults. Especially affects Docker on macOS, where mDNS probing reliably hits the watchdog. Thanks @troyhitch.
Google Meet: report pinned Chrome nodes as offline or missing capabilities in setup/join diagnostics, keep inaccessible nodes out of auto-selection, and preflight local BlackHole/SoX requirements before agents try local Chrome.
Providers/MiniMax: route image-01 requests to the dedicated image generation endpoint while preserving CN endpoint selection. Fixes #61149. Thanks @mushuiyu886.
Plugins/startup: remove ownerless bundled runtime-dependency install locks after a short grace window and include lock owner details when startup times out waiting for a plugin runtime-deps lock.
Plugins/install: anchor bundled runtime-dependency npm installs with an OpenClaw-owned package manifest so Linux updates cannot accidentally write to a parent $HOME/node_modules tree. Fixes #71730.
Plugins/install: pass onboarding plugin config into plugin index writes so local plugin installs outside default discovery roots keep their install records. Thanks @shakkernerd.
Plugins/install: migrate shipped plugins.installs config records into the plugin index while stripping them from runtime config and future writes. Thanks @shakkernerd.
Plugins/install: durably remove shipped plugins.installs from openclaw.json after its records are copied into the plugin index, while rolling back the index write if config cleanup fails. Thanks @shakkernerd.
Plugins/install: keep migrated plugin install records in the plugin index even when the plugin manifest is missing or invalid, so update, uninstall, inspect, and audit can still recover broken installs. Thanks @shakkernerd.
Plugins/security: keep plugin audit JSON check ids stable while reporting plugin index install-record findings with updated wording. Thanks @shakkernerd.
CLI/config: reject direct plugins.installs edits with guidance to use openclaw plugins install, openclaw plugins update, or openclaw plugins uninstall instead. Thanks @shakkernerd.
Live tests/voice: accept common STT variants for OpenClaw and ElevenLabs brand names so provider smoke tests fail on real regressions rather than equivalent transcripts.
Agents/replies: forward sanitized underlying agent failure details on external channels instead of replacing unknown failures with a generic retry message.
CLI/MCP: translate OpenClaw mcp.servers.*.transport entries into Claude/Gemini CLI type fields so streamable HTTP MCP servers load in CLI backend sessions. (#71724) Thanks @Blockchain-Oracle.
Browser/CDP: honor configured remote and attachOnly CDP HTTP/WebSocket timeouts when opening tabs through raw CDP or /json/new fallback. (#54238) Thanks @FuncWei.
WhatsApp/TTS: send visible text separately from PTT voice-note audio instead of relying on hidden voice-note captions. Fixes #51081.
Browser/client: avoid telling agents to restart OpenClaw for dispatcher timeouts on external browser profiles such as attachOnly, remote CDP, and existing-session. (#40815) Thanks @0xsline.
Agents/TTS: preserve [[audioasvoice]] directives on trusted text tool-result MEDIA: payloads so generated audio still delivers as a voice note. (#46535) Thanks @azade-c.
Agents/TTS: keep queued tool media when an assistant ends with NO_REPLY on non-block delivery paths, so media-only generated audio replies still send. (#60025) Thanks @bradlind1.
Telegram/STT: frame inbound voice-note transcripts as machine-generated, untrusted text in agent context while preserving raw transcript mention detection. Closes #33360. Thanks @smartchainark.
Subagents/browser: show an actionable /tools notice when browser automation is configured but filtered out by the active tool profile, and document that coding-profile agents should use tools.alsoAllow: ["browser"] rather than subagent allowlists alone.
Control UI/Quick Settings: persist the assistant avatar override to browser local storage (mirroring the user avatar) so uploaded image data URLs no longer fail config validation with "Too big: expected string to have <=200 characters". Also lift the gateway-side ui.assistant.avatar length cap to match the user avatar size budget for non-UI clients writing the field directly. Thanks @BunsDev.
Plugin SDK: share diagnostic event subscriptions across duplicate source/dist module graphs so legacy root SDK imports still receive runtime diagnostic events.
Agents/Bedrock: prevent empty assistant stream-error turns from poisoning Converse replay by persisting, repairing, and replaying a non-empty fallback block. Fixes #71572. (#71627) Thanks @openperf.
Agents/Anthropic/Bedrock: strip thinking blocks with missing, empty, or blank replay signatures before provider conversion, falling back to non-empty omitted-reasoning text when needed so corrupted signed-thinking history no longer poisons subsequent turns. Fixes #45010. (#70054) Thanks @castaples.
Agents/Anthropic/Bedrock: preserve stripped thinking-only assistant replay turns with non-empty omitted-reasoning text so provider adapters keep strict user/assistant turn shape. Thanks @wujiaming88.
ACP/Codex: pass sessions_spawn(runtime="acp") model and thinking overrides into Codex ACP startup, normalize openai-codex/* refs and slash reasoning suffixes, and recognize managed Codex ACP wrapper commands without blocking current gpt-5.5 sessions. Fixes #40393. (#71643) Thanks @91wan.
Browser/CDP: make readiness diagnostics use the same discovery-first fallback as reachability for bare ws:// Browserless and Browserbase CDP URLs. Fixes #69532.
Browser/CDP: explain that loopback Browserless or other externally managed CDP services need attachOnly: true and matching Browserless EXTERNAL endpoint when reporting local port ownership conflicts, and fall back to the configured bare WebSocket root when a discovered Browserless endpoint rejects CDP. Fixes #49815.
Gateway/reload: preserve indefinite gateway.reload.deferralTimeoutMs: 0 semantics for channel hot reload deferrals so active agent runs are not interrupted by a forced channel restart. (#71637) Thanks @Poo-Squirry.
Agents/tool results: cap persisted Pi tool-result details and strip hidden diagnostics before provider conversion, preventing large debug payloads from bloating session transcripts. (#71637) Thanks @Poo-Squirry.
ACP/OpenCode: update the bundled acpx runtime to 0.6.0 and cover the OpenCode ACP bind path in Docker live tests.
Providers/OpenCode Go: add DeepSeek V4 Pro and DeepSeek V4 Flash to the Go catalog while the bundled Pi registry catches up. Fixes #71587.
Providers/OpenCode Go: route DeepSeek V4 Pro/Flash through the OpenAI-compatible Go endpoint and suppress invalid reasoning_effort: "off" payloads, fixing tool-enabled requests for opencode-go/deepseek-v4-flash. Fixes #71683.
Plugins/model defaults: run Skill Workshop review, Active Memory recall, and session-memory slug generation on the configured agent default model instead of the hardcoded OpenAI SDK fallback when hook context lacks model metadata. Fixes #71659.
Providers/Venice: fill the required DeepSeek V4 reasoning_content placeholder for venice/deepseek-v4-pro and venice/deepseek-v4-flash replay turns without sending native DeepSeek thinking controls that Venice rejects. Fixes #71628.
Browser/existing-session: support per-profile Chrome MCP command/args, map cdpUrl to --browserUrl or --wsEndpoint, and avoid combining endpoint flags with --userDataDir. Fixes #47879, #48037, and #62706. Thanks @puneet1409, @zhehao, and @madkow1001.
Media/plugins: bound MIME sniffing and ZIP archive preflight before handing untrusted files to file-type or jszip, reducing parser CPU and memory exposure for attachments and ClawHub plugin archives. Thanks @vincentkoc.
Memory-host SDK: use trusted env-proxy mode for remote embedding and batch HTTP calls only when Undici will proxy that target, preserving SSRF DNS pinning for ALLPROXY-only and NOPROXY bypass cases. Fixes #52162. (#71506) Thanks @DhtIsCoding.
Gateway/dashboard: render Control UI and WebSocket links with https:///wss:// when gateway.tls.enabled=true, including openclaw gateway status. Fixes #71494. (#71499) Thanks @deepkilo.
Agents/OpenAI-compatible: default proxy/local completions tool requests to tool_choice: "auto" when tools are present, so providers enter native tool-calling mode instead of replying with plain-text tool directives. (#71472) Thanks @Speed-maker.
OpenAI image generation: use gpt-5.5 for the Codex OAuth responses transport instead of the retired gpt-5.4 model, fixing 500s from ChatGPT Codex image generation. Fixes #71513. Thanks @baolongl.
OpenAI image generation: route transparent-background default-model requests to gpt-image-1.5, document the expected image_generate call shape, and keep Azure/custom OpenAI-compatible deployment names untouched.
Google video generation: download direct MLDev Veo video.uri results instead of passing them through the Files API path, fixing 404s after successful generation/polling. Fixes #71200. Thanks @panhaishan.
Google video generation: fall back to the REST predictLongRunning Veo endpoint for text-only SDK 404s while keeping reference image/video generation on the SDK path. Fixes #62309 and #63008. (#62343) Thanks @leoleedev.
MiniMax music generation: switch the bundled default model from the unsupported music-2.5+ id to the current music-2.6 API model. Fixes #64870 and addresses the music default from #62315. Thanks @noahclanman and @edwardzheng1.
Cron: record jobs interrupted by a gateway restart as failed at their original runningAtMs, skip unsafe startup replay, and disable interrupted one-shot jobs so they show a visible failure instead of silently disappearing or duplicating work. Fixes #59056, #61343, #63657, and #59301. Thanks @ponchoooPenguin, @daemic24, @myradon, and @hikiwibot.
Cron tool: recover flat top-level schedule shorthand such as cron, tz, and staggerMs before gateway validation, so model-generated cron add/update calls preserve cron jitter settings. Thanks @tyxben.
Cron: hydrate flat legacy job rows with top-level cron, tz, session, and message fields into canonical schedule, target, and payload objects before startup recomputes run times. Fixes #43351.
Agents/replies: let pending group chat history trigger bare mentioned turns without treating metadata-only inbound context as user input. Fixes #71489. (#71520) Thanks @SymbolStar.
Google media generation: strip a configured trailing /v1beta from Google music/video provider base URLs before calling the Google GenAI SDK, preventing doubled /v1beta/v1beta paths. Fixes #63240. (#63258) Thanks @Hybirdss.
Discord: restore direct-message voice-note preflight transcription and classify URL-only Ogg/Opus voice attachments as audio while skipping partial attachments without usable URLs. Fixes #61314 and #64803.
Plugins/build: copy bundled plugin skill trees into dist-runtime, broaden Windows symlink-copy fallbacks, and fingerprint runtime dependencies from lstat so symlink-like directory entries cannot crash staging.
Google Chat: preserve reply text when a typing indicator message is deleted or can no longer be updated, so media captions and first text chunks are resent instead of silently disappearing. (#71498) Thanks @colin-lgtm.
Cron: tolerate malformed legacy job rows in startup, main-session system-event payloads, and human-readable cron list output so missing state, payload.text, or display fields no longer crash the scheduler or CLI. Fixes #66016, #65916, #64137, #57872, #59968, #63813, #52804, and #43163. (#71509) Thanks @vincentkoc.
CLI/models: make openclaw models scan fall back to public OpenRouter free-model metadata when no OPENROUTERAPIKEY is configured, avoid config secret resolution for explicit --no-probe scans, and apply the scan timeout to the OpenRouter catalog request.
Feishu: keep streaming cards to one live card per turn, flush throttled card edits after meaningful text boundaries, and skip exact block/partial repeats so tool-heavy replies do not duplicate card output. Thanks @allan0509.
Feishu: finish the streaming-card duplicate closeout by stripping leaked reasoning tags, preserving cross-block partial snapshots, enabling topic-thread streaming cards, omitting the generic main card header, surfacing transient tool/compaction status, and cleaning streaming state after close failures. Thanks @sesame437, @Vicky-v7, @maoku-family, @Pengxiao-Wang, and @Maple778.
Telegram: recover incomplete partial-stream previews by falling back to a final send when an ambiguous final edit failure would otherwise retain a strict prefix of the answer. Fixes #71525. (#71554) Thanks @sahilsatralkar.
Control UI/chat: collapse assistant token/model context details behind an explicit Context disclosure and show full dates in message footers, making historical transcript timing clear without noisy default metadata. (#71337) Thanks @BunsDev.
OpenAI/Codex OAuth: explain unsupportedcountryregion_territory token-exchange failures with a proxy/region hint instead of surfacing a generic OAuth error. Fixes #51175. (#71501) Thanks @vincentkoc and @wulala-xjj.
Browser/Linux: fall back to headless mode for local managed profiles on hosts without a display server, while preserving explicit per-profile headed overrides and reporting the headless source. (#60953) Thanks @rrpsantos.
Telegram: remove the startup persisted-offset getUpdates preflight so polling restarts do not self-conflict before the runner starts. Fixes #69304. (#69779) Thanks @chinar-amrutkar.
Telegram: keep the polling stall watchdog active even when grammY reports the runner as not running while its task is still pending, so a rebuilt transport cannot leave getUpdates silent until a manual gateway restart. Fixes #69064. Thanks @LDLoeb.
Subagents: fall back to direct completion delivery when the parent announce turn finishes without a visible payload, so child results still reach channel-backed requester sessions.
Subagents: tell parent agents to use sessions_yield while waiting for child completion events, preventing GPT-5 fast runs from ending silently after spawning workers.
Browser/Playwright: ignore benign already-handled route races during guarded navigation so browser-page tasks no longer fail when Playwright tears down a route mid-flight. (#68708) Thanks @Steady-ai.
Browser/CLI: lazy-load browser command groups and plugin runtime services so openclaw browser --help can render without loading the full browser automation stack. Fixes #65400. (#65460, #66640) Thanks @pandego and @Tianworld.
Browser/CLI: serve precomputed openclaw browser --help text from CLI startup metadata, avoiding the full plugin/config startup path for the common help invocation.
Browser/downloads: seed managed Chrome profiles with OpenClaw download prefs and capture unmanaged click-triggered downloads under the guarded downloads directory, while explicit download waiters still own their target file. (#64558) Thanks @Pearcekieser.
Browser/Chrome: stop passing redundant --disable-setuid-sandbox when browser.noSandbox is enabled; --no-sandbox remains the effective sandbox opt-out. (#67939) Thanks @sebykrueger.
Browser/client: stop telling agents to permanently avoid the browser after transient timeout or cancellation failures; keep the no-retry hint for persistent unavailable/rate-limit cases. (#46505) Thanks @jriff.
Browser/aria snapshots: bind format=aria axN refs to live DOM nodes through backend DOM ids when Playwright is available, so follow-up browser actions can use those refs without timing out. (#62434) Thanks @MrKipler.
Telegram: prevent duplicate in-process long pollers for the same bot token and add clearer getUpdates conflict diagnostics for external duplicate pollers. Fixes #56230. Thanks @Co-Messi.
Browser/Linux: detect Chromium-based installs under /opt/google, /opt/brave.com, /usr/lib/chromium, and /usr/lib/chromium-browser before asking users to set browser.executablePath. (#48563) Thanks @lupuletic.
Sessions/browser: close tracked browser tabs when idle, daily, /new, or /reset session rollover archives the previous transcript, preventing tabs from leaking past the old session. Thanks @jakozloski.
Sessions/forking: fall back to transcript-estimated parent token counts when cached totals are stale or missing, so oversized thread forks start fresh instead of cloning the full parent transcript. Thanks @jalehman.
OpenAI/Codex: send Codex Responses system prompts through top-level instructions while preserving the existing native Codex payload controls.
MCP/CLI: retire bundled MCP runtimes at the end of one-shot openclaw agent and openclaw infer model run gateway/local executions, so repeated scripted runs do not accumulate stdio MCP child processes. Fixes #71457. Thanks @spartoviMD.
OpenAI/Codex image generation: canonicalize legacy openai-codex.baseUrl values such as https://chatgpt.com/backend-api to the Codex Responses backend before calling gpt-image-2, matching the chat transport. Fixes #71460. Thanks @GodsBoy.
Control UI: make /usage use the fresh context snapshot for context percentage, and include cache-write tokens in the Usage overview cache-hit denominator. Fixes #47885. Thanks @imwyvern and @Ante042.
GitHub Copilot: preserve encrypted Responses reasoning item IDs during replay so Copilot can validate encrypted reasoning payloads across requests. (#71448) Thanks @a410979729-sys.
GitHub Copilot: never rewrite connection-bound reasoning item IDs regardless of whether encryptedcontent is present, fixing a 400 "Encrypted content itemid did not match" error with gpt-5.3-codex and future Codex models that fall through to the forward-compat catch-all with reasoning: false. Also recognize Codex-named models as reasoning-capable so they inherit the correct capability flags. Refs #68735. Thanks @InvalidPandaa.
Agents/replies: recover final-answer text when streamed assistant chunks contain only whitespace, preventing completed turns from surfacing as empty-payload errors. Fixes #71454. (#71467) Thanks @Sanjays2402.
Feishu/TTS: transcode voice-intent MP3 and other audio replies to Ogg/Opus before sending native Feishu audio bubbles, while keeping ordinary MP3 attachments as files. Fixes #61249 and #37868. Thanks @sg1416-zg and @ycjlb2023-peteryi.
WhatsApp/TTS: transcode MP3/WebM audio, including Microsoft Edge TTS output, to Ogg/Opus before sending PTT voice notes.
QQBot/TTS: honor plain audioAsVoice replies by synthesizing TTS to native QQ voice messages, and mark inbound voice-only messages as audio media without exposing raw voice paths to generic media context.
Providers/SenseAudio: add bundled SenseAudio batch audio transcription through tools.media.audio with SENSEAUDIOAPIKEY auth. (#66943) Thanks @Fl0rencess720.
Providers/MiniMax: let TTS use MiniMax portal OAuth and Token Plan credentials before falling back to MINIMAXAPIKEY, and include current TTS HD model ids. Fixes #55017. Thanks @zx15210404690-hash.
Telegram/webhook: acknowledge validated webhook updates before running bot middleware, keeping slow agent turns from tripping Telegram delivery retries while preserving per-chat processing lanes. Fixes #71392. Thanks @joelforsberg46-source.
MCP/config reload: hot-apply mcp.* changes by disposing cached session MCP runtimes, and dispose bundled MCP runtimes during gateway shutdown so removed mcp.servers entries reap child processes promptly. Fixes #60656. Thanks @xieyuanqing.
Active Memory: keep silent recall sub-agent billing/auth failures out of shared auth-profile cooldown state, so a Claude CLI extra-usage rejection cannot disable normal Claude-backed turns. Fixes #71284. (#71539) Thanks @vishutdhar and @obviyus.
Auth/Claude CLI: sync refreshed Claude CLI OAuth credentials into the managed auth profile so long-running Claude CLI runs stop falling back to stale OpenClaw snapshots. (#70902) Thanks @starvex.
Sessions: make sessions_spawn(mode="session") errors name usable alternatives when the current channel cannot bind subagent threads. Fixes #67400. (#67790) Thanks @stainlu.
Agents/Claude CLI: pass the OpenClaw system prompt through Claude's prompt-file flag so Windows runs avoid argv length failures without changing system prompt semantics. Fixes #69158. (#69211) Thanks @skylee-01, @cassioanorte, @Syu0, and @Stache73.
Agents/CLI sessions: bind google-gemini-cli session auth-epoch to the Google account identity in ~/.gemini/oauth_creds.json, so Gemini-backed agents resume their conversation after gateway restart instead of minting a fresh session, and stale bindings are invalidated when the authenticated Google account changes. Fixes #70973. (#71076) Thanks @openperf.
Slack: stop treating user mentions in assistant-authored message edit blocks as sender attribution, preventing edited bot messages from spoofing a mentioned DM user. (#71700) Thanks @vincentkoc.
Codex: consume unauthorized bound conversation inbound claims before they can fall through to other claim handlers or enqueue Codex turns. (#71702) Thanks @vincentkoc.
Codex media understanding: require approval-checked app-server image turns while explicitly declining tool, file, permission, and elicitation approval requests for the bounded image worker. (#71703) Thanks @vincentkoc.
Agents/Claude CLI: allow large live stream-json JSONL lines up to the existing per-turn raw limit, preventing large Telegram, WebChat, MCP, and image turns from aborting on the old stdout buffer cap. Fixes #71793, #71080, and #70766. (#71897) Thanks @chacher86, @shivamgrover21, and @tpjordan.
Agents/Claude CLI: unwrap nested Claude result envelopes in CLI JSON output so delegated agent responses surface as final text instead of raw result JSON. (#66819) Thanks @mraleko.
Agents/Claude CLI: apply the configured 1M context window override to eligible Claude CLI Opus and Sonnet models when context1m is enabled. (#70863) Thanks @bidadh.
Models/status: report fresh Claude CLI native auth instead of stale stored anthropic:claude-cli profile expiry when local credentials are current. Fixes #71256. (#71332) Thanks @matthiasjanke and @neeravmakwana.
CLI backends: compact OpenClaw transcripts after over-budget CLI turns and reseed fresh CLI sessions from the compacted transcript instead of stale external resume state. Fixes #68329. (#71916) Thanks @obviyus.
Telegram: keep default tool progress messages visible when answer preview streaming is disabled. (#71825) Thanks @VACInc.
Configure/models: clear deselected model fallbacks when updating the model picker allowlist, including provider-scoped setup flows. (#71596) Thanks @rubencu.
Agents/streaming: strip namespaced <antml:thinking> reasoning tags from streamed assistant replies before user-visible text is emitted. (#69288) Thanks @xialonglee.

v2026.4.25-beta.4 pre BREAKING [Apr 26, 2026] (4d ago) details → github →

# openclaw 2026.4.25-beta.4

2026.4.25

Highlights

Voice replies get a full TTS upgrade: /tts latest, chat-scoped auto-TTS controls, personas, per-agent/per-account overrides, and new Azure Speech, Xiaomi, Local CLI, Inworld, Volcengine, and ElevenLabs v3 provider coverage. Thanks @leonchui, @zoujiejun, @solar2ain, @cshape, @xuruiray, @itsuzef, and @barronlroth.
Plugin startup and install paths move to the cold persisted registry, cutting broad manifest scans while making plugin update, repair, provider discovery, and install metadata more deterministic. Thanks @vincentkoc and @shakkernerd.
OpenTelemetry coverage expands across model calls, token usage, tool loops, harness runs, exec processes, outbound delivery, context assembly, and memory pressure with bounded low-cardinality attributes. Thanks @vincentkoc, @jlapenna, @Lidang-Jiang, and @oc-factus.
Browser automation gets safer tab URLs, iframe-aware role snapshots, CDP readiness tuning, headless one-shot launch, and deeper browser doctor probes for slow hosts. Thanks @beat843796 and @BenediktSchackenberg.
Control UI and setup flows add PWA/Web Push support, Crestodian first-run repair, TUI setup, context mode selection, and a shorter startup greeting. Thanks @eduardocruz, @SebTardif, and @kevinlin-openai.
Install/update hardening covers Windows, macOS, Linux, Docker, bundled plugin runtime deps, Node service restarts, LaunchAgent token rotation, and mixed-version gateway verification. Thanks @Kobevictor, @igormf, @abhinas90, @jsompis, @Solvely-Colin, and @gucasbrg.

Changes

TTS/WhatsApp: add /tts latest read-aloud support with duplicate suppression and /tts chat on|off|default session-scoped auto-TTS overrides, completing the on-demand voice-note UX for current-chat replies. Fixes #66032.
TTS/channels: resolve channel and account TTS overrides generically, enabling Feishu and QQBot accounts to deep-merge channels.<channel>.accounts.<id>.tts over global and per-agent TTS config. Thanks @sahilsatralkar.
TTS/agents: allow agents.list[].tts to override global messages.tts for per-agent voices, and make /tts audio, /tts status, and the tts agent tool honor the active voice/provider override while keeping shared provider credentials and preferences in the existing TTS config surface.
Providers/Azure Speech: add Azure Speech as a bundled TTS provider with Speech-resource auth, voice listing, SSML escaping, native Ogg/Opus voice-note output, and telephony output. (#51776) Thanks @leonchui.
Google Meet: add calendar-backed attendance export workflows, export manifests, dry-run previews, and tool parity for meeting records.
Control UI: add PWA install support and Web Push notifications for Gateway chat. (#44590) Thanks @eduardocruz.
Browser automation: add safe tab URLs in agent responses plus a CDP-native role snapshot fallback with iframe-aware refs, cursor-clickable detection, target attach preparation, and openclaw browser doctor --deep live snapshot probing.
CLI/image generation: expose generic --background on openclaw infer image generate and openclaw infer image edit, keep --openai-background as an OpenAI alias, and let fal image generation honor --output-format png|jpeg.
Browser/config: allow local managed Chrome launch discovery and post-launch CDP readiness timeouts to be raised for slower hosts such as Raspberry Pi. Fixes #66803. Thanks @beat843796.
Discord: allow channels.discord.voice.model to override the LLM used for voice channel responses while keeping STT and TTS on their existing media settings. (#64368) Thanks @mrdavey.
Browser/CLI: add openclaw browser start --headless as a one-shot local managed browser launch override without rewriting persisted browser config. Thanks @BenediktSchackenberg.
CLI/Crestodian/TUI: add the first-run setup helper, local planner fallback, full-TUI interactive Crestodian, startup progress indicators, context mode selector, and a shorter startup greeting. (#71720, #71760) Thanks @SebTardif and @kevinlin-openai.
Plugins: migrate the local plugin registry automatically during package install/update, keeping install metadata in the plugin index while indexing existing plugin manifests for the new cold registry path. Thanks @vincentkoc and @shakkernerd.
Plugins/doctor: make openclaw doctor --fix refresh the plugin index and cold registry index when needed without treating plugin install records as authored config. Thanks @vincentkoc and @shakkernerd.
Plugins/hooks: add before-agent-finalize hooks, cron jobId hook context, bounded native permission fingerprints, and Codex MCP hook relay support. (#71765, #71758, #71707) Thanks @vincentkoc and @pashpashpash.
Plugins/tokenjuice: bump the bundled tokenjuice runtime to 0.6.3. Thanks @vincentkoc.
Diagnostics/OTEL: align model-call GenAI span attributes with OpenTelemetry stability opt-in semantics, keeping legacy genai.system by default while emitting genai.provider.name under OTELSEMCONVSTABILITYOPTIN=genailatest_experimental. Thanks @vincentkoc.
Diagnostics/OTEL: support signal-specific OTLP endpoint overrides for traces, metrics, and logs via config or standard OTEL environment variables. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded telemetry exporter health diagnostics for startup and log-export failures without exporting raw error text. Thanks @vincentkoc.
Diagnostics/OTEL: export agent harness lifecycle telemetry as bounded openclaw.harness.run spans and openclaw.harness.duration_ms metrics so QA-lab, Codex, and future harnesses share one trace shape. Thanks @vincentkoc.
Diagnostics/trace: propagate W3C traceparent headers from trusted model-call trace context to provider transports while replacing caller-supplied traceparent values. Thanks @vincentkoc.
Diagnostics/Prometheus: add a bundled diagnostics-prometheus plugin with a protected gateway scrape route for low-cardinality diagnostics metrics. Thanks @vincentkoc.
Plugins/CLI: add openclaw plugins registry for explicit persisted-registry inspection and --refresh repair without making normal startup rescan plugin locations. Thanks @vincentkoc.
Plugins/CLI: make openclaw plugins list read the cold persisted registry snapshot by default, leaving module-aware diagnostics to plugins doctor and plugins inspect. Thanks @vincentkoc.
Plugins/startup: move gateway startup plugin planning onto the versioned cold registry index, with postinstall repair for older registry files that predate startup metadata. Thanks @vincentkoc.
Plugins/startup: normalize startup and provider plugin enablement through registry aliases so boot paths do not need the legacy manifest alias scan. Thanks @vincentkoc.
Providers/plugins: resolve provider ownership, provider discovery scopes, and catalog-hook provider ids from the cold plugin registry instead of rescanning manifests on those paths. Thanks @vincentkoc.
Plugins/registry: keep installed plugin index records focused on install/state/load paths and resolve plugin capabilities from manifests scoped to indexed plugins. Thanks @shakkernerd.
Plugins/registry: route cold manifest and capability lookups through the installed plugin index so setup, channels, config, secrets, doctor, and provider metadata paths avoid broad plugin-root scans before runtime execution. Thanks @shakkernerd.
CLI/models: speed up models list --all --provider <id> for static manifest-backed providers by loading catalog rows through the installed plugin index instead of broad manifest scans or runtime suppression hooks. Thanks @shakkernerd.
CLI/models: use OpenClaw Provider Index preview rows as the final cold fallback for installable providers, while keeping user config, installed manifests, and refreshed cache rows above provider-index metadata. Thanks @vincentkoc.
Providers/plugins: keep onboarding and auth-choice setup lists on cold manifest/install metadata and add Provider Index install metadata for not-yet-installed provider plugins. Thanks @vincentkoc.
Providers/plugins: keep provider setup guidance and configure auth imports on cold manifest metadata, with a regression guard against static provider-runtime imports on setup/configure list paths. Thanks @vincentkoc.
CLI/capabilities: keep capability command registration from importing the models auth runtime until model auth login actually runs. Thanks @vincentkoc.
CLI/configure: keep web-search configure prompts on cold plugin registry metadata until the user chooses managed search setup. Thanks @vincentkoc.
Plugins/chat commands: refresh the persisted plugin registry after /plugins enable and /plugins disable, matching the CLI mutation path. Thanks @vincentkoc.
Plugins/compat: mark OPENCLAWDISABLEPERSISTEDPLUGINREGISTRY as a deprecated break-glass switch and point operators at registry repair instead. Thanks @vincentkoc.
Plugins/compat: expand the central compatibility registry with dated owners, replacements, and maximum three-month removal targets for legacy SDK, manifest, setup, registry-migration, and agent-runtime surfaces. Thanks @vincentkoc.
Plugins/registry: ignore stale persisted registry reads when plugin policy no longer matches current config, and stamp generated registry files with a do-not-edit warning. Thanks @vincentkoc.
Config/plugins: keep plugin command-alias validation on cold manifest metadata instead of importing the runtime alias resolver. Thanks @vincentkoc.
Security/plugins: keep web-search credential presence checks on cold config, env, and manifest metadata instead of importing web-search provider runtime. Thanks @vincentkoc.
Diagnostics/OTEL: surface provider request identifiers as bounded hashes on model-call diagnostics and span events, without exporting raw request IDs or metric labels. Thanks @Lidang-Jiang and @vincentkoc.
Plugins/diagnostics: add metadata-only modelcallstarted and modelcallended hooks for provider/model call telemetry without exposing prompts, responses, headers, request bodies, or raw provider request IDs. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded context assembly diagnostics and export openclaw.context.assembled spans with prompt/history sizes but no prompt, history, response, or session-key content. Thanks @vincentkoc.
Diagnostics/OTEL: export existing tool-loop diagnostics as openclaw.tool.loop counters and spans without loop messages, session identifiers, params, or tool output. Thanks @vincentkoc.
Diagnostics/OTEL: export diagnostic memory samples and pressure as bounded memory histograms, counters, and pressure spans to help spot leak regressions without session or payload data. Thanks @vincentkoc.
Diagnostics/OTEL: add the GenAI gen_ai.client.token.usage histogram for input/output model usage while keeping session identifiers and aggregate cache counters out of the semantic metric. Thanks @vincentkoc.
Diagnostics/OTEL: add a bounded openclaw.agent label to OpenClaw token metrics so per-agent Grafana dashboards can group usage without exporting session identifiers. Thanks @oc-factus.
Plugins/install: consolidate managed plugin install metadata into the state-managed plugin index at plugins/installs.json, replacing the temporary plugins/installed-index.json path and removing plugins.installs as an authored config surface. Thanks @vincentkoc and @shakkernerd.
Diagnostics/OTEL: add the GenAI gen_ai.client.operation.duration histogram for model-call latency in seconds with bounded provider/model/API and error attributes. Thanks @vincentkoc.
Diagnostics/OTEL: add GenAI usage token attributes to model-usage spans, including cache read/write input token counts without session identifiers or prompt/response content. Thanks @vincentkoc.
Diagnostics/OTEL: include bounded GenAI operation, provider, and request-model attributes on model-usage spans so token usage remains self-describing without diagnostic identifiers. Thanks @vincentkoc.
Diagnostics/OTEL: keep model-usage span GenAI provider attributes aligned with the existing semantic-convention opt-in policy, using legacy gen_ai.system unless latest experimental GenAI conventions are enabled. Thanks @vincentkoc.
Diagnostics/OTEL: keep gen_ai.request.model present on GenAI token usage metrics with a bounded unknown fallback when model usage events do not include a model. Thanks @vincentkoc.
Docs/OTEL: document the GenAI token and model-call duration metrics, model-usage span attributes, and OTELSEMCONVSTABILITYOPTIN=genailatest_experimental provider-attribute behavior. Thanks @vincentkoc.
Docs: refresh the MCP, model provider, doctor, troubleshooting, BlueBubbles, media generation, TTS, subagents, skills, cron/tasks, exec approvals, and voice-call guides with structured Steps, Tabs, and Accordion content.
Diagnostics/trace: add an internal traceparent propagation helper that only formats trusted dispatcher metadata, keeping plugin-emitted diagnostic traces out of outbound propagation by default. Thanks @vincentkoc.
Diagnostics/OTEL: add bounded outbound message delivery lifecycle diagnostics and export them as low-cardinality delivery spans/metrics without message body, recipient, room, or media-path data. (#71471) Thanks @vincentkoc and @jlapenna.
Diagnostics/OTEL: emit bounded exec-process diagnostics and export them as openclaw.exec spans without exposing command text, working directories, or container identifiers. (#71451) Thanks @vincentkoc and @jlapenna.
Diagnostics/OTEL: support OPENCLAWOTELPRELOADED=1 so the plugin can reuse an already-registered OpenTelemetry SDK while keeping OpenClaw diagnostic listeners wired. (#71450) Thanks @vincentkoc and @jlapenna.
Providers/Xiaomi: add MiMo TTS as a bundled speech provider with MP3/WAV output and voice-note Opus transcoding. Fixes #52376. (#55614) Thanks @zoujiejun.
Providers/ElevenLabs: include eleven_v3 in the bundled TTS model catalog so model selection surfaces can offer ElevenLabs v3. (#68321) Thanks @itsuzef.
Providers/Local CLI TTS: add a bundled local command speech provider with file/stdout input, voice-note Opus conversion, and telephony PCM output. (#56239) Thanks @solar2ain.
Providers/Inworld: add Inworld as a bundled speech provider with streaming TTS synthesis, voice listing, voice-note output, and PCM telephony output. (#55972) Thanks @cshape.
Providers/Volcengine: add Volcengine/BytePlus Seed Speech as a bundled TTS provider with API-key auth, native Ogg/Opus voice-note output, and MP3 audio-file output. (#55641) Thanks @xuruiray.
Android/Talk Mode: expose Talk Mode in the Voice tab with runtime-owned voice capture modes and microphone foreground-service escalation. Thanks @alex-latitude.
Providers/LiteLLM: register litellm as an image-generation provider so image_generate model=litellm/... calls and agents.defaults.imageGenerationModel.fallbacks entries resolve through the LiteLLM proxy. Thanks @zqchris.
Providers/fal: add Seedance 2.0 reference-to-video models with multi-image, video, and audio reference input mapping plus model-specific capability limits for video_generate. Thanks @shivanker.
Codex harness: require Codex app-server 0.125.0 or newer and cover native MCP PreToolUse, PostToolUse, and PermissionRequest payloads through the OpenClaw hook relay.
Agents/Codex: teach prompts and agents_list to surface native Codex app-server availability so agents prefer /codex ... over Codex ACP unless ACP/acpx is explicit. Thanks @vincentkoc.
ACPX/Droid: add Factory Droid to the live ACP bind Docker matrix, including .factory settings staging, FACTORYAPIKEY forwarding, and the single-agent test:docker:live-acp-bind:droid recipe.
TTS/personas: add provider-aware TTS personas with deterministic provider binding merges, /tts persona controls, gateway/CLI persona state, Google Gemini audio-profile-v1 prompt wrapping, and OpenAI instruction mapping. (#70748) Thanks @barronlroth.
Voice Wake: add trigger-based routing so macOS voice wake phrases can select a configured agent or session target, with Gateway routing APIs and node update events. (#30354) Thanks @longbiaochen.

Fixes

Plugins/CLI: let flag-driven openclaw channels add install the selected channel plugin from its default source without opening an interactive prompt, fixing published npm Telegram setup in stdin-closed automation. Thanks @codex.
Plugins/startup: load the default memory-core slot during Gateway startup when permitted so active-memory recall can call memorysearch and memoryget without requiring an explicit plugins.slots.memory entry, while preserving plugins.slots.memory: "none". Thanks @codex.
Plugins/CLI: prefer native require for compiled bundled plugin JavaScript before jiti so read-only config, status, device, and node commands avoid unnecessary transform overhead on slow hosts. Fixes #62842. Thanks @Effet.
Plugins/compat: inventory doctor-side deprecation migrations separately from runtime plugin compatibility so release sweeps preserve needed repairs while enforcing dated removal windows. Thanks @vincentkoc.
Plugins/compat: add missing dated compatibility records for legacy extension-api, memory registration, provider hook/type aliases, runtime aliases, channel SDK helpers, and approval/test utility shims. Thanks @vincentkoc.
Plugins/CLI: refresh the persisted registry after managed plugin files are removed so ClawHub uninstall cannot leave stale plugins list entries. Thanks @codex.
Plugins/CLI: make plugin install and uninstall config writes conflict-aware, clear stale denylist entries on explicit reinstall/removal, and delete managed plugin files only after config/index commit succeeds. Thanks @codex.
Plugins: fail plugins update when tracked plugin or hook updates error, keep bundled runtime-dependency repair behind restrictive allowlists, and reject package installs with unloadable extension entries. Thanks @codex.
Gateway/chat: keep duplicate attachment-backed chat.send retries with the same idempotency key on the documented in-flight path so aborts still target the real active run. Fixes #70139. Thanks @Feelw00.
Plugins: share package entrypoint resolution between install and discovery, reject mismatched runtimeExtensions, and cache bundled runtime-dependency manifest reads during scans. Thanks @codex.
Onboarding/setup: keep first-run config reads, plugin compatibility notices, and post-model sanity checks on cold metadata paths unless the user chooses to browse all models, avoiding full plugin/runtime catalog work between prompts. Thanks @shakkernerd.
Onboarding/auth: run manifest-owned provider auth choices through scoped setup providers so selecting OpenAI Codex browser/device auth no longer loads every provider runtime before OAuth starts. Thanks @shakkernerd.
Onboarding/auth: keep the post-auth default-model policy lookup on manifest/setup metadata so the next prompt appears without loading broad provider runtime. Thanks @shakkernerd.
Onboarding/models: keep skip-auth and provider-scoped model picker prompts off the full global model catalog path, and cache provider catalog hook resolution so setup no longer stalls after auth on large plugin registries. Thanks @shakkernerd.
Gateway/Bonjour: suppress known @homebridge/ciao cancellation and network assertion failures through scoped process handlers so malformed mDNS packets or restricted VPS networking disable/restart Bonjour instead of crashing the gateway. Fixes #67578. Thanks @zenassist26-create.
Discord: keep late clicks on already-resolved exec approval buttons quiet when elevated mode auto-resolved the request, while still surfacing real approval submission failures. Fixes #66906. Thanks @rlerikse.
Agents/subagents: deliver completed yielded-subagent results back to no-thread requester routes via direct fallback when the dormant parent announce turn produces no visible reply, and add QA-lab coverage for the regression. Thanks @vincentkoc.
Gateway/Tailscale: let Tailscale-authenticated Control UI operator sessions with browser device identity skip the device-pairing round trip while still rejecting device-less and node-role connections. Refs #71986. Thanks @jokedul.
Doctor: honor OPENCLAWSERVICEREPAIR_POLICY=external by reporting gateway service health while skipping service install/start/restart/bootstrap, supervisor rewrites, and legacy service cleanup for externally managed environments. Thanks @shakkernerd.
CLI/update: run package post-update doctor with --fix so package updates repair config migrations before restart. Thanks @shakkernerd.
CLI/update: retry failed npm global updates with --omit=optional and ignore the superseded first failure when the fallback succeeds. Thanks @shakkernerd.
Plugins/uninstall: migrate and reset plugins.slots.contextEngine alongside memory slots when plugin ids change or selected plugins are removed. Thanks @shakkernerd.
Agents/Discord: keep raw Agent failed before reply runner failures out of Discord group/channel chats and show detailed runner errors in direct chats only when /verbose is enabled. Thanks @codex.
UI/Windows: quote resolved pnpm .cmd launcher paths before spawning UI install/build/test commands so Node installs under C:\Program Files no longer fail as C:\Program. Fixes #45275. Thanks @Kobevictor, @stoppieboy, and @iubns.
Codex/agent: translate --thinking minimal to low for modern Codex models (gpt-5.5, gpt-5.4, gpt-5.4-mini, gpt-5.2) at request build time so the first turn is accepted instead of paying a wasted call + retry-with-low fallback. Older Codex models still receive minimal directly. Fixes #71946. Thanks @hclsys.
Plugins/uninstall: remove tracked plugin files from their recorded managed extensions root even when the current state directory points somewhere else, so openclaw plugins uninstall --force does not leave the plugin discoverable. Thanks @shakkernerd.
Agents/runtime: add agentRuntime.id as the canonical config key, migrate legacy runtime-policy configs with openclaw doctor --fix, route canonical Anthropic models through claude-cli without passing CLI backend aliases to embedded harness selection, and load CLI backend owner plugins before channel startup. Fixes #71957. Thanks @WolvenRA.
CLI/update: guard Windows scheduled-task stops by state and timeout so auto-update restart cannot hang indefinitely on schtasks /End before stale-listener cleanup. Fixes #69970. Thanks @yangswld and @sherlock-huang.
Windows install/Lobster: execute pnpm.exe directly when npm_execpath points at the native pnpm binary, add an installed-package fallback for the Lobster embedded runtime, and include the Lobster runner regression test in Windows CI. Fixes #69456. Thanks @igormf.
Gateway/install: refresh loaded gateway service installs when the current service embeds stale gateway auth instead of returning already-installed, avoiding LaunchAgent token-mismatch loops after token rotation. Fixes #70752. Thanks @hyspacex.
Update: ignore bundled plugin .openclaw-install-stage directories during global install verification and packaged dist pruning so leftover runtime-dep staging files do not turn successful updates into unexpected packaged dist file failures. Fixes #71752. Thanks @waynegault.
CLI/update: fail package updates when post-update plugin sync fails and refresh legacy npm plugin install records before trusting unchanged artifacts, preventing successful updates from restarting with stale or failed plugin state. Thanks @vincentkoc and @shakkernerd.
Release/update: reject pre-populated bundled plugin .openclaw-install-stage directories, including mixed-case path variants, before package inventory generation so release tarballs cannot ship poisoned runtime-dependency staging debris. Fixes #71752. Thanks @hclsys.
Node runtime: keep node-host retry timers alive across Gateway restarts and exit on terminal credential pauses so supervised nodes do not become silent zombies. Fixes #69800. Thanks @meroli28.
Gateway/plugins: stop persisted WhatsApp auth state from activating bundled channel runtime-dependency repair during startup when channels.whatsapp is absent, avoiding npm/git stalls on packaged Linux installs. Fixes #71994. Thanks @xiao398008.
Gateway/device tokens: enforce caller-scope containment inside token rotation and revocation so pairing-only sessions cannot mutate higher-scope operator tokens. Fixes #71990. Thanks @coygeek.
Plugins/channels: keep security checks, thread-binding placement, provider summaries, health formatting, and message action labels on read-only or already-loaded channel metadata instead of importing full channel runtime. Thanks @shakkernerd.
Plugins/status: keep config-only channel labels and status security summaries from importing plugin runtime modules just to render metadata. Thanks @shakkernerd.
Sessions/channels: stop group-session metadata from loading bundled channel runtime just to classify #channel subjects, using only already-loaded channel capabilities on that path. Thanks @shakkernerd.
Plugins/channels: keep native command and native skill auto defaults on static channel metadata so config, audit, and command-list checks do not load channel runtime just to read those defaults. Thanks @shakkernerd.
CLI/channels: keep channel remove selection and all-channel capabilities summaries on read-only plugin metadata, loading channel runtime only for the selected mutation path. Thanks @shakkernerd.
CLI/models: keep Provider Index preview rows out of models list --all --provider <id> when the owning provider plugin is disabled, preserving config authority for cold catalog fallbacks. Thanks @shakkernerd.
CLI/model runs: keep openclaw infer model run on explicit OpenRouter models from loading the full provider catalog or inheriting chat-agent silent-reply policy, restoring non-empty one-shot probe output. Fixes #68791. Thanks @limpredator.
Installer/macOS: rerun Homebrew install steps without the gum spinner when raw-mode ioctl failures occur, and avoid claiming node@24 was installed when the Homebrew keg binary is missing. Fixes #70411. Thanks @1fanwang and @dad-io.
Installer: load nvm before Node.js detection so curl | bash installs respect nvm-managed Node instead of stale system Node. Fixes #49556. Thanks @heavenlxj.
Installer/Windows: route PowerShell install failures through a top-level handler so iwr ... | iex returns control to the current shell while direct script-file runs still exit non-zero. Fixes #38054. Thanks @PwrSrg.
CLI/Volta: respawn raw openclaw CLI runs through the named node shim when the current Node executable resolves to volta-shim, avoiding direct shim execution failures in non-interactive shells. Fixes #68672. Thanks @sanchezm86.
Installer: warn when multiple npm global roots contain OpenClaw installs, showing active Node/npm/openclaw plus each install path and version so stale version-manager installs are visible. Fixes #40839. Thanks @zhixianio.
Cron/tasks: recover completed cron task ledger records from durable run logs and job state before marking them lost, reducing false backing session missing audit errors for isolated cron runs and keeping offline CLI audit from treating its empty local cron active-job set as authoritative. Fixes #71963.
Docker: copy patched dependency files into runtime images so downstream pnpm install layers keep working. Fixes #69224. Thanks @gucasbrg.
Package: include patched dependency files in the published npm package so downstream installs can resolve patchedDependencies. (#69224) Thanks @gucasbrg and @vincentkoc.
Plugins/channels: treat malformed bundled channel plugin loaders that return undefined as unavailable instead of crashing config and help paths. Fixes #69044. Thanks @frankhli843 and @vincentkoc.
Scripts/watch: show corrupted dependency package-config recovery guidance when gateway:watch fails during watcher startup, without double-logging unrelated import failures. (#58780) Thanks @roytong9 and @vincentkoc.
Signal: read signal-cli RPC, health checks, and SSE events through Node's HTTP client so Node 24/25 fetch regressions do not break Signal sends or inbound events. Fixes #51716 and #53040. Thanks @Barukimang, @minupla, and @vincentkoc.
Skills/Docker: run npm-backed skill dependency installs with an OpenClaw-managed user prefix so non-root Docker images do not write to /usr/local. Fixes #59601. Thanks @chanjarster and @vincentkoc.
Agents/runtime: submit heartbeat, cron, and exec wakeups as transient runtime context instead of visible user prompts, keeping synthetic system work out of chat transcripts. Fixes #66496 and #66814. Thanks @jeades and @mandomaker.
Telegram: include native quote excerpts automatically for threaded replies and reply tags when the original Telegram text is available, without adding another config knob. Fixes #6975. Thanks @rex05ai.
Node/Linux: make openclaw node install enable and restart the openclaw-node systemd unit instead of the gateway unit on node-only VMs. Fixes #68287. Thanks @dlebee-agent.
Browser/CDP: retry transient raw-CDP WebSocket handshake failures before any browser command is sent, and reconnect stale persistent Playwright CDP sessions for safe tab-list reads without replaying mutating browser actions. Fixes #67728.
Gateway/Linux: retry systemctl --user enable after a second daemon reload when the freshly written gateway unit is not visible yet on migrated systemd installs. Fixes #65184. Thanks @liushuaiiu.
Telegram: preserve exact selected quote text when sending native quote replies, and retry with legacy replies if Telegram rejects quote parameters. (#71952) Thanks @rubencu.
Plugins/CLI: preserve manifest name, description, format, and source metadata in cold openclaw plugins list output without importing plugin runtime. Thanks @shakkernerd.
Security/audit: read channel exposure and plugin allowlist ownership from read-only plugin index metadata so cold audits do not depend on loaded channel runtime. Thanks @shakkernerd.
Plugins/chat: keep /plugins list, /plugins enable, and /plugins disable on the persisted plugin index path so chat plugin management does not load diagnostic/runtime plugin registries before execution. Thanks @shakkernerd.
Plugins/doctor: read workspace plugin status and legacy web-search ownership through installed-index manifest metadata instead of broad manifest registry scans. Thanks @shakkernerd.
CLI/agents: read channel provider status from read-only plugin index metadata for text agents list output instead of the loaded channel registry. Thanks @shakkernerd.
Logging: redact configured secret patterns at console and file-log sink exits so credentials that reach the logger are masked before terminal display or JSONL persistence. Fixes #67953. Thanks @Ziy1-Tan.
Gateway/services: refuse process and service mutations from an older OpenClaw binary when the config was last written by a newer version, preventing split-brain installs from stopping or rewriting newer gateway services. Fixes #57079.
Gateway: reserve /healthz and /readyz ahead of plugin, canvas, and Control UI HTTP stages so liveness/readiness probes still answer when a later route handler stalls. Fixes #69674. Thanks @Xike-Creek.
Logging: load logging.file and redaction settings directly from the active OpenClaw config path in bundled runtimes, so packaged gateways stop falling back to /tmp/openclaw. Fixes #59370, #67168, and #61295. Thanks @KeaneYan, @Pan9hu, and @zsjlovelike.
Logging: rotate file logs at logging.maxFileBytes, keep bounded numbered archives, and make long-lived rolling loggers follow the current-day file instead of suppressing diagnostics or writing stale dated files. Fixes #58583 and #62381. Thanks @jpeghead and @zhaoleink.
Agents/groups: treat clean empty assistant stops as silent NO_REPLY only for always-on groups where silent replies are allowed, while keeping direct and mention-gated sessions on the incomplete-turn retry path. Thanks @MagnaAI.
macOS/Node: keep native remote app nodes from advertising browser.proxy, start browser-capable CLI node services through the restored openclaw node start command, and show an actionable browser-control error when the local control service is missing. Fixes #66637.
Gateway/update: fail package updates when the restarted managed gateway reports the wrong version, including fallback restarts and JSON mode, avoiding false-success mixed-version restarts after macOS LaunchAgent updates. Fixes #71835. Thanks @abhinas90 and @jsompis.
Gateway/update: warn before package updates and bundled plugin runtime-dependency repairs when the target volume appears low on disk space, without blocking installs on best-effort filesystem checks. Fixes #71835. Thanks @abhinas90 and @jsompis.
Plugins/runtime deps: surface activated plugin load failures in health and fail package-update restart verification or doctor repair when bundled runtime deps still cannot load, avoiding false-success repairs. (#71883) Thanks @Solvely-Colin.
Gateway/Linux: include fnm aliases/default/bin in generated service PATHs and let doctor accept either modern fnm aliases or the legacy current/bin symlink, avoiding false PATH repair prompts. Fixes #68169. Thanks @richard-scott.
Installer/Linux: run apt installs with noninteractive dpkg and needrestart settings so fresh Ubuntu 24.04 curl | bash installs do not hang while installing Node.js, Git, or build tools. Fixes #41146. Thanks @iht76, @alexcarv318, @cs3gallery, @firofame, and @cgdusek.
Providers/Bedrock: defer the AWS SDK import until Bedrock discovery actually runs so plugin registration and setup stay lightweight on cold start. Fixes #71690. Thanks @jarvis-ai-gregmoser.
Installer/macOS: stop immediately when Homebrew node@24 installation fails and avoid printing PATH advice for missing Homebrew Node installs. Fixes #70411. Thanks @1fanwang.
WhatsApp: remove ack reactions after a visible reply when messages.removeAckAfterReply is enabled, matching other reaction-capable channels. Fixes #26183. Thanks @MrUnforsaken.
Providers/Z.AI: map OpenClaw thinking controls to Z.AI's thinking payload and add opt-in preserved thinking replay via params.preserveThinking, so GLM 5.x can keep prior reasoning_content when requested. Fixes #58680. Thanks @xuanmingguo.
Channels/status: keep read-only channel lists on manifest and package metadata by default, loading setup runtime only for explicit fallback callers. Thanks @shakkernerd.
Plugins: scope setup and web-provider metadata manifest reads to explicit plugin ids when callers already know the owning plugin set. Thanks @vincentkoc.
Plugins/onboarding: defer onboarding install-record index writes until the guarded config commit so setup failures cannot leave the plugin index ahead of openclaw.json. Thanks @shakkernerd.
Plugins/registry: resolve web provider ownership from the installed plugin index instead of broad manifest scans on secret, tool, and pricing paths. Thanks @shakkernerd.
Config/providers: accept video and audio in configured model input values and preserve them in provider catalog entries. Fixes #20721. Thanks @alvinttang.
Models/auth: honor the parent --agent flag for auth write commands (add, login, setup-token, paste-token, and the GitHub Copilot shortcut) so OAuth/API-key/token results are written to the requested agent store instead of the default agent. Fixes #71864. (#71933) Thanks @balric-seo.
TTS: strip model-emitted TTS directives from streamed block text before channel delivery, including directives split across adjacent blocks, while preserving the accumulated raw reply for final-mode synthesis. Fixes #38937.
TTS: keep explicit provider=... directive keys scoped to that provider and warn on unsupported keys instead of letting another speech provider consume overlapping keys. Fixes #60131.
TTS/Feishu: normalize final-mode streamed TTS-only audio before delivery so generated voice-note files use the same safe media path and native voice routing as normal final replies. Fixes #71920.
Feishu: transcribe inbound voice-note audio with the shared media audio path before agent dispatch and keep raw Feishu file_key payloads out of message text. Fixes #67120 and #61876.
Tasks: terminalize async Gateway agent task records from the Gateway run result while preserving aborted, failed, and cancelled outcomes instead of leaving completed runs stuck as active or lost. (#71905) Thanks @likewen-tech.
WhatsApp: let authorized group voice-note transcripts satisfy mention gating before reply dispatch, while keeping unmentioned transcripts in pending group history. Fixes #44908.
Media understanding: carry channel voice-note preflight state into attachment selection so WhatsApp, Feishu, Telegram, and Discord do not transcribe the same inbound audio twice. Fixes #70580.
TTS/BlueBubbles: deliver compatible auto-TTS audio as iMessage voice memo bubbles instead of plain MP3/CAF file attachments. Fixes #16848.
TTS: resolve voice-note and voice-memo routing from channel plugin capabilities instead of speech-core-owned channel id lists.
ACP: send subagent and async-task completion wakes to external ACP harnesses as plain prompts instead of OpenClaw internal runtime-context envelopes, while keeping those envelopes out of ACP transcripts.
TTS/status: show configured TTS model, voice, and sanitized custom endpoint in /status, preserve OpenAI-compatible TTS instructions on custom endpoints, and retry empty Microsoft/Edge TTS output once. Addresses #46602, #47232, and #43936. Thanks @leekuangtao, @Huntterxx, and @rex993.
Agents/Gateway: steer agent-driven config edits and restarts through the owner-only gateway tool, document config.schema.lookup as the field-doc source, and warn against using gateway stop && gateway start as a restart substitute on macOS. Fixes #71929. Thanks @ygc3817922006-sketch.
Media understanding/audio: inject a deterministic transcript placeholder for too-small voice notes so agents do not hallucinate transcription or provider failures. Fixes #48944. Thanks @eulicesl.
Providers/vLLM: send Nemotron 3 chat-template kwargs when thinking is off and honor configured params.chattemplatekwargs for OpenAI-compatible completions, so vLLM/Nemotron replies stay visible instead of becoming thinking-only. Fixes #71891. Thanks @jmystaki-create and @dennis-lynch.
Channels/replies: strip copied inbound metadata blocks from user-facing assistant replies and model replay history, so Discord/vLLM sessions do not leak Conversation info / UNTRUSTED ... message body envelopes after a model echoes them. Fixes #71847. Thanks @jmystaki-create.
Subagents/memory: keep inter-session completion wakes out of memory and dreaming session exports, and strip internal runtime-context blocks from realtime Control UI chat events.
Agents/Claude: treat zero-token empty stop turns as failed provider output, retry once, repair replay, and allow configured model fallback instead of preserving them as successful silent replies. Fixes #71880. Thanks @MagnaAI.
Tasks: normalize task lifecycle timestamps at create, update, and restore time, and report retained lost tasks as audit warnings until their cleanup window expires. (#71871) Thanks @likewen-tech.
Diagnostics/OTEL: treat normal early model stream cleanup as a completed model call instead of exporting a misleading StreamAbandoned error span. Thanks @vincentkoc.
Gateway/pairing: stop corrupt or unreadable device/node pairing stores from being treated as empty state, preserving paired.json for repair instead of overwriting approved pairings. Fixes #71873. Thanks @iret77.
ACP: keep /acp management commands, plus local /status and /unfocus, on the Gateway path inside ACP-bound threads so they are not consumed as ACP prompt text. Fixes #66298. Thanks @kindomLee.
ACPX: stop probing ACP agents during normal Gateway startup; the embedded backend now registers without spawning Codex/ACP child processes unless OPENCLAWACPXRUNTIMESTARTUPPROBE=1 is explicitly set.
CLI/image edit: accept --size, --aspect-ratio, and --resolution on openclaw infer image edit and report all supported edit flags from capability inspect image.edit. Thanks @Pinghuachiu.
ACP: wait for the configured runtime backend to become healthy before startup identity reconciliation, avoiding transient acpx warnings during Gateway boot. Fixes #40566.
Channels/ACP bindings: time out configured binding readiness checks instead of letting Discord preflight hang forever when an ACP target never settles. Fixes #68776.
Control UI: hide the chat loading skeleton during background history reloads when existing messages or active stream content are already visible, avoiding reload flashes on high-latency local gateways. Fixes #71844. Thanks @WolvenRA.
Control UI: keep locally optimistic chat messages visible when a history reload temporarily returns empty, avoiding lost first-turn messages on high-latency gateways. Fixes #71878. Thanks @WolvenRA.
Control UI: keep chat history limits based on visible messages after filtering heartbeat and control-only transcript rows, so recent hidden entries no longer make older visible replies disappear. Thanks @WolvenRA.
Agents/images: scrub old [media attached: ...], [Image: source: ...], and media://inbound/... markers from pruned model replay context so stale media refs are not rehydrated as fresh prompt images. Fixes #71868. Thanks @jmeadlock.
Docker/Bonjour: disable Bonjour/mDNS advertising by default for bundled Compose gateways on bridge networking, while keeping host/macvlan opt-in with OPENCLAWDISABLEBONJOUR=0. Fixes #71879. Thanks @gbballpack.
CLI/status: label the OpenClaw Serve/Funnel setting as Tailscale exposure and show daemon state separately when available, so gateway.tailscale.mode: "off" no longer reads like the Tailscale daemon is stopped. Fixes #71790. Thanks @pesvobodak.
Plugins/Bonjour: stop ciao mDNS watchdog failures from looping forever when the advertiser stays stuck in probing or announcing; Bonjour now disables itself for the current Gateway process after repeated failed restarts while the Gateway keeps running. Fixes #69011. Thanks @siddharthaagarwalofficial-ux, @FiredMosquito831, and @spikefcz.
Gateway/Fly.io: seed Control UI allowed origins from the actual runtime bind and port so CLI-driven non-loopback starts do not crash before config exists. Fixes #71823.
macOS/remote SSH: keep discovered gateway hosts in gateway.remote.sshTarget while pinning SSH transport URLs to the local loopback tunnel, so browser automation does not regress into blocked non-loopback ws:// endpoints. Fixes #67336.
Gateway/proxy: bootstrap env proxy dispatching from direct Gateway startup so provider and plugin network requests honor HTTPSPROXY/HTTPPROXY before the first embedded agent attempt runs. (#71833) Thanks @mjamiv.
Plugins/runtime deps: verify clean npm installs actually place requested bundled runtime packages in the managed install root, reporting exact missing specs instead of a false successful repair. (#71883) Thanks @Solvely-Colin.
Plugins/discovery: ignore stale plugins.load.paths aliases that point back at packaged bundled plugin directories and have doctor remove them, keeping bundled plugins on the runtime-deps staging path. Thanks @codex.
Models/LM Studio: preserve @iq* quant suffixes in model refs and provider matching so /model lmstudio/...@iq3_xxs keeps the exact LM Studio variant. Fixes #71474. (#71486) Thanks @Bartok9, @XinwuC, and @Sanjays2402.
Matrix/cron: preserve the live Matrix delivery target when creating implicit announce reminder jobs so mixed-case room IDs are not reconstructed from lowercased session keys. Fixes #71798.
Feishu: accept Schema 2.0 card action callbacks that report context.openchatid instead of legacy context.chat_id, so button callbacks no longer drop as malformed. Fixes #71670. Thanks @eddy1068.
Feishu: keep synthetic card-action and bot-menu ids out of platform reply targets, using the real card callback message id when Feishu provides one and plain-sending otherwise. Fixes #71673. Thanks @eddy1068.
Plugins/QQ Bot: prefer an installed QQ Bot plugin that declares it replaces the bundled qqbot channel, preventing duplicate qqbotchannelapi and qqbot_remind tool registration noise. Fixes #63102.
Browser automation: keep stable tab ids and labels attached when Chromium replaces the raw target after form submissions or other action-triggered navigations, and return the replacement targetId from /act when the match is provable. Fixes #46137.
QQ Bot: make qqbot_remind schedule, list, and remove Gateway cron jobs directly for owner-authorized senders instead of returning cronParams and relying on a follow-up generic cron tool call. Fixes #70865. (#70937) Thanks @GaosCode.
Agents/ACP: hide sessions_spawn ACP runtime options unless an ACP backend is loaded, and make /acp doctor call out plugins.allow blocking bundled acpx. Thanks @vincentkoc.
Agents/Codex: keep ACP prompt/skill routing hidden unless an ACP runtime backend is available, and warn in doctor when enabled Codex plugin configs still route openai-codex/* models through PI. Thanks @vincentkoc.
Media delivery: avoid sending generated image attachments twice when the assistant reply already includes explicit MEDIA: lines for the same turn, and reject unsafe remote MEDIA: URLs before delivery. Thanks @pashpashpash.
Codex harness: ignore retryable app-server error notifications after Codex recovers, and preserve the real nested error message for terminal app-server failures instead of replacing it with a generic failure. Thanks @pashpashpash.
Agents/Codex: prepare native Codex sub-agent session metadata without a nested Gateway session patch and add a focused Docker smoke for the app-server sub-agent path. Thanks @vincentkoc.
Agents/subagents: keep queued subagent announces session-only when the requester has no external channel target, avoiding ambiguous multi-channel delivery failures. Fixes #59201. Thanks @larrylhollan.
Image understanding: preserve configured provider-prefixed vision model metadata when callers request the model without the provider prefix, so custom image models keep their input: ["text", "image"] capability. Fixes #33185. Thanks @Kobe9312 and @vincentkoc.
Plugins/install: restore the previous plugin index records if a concurrent config write conflict interrupts install, update, or uninstall metadata commits. Thanks @shakkernerd.
Plugins/install: reject native plugin archives that do not include a valid openclaw.plugin.json, preventing manifestless archives from writing install records that later show missing-manifest diagnostics. Thanks @shakkernerd.
Plugins/uninstall: remove tracked managed plugin install directories even when the persisted install path differs from the default id-derived target, while still refusing deletes outside the managed extensions root. Thanks @shakkernerd.
Plugins/update: restore previous plugin index records if core update or channel setup hits a concurrent config write conflict after plugin metadata changes. Thanks @shakkernerd.
Plugins/onboarding: defer channel/provider plugin install records until the owning config write commits, keeping setup failures from advancing the plugin index ahead of openclaw.json. Thanks @shakkernerd.
Plugins/config: route configure and agent setup writes with pending plugin install records through the plugin index commit helper so provider onboarding metadata is not stripped by plain config writes. Thanks @shakkernerd.
Plugins/channels: merge pending channel plugin install records with the existing plugin index before config writes, preserving unrelated tracked installs during channel setup, resolve, remove, and capability repair flows. Thanks @shakkernerd.
Plugins/config: defer shipped plugins.installs index migration during config writes until the guarded config commit window and roll it back if the config write fails before commit. Thanks @shakkernerd.
Sessions: keep embedded runtime context out of the visible user prompt by sending it as a hidden next-turn custom message, and teach doctor to repair affected 2026.4.24 transcripts with duplicated prompt-rewrite branches. Fixes #71761.
Gateway/subagents: keep direct-loopback backend RPCs authenticated with the shared gateway token/password off stale CLI paired-device scope baselines, so internal calls no longer hit scope-upgrade pairing prompts while remote, browser, node, device-token, and explicit-device paths still require normal pairing approval. Fixes #63548.
Providers/Azure OpenAI: give deployment-scoped image generation requests a longer 600s default timeout so slow gpt-image-2 generations can complete without a per-call timeoutMs. Fixes #71705. Thanks @voytas75.
Gateway/plugins: link source-checkout bundled runtime dependency caches instead of recursively copying node_modules on the gateway main thread, preventing local status, node, and skill probes from timing out during startup cache restores.
Skills/remote nodes: only expose remote macOS skill bins for connected nodes, clear stale bin matches when node probes fail, and include probe command, timeout, bin count, and connection state in timeout logs.
Skills/remote nodes: recognize system.which object-map responses when probing connected macOS nodes, so Linux gateways can expose macOS-only skills such as Apple Notes when the required binaries are installed remotely. Fixes #71877. Thanks @miguelarios.
CLI/gateway: keep diagnostic probes from creating first-time read-only device pairings, while still reusing cached device tokens for detailed read probes. Fixes #71766. Thanks @SunboZ.
CLI/plugins: keep message startup, channels logs, agents delete, and agents set-identity off broad plugin preloading; message delivery still loads plugins when the action actually runs.
Image understanding: resolve configured image models such as local LM Studio vision entries before reporting Unknown model when the discovery registry has not registered that provider. Fixes #66486. Thanks @zhanggpcsu.
QQ Bot: ignore self-echoed bot messages using the outbound ref-index marker, preventing mirrored replies from re-entering the agent loop while still allowing users to quote bot replies. Fixes #71912. Thanks @wangyc6003.
Sessions: separate reset freshness from session-store updatedAt, so heartbeat, cron, exec, and gateway bookkeeping no longer prevent configured daily/idle resets from rolling long-running channel sessions. Fixes #68315, #63732, #63820, and #69083. Thanks @maxatv, @longhairedsi, @bradfreels, and @akessel56.
Sessions: clear queued system-event notices during /new, /reset, gateway sessions.reset, and daily/idle rollover so stale background updates cannot leak into the first prompt of the fresh session. Fixes #66864. Thanks @opeyio, @Magicray1217, and @cedillarack.
CLI/agents: keep agents bind, agents unbind, and agents bindings on setup-safe channel metadata paths so they do not preload bundled plugin runtimes or stage runtime dependencies. Fixes #71743.
Plugins/registry: preserve explicit disabled plugin records during registry migration without persisting every unused bundled plugin discovered on disk. Thanks @shakkernerd.
Windows/native: keep CLI startup and bundled provider plugin loading off Windows ESM raw-path failure paths, fixing native onboarding/install smoke on Node 24.
Plugins/doctor: read bundled channel doctor capabilities through the same packaged plugin directory resolver used by plugin loading, so published installs keep Matrix DM allowlist repairs on channels.matrix.dm.* instead of writing invalid top-level dmPolicy keys. Fixes #71757.
Plugins/Windows: keep bundled plugin Jiti loaders off the native import path on Windows so channel plugins such as Telegram no longer crash with ERRUNSUPPORTEDESMURLSCHEME on C:\... paths. Fixes #71749. Thanks @smeyer9.
Providers/Ollama: use Ollama's current /api/web_search endpoint and honor https://ollama.com model-provider base URLs for Ollama Web Search. Fixes #71741. Thanks @madhvidua.
Memory/Ollama: serialize Ollama memory embedding batches and add an inline batch timeout override, with longer defaults for local/self-hosted embedding providers.
Sessions/usage: exclude compaction checkpoint transcript snapshots from usage totals and session discovery, while keeping old checkpoint files removable.
CLI/agents: keep openclaw agents list --json on the config-only path by default, avoiding bundled plugin loading unless callers request --bindings. Fixes #71739. Thanks @kaloster.
Plugins/install: force plugin dependency installs to stay project-local even when inherited npm config requests global installs, so successful installs still materialize the plugin's staged node_modules.
Providers/Google: transcode Gemini TTS PCM to Opus for voice-note targets so WhatsApp and other native voice-note replies can play as voice messages.
TTS/WhatsApp: mark non-Opus provider output as voice-note intent so channel delivery transcodes MP3/WebM replies to Ogg/Opus PTT audio.
Plugins/runtime deps: reuse existing external bundled-plugin stage roots when mirrored plugin roots are inspected again, avoiding second-generation openclaw-unknown-* stages and repeated first-turn restaging. Fixes #71599.
iOS/macOS Talk Mode: allow talk.speechLocale to set the speech recognition locale for non-English voice conversations. Fixes #44688.
Plugins/providers: honor explicit plugin candidate lists instead of reading a persisted registry snapshot from local state, keeping candidate-scoped provider discovery hermetic.
Plugins/doctor: keep bundled plugin runtime-dependency repairs inside the managed OpenClaw stage even when user npm prefix/global config points npm at $HOME/node_modules. Fixes #71730.
ACP/sessions_spawn: reject normal OpenClaw config agent ids when callers explicitly request runtime="acp", while allowing agents configured with runtime.type="acp" to resolve to their ACP harness id. Fixes #63914.
ACP/sessions_spawn: apply runTimeoutSeconds to ACP child turns and dispatch those turns on the background subagent lane, so quota-stalled ACP harnesses do not occupy the main agent lane indefinitely. Fixes #68823.
ACP/oneshot: reconcile runtime session identity before closing completed oneshot ACP runs, so finished sessions.json entries do not stay stuck with acp.identity.state="pending".
ACPX: bundle acpx@0.6.1 so unsupported generic model overrides fail clearly instead of silently falling back to the target adapter default.
ACP/models: document that non-Codex ACP model overrides require adapter support for ACP models plus session/set_model, so unsupported harnesses fail clearly instead of silently falling back to their defaults.
Plugins/Voice Call: treat missing provider credentials as setup-incomplete during Gateway startup and log the missing keys as a warning instead of a runtime startup error, while keeping explicit command/tool errors when used.
Android/Talk Mode: prevent duplicate TTS playback when fast or repeated final chat events arrive while Talk Mode is waiting for its own response. Fixes #46546.
Tooling/check:changed: pass parent heavy-check lock markers to lint lanes so pnpm check:changed no longer waits on its own lint:extensions child.
CLI/completion: dedupe provider auth flags before registering openclaw onboard options, so completion-cache refresh during update no longer fails when stale core fallback flags overlap plugin manifest flags. Fixes #71667.
Diagnostics/trace: report live context usage from the current prompt snapshot instead of provider turn totals, avoiding false near-full context spikes on cached or tool-heavy runs.
Providers/Google: honor models.providers.google.request.allowPrivateNetwork for Gemini TTS and telephony TTS, matching Google image generation and media understanding. (#71723) Thanks @ro-hansolo.
Providers/MiniMax: register minimax-portal for music and video generation, preserving OAuth auth and regional MiniMax base URLs across the shared musicgenerate and videogenerate tools. (#63241) Thanks @tars90percent.
Providers/onboarding: keep Runway and Alibaba Model Studio out of the text-inference setup picker by scoping their video-generation auth choices to the media setup flow. (#65856) Thanks @Jah-yee.
Plugins/Bonjour: stop the gateway from crash-looping on CIAO PROBING CANCELLED when the mDNS watchdog cancels a stuck probe. Restores the rejection-handler wiring dropped during the bonjour plugin migration and shares unhandled-rejection state across module instances so plugin-staged copies of openclaw/plugin-sdk/runtime register into the same handler set the host consults. Especially affects Docker on macOS, where mDNS probing reliably hits the watchdog. Thanks @troyhitch.
Google Meet: report pinned Chrome nodes as offline or missing capabilities in setup/join diagnostics, keep inaccessible nodes out of auto-selection, and preflight local BlackHole/SoX requirements before agents try local Chrome.
Providers/MiniMax: route image-01 requests to the dedicated image generation endpoint while preserving CN endpoint selection. Fixes #61149. Thanks @mushuiyu886.
Plugins/startup: remove ownerless bundled runtime-dependency install locks after a short grace window and include lock owner details when startup times out waiting for a plugin runtime-deps lock.
Plugins/install: anchor bundled runtime-dependency npm installs with an OpenClaw-owned package manifest so Linux updates cannot accidentally write to a parent $HOME/node_modules tree. Fixes #71730.
Plugins/install: pass onboarding plugin config into plugin index writes so local plugin installs outside default discovery roots keep their install records. Thanks @shakkernerd.
Plugins/install: migrate shipped plugins.installs config records into the plugin index while stripping them from runtime config and future writes. Thanks @shakkernerd.
Plugins/install: durably remove shipped plugins.installs from openclaw.json after its records are copied into the plugin index, while rolling back the index write if config cleanup fails. Thanks @shakkernerd.
Plugins/install: keep migrated plugin install records in the plugin index even when the plugin manifest is missing or invalid, so update, uninstall, inspect, and audit can still recover broken installs. Thanks @shakkernerd.
Plugins/security: keep plugin audit JSON check ids stable while reporting plugin index install-record findings with updated wording. Thanks @shakkernerd.
CLI/config: reject direct plugins.installs edits with guidance to use openclaw plugins install, openclaw plugins update, or openclaw plugins uninstall instead. Thanks @shakkernerd.
Live tests/voice: accept common STT variants for OpenClaw and ElevenLabs brand names so provider smoke tests fail on real regressions rather than equivalent transcripts.
Agents/replies: forward sanitized underlying agent failure details on external channels instead of replacing unknown failures with a generic retry message.
CLI/MCP: translate OpenClaw mcp.servers.*.transport entries into Claude/Gemini CLI type fields so streamable HTTP MCP servers load in CLI backend sessions. (#71724) Thanks @Blockchain-Oracle.
Browser/CDP: honor configured remote and attachOnly CDP HTTP/WebSocket timeouts when opening tabs through raw CDP or /json/new fallback. (#54238) Thanks @FuncWei.
WhatsApp/TTS: send visible text separately from PTT voice-note audio instead of relying on hidden voice-note captions. Fixes #51081.
Browser/client: avoid telling agents to restart OpenClaw for dispatcher timeouts on external browser profiles such as attachOnly, remote CDP, and existing-session. (#40815) Thanks @0xsline.
Agents/TTS: preserve [[audioasvoice]] directives on trusted text tool-result MEDIA: payloads so generated audio still delivers as a voice note. (#46535) Thanks @azade-c.
Agents/TTS: keep queued tool media when an assistant ends with NO_REPLY on non-block delivery paths, so media-only generated audio replies still send. (#60025) Thanks @bradlind1.
Telegram/STT: frame inbound voice-note transcripts as machine-generated, untrusted text in agent context while preserving raw transcript mention detection. Closes #33360. Thanks @smartchainark.
Subagents/browser: show an actionable /tools notice when browser automation is configured but filtered out by the active tool profile, and document that coding-profile agents should use tools.alsoAllow: ["browser"] rather than subagent allowlists alone.
Control UI/Quick Settings: persist the assistant avatar override to browser local storage (mirroring the user avatar) so uploaded image data URLs no longer fail config validation with "Too big: expected string to have <=200 characters". Also lift the gateway-side ui.assistant.avatar length cap to match the user avatar size budget for non-UI clients writing the field directly. Thanks @BunsDev.
Plugin SDK: share diagnostic event subscriptions across duplicate source/dist module graphs so legacy root SDK imports still receive runtime diagnostic events.
Agents/Bedrock: prevent empty assistant stream-error turns from poisoning Converse replay by persisting, repairing, and replaying a non-empty fallback block. Fixes #71572. (#71627) Thanks @openperf.
Agents/Anthropic/Bedrock: strip thinking blocks with missing, empty, or blank replay signatures before provider conversion, falling back to non-empty omitted-reasoning text when needed so corrupted signed-thinking history no longer poisons subsequent turns. Fixes #45010. (#70054) Thanks @castaples.
Agents/Anthropic/Bedrock: preserve stripped thinking-only assistant replay turns with non-empty omitted-reasoning text so provider adapters keep strict user/assistant turn shape. Thanks @wujiaming88.
ACP/Codex: pass sessions_spawn(runtime="acp") model and thinking overrides into Codex ACP startup, normalize openai-codex/* refs and slash reasoning suffixes, and recognize managed Codex ACP wrapper commands without blocking current gpt-5.5 sessions. Fixes #40393. (#71643) Thanks @91wan.
Browser/CDP: make readiness diagnostics use the same discovery-first fallback as reachability for bare ws:// Browserless and Browserbase CDP URLs. Fixes #69532.
Browser/CDP: explain that loopback Browserless or other externally managed CDP services need attachOnly: true and matching Browserless EXTERNAL endpoint when reporting local port ownership conflicts, and fall back to the configured bare WebSocket root when a discovered Browserless endpoint rejects CDP. Fixes #49815.
Gateway/reload: preserve indefinite gateway.reload.deferralTimeoutMs: 0 semantics for channel hot reload deferrals so active agent runs are not interrupted by a forced channel restart. (#71637) Thanks @Poo-Squirry.
Agents/tool results: cap persisted Pi tool-result details and strip hidden diagnostics before provider conversion, preventing large debug payloads from bloating session transcripts. (#71637) Thanks @Poo-Squirry.
ACP/OpenCode: update the bundled acpx runtime to 0.6.0 and cover the OpenCode ACP bind path in Docker live tests.
Providers/OpenCode Go: add DeepSeek V4 Pro and DeepSeek V4 Flash to the Go catalog while the bundled Pi registry catches up. Fixes #71587.
Providers/OpenCode Go: route DeepSeek V4 Pro/Flash through the OpenAI-compatible Go endpoint and suppress invalid reasoning_effort: "off" payloads, fixing tool-enabled requests for opencode-go/deepseek-v4-flash. Fixes #71683.
Plugins/model defaults: run Skill Workshop review, Active Memory recall, and session-memory slug generation on the configured agent default model instead of the hardcoded OpenAI SDK fallback when hook context lacks model metadata. Fixes #71659.
Providers/Venice: fill the required DeepSeek V4 reasoning_content placeholder for venice/deepseek-v4-pro and venice/deepseek-v4-flash replay turns without sending native DeepSeek thinking controls that Venice rejects. Fixes #71628.
Browser/existing-session: support per-profile Chrome MCP command/args, map cdpUrl to --browserUrl or --wsEndpoint, and avoid combining endpoint flags with --userDataDir. Fixes #47879, #48037, and #62706. Thanks @puneet1409, @zhehao, and @madkow1001.
Media/plugins: bound MIME sniffing and ZIP archive preflight before handing untrusted files to file-type or jszip, reducing parser CPU and memory exposure for attachments and ClawHub plugin archives. Thanks @vincentkoc.
Memory-host SDK: use trusted env-proxy mode for remote embedding and batch HTTP calls only when Undici will proxy that target, preserving SSRF DNS pinning for ALLPROXY-only and NOPROXY bypass cases. Fixes #52162. (#71506) Thanks @DhtIsCoding.
Gateway/dashboard: render Control UI and WebSocket links with https:///wss:// when gateway.tls.enabled=true, including openclaw gateway status. Fixes #71494. (#71499) Thanks @deepkilo.
Agents/OpenAI-compatible: default proxy/local completions tool requests to tool_choice: "auto" when tools are present, so providers enter native tool-calling mode instead of replying with plain-text tool directives. (#71472) Thanks @Speed-maker.
OpenAI image generation: use gpt-5.5 for the Codex OAuth responses transport instead of the retired gpt-5.4 model, fixing 500s from ChatGPT Codex image generation. Fixes #71513. Thanks @baolongl.
OpenAI image generation: route transparent-background default-model requests to gpt-image-1.5, document the expected image_generate call shape, and keep Azure/custom OpenAI-compatible deployment names untouched.
Google video generation: download direct MLDev Veo video.uri results instead of passing them through the Files API path, fixing 404s after successful generation/polling. Fixes #71200. Thanks @panhaishan.
Google video generation: fall back to the REST predictLongRunning Veo endpoint for text-only SDK 404s while keeping reference image/video generation on the SDK path. Fixes #62309 and #63008. (#62343) Thanks @leoleedev.
MiniMax music generation: switch the bundled default model from the unsupported music-2.5+ id to the current music-2.6 API model. Fixes #64870 and addresses the music default from #62315. Thanks @noahclanman and @edwardzheng1.
Cron: record jobs interrupted by a gateway restart as failed at their original runningAtMs, skip unsafe startup replay, and disable interrupted one-shot jobs so they show a visible failure instead of silently disappearing or duplicating work. Fixes #59056, #61343, #63657, and #59301. Thanks @ponchoooPenguin, @daemic24, @myradon, and @hikiwibot.
Cron tool: recover flat top-level schedule shorthand such as cron, tz, and staggerMs before gateway validation, so model-generated cron add/update calls preserve cron jitter settings. Thanks @tyxben.
Cron: hydrate flat legacy job rows with top-level cron, tz, session, and message fields into canonical schedule, target, and payload objects before startup recomputes run times. Fixes #43351.
Agents/replies: let pending group chat history trigger bare mentioned turns without treating metadata-only inbound context as user input. Fixes #71489. (#71520) Thanks @SymbolStar.
Google media generation: strip a configured trailing /v1beta from Google music/video provider base URLs before calling the Google GenAI SDK, preventing doubled /v1beta/v1beta paths. Fixes #63240. (#63258) Thanks @Hybirdss.
Discord: restore direct-message voice-note preflight transcription and classify URL-only Ogg/Opus voice attachments as audio while skipping partial attachments without usable URLs. Fixes #61314 and #64803.
Plugins/build: copy bundled plugin skill trees into dist-runtime, broaden Windows symlink-copy fallbacks, and fingerprint runtime dependencies from lstat so symlink-like directory entries cannot crash staging.
Google Chat: preserve reply text when a typing indicator message is deleted or can no longer be updated, so media captions and first text chunks are resent instead of silently disappearing. (#71498) Thanks @colin-lgtm.
Cron: tolerate malformed legacy job rows in startup, main-session system-event payloads, and human-readable cron list output so missing state, payload.text, or display fields no longer crash the scheduler or CLI. Fixes #66016, #65916, #64137, #57872, #59968, #63813, #52804, and #43163. (#71509) Thanks @vincentkoc.
CLI/models: make openclaw models scan fall back to public OpenRouter free-model metadata when no OPENROUTERAPIKEY is configured, avoid config secret resolution for explicit --no-probe scans, and apply the scan timeout to the OpenRouter catalog request.
Feishu: keep streaming cards to one live card per turn, flush throttled card edits after meaningful text boundaries, and skip exact block/partial repeats so tool-heavy replies do not duplicate card output. Thanks @allan0509.
Feishu: finish the streaming-card duplicate closeout by stripping leaked reasoning tags, preserving cross-block partial snapshots, enabling topic-thread streaming cards, omitting the generic main card header, surfacing transient tool/compaction status, and cleaning streaming state after close failures. Thanks @sesame437, @Vicky-v7, @maoku-family, @Pengxiao-Wang, and @Maple778.
Telegram: recover incomplete partial-stream previews by falling back to a final send when an ambiguous final edit failure would otherwise retain a strict prefix of the answer. Fixes #71525. (#71554) Thanks @sahilsatralkar.
Control UI/chat: collapse assistant token/model context details behind an explicit Context disclosure and show full dates in message footers, making historical transcript timing clear without noisy default metadata. (#71337) Thanks @BunsDev.
OpenAI/Codex OAuth: explain unsupportedcountryregion_territory token-exchange failures with a proxy/region hint instead of surfacing a generic OAuth error. Fixes #51175. (#71501) Thanks @vincentkoc and @wulala-xjj.
Browser/Linux: fall back to headless mode for local managed profiles on hosts without a display server, while preserving explicit per-profile headed overrides and reporting the headless source. (#60953) Thanks @rrpsantos.
Telegram: remove the startup persisted-offset getUpdates preflight so polling restarts do not self-conflict before the runner starts. Fixes #69304. (#69779) Thanks @chinar-amrutkar.
Telegram: keep the polling stall watchdog active even when grammY reports the runner as not running while its task is still pending, so a rebuilt transport cannot leave getUpdates silent until a manual gateway restart. Fixes #69064. Thanks @LDLoeb.
Subagents: fall back to direct completion delivery when the parent announce turn finishes without a visible payload, so child results still reach channel-backed requester sessions.
Subagents: tell parent agents to use sessions_yield while waiting for child completion events, preventing GPT-5 fast runs from ending silently after spawning workers.
Browser/Playwright: ignore benign already-handled route races during guarded navigation so browser-page tasks no longer fail when Playwright tears down a route mid-flight. (#68708) Thanks @Steady-ai.
Browser/CLI: lazy-load browser command groups and plugin runtime services so openclaw browser --help can render without loading the full browser automation stack. Fixes #65400. (#65460, #66640) Thanks @pandego and @Tianworld.
Browser/CLI: serve precomputed openclaw browser --help text from CLI startup metadata, avoiding the full plugin/config startup path for the common help invocation.
Browser/downloads: seed managed Chrome profiles with OpenClaw download prefs and capture unmanaged click-triggered downloads under the guarded downloads directory, while explicit download waiters still own their target file. (#64558) Thanks @Pearcekieser.
Browser/Chrome: stop passing redundant --disable-setuid-sandbox when browser.noSandbox is enabled; --no-sandbox remains the effective sandbox opt-out. (#67939) Thanks @sebykrueger.
Browser/client: stop telling agents to permanently avoid the browser after transient timeout or cancellation failures; keep the no-retry hint for persistent unavailable/rate-limit cases. (#46505) Thanks @jriff.
Browser/aria snapshots: bind format=aria axN refs to live DOM nodes through backend DOM ids when Playwright is available, so follow-up browser actions can use those refs without timing out. (#62434) Thanks @MrKipler.
Telegram: prevent duplicate in-process long pollers for the same bot token and add clearer getUpdates conflict diagnostics for external duplicate pollers. Fixes #56230. Thanks @Co-Messi.
Browser/Linux: detect Chromium-based installs under /opt/google, /opt/brave.com, /usr/lib/chromium, and /usr/lib/chromium-browser before asking users to set browser.executablePath. (#48563) Thanks @lupuletic.
Sessions/browser: close tracked browser tabs when idle, daily, /new, or /reset session rollover archives the previous transcript, preventing tabs from leaking past the old session. Thanks @jakozloski.
Sessions/forking: fall back to transcript-estimated parent token counts when cached totals are stale or missing, so oversized thread forks start fresh instead of cloning the full parent transcript. Thanks @jalehman.
OpenAI/Codex: send Codex Responses system prompts through top-level instructions while preserving the existing native Codex payload controls.
MCP/CLI: retire bundled MCP runtimes at the end of one-shot openclaw agent and openclaw infer model run gateway/local executions, so repeated scripted runs do not accumulate stdio MCP child processes. Fixes #71457. Thanks @spartoviMD.
OpenAI/Codex image generation: canonicalize legacy openai-codex.baseUrl values such as https://chatgpt.com/backend-api to the Codex Responses backend before calling gpt-image-2, matching the chat transport. Fixes #71460. Thanks @GodsBoy.
Control UI: make /usage use the fresh context snapshot for context percentage, and include cache-write tokens in the Usage overview cache-hit denominator. Fixes #47885. Thanks @imwyvern and @Ante042.
GitHub Copilot: preserve encrypted Responses reasoning item IDs during replay so Copilot can validate encrypted reasoning payloads across requests. (#71448) Thanks @a410979729-sys.
GitHub Copilot: never rewrite connection-bound reasoning item IDs regardless of whether encryptedcontent is present, fixing a 400 "Encrypted content itemid did not match" error with gpt-5.3-codex and future Codex models that fall through to the forward-compat catch-all with reasoning: false. Also recognize Codex-named models as reasoning-capable so they inherit the correct capability flags. Refs #68735. Thanks @InvalidPandaa.
Agents/replies: recover final-answer text when streamed assistant chunks contain only whitespace, preventing completed turns from surfacing as empty-payload errors. Fixes #71454. (#71467) Thanks @Sanjays2402.
Feishu/TTS: transcode voice-intent MP3 and other audio replies to Ogg/Opus before sending native Feishu audio bubbles, while keeping ordinary MP3 attachments as files. Fixes #61249 and #37868. Thanks @sg1416-zg and @ycjlb2023-peteryi.
WhatsApp/TTS: transcode MP3/WebM audio, including Microsoft Edge TTS output, to Ogg/Opus before sending PTT voice notes.
QQBot/TTS: honor plain audioAsVoice replies by synthesizing TTS to native QQ voice messages, and mark inbound voice-only messages as audio media without exposing raw voice paths to generic media context.
Providers/SenseAudio: add bundled SenseAudio batch audio transcription through tools.media.audio with SENSEAUDIOAPIKEY auth. (#66943) Thanks @Fl0rencess720.
Providers/MiniMax: let TTS use MiniMax portal OAuth and Token Plan credentials before falling back to MINIMAXAPIKEY, and include current TTS HD model ids. Fixes #55017. Thanks @zx15210404690-hash.
Telegram/webhook: acknowledge validated webhook updates before running bot middleware, keeping slow agent turns from tripping Telegram delivery retries while preserving per-chat processing lanes. Fixes #71392. Thanks @joelforsberg46-source.
MCP/config reload: hot-apply mcp.* changes by disposing cached session MCP runtimes, and dispose bundled MCP runtimes during gateway shutdown so removed mcp.servers entries reap child processes promptly. Fixes #60656. Thanks @xieyuanqing.
Active Memory: keep silent recall sub-agent billing/auth failures out of shared auth-profile cooldown state, so a Claude CLI extra-usage rejection cannot disable normal Claude-backed turns. Fixes #71284. (#71539) Thanks @vishutdhar and @obviyus.
Auth/Claude CLI: sync refreshed Claude CLI OAuth credentials into the managed auth profile so long-running Claude CLI runs stop falling back to stale OpenClaw snapshots. (#70902) Thanks @starvex.
Sessions: make sessions_spawn(mode="session") errors name usable alternatives when the current channel cannot bind subagent threads. Fixes #67400. (#67790) Thanks @stainlu.
Agents/Claude CLI: pass the OpenClaw system prompt through Claude's prompt-file flag so Windows runs avoid argv length failures without changing system prompt semantics. Fixes #69158. (#69211) Thanks @skylee-01, @cassioanorte, @Syu0, and @Stache73.
Agents/CLI sessions: bind google-gemini-cli session auth-epoch to the Google account identity in ~/.gemini/oauth_creds.json, so Gemini-backed agents resume their conversation after gateway restart instead of minting a fresh session, and stale bindings are invalidated when the authenticated Google account changes. Fixes #70973. (#71076) Thanks @openperf.
Slack: stop treating user mentions in assistant-authored message edit blocks as sender attribution, preventing edited bot messages from spoofing a mentioned DM user. (#71700) Thanks @vincentkoc.
Codex: consume unauthorized bound conversation inbound claims before they can fall through to other claim handlers or enqueue Codex turns. (#71702) Thanks @vincentkoc.
Codex media understanding: require approval-checked app-server image turns while explicitly declining tool, file, permission, and elicitation approval requests for the bounded image worker. (#71703) Thanks @vincentkoc.
Agents/Claude CLI: allow large live stream-json JSONL lines up to the existing per-turn raw limit, preventing large Telegram, WebChat, MCP, and image turns from aborting on the old stdout buffer cap. Fixes #71793, #71080, and #70766. (#71897) Thanks @chacher86, @shivamgrover21, and @tpjordan.
Agents/Claude CLI: unwrap nested Claude result envelopes in CLI JSON output so delegated agent responses surface as final text instead of raw result JSON. (#66819) Thanks @mraleko.
Agents/Claude CLI: apply the configured 1M context window override to eligible Claude CLI Opus and Sonnet models when context1m is enabled. (#70863) Thanks @bidadh.
Models/status: report fresh Claude CLI native auth instead of stale stored anthropic:claude-cli profile expiry when local credentials are current. Fixes #71256. (#71332) Thanks @matthiasjanke and @neeravmakwana.
CLI backends: compact OpenClaw transcripts after over-budget CLI turns and reseed fresh CLI sessions from the compacted transcript instead of stale external resume state. Fixes #68329. (#71916) Thanks @obviyus.
Telegram: keep default tool progress messages visible when answer preview streaming is disabled. (#71825) Thanks @VACInc.
Configure/models: clear deselected model fallbacks when updating the model picker allowlist, including provider-scoped setup flows. (#71596) Thanks @rubencu.
Agents/streaming: strip namespaced <antml:thinking> reasoning tags from streamed assistant replies before user-visible text is emitted. (#69288) Thanks @xialonglee.

v2026.4.25-beta.3 pre BREAKING [Apr 26, 2026] (4d ago) details → github →

# openclaw 2026.4.25-beta.3

2026.4.25

Highlights

Voice replies get a full TTS upgrade: /tts latest, chat-scoped auto-TTS controls, personas, per-agent/per-account overrides, and new Azure Speech, Xiaomi, Local CLI, Inworld, Volcengine, and ElevenLabs v3 provider coverage. Thanks @leonchui, @zoujiejun, @solar2ain, @cshape, @xuruiray, @itsuzef, and @barronlroth.
Plugin startup and install paths move to the cold persisted registry, cutting broad manifest scans while making plugin update, repair, provider discovery, and install metadata more deterministic. Thanks @vincentkoc and @shakkernerd.
OpenTelemetry coverage expands across model calls, token usage, tool loops, harness runs, exec processes, outbound delivery, context assembly, and memory pressure with bounded low-cardinality attributes. Thanks @vincentkoc, @jlapenna, @Lidang-Jiang, and @oc-factus.
Browser automation gets safer tab URLs, iframe-aware role snapshots, CDP readiness tuning, headless one-shot launch, and deeper browser doctor probes for slow hosts. Thanks @beat843796 and @BenediktSchackenberg.
Control UI and setup flows add PWA/Web Push support, Crestodian first-run repair, TUI setup, context mode selection, and a shorter startup greeting. Thanks @eduardocruz, @SebTardif, and @kevinlin-openai.
Install/update hardening covers Windows, macOS, Linux, Docker, bundled plugin runtime deps, Node service restarts, LaunchAgent token rotation, and mixed-version gateway verification. Thanks @Kobevictor, @igormf, @abhinas90, @jsompis, @Solvely-Colin, and @gucasbrg.

Changes

TTS/WhatsApp: add /tts latest read-aloud support with duplicate suppression and /tts chat on|off|default session-scoped auto-TTS overrides, completing the on-demand voice-note UX for current-chat replies. Fixes #66032.
TTS/channels: resolve channel and account TTS overrides generically, enabling Feishu and QQBot accounts to deep-merge channels.<channel>.accounts.<id>.tts over global and per-agent TTS config. Thanks @sahilsatralkar.
TTS/agents: allow agents.list[].tts to override global messages.tts for per-agent voices, and make /tts audio, /tts status, and the tts agent tool honor the active voice/provider override while keeping shared provider credentials and preferences in the existing TTS config surface.
Providers/Azure Speech: add Azure Speech as a bundled TTS provider with Speech-resource auth, voice listing, SSML escaping, native Ogg/Opus voice-note output, and telephony output. (#51776) Thanks @leonchui.
Google Meet: add calendar-backed attendance export workflows, export manifests, dry-run previews, and tool parity for meeting records.
Control UI: add PWA install support and Web Push notifications for Gateway chat. (#44590) Thanks @eduardocruz.
Browser automation: add safe tab URLs in agent responses plus a CDP-native role snapshot fallback with iframe-aware refs, cursor-clickable detection, target attach preparation, and openclaw browser doctor --deep live snapshot probing.
CLI/image generation: expose generic --background on openclaw infer image generate and openclaw infer image edit, keep --openai-background as an OpenAI alias, and let fal image generation honor --output-format png|jpeg.
Browser/config: allow local managed Chrome launch discovery and post-launch CDP readiness timeouts to be raised for slower hosts such as Raspberry Pi. Fixes #66803. Thanks @beat843796.
Discord: allow channels.discord.voice.model to override the LLM used for voice channel responses while keeping STT and TTS on their existing media settings. (#64368) Thanks @mrdavey.
Browser/CLI: add openclaw browser start --headless as a one-shot local managed browser launch override without rewriting persisted browser config. Thanks @BenediktSchackenberg.
CLI/Crestodian/TUI: add the first-run setup helper, local planner fallback, full-TUI interactive Crestodian, startup progress indicators, context mode selector, and a shorter startup greeting. (#71720, #71760) Thanks @SebTardif and @kevinlin-openai.
Plugins: migrate the local plugin registry automatically during package install/update, keeping install metadata in the plugin index while indexing existing plugin manifests for the new cold registry path. Thanks @vincentkoc and @shakkernerd.
Plugins/doctor: make openclaw doctor --fix refresh the plugin index and cold registry index when needed without treating plugin install records as authored config. Thanks @vincentkoc and @shakkernerd.
Plugins/hooks: add before-agent-finalize hooks, cron jobId hook context, bounded native permission fingerprints, and Codex MCP hook relay support. (#71765, #71758, #71707) Thanks @vincentkoc and @pashpashpash.
Plugins/tokenjuice: bump the bundled tokenjuice runtime to 0.6.3. Thanks @vincentkoc.
Diagnostics/OTEL: align model-call GenAI span attributes with OpenTelemetry stability opt-in semantics, keeping legacy genai.system by default while emitting genai.provider.name under OTELSEMCONVSTABILITYOPTIN=genailatest_experimental. Thanks @vincentkoc.
Diagnostics/OTEL: support signal-specific OTLP endpoint overrides for traces, metrics, and logs via config or standard OTEL environment variables. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded telemetry exporter health diagnostics for startup and log-export failures without exporting raw error text. Thanks @vincentkoc.
Diagnostics/OTEL: export agent harness lifecycle telemetry as bounded openclaw.harness.run spans and openclaw.harness.duration_ms metrics so QA-lab, Codex, and future harnesses share one trace shape. Thanks @vincentkoc.
Diagnostics/trace: propagate W3C traceparent headers from trusted model-call trace context to provider transports while replacing caller-supplied traceparent values. Thanks @vincentkoc.
Diagnostics/Prometheus: add a bundled diagnostics-prometheus plugin with a protected gateway scrape route for low-cardinality diagnostics metrics. Thanks @vincentkoc.
Plugins/CLI: add openclaw plugins registry for explicit persisted-registry inspection and --refresh repair without making normal startup rescan plugin locations. Thanks @vincentkoc.
Plugins/CLI: make openclaw plugins list read the cold persisted registry snapshot by default, leaving module-aware diagnostics to plugins doctor and plugins inspect. Thanks @vincentkoc.
Plugins/startup: move gateway startup plugin planning onto the versioned cold registry index, with postinstall repair for older registry files that predate startup metadata. Thanks @vincentkoc.
Plugins/startup: normalize startup and provider plugin enablement through registry aliases so boot paths do not need the legacy manifest alias scan. Thanks @vincentkoc.
Providers/plugins: resolve provider ownership, provider discovery scopes, and catalog-hook provider ids from the cold plugin registry instead of rescanning manifests on those paths. Thanks @vincentkoc.
Plugins/registry: keep installed plugin index records focused on install/state/load paths and resolve plugin capabilities from manifests scoped to indexed plugins. Thanks @shakkernerd.
Plugins/registry: route cold manifest and capability lookups through the installed plugin index so setup, channels, config, secrets, doctor, and provider metadata paths avoid broad plugin-root scans before runtime execution. Thanks @shakkernerd.
CLI/models: speed up models list --all --provider <id> for static manifest-backed providers by loading catalog rows through the installed plugin index instead of broad manifest scans or runtime suppression hooks. Thanks @shakkernerd.
CLI/models: use OpenClaw Provider Index preview rows as the final cold fallback for installable providers, while keeping user config, installed manifests, and refreshed cache rows above provider-index metadata. Thanks @vincentkoc.
Providers/plugins: keep onboarding and auth-choice setup lists on cold manifest/install metadata and add Provider Index install metadata for not-yet-installed provider plugins. Thanks @vincentkoc.
Providers/plugins: keep provider setup guidance and configure auth imports on cold manifest metadata, with a regression guard against static provider-runtime imports on setup/configure list paths. Thanks @vincentkoc.
CLI/capabilities: keep capability command registration from importing the models auth runtime until model auth login actually runs. Thanks @vincentkoc.
CLI/configure: keep web-search configure prompts on cold plugin registry metadata until the user chooses managed search setup. Thanks @vincentkoc.
Plugins/chat commands: refresh the persisted plugin registry after /plugins enable and /plugins disable, matching the CLI mutation path. Thanks @vincentkoc.
Plugins/compat: mark OPENCLAWDISABLEPERSISTEDPLUGINREGISTRY as a deprecated break-glass switch and point operators at registry repair instead. Thanks @vincentkoc.
Plugins/compat: expand the central compatibility registry with dated owners, replacements, and maximum three-month removal targets for legacy SDK, manifest, setup, registry-migration, and agent-runtime surfaces. Thanks @vincentkoc.
Plugins/registry: ignore stale persisted registry reads when plugin policy no longer matches current config, and stamp generated registry files with a do-not-edit warning. Thanks @vincentkoc.
Config/plugins: keep plugin command-alias validation on cold manifest metadata instead of importing the runtime alias resolver. Thanks @vincentkoc.
Security/plugins: keep web-search credential presence checks on cold config, env, and manifest metadata instead of importing web-search provider runtime. Thanks @vincentkoc.
Diagnostics/OTEL: surface provider request identifiers as bounded hashes on model-call diagnostics and span events, without exporting raw request IDs or metric labels. Thanks @Lidang-Jiang and @vincentkoc.
Plugins/diagnostics: add metadata-only modelcallstarted and modelcallended hooks for provider/model call telemetry without exposing prompts, responses, headers, request bodies, or raw provider request IDs. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded context assembly diagnostics and export openclaw.context.assembled spans with prompt/history sizes but no prompt, history, response, or session-key content. Thanks @vincentkoc.
Diagnostics/OTEL: export existing tool-loop diagnostics as openclaw.tool.loop counters and spans without loop messages, session identifiers, params, or tool output. Thanks @vincentkoc.
Diagnostics/OTEL: export diagnostic memory samples and pressure as bounded memory histograms, counters, and pressure spans to help spot leak regressions without session or payload data. Thanks @vincentkoc.
Diagnostics/OTEL: add the GenAI gen_ai.client.token.usage histogram for input/output model usage while keeping session identifiers and aggregate cache counters out of the semantic metric. Thanks @vincentkoc.
Diagnostics/OTEL: add a bounded openclaw.agent label to OpenClaw token metrics so per-agent Grafana dashboards can group usage without exporting session identifiers. Thanks @oc-factus.
Plugins/install: consolidate managed plugin install metadata into the state-managed plugin index at plugins/installs.json, replacing the temporary plugins/installed-index.json path and removing plugins.installs as an authored config surface. Thanks @vincentkoc and @shakkernerd.
Diagnostics/OTEL: add the GenAI gen_ai.client.operation.duration histogram for model-call latency in seconds with bounded provider/model/API and error attributes. Thanks @vincentkoc.
Diagnostics/OTEL: add GenAI usage token attributes to model-usage spans, including cache read/write input token counts without session identifiers or prompt/response content. Thanks @vincentkoc.
Diagnostics/OTEL: include bounded GenAI operation, provider, and request-model attributes on model-usage spans so token usage remains self-describing without diagnostic identifiers. Thanks @vincentkoc.
Diagnostics/OTEL: keep model-usage span GenAI provider attributes aligned with the existing semantic-convention opt-in policy, using legacy gen_ai.system unless latest experimental GenAI conventions are enabled. Thanks @vincentkoc.
Diagnostics/OTEL: keep gen_ai.request.model present on GenAI token usage metrics with a bounded unknown fallback when model usage events do not include a model. Thanks @vincentkoc.
Docs/OTEL: document the GenAI token and model-call duration metrics, model-usage span attributes, and OTELSEMCONVSTABILITYOPTIN=genailatest_experimental provider-attribute behavior. Thanks @vincentkoc.
Docs: refresh the MCP, model provider, doctor, troubleshooting, BlueBubbles, media generation, TTS, subagents, skills, cron/tasks, exec approvals, and voice-call guides with structured Steps, Tabs, and Accordion content.
Diagnostics/trace: add an internal traceparent propagation helper that only formats trusted dispatcher metadata, keeping plugin-emitted diagnostic traces out of outbound propagation by default. Thanks @vincentkoc.
Diagnostics/OTEL: add bounded outbound message delivery lifecycle diagnostics and export them as low-cardinality delivery spans/metrics without message body, recipient, room, or media-path data. (#71471) Thanks @vincentkoc and @jlapenna.
Diagnostics/OTEL: emit bounded exec-process diagnostics and export them as openclaw.exec spans without exposing command text, working directories, or container identifiers. (#71451) Thanks @vincentkoc and @jlapenna.
Diagnostics/OTEL: support OPENCLAWOTELPRELOADED=1 so the plugin can reuse an already-registered OpenTelemetry SDK while keeping OpenClaw diagnostic listeners wired. (#71450) Thanks @vincentkoc and @jlapenna.
Providers/Xiaomi: add MiMo TTS as a bundled speech provider with MP3/WAV output and voice-note Opus transcoding. Fixes #52376. (#55614) Thanks @zoujiejun.
Providers/ElevenLabs: include eleven_v3 in the bundled TTS model catalog so model selection surfaces can offer ElevenLabs v3. (#68321) Thanks @itsuzef.
Providers/Local CLI TTS: add a bundled local command speech provider with file/stdout input, voice-note Opus conversion, and telephony PCM output. (#56239) Thanks @solar2ain.
Providers/Inworld: add Inworld as a bundled speech provider with streaming TTS synthesis, voice listing, voice-note output, and PCM telephony output. (#55972) Thanks @cshape.
Providers/Volcengine: add Volcengine/BytePlus Seed Speech as a bundled TTS provider with API-key auth, native Ogg/Opus voice-note output, and MP3 audio-file output. (#55641) Thanks @xuruiray.
Android/Talk Mode: expose Talk Mode in the Voice tab with runtime-owned voice capture modes and microphone foreground-service escalation. Thanks @alex-latitude.
Providers/LiteLLM: register litellm as an image-generation provider so image_generate model=litellm/... calls and agents.defaults.imageGenerationModel.fallbacks entries resolve through the LiteLLM proxy. Thanks @zqchris.
Providers/fal: add Seedance 2.0 reference-to-video models with multi-image, video, and audio reference input mapping plus model-specific capability limits for video_generate. Thanks @shivanker.
Codex harness: require Codex app-server 0.125.0 or newer and cover native MCP PreToolUse, PostToolUse, and PermissionRequest payloads through the OpenClaw hook relay.
Agents/Codex: teach prompts and agents_list to surface native Codex app-server availability so agents prefer /codex ... over Codex ACP unless ACP/acpx is explicit. Thanks @vincentkoc.
ACPX/Droid: add Factory Droid to the live ACP bind Docker matrix, including .factory settings staging, FACTORYAPIKEY forwarding, and the single-agent test:docker:live-acp-bind:droid recipe.
TTS/personas: add provider-aware TTS personas with deterministic provider binding merges, /tts persona controls, gateway/CLI persona state, Google Gemini audio-profile-v1 prompt wrapping, and OpenAI instruction mapping. (#70748) Thanks @barronlroth.
Voice Wake: add trigger-based routing so macOS voice wake phrases can select a configured agent or session target, with Gateway routing APIs and node update events. (#30354) Thanks @longbiaochen.

Fixes

Plugins/CLI: let flag-driven openclaw channels add install the selected channel plugin from its default source without opening an interactive prompt, fixing published npm Telegram setup in stdin-closed automation. Thanks @codex.
Plugins/startup: load the default memory-core slot during Gateway startup when permitted so active-memory recall can call memorysearch and memoryget without requiring an explicit plugins.slots.memory entry, while preserving plugins.slots.memory: "none". Thanks @codex.
Plugins/CLI: prefer native require for compiled bundled plugin JavaScript before jiti so read-only config, status, device, and node commands avoid unnecessary transform overhead on slow hosts. Fixes #62842. Thanks @Effet.
Plugins/compat: inventory doctor-side deprecation migrations separately from runtime plugin compatibility so release sweeps preserve needed repairs while enforcing dated removal windows. Thanks @vincentkoc.
Plugins/compat: add missing dated compatibility records for legacy extension-api, memory registration, provider hook/type aliases, runtime aliases, channel SDK helpers, and approval/test utility shims. Thanks @vincentkoc.
Plugins/CLI: refresh the persisted registry after managed plugin files are removed so ClawHub uninstall cannot leave stale plugins list entries. Thanks @codex.
Plugins/CLI: make plugin install and uninstall config writes conflict-aware, clear stale denylist entries on explicit reinstall/removal, and delete managed plugin files only after config/index commit succeeds. Thanks @codex.
Plugins: fail plugins update when tracked plugin or hook updates error, keep bundled runtime-dependency repair behind restrictive allowlists, and reject package installs with unloadable extension entries. Thanks @codex.
Gateway/chat: keep duplicate attachment-backed chat.send retries with the same idempotency key on the documented in-flight path so aborts still target the real active run. Fixes #70139. Thanks @Feelw00.
Plugins: share package entrypoint resolution between install and discovery, reject mismatched runtimeExtensions, and cache bundled runtime-dependency manifest reads during scans. Thanks @codex.
Onboarding/setup: keep first-run config reads, plugin compatibility notices, and post-model sanity checks on cold metadata paths unless the user chooses to browse all models, avoiding full plugin/runtime catalog work between prompts. Thanks @shakkernerd.
Onboarding/auth: run manifest-owned provider auth choices through scoped setup providers so selecting OpenAI Codex browser/device auth no longer loads every provider runtime before OAuth starts. Thanks @shakkernerd.
Onboarding/auth: keep the post-auth default-model policy lookup on manifest/setup metadata so the next prompt appears without loading broad provider runtime. Thanks @shakkernerd.
Onboarding/models: keep skip-auth and provider-scoped model picker prompts off the full global model catalog path, and cache provider catalog hook resolution so setup no longer stalls after auth on large plugin registries. Thanks @shakkernerd.
Gateway/Bonjour: suppress known @homebridge/ciao cancellation and network assertion failures through scoped process handlers so malformed mDNS packets or restricted VPS networking disable/restart Bonjour instead of crashing the gateway. Fixes #67578. Thanks @zenassist26-create.
Discord: keep late clicks on already-resolved exec approval buttons quiet when elevated mode auto-resolved the request, while still surfacing real approval submission failures. Fixes #66906. Thanks @rlerikse.
Agents/subagents: deliver completed yielded-subagent results back to no-thread requester routes via direct fallback when the dormant parent announce turn produces no visible reply, and add QA-lab coverage for the regression. Thanks @vincentkoc.
Gateway/Tailscale: let Tailscale-authenticated Control UI operator sessions with browser device identity skip the device-pairing round trip while still rejecting device-less and node-role connections. Refs #71986. Thanks @jokedul.
Doctor: honor OPENCLAWSERVICEREPAIR_POLICY=external by reporting gateway service health while skipping service install/start/restart/bootstrap, supervisor rewrites, and legacy service cleanup for externally managed environments. Thanks @shakkernerd.
CLI/update: run package post-update doctor with --fix so package updates repair config migrations before restart. Thanks @shakkernerd.
CLI/update: retry failed npm global updates with --omit=optional and ignore the superseded first failure when the fallback succeeds. Thanks @shakkernerd.
Plugins/uninstall: migrate and reset plugins.slots.contextEngine alongside memory slots when plugin ids change or selected plugins are removed. Thanks @shakkernerd.
Agents/Discord: keep raw Agent failed before reply runner failures out of Discord group/channel chats and show detailed runner errors in direct chats only when /verbose is enabled. Thanks @codex.
UI/Windows: quote resolved pnpm .cmd launcher paths before spawning UI install/build/test commands so Node installs under C:\Program Files no longer fail as C:\Program. Fixes #45275. Thanks @Kobevictor, @stoppieboy, and @iubns.
Codex/agent: translate --thinking minimal to low for modern Codex models (gpt-5.5, gpt-5.4, gpt-5.4-mini, gpt-5.2) at request build time so the first turn is accepted instead of paying a wasted call + retry-with-low fallback. Older Codex models still receive minimal directly. Fixes #71946. Thanks @hclsys.
Plugins/uninstall: remove tracked plugin files from their recorded managed extensions root even when the current state directory points somewhere else, so openclaw plugins uninstall --force does not leave the plugin discoverable. Thanks @shakkernerd.
Agents/runtime: add agentRuntime.id as the canonical config key, migrate legacy runtime-policy configs with openclaw doctor --fix, route canonical Anthropic models through claude-cli without passing CLI backend aliases to embedded harness selection, and load CLI backend owner plugins before channel startup. Fixes #71957. Thanks @WolvenRA.
CLI/update: guard Windows scheduled-task stops by state and timeout so auto-update restart cannot hang indefinitely on schtasks /End before stale-listener cleanup. Fixes #69970. Thanks @yangswld and @sherlock-huang.
Windows install/Lobster: execute pnpm.exe directly when npm_execpath points at the native pnpm binary, add an installed-package fallback for the Lobster embedded runtime, and include the Lobster runner regression test in Windows CI. Fixes #69456. Thanks @igormf.
Gateway/install: refresh loaded gateway service installs when the current service embeds stale gateway auth instead of returning already-installed, avoiding LaunchAgent token-mismatch loops after token rotation. Fixes #70752. Thanks @hyspacex.
Update: ignore bundled plugin .openclaw-install-stage directories during global install verification and packaged dist pruning so leftover runtime-dep staging files do not turn successful updates into unexpected packaged dist file failures. Fixes #71752. Thanks @waynegault.
CLI/update: fail package updates when post-update plugin sync fails and refresh legacy npm plugin install records before trusting unchanged artifacts, preventing successful updates from restarting with stale or failed plugin state. Thanks @vincentkoc and @shakkernerd.
Release/update: reject pre-populated bundled plugin .openclaw-install-stage directories, including mixed-case path variants, before package inventory generation so release tarballs cannot ship poisoned runtime-dependency staging debris. Fixes #71752. Thanks @hclsys.
Node runtime: keep node-host retry timers alive across Gateway restarts and exit on terminal credential pauses so supervised nodes do not become silent zombies. Fixes #69800. Thanks @meroli28.
Gateway/plugins: stop persisted WhatsApp auth state from activating bundled channel runtime-dependency repair during startup when channels.whatsapp is absent, avoiding npm/git stalls on packaged Linux installs. Fixes #71994. Thanks @xiao398008.
Gateway/device tokens: enforce caller-scope containment inside token rotation and revocation so pairing-only sessions cannot mutate higher-scope operator tokens. Fixes #71990. Thanks @coygeek.
Plugins/channels: keep security checks, thread-binding placement, provider summaries, health formatting, and message action labels on read-only or already-loaded channel metadata instead of importing full channel runtime. Thanks @shakkernerd.
Plugins/status: keep config-only channel labels and status security summaries from importing plugin runtime modules just to render metadata. Thanks @shakkernerd.
Sessions/channels: stop group-session metadata from loading bundled channel runtime just to classify #channel subjects, using only already-loaded channel capabilities on that path. Thanks @shakkernerd.
Plugins/channels: keep native command and native skill auto defaults on static channel metadata so config, audit, and command-list checks do not load channel runtime just to read those defaults. Thanks @shakkernerd.
CLI/channels: keep channel remove selection and all-channel capabilities summaries on read-only plugin metadata, loading channel runtime only for the selected mutation path. Thanks @shakkernerd.
CLI/models: keep Provider Index preview rows out of models list --all --provider <id> when the owning provider plugin is disabled, preserving config authority for cold catalog fallbacks. Thanks @shakkernerd.
CLI/model runs: keep openclaw infer model run on explicit OpenRouter models from loading the full provider catalog or inheriting chat-agent silent-reply policy, restoring non-empty one-shot probe output. Fixes #68791. Thanks @limpredator.
Installer/macOS: rerun Homebrew install steps without the gum spinner when raw-mode ioctl failures occur, and avoid claiming node@24 was installed when the Homebrew keg binary is missing. Fixes #70411. Thanks @1fanwang and @dad-io.
Installer: load nvm before Node.js detection so curl | bash installs respect nvm-managed Node instead of stale system Node. Fixes #49556. Thanks @heavenlxj.
Installer/Windows: route PowerShell install failures through a top-level handler so iwr ... | iex returns control to the current shell while direct script-file runs still exit non-zero. Fixes #38054. Thanks @PwrSrg.
CLI/Volta: respawn raw openclaw CLI runs through the named node shim when the current Node executable resolves to volta-shim, avoiding direct shim execution failures in non-interactive shells. Fixes #68672. Thanks @sanchezm86.
Installer: warn when multiple npm global roots contain OpenClaw installs, showing active Node/npm/openclaw plus each install path and version so stale version-manager installs are visible. Fixes #40839. Thanks @zhixianio.
Cron/tasks: recover completed cron task ledger records from durable run logs and job state before marking them lost, reducing false backing session missing audit errors for isolated cron runs and keeping offline CLI audit from treating its empty local cron active-job set as authoritative. Fixes #71963.
Docker: copy patched dependency files into runtime images so downstream pnpm install layers keep working. Fixes #69224. Thanks @gucasbrg.
Package: include patched dependency files in the published npm package so downstream installs can resolve patchedDependencies. (#69224) Thanks @gucasbrg and @vincentkoc.
Plugins/channels: treat malformed bundled channel plugin loaders that return undefined as unavailable instead of crashing config and help paths. Fixes #69044. Thanks @frankhli843 and @vincentkoc.
Scripts/watch: show corrupted dependency package-config recovery guidance when gateway:watch fails during watcher startup, without double-logging unrelated import failures. (#58780) Thanks @roytong9 and @vincentkoc.
Signal: read signal-cli RPC, health checks, and SSE events through Node's HTTP client so Node 24/25 fetch regressions do not break Signal sends or inbound events. Fixes #51716 and #53040. Thanks @Barukimang, @minupla, and @vincentkoc.
Skills/Docker: run npm-backed skill dependency installs with an OpenClaw-managed user prefix so non-root Docker images do not write to /usr/local. Fixes #59601. Thanks @chanjarster and @vincentkoc.
Agents/runtime: submit heartbeat, cron, and exec wakeups as transient runtime context instead of visible user prompts, keeping synthetic system work out of chat transcripts. Fixes #66496 and #66814. Thanks @jeades and @mandomaker.
Telegram: include native quote excerpts automatically for threaded replies and reply tags when the original Telegram text is available, without adding another config knob. Fixes #6975. Thanks @rex05ai.
Node/Linux: make openclaw node install enable and restart the openclaw-node systemd unit instead of the gateway unit on node-only VMs. Fixes #68287. Thanks @dlebee-agent.
Browser/CDP: retry transient raw-CDP WebSocket handshake failures before any browser command is sent, and reconnect stale persistent Playwright CDP sessions for safe tab-list reads without replaying mutating browser actions. Fixes #67728.
Gateway/Linux: retry systemctl --user enable after a second daemon reload when the freshly written gateway unit is not visible yet on migrated systemd installs. Fixes #65184. Thanks @liushuaiiu.
Telegram: preserve exact selected quote text when sending native quote replies, and retry with legacy replies if Telegram rejects quote parameters. (#71952) Thanks @rubencu.
Plugins/CLI: preserve manifest name, description, format, and source metadata in cold openclaw plugins list output without importing plugin runtime. Thanks @shakkernerd.
Security/audit: read channel exposure and plugin allowlist ownership from read-only plugin index metadata so cold audits do not depend on loaded channel runtime. Thanks @shakkernerd.
Plugins/chat: keep /plugins list, /plugins enable, and /plugins disable on the persisted plugin index path so chat plugin management does not load diagnostic/runtime plugin registries before execution. Thanks @shakkernerd.
Plugins/doctor: read workspace plugin status and legacy web-search ownership through installed-index manifest metadata instead of broad manifest registry scans. Thanks @shakkernerd.
CLI/agents: read channel provider status from read-only plugin index metadata for text agents list output instead of the loaded channel registry. Thanks @shakkernerd.
Logging: redact configured secret patterns at console and file-log sink exits so credentials that reach the logger are masked before terminal display or JSONL persistence. Fixes #67953. Thanks @Ziy1-Tan.
Gateway/services: refuse process and service mutations from an older OpenClaw binary when the config was last written by a newer version, preventing split-brain installs from stopping or rewriting newer gateway services. Fixes #57079.
Gateway: reserve /healthz and /readyz ahead of plugin, canvas, and Control UI HTTP stages so liveness/readiness probes still answer when a later route handler stalls. Fixes #69674. Thanks @Xike-Creek.
Logging: load logging.file and redaction settings directly from the active OpenClaw config path in bundled runtimes, so packaged gateways stop falling back to /tmp/openclaw. Fixes #59370, #67168, and #61295. Thanks @KeaneYan, @Pan9hu, and @zsjlovelike.
Logging: rotate file logs at logging.maxFileBytes, keep bounded numbered archives, and make long-lived rolling loggers follow the current-day file instead of suppressing diagnostics or writing stale dated files. Fixes #58583 and #62381. Thanks @jpeghead and @zhaoleink.
Agents/groups: treat clean empty assistant stops as silent NO_REPLY only for always-on groups where silent replies are allowed, while keeping direct and mention-gated sessions on the incomplete-turn retry path. Thanks @MagnaAI.
macOS/Node: keep native remote app nodes from advertising browser.proxy, start browser-capable CLI node services through the restored openclaw node start command, and show an actionable browser-control error when the local control service is missing. Fixes #66637.
Gateway/update: fail package updates when the restarted managed gateway reports the wrong version, including fallback restarts and JSON mode, avoiding false-success mixed-version restarts after macOS LaunchAgent updates. Fixes #71835. Thanks @abhinas90 and @jsompis.
Gateway/update: warn before package updates and bundled plugin runtime-dependency repairs when the target volume appears low on disk space, without blocking installs on best-effort filesystem checks. Fixes #71835. Thanks @abhinas90 and @jsompis.
Plugins/runtime deps: surface activated plugin load failures in health and fail package-update restart verification or doctor repair when bundled runtime deps still cannot load, avoiding false-success repairs. (#71883) Thanks @Solvely-Colin.
Gateway/Linux: include fnm aliases/default/bin in generated service PATHs and let doctor accept either modern fnm aliases or the legacy current/bin symlink, avoiding false PATH repair prompts. Fixes #68169. Thanks @richard-scott.
Installer/Linux: run apt installs with noninteractive dpkg and needrestart settings so fresh Ubuntu 24.04 curl | bash installs do not hang while installing Node.js, Git, or build tools. Fixes #41146. Thanks @iht76, @alexcarv318, @cs3gallery, @firofame, and @cgdusek.
Providers/Bedrock: defer the AWS SDK import until Bedrock discovery actually runs so plugin registration and setup stay lightweight on cold start. Fixes #71690. Thanks @jarvis-ai-gregmoser.
Installer/macOS: stop immediately when Homebrew node@24 installation fails and avoid printing PATH advice for missing Homebrew Node installs. Fixes #70411. Thanks @1fanwang.
WhatsApp: remove ack reactions after a visible reply when messages.removeAckAfterReply is enabled, matching other reaction-capable channels. Fixes #26183. Thanks @MrUnforsaken.
Providers/Z.AI: map OpenClaw thinking controls to Z.AI's thinking payload and add opt-in preserved thinking replay via params.preserveThinking, so GLM 5.x can keep prior reasoning_content when requested. Fixes #58680. Thanks @xuanmingguo.
Channels/status: keep read-only channel lists on manifest and package metadata by default, loading setup runtime only for explicit fallback callers. Thanks @shakkernerd.
Plugins: scope setup and web-provider metadata manifest reads to explicit plugin ids when callers already know the owning plugin set. Thanks @vincentkoc.
Plugins/onboarding: defer onboarding install-record index writes until the guarded config commit so setup failures cannot leave the plugin index ahead of openclaw.json. Thanks @shakkernerd.
Plugins/registry: resolve web provider ownership from the installed plugin index instead of broad manifest scans on secret, tool, and pricing paths. Thanks @shakkernerd.
Config/providers: accept video and audio in configured model input values and preserve them in provider catalog entries. Fixes #20721. Thanks @alvinttang.
Models/auth: honor the parent --agent flag for auth write commands (add, login, setup-token, paste-token, and the GitHub Copilot shortcut) so OAuth/API-key/token results are written to the requested agent store instead of the default agent. Fixes #71864. (#71933) Thanks @balric-seo.
TTS: strip model-emitted TTS directives from streamed block text before channel delivery, including directives split across adjacent blocks, while preserving the accumulated raw reply for final-mode synthesis. Fixes #38937.
TTS: keep explicit provider=... directive keys scoped to that provider and warn on unsupported keys instead of letting another speech provider consume overlapping keys. Fixes #60131.
TTS/Feishu: normalize final-mode streamed TTS-only audio before delivery so generated voice-note files use the same safe media path and native voice routing as normal final replies. Fixes #71920.
Feishu: transcribe inbound voice-note audio with the shared media audio path before agent dispatch and keep raw Feishu file_key payloads out of message text. Fixes #67120 and #61876.
Tasks: terminalize async Gateway agent task records from the Gateway run result while preserving aborted, failed, and cancelled outcomes instead of leaving completed runs stuck as active or lost. (#71905) Thanks @likewen-tech.
WhatsApp: let authorized group voice-note transcripts satisfy mention gating before reply dispatch, while keeping unmentioned transcripts in pending group history. Fixes #44908.
Media understanding: carry channel voice-note preflight state into attachment selection so WhatsApp, Feishu, Telegram, and Discord do not transcribe the same inbound audio twice. Fixes #70580.
TTS/BlueBubbles: deliver compatible auto-TTS audio as iMessage voice memo bubbles instead of plain MP3/CAF file attachments. Fixes #16848.
TTS: resolve voice-note and voice-memo routing from channel plugin capabilities instead of speech-core-owned channel id lists.
ACP: send subagent and async-task completion wakes to external ACP harnesses as plain prompts instead of OpenClaw internal runtime-context envelopes, while keeping those envelopes out of ACP transcripts.
TTS/status: show configured TTS model, voice, and sanitized custom endpoint in /status, preserve OpenAI-compatible TTS instructions on custom endpoints, and retry empty Microsoft/Edge TTS output once. Addresses #46602, #47232, and #43936. Thanks @leekuangtao, @Huntterxx, and @rex993.
Agents/Gateway: steer agent-driven config edits and restarts through the owner-only gateway tool, document config.schema.lookup as the field-doc source, and warn against using gateway stop && gateway start as a restart substitute on macOS. Fixes #71929. Thanks @ygc3817922006-sketch.
Media understanding/audio: inject a deterministic transcript placeholder for too-small voice notes so agents do not hallucinate transcription or provider failures. Fixes #48944. Thanks @eulicesl.
Providers/vLLM: send Nemotron 3 chat-template kwargs when thinking is off and honor configured params.chattemplatekwargs for OpenAI-compatible completions, so vLLM/Nemotron replies stay visible instead of becoming thinking-only. Fixes #71891. Thanks @jmystaki-create and @dennis-lynch.
Channels/replies: strip copied inbound metadata blocks from user-facing assistant replies and model replay history, so Discord/vLLM sessions do not leak Conversation info / UNTRUSTED ... message body envelopes after a model echoes them. Fixes #71847. Thanks @jmystaki-create.
Subagents/memory: keep inter-session completion wakes out of memory and dreaming session exports, and strip internal runtime-context blocks from realtime Control UI chat events.
Agents/Claude: treat zero-token empty stop turns as failed provider output, retry once, repair replay, and allow configured model fallback instead of preserving them as successful silent replies. Fixes #71880. Thanks @MagnaAI.
Tasks: normalize task lifecycle timestamps at create, update, and restore time, and report retained lost tasks as audit warnings until their cleanup window expires. (#71871) Thanks @likewen-tech.
Diagnostics/OTEL: treat normal early model stream cleanup as a completed model call instead of exporting a misleading StreamAbandoned error span. Thanks @vincentkoc.
Gateway/pairing: stop corrupt or unreadable device/node pairing stores from being treated as empty state, preserving paired.json for repair instead of overwriting approved pairings. Fixes #71873. Thanks @iret77.
ACP: keep /acp management commands, plus local /status and /unfocus, on the Gateway path inside ACP-bound threads so they are not consumed as ACP prompt text. Fixes #66298. Thanks @kindomLee.
ACPX: stop probing ACP agents during normal Gateway startup; the embedded backend now registers without spawning Codex/ACP child processes unless OPENCLAWACPXRUNTIMESTARTUPPROBE=1 is explicitly set.
CLI/image edit: accept --size, --aspect-ratio, and --resolution on openclaw infer image edit and report all supported edit flags from capability inspect image.edit. Thanks @Pinghuachiu.
ACP: wait for the configured runtime backend to become healthy before startup identity reconciliation, avoiding transient acpx warnings during Gateway boot. Fixes #40566.
Channels/ACP bindings: time out configured binding readiness checks instead of letting Discord preflight hang forever when an ACP target never settles. Fixes #68776.
Control UI: hide the chat loading skeleton during background history reloads when existing messages or active stream content are already visible, avoiding reload flashes on high-latency local gateways. Fixes #71844. Thanks @WolvenRA.
Control UI: keep locally optimistic chat messages visible when a history reload temporarily returns empty, avoiding lost first-turn messages on high-latency gateways. Fixes #71878. Thanks @WolvenRA.
Control UI: keep chat history limits based on visible messages after filtering heartbeat and control-only transcript rows, so recent hidden entries no longer make older visible replies disappear. Thanks @WolvenRA.
Agents/images: scrub old [media attached: ...], [Image: source: ...], and media://inbound/... markers from pruned model replay context so stale media refs are not rehydrated as fresh prompt images. Fixes #71868. Thanks @jmeadlock.
Docker/Bonjour: disable Bonjour/mDNS advertising by default for bundled Compose gateways on bridge networking, while keeping host/macvlan opt-in with OPENCLAWDISABLEBONJOUR=0. Fixes #71879. Thanks @gbballpack.
CLI/status: label the OpenClaw Serve/Funnel setting as Tailscale exposure and show daemon state separately when available, so gateway.tailscale.mode: "off" no longer reads like the Tailscale daemon is stopped. Fixes #71790. Thanks @pesvobodak.
Plugins/Bonjour: stop ciao mDNS watchdog failures from looping forever when the advertiser stays stuck in probing or announcing; Bonjour now disables itself for the current Gateway process after repeated failed restarts while the Gateway keeps running. Fixes #69011. Thanks @siddharthaagarwalofficial-ux, @FiredMosquito831, and @spikefcz.
Gateway/Fly.io: seed Control UI allowed origins from the actual runtime bind and port so CLI-driven non-loopback starts do not crash before config exists. Fixes #71823.
macOS/remote SSH: keep discovered gateway hosts in gateway.remote.sshTarget while pinning SSH transport URLs to the local loopback tunnel, so browser automation does not regress into blocked non-loopback ws:// endpoints. Fixes #67336.
Gateway/proxy: bootstrap env proxy dispatching from direct Gateway startup so provider and plugin network requests honor HTTPSPROXY/HTTPPROXY before the first embedded agent attempt runs. (#71833) Thanks @mjamiv.
Plugins/runtime deps: verify clean npm installs actually place requested bundled runtime packages in the managed install root, reporting exact missing specs instead of a false successful repair. (#71883) Thanks @Solvely-Colin.
Plugins/discovery: ignore stale plugins.load.paths aliases that point back at packaged bundled plugin directories and have doctor remove them, keeping bundled plugins on the runtime-deps staging path. Thanks @codex.
Models/LM Studio: preserve @iq* quant suffixes in model refs and provider matching so /model lmstudio/...@iq3_xxs keeps the exact LM Studio variant. Fixes #71474. (#71486) Thanks @Bartok9, @XinwuC, and @Sanjays2402.
Matrix/cron: preserve the live Matrix delivery target when creating implicit announce reminder jobs so mixed-case room IDs are not reconstructed from lowercased session keys. Fixes #71798.
Feishu: accept Schema 2.0 card action callbacks that report context.openchatid instead of legacy context.chat_id, so button callbacks no longer drop as malformed. Fixes #71670. Thanks @eddy1068.
Feishu: keep synthetic card-action and bot-menu ids out of platform reply targets, using the real card callback message id when Feishu provides one and plain-sending otherwise. Fixes #71673. Thanks @eddy1068.
Plugins/QQ Bot: prefer an installed QQ Bot plugin that declares it replaces the bundled qqbot channel, preventing duplicate qqbotchannelapi and qqbot_remind tool registration noise. Fixes #63102.
Browser automation: keep stable tab ids and labels attached when Chromium replaces the raw target after form submissions or other action-triggered navigations, and return the replacement targetId from /act when the match is provable. Fixes #46137.
QQ Bot: make qqbot_remind schedule, list, and remove Gateway cron jobs directly for owner-authorized senders instead of returning cronParams and relying on a follow-up generic cron tool call. Fixes #70865. (#70937) Thanks @GaosCode.
Agents/ACP: hide sessions_spawn ACP runtime options unless an ACP backend is loaded, and make /acp doctor call out plugins.allow blocking bundled acpx. Thanks @vincentkoc.
Agents/Codex: keep ACP prompt/skill routing hidden unless an ACP runtime backend is available, and warn in doctor when enabled Codex plugin configs still route openai-codex/* models through PI. Thanks @vincentkoc.
Media delivery: avoid sending generated image attachments twice when the assistant reply already includes explicit MEDIA: lines for the same turn, and reject unsafe remote MEDIA: URLs before delivery. Thanks @pashpashpash.
Codex harness: ignore retryable app-server error notifications after Codex recovers, and preserve the real nested error message for terminal app-server failures instead of replacing it with a generic failure. Thanks @pashpashpash.
Agents/Codex: prepare native Codex sub-agent session metadata without a nested Gateway session patch and add a focused Docker smoke for the app-server sub-agent path. Thanks @vincentkoc.
Agents/subagents: keep queued subagent announces session-only when the requester has no external channel target, avoiding ambiguous multi-channel delivery failures. Fixes #59201. Thanks @larrylhollan.
Image understanding: preserve configured provider-prefixed vision model metadata when callers request the model without the provider prefix, so custom image models keep their input: ["text", "image"] capability. Fixes #33185. Thanks @Kobe9312 and @vincentkoc.
Plugins/install: restore the previous plugin index records if a concurrent config write conflict interrupts install, update, or uninstall metadata commits. Thanks @shakkernerd.
Plugins/install: reject native plugin archives that do not include a valid openclaw.plugin.json, preventing manifestless archives from writing install records that later show missing-manifest diagnostics. Thanks @shakkernerd.
Plugins/uninstall: remove tracked managed plugin install directories even when the persisted install path differs from the default id-derived target, while still refusing deletes outside the managed extensions root. Thanks @shakkernerd.
Plugins/update: restore previous plugin index records if core update or channel setup hits a concurrent config write conflict after plugin metadata changes. Thanks @shakkernerd.
Plugins/onboarding: defer channel/provider plugin install records until the owning config write commits, keeping setup failures from advancing the plugin index ahead of openclaw.json. Thanks @shakkernerd.
Plugins/config: route configure and agent setup writes with pending plugin install records through the plugin index commit helper so provider onboarding metadata is not stripped by plain config writes. Thanks @shakkernerd.
Plugins/channels: merge pending channel plugin install records with the existing plugin index before config writes, preserving unrelated tracked installs during channel setup, resolve, remove, and capability repair flows. Thanks @shakkernerd.
Plugins/config: defer shipped plugins.installs index migration during config writes until the guarded config commit window and roll it back if the config write fails before commit. Thanks @shakkernerd.
Sessions: keep embedded runtime context out of the visible user prompt by sending it as a hidden next-turn custom message, and teach doctor to repair affected 2026.4.24 transcripts with duplicated prompt-rewrite branches. Fixes #71761.
Gateway/subagents: keep direct-loopback backend RPCs authenticated with the shared gateway token/password off stale CLI paired-device scope baselines, so internal calls no longer hit scope-upgrade pairing prompts while remote, browser, node, device-token, and explicit-device paths still require normal pairing approval. Fixes #63548.
Providers/Azure OpenAI: give deployment-scoped image generation requests a longer 600s default timeout so slow gpt-image-2 generations can complete without a per-call timeoutMs. Fixes #71705. Thanks @voytas75.
Gateway/plugins: link source-checkout bundled runtime dependency caches instead of recursively copying node_modules on the gateway main thread, preventing local status, node, and skill probes from timing out during startup cache restores.
Skills/remote nodes: only expose remote macOS skill bins for connected nodes, clear stale bin matches when node probes fail, and include probe command, timeout, bin count, and connection state in timeout logs.
Skills/remote nodes: recognize system.which object-map responses when probing connected macOS nodes, so Linux gateways can expose macOS-only skills such as Apple Notes when the required binaries are installed remotely. Fixes #71877. Thanks @miguelarios.
CLI/gateway: keep diagnostic probes from creating first-time read-only device pairings, while still reusing cached device tokens for detailed read probes. Fixes #71766. Thanks @SunboZ.
CLI/plugins: keep message startup, channels logs, agents delete, and agents set-identity off broad plugin preloading; message delivery still loads plugins when the action actually runs.
Image understanding: resolve configured image models such as local LM Studio vision entries before reporting Unknown model when the discovery registry has not registered that provider. Fixes #66486. Thanks @zhanggpcsu.
QQ Bot: ignore self-echoed bot messages using the outbound ref-index marker, preventing mirrored replies from re-entering the agent loop while still allowing users to quote bot replies. Fixes #71912. Thanks @wangyc6003.
Sessions: separate reset freshness from session-store updatedAt, so heartbeat, cron, exec, and gateway bookkeeping no longer prevent configured daily/idle resets from rolling long-running channel sessions. Fixes #68315, #63732, #63820, and #69083. Thanks @maxatv, @longhairedsi, @bradfreels, and @akessel56.
Sessions: clear queued system-event notices during /new, /reset, gateway sessions.reset, and daily/idle rollover so stale background updates cannot leak into the first prompt of the fresh session. Fixes #66864. Thanks @opeyio, @Magicray1217, and @cedillarack.
CLI/agents: keep agents bind, agents unbind, and agents bindings on setup-safe channel metadata paths so they do not preload bundled plugin runtimes or stage runtime dependencies. Fixes #71743.
Plugins/registry: preserve explicit disabled plugin records during registry migration without persisting every unused bundled plugin discovered on disk. Thanks @shakkernerd.
Windows/native: keep CLI startup and bundled provider plugin loading off Windows ESM raw-path failure paths, fixing native onboarding/install smoke on Node 24.
Plugins/doctor: read bundled channel doctor capabilities through the same packaged plugin directory resolver used by plugin loading, so published installs keep Matrix DM allowlist repairs on channels.matrix.dm.* instead of writing invalid top-level dmPolicy keys. Fixes #71757.
Plugins/Windows: keep bundled plugin Jiti loaders off the native import path on Windows so channel plugins such as Telegram no longer crash with ERRUNSUPPORTEDESMURLSCHEME on C:\... paths. Fixes #71749. Thanks @smeyer9.
Providers/Ollama: use Ollama's current /api/web_search endpoint and honor https://ollama.com model-provider base URLs for Ollama Web Search. Fixes #71741. Thanks @madhvidua.
Memory/Ollama: serialize Ollama memory embedding batches and add an inline batch timeout override, with longer defaults for local/self-hosted embedding providers.
Sessions/usage: exclude compaction checkpoint transcript snapshots from usage totals and session discovery, while keeping old checkpoint files removable.
CLI/agents: keep openclaw agents list --json on the config-only path by default, avoiding bundled plugin loading unless callers request --bindings. Fixes #71739. Thanks @kaloster.
Plugins/install: force plugin dependency installs to stay project-local even when inherited npm config requests global installs, so successful installs still materialize the plugin's staged node_modules.
Providers/Google: transcode Gemini TTS PCM to Opus for voice-note targets so WhatsApp and other native voice-note replies can play as voice messages.
TTS/WhatsApp: mark non-Opus provider output as voice-note intent so channel delivery transcodes MP3/WebM replies to Ogg/Opus PTT audio.
Plugins/runtime deps: reuse existing external bundled-plugin stage roots when mirrored plugin roots are inspected again, avoiding second-generation openclaw-unknown-* stages and repeated first-turn restaging. Fixes #71599.
iOS/macOS Talk Mode: allow talk.speechLocale to set the speech recognition locale for non-English voice conversations. Fixes #44688.
Plugins/providers: honor explicit plugin candidate lists instead of reading a persisted registry snapshot from local state, keeping candidate-scoped provider discovery hermetic.
Plugins/doctor: keep bundled plugin runtime-dependency repairs inside the managed OpenClaw stage even when user npm prefix/global config points npm at $HOME/node_modules. Fixes #71730.
ACP/sessions_spawn: reject normal OpenClaw config agent ids when callers explicitly request runtime="acp", while allowing agents configured with runtime.type="acp" to resolve to their ACP harness id. Fixes #63914.
ACP/sessions_spawn: apply runTimeoutSeconds to ACP child turns and dispatch those turns on the background subagent lane, so quota-stalled ACP harnesses do not occupy the main agent lane indefinitely. Fixes #68823.
ACP/oneshot: reconcile runtime session identity before closing completed oneshot ACP runs, so finished sessions.json entries do not stay stuck with acp.identity.state="pending".
ACPX: bundle acpx@0.6.1 so unsupported generic model overrides fail clearly instead of silently falling back to the target adapter default.
ACP/models: document that non-Codex ACP model overrides require adapter support for ACP models plus session/set_model, so unsupported harnesses fail clearly instead of silently falling back to their defaults.
Plugins/Voice Call: treat missing provider credentials as setup-incomplete during Gateway startup and log the missing keys as a warning instead of a runtime startup error, while keeping explicit command/tool errors when used.
Android/Talk Mode: prevent duplicate TTS playback when fast or repeated final chat events arrive while Talk Mode is waiting for its own response. Fixes #46546.
Tooling/check:changed: pass parent heavy-check lock markers to lint lanes so pnpm check:changed no longer waits on its own lint:extensions child.
CLI/completion: dedupe provider auth flags before registering openclaw onboard options, so completion-cache refresh during update no longer fails when stale core fallback flags overlap plugin manifest flags. Fixes #71667.
Diagnostics/trace: report live context usage from the current prompt snapshot instead of provider turn totals, avoiding false near-full context spikes on cached or tool-heavy runs.
Providers/Google: honor models.providers.google.request.allowPrivateNetwork for Gemini TTS and telephony TTS, matching Google image generation and media understanding. (#71723) Thanks @ro-hansolo.
Providers/MiniMax: register minimax-portal for music and video generation, preserving OAuth auth and regional MiniMax base URLs across the shared musicgenerate and videogenerate tools. (#63241) Thanks @tars90percent.
Providers/onboarding: keep Runway and Alibaba Model Studio out of the text-inference setup picker by scoping their video-generation auth choices to the media setup flow. (#65856) Thanks @Jah-yee.
Plugins/Bonjour: stop the gateway from crash-looping on CIAO PROBING CANCELLED when the mDNS watchdog cancels a stuck probe. Restores the rejection-handler wiring dropped during the bonjour plugin migration and shares unhandled-rejection state across module instances so plugin-staged copies of openclaw/plugin-sdk/runtime register into the same handler set the host consults. Especially affects Docker on macOS, where mDNS probing reliably hits the watchdog. Thanks @troyhitch.
Google Meet: report pinned Chrome nodes as offline or missing capabilities in setup/join diagnostics, keep inaccessible nodes out of auto-selection, and preflight local BlackHole/SoX requirements before agents try local Chrome.
Providers/MiniMax: route image-01 requests to the dedicated image generation endpoint while preserving CN endpoint selection. Fixes #61149. Thanks @mushuiyu886.
Plugins/startup: remove ownerless bundled runtime-dependency install locks after a short grace window and include lock owner details when startup times out waiting for a plugin runtime-deps lock.
Plugins/install: anchor bundled runtime-dependency npm installs with an OpenClaw-owned package manifest so Linux updates cannot accidentally write to a parent $HOME/node_modules tree. Fixes #71730.
Plugins/install: pass onboarding plugin config into plugin index writes so local plugin installs outside default discovery roots keep their install records. Thanks @shakkernerd.
Plugins/install: migrate shipped plugins.installs config records into the plugin index while stripping them from runtime config and future writes. Thanks @shakkernerd.
Plugins/install: durably remove shipped plugins.installs from openclaw.json after its records are copied into the plugin index, while rolling back the index write if config cleanup fails. Thanks @shakkernerd.
Plugins/install: keep migrated plugin install records in the plugin index even when the plugin manifest is missing or invalid, so update, uninstall, inspect, and audit can still recover broken installs. Thanks @shakkernerd.
Plugins/security: keep plugin audit JSON check ids stable while reporting plugin index install-record findings with updated wording. Thanks @shakkernerd.
CLI/config: reject direct plugins.installs edits with guidance to use openclaw plugins install, openclaw plugins update, or openclaw plugins uninstall instead. Thanks @shakkernerd.
Live tests/voice: accept common STT variants for OpenClaw and ElevenLabs brand names so provider smoke tests fail on real regressions rather than equivalent transcripts.
Agents/replies: forward sanitized underlying agent failure details on external channels instead of replacing unknown failures with a generic retry message.
CLI/MCP: translate OpenClaw mcp.servers.*.transport entries into Claude/Gemini CLI type fields so streamable HTTP MCP servers load in CLI backend sessions. (#71724) Thanks @Blockchain-Oracle.
Browser/CDP: honor configured remote and attachOnly CDP HTTP/WebSocket timeouts when opening tabs through raw CDP or /json/new fallback. (#54238) Thanks @FuncWei.
WhatsApp/TTS: send visible text separately from PTT voice-note audio instead of relying on hidden voice-note captions. Fixes #51081.
Browser/client: avoid telling agents to restart OpenClaw for dispatcher timeouts on external browser profiles such as attachOnly, remote CDP, and existing-session. (#40815) Thanks @0xsline.
Agents/TTS: preserve [[audioasvoice]] directives on trusted text tool-result MEDIA: payloads so generated audio still delivers as a voice note. (#46535) Thanks @azade-c.
Agents/TTS: keep queued tool media when an assistant ends with NO_REPLY on non-block delivery paths, so media-only generated audio replies still send. (#60025) Thanks @bradlind1.
Telegram/STT: frame inbound voice-note transcripts as machine-generated, untrusted text in agent context while preserving raw transcript mention detection. Closes #33360. Thanks @smartchainark.
Subagents/browser: show an actionable /tools notice when browser automation is configured but filtered out by the active tool profile, and document that coding-profile agents should use tools.alsoAllow: ["browser"] rather than subagent allowlists alone.
Control UI/Quick Settings: persist the assistant avatar override to browser local storage (mirroring the user avatar) so uploaded image data URLs no longer fail config validation with "Too big: expected string to have <=200 characters". Also lift the gateway-side ui.assistant.avatar length cap to match the user avatar size budget for non-UI clients writing the field directly. Thanks @BunsDev.
Plugin SDK: share diagnostic event subscriptions across duplicate source/dist module graphs so legacy root SDK imports still receive runtime diagnostic events.
Agents/Bedrock: prevent empty assistant stream-error turns from poisoning Converse replay by persisting, repairing, and replaying a non-empty fallback block. Fixes #71572. (#71627) Thanks @openperf.
Agents/Anthropic/Bedrock: strip thinking blocks with missing, empty, or blank replay signatures before provider conversion, falling back to non-empty omitted-reasoning text when needed so corrupted signed-thinking history no longer poisons subsequent turns. Fixes #45010. (#70054) Thanks @castaples.
Agents/Anthropic/Bedrock: preserve stripped thinking-only assistant replay turns with non-empty omitted-reasoning text so provider adapters keep strict user/assistant turn shape. Thanks @wujiaming88.
ACP/Codex: pass sessions_spawn(runtime="acp") model and thinking overrides into Codex ACP startup, normalize openai-codex/* refs and slash reasoning suffixes, and recognize managed Codex ACP wrapper commands without blocking current gpt-5.5 sessions. Fixes #40393. (#71643) Thanks @91wan.
Browser/CDP: make readiness diagnostics use the same discovery-first fallback as reachability for bare ws:// Browserless and Browserbase CDP URLs. Fixes #69532.
Browser/CDP: explain that loopback Browserless or other externally managed CDP services need attachOnly: true and matching Browserless EXTERNAL endpoint when reporting local port ownership conflicts, and fall back to the configured bare WebSocket root when a discovered Browserless endpoint rejects CDP. Fixes #49815.
Gateway/reload: preserve indefinite gateway.reload.deferralTimeoutMs: 0 semantics for channel hot reload deferrals so active agent runs are not interrupted by a forced channel restart. (#71637) Thanks @Poo-Squirry.
Agents/tool results: cap persisted Pi tool-result details and strip hidden diagnostics before provider conversion, preventing large debug payloads from bloating session transcripts. (#71637) Thanks @Poo-Squirry.
ACP/OpenCode: update the bundled acpx runtime to 0.6.0 and cover the OpenCode ACP bind path in Docker live tests.
Providers/OpenCode Go: add DeepSeek V4 Pro and DeepSeek V4 Flash to the Go catalog while the bundled Pi registry catches up. Fixes #71587.
Providers/OpenCode Go: route DeepSeek V4 Pro/Flash through the OpenAI-compatible Go endpoint and suppress invalid reasoning_effort: "off" payloads, fixing tool-enabled requests for opencode-go/deepseek-v4-flash. Fixes #71683.
Plugins/model defaults: run Skill Workshop review, Active Memory recall, and session-memory slug generation on the configured agent default model instead of the hardcoded OpenAI SDK fallback when hook context lacks model metadata. Fixes #71659.
Providers/Venice: fill the required DeepSeek V4 reasoning_content placeholder for venice/deepseek-v4-pro and venice/deepseek-v4-flash replay turns without sending native DeepSeek thinking controls that Venice rejects. Fixes #71628.
Browser/existing-session: support per-profile Chrome MCP command/args, map cdpUrl to --browserUrl or --wsEndpoint, and avoid combining endpoint flags with --userDataDir. Fixes #47879, #48037, and #62706. Thanks @puneet1409, @zhehao, and @madkow1001.
Media/plugins: bound MIME sniffing and ZIP archive preflight before handing untrusted files to file-type or jszip, reducing parser CPU and memory exposure for attachments and ClawHub plugin archives. Thanks @vincentkoc.
Memory-host SDK: use trusted env-proxy mode for remote embedding and batch HTTP calls only when Undici will proxy that target, preserving SSRF DNS pinning for ALLPROXY-only and NOPROXY bypass cases. Fixes #52162. (#71506) Thanks @DhtIsCoding.
Gateway/dashboard: render Control UI and WebSocket links with https:///wss:// when gateway.tls.enabled=true, including openclaw gateway status. Fixes #71494. (#71499) Thanks @deepkilo.
Agents/OpenAI-compatible: default proxy/local completions tool requests to tool_choice: "auto" when tools are present, so providers enter native tool-calling mode instead of replying with plain-text tool directives. (#71472) Thanks @Speed-maker.
OpenAI image generation: use gpt-5.5 for the Codex OAuth responses transport instead of the retired gpt-5.4 model, fixing 500s from ChatGPT Codex image generation. Fixes #71513. Thanks @baolongl.
OpenAI image generation: route transparent-background default-model requests to gpt-image-1.5, document the expected image_generate call shape, and keep Azure/custom OpenAI-compatible deployment names untouched.
Google video generation: download direct MLDev Veo video.uri results instead of passing them through the Files API path, fixing 404s after successful generation/polling. Fixes #71200. Thanks @panhaishan.
Google video generation: fall back to the REST predictLongRunning Veo endpoint for text-only SDK 404s while keeping reference image/video generation on the SDK path. Fixes #62309 and #63008. (#62343) Thanks @leoleedev.
MiniMax music generation: switch the bundled default model from the unsupported music-2.5+ id to the current music-2.6 API model. Fixes #64870 and addresses the music default from #62315. Thanks @noahclanman and @edwardzheng1.
Cron: record jobs interrupted by a gateway restart as failed at their original runningAtMs, skip unsafe startup replay, and disable interrupted one-shot jobs so they show a visible failure instead of silently disappearing or duplicating work. Fixes #59056, #61343, #63657, and #59301. Thanks @ponchoooPenguin, @daemic24, @myradon, and @hikiwibot.
Cron tool: recover flat top-level schedule shorthand such as cron, tz, and staggerMs before gateway validation, so model-generated cron add/update calls preserve cron jitter settings. Thanks @tyxben.
Cron: hydrate flat legacy job rows with top-level cron, tz, session, and message fields into canonical schedule, target, and payload objects before startup recomputes run times. Fixes #43351.
Agents/replies: let pending group chat history trigger bare mentioned turns without treating metadata-only inbound context as user input. Fixes #71489. (#71520) Thanks @SymbolStar.
Google media generation: strip a configured trailing /v1beta from Google music/video provider base URLs before calling the Google GenAI SDK, preventing doubled /v1beta/v1beta paths. Fixes #63240. (#63258) Thanks @Hybirdss.
Discord: restore direct-message voice-note preflight transcription and classify URL-only Ogg/Opus voice attachments as audio while skipping partial attachments without usable URLs. Fixes #61314 and #64803.
Plugins/build: copy bundled plugin skill trees into dist-runtime, broaden Windows symlink-copy fallbacks, and fingerprint runtime dependencies from lstat so symlink-like directory entries cannot crash staging.
Google Chat: preserve reply text when a typing indicator message is deleted or can no longer be updated, so media captions and first text chunks are resent instead of silently disappearing. (#71498) Thanks @colin-lgtm.
Cron: tolerate malformed legacy job rows in startup, main-session system-event payloads, and human-readable cron list output so missing state, payload.text, or display fields no longer crash the scheduler or CLI. Fixes #66016, #65916, #64137, #57872, #59968, #63813, #52804, and #43163. (#71509) Thanks @vincentkoc.
CLI/models: make openclaw models scan fall back to public OpenRouter free-model metadata when no OPENROUTERAPIKEY is configured, avoid config secret resolution for explicit --no-probe scans, and apply the scan timeout to the OpenRouter catalog request.
Feishu: keep streaming cards to one live card per turn, flush throttled card edits after meaningful text boundaries, and skip exact block/partial repeats so tool-heavy replies do not duplicate card output. Thanks @allan0509.
Feishu: finish the streaming-card duplicate closeout by stripping leaked reasoning tags, preserving cross-block partial snapshots, enabling topic-thread streaming cards, omitting the generic main card header, surfacing transient tool/compaction status, and cleaning streaming state after close failures. Thanks @sesame437, @Vicky-v7, @maoku-family, @Pengxiao-Wang, and @Maple778.
Telegram: recover incomplete partial-stream previews by falling back to a final send when an ambiguous final edit failure would otherwise retain a strict prefix of the answer. Fixes #71525. (#71554) Thanks @sahilsatralkar.
Control UI/chat: collapse assistant token/model context details behind an explicit Context disclosure and show full dates in message footers, making historical transcript timing clear without noisy default metadata. (#71337) Thanks @BunsDev.
OpenAI/Codex OAuth: explain unsupportedcountryregion_territory token-exchange failures with a proxy/region hint instead of surfacing a generic OAuth error. Fixes #51175. (#71501) Thanks @vincentkoc and @wulala-xjj.
Browser/Linux: fall back to headless mode for local managed profiles on hosts without a display server, while preserving explicit per-profile headed overrides and reporting the headless source. (#60953) Thanks @rrpsantos.
Telegram: remove the startup persisted-offset getUpdates preflight so polling restarts do not self-conflict before the runner starts. Fixes #69304. (#69779) Thanks @chinar-amrutkar.
Telegram: keep the polling stall watchdog active even when grammY reports the runner as not running while its task is still pending, so a rebuilt transport cannot leave getUpdates silent until a manual gateway restart. Fixes #69064. Thanks @LDLoeb.
Subagents: fall back to direct completion delivery when the parent announce turn finishes without a visible payload, so child results still reach channel-backed requester sessions.
Subagents: tell parent agents to use sessions_yield while waiting for child completion events, preventing GPT-5 fast runs from ending silently after spawning workers.
Browser/Playwright: ignore benign already-handled route races during guarded navigation so browser-page tasks no longer fail when Playwright tears down a route mid-flight. (#68708) Thanks @Steady-ai.
Browser/CLI: lazy-load browser command groups and plugin runtime services so openclaw browser --help can render without loading the full browser automation stack. Fixes #65400. (#65460, #66640) Thanks @pandego and @Tianworld.
Browser/CLI: serve precomputed openclaw browser --help text from CLI startup metadata, avoiding the full plugin/config startup path for the common help invocation.
Browser/downloads: seed managed Chrome profiles with OpenClaw download prefs and capture unmanaged click-triggered downloads under the guarded downloads directory, while explicit download waiters still own their target file. (#64558) Thanks @Pearcekieser.
Browser/Chrome: stop passing redundant --disable-setuid-sandbox when browser.noSandbox is enabled; --no-sandbox remains the effective sandbox opt-out. (#67939) Thanks @sebykrueger.
Browser/client: stop telling agents to permanently avoid the browser after transient timeout or cancellation failures; keep the no-retry hint for persistent unavailable/rate-limit cases. (#46505) Thanks @jriff.
Browser/aria snapshots: bind format=aria axN refs to live DOM nodes through backend DOM ids when Playwright is available, so follow-up browser actions can use those refs without timing out. (#62434) Thanks @MrKipler.
Telegram: prevent duplicate in-process long pollers for the same bot token and add clearer getUpdates conflict diagnostics for external duplicate pollers. Fixes #56230. Thanks @Co-Messi.
Browser/Linux: detect Chromium-based installs under /opt/google, /opt/brave.com, /usr/lib/chromium, and /usr/lib/chromium-browser before asking users to set browser.executablePath. (#48563) Thanks @lupuletic.
Sessions/browser: close tracked browser tabs when idle, daily, /new, or /reset session rollover archives the previous transcript, preventing tabs from leaking past the old session. Thanks @jakozloski.
Sessions/forking: fall back to transcript-estimated parent token counts when cached totals are stale or missing, so oversized thread forks start fresh instead of cloning the full parent transcript. Thanks @jalehman.
OpenAI/Codex: send Codex Responses system prompts through top-level instructions while preserving the existing native Codex payload controls.
MCP/CLI: retire bundled MCP runtimes at the end of one-shot openclaw agent and openclaw infer model run gateway/local executions, so repeated scripted runs do not accumulate stdio MCP child processes. Fixes #71457. Thanks @spartoviMD.
OpenAI/Codex image generation: canonicalize legacy openai-codex.baseUrl values such as https://chatgpt.com/backend-api to the Codex Responses backend before calling gpt-image-2, matching the chat transport. Fixes #71460. Thanks @GodsBoy.
Control UI: make /usage use the fresh context snapshot for context percentage, and include cache-write tokens in the Usage overview cache-hit denominator. Fixes #47885. Thanks @imwyvern and @Ante042.
GitHub Copilot: preserve encrypted Responses reasoning item IDs during replay so Copilot can validate encrypted reasoning payloads across requests. (#71448) Thanks @a410979729-sys.
GitHub Copilot: never rewrite connection-bound reasoning item IDs regardless of whether encryptedcontent is present, fixing a 400 "Encrypted content itemid did not match" error with gpt-5.3-codex and future Codex models that fall through to the forward-compat catch-all with reasoning: false. Also recognize Codex-named models as reasoning-capable so they inherit the correct capability flags. Refs #68735. Thanks @InvalidPandaa.
Agents/replies: recover final-answer text when streamed assistant chunks contain only whitespace, preventing completed turns from surfacing as empty-payload errors. Fixes #71454. (#71467) Thanks @Sanjays2402.
Feishu/TTS: transcode voice-intent MP3 and other audio replies to Ogg/Opus before sending native Feishu audio bubbles, while keeping ordinary MP3 attachments as files. Fixes #61249 and #37868. Thanks @sg1416-zg and @ycjlb2023-peteryi.
WhatsApp/TTS: transcode MP3/WebM audio, including Microsoft Edge TTS output, to Ogg/Opus before sending PTT voice notes.
QQBot/TTS: honor plain audioAsVoice replies by synthesizing TTS to native QQ voice messages, and mark inbound voice-only messages as audio media without exposing raw voice paths to generic media context.
Providers/SenseAudio: add bundled SenseAudio batch audio transcription through tools.media.audio with SENSEAUDIOAPIKEY auth. (#66943) Thanks @Fl0rencess720.
Providers/MiniMax: let TTS use MiniMax portal OAuth and Token Plan credentials before falling back to MINIMAXAPIKEY, and include current TTS HD model ids. Fixes #55017. Thanks @zx15210404690-hash.
Telegram/webhook: acknowledge validated webhook updates before running bot middleware, keeping slow agent turns from tripping Telegram delivery retries while preserving per-chat processing lanes. Fixes #71392. Thanks @joelforsberg46-source.
MCP/config reload: hot-apply mcp.* changes by disposing cached session MCP runtimes, and dispose bundled MCP runtimes during gateway shutdown so removed mcp.servers entries reap child processes promptly. Fixes #60656. Thanks @xieyuanqing.
Active Memory: keep silent recall sub-agent billing/auth failures out of shared auth-profile cooldown state, so a Claude CLI extra-usage rejection cannot disable normal Claude-backed turns. Fixes #71284. (#71539) Thanks @vishutdhar and @obviyus.
Auth/Claude CLI: sync refreshed Claude CLI OAuth credentials into the managed auth profile so long-running Claude CLI runs stop falling back to stale OpenClaw snapshots. (#70902) Thanks @starvex.
Sessions: make sessions_spawn(mode="session") errors name usable alternatives when the current channel cannot bind subagent threads. Fixes #67400. (#67790) Thanks @stainlu.
Agents/Claude CLI: pass the OpenClaw system prompt through Claude's prompt-file flag so Windows runs avoid argv length failures without changing system prompt semantics. Fixes #69158. (#69211) Thanks @skylee-01, @cassioanorte, @Syu0, and @Stache73.
Agents/CLI sessions: bind google-gemini-cli session auth-epoch to the Google account identity in ~/.gemini/oauth_creds.json, so Gemini-backed agents resume their conversation after gateway restart instead of minting a fresh session, and stale bindings are invalidated when the authenticated Google account changes. Fixes #70973. (#71076) Thanks @openperf.
Slack: stop treating user mentions in assistant-authored message edit blocks as sender attribution, preventing edited bot messages from spoofing a mentioned DM user. (#71700) Thanks @vincentkoc.
Codex: consume unauthorized bound conversation inbound claims before they can fall through to other claim handlers or enqueue Codex turns. (#71702) Thanks @vincentkoc.
Codex media understanding: require approval-checked app-server image turns while explicitly declining tool, file, permission, and elicitation approval requests for the bounded image worker. (#71703) Thanks @vincentkoc.
Agents/Claude CLI: allow large live stream-json JSONL lines up to the existing per-turn raw limit, preventing large Telegram, WebChat, MCP, and image turns from aborting on the old stdout buffer cap. Fixes #71793, #71080, and #70766. (#71897) Thanks @chacher86, @shivamgrover21, and @tpjordan.
Agents/Claude CLI: unwrap nested Claude result envelopes in CLI JSON output so delegated agent responses surface as final text instead of raw result JSON. (#66819) Thanks @mraleko.
Agents/Claude CLI: apply the configured 1M context window override to eligible Claude CLI Opus and Sonnet models when context1m is enabled. (#70863) Thanks @bidadh.
Models/status: report fresh Claude CLI native auth instead of stale stored anthropic:claude-cli profile expiry when local credentials are current. Fixes #71256. (#71332) Thanks @matthiasjanke and @neeravmakwana.
CLI backends: compact OpenClaw transcripts after over-budget CLI turns and reseed fresh CLI sessions from the compacted transcript instead of stale external resume state. Fixes #68329. (#71916) Thanks @obviyus.
Telegram: keep default tool progress messages visible when answer preview streaming is disabled. (#71825) Thanks @VACInc.
Configure/models: clear deselected model fallbacks when updating the model picker allowlist, including provider-scoped setup flows. (#71596) Thanks @rubencu.
Agents/streaming: strip namespaced <antml:thinking> reasoning tags from streamed assistant replies before user-visible text is emitted. (#69288) Thanks @xialonglee.

v2026.4.25-beta.2 pre BREAKING [Apr 26, 2026] (4d ago) details → github →

# openclaw 2026.4.25-beta.2

2026.4.25

Highlights

Voice replies get a full TTS upgrade: /tts latest, chat-scoped auto-TTS controls, personas, per-agent/per-account overrides, and new Azure Speech, Xiaomi, Local CLI, Inworld, Volcengine, and ElevenLabs v3 provider coverage. Thanks @leonchui, @zoujiejun, @solar2ain, @cshape, @xuruiray, @itsuzef, and @barronlroth.
Plugin startup and install paths move to the cold persisted registry, cutting broad manifest scans while making plugin update, repair, provider discovery, and install metadata more deterministic. Thanks @vincentkoc and @shakkernerd.
OpenTelemetry coverage expands across model calls, token usage, tool loops, harness runs, exec processes, outbound delivery, context assembly, and memory pressure with bounded low-cardinality attributes. Thanks @vincentkoc, @jlapenna, @Lidang-Jiang, and @oc-factus.
Browser automation gets safer tab URLs, iframe-aware role snapshots, CDP readiness tuning, headless one-shot launch, and deeper browser doctor probes for slow hosts. Thanks @beat843796 and @BenediktSchackenberg.
Control UI and setup flows add PWA/Web Push support, Crestodian first-run repair, TUI setup, context mode selection, and a shorter startup greeting. Thanks @eduardocruz, @SebTardif, and @kevinlin-openai.
Install/update hardening covers Windows, macOS, Linux, Docker, bundled plugin runtime deps, Node service restarts, LaunchAgent token rotation, and mixed-version gateway verification. Thanks @Kobevictor, @igormf, @abhinas90, @jsompis, @Solvely-Colin, and @gucasbrg.

Changes

TTS/WhatsApp: add /tts latest read-aloud support with duplicate suppression and /tts chat on|off|default session-scoped auto-TTS overrides, completing the on-demand voice-note UX for current-chat replies. Fixes #66032.
TTS/channels: resolve channel and account TTS overrides generically, enabling Feishu and QQBot accounts to deep-merge channels.<channel>.accounts.<id>.tts over global and per-agent TTS config. Thanks @sahilsatralkar.
TTS/agents: allow agents.list[].tts to override global messages.tts for per-agent voices, and make /tts audio, /tts status, and the tts agent tool honor the active voice/provider override while keeping shared provider credentials and preferences in the existing TTS config surface.
Providers/Azure Speech: add Azure Speech as a bundled TTS provider with Speech-resource auth, voice listing, SSML escaping, native Ogg/Opus voice-note output, and telephony output. (#51776) Thanks @leonchui.
Google Meet: add calendar-backed attendance export workflows, export manifests, dry-run previews, and tool parity for meeting records.
Control UI: add PWA install support and Web Push notifications for Gateway chat. (#44590) Thanks @eduardocruz.
Browser automation: add safe tab URLs in agent responses plus a CDP-native role snapshot fallback with iframe-aware refs, cursor-clickable detection, target attach preparation, and openclaw browser doctor --deep live snapshot probing.
CLI/image generation: expose generic --background on openclaw infer image generate and openclaw infer image edit, keep --openai-background as an OpenAI alias, and let fal image generation honor --output-format png|jpeg.
Browser/config: allow local managed Chrome launch discovery and post-launch CDP readiness timeouts to be raised for slower hosts such as Raspberry Pi. Fixes #66803. Thanks @beat843796.
Discord: allow channels.discord.voice.model to override the LLM used for voice channel responses while keeping STT and TTS on their existing media settings. (#64368) Thanks @mrdavey.
Browser/CLI: add openclaw browser start --headless as a one-shot local managed browser launch override without rewriting persisted browser config. Thanks @BenediktSchackenberg.
CLI/Crestodian/TUI: add the first-run setup helper, local planner fallback, full-TUI interactive Crestodian, startup progress indicators, context mode selector, and a shorter startup greeting. (#71720, #71760) Thanks @SebTardif and @kevinlin-openai.
Plugins: migrate the local plugin registry automatically during package install/update, keeping install metadata in the plugin index while indexing existing plugin manifests for the new cold registry path. Thanks @vincentkoc and @shakkernerd.
Plugins/doctor: make openclaw doctor --fix refresh the plugin index and cold registry index when needed without treating plugin install records as authored config. Thanks @vincentkoc and @shakkernerd.
Plugins/hooks: add before-agent-finalize hooks, cron jobId hook context, bounded native permission fingerprints, and Codex MCP hook relay support. (#71765, #71758, #71707) Thanks @vincentkoc and @pashpashpash.
Plugins/tokenjuice: bump the bundled tokenjuice runtime to 0.6.3. Thanks @vincentkoc.
Diagnostics/OTEL: align model-call GenAI span attributes with OpenTelemetry stability opt-in semantics, keeping legacy genai.system by default while emitting genai.provider.name under OTELSEMCONVSTABILITYOPTIN=genailatest_experimental. Thanks @vincentkoc.
Diagnostics/OTEL: support signal-specific OTLP endpoint overrides for traces, metrics, and logs via config or standard OTEL environment variables. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded telemetry exporter health diagnostics for startup and log-export failures without exporting raw error text. Thanks @vincentkoc.
Diagnostics/OTEL: export agent harness lifecycle telemetry as bounded openclaw.harness.run spans and openclaw.harness.duration_ms metrics so QA-lab, Codex, and future harnesses share one trace shape. Thanks @vincentkoc.
Diagnostics/trace: propagate W3C traceparent headers from trusted model-call trace context to provider transports while replacing caller-supplied traceparent values. Thanks @vincentkoc.
Diagnostics/Prometheus: add a bundled diagnostics-prometheus plugin with a protected gateway scrape route for low-cardinality diagnostics metrics. Thanks @vincentkoc.
Plugins/CLI: add openclaw plugins registry for explicit persisted-registry inspection and --refresh repair without making normal startup rescan plugin locations. Thanks @vincentkoc.
Plugins/CLI: make openclaw plugins list read the cold persisted registry snapshot by default, leaving module-aware diagnostics to plugins doctor and plugins inspect. Thanks @vincentkoc.
Plugins/startup: move gateway startup plugin planning onto the versioned cold registry index, with postinstall repair for older registry files that predate startup metadata. Thanks @vincentkoc.
Plugins/startup: normalize startup and provider plugin enablement through registry aliases so boot paths do not need the legacy manifest alias scan. Thanks @vincentkoc.
Providers/plugins: resolve provider ownership, provider discovery scopes, and catalog-hook provider ids from the cold plugin registry instead of rescanning manifests on those paths. Thanks @vincentkoc.
Plugins/registry: keep installed plugin index records focused on install/state/load paths and resolve plugin capabilities from manifests scoped to indexed plugins. Thanks @shakkernerd.
Plugins/registry: route cold manifest and capability lookups through the installed plugin index so setup, channels, config, secrets, doctor, and provider metadata paths avoid broad plugin-root scans before runtime execution. Thanks @shakkernerd.
CLI/models: speed up models list --all --provider <id> for static manifest-backed providers by loading catalog rows through the installed plugin index instead of broad manifest scans or runtime suppression hooks. Thanks @shakkernerd.
CLI/models: use OpenClaw Provider Index preview rows as the final cold fallback for installable providers, while keeping user config, installed manifests, and refreshed cache rows above provider-index metadata. Thanks @vincentkoc.
Providers/plugins: keep onboarding and auth-choice setup lists on cold manifest/install metadata and add Provider Index install metadata for not-yet-installed provider plugins. Thanks @vincentkoc.
Providers/plugins: keep provider setup guidance and configure auth imports on cold manifest metadata, with a regression guard against static provider-runtime imports on setup/configure list paths. Thanks @vincentkoc.
CLI/capabilities: keep capability command registration from importing the models auth runtime until model auth login actually runs. Thanks @vincentkoc.
CLI/configure: keep web-search configure prompts on cold plugin registry metadata until the user chooses managed search setup. Thanks @vincentkoc.
Plugins/chat commands: refresh the persisted plugin registry after /plugins enable and /plugins disable, matching the CLI mutation path. Thanks @vincentkoc.
Plugins/compat: mark OPENCLAWDISABLEPERSISTEDPLUGINREGISTRY as a deprecated break-glass switch and point operators at registry repair instead. Thanks @vincentkoc.
Plugins/compat: expand the central compatibility registry with dated owners, replacements, and maximum three-month removal targets for legacy SDK, manifest, setup, registry-migration, and agent-runtime surfaces. Thanks @vincentkoc.
Plugins/registry: ignore stale persisted registry reads when plugin policy no longer matches current config, and stamp generated registry files with a do-not-edit warning. Thanks @vincentkoc.
Config/plugins: keep plugin command-alias validation on cold manifest metadata instead of importing the runtime alias resolver. Thanks @vincentkoc.
Security/plugins: keep web-search credential presence checks on cold config, env, and manifest metadata instead of importing web-search provider runtime. Thanks @vincentkoc.
Diagnostics/OTEL: surface provider request identifiers as bounded hashes on model-call diagnostics and span events, without exporting raw request IDs or metric labels. Thanks @Lidang-Jiang and @vincentkoc.
Plugins/diagnostics: add metadata-only modelcallstarted and modelcallended hooks for provider/model call telemetry without exposing prompts, responses, headers, request bodies, or raw provider request IDs. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded context assembly diagnostics and export openclaw.context.assembled spans with prompt/history sizes but no prompt, history, response, or session-key content. Thanks @vincentkoc.
Diagnostics/OTEL: export existing tool-loop diagnostics as openclaw.tool.loop counters and spans without loop messages, session identifiers, params, or tool output. Thanks @vincentkoc.
Diagnostics/OTEL: export diagnostic memory samples and pressure as bounded memory histograms, counters, and pressure spans to help spot leak regressions without session or payload data. Thanks @vincentkoc.
Diagnostics/OTEL: add the GenAI gen_ai.client.token.usage histogram for input/output model usage while keeping session identifiers and aggregate cache counters out of the semantic metric. Thanks @vincentkoc.
Diagnostics/OTEL: add a bounded openclaw.agent label to OpenClaw token metrics so per-agent Grafana dashboards can group usage without exporting session identifiers. Thanks @oc-factus.
Plugins/install: consolidate managed plugin install metadata into the state-managed plugin index at plugins/installs.json, replacing the temporary plugins/installed-index.json path and removing plugins.installs as an authored config surface. Thanks @vincentkoc and @shakkernerd.
Diagnostics/OTEL: add the GenAI gen_ai.client.operation.duration histogram for model-call latency in seconds with bounded provider/model/API and error attributes. Thanks @vincentkoc.
Diagnostics/OTEL: add GenAI usage token attributes to model-usage spans, including cache read/write input token counts without session identifiers or prompt/response content. Thanks @vincentkoc.
Diagnostics/OTEL: include bounded GenAI operation, provider, and request-model attributes on model-usage spans so token usage remains self-describing without diagnostic identifiers. Thanks @vincentkoc.
Diagnostics/OTEL: keep model-usage span GenAI provider attributes aligned with the existing semantic-convention opt-in policy, using legacy gen_ai.system unless latest experimental GenAI conventions are enabled. Thanks @vincentkoc.
Diagnostics/OTEL: keep gen_ai.request.model present on GenAI token usage metrics with a bounded unknown fallback when model usage events do not include a model. Thanks @vincentkoc.
Docs/OTEL: document the GenAI token and model-call duration metrics, model-usage span attributes, and OTELSEMCONVSTABILITYOPTIN=genailatest_experimental provider-attribute behavior. Thanks @vincentkoc.
Docs: refresh the MCP, model provider, doctor, troubleshooting, BlueBubbles, media generation, TTS, subagents, skills, cron/tasks, exec approvals, and voice-call guides with structured Steps, Tabs, and Accordion content.
Diagnostics/trace: add an internal traceparent propagation helper that only formats trusted dispatcher metadata, keeping plugin-emitted diagnostic traces out of outbound propagation by default. Thanks @vincentkoc.
Diagnostics/OTEL: add bounded outbound message delivery lifecycle diagnostics and export them as low-cardinality delivery spans/metrics without message body, recipient, room, or media-path data. (#71471) Thanks @vincentkoc and @jlapenna.
Diagnostics/OTEL: emit bounded exec-process diagnostics and export them as openclaw.exec spans without exposing command text, working directories, or container identifiers. (#71451) Thanks @vincentkoc and @jlapenna.
Diagnostics/OTEL: support OPENCLAWOTELPRELOADED=1 so the plugin can reuse an already-registered OpenTelemetry SDK while keeping OpenClaw diagnostic listeners wired. (#71450) Thanks @vincentkoc and @jlapenna.
Providers/Xiaomi: add MiMo TTS as a bundled speech provider with MP3/WAV output and voice-note Opus transcoding. Fixes #52376. (#55614) Thanks @zoujiejun.
Providers/ElevenLabs: include eleven_v3 in the bundled TTS model catalog so model selection surfaces can offer ElevenLabs v3. (#68321) Thanks @itsuzef.
Providers/Local CLI TTS: add a bundled local command speech provider with file/stdout input, voice-note Opus conversion, and telephony PCM output. (#56239) Thanks @solar2ain.
Providers/Inworld: add Inworld as a bundled speech provider with streaming TTS synthesis, voice listing, voice-note output, and PCM telephony output. (#55972) Thanks @cshape.
Providers/Volcengine: add Volcengine/BytePlus Seed Speech as a bundled TTS provider with API-key auth, native Ogg/Opus voice-note output, and MP3 audio-file output. (#55641) Thanks @xuruiray.
Android/Talk Mode: expose Talk Mode in the Voice tab with runtime-owned voice capture modes and microphone foreground-service escalation. Thanks @alex-latitude.
Providers/LiteLLM: register litellm as an image-generation provider so image_generate model=litellm/... calls and agents.defaults.imageGenerationModel.fallbacks entries resolve through the LiteLLM proxy. Thanks @zqchris.
Providers/fal: add Seedance 2.0 reference-to-video models with multi-image, video, and audio reference input mapping plus model-specific capability limits for video_generate. Thanks @shivanker.
Codex harness: require Codex app-server 0.125.0 or newer and cover native MCP PreToolUse, PostToolUse, and PermissionRequest payloads through the OpenClaw hook relay.
Agents/Codex: teach prompts and agents_list to surface native Codex app-server availability so agents prefer /codex ... over Codex ACP unless ACP/acpx is explicit. Thanks @vincentkoc.
ACPX/Droid: add Factory Droid to the live ACP bind Docker matrix, including .factory settings staging, FACTORYAPIKEY forwarding, and the single-agent test:docker:live-acp-bind:droid recipe.
TTS/personas: add provider-aware TTS personas with deterministic provider binding merges, /tts persona controls, gateway/CLI persona state, Google Gemini audio-profile-v1 prompt wrapping, and OpenAI instruction mapping. (#70748) Thanks @barronlroth.
Voice Wake: add trigger-based routing so macOS voice wake phrases can select a configured agent or session target, with Gateway routing APIs and node update events. (#30354) Thanks @longbiaochen.

Fixes

Plugins/CLI: let flag-driven openclaw channels add install the selected channel plugin from its default source without opening an interactive prompt, fixing published npm Telegram setup in stdin-closed automation. Thanks @codex.
Plugins/startup: load the default memory-core slot during Gateway startup when permitted so active-memory recall can call memorysearch and memoryget without requiring an explicit plugins.slots.memory entry, while preserving plugins.slots.memory: "none". Thanks @codex.
Plugins/CLI: prefer native require for compiled bundled plugin JavaScript before jiti so read-only config, status, device, and node commands avoid unnecessary transform overhead on slow hosts. Fixes #62842. Thanks @Effet.
Plugins/compat: inventory doctor-side deprecation migrations separately from runtime plugin compatibility so release sweeps preserve needed repairs while enforcing dated removal windows. Thanks @vincentkoc.
Plugins/compat: add missing dated compatibility records for legacy extension-api, memory registration, provider hook/type aliases, runtime aliases, channel SDK helpers, and approval/test utility shims. Thanks @vincentkoc.
Plugins/CLI: refresh the persisted registry after managed plugin files are removed so ClawHub uninstall cannot leave stale plugins list entries. Thanks @codex.
Plugins/CLI: make plugin install and uninstall config writes conflict-aware, clear stale denylist entries on explicit reinstall/removal, and delete managed plugin files only after config/index commit succeeds. Thanks @codex.
Plugins: fail plugins update when tracked plugin or hook updates error, keep bundled runtime-dependency repair behind restrictive allowlists, and reject package installs with unloadable extension entries. Thanks @codex.
Gateway/chat: keep duplicate attachment-backed chat.send retries with the same idempotency key on the documented in-flight path so aborts still target the real active run. Fixes #70139. Thanks @Feelw00.
Plugins: share package entrypoint resolution between install and discovery, reject mismatched runtimeExtensions, and cache bundled runtime-dependency manifest reads during scans. Thanks @codex.
Onboarding/setup: keep first-run config reads, plugin compatibility notices, and post-model sanity checks on cold metadata paths unless the user chooses to browse all models, avoiding full plugin/runtime catalog work between prompts. Thanks @shakkernerd.
Onboarding/auth: run manifest-owned provider auth choices through scoped setup providers so selecting OpenAI Codex browser/device auth no longer loads every provider runtime before OAuth starts. Thanks @shakkernerd.
Onboarding/auth: keep the post-auth default-model policy lookup on manifest/setup metadata so the next prompt appears without loading broad provider runtime. Thanks @shakkernerd.
Onboarding/models: keep skip-auth and provider-scoped model picker prompts off the full global model catalog path, and cache provider catalog hook resolution so setup no longer stalls after auth on large plugin registries. Thanks @shakkernerd.
Gateway/Bonjour: suppress known @homebridge/ciao cancellation and network assertion failures through scoped process handlers so malformed mDNS packets or restricted VPS networking disable/restart Bonjour instead of crashing the gateway. Fixes #67578. Thanks @zenassist26-create.
Discord: keep late clicks on already-resolved exec approval buttons quiet when elevated mode auto-resolved the request, while still surfacing real approval submission failures. Fixes #66906. Thanks @rlerikse.
Agents/subagents: deliver completed yielded-subagent results back to no-thread requester routes via direct fallback when the dormant parent announce turn produces no visible reply, and add QA-lab coverage for the regression. Thanks @vincentkoc.
Gateway/Tailscale: let Tailscale-authenticated Control UI operator sessions with browser device identity skip the device-pairing round trip while still rejecting device-less and node-role connections. Refs #71986. Thanks @jokedul.
Doctor: honor OPENCLAWSERVICEREPAIR_POLICY=external by reporting gateway service health while skipping service install/start/restart/bootstrap, supervisor rewrites, and legacy service cleanup for externally managed environments. Thanks @shakkernerd.
CLI/update: run package post-update doctor with --fix so package updates repair config migrations before restart. Thanks @shakkernerd.
CLI/update: retry failed npm global updates with --omit=optional and ignore the superseded first failure when the fallback succeeds. Thanks @shakkernerd.
Plugins/uninstall: migrate and reset plugins.slots.contextEngine alongside memory slots when plugin ids change or selected plugins are removed. Thanks @shakkernerd.
Agents/Discord: keep raw Agent failed before reply runner failures out of Discord group/channel chats and show detailed runner errors in direct chats only when /verbose is enabled. Thanks @codex.
UI/Windows: quote resolved pnpm .cmd launcher paths before spawning UI install/build/test commands so Node installs under C:\Program Files no longer fail as C:\Program. Fixes #45275. Thanks @Kobevictor, @stoppieboy, and @iubns.
Codex/agent: translate --thinking minimal to low for modern Codex models (gpt-5.5, gpt-5.4, gpt-5.4-mini, gpt-5.2) at request build time so the first turn is accepted instead of paying a wasted call + retry-with-low fallback. Older Codex models still receive minimal directly. Fixes #71946. Thanks @hclsys.
Plugins/uninstall: remove tracked plugin files from their recorded managed extensions root even when the current state directory points somewhere else, so openclaw plugins uninstall --force does not leave the plugin discoverable. Thanks @shakkernerd.
Agents/runtime: add agentRuntime.id as the canonical config key, migrate legacy runtime-policy configs with openclaw doctor --fix, route canonical Anthropic models through claude-cli without passing CLI backend aliases to embedded harness selection, and load CLI backend owner plugins before channel startup. Fixes #71957. Thanks @WolvenRA.
CLI/update: guard Windows scheduled-task stops by state and timeout so auto-update restart cannot hang indefinitely on schtasks /End before stale-listener cleanup. Fixes #69970. Thanks @yangswld and @sherlock-huang.
Windows install/Lobster: execute pnpm.exe directly when npm_execpath points at the native pnpm binary, add an installed-package fallback for the Lobster embedded runtime, and include the Lobster runner regression test in Windows CI. Fixes #69456. Thanks @igormf.
Gateway/install: refresh loaded gateway service installs when the current service embeds stale gateway auth instead of returning already-installed, avoiding LaunchAgent token-mismatch loops after token rotation. Fixes #70752. Thanks @hyspacex.
Update: ignore bundled plugin .openclaw-install-stage directories during global install verification and packaged dist pruning so leftover runtime-dep staging files do not turn successful updates into unexpected packaged dist file failures. Fixes #71752. Thanks @waynegault.
CLI/update: fail package updates when post-update plugin sync fails and refresh legacy npm plugin install records before trusting unchanged artifacts, preventing successful updates from restarting with stale or failed plugin state. Thanks @vincentkoc and @shakkernerd.
Release/update: reject pre-populated bundled plugin .openclaw-install-stage directories, including mixed-case path variants, before package inventory generation so release tarballs cannot ship poisoned runtime-dependency staging debris. Fixes #71752. Thanks @hclsys.
Node runtime: keep node-host retry timers alive across Gateway restarts and exit on terminal credential pauses so supervised nodes do not become silent zombies. Fixes #69800. Thanks @meroli28.
Gateway/plugins: stop persisted WhatsApp auth state from activating bundled channel runtime-dependency repair during startup when channels.whatsapp is absent, avoiding npm/git stalls on packaged Linux installs. Fixes #71994. Thanks @xiao398008.
Gateway/device tokens: enforce caller-scope containment inside token rotation and revocation so pairing-only sessions cannot mutate higher-scope operator tokens. Fixes #71990. Thanks @coygeek.
Plugins/channels: keep security checks, thread-binding placement, provider summaries, health formatting, and message action labels on read-only or already-loaded channel metadata instead of importing full channel runtime. Thanks @shakkernerd.
Plugins/status: keep config-only channel labels and status security summaries from importing plugin runtime modules just to render metadata. Thanks @shakkernerd.
Sessions/channels: stop group-session metadata from loading bundled channel runtime just to classify #channel subjects, using only already-loaded channel capabilities on that path. Thanks @shakkernerd.
Plugins/channels: keep native command and native skill auto defaults on static channel metadata so config, audit, and command-list checks do not load channel runtime just to read those defaults. Thanks @shakkernerd.
CLI/channels: keep channel remove selection and all-channel capabilities summaries on read-only plugin metadata, loading channel runtime only for the selected mutation path. Thanks @shakkernerd.
CLI/models: keep Provider Index preview rows out of models list --all --provider <id> when the owning provider plugin is disabled, preserving config authority for cold catalog fallbacks. Thanks @shakkernerd.
CLI/model runs: keep openclaw infer model run on explicit OpenRouter models from loading the full provider catalog or inheriting chat-agent silent-reply policy, restoring non-empty one-shot probe output. Fixes #68791. Thanks @limpredator.
Installer/macOS: rerun Homebrew install steps without the gum spinner when raw-mode ioctl failures occur, and avoid claiming node@24 was installed when the Homebrew keg binary is missing. Fixes #70411. Thanks @1fanwang and @dad-io.
Installer: load nvm before Node.js detection so curl | bash installs respect nvm-managed Node instead of stale system Node. Fixes #49556. Thanks @heavenlxj.
Installer/Windows: route PowerShell install failures through a top-level handler so iwr ... | iex returns control to the current shell while direct script-file runs still exit non-zero. Fixes #38054. Thanks @PwrSrg.
CLI/Volta: respawn raw openclaw CLI runs through the named node shim when the current Node executable resolves to volta-shim, avoiding direct shim execution failures in non-interactive shells. Fixes #68672. Thanks @sanchezm86.
Installer: warn when multiple npm global roots contain OpenClaw installs, showing active Node/npm/openclaw plus each install path and version so stale version-manager installs are visible. Fixes #40839. Thanks @zhixianio.
Cron/tasks: recover completed cron task ledger records from durable run logs and job state before marking them lost, reducing false backing session missing audit errors for isolated cron runs and keeping offline CLI audit from treating its empty local cron active-job set as authoritative. Fixes #71963.
Docker: copy patched dependency files into runtime images so downstream pnpm install layers keep working. Fixes #69224. Thanks @gucasbrg.
Package: include patched dependency files in the published npm package so downstream installs can resolve patchedDependencies. (#69224) Thanks @gucasbrg and @vincentkoc.
Plugins/channels: treat malformed bundled channel plugin loaders that return undefined as unavailable instead of crashing config and help paths. Fixes #69044. Thanks @frankhli843 and @vincentkoc.
Scripts/watch: show corrupted dependency package-config recovery guidance when gateway:watch fails during watcher startup, without double-logging unrelated import failures. (#58780) Thanks @roytong9 and @vincentkoc.
Signal: read signal-cli RPC, health checks, and SSE events through Node's HTTP client so Node 24/25 fetch regressions do not break Signal sends or inbound events. Fixes #51716 and #53040. Thanks @Barukimang, @minupla, and @vincentkoc.
Skills/Docker: run npm-backed skill dependency installs with an OpenClaw-managed user prefix so non-root Docker images do not write to /usr/local. Fixes #59601. Thanks @chanjarster and @vincentkoc.
Agents/runtime: submit heartbeat, cron, and exec wakeups as transient runtime context instead of visible user prompts, keeping synthetic system work out of chat transcripts. Fixes #66496 and #66814. Thanks @jeades and @mandomaker.
Telegram: include native quote excerpts automatically for threaded replies and reply tags when the original Telegram text is available, without adding another config knob. Fixes #6975. Thanks @rex05ai.
Node/Linux: make openclaw node install enable and restart the openclaw-node systemd unit instead of the gateway unit on node-only VMs. Fixes #68287. Thanks @dlebee-agent.
Browser/CDP: retry transient raw-CDP WebSocket handshake failures before any browser command is sent, and reconnect stale persistent Playwright CDP sessions for safe tab-list reads without replaying mutating browser actions. Fixes #67728.
Gateway/Linux: retry systemctl --user enable after a second daemon reload when the freshly written gateway unit is not visible yet on migrated systemd installs. Fixes #65184. Thanks @liushuaiiu.
Telegram: preserve exact selected quote text when sending native quote replies, and retry with legacy replies if Telegram rejects quote parameters. (#71952) Thanks @rubencu.
Plugins/CLI: preserve manifest name, description, format, and source metadata in cold openclaw plugins list output without importing plugin runtime. Thanks @shakkernerd.
Security/audit: read channel exposure and plugin allowlist ownership from read-only plugin index metadata so cold audits do not depend on loaded channel runtime. Thanks @shakkernerd.
Plugins/chat: keep /plugins list, /plugins enable, and /plugins disable on the persisted plugin index path so chat plugin management does not load diagnostic/runtime plugin registries before execution. Thanks @shakkernerd.
Plugins/doctor: read workspace plugin status and legacy web-search ownership through installed-index manifest metadata instead of broad manifest registry scans. Thanks @shakkernerd.
CLI/agents: read channel provider status from read-only plugin index metadata for text agents list output instead of the loaded channel registry. Thanks @shakkernerd.
Logging: redact configured secret patterns at console and file-log sink exits so credentials that reach the logger are masked before terminal display or JSONL persistence. Fixes #67953. Thanks @Ziy1-Tan.
Gateway/services: refuse process and service mutations from an older OpenClaw binary when the config was last written by a newer version, preventing split-brain installs from stopping or rewriting newer gateway services. Fixes #57079.
Gateway: reserve /healthz and /readyz ahead of plugin, canvas, and Control UI HTTP stages so liveness/readiness probes still answer when a later route handler stalls. Fixes #69674. Thanks @Xike-Creek.
Logging: load logging.file and redaction settings directly from the active OpenClaw config path in bundled runtimes, so packaged gateways stop falling back to /tmp/openclaw. Fixes #59370, #67168, and #61295. Thanks @KeaneYan, @Pan9hu, and @zsjlovelike.
Logging: rotate file logs at logging.maxFileBytes, keep bounded numbered archives, and make long-lived rolling loggers follow the current-day file instead of suppressing diagnostics or writing stale dated files. Fixes #58583 and #62381. Thanks @jpeghead and @zhaoleink.
Agents/groups: treat clean empty assistant stops as silent NO_REPLY only for always-on groups where silent replies are allowed, while keeping direct and mention-gated sessions on the incomplete-turn retry path. Thanks @MagnaAI.
macOS/Node: keep native remote app nodes from advertising browser.proxy, start browser-capable CLI node services through the restored openclaw node start command, and show an actionable browser-control error when the local control service is missing. Fixes #66637.
Gateway/update: fail package updates when the restarted managed gateway reports the wrong version, including fallback restarts and JSON mode, avoiding false-success mixed-version restarts after macOS LaunchAgent updates. Fixes #71835. Thanks @abhinas90 and @jsompis.
Gateway/update: warn before package updates and bundled plugin runtime-dependency repairs when the target volume appears low on disk space, without blocking installs on best-effort filesystem checks. Fixes #71835. Thanks @abhinas90 and @jsompis.
Plugins/runtime deps: surface activated plugin load failures in health and fail package-update restart verification or doctor repair when bundled runtime deps still cannot load, avoiding false-success repairs. (#71883) Thanks @Solvely-Colin.
Gateway/Linux: include fnm aliases/default/bin in generated service PATHs and let doctor accept either modern fnm aliases or the legacy current/bin symlink, avoiding false PATH repair prompts. Fixes #68169. Thanks @richard-scott.
Installer/Linux: run apt installs with noninteractive dpkg and needrestart settings so fresh Ubuntu 24.04 curl | bash installs do not hang while installing Node.js, Git, or build tools. Fixes #41146. Thanks @iht76, @alexcarv318, @cs3gallery, @firofame, and @cgdusek.
Providers/Bedrock: defer the AWS SDK import until Bedrock discovery actually runs so plugin registration and setup stay lightweight on cold start. Fixes #71690. Thanks @jarvis-ai-gregmoser.
Installer/macOS: stop immediately when Homebrew node@24 installation fails and avoid printing PATH advice for missing Homebrew Node installs. Fixes #70411. Thanks @1fanwang.
WhatsApp: remove ack reactions after a visible reply when messages.removeAckAfterReply is enabled, matching other reaction-capable channels. Fixes #26183. Thanks @MrUnforsaken.
Providers/Z.AI: map OpenClaw thinking controls to Z.AI's thinking payload and add opt-in preserved thinking replay via params.preserveThinking, so GLM 5.x can keep prior reasoning_content when requested. Fixes #58680. Thanks @xuanmingguo.
Channels/status: keep read-only channel lists on manifest and package metadata by default, loading setup runtime only for explicit fallback callers. Thanks @shakkernerd.
Plugins: scope setup and web-provider metadata manifest reads to explicit plugin ids when callers already know the owning plugin set. Thanks @vincentkoc.
Plugins/onboarding: defer onboarding install-record index writes until the guarded config commit so setup failures cannot leave the plugin index ahead of openclaw.json. Thanks @shakkernerd.
Plugins/registry: resolve web provider ownership from the installed plugin index instead of broad manifest scans on secret, tool, and pricing paths. Thanks @shakkernerd.
Config/providers: accept video and audio in configured model input values and preserve them in provider catalog entries. Fixes #20721. Thanks @alvinttang.
Models/auth: honor the parent --agent flag for auth write commands (add, login, setup-token, paste-token, and the GitHub Copilot shortcut) so OAuth/API-key/token results are written to the requested agent store instead of the default agent. Fixes #71864. (#71933) Thanks @balric-seo.
TTS: strip model-emitted TTS directives from streamed block text before channel delivery, including directives split across adjacent blocks, while preserving the accumulated raw reply for final-mode synthesis. Fixes #38937.
TTS: keep explicit provider=... directive keys scoped to that provider and warn on unsupported keys instead of letting another speech provider consume overlapping keys. Fixes #60131.
TTS/Feishu: normalize final-mode streamed TTS-only audio before delivery so generated voice-note files use the same safe media path and native voice routing as normal final replies. Fixes #71920.
Feishu: transcribe inbound voice-note audio with the shared media audio path before agent dispatch and keep raw Feishu file_key payloads out of message text. Fixes #67120 and #61876.
Tasks: terminalize async Gateway agent task records from the Gateway run result while preserving aborted, failed, and cancelled outcomes instead of leaving completed runs stuck as active or lost. (#71905) Thanks @likewen-tech.
WhatsApp: let authorized group voice-note transcripts satisfy mention gating before reply dispatch, while keeping unmentioned transcripts in pending group history. Fixes #44908.
Media understanding: carry channel voice-note preflight state into attachment selection so WhatsApp, Feishu, Telegram, and Discord do not transcribe the same inbound audio twice. Fixes #70580.
TTS/BlueBubbles: deliver compatible auto-TTS audio as iMessage voice memo bubbles instead of plain MP3/CAF file attachments. Fixes #16848.
TTS: resolve voice-note and voice-memo routing from channel plugin capabilities instead of speech-core-owned channel id lists.
ACP: send subagent and async-task completion wakes to external ACP harnesses as plain prompts instead of OpenClaw internal runtime-context envelopes, while keeping those envelopes out of ACP transcripts.
TTS/status: show configured TTS model, voice, and sanitized custom endpoint in /status, preserve OpenAI-compatible TTS instructions on custom endpoints, and retry empty Microsoft/Edge TTS output once. Addresses #46602, #47232, and #43936. Thanks @leekuangtao, @Huntterxx, and @rex993.
Agents/Gateway: steer agent-driven config edits and restarts through the owner-only gateway tool, document config.schema.lookup as the field-doc source, and warn against using gateway stop && gateway start as a restart substitute on macOS. Fixes #71929. Thanks @ygc3817922006-sketch.
Media understanding/audio: inject a deterministic transcript placeholder for too-small voice notes so agents do not hallucinate transcription or provider failures. Fixes #48944. Thanks @eulicesl.
Providers/vLLM: send Nemotron 3 chat-template kwargs when thinking is off and honor configured params.chattemplatekwargs for OpenAI-compatible completions, so vLLM/Nemotron replies stay visible instead of becoming thinking-only. Fixes #71891. Thanks @jmystaki-create and @dennis-lynch.
Channels/replies: strip copied inbound metadata blocks from user-facing assistant replies and model replay history, so Discord/vLLM sessions do not leak Conversation info / UNTRUSTED ... message body envelopes after a model echoes them. Fixes #71847. Thanks @jmystaki-create.
Subagents/memory: keep inter-session completion wakes out of memory and dreaming session exports, and strip internal runtime-context blocks from realtime Control UI chat events.
Agents/Claude: treat zero-token empty stop turns as failed provider output, retry once, repair replay, and allow configured model fallback instead of preserving them as successful silent replies. Fixes #71880. Thanks @MagnaAI.
Tasks: normalize task lifecycle timestamps at create, update, and restore time, and report retained lost tasks as audit warnings until their cleanup window expires. (#71871) Thanks @likewen-tech.
Diagnostics/OTEL: treat normal early model stream cleanup as a completed model call instead of exporting a misleading StreamAbandoned error span. Thanks @vincentkoc.
Gateway/pairing: stop corrupt or unreadable device/node pairing stores from being treated as empty state, preserving paired.json for repair instead of overwriting approved pairings. Fixes #71873. Thanks @iret77.
ACP: keep /acp management commands, plus local /status and /unfocus, on the Gateway path inside ACP-bound threads so they are not consumed as ACP prompt text. Fixes #66298. Thanks @kindomLee.
ACPX: stop probing ACP agents during normal Gateway startup; the embedded backend now registers without spawning Codex/ACP child processes unless OPENCLAWACPXRUNTIMESTARTUPPROBE=1 is explicitly set.
CLI/image edit: accept --size, --aspect-ratio, and --resolution on openclaw infer image edit and report all supported edit flags from capability inspect image.edit. Thanks @Pinghuachiu.
ACP: wait for the configured runtime backend to become healthy before startup identity reconciliation, avoiding transient acpx warnings during Gateway boot. Fixes #40566.
Channels/ACP bindings: time out configured binding readiness checks instead of letting Discord preflight hang forever when an ACP target never settles. Fixes #68776.
Control UI: hide the chat loading skeleton during background history reloads when existing messages or active stream content are already visible, avoiding reload flashes on high-latency local gateways. Fixes #71844. Thanks @WolvenRA.
Control UI: keep locally optimistic chat messages visible when a history reload temporarily returns empty, avoiding lost first-turn messages on high-latency gateways. Fixes #71878. Thanks @WolvenRA.
Control UI: keep chat history limits based on visible messages after filtering heartbeat and control-only transcript rows, so recent hidden entries no longer make older visible replies disappear. Thanks @WolvenRA.
Agents/images: scrub old [media attached: ...], [Image: source: ...], and media://inbound/... markers from pruned model replay context so stale media refs are not rehydrated as fresh prompt images. Fixes #71868. Thanks @jmeadlock.
Docker/Bonjour: disable Bonjour/mDNS advertising by default for bundled Compose gateways on bridge networking, while keeping host/macvlan opt-in with OPENCLAWDISABLEBONJOUR=0. Fixes #71879. Thanks @gbballpack.
CLI/status: label the OpenClaw Serve/Funnel setting as Tailscale exposure and show daemon state separately when available, so gateway.tailscale.mode: "off" no longer reads like the Tailscale daemon is stopped. Fixes #71790. Thanks @pesvobodak.
Plugins/Bonjour: stop ciao mDNS watchdog failures from looping forever when the advertiser stays stuck in probing or announcing; Bonjour now disables itself for the current Gateway process after repeated failed restarts while the Gateway keeps running. Fixes #69011. Thanks @siddharthaagarwalofficial-ux, @FiredMosquito831, and @spikefcz.
Gateway/Fly.io: seed Control UI allowed origins from the actual runtime bind and port so CLI-driven non-loopback starts do not crash before config exists. Fixes #71823.
macOS/remote SSH: keep discovered gateway hosts in gateway.remote.sshTarget while pinning SSH transport URLs to the local loopback tunnel, so browser automation does not regress into blocked non-loopback ws:// endpoints. Fixes #67336.
Gateway/proxy: bootstrap env proxy dispatching from direct Gateway startup so provider and plugin network requests honor HTTPSPROXY/HTTPPROXY before the first embedded agent attempt runs. (#71833) Thanks @mjamiv.
Plugins/runtime deps: verify clean npm installs actually place requested bundled runtime packages in the managed install root, reporting exact missing specs instead of a false successful repair. (#71883) Thanks @Solvely-Colin.
Plugins/discovery: ignore stale plugins.load.paths aliases that point back at packaged bundled plugin directories and have doctor remove them, keeping bundled plugins on the runtime-deps staging path. Thanks @codex.
Models/LM Studio: preserve @iq* quant suffixes in model refs and provider matching so /model lmstudio/...@iq3_xxs keeps the exact LM Studio variant. Fixes #71474. (#71486) Thanks @Bartok9, @XinwuC, and @Sanjays2402.
Matrix/cron: preserve the live Matrix delivery target when creating implicit announce reminder jobs so mixed-case room IDs are not reconstructed from lowercased session keys. Fixes #71798.
Feishu: accept Schema 2.0 card action callbacks that report context.openchatid instead of legacy context.chat_id, so button callbacks no longer drop as malformed. Fixes #71670. Thanks @eddy1068.
Feishu: keep synthetic card-action and bot-menu ids out of platform reply targets, using the real card callback message id when Feishu provides one and plain-sending otherwise. Fixes #71673. Thanks @eddy1068.
Plugins/QQ Bot: prefer an installed QQ Bot plugin that declares it replaces the bundled qqbot channel, preventing duplicate qqbotchannelapi and qqbot_remind tool registration noise. Fixes #63102.
Browser automation: keep stable tab ids and labels attached when Chromium replaces the raw target after form submissions or other action-triggered navigations, and return the replacement targetId from /act when the match is provable. Fixes #46137.
QQ Bot: make qqbot_remind schedule, list, and remove Gateway cron jobs directly for owner-authorized senders instead of returning cronParams and relying on a follow-up generic cron tool call. Fixes #70865. (#70937) Thanks @GaosCode.
Agents/ACP: hide sessions_spawn ACP runtime options unless an ACP backend is loaded, and make /acp doctor call out plugins.allow blocking bundled acpx. Thanks @vincentkoc.
Agents/Codex: keep ACP prompt/skill routing hidden unless an ACP runtime backend is available, and warn in doctor when enabled Codex plugin configs still route openai-codex/* models through PI. Thanks @vincentkoc.
Media delivery: avoid sending generated image attachments twice when the assistant reply already includes explicit MEDIA: lines for the same turn, and reject unsafe remote MEDIA: URLs before delivery. Thanks @pashpashpash.
Codex harness: ignore retryable app-server error notifications after Codex recovers, and preserve the real nested error message for terminal app-server failures instead of replacing it with a generic failure. Thanks @pashpashpash.
Agents/Codex: prepare native Codex sub-agent session metadata without a nested Gateway session patch and add a focused Docker smoke for the app-server sub-agent path. Thanks @vincentkoc.
Agents/subagents: keep queued subagent announces session-only when the requester has no external channel target, avoiding ambiguous multi-channel delivery failures. Fixes #59201. Thanks @larrylhollan.
Image understanding: preserve configured provider-prefixed vision model metadata when callers request the model without the provider prefix, so custom image models keep their input: ["text", "image"] capability. Fixes #33185. Thanks @Kobe9312 and @vincentkoc.
Plugins/install: restore the previous plugin index records if a concurrent config write conflict interrupts install, update, or uninstall metadata commits. Thanks @shakkernerd.
Plugins/install: reject native plugin archives that do not include a valid openclaw.plugin.json, preventing manifestless archives from writing install records that later show missing-manifest diagnostics. Thanks @shakkernerd.
Plugins/uninstall: remove tracked managed plugin install directories even when the persisted install path differs from the default id-derived target, while still refusing deletes outside the managed extensions root. Thanks @shakkernerd.
Plugins/update: restore previous plugin index records if core update or channel setup hits a concurrent config write conflict after plugin metadata changes. Thanks @shakkernerd.
Plugins/onboarding: defer channel/provider plugin install records until the owning config write commits, keeping setup failures from advancing the plugin index ahead of openclaw.json. Thanks @shakkernerd.
Plugins/config: route configure and agent setup writes with pending plugin install records through the plugin index commit helper so provider onboarding metadata is not stripped by plain config writes. Thanks @shakkernerd.
Plugins/channels: merge pending channel plugin install records with the existing plugin index before config writes, preserving unrelated tracked installs during channel setup, resolve, remove, and capability repair flows. Thanks @shakkernerd.
Plugins/config: defer shipped plugins.installs index migration during config writes until the guarded config commit window and roll it back if the config write fails before commit. Thanks @shakkernerd.
Sessions: keep embedded runtime context out of the visible user prompt by sending it as a hidden next-turn custom message, and teach doctor to repair affected 2026.4.24 transcripts with duplicated prompt-rewrite branches. Fixes #71761.
Gateway/subagents: keep direct-loopback backend RPCs authenticated with the shared gateway token/password off stale CLI paired-device scope baselines, so internal calls no longer hit scope-upgrade pairing prompts while remote, browser, node, device-token, and explicit-device paths still require normal pairing approval. Fixes #63548.
Providers/Azure OpenAI: give deployment-scoped image generation requests a longer 600s default timeout so slow gpt-image-2 generations can complete without a per-call timeoutMs. Fixes #71705. Thanks @voytas75.
Gateway/plugins: link source-checkout bundled runtime dependency caches instead of recursively copying node_modules on the gateway main thread, preventing local status, node, and skill probes from timing out during startup cache restores.
Skills/remote nodes: only expose remote macOS skill bins for connected nodes, clear stale bin matches when node probes fail, and include probe command, timeout, bin count, and connection state in timeout logs.
Skills/remote nodes: recognize system.which object-map responses when probing connected macOS nodes, so Linux gateways can expose macOS-only skills such as Apple Notes when the required binaries are installed remotely. Fixes #71877. Thanks @miguelarios.
CLI/gateway: keep diagnostic probes from creating first-time read-only device pairings, while still reusing cached device tokens for detailed read probes. Fixes #71766. Thanks @SunboZ.
CLI/plugins: keep message startup, channels logs, agents delete, and agents set-identity off broad plugin preloading; message delivery still loads plugins when the action actually runs.
Image understanding: resolve configured image models such as local LM Studio vision entries before reporting Unknown model when the discovery registry has not registered that provider. Fixes #66486. Thanks @zhanggpcsu.
QQ Bot: ignore self-echoed bot messages using the outbound ref-index marker, preventing mirrored replies from re-entering the agent loop while still allowing users to quote bot replies. Fixes #71912. Thanks @wangyc6003.
Sessions: separate reset freshness from session-store updatedAt, so heartbeat, cron, exec, and gateway bookkeeping no longer prevent configured daily/idle resets from rolling long-running channel sessions. Fixes #68315, #63732, #63820, and #69083. Thanks @maxatv, @longhairedsi, @bradfreels, and @akessel56.
Sessions: clear queued system-event notices during /new, /reset, gateway sessions.reset, and daily/idle rollover so stale background updates cannot leak into the first prompt of the fresh session. Fixes #66864. Thanks @opeyio, @Magicray1217, and @cedillarack.
CLI/agents: keep agents bind, agents unbind, and agents bindings on setup-safe channel metadata paths so they do not preload bundled plugin runtimes or stage runtime dependencies. Fixes #71743.
Plugins/registry: preserve explicit disabled plugin records during registry migration without persisting every unused bundled plugin discovered on disk. Thanks @shakkernerd.
Windows/native: keep CLI startup and bundled provider plugin loading off Windows ESM raw-path failure paths, fixing native onboarding/install smoke on Node 24.
Plugins/doctor: read bundled channel doctor capabilities through the same packaged plugin directory resolver used by plugin loading, so published installs keep Matrix DM allowlist repairs on channels.matrix.dm.* instead of writing invalid top-level dmPolicy keys. Fixes #71757.
Plugins/Windows: keep bundled plugin Jiti loaders off the native import path on Windows so channel plugins such as Telegram no longer crash with ERRUNSUPPORTEDESMURLSCHEME on C:\... paths. Fixes #71749. Thanks @smeyer9.
Providers/Ollama: use Ollama's current /api/web_search endpoint and honor https://ollama.com model-provider base URLs for Ollama Web Search. Fixes #71741. Thanks @madhvidua.
Memory/Ollama: serialize Ollama memory embedding batches and add an inline batch timeout override, with longer defaults for local/self-hosted embedding providers.
Sessions/usage: exclude compaction checkpoint transcript snapshots from usage totals and session discovery, while keeping old checkpoint files removable.
CLI/agents: keep openclaw agents list --json on the config-only path by default, avoiding bundled plugin loading unless callers request --bindings. Fixes #71739. Thanks @kaloster.
Plugins/install: force plugin dependency installs to stay project-local even when inherited npm config requests global installs, so successful installs still materialize the plugin's staged node_modules.
Providers/Google: transcode Gemini TTS PCM to Opus for voice-note targets so WhatsApp and other native voice-note replies can play as voice messages.
TTS/WhatsApp: mark non-Opus provider output as voice-note intent so channel delivery transcodes MP3/WebM replies to Ogg/Opus PTT audio.
Plugins/runtime deps: reuse existing external bundled-plugin stage roots when mirrored plugin roots are inspected again, avoiding second-generation openclaw-unknown-* stages and repeated first-turn restaging. Fixes #71599.
iOS/macOS Talk Mode: allow talk.speechLocale to set the speech recognition locale for non-English voice conversations. Fixes #44688.
Plugins/providers: honor explicit plugin candidate lists instead of reading a persisted registry snapshot from local state, keeping candidate-scoped provider discovery hermetic.
Plugins/doctor: keep bundled plugin runtime-dependency repairs inside the managed OpenClaw stage even when user npm prefix/global config points npm at $HOME/node_modules. Fixes #71730.
ACP/sessions_spawn: reject normal OpenClaw config agent ids when callers explicitly request runtime="acp", while allowing agents configured with runtime.type="acp" to resolve to their ACP harness id. Fixes #63914.
ACP/sessions_spawn: apply runTimeoutSeconds to ACP child turns and dispatch those turns on the background subagent lane, so quota-stalled ACP harnesses do not occupy the main agent lane indefinitely. Fixes #68823.
ACP/oneshot: reconcile runtime session identity before closing completed oneshot ACP runs, so finished sessions.json entries do not stay stuck with acp.identity.state="pending".
ACPX: bundle acpx@0.6.1 so unsupported generic model overrides fail clearly instead of silently falling back to the target adapter default.
ACP/models: document that non-Codex ACP model overrides require adapter support for ACP models plus session/set_model, so unsupported harnesses fail clearly instead of silently falling back to their defaults.
Plugins/Voice Call: treat missing provider credentials as setup-incomplete during Gateway startup and log the missing keys as a warning instead of a runtime startup error, while keeping explicit command/tool errors when used.
Android/Talk Mode: prevent duplicate TTS playback when fast or repeated final chat events arrive while Talk Mode is waiting for its own response. Fixes #46546.
Tooling/check:changed: pass parent heavy-check lock markers to lint lanes so pnpm check:changed no longer waits on its own lint:extensions child.
CLI/completion: dedupe provider auth flags before registering openclaw onboard options, so completion-cache refresh during update no longer fails when stale core fallback flags overlap plugin manifest flags. Fixes #71667.
Diagnostics/trace: report live context usage from the current prompt snapshot instead of provider turn totals, avoiding false near-full context spikes on cached or tool-heavy runs.
Providers/Google: honor models.providers.google.request.allowPrivateNetwork for Gemini TTS and telephony TTS, matching Google image generation and media understanding. (#71723) Thanks @ro-hansolo.
Providers/MiniMax: register minimax-portal for music and video generation, preserving OAuth auth and regional MiniMax base URLs across the shared musicgenerate and videogenerate tools. (#63241) Thanks @tars90percent.
Providers/onboarding: keep Runway and Alibaba Model Studio out of the text-inference setup picker by scoping their video-generation auth choices to the media setup flow. (#65856) Thanks @Jah-yee.
Plugins/Bonjour: stop the gateway from crash-looping on CIAO PROBING CANCELLED when the mDNS watchdog cancels a stuck probe. Restores the rejection-handler wiring dropped during the bonjour plugin migration and shares unhandled-rejection state across module instances so plugin-staged copies of openclaw/plugin-sdk/runtime register into the same handler set the host consults. Especially affects Docker on macOS, where mDNS probing reliably hits the watchdog. Thanks @troyhitch.
Google Meet: report pinned Chrome nodes as offline or missing capabilities in setup/join diagnostics, keep inaccessible nodes out of auto-selection, and preflight local BlackHole/SoX requirements before agents try local Chrome.
Providers/MiniMax: route image-01 requests to the dedicated image generation endpoint while preserving CN endpoint selection. Fixes #61149. Thanks @mushuiyu886.
Plugins/startup: remove ownerless bundled runtime-dependency install locks after a short grace window and include lock owner details when startup times out waiting for a plugin runtime-deps lock.
Plugins/install: anchor bundled runtime-dependency npm installs with an OpenClaw-owned package manifest so Linux updates cannot accidentally write to a parent $HOME/node_modules tree. Fixes #71730.
Plugins/install: pass onboarding plugin config into plugin index writes so local plugin installs outside default discovery roots keep their install records. Thanks @shakkernerd.
Plugins/install: migrate shipped plugins.installs config records into the plugin index while stripping them from runtime config and future writes. Thanks @shakkernerd.
Plugins/install: durably remove shipped plugins.installs from openclaw.json after its records are copied into the plugin index, while rolling back the index write if config cleanup fails. Thanks @shakkernerd.
Plugins/install: keep migrated plugin install records in the plugin index even when the plugin manifest is missing or invalid, so update, uninstall, inspect, and audit can still recover broken installs. Thanks @shakkernerd.
Plugins/security: keep plugin audit JSON check ids stable while reporting plugin index install-record findings with updated wording. Thanks @shakkernerd.
CLI/config: reject direct plugins.installs edits with guidance to use openclaw plugins install, openclaw plugins update, or openclaw plugins uninstall instead. Thanks @shakkernerd.
Live tests/voice: accept common STT variants for OpenClaw and ElevenLabs brand names so provider smoke tests fail on real regressions rather than equivalent transcripts.
Agents/replies: forward sanitized underlying agent failure details on external channels instead of replacing unknown failures with a generic retry message.
CLI/MCP: translate OpenClaw mcp.servers.*.transport entries into Claude/Gemini CLI type fields so streamable HTTP MCP servers load in CLI backend sessions. (#71724) Thanks @Blockchain-Oracle.
Browser/CDP: honor configured remote and attachOnly CDP HTTP/WebSocket timeouts when opening tabs through raw CDP or /json/new fallback. (#54238) Thanks @FuncWei.
WhatsApp/TTS: send visible text separately from PTT voice-note audio instead of relying on hidden voice-note captions. Fixes #51081.
Browser/client: avoid telling agents to restart OpenClaw for dispatcher timeouts on external browser profiles such as attachOnly, remote CDP, and existing-session. (#40815) Thanks @0xsline.
Agents/TTS: preserve [[audioasvoice]] directives on trusted text tool-result MEDIA: payloads so generated audio still delivers as a voice note. (#46535) Thanks @azade-c.
Agents/TTS: keep queued tool media when an assistant ends with NO_REPLY on non-block delivery paths, so media-only generated audio replies still send. (#60025) Thanks @bradlind1.
Telegram/STT: frame inbound voice-note transcripts as machine-generated, untrusted text in agent context while preserving raw transcript mention detection. Closes #33360. Thanks @smartchainark.
Subagents/browser: show an actionable /tools notice when browser automation is configured but filtered out by the active tool profile, and document that coding-profile agents should use tools.alsoAllow: ["browser"] rather than subagent allowlists alone.
Control UI/Quick Settings: persist the assistant avatar override to browser local storage (mirroring the user avatar) so uploaded image data URLs no longer fail config validation with "Too big: expected string to have <=200 characters". Also lift the gateway-side ui.assistant.avatar length cap to match the user avatar size budget for non-UI clients writing the field directly. Thanks @BunsDev.
Plugin SDK: share diagnostic event subscriptions across duplicate source/dist module graphs so legacy root SDK imports still receive runtime diagnostic events.
Agents/Bedrock: prevent empty assistant stream-error turns from poisoning Converse replay by persisting, repairing, and replaying a non-empty fallback block. Fixes #71572. (#71627) Thanks @openperf.
Agents/Anthropic/Bedrock: strip thinking blocks with missing, empty, or blank replay signatures before provider conversion, falling back to non-empty omitted-reasoning text when needed so corrupted signed-thinking history no longer poisons subsequent turns. Fixes #45010. (#70054) Thanks @castaples.
Agents/Anthropic/Bedrock: preserve stripped thinking-only assistant replay turns with non-empty omitted-reasoning text so provider adapters keep strict user/assistant turn shape. Thanks @wujiaming88.
ACP/Codex: pass sessions_spawn(runtime="acp") model and thinking overrides into Codex ACP startup, normalize openai-codex/* refs and slash reasoning suffixes, and recognize managed Codex ACP wrapper commands without blocking current gpt-5.5 sessions. Fixes #40393. (#71643) Thanks @91wan.
Browser/CDP: make readiness diagnostics use the same discovery-first fallback as reachability for bare ws:// Browserless and Browserbase CDP URLs. Fixes #69532.
Browser/CDP: explain that loopback Browserless or other externally managed CDP services need attachOnly: true and matching Browserless EXTERNAL endpoint when reporting local port ownership conflicts, and fall back to the configured bare WebSocket root when a discovered Browserless endpoint rejects CDP. Fixes #49815.
Gateway/reload: preserve indefinite gateway.reload.deferralTimeoutMs: 0 semantics for channel hot reload deferrals so active agent runs are not interrupted by a forced channel restart. (#71637) Thanks @Poo-Squirry.
Agents/tool results: cap persisted Pi tool-result details and strip hidden diagnostics before provider conversion, preventing large debug payloads from bloating session transcripts. (#71637) Thanks @Poo-Squirry.
ACP/OpenCode: update the bundled acpx runtime to 0.6.0 and cover the OpenCode ACP bind path in Docker live tests.
Providers/OpenCode Go: add DeepSeek V4 Pro and DeepSeek V4 Flash to the Go catalog while the bundled Pi registry catches up. Fixes #71587.
Providers/OpenCode Go: route DeepSeek V4 Pro/Flash through the OpenAI-compatible Go endpoint and suppress invalid reasoning_effort: "off" payloads, fixing tool-enabled requests for opencode-go/deepseek-v4-flash. Fixes #71683.
Plugins/model defaults: run Skill Workshop review, Active Memory recall, and session-memory slug generation on the configured agent default model instead of the hardcoded OpenAI SDK fallback when hook context lacks model metadata. Fixes #71659.
Providers/Venice: fill the required DeepSeek V4 reasoning_content placeholder for venice/deepseek-v4-pro and venice/deepseek-v4-flash replay turns without sending native DeepSeek thinking controls that Venice rejects. Fixes #71628.
Browser/existing-session: support per-profile Chrome MCP command/args, map cdpUrl to --browserUrl or --wsEndpoint, and avoid combining endpoint flags with --userDataDir. Fixes #47879, #48037, and #62706. Thanks @puneet1409, @zhehao, and @madkow1001.
Media/plugins: bound MIME sniffing and ZIP archive preflight before handing untrusted files to file-type or jszip, reducing parser CPU and memory exposure for attachments and ClawHub plugin archives. Thanks @vincentkoc.
Memory-host SDK: use trusted env-proxy mode for remote embedding and batch HTTP calls only when Undici will proxy that target, preserving SSRF DNS pinning for ALLPROXY-only and NOPROXY bypass cases. Fixes #52162. (#71506) Thanks @DhtIsCoding.
Gateway/dashboard: render Control UI and WebSocket links with https:///wss:// when gateway.tls.enabled=true, including openclaw gateway status. Fixes #71494. (#71499) Thanks @deepkilo.
Agents/OpenAI-compatible: default proxy/local completions tool requests to tool_choice: "auto" when tools are present, so providers enter native tool-calling mode instead of replying with plain-text tool directives. (#71472) Thanks @Speed-maker.
OpenAI image generation: use gpt-5.5 for the Codex OAuth responses transport instead of the retired gpt-5.4 model, fixing 500s from ChatGPT Codex image generation. Fixes #71513. Thanks @baolongl.
OpenAI image generation: route transparent-background default-model requests to gpt-image-1.5, document the expected image_generate call shape, and keep Azure/custom OpenAI-compatible deployment names untouched.
Google video generation: download direct MLDev Veo video.uri results instead of passing them through the Files API path, fixing 404s after successful generation/polling. Fixes #71200. Thanks @panhaishan.
Google video generation: fall back to the REST predictLongRunning Veo endpoint for text-only SDK 404s while keeping reference image/video generation on the SDK path. Fixes #62309 and #63008. (#62343) Thanks @leoleedev.
MiniMax music generation: switch the bundled default model from the unsupported music-2.5+ id to the current music-2.6 API model. Fixes #64870 and addresses the music default from #62315. Thanks @noahclanman and @edwardzheng1.
Cron: record jobs interrupted by a gateway restart as failed at their original runningAtMs, skip unsafe startup replay, and disable interrupted one-shot jobs so they show a visible failure instead of silently disappearing or duplicating work. Fixes #59056, #61343, #63657, and #59301. Thanks @ponchoooPenguin, @daemic24, @myradon, and @hikiwibot.
Cron tool: recover flat top-level schedule shorthand such as cron, tz, and staggerMs before gateway validation, so model-generated cron add/update calls preserve cron jitter settings. Thanks @tyxben.
Cron: hydrate flat legacy job rows with top-level cron, tz, session, and message fields into canonical schedule, target, and payload objects before startup recomputes run times. Fixes #43351.
Agents/replies: let pending group chat history trigger bare mentioned turns without treating metadata-only inbound context as user input. Fixes #71489. (#71520) Thanks @SymbolStar.
Google media generation: strip a configured trailing /v1beta from Google music/video provider base URLs before calling the Google GenAI SDK, preventing doubled /v1beta/v1beta paths. Fixes #63240. (#63258) Thanks @Hybirdss.
Discord: restore direct-message voice-note preflight transcription and classify URL-only Ogg/Opus voice attachments as audio while skipping partial attachments without usable URLs. Fixes #61314 and #64803.
Plugins/build: copy bundled plugin skill trees into dist-runtime, broaden Windows symlink-copy fallbacks, and fingerprint runtime dependencies from lstat so symlink-like directory entries cannot crash staging.
Google Chat: preserve reply text when a typing indicator message is deleted or can no longer be updated, so media captions and first text chunks are resent instead of silently disappearing. (#71498) Thanks @colin-lgtm.
Cron: tolerate malformed legacy job rows in startup, main-session system-event payloads, and human-readable cron list output so missing state, payload.text, or display fields no longer crash the scheduler or CLI. Fixes #66016, #65916, #64137, #57872, #59968, #63813, #52804, and #43163. (#71509) Thanks @vincentkoc.
CLI/models: make openclaw models scan fall back to public OpenRouter free-model metadata when no OPENROUTERAPIKEY is configured, avoid config secret resolution for explicit --no-probe scans, and apply the scan timeout to the OpenRouter catalog request.
Feishu: keep streaming cards to one live card per turn, flush throttled card edits after meaningful text boundaries, and skip exact block/partial repeats so tool-heavy replies do not duplicate card output. Thanks @allan0509.
Feishu: finish the streaming-card duplicate closeout by stripping leaked reasoning tags, preserving cross-block partial snapshots, enabling topic-thread streaming cards, omitting the generic main card header, surfacing transient tool/compaction status, and cleaning streaming state after close failures. Thanks @sesame437, @Vicky-v7, @maoku-family, @Pengxiao-Wang, and @Maple778.
Telegram: recover incomplete partial-stream previews by falling back to a final send when an ambiguous final edit failure would otherwise retain a strict prefix of the answer. Fixes #71525. (#71554) Thanks @sahilsatralkar.
Control UI/chat: collapse assistant token/model context details behind an explicit Context disclosure and show full dates in message footers, making historical transcript timing clear without noisy default metadata. (#71337) Thanks @BunsDev.
OpenAI/Codex OAuth: explain unsupportedcountryregion_territory token-exchange failures with a proxy/region hint instead of surfacing a generic OAuth error. Fixes #51175. (#71501) Thanks @vincentkoc and @wulala-xjj.
Browser/Linux: fall back to headless mode for local managed profiles on hosts without a display server, while preserving explicit per-profile headed overrides and reporting the headless source. (#60953) Thanks @rrpsantos.
Telegram: remove the startup persisted-offset getUpdates preflight so polling restarts do not self-conflict before the runner starts. Fixes #69304. (#69779) Thanks @chinar-amrutkar.
Telegram: keep the polling stall watchdog active even when grammY reports the runner as not running while its task is still pending, so a rebuilt transport cannot leave getUpdates silent until a manual gateway restart. Fixes #69064. Thanks @LDLoeb.
Subagents: fall back to direct completion delivery when the parent announce turn finishes without a visible payload, so child results still reach channel-backed requester sessions.
Subagents: tell parent agents to use sessions_yield while waiting for child completion events, preventing GPT-5 fast runs from ending silently after spawning workers.
Browser/Playwright: ignore benign already-handled route races during guarded navigation so browser-page tasks no longer fail when Playwright tears down a route mid-flight. (#68708) Thanks @Steady-ai.
Browser/CLI: lazy-load browser command groups and plugin runtime services so openclaw browser --help can render without loading the full browser automation stack. Fixes #65400. (#65460, #66640) Thanks @pandego and @Tianworld.
Browser/CLI: serve precomputed openclaw browser --help text from CLI startup metadata, avoiding the full plugin/config startup path for the common help invocation.
Browser/downloads: seed managed Chrome profiles with OpenClaw download prefs and capture unmanaged click-triggered downloads under the guarded downloads directory, while explicit download waiters still own their target file. (#64558) Thanks @Pearcekieser.
Browser/Chrome: stop passing redundant --disable-setuid-sandbox when browser.noSandbox is enabled; --no-sandbox remains the effective sandbox opt-out. (#67939) Thanks @sebykrueger.
Browser/client: stop telling agents to permanently avoid the browser after transient timeout or cancellation failures; keep the no-retry hint for persistent unavailable/rate-limit cases. (#46505) Thanks @jriff.
Browser/aria snapshots: bind format=aria axN refs to live DOM nodes through backend DOM ids when Playwright is available, so follow-up browser actions can use those refs without timing out. (#62434) Thanks @MrKipler.
Telegram: prevent duplicate in-process long pollers for the same bot token and add clearer getUpdates conflict diagnostics for external duplicate pollers. Fixes #56230. Thanks @Co-Messi.
Browser/Linux: detect Chromium-based installs under /opt/google, /opt/brave.com, /usr/lib/chromium, and /usr/lib/chromium-browser before asking users to set browser.executablePath. (#48563) Thanks @lupuletic.
Sessions/browser: close tracked browser tabs when idle, daily, /new, or /reset session rollover archives the previous transcript, preventing tabs from leaking past the old session. Thanks @jakozloski.
Sessions/forking: fall back to transcript-estimated parent token counts when cached totals are stale or missing, so oversized thread forks start fresh instead of cloning the full parent transcript. Thanks @jalehman.
OpenAI/Codex: send Codex Responses system prompts through top-level instructions while preserving the existing native Codex payload controls.
MCP/CLI: retire bundled MCP runtimes at the end of one-shot openclaw agent and openclaw infer model run gateway/local executions, so repeated scripted runs do not accumulate stdio MCP child processes. Fixes #71457. Thanks @spartoviMD.
OpenAI/Codex image generation: canonicalize legacy openai-codex.baseUrl values such as https://chatgpt.com/backend-api to the Codex Responses backend before calling gpt-image-2, matching the chat transport. Fixes #71460. Thanks @GodsBoy.
Control UI: make /usage use the fresh context snapshot for context percentage, and include cache-write tokens in the Usage overview cache-hit denominator. Fixes #47885. Thanks @imwyvern and @Ante042.
GitHub Copilot: preserve encrypted Responses reasoning item IDs during replay so Copilot can validate encrypted reasoning payloads across requests. (#71448) Thanks @a410979729-sys.
GitHub Copilot: never rewrite connection-bound reasoning item IDs regardless of whether encryptedcontent is present, fixing a 400 "Encrypted content itemid did not match" error with gpt-5.3-codex and future Codex models that fall through to the forward-compat catch-all with reasoning: false. Also recognize Codex-named models as reasoning-capable so they inherit the correct capability flags. Refs #68735. Thanks @InvalidPandaa.
Agents/replies: recover final-answer text when streamed assistant chunks contain only whitespace, preventing completed turns from surfacing as empty-payload errors. Fixes #71454. (#71467) Thanks @Sanjays2402.
Feishu/TTS: transcode voice-intent MP3 and other audio replies to Ogg/Opus before sending native Feishu audio bubbles, while keeping ordinary MP3 attachments as files. Fixes #61249 and #37868. Thanks @sg1416-zg and @ycjlb2023-peteryi.
WhatsApp/TTS: transcode MP3/WebM audio, including Microsoft Edge TTS output, to Ogg/Opus before sending PTT voice notes.
QQBot/TTS: honor plain audioAsVoice replies by synthesizing TTS to native QQ voice messages, and mark inbound voice-only messages as audio media without exposing raw voice paths to generic media context.
Providers/SenseAudio: add bundled SenseAudio batch audio transcription through tools.media.audio with SENSEAUDIOAPIKEY auth. (#66943) Thanks @Fl0rencess720.
Providers/MiniMax: let TTS use MiniMax portal OAuth and Token Plan credentials before falling back to MINIMAXAPIKEY, and include current TTS HD model ids. Fixes #55017. Thanks @zx15210404690-hash.
Telegram/webhook: acknowledge validated webhook updates before running bot middleware, keeping slow agent turns from tripping Telegram delivery retries while preserving per-chat processing lanes. Fixes #71392. Thanks @joelforsberg46-source.
MCP/config reload: hot-apply mcp.* changes by disposing cached session MCP runtimes, and dispose bundled MCP runtimes during gateway shutdown so removed mcp.servers entries reap child processes promptly. Fixes #60656. Thanks @xieyuanqing.
Active Memory: keep silent recall sub-agent billing/auth failures out of shared auth-profile cooldown state, so a Claude CLI extra-usage rejection cannot disable normal Claude-backed turns. Fixes #71284. (#71539) Thanks @vishutdhar and @obviyus.
Auth/Claude CLI: sync refreshed Claude CLI OAuth credentials into the managed auth profile so long-running Claude CLI runs stop falling back to stale OpenClaw snapshots. (#70902) Thanks @starvex.
Sessions: make sessions_spawn(mode="session") errors name usable alternatives when the current channel cannot bind subagent threads. Fixes #67400. (#67790) Thanks @stainlu.
Agents/Claude CLI: pass the OpenClaw system prompt through Claude's prompt-file flag so Windows runs avoid argv length failures without changing system prompt semantics. Fixes #69158. (#69211) Thanks @skylee-01, @cassioanorte, @Syu0, and @Stache73.
Agents/CLI sessions: bind google-gemini-cli session auth-epoch to the Google account identity in ~/.gemini/oauth_creds.json, so Gemini-backed agents resume their conversation after gateway restart instead of minting a fresh session, and stale bindings are invalidated when the authenticated Google account changes. Fixes #70973. (#71076) Thanks @openperf.
Slack: stop treating user mentions in assistant-authored message edit blocks as sender attribution, preventing edited bot messages from spoofing a mentioned DM user. (#71700) Thanks @vincentkoc.
Codex: consume unauthorized bound conversation inbound claims before they can fall through to other claim handlers or enqueue Codex turns. (#71702) Thanks @vincentkoc.
Codex media understanding: require approval-checked app-server image turns while explicitly declining tool, file, permission, and elicitation approval requests for the bounded image worker. (#71703) Thanks @vincentkoc.
Agents/Claude CLI: allow large live stream-json JSONL lines up to the existing per-turn raw limit, preventing large Telegram, WebChat, MCP, and image turns from aborting on the old stdout buffer cap. Fixes #71793, #71080, and #70766. (#71897) Thanks @chacher86, @shivamgrover21, and @tpjordan.
Agents/Claude CLI: unwrap nested Claude result envelopes in CLI JSON output so delegated agent responses surface as final text instead of raw result JSON. (#66819) Thanks @mraleko.
Agents/Claude CLI: apply the configured 1M context window override to eligible Claude CLI Opus and Sonnet models when context1m is enabled. (#70863) Thanks @bidadh.
Models/status: report fresh Claude CLI native auth instead of stale stored anthropic:claude-cli profile expiry when local credentials are current. Fixes #71256. (#71332) Thanks @matthiasjanke and @neeravmakwana.
CLI backends: compact OpenClaw transcripts after over-budget CLI turns and reseed fresh CLI sessions from the compacted transcript instead of stale external resume state. Fixes #68329. (#71916) Thanks @obviyus.
Telegram: keep default tool progress messages visible when answer preview streaming is disabled. (#71825) Thanks @VACInc.
Configure/models: clear deselected model fallbacks when updating the model picker allowlist, including provider-scoped setup flows. (#71596) Thanks @rubencu.
Agents/streaming: strip namespaced <antml:thinking> reasoning tags from streamed assistant replies before user-visible text is emitted. (#69288) Thanks @xialonglee.

v2026.4.25-beta.1 pre BREAKING [Apr 26, 2026] (4d ago) details → github →

# openclaw 2026.4.25-beta.1

2026.4.25

Highlights

Voice replies get a full TTS upgrade: /tts latest, chat-scoped auto-TTS controls, personas, per-agent/per-account overrides, and new Azure Speech, Xiaomi, Local CLI, Inworld, Volcengine, and ElevenLabs v3 provider coverage. Thanks @leonchui, @zoujiejun, @solar2ain, @cshape, @xuruiray, @itsuzef, and @barronlroth.
Plugin startup and install paths move to the cold persisted registry, cutting broad manifest scans while making plugin update, repair, provider discovery, and install metadata more deterministic. Thanks @vincentkoc and @shakkernerd.
OpenTelemetry coverage expands across model calls, token usage, tool loops, harness runs, exec processes, outbound delivery, context assembly, and memory pressure with bounded low-cardinality attributes. Thanks @vincentkoc, @jlapenna, @Lidang-Jiang, and @oc-factus.
Browser automation gets safer tab URLs, iframe-aware role snapshots, CDP readiness tuning, headless one-shot launch, and deeper browser doctor probes for slow hosts. Thanks @beat843796 and @BenediktSchackenberg.
Control UI and setup flows add PWA/Web Push support, Crestodian first-run repair, TUI setup, context mode selection, and a shorter startup greeting. Thanks @eduardocruz, @SebTardif, and @kevinlin-openai.
Install/update hardening covers Windows, macOS, Linux, Docker, bundled plugin runtime deps, Node service restarts, LaunchAgent token rotation, and mixed-version gateway verification. Thanks @Kobevictor, @igormf, @abhinas90, @jsompis, @Solvely-Colin, and @gucasbrg.

Changes

TTS/WhatsApp: add /tts latest read-aloud support with duplicate suppression and /tts chat on|off|default session-scoped auto-TTS overrides, completing the on-demand voice-note UX for current-chat replies. Fixes #66032.
TTS/channels: resolve channel and account TTS overrides generically, enabling Feishu and QQBot accounts to deep-merge channels.<channel>.accounts.<id>.tts over global and per-agent TTS config. Thanks @sahilsatralkar.
TTS/agents: allow agents.list[].tts to override global messages.tts for per-agent voices, and make /tts audio, /tts status, and the tts agent tool honor the active voice/provider override while keeping shared provider credentials and preferences in the existing TTS config surface.
Providers/Azure Speech: add Azure Speech as a bundled TTS provider with Speech-resource auth, voice listing, SSML escaping, native Ogg/Opus voice-note output, and telephony output. (#51776) Thanks @leonchui.
Google Meet: add calendar-backed attendance export workflows, export manifests, dry-run previews, and tool parity for meeting records.
Control UI: add PWA install support and Web Push notifications for Gateway chat. (#44590) Thanks @eduardocruz.
Browser automation: add safe tab URLs in agent responses plus a CDP-native role snapshot fallback with iframe-aware refs, cursor-clickable detection, target attach preparation, and openclaw browser doctor --deep live snapshot probing.
CLI/image generation: expose generic --background on openclaw infer image generate and openclaw infer image edit, keep --openai-background as an OpenAI alias, and let fal image generation honor --output-format png|jpeg.
Browser/config: allow local managed Chrome launch discovery and post-launch CDP readiness timeouts to be raised for slower hosts such as Raspberry Pi. Fixes #66803. Thanks @beat843796.
Discord: allow channels.discord.voice.model to override the LLM used for voice channel responses while keeping STT and TTS on their existing media settings. (#64368) Thanks @mrdavey.
Browser/CLI: add openclaw browser start --headless as a one-shot local managed browser launch override without rewriting persisted browser config. Thanks @BenediktSchackenberg.
CLI/Crestodian/TUI: add the first-run setup helper, local planner fallback, full-TUI interactive Crestodian, startup progress indicators, context mode selector, and a shorter startup greeting. (#71720, #71760) Thanks @SebTardif and @kevinlin-openai.
Plugins: migrate the local plugin registry automatically during package install/update, keeping install metadata in the plugin index while indexing existing plugin manifests for the new cold registry path. Thanks @vincentkoc and @shakkernerd.
Plugins/doctor: make openclaw doctor --fix refresh the plugin index and cold registry index when needed without treating plugin install records as authored config. Thanks @vincentkoc and @shakkernerd.
Plugins/hooks: add before-agent-finalize hooks, cron jobId hook context, bounded native permission fingerprints, and Codex MCP hook relay support. (#71765, #71758, #71707) Thanks @vincentkoc and @pashpashpash.
Plugins/tokenjuice: bump the bundled tokenjuice runtime to 0.6.3. Thanks @vincentkoc.
Diagnostics/OTEL: align model-call GenAI span attributes with OpenTelemetry stability opt-in semantics, keeping legacy genai.system by default while emitting genai.provider.name under OTELSEMCONVSTABILITYOPTIN=genailatest_experimental. Thanks @vincentkoc.
Diagnostics/OTEL: support signal-specific OTLP endpoint overrides for traces, metrics, and logs via config or standard OTEL environment variables. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded telemetry exporter health diagnostics for startup and log-export failures without exporting raw error text. Thanks @vincentkoc.
Diagnostics/OTEL: export agent harness lifecycle telemetry as bounded openclaw.harness.run spans and openclaw.harness.duration_ms metrics so QA-lab, Codex, and future harnesses share one trace shape. Thanks @vincentkoc.
Diagnostics/trace: propagate W3C traceparent headers from trusted model-call trace context to provider transports while replacing caller-supplied traceparent values. Thanks @vincentkoc.
Diagnostics/Prometheus: add a bundled diagnostics-prometheus plugin with a protected gateway scrape route for low-cardinality diagnostics metrics. Thanks @vincentkoc.
Plugins/CLI: add openclaw plugins registry for explicit persisted-registry inspection and --refresh repair without making normal startup rescan plugin locations. Thanks @vincentkoc.
Plugins/CLI: make openclaw plugins list read the cold persisted registry snapshot by default, leaving module-aware diagnostics to plugins doctor and plugins inspect. Thanks @vincentkoc.
Plugins/startup: move gateway startup plugin planning onto the versioned cold registry index, with postinstall repair for older registry files that predate startup metadata. Thanks @vincentkoc.
Plugins/startup: normalize startup and provider plugin enablement through registry aliases so boot paths do not need the legacy manifest alias scan. Thanks @vincentkoc.
Providers/plugins: resolve provider ownership, provider discovery scopes, and catalog-hook provider ids from the cold plugin registry instead of rescanning manifests on those paths. Thanks @vincentkoc.
Plugins/registry: keep installed plugin index records focused on install/state/load paths and resolve plugin capabilities from manifests scoped to indexed plugins. Thanks @shakkernerd.
Plugins/registry: route cold manifest and capability lookups through the installed plugin index so setup, channels, config, secrets, doctor, and provider metadata paths avoid broad plugin-root scans before runtime execution. Thanks @shakkernerd.
CLI/models: speed up models list --all --provider <id> for static manifest-backed providers by loading catalog rows through the installed plugin index instead of broad manifest scans or runtime suppression hooks. Thanks @shakkernerd.
CLI/models: use OpenClaw Provider Index preview rows as the final cold fallback for installable providers, while keeping user config, installed manifests, and refreshed cache rows above provider-index metadata. Thanks @vincentkoc.
Providers/plugins: keep onboarding and auth-choice setup lists on cold manifest/install metadata and add Provider Index install metadata for not-yet-installed provider plugins. Thanks @vincentkoc.
Providers/plugins: keep provider setup guidance and configure auth imports on cold manifest metadata, with a regression guard against static provider-runtime imports on setup/configure list paths. Thanks @vincentkoc.
CLI/capabilities: keep capability command registration from importing the models auth runtime until model auth login actually runs. Thanks @vincentkoc.
CLI/configure: keep web-search configure prompts on cold plugin registry metadata until the user chooses managed search setup. Thanks @vincentkoc.
Plugins/chat commands: refresh the persisted plugin registry after /plugins enable and /plugins disable, matching the CLI mutation path. Thanks @vincentkoc.
Plugins/compat: mark OPENCLAWDISABLEPERSISTEDPLUGINREGISTRY as a deprecated break-glass switch and point operators at registry repair instead. Thanks @vincentkoc.
Plugins/compat: expand the central compatibility registry with dated owners, replacements, and maximum three-month removal targets for legacy SDK, manifest, setup, registry-migration, and agent-runtime surfaces. Thanks @vincentkoc.
Plugins/registry: ignore stale persisted registry reads when plugin policy no longer matches current config, and stamp generated registry files with a do-not-edit warning. Thanks @vincentkoc.
Config/plugins: keep plugin command-alias validation on cold manifest metadata instead of importing the runtime alias resolver. Thanks @vincentkoc.
Security/plugins: keep web-search credential presence checks on cold config, env, and manifest metadata instead of importing web-search provider runtime. Thanks @vincentkoc.
Diagnostics/OTEL: surface provider request identifiers as bounded hashes on model-call diagnostics and span events, without exporting raw request IDs or metric labels. Thanks @Lidang-Jiang and @vincentkoc.
Plugins/diagnostics: add metadata-only modelcallstarted and modelcallended hooks for provider/model call telemetry without exposing prompts, responses, headers, request bodies, or raw provider request IDs. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded context assembly diagnostics and export openclaw.context.assembled spans with prompt/history sizes but no prompt, history, response, or session-key content. Thanks @vincentkoc.
Diagnostics/OTEL: export existing tool-loop diagnostics as openclaw.tool.loop counters and spans without loop messages, session identifiers, params, or tool output. Thanks @vincentkoc.
Diagnostics/OTEL: export diagnostic memory samples and pressure as bounded memory histograms, counters, and pressure spans to help spot leak regressions without session or payload data. Thanks @vincentkoc.
Diagnostics/OTEL: add the GenAI gen_ai.client.token.usage histogram for input/output model usage while keeping session identifiers and aggregate cache counters out of the semantic metric. Thanks @vincentkoc.
Diagnostics/OTEL: add a bounded openclaw.agent label to OpenClaw token metrics so per-agent Grafana dashboards can group usage without exporting session identifiers. Thanks @oc-factus.
Plugins/install: consolidate managed plugin install metadata into the state-managed plugin index at plugins/installs.json, replacing the temporary plugins/installed-index.json path and removing plugins.installs as an authored config surface. Thanks @vincentkoc and @shakkernerd.
Diagnostics/OTEL: add the GenAI gen_ai.client.operation.duration histogram for model-call latency in seconds with bounded provider/model/API and error attributes. Thanks @vincentkoc.
Diagnostics/OTEL: add GenAI usage token attributes to model-usage spans, including cache read/write input token counts without session identifiers or prompt/response content. Thanks @vincentkoc.
Diagnostics/OTEL: include bounded GenAI operation, provider, and request-model attributes on model-usage spans so token usage remains self-describing without diagnostic identifiers. Thanks @vincentkoc.
Diagnostics/OTEL: keep model-usage span GenAI provider attributes aligned with the existing semantic-convention opt-in policy, using legacy gen_ai.system unless latest experimental GenAI conventions are enabled. Thanks @vincentkoc.
Diagnostics/OTEL: keep gen_ai.request.model present on GenAI token usage metrics with a bounded unknown fallback when model usage events do not include a model. Thanks @vincentkoc.
Docs/OTEL: document the GenAI token and model-call duration metrics, model-usage span attributes, and OTELSEMCONVSTABILITYOPTIN=genailatest_experimental provider-attribute behavior. Thanks @vincentkoc.
Docs: refresh the MCP, model provider, doctor, troubleshooting, BlueBubbles, media generation, TTS, subagents, skills, cron/tasks, exec approvals, and voice-call guides with structured Steps, Tabs, and Accordion content.
Diagnostics/trace: add an internal traceparent propagation helper that only formats trusted dispatcher metadata, keeping plugin-emitted diagnostic traces out of outbound propagation by default. Thanks @vincentkoc.
Diagnostics/OTEL: add bounded outbound message delivery lifecycle diagnostics and export them as low-cardinality delivery spans/metrics without message body, recipient, room, or media-path data. (#71471) Thanks @vincentkoc and @jlapenna.
Diagnostics/OTEL: emit bounded exec-process diagnostics and export them as openclaw.exec spans without exposing command text, working directories, or container identifiers. (#71451) Thanks @vincentkoc and @jlapenna.
Diagnostics/OTEL: support OPENCLAWOTELPRELOADED=1 so the plugin can reuse an already-registered OpenTelemetry SDK while keeping OpenClaw diagnostic listeners wired. (#71450) Thanks @vincentkoc and @jlapenna.
Providers/Xiaomi: add MiMo TTS as a bundled speech provider with MP3/WAV output and voice-note Opus transcoding. Fixes #52376. (#55614) Thanks @zoujiejun.
Providers/ElevenLabs: include eleven_v3 in the bundled TTS model catalog so model selection surfaces can offer ElevenLabs v3. (#68321) Thanks @itsuzef.
Providers/Local CLI TTS: add a bundled local command speech provider with file/stdout input, voice-note Opus conversion, and telephony PCM output. (#56239) Thanks @solar2ain.
Providers/Inworld: add Inworld as a bundled speech provider with streaming TTS synthesis, voice listing, voice-note output, and PCM telephony output. (#55972) Thanks @cshape.
Providers/Volcengine: add Volcengine/BytePlus Seed Speech as a bundled TTS provider with API-key auth, native Ogg/Opus voice-note output, and MP3 audio-file output. (#55641) Thanks @xuruiray.
Android/Talk Mode: expose Talk Mode in the Voice tab with runtime-owned voice capture modes and microphone foreground-service escalation. Thanks @alex-latitude.
Providers/LiteLLM: register litellm as an image-generation provider so image_generate model=litellm/... calls and agents.defaults.imageGenerationModel.fallbacks entries resolve through the LiteLLM proxy. Thanks @zqchris.
Providers/fal: add Seedance 2.0 reference-to-video models with multi-image, video, and audio reference input mapping plus model-specific capability limits for video_generate. Thanks @shivanker.
Codex harness: require Codex app-server 0.125.0 or newer and cover native MCP PreToolUse, PostToolUse, and PermissionRequest payloads through the OpenClaw hook relay.
Agents/Codex: teach prompts and agents_list to surface native Codex app-server availability so agents prefer /codex ... over Codex ACP unless ACP/acpx is explicit. Thanks @vincentkoc.
ACPX/Droid: add Factory Droid to the live ACP bind Docker matrix, including .factory settings staging, FACTORYAPIKEY forwarding, and the single-agent test:docker:live-acp-bind:droid recipe.
TTS/personas: add provider-aware TTS personas with deterministic provider binding merges, /tts persona controls, gateway/CLI persona state, Google Gemini audio-profile-v1 prompt wrapping, and OpenAI instruction mapping. (#70748) Thanks @barronlroth.
Voice Wake: add trigger-based routing so macOS voice wake phrases can select a configured agent or session target, with Gateway routing APIs and node update events. (#30354) Thanks @longbiaochen.

Fixes

Plugins/startup: load the default memory-core slot during Gateway startup when permitted so active-memory recall can call memorysearch and memoryget without requiring an explicit plugins.slots.memory entry, while preserving plugins.slots.memory: "none". Thanks @codex.
Plugins/CLI: prefer native require for compiled bundled plugin JavaScript before jiti so read-only config, status, device, and node commands avoid unnecessary transform overhead on slow hosts. Fixes #62842. Thanks @Effet.
Plugins/compat: inventory doctor-side deprecation migrations separately from runtime plugin compatibility so release sweeps preserve needed repairs while enforcing dated removal windows. Thanks @vincentkoc.
Plugins/compat: add missing dated compatibility records for legacy extension-api, memory registration, provider hook/type aliases, runtime aliases, channel SDK helpers, and approval/test utility shims. Thanks @vincentkoc.
Plugins/CLI: refresh the persisted registry after managed plugin files are removed so ClawHub uninstall cannot leave stale plugins list entries. Thanks @codex.
Plugins/CLI: make plugin install and uninstall config writes conflict-aware, clear stale denylist entries on explicit reinstall/removal, and delete managed plugin files only after config/index commit succeeds. Thanks @codex.
Plugins: fail plugins update when tracked plugin or hook updates error, keep bundled runtime-dependency repair behind restrictive allowlists, and reject package installs with unloadable extension entries. Thanks @codex.
Gateway/chat: keep duplicate attachment-backed chat.send retries with the same idempotency key on the documented in-flight path so aborts still target the real active run. Fixes #70139. Thanks @Feelw00.
Plugins: share package entrypoint resolution between install and discovery, reject mismatched runtimeExtensions, and cache bundled runtime-dependency manifest reads during scans. Thanks @codex.
Onboarding/setup: keep first-run config reads, plugin compatibility notices, and post-model sanity checks on cold metadata paths unless the user chooses to browse all models, avoiding full plugin/runtime catalog work between prompts. Thanks @shakkernerd.
Onboarding/auth: run manifest-owned provider auth choices through scoped setup providers so selecting OpenAI Codex browser/device auth no longer loads every provider runtime before OAuth starts. Thanks @shakkernerd.
Onboarding/auth: keep the post-auth default-model policy lookup on manifest/setup metadata so the next prompt appears without loading broad provider runtime. Thanks @shakkernerd.
Onboarding/models: keep skip-auth and provider-scoped model picker prompts off the full global model catalog path, and cache provider catalog hook resolution so setup no longer stalls after auth on large plugin registries. Thanks @shakkernerd.
Gateway/Bonjour: suppress known @homebridge/ciao cancellation and network assertion failures through scoped process handlers so malformed mDNS packets or restricted VPS networking disable/restart Bonjour instead of crashing the gateway. Fixes #67578. Thanks @zenassist26-create.
Discord: keep late clicks on already-resolved exec approval buttons quiet when elevated mode auto-resolved the request, while still surfacing real approval submission failures. Fixes #66906. Thanks @rlerikse.
Agents/subagents: deliver completed yielded-subagent results back to no-thread requester routes via direct fallback when the dormant parent announce turn produces no visible reply, and add QA-lab coverage for the regression. Thanks @vincentkoc.
Gateway/Tailscale: let Tailscale-authenticated Control UI operator sessions with browser device identity skip the device-pairing round trip while still rejecting device-less and node-role connections. Refs #71986. Thanks @jokedul.
Doctor: honor OPENCLAWSERVICEREPAIR_POLICY=external by reporting gateway service health while skipping service install/start/restart/bootstrap, supervisor rewrites, and legacy service cleanup for externally managed environments. Thanks @shakkernerd.
CLI/update: run package post-update doctor with --fix so package updates repair config migrations before restart. Thanks @shakkernerd.
CLI/update: retry failed npm global updates with --omit=optional and ignore the superseded first failure when the fallback succeeds. Thanks @shakkernerd.
Plugins/uninstall: migrate and reset plugins.slots.contextEngine alongside memory slots when plugin ids change or selected plugins are removed. Thanks @shakkernerd.
Agents/Discord: keep raw Agent failed before reply runner failures out of Discord group/channel chats and show detailed runner errors in direct chats only when /verbose is enabled. Thanks @codex.
UI/Windows: quote resolved pnpm .cmd launcher paths before spawning UI install/build/test commands so Node installs under C:\Program Files no longer fail as C:\Program. Fixes #45275. Thanks @Kobevictor, @stoppieboy, and @iubns.
Codex/agent: translate --thinking minimal to low for modern Codex models (gpt-5.5, gpt-5.4, gpt-5.4-mini, gpt-5.2) at request build time so the first turn is accepted instead of paying a wasted call + retry-with-low fallback. Older Codex models still receive minimal directly. Fixes #71946. Thanks @hclsys.
Plugins/uninstall: remove tracked plugin files from their recorded managed extensions root even when the current state directory points somewhere else, so openclaw plugins uninstall --force does not leave the plugin discoverable. Thanks @shakkernerd.
Agents/runtime: add agentRuntime.id as the canonical config key, migrate legacy runtime-policy configs with openclaw doctor --fix, route canonical Anthropic models through claude-cli without passing CLI backend aliases to embedded harness selection, and load CLI backend owner plugins before channel startup. Fixes #71957. Thanks @WolvenRA.
CLI/update: guard Windows scheduled-task stops by state and timeout so auto-update restart cannot hang indefinitely on schtasks /End before stale-listener cleanup. Fixes #69970. Thanks @yangswld and @sherlock-huang.
Windows install/Lobster: execute pnpm.exe directly when npm_execpath points at the native pnpm binary, add an installed-package fallback for the Lobster embedded runtime, and include the Lobster runner regression test in Windows CI. Fixes #69456. Thanks @igormf.
Gateway/install: refresh loaded gateway service installs when the current service embeds stale gateway auth instead of returning already-installed, avoiding LaunchAgent token-mismatch loops after token rotation. Fixes #70752. Thanks @hyspacex.
Update: ignore bundled plugin .openclaw-install-stage directories during global install verification and packaged dist pruning so leftover runtime-dep staging files do not turn successful updates into unexpected packaged dist file failures. Fixes #71752. Thanks @waynegault.
CLI/update: fail package updates when post-update plugin sync fails and refresh legacy npm plugin install records before trusting unchanged artifacts, preventing successful updates from restarting with stale or failed plugin state. Thanks @vincentkoc and @shakkernerd.
Release/update: reject pre-populated bundled plugin .openclaw-install-stage directories, including mixed-case path variants, before package inventory generation so release tarballs cannot ship poisoned runtime-dependency staging debris. Fixes #71752. Thanks @hclsys.
Node runtime: keep node-host retry timers alive across Gateway restarts and exit on terminal credential pauses so supervised nodes do not become silent zombies. Fixes #69800. Thanks @meroli28.
Gateway/plugins: stop persisted WhatsApp auth state from activating bundled channel runtime-dependency repair during startup when channels.whatsapp is absent, avoiding npm/git stalls on packaged Linux installs. Fixes #71994. Thanks @xiao398008.
Gateway/device tokens: enforce caller-scope containment inside token rotation and revocation so pairing-only sessions cannot mutate higher-scope operator tokens. Fixes #71990. Thanks @coygeek.
Plugins/channels: keep security checks, thread-binding placement, provider summaries, health formatting, and message action labels on read-only or already-loaded channel metadata instead of importing full channel runtime. Thanks @shakkernerd.
Plugins/status: keep config-only channel labels and status security summaries from importing plugin runtime modules just to render metadata. Thanks @shakkernerd.
Sessions/channels: stop group-session metadata from loading bundled channel runtime just to classify #channel subjects, using only already-loaded channel capabilities on that path. Thanks @shakkernerd.
Plugins/channels: keep native command and native skill auto defaults on static channel metadata so config, audit, and command-list checks do not load channel runtime just to read those defaults. Thanks @shakkernerd.
CLI/channels: keep channel remove selection and all-channel capabilities summaries on read-only plugin metadata, loading channel runtime only for the selected mutation path. Thanks @shakkernerd.
CLI/models: keep Provider Index preview rows out of models list --all --provider <id> when the owning provider plugin is disabled, preserving config authority for cold catalog fallbacks. Thanks @shakkernerd.
CLI/model runs: keep openclaw infer model run on explicit OpenRouter models from loading the full provider catalog or inheriting chat-agent silent-reply policy, restoring non-empty one-shot probe output. Fixes #68791. Thanks @limpredator.
Installer/macOS: rerun Homebrew install steps without the gum spinner when raw-mode ioctl failures occur, and avoid claiming node@24 was installed when the Homebrew keg binary is missing. Fixes #70411. Thanks @1fanwang and @dad-io.
Installer: load nvm before Node.js detection so curl | bash installs respect nvm-managed Node instead of stale system Node. Fixes #49556. Thanks @heavenlxj.
Installer/Windows: route PowerShell install failures through a top-level handler so iwr ... | iex returns control to the current shell while direct script-file runs still exit non-zero. Fixes #38054. Thanks @PwrSrg.
CLI/Volta: respawn raw openclaw CLI runs through the named node shim when the current Node executable resolves to volta-shim, avoiding direct shim execution failures in non-interactive shells. Fixes #68672. Thanks @sanchezm86.
Installer: warn when multiple npm global roots contain OpenClaw installs, showing active Node/npm/openclaw plus each install path and version so stale version-manager installs are visible. Fixes #40839. Thanks @zhixianio.
Cron/tasks: recover completed cron task ledger records from durable run logs and job state before marking them lost, reducing false backing session missing audit errors for isolated cron runs and keeping offline CLI audit from treating its empty local cron active-job set as authoritative. Fixes #71963.
Docker: copy patched dependency files into runtime images so downstream pnpm install layers keep working. Fixes #69224. Thanks @gucasbrg.
Package: include patched dependency files in the published npm package so downstream installs can resolve patchedDependencies. (#69224) Thanks @gucasbrg and @vincentkoc.
Plugins/channels: treat malformed bundled channel plugin loaders that return undefined as unavailable instead of crashing config and help paths. Fixes #69044. Thanks @frankhli843 and @vincentkoc.
Scripts/watch: show corrupted dependency package-config recovery guidance when gateway:watch fails during watcher startup, without double-logging unrelated import failures. (#58780) Thanks @roytong9 and @vincentkoc.
Signal: read signal-cli RPC, health checks, and SSE events through Node's HTTP client so Node 24/25 fetch regressions do not break Signal sends or inbound events. Fixes #51716 and #53040. Thanks @Barukimang, @minupla, and @vincentkoc.
Skills/Docker: run npm-backed skill dependency installs with an OpenClaw-managed user prefix so non-root Docker images do not write to /usr/local. Fixes #59601. Thanks @chanjarster and @vincentkoc.
Agents/runtime: submit heartbeat, cron, and exec wakeups as transient runtime context instead of visible user prompts, keeping synthetic system work out of chat transcripts. Fixes #66496 and #66814. Thanks @jeades and @mandomaker.
Telegram: include native quote excerpts automatically for threaded replies and reply tags when the original Telegram text is available, without adding another config knob. Fixes #6975. Thanks @rex05ai.
Node/Linux: make openclaw node install enable and restart the openclaw-node systemd unit instead of the gateway unit on node-only VMs. Fixes #68287. Thanks @dlebee-agent.
Browser/CDP: retry transient raw-CDP WebSocket handshake failures before any browser command is sent, and reconnect stale persistent Playwright CDP sessions for safe tab-list reads without replaying mutating browser actions. Fixes #67728.
Gateway/Linux: retry systemctl --user enable after a second daemon reload when the freshly written gateway unit is not visible yet on migrated systemd installs. Fixes #65184. Thanks @liushuaiiu.
Telegram: preserve exact selected quote text when sending native quote replies, and retry with legacy replies if Telegram rejects quote parameters. (#71952) Thanks @rubencu.
Plugins/CLI: preserve manifest name, description, format, and source metadata in cold openclaw plugins list output without importing plugin runtime. Thanks @shakkernerd.
Security/audit: read channel exposure and plugin allowlist ownership from read-only plugin index metadata so cold audits do not depend on loaded channel runtime. Thanks @shakkernerd.
Plugins/chat: keep /plugins list, /plugins enable, and /plugins disable on the persisted plugin index path so chat plugin management does not load diagnostic/runtime plugin registries before execution. Thanks @shakkernerd.
Plugins/doctor: read workspace plugin status and legacy web-search ownership through installed-index manifest metadata instead of broad manifest registry scans. Thanks @shakkernerd.
CLI/agents: read channel provider status from read-only plugin index metadata for text agents list output instead of the loaded channel registry. Thanks @shakkernerd.
Logging: redact configured secret patterns at console and file-log sink exits so credentials that reach the logger are masked before terminal display or JSONL persistence. Fixes #67953. Thanks @Ziy1-Tan.
Gateway/services: refuse process and service mutations from an older OpenClaw binary when the config was last written by a newer version, preventing split-brain installs from stopping or rewriting newer gateway services. Fixes #57079.
Gateway: reserve /healthz and /readyz ahead of plugin, canvas, and Control UI HTTP stages so liveness/readiness probes still answer when a later route handler stalls. Fixes #69674. Thanks @Xike-Creek.
Logging: load logging.file and redaction settings directly from the active OpenClaw config path in bundled runtimes, so packaged gateways stop falling back to /tmp/openclaw. Fixes #59370, #67168, and #61295. Thanks @KeaneYan, @Pan9hu, and @zsjlovelike.
Logging: rotate file logs at logging.maxFileBytes, keep bounded numbered archives, and make long-lived rolling loggers follow the current-day file instead of suppressing diagnostics or writing stale dated files. Fixes #58583 and #62381. Thanks @jpeghead and @zhaoleink.
Agents/groups: treat clean empty assistant stops as silent NO_REPLY only for always-on groups where silent replies are allowed, while keeping direct and mention-gated sessions on the incomplete-turn retry path. Thanks @MagnaAI.
macOS/Node: keep native remote app nodes from advertising browser.proxy, start browser-capable CLI node services through the restored openclaw node start command, and show an actionable browser-control error when the local control service is missing. Fixes #66637.
Gateway/update: fail package updates when the restarted managed gateway reports the wrong version, including fallback restarts and JSON mode, avoiding false-success mixed-version restarts after macOS LaunchAgent updates. Fixes #71835. Thanks @abhinas90 and @jsompis.
Gateway/update: warn before package updates and bundled plugin runtime-dependency repairs when the target volume appears low on disk space, without blocking installs on best-effort filesystem checks. Fixes #71835. Thanks @abhinas90 and @jsompis.
Plugins/runtime deps: surface activated plugin load failures in health and fail package-update restart verification or doctor repair when bundled runtime deps still cannot load, avoiding false-success repairs. (#71883) Thanks @Solvely-Colin.
Gateway/Linux: include fnm aliases/default/bin in generated service PATHs and let doctor accept either modern fnm aliases or the legacy current/bin symlink, avoiding false PATH repair prompts. Fixes #68169. Thanks @richard-scott.
Installer/Linux: run apt installs with noninteractive dpkg and needrestart settings so fresh Ubuntu 24.04 curl | bash installs do not hang while installing Node.js, Git, or build tools. Fixes #41146. Thanks @iht76, @alexcarv318, @cs3gallery, @firofame, and @cgdusek.
Providers/Bedrock: defer the AWS SDK import until Bedrock discovery actually runs so plugin registration and setup stay lightweight on cold start. Fixes #71690. Thanks @jarvis-ai-gregmoser.
Installer/macOS: stop immediately when Homebrew node@24 installation fails and avoid printing PATH advice for missing Homebrew Node installs. Fixes #70411. Thanks @1fanwang.
WhatsApp: remove ack reactions after a visible reply when messages.removeAckAfterReply is enabled, matching other reaction-capable channels. Fixes #26183. Thanks @MrUnforsaken.
Providers/Z.AI: map OpenClaw thinking controls to Z.AI's thinking payload and add opt-in preserved thinking replay via params.preserveThinking, so GLM 5.x can keep prior reasoning_content when requested. Fixes #58680. Thanks @xuanmingguo.
Channels/status: keep read-only channel lists on manifest and package metadata by default, loading setup runtime only for explicit fallback callers. Thanks @shakkernerd.
Plugins: scope setup and web-provider metadata manifest reads to explicit plugin ids when callers already know the owning plugin set. Thanks @vincentkoc.
Plugins/onboarding: defer onboarding install-record index writes until the guarded config commit so setup failures cannot leave the plugin index ahead of openclaw.json. Thanks @shakkernerd.
Plugins/registry: resolve web provider ownership from the installed plugin index instead of broad manifest scans on secret, tool, and pricing paths. Thanks @shakkernerd.
Config/providers: accept video and audio in configured model input values and preserve them in provider catalog entries. Fixes #20721. Thanks @alvinttang.
Models/auth: honor the parent --agent flag for auth write commands (add, login, setup-token, paste-token, and the GitHub Copilot shortcut) so OAuth/API-key/token results are written to the requested agent store instead of the default agent. Fixes #71864. (#71933) Thanks @balric-seo.
TTS: strip model-emitted TTS directives from streamed block text before channel delivery, including directives split across adjacent blocks, while preserving the accumulated raw reply for final-mode synthesis. Fixes #38937.
TTS: keep explicit provider=... directive keys scoped to that provider and warn on unsupported keys instead of letting another speech provider consume overlapping keys. Fixes #60131.
TTS/Feishu: normalize final-mode streamed TTS-only audio before delivery so generated voice-note files use the same safe media path and native voice routing as normal final replies. Fixes #71920.
Feishu: transcribe inbound voice-note audio with the shared media audio path before agent dispatch and keep raw Feishu file_key payloads out of message text. Fixes #67120 and #61876.
Tasks: terminalize async Gateway agent task records from the Gateway run result while preserving aborted, failed, and cancelled outcomes instead of leaving completed runs stuck as active or lost. (#71905) Thanks @likewen-tech.
WhatsApp: let authorized group voice-note transcripts satisfy mention gating before reply dispatch, while keeping unmentioned transcripts in pending group history. Fixes #44908.
Media understanding: carry channel voice-note preflight state into attachment selection so WhatsApp, Feishu, Telegram, and Discord do not transcribe the same inbound audio twice. Fixes #70580.
TTS/BlueBubbles: deliver compatible auto-TTS audio as iMessage voice memo bubbles instead of plain MP3/CAF file attachments. Fixes #16848.
TTS: resolve voice-note and voice-memo routing from channel plugin capabilities instead of speech-core-owned channel id lists.
ACP: send subagent and async-task completion wakes to external ACP harnesses as plain prompts instead of OpenClaw internal runtime-context envelopes, while keeping those envelopes out of ACP transcripts.
TTS/status: show configured TTS model, voice, and sanitized custom endpoint in /status, preserve OpenAI-compatible TTS instructions on custom endpoints, and retry empty Microsoft/Edge TTS output once. Addresses #46602, #47232, and #43936. Thanks @leekuangtao, @Huntterxx, and @rex993.
Agents/Gateway: steer agent-driven config edits and restarts through the owner-only gateway tool, document config.schema.lookup as the field-doc source, and warn against using gateway stop && gateway start as a restart substitute on macOS. Fixes #71929. Thanks @ygc3817922006-sketch.
Media understanding/audio: inject a deterministic transcript placeholder for too-small voice notes so agents do not hallucinate transcription or provider failures. Fixes #48944. Thanks @eulicesl.
Providers/vLLM: send Nemotron 3 chat-template kwargs when thinking is off and honor configured params.chattemplatekwargs for OpenAI-compatible completions, so vLLM/Nemotron replies stay visible instead of becoming thinking-only. Fixes #71891. Thanks @jmystaki-create and @dennis-lynch.
Channels/replies: strip copied inbound metadata blocks from user-facing assistant replies and model replay history, so Discord/vLLM sessions do not leak Conversation info / UNTRUSTED ... message body envelopes after a model echoes them. Fixes #71847. Thanks @jmystaki-create.
Subagents/memory: keep inter-session completion wakes out of memory and dreaming session exports, and strip internal runtime-context blocks from realtime Control UI chat events.
Agents/Claude: treat zero-token empty stop turns as failed provider output, retry once, repair replay, and allow configured model fallback instead of preserving them as successful silent replies. Fixes #71880. Thanks @MagnaAI.
Tasks: normalize task lifecycle timestamps at create, update, and restore time, and report retained lost tasks as audit warnings until their cleanup window expires. (#71871) Thanks @likewen-tech.
Diagnostics/OTEL: treat normal early model stream cleanup as a completed model call instead of exporting a misleading StreamAbandoned error span. Thanks @vincentkoc.
Gateway/pairing: stop corrupt or unreadable device/node pairing stores from being treated as empty state, preserving paired.json for repair instead of overwriting approved pairings. Fixes #71873. Thanks @iret77.
ACP: keep /acp management commands, plus local /status and /unfocus, on the Gateway path inside ACP-bound threads so they are not consumed as ACP prompt text. Fixes #66298. Thanks @kindomLee.
ACPX: stop probing ACP agents during normal Gateway startup; the embedded backend now registers without spawning Codex/ACP child processes unless OPENCLAWACPXRUNTIMESTARTUPPROBE=1 is explicitly set.
CLI/image edit: accept --size, --aspect-ratio, and --resolution on openclaw infer image edit and report all supported edit flags from capability inspect image.edit. Thanks @Pinghuachiu.
ACP: wait for the configured runtime backend to become healthy before startup identity reconciliation, avoiding transient acpx warnings during Gateway boot. Fixes #40566.
Channels/ACP bindings: time out configured binding readiness checks instead of letting Discord preflight hang forever when an ACP target never settles. Fixes #68776.
Control UI: hide the chat loading skeleton during background history reloads when existing messages or active stream content are already visible, avoiding reload flashes on high-latency local gateways. Fixes #71844. Thanks @WolvenRA.
Control UI: keep locally optimistic chat messages visible when a history reload temporarily returns empty, avoiding lost first-turn messages on high-latency gateways. Fixes #71878. Thanks @WolvenRA.
Control UI: keep chat history limits based on visible messages after filtering heartbeat and control-only transcript rows, so recent hidden entries no longer make older visible replies disappear. Thanks @WolvenRA.
Agents/images: scrub old [media attached: ...], [Image: source: ...], and media://inbound/... markers from pruned model replay context so stale media refs are not rehydrated as fresh prompt images. Fixes #71868. Thanks @jmeadlock.
Docker/Bonjour: disable Bonjour/mDNS advertising by default for bundled Compose gateways on bridge networking, while keeping host/macvlan opt-in with OPENCLAWDISABLEBONJOUR=0. Fixes #71879. Thanks @gbballpack.
CLI/status: label the OpenClaw Serve/Funnel setting as Tailscale exposure and show daemon state separately when available, so gateway.tailscale.mode: "off" no longer reads like the Tailscale daemon is stopped. Fixes #71790. Thanks @pesvobodak.
Plugins/Bonjour: stop ciao mDNS watchdog failures from looping forever when the advertiser stays stuck in probing or announcing; Bonjour now disables itself for the current Gateway process after repeated failed restarts while the Gateway keeps running. Fixes #69011. Thanks @siddharthaagarwalofficial-ux, @FiredMosquito831, and @spikefcz.
Gateway/Fly.io: seed Control UI allowed origins from the actual runtime bind and port so CLI-driven non-loopback starts do not crash before config exists. Fixes #71823.
macOS/remote SSH: keep discovered gateway hosts in gateway.remote.sshTarget while pinning SSH transport URLs to the local loopback tunnel, so browser automation does not regress into blocked non-loopback ws:// endpoints. Fixes #67336.
Gateway/proxy: bootstrap env proxy dispatching from direct Gateway startup so provider and plugin network requests honor HTTPSPROXY/HTTPPROXY before the first embedded agent attempt runs. (#71833) Thanks @mjamiv.
Plugins/runtime deps: verify clean npm installs actually place requested bundled runtime packages in the managed install root, reporting exact missing specs instead of a false successful repair. (#71883) Thanks @Solvely-Colin.
Plugins/discovery: ignore stale plugins.load.paths aliases that point back at packaged bundled plugin directories and have doctor remove them, keeping bundled plugins on the runtime-deps staging path. Thanks @codex.
Models/LM Studio: preserve @iq* quant suffixes in model refs and provider matching so /model lmstudio/...@iq3_xxs keeps the exact LM Studio variant. Fixes #71474. (#71486) Thanks @Bartok9, @XinwuC, and @Sanjays2402.
Matrix/cron: preserve the live Matrix delivery target when creating implicit announce reminder jobs so mixed-case room IDs are not reconstructed from lowercased session keys. Fixes #71798.
Feishu: accept Schema 2.0 card action callbacks that report context.openchatid instead of legacy context.chat_id, so button callbacks no longer drop as malformed. Fixes #71670. Thanks @eddy1068.
Feishu: keep synthetic card-action and bot-menu ids out of platform reply targets, using the real card callback message id when Feishu provides one and plain-sending otherwise. Fixes #71673. Thanks @eddy1068.
Plugins/QQ Bot: prefer an installed QQ Bot plugin that declares it replaces the bundled qqbot channel, preventing duplicate qqbotchannelapi and qqbot_remind tool registration noise. Fixes #63102.
Browser automation: keep stable tab ids and labels attached when Chromium replaces the raw target after form submissions or other action-triggered navigations, and return the replacement targetId from /act when the match is provable. Fixes #46137.
QQ Bot: make qqbot_remind schedule, list, and remove Gateway cron jobs directly for owner-authorized senders instead of returning cronParams and relying on a follow-up generic cron tool call. Fixes #70865. (#70937) Thanks @GaosCode.
Agents/ACP: hide sessions_spawn ACP runtime options unless an ACP backend is loaded, and make /acp doctor call out plugins.allow blocking bundled acpx. Thanks @vincentkoc.
Agents/Codex: keep ACP prompt/skill routing hidden unless an ACP runtime backend is available, and warn in doctor when enabled Codex plugin configs still route openai-codex/* models through PI. Thanks @vincentkoc.
Media delivery: avoid sending generated image attachments twice when the assistant reply already includes explicit MEDIA: lines for the same turn, and reject unsafe remote MEDIA: URLs before delivery. Thanks @pashpashpash.
Codex harness: ignore retryable app-server error notifications after Codex recovers, and preserve the real nested error message for terminal app-server failures instead of replacing it with a generic failure. Thanks @pashpashpash.
Agents/Codex: prepare native Codex sub-agent session metadata without a nested Gateway session patch and add a focused Docker smoke for the app-server sub-agent path. Thanks @vincentkoc.
Agents/subagents: keep queued subagent announces session-only when the requester has no external channel target, avoiding ambiguous multi-channel delivery failures. Fixes #59201. Thanks @larrylhollan.
Image understanding: preserve configured provider-prefixed vision model metadata when callers request the model without the provider prefix, so custom image models keep their input: ["text", "image"] capability. Fixes #33185. Thanks @Kobe9312 and @vincentkoc.
Plugins/install: restore the previous plugin index records if a concurrent config write conflict interrupts install, update, or uninstall metadata commits. Thanks @shakkernerd.
Plugins/install: reject native plugin archives that do not include a valid openclaw.plugin.json, preventing manifestless archives from writing install records that later show missing-manifest diagnostics. Thanks @shakkernerd.
Plugins/uninstall: remove tracked managed plugin install directories even when the persisted install path differs from the default id-derived target, while still refusing deletes outside the managed extensions root. Thanks @shakkernerd.
Plugins/update: restore previous plugin index records if core update or channel setup hits a concurrent config write conflict after plugin metadata changes. Thanks @shakkernerd.
Plugins/onboarding: defer channel/provider plugin install records until the owning config write commits, keeping setup failures from advancing the plugin index ahead of openclaw.json. Thanks @shakkernerd.
Plugins/config: route configure and agent setup writes with pending plugin install records through the plugin index commit helper so provider onboarding metadata is not stripped by plain config writes. Thanks @shakkernerd.
Plugins/channels: merge pending channel plugin install records with the existing plugin index before config writes, preserving unrelated tracked installs during channel setup, resolve, remove, and capability repair flows. Thanks @shakkernerd.
Plugins/config: defer shipped plugins.installs index migration during config writes until the guarded config commit window and roll it back if the config write fails before commit. Thanks @shakkernerd.
Sessions: keep embedded runtime context out of the visible user prompt by sending it as a hidden next-turn custom message, and teach doctor to repair affected 2026.4.24 transcripts with duplicated prompt-rewrite branches. Fixes #71761.
Gateway/subagents: keep direct-loopback backend RPCs authenticated with the shared gateway token/password off stale CLI paired-device scope baselines, so internal calls no longer hit scope-upgrade pairing prompts while remote, browser, node, device-token, and explicit-device paths still require normal pairing approval. Fixes #63548.
Providers/Azure OpenAI: give deployment-scoped image generation requests a longer 600s default timeout so slow gpt-image-2 generations can complete without a per-call timeoutMs. Fixes #71705. Thanks @voytas75.
Gateway/plugins: link source-checkout bundled runtime dependency caches instead of recursively copying node_modules on the gateway main thread, preventing local status, node, and skill probes from timing out during startup cache restores.
Skills/remote nodes: only expose remote macOS skill bins for connected nodes, clear stale bin matches when node probes fail, and include probe command, timeout, bin count, and connection state in timeout logs.
Skills/remote nodes: recognize system.which object-map responses when probing connected macOS nodes, so Linux gateways can expose macOS-only skills such as Apple Notes when the required binaries are installed remotely. Fixes #71877. Thanks @miguelarios.
CLI/gateway: keep diagnostic probes from creating first-time read-only device pairings, while still reusing cached device tokens for detailed read probes. Fixes #71766. Thanks @SunboZ.
CLI/plugins: keep message startup, channels logs, agents delete, and agents set-identity off broad plugin preloading; message delivery still loads plugins when the action actually runs.
Image understanding: resolve configured image models such as local LM Studio vision entries before reporting Unknown model when the discovery registry has not registered that provider. Fixes #66486. Thanks @zhanggpcsu.
QQ Bot: ignore self-echoed bot messages using the outbound ref-index marker, preventing mirrored replies from re-entering the agent loop while still allowing users to quote bot replies. Fixes #71912. Thanks @wangyc6003.
Sessions: separate reset freshness from session-store updatedAt, so heartbeat, cron, exec, and gateway bookkeeping no longer prevent configured daily/idle resets from rolling long-running channel sessions. Fixes #68315, #63732, #63820, and #69083. Thanks @maxatv, @longhairedsi, @bradfreels, and @akessel56.
Sessions: clear queued system-event notices during /new, /reset, gateway sessions.reset, and daily/idle rollover so stale background updates cannot leak into the first prompt of the fresh session. Fixes #66864. Thanks @opeyio, @Magicray1217, and @cedillarack.
CLI/agents: keep agents bind, agents unbind, and agents bindings on setup-safe channel metadata paths so they do not preload bundled plugin runtimes or stage runtime dependencies. Fixes #71743.
Plugins/registry: preserve explicit disabled plugin records during registry migration without persisting every unused bundled plugin discovered on disk. Thanks @shakkernerd.
Windows/native: keep CLI startup and bundled provider plugin loading off Windows ESM raw-path failure paths, fixing native onboarding/install smoke on Node 24.
Plugins/doctor: read bundled channel doctor capabilities through the same packaged plugin directory resolver used by plugin loading, so published installs keep Matrix DM allowlist repairs on channels.matrix.dm.* instead of writing invalid top-level dmPolicy keys. Fixes #71757.
Plugins/Windows: keep bundled plugin Jiti loaders off the native import path on Windows so channel plugins such as Telegram no longer crash with ERRUNSUPPORTEDESMURLSCHEME on C:\... paths. Fixes #71749. Thanks @smeyer9.
Providers/Ollama: use Ollama's current /api/web_search endpoint and honor https://ollama.com model-provider base URLs for Ollama Web Search. Fixes #71741. Thanks @madhvidua.
Memory/Ollama: serialize Ollama memory embedding batches and add an inline batch timeout override, with longer defaults for local/self-hosted embedding providers.
Sessions/usage: exclude compaction checkpoint transcript snapshots from usage totals and session discovery, while keeping old checkpoint files removable.
CLI/agents: keep openclaw agents list --json on the config-only path by default, avoiding bundled plugin loading unless callers request --bindings. Fixes #71739. Thanks @kaloster.
Plugins/install: force plugin dependency installs to stay project-local even when inherited npm config requests global installs, so successful installs still materialize the plugin's staged node_modules.
Providers/Google: transcode Gemini TTS PCM to Opus for voice-note targets so WhatsApp and other native voice-note replies can play as voice messages.
TTS/WhatsApp: mark non-Opus provider output as voice-note intent so channel delivery transcodes MP3/WebM replies to Ogg/Opus PTT audio.
Plugins/runtime deps: reuse existing external bundled-plugin stage roots when mirrored plugin roots are inspected again, avoiding second-generation openclaw-unknown-* stages and repeated first-turn restaging. Fixes #71599.
iOS/macOS Talk Mode: allow talk.speechLocale to set the speech recognition locale for non-English voice conversations. Fixes #44688.
Plugins/providers: honor explicit plugin candidate lists instead of reading a persisted registry snapshot from local state, keeping candidate-scoped provider discovery hermetic.
Plugins/doctor: keep bundled plugin runtime-dependency repairs inside the managed OpenClaw stage even when user npm prefix/global config points npm at $HOME/node_modules. Fixes #71730.
ACP/sessions_spawn: reject normal OpenClaw config agent ids when callers explicitly request runtime="acp", while allowing agents configured with runtime.type="acp" to resolve to their ACP harness id. Fixes #63914.
ACP/sessions_spawn: apply runTimeoutSeconds to ACP child turns and dispatch those turns on the background subagent lane, so quota-stalled ACP harnesses do not occupy the main agent lane indefinitely. Fixes #68823.
ACP/oneshot: reconcile runtime session identity before closing completed oneshot ACP runs, so finished sessions.json entries do not stay stuck with acp.identity.state="pending".
ACPX: bundle acpx@0.6.1 so unsupported generic model overrides fail clearly instead of silently falling back to the target adapter default.
ACP/models: document that non-Codex ACP model overrides require adapter support for ACP models plus session/set_model, so unsupported harnesses fail clearly instead of silently falling back to their defaults.
Plugins/Voice Call: treat missing provider credentials as setup-incomplete during Gateway startup and log the missing keys as a warning instead of a runtime startup error, while keeping explicit command/tool errors when used.
Android/Talk Mode: prevent duplicate TTS playback when fast or repeated final chat events arrive while Talk Mode is waiting for its own response. Fixes #46546.
Tooling/check:changed: pass parent heavy-check lock markers to lint lanes so pnpm check:changed no longer waits on its own lint:extensions child.
CLI/completion: dedupe provider auth flags before registering openclaw onboard options, so completion-cache refresh during update no longer fails when stale core fallback flags overlap plugin manifest flags. Fixes #71667.
Diagnostics/trace: report live context usage from the current prompt snapshot instead of provider turn totals, avoiding false near-full context spikes on cached or tool-heavy runs.
Providers/Google: honor models.providers.google.request.allowPrivateNetwork for Gemini TTS and telephony TTS, matching Google image generation and media understanding. (#71723) Thanks @ro-hansolo.
Providers/MiniMax: register minimax-portal for music and video generation, preserving OAuth auth and regional MiniMax base URLs across the shared musicgenerate and videogenerate tools. (#63241) Thanks @tars90percent.
Providers/onboarding: keep Runway and Alibaba Model Studio out of the text-inference setup picker by scoping their video-generation auth choices to the media setup flow. (#65856) Thanks @Jah-yee.
Plugins/Bonjour: stop the gateway from crash-looping on CIAO PROBING CANCELLED when the mDNS watchdog cancels a stuck probe. Restores the rejection-handler wiring dropped during the bonjour plugin migration and shares unhandled-rejection state across module instances so plugin-staged copies of openclaw/plugin-sdk/runtime register into the same handler set the host consults. Especially affects Docker on macOS, where mDNS probing reliably hits the watchdog. Thanks @troyhitch.
Google Meet: report pinned Chrome nodes as offline or missing capabilities in setup/join diagnostics, keep inaccessible nodes out of auto-selection, and preflight local BlackHole/SoX requirements before agents try local Chrome.
Providers/MiniMax: route image-01 requests to the dedicated image generation endpoint while preserving CN endpoint selection. Fixes #61149. Thanks @mushuiyu886.
Plugins/startup: remove ownerless bundled runtime-dependency install locks after a short grace window and include lock owner details when startup times out waiting for a plugin runtime-deps lock.
Plugins/install: anchor bundled runtime-dependency npm installs with an OpenClaw-owned package manifest so Linux updates cannot accidentally write to a parent $HOME/node_modules tree. Fixes #71730.
Plugins/install: pass onboarding plugin config into plugin index writes so local plugin installs outside default discovery roots keep their install records. Thanks @shakkernerd.
Plugins/install: migrate shipped plugins.installs config records into the plugin index while stripping them from runtime config and future writes. Thanks @shakkernerd.
Plugins/install: durably remove shipped plugins.installs from openclaw.json after its records are copied into the plugin index, while rolling back the index write if config cleanup fails. Thanks @shakkernerd.
Plugins/install: keep migrated plugin install records in the plugin index even when the plugin manifest is missing or invalid, so update, uninstall, inspect, and audit can still recover broken installs. Thanks @shakkernerd.
Plugins/security: keep plugin audit JSON check ids stable while reporting plugin index install-record findings with updated wording. Thanks @shakkernerd.
CLI/config: reject direct plugins.installs edits with guidance to use openclaw plugins install, openclaw plugins update, or openclaw plugins uninstall instead. Thanks @shakkernerd.
Live tests/voice: accept common STT variants for OpenClaw and ElevenLabs brand names so provider smoke tests fail on real regressions rather than equivalent transcripts.
Agents/replies: forward sanitized underlying agent failure details on external channels instead of replacing unknown failures with a generic retry message.
CLI/MCP: translate OpenClaw mcp.servers.*.transport entries into Claude/Gemini CLI type fields so streamable HTTP MCP servers load in CLI backend sessions. (#71724) Thanks @Blockchain-Oracle.
Browser/CDP: honor configured remote and attachOnly CDP HTTP/WebSocket timeouts when opening tabs through raw CDP or /json/new fallback. (#54238) Thanks @FuncWei.
WhatsApp/TTS: send visible text separately from PTT voice-note audio instead of relying on hidden voice-note captions. Fixes #51081.
Browser/client: avoid telling agents to restart OpenClaw for dispatcher timeouts on external browser profiles such as attachOnly, remote CDP, and existing-session. (#40815) Thanks @0xsline.
Agents/TTS: preserve [[audioasvoice]] directives on trusted text tool-result MEDIA: payloads so generated audio still delivers as a voice note. (#46535) Thanks @azade-c.
Agents/TTS: keep queued tool media when an assistant ends with NO_REPLY on non-block delivery paths, so media-only generated audio replies still send. (#60025) Thanks @bradlind1.
Telegram/STT: frame inbound voice-note transcripts as machine-generated, untrusted text in agent context while preserving raw transcript mention detection. Closes #33360. Thanks @smartchainark.
Subagents/browser: show an actionable /tools notice when browser automation is configured but filtered out by the active tool profile, and document that coding-profile agents should use tools.alsoAllow: ["browser"] rather than subagent allowlists alone.
Control UI/Quick Settings: persist the assistant avatar override to browser local storage (mirroring the user avatar) so uploaded image data URLs no longer fail config validation with "Too big: expected string to have <=200 characters". Also lift the gateway-side ui.assistant.avatar length cap to match the user avatar size budget for non-UI clients writing the field directly. Thanks @BunsDev.
Plugin SDK: share diagnostic event subscriptions across duplicate source/dist module graphs so legacy root SDK imports still receive runtime diagnostic events.
Agents/Bedrock: prevent empty assistant stream-error turns from poisoning Converse replay by persisting, repairing, and replaying a non-empty fallback block. Fixes #71572. (#71627) Thanks @openperf.
Agents/Anthropic/Bedrock: strip thinking blocks with missing, empty, or blank replay signatures before provider conversion, falling back to non-empty omitted-reasoning text when needed so corrupted signed-thinking history no longer poisons subsequent turns. Fixes #45010. (#70054) Thanks @castaples.
Agents/Anthropic/Bedrock: preserve stripped thinking-only assistant replay turns with non-empty omitted-reasoning text so provider adapters keep strict user/assistant turn shape. Thanks @wujiaming88.
ACP/Codex: pass sessions_spawn(runtime="acp") model and thinking overrides into Codex ACP startup, normalize openai-codex/* refs and slash reasoning suffixes, and recognize managed Codex ACP wrapper commands without blocking current gpt-5.5 sessions. Fixes #40393. (#71643) Thanks @91wan.
Browser/CDP: make readiness diagnostics use the same discovery-first fallback as reachability for bare ws:// Browserless and Browserbase CDP URLs. Fixes #69532.
Browser/CDP: explain that loopback Browserless or other externally managed CDP services need attachOnly: true and matching Browserless EXTERNAL endpoint when reporting local port ownership conflicts, and fall back to the configured bare WebSocket root when a discovered Browserless endpoint rejects CDP. Fixes #49815.
Gateway/reload: preserve indefinite gateway.reload.deferralTimeoutMs: 0 semantics for channel hot reload deferrals so active agent runs are not interrupted by a forced channel restart. (#71637) Thanks @Poo-Squirry.
Agents/tool results: cap persisted Pi tool-result details and strip hidden diagnostics before provider conversion, preventing large debug payloads from bloating session transcripts. (#71637) Thanks @Poo-Squirry.
ACP/OpenCode: update the bundled acpx runtime to 0.6.0 and cover the OpenCode ACP bind path in Docker live tests.
Providers/OpenCode Go: add DeepSeek V4 Pro and DeepSeek V4 Flash to the Go catalog while the bundled Pi registry catches up. Fixes #71587.
Providers/OpenCode Go: route DeepSeek V4 Pro/Flash through the OpenAI-compatible Go endpoint and suppress invalid reasoning_effort: "off" payloads, fixing tool-enabled requests for opencode-go/deepseek-v4-flash. Fixes #71683.
Plugins/model defaults: run Skill Workshop review, Active Memory recall, and session-memory slug generation on the configured agent default model instead of the hardcoded OpenAI SDK fallback when hook context lacks model metadata. Fixes #71659.
Providers/Venice: fill the required DeepSeek V4 reasoning_content placeholder for venice/deepseek-v4-pro and venice/deepseek-v4-flash replay turns without sending native DeepSeek thinking controls that Venice rejects. Fixes #71628.
Browser/existing-session: support per-profile Chrome MCP command/args, map cdpUrl to --browserUrl or --wsEndpoint, and avoid combining endpoint flags with --userDataDir. Fixes #47879, #48037, and #62706. Thanks @puneet1409, @zhehao, and @madkow1001.
Media/plugins: bound MIME sniffing and ZIP archive preflight before handing untrusted files to file-type or jszip, reducing parser CPU and memory exposure for attachments and ClawHub plugin archives. Thanks @vincentkoc.
Memory-host SDK: use trusted env-proxy mode for remote embedding and batch HTTP calls only when Undici will proxy that target, preserving SSRF DNS pinning for ALLPROXY-only and NOPROXY bypass cases. Fixes #52162. (#71506) Thanks @DhtIsCoding.
Gateway/dashboard: render Control UI and WebSocket links with https:///wss:// when gateway.tls.enabled=true, including openclaw gateway status. Fixes #71494. (#71499) Thanks @deepkilo.
Agents/OpenAI-compatible: default proxy/local completions tool requests to tool_choice: "auto" when tools are present, so providers enter native tool-calling mode instead of replying with plain-text tool directives. (#71472) Thanks @Speed-maker.
OpenAI image generation: use gpt-5.5 for the Codex OAuth responses transport instead of the retired gpt-5.4 model, fixing 500s from ChatGPT Codex image generation. Fixes #71513. Thanks @baolongl.
OpenAI image generation: route transparent-background default-model requests to gpt-image-1.5, document the expected image_generate call shape, and keep Azure/custom OpenAI-compatible deployment names untouched.
Google video generation: download direct MLDev Veo video.uri results instead of passing them through the Files API path, fixing 404s after successful generation/polling. Fixes #71200. Thanks @panhaishan.
Google video generation: fall back to the REST predictLongRunning Veo endpoint for text-only SDK 404s while keeping reference image/video generation on the SDK path. Fixes #62309 and #63008. (#62343) Thanks @leoleedev.
MiniMax music generation: switch the bundled default model from the unsupported music-2.5+ id to the current music-2.6 API model. Fixes #64870 and addresses the music default from #62315. Thanks @noahclanman and @edwardzheng1.
Cron: record jobs interrupted by a gateway restart as failed at their original runningAtMs, skip unsafe startup replay, and disable interrupted one-shot jobs so they show a visible failure instead of silently disappearing or duplicating work. Fixes #59056, #61343, #63657, and #59301. Thanks @ponchoooPenguin, @daemic24, @myradon, and @hikiwibot.
Cron tool: recover flat top-level schedule shorthand such as cron, tz, and staggerMs before gateway validation, so model-generated cron add/update calls preserve cron jitter settings. Thanks @tyxben.
Cron: hydrate flat legacy job rows with top-level cron, tz, session, and message fields into canonical schedule, target, and payload objects before startup recomputes run times. Fixes #43351.
Agents/replies: let pending group chat history trigger bare mentioned turns without treating metadata-only inbound context as user input. Fixes #71489. (#71520) Thanks @SymbolStar.
Google media generation: strip a configured trailing /v1beta from Google music/video provider base URLs before calling the Google GenAI SDK, preventing doubled /v1beta/v1beta paths. Fixes #63240. (#63258) Thanks @Hybirdss.
Discord: restore direct-message voice-note preflight transcription and classify URL-only Ogg/Opus voice attachments as audio while skipping partial attachments without usable URLs. Fixes #61314 and #64803.
Plugins/build: copy bundled plugin skill trees into dist-runtime, broaden Windows symlink-copy fallbacks, and fingerprint runtime dependencies from lstat so symlink-like directory entries cannot crash staging.
Google Chat: preserve reply text when a typing indicator message is deleted or can no longer be updated, so media captions and first text chunks are resent instead of silently disappearing. (#71498) Thanks @colin-lgtm.
Cron: tolerate malformed legacy job rows in startup, main-session system-event payloads, and human-readable cron list output so missing state, payload.text, or display fields no longer crash the scheduler or CLI. Fixes #66016, #65916, #64137, #57872, #59968, #63813, #52804, and #43163. (#71509) Thanks @vincentkoc.
CLI/models: make openclaw models scan fall back to public OpenRouter free-model metadata when no OPENROUTERAPIKEY is configured, avoid config secret resolution for explicit --no-probe scans, and apply the scan timeout to the OpenRouter catalog request.
Feishu: keep streaming cards to one live card per turn, flush throttled card edits after meaningful text boundaries, and skip exact block/partial repeats so tool-heavy replies do not duplicate card output. Thanks @allan0509.
Feishu: finish the streaming-card duplicate closeout by stripping leaked reasoning tags, preserving cross-block partial snapshots, enabling topic-thread streaming cards, omitting the generic main card header, surfacing transient tool/compaction status, and cleaning streaming state after close failures. Thanks @sesame437, @Vicky-v7, @maoku-family, @Pengxiao-Wang, and @Maple778.
Telegram: recover incomplete partial-stream previews by falling back to a final send when an ambiguous final edit failure would otherwise retain a strict prefix of the answer. Fixes #71525. (#71554) Thanks @sahilsatralkar.
Control UI/chat: collapse assistant token/model context details behind an explicit Context disclosure and show full dates in message footers, making historical transcript timing clear without noisy default metadata. (#71337) Thanks @BunsDev.
OpenAI/Codex OAuth: explain unsupportedcountryregion_territory token-exchange failures with a proxy/region hint instead of surfacing a generic OAuth error. Fixes #51175. (#71501) Thanks @vincentkoc and @wulala-xjj.
Browser/Linux: fall back to headless mode for local managed profiles on hosts without a display server, while preserving explicit per-profile headed overrides and reporting the headless source. (#60953) Thanks @rrpsantos.
Telegram: remove the startup persisted-offset getUpdates preflight so polling restarts do not self-conflict before the runner starts. Fixes #69304. (#69779) Thanks @chinar-amrutkar.
Telegram: keep the polling stall watchdog active even when grammY reports the runner as not running while its task is still pending, so a rebuilt transport cannot leave getUpdates silent until a manual gateway restart. Fixes #69064. Thanks @LDLoeb.
Subagents: fall back to direct completion delivery when the parent announce turn finishes without a visible payload, so child results still reach channel-backed requester sessions.
Subagents: tell parent agents to use sessions_yield while waiting for child completion events, preventing GPT-5 fast runs from ending silently after spawning workers.
Browser/Playwright: ignore benign already-handled route races during guarded navigation so browser-page tasks no longer fail when Playwright tears down a route mid-flight. (#68708) Thanks @Steady-ai.
Browser/CLI: lazy-load browser command groups and plugin runtime services so openclaw browser --help can render without loading the full browser automation stack. Fixes #65400. (#65460, #66640) Thanks @pandego and @Tianworld.
Browser/CLI: serve precomputed openclaw browser --help text from CLI startup metadata, avoiding the full plugin/config startup path for the common help invocation.
Browser/downloads: seed managed Chrome profiles with OpenClaw download prefs and capture unmanaged click-triggered downloads under the guarded downloads directory, while explicit download waiters still own their target file. (#64558) Thanks @Pearcekieser.
Browser/Chrome: stop passing redundant --disable-setuid-sandbox when browser.noSandbox is enabled; --no-sandbox remains the effective sandbox opt-out. (#67939) Thanks @sebykrueger.
Browser/client: stop telling agents to permanently avoid the browser after transient timeout or cancellation failures; keep the no-retry hint for persistent unavailable/rate-limit cases. (#46505) Thanks @jriff.
Browser/aria snapshots: bind format=aria axN refs to live DOM nodes through backend DOM ids when Playwright is available, so follow-up browser actions can use those refs without timing out. (#62434) Thanks @MrKipler.
Telegram: prevent duplicate in-process long pollers for the same bot token and add clearer getUpdates conflict diagnostics for external duplicate pollers. Fixes #56230. Thanks @Co-Messi.
Browser/Linux: detect Chromium-based installs under /opt/google, /opt/brave.com, /usr/lib/chromium, and /usr/lib/chromium-browser before asking users to set browser.executablePath. (#48563) Thanks @lupuletic.
Sessions/browser: close tracked browser tabs when idle, daily, /new, or /reset session rollover archives the previous transcript, preventing tabs from leaking past the old session. Thanks @jakozloski.
Sessions/forking: fall back to transcript-estimated parent token counts when cached totals are stale or missing, so oversized thread forks start fresh instead of cloning the full parent transcript. Thanks @jalehman.
OpenAI/Codex: send Codex Responses system prompts through top-level instructions while preserving the existing native Codex payload controls.
MCP/CLI: retire bundled MCP runtimes at the end of one-shot openclaw agent and openclaw infer model run gateway/local executions, so repeated scripted runs do not accumulate stdio MCP child processes. Fixes #71457. Thanks @spartoviMD.
OpenAI/Codex image generation: canonicalize legacy openai-codex.baseUrl values such as https://chatgpt.com/backend-api to the Codex Responses backend before calling gpt-image-2, matching the chat transport. Fixes #71460. Thanks @GodsBoy.
Control UI: make /usage use the fresh context snapshot for context percentage, and include cache-write tokens in the Usage overview cache-hit denominator. Fixes #47885. Thanks @imwyvern and @Ante042.
GitHub Copilot: preserve encrypted Responses reasoning item IDs during replay so Copilot can validate encrypted reasoning payloads across requests. (#71448) Thanks @a410979729-sys.
GitHub Copilot: never rewrite connection-bound reasoning item IDs regardless of whether encryptedcontent is present, fixing a 400 "Encrypted content itemid did not match" error with gpt-5.3-codex and future Codex models that fall through to the forward-compat catch-all with reasoning: false. Also recognize Codex-named models as reasoning-capable so they inherit the correct capability flags. Refs #68735. Thanks @InvalidPandaa.
Agents/replies: recover final-answer text when streamed assistant chunks contain only whitespace, preventing completed turns from surfacing as empty-payload errors. Fixes #71454. (#71467) Thanks @Sanjays2402.
Feishu/TTS: transcode voice-intent MP3 and other audio replies to Ogg/Opus before sending native Feishu audio bubbles, while keeping ordinary MP3 attachments as files. Fixes #61249 and #37868. Thanks @sg1416-zg and @ycjlb2023-peteryi.
WhatsApp/TTS: transcode MP3/WebM audio, including Microsoft Edge TTS output, to Ogg/Opus before sending PTT voice notes.
QQBot/TTS: honor plain audioAsVoice replies by synthesizing TTS to native QQ voice messages, and mark inbound voice-only messages as audio media without exposing raw voice paths to generic media context.
Providers/SenseAudio: add bundled SenseAudio batch audio transcription through tools.media.audio with SENSEAUDIOAPIKEY auth. (#66943) Thanks @Fl0rencess720.
Providers/MiniMax: let TTS use MiniMax portal OAuth and Token Plan credentials before falling back to MINIMAXAPIKEY, and include current TTS HD model ids. Fixes #55017. Thanks @zx15210404690-hash.
Telegram/webhook: acknowledge validated webhook updates before running bot middleware, keeping slow agent turns from tripping Telegram delivery retries while preserving per-chat processing lanes. Fixes #71392. Thanks @joelforsberg46-source.
MCP/config reload: hot-apply mcp.* changes by disposing cached session MCP runtimes, and dispose bundled MCP runtimes during gateway shutdown so removed mcp.servers entries reap child processes promptly. Fixes #60656. Thanks @xieyuanqing.
Active Memory: keep silent recall sub-agent billing/auth failures out of shared auth-profile cooldown state, so a Claude CLI extra-usage rejection cannot disable normal Claude-backed turns. Fixes #71284. (#71539) Thanks @vishutdhar and @obviyus.
Auth/Claude CLI: sync refreshed Claude CLI OAuth credentials into the managed auth profile so long-running Claude CLI runs stop falling back to stale OpenClaw snapshots. (#70902) Thanks @starvex.
Sessions: make sessions_spawn(mode="session") errors name usable alternatives when the current channel cannot bind subagent threads. Fixes #67400. (#67790) Thanks @stainlu.
Agents/Claude CLI: pass the OpenClaw system prompt through Claude's prompt-file flag so Windows runs avoid argv length failures without changing system prompt semantics. Fixes #69158. (#69211) Thanks @skylee-01, @cassioanorte, @Syu0, and @Stache73.
Agents/CLI sessions: bind google-gemini-cli session auth-epoch to the Google account identity in ~/.gemini/oauth_creds.json, so Gemini-backed agents resume their conversation after gateway restart instead of minting a fresh session, and stale bindings are invalidated when the authenticated Google account changes. Fixes #70973. (#71076) Thanks @openperf.
Slack: stop treating user mentions in assistant-authored message edit blocks as sender attribution, preventing edited bot messages from spoofing a mentioned DM user. (#71700) Thanks @vincentkoc.
Codex: consume unauthorized bound conversation inbound claims before they can fall through to other claim handlers or enqueue Codex turns. (#71702) Thanks @vincentkoc.
Codex media understanding: require approval-checked app-server image turns while explicitly declining tool, file, permission, and elicitation approval requests for the bounded image worker. (#71703) Thanks @vincentkoc.
Agents/Claude CLI: allow large live stream-json JSONL lines up to the existing per-turn raw limit, preventing large Telegram, WebChat, MCP, and image turns from aborting on the old stdout buffer cap. Fixes #71793, #71080, and #70766. (#71897) Thanks @chacher86, @shivamgrover21, and @tpjordan.
Agents/Claude CLI: unwrap nested Claude result envelopes in CLI JSON output so delegated agent responses surface as final text instead of raw result JSON. (#66819) Thanks @mraleko.
Agents/Claude CLI: apply the configured 1M context window override to eligible Claude CLI Opus and Sonnet models when context1m is enabled. (#70863) Thanks @bidadh.
Models/status: report fresh Claude CLI native auth instead of stale stored anthropic:claude-cli profile expiry when local credentials are current. Fixes #71256. (#71332) Thanks @matthiasjanke and @neeravmakwana.
CLI backends: compact OpenClaw transcripts after over-budget CLI turns and reseed fresh CLI sessions from the compacted transcript instead of stale external resume state. Fixes #68329. (#71916) Thanks @obviyus.
Telegram: keep default tool progress messages visible when answer preview streaming is disabled. (#71825) Thanks @VACInc.
Configure/models: clear deselected model fallbacks when updating the model picker allowlist, including provider-scoped setup flows. (#71596) Thanks @rubencu.
Agents/streaming: strip namespaced <antml:thinking> reasoning tags from streamed assistant replies before user-visible text is emitted. (#69288) Thanks @xialonglee.

v2026.4.24 BREAKING [Apr 25, 2026] (4d ago) details → github →

# openclaw 2026.4.24

2026.4.24

Highlights

Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs.
DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns.
Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers.
Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery.
Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs.

Breaking

Plugin SDK/tool-result transforms: remove the Pi-only api.registerEmbeddedExtensionFactory(...) compatibility path. Bundled tool-result rewrites must use api.registerAgentToolResultMiddleware(...) with contracts.agentToolResultMiddleware declaring the targeted harnesses, so transforms run consistently across Pi and Codex app-server dynamic tools. Thanks @vincentkoc.

Changes

Control UI/Talk: add browser WebRTC realtime voice sessions backed by OpenAI Realtime, with Gateway-minted ephemeral client secrets and openclawagentconsult handoff to the full OpenClaw agent.
Plugins/Google Meet: add a bundled participant plugin with personal Google auth, explicit meeting URL joins, Chrome and Twilio realtime transports, paired-node chrome-node support for Parallels-style Chrome/BlackHole/SoX hosts, and full-agent consults inside live voice sessions. (#70765)
Plugins/Google Meet: add artifact and attendance workflows for conference records, recordings, transcripts, smart notes, and participant sessions, including markdown/file output, latest-record lookup, and --all-conference-records history scans.
Plugins/Google Meet: add OAuth and browser-state doctor/recovery flows, including googlemeet doctor --oauth and recovercurrenttab/recover-tab so agents can inspect already-open Meet tabs without opening duplicates.
Plugins/Voice Call: expose the shared openclawagentconsult realtime tool so live phone calls can ask the full OpenClaw agent for deeper/tool-backed answers.
Plugins/Voice Call: add voicecall setup and a dry-run-by-default voicecall smoke command so Twilio/provider readiness can be checked before placing a live test call.
Providers/Google: add a Gemini Live realtime voice provider for backend Voice Call and Google Meet audio bridges, with bidirectional audio and function-call support.
Providers/Google: let Gemini TTS prepend configured audioProfile and speakerName prompt text for reusable speech style control. Thanks @tdack.
Gateway/VoiceClaw: add a realtime brain WebSocket endpoint backed by Gemini Live, with owner-auth gating and async OpenClaw tool handoff. (#70938) Thanks @yagudaev.
Control UI: refine the agent Tool Access panel with compact live-tool chips, collapsible tool groups, direct per-tool toggles, and clearer runtime/source provenance. (#71405) Thanks @BunsDev.
Control UI/chat: add a Steer action on queued messages so a browser follow-up can be injected into the active run without retyping it.
Browser: add viewport coordinate clicks for managed and existing-session automation, plus openclaw browser click-coords for CLI use. (#54452) Thanks @dluttz.
Browser: add browser.actionTimeoutMs and use a 60s default action budget so healthy long browser waits do not fail at the client transport boundary. (#62589) Thanks @andyylin.
Browser/config: support per-profile browser.profiles.<name>.headless overrides for locally launched browser profiles, so one profile can run headless without forcing all browser profiles headless. Thanks @nakamotoliu.
Matrix: require full cross-signing identity trust for self-device verification and add openclaw matrix verify self so operators can establish that trust from the CLI. (#70401) Thanks @gumadeiras.
Gradium: add a bundled text-to-speech provider with voice-note and telephony output support. (#64958) Thanks @LaurentMazare.
Memory-core/hybrid search: expose raw vectorScore and textScore alongside the combined score on hybrid memory search results, so callers can inspect vector-versus-text retrieval contribution before temporal decay or MMR reordering. Fixes #68166. (#68286) Thanks @ajfonthemove.
Dependencies/memory: stop installing node-llama-cpp by default; local embeddings now load it only when operators install the optional runtime package. Thanks @vincentkoc.
Providers/DeepSeek: add DeepSeek V4 Flash and V4 Pro to the bundled catalog and make V4 Flash the onboarding default. Thanks @lsdsjy.
Dependencies/Pi: update bundled Pi packages to 0.70.2, use Pi's upstream gpt-5.5 and DeepSeek V4 catalog metadata, and keep only local gpt-5.5-pro forward-compat handling. Thanks @lsdsjy.
Models/CLI: speed up model listing with safe static catalogs for bundled providers, narrower row-source orchestration, and less broad registry enumeration for default openclaw models list. (#70632, #70883, #70867) Thanks @shakkernerd.
Models/commands: deprecate /models add so chat attempts now return a deprecation message instead of writing model configuration, and remove the add action from /models provider menus. (#71175) Thanks @Takhoffman.
Models/catalog: add manifest-sourced model rows, duplicate provider/model conflict reporting, and shared src/model-catalog normalization for provider index, cache, onboarding, and listing consumers without loading provider runtime. (#71368, #71360) Thanks @shakkernerd.
Codex harness/context-engine: run context-engine bootstrap, assembly, post-turn maintenance, and engine-owned compaction in Codex app-server sessions while keeping native Codex thread state and compaction auditable. (#70809) Thanks @jalehman.
Codex runtime plan: consolidate contract-first Pi/Codex parity coverage and accept legacy Codex auth-provider aliases in app-server profile login and refresh paths. (#71096) Thanks @100yenadmin.
Codex harness: bridge Codex-native tool hooks into OpenClaw plugin hooks and approvals, with bounded relay payloads and approval spam protection. (#71008) Thanks @pashpashpash.
Plugin SDK/Codex harness: add provider-owned transport/auth/follow-up seams and harness result classification so Codex-style runtimes can participate in fallback policy without core special-casing. (#70772) Thanks @100yenadmin.
Gateway/nodes: add disabled-by-default gateway.nodes.pairing.autoApproveCidrs for first-time node pairing from explicit trusted CIDRs, while keeping operator/browser pairing and all upgrade flows manual. Fixes #60800. Thanks @sahilsatralkar.
WebChat/sessions: keep runtime-only prompt context out of visible transcript history and scrub legacy wrappers from session history surfaces. Thanks @91wan.
Agents/bootstrap: add agents.defaults.contextInjection: "never" to disable workspace bootstrap file injection for agents that fully own their prompt lifecycle. (#65006) Thanks @xDarkicex.
Plugins/manifest: add a modelCatalog contract for provider-owned model rows, aliases, suppression rules, and discovery mode metadata without loading plugin runtime. (#71342) Thanks @shakkernerd.
Plugins/setup: honor explicit setup.requiresRuntime: false as a descriptor-only setup contract while keeping omitted values on the legacy setup-api fallback path. Thanks @vincentkoc.
Plugins/setup: report descriptor/runtime drift when setup-api registrations disagree with setup.providers or setup.cliBackends, without rejecting legacy setup plugins. Thanks @vincentkoc.
Plugins/setup: include setup.providers[].envVars in generic provider auth/env lookups and warn non-bundled plugins that still rely on deprecated providerAuthEnvVars compatibility metadata. Thanks @vincentkoc.
Plugins/setup: derive generic provider setup choices from descriptor-safe setup.providers[].authMethods before falling back to setup runtime. Thanks @vincentkoc.
Plugins/setup: surface manifest provider auth choices directly in provider setup flow before falling back to setup runtime or install-catalog choices. Thanks @vincentkoc.
Plugins/setup: warn when descriptor-only setup plugins still ship ignored setup runtime entries, keeping setup.requiresRuntime: false semantics explicit without breaking existing metadata. Thanks @vincentkoc.
Plugins/channels: use manifest channelConfigs for read-only external channel discovery when no setup entry is available or setup descriptors declare runtime unnecessary. Thanks @vincentkoc.
Plugin hooks: expose first-class run, message, sender, session, and trace correlation fields on message hook contexts and run lifecycle events. Thanks @vincentkoc.
Plugins/PDF: move local PDF extraction into a bundled document-extract plugin so core no longer owns pdfjs-dist or PDF image-rendering dependencies. Thanks @vincentkoc.
Providers/Anthropic Vertex: move the Vertex SDK runtime behind the bundled provider plugin so core no longer owns that provider-specific dependency. Thanks @vincentkoc.
Plugins/activation: expose activation plan reasons and a richer plan API so callers can inspect why a plugin was selected while preserving existing id-list activation behavior. (#70943) Thanks @vincentkoc.
Plugins/source metadata: expose normalized install-source facts on provider and channel catalogs so onboarding can explain npm pinning, integrity state, and local availability before runtime loads. (#70951) Thanks @vincentkoc.
Plugins/catalog: pin the official external WeCom channel source to an exact npm release plus dist integrity, with a guard that official external sources stay integrity-pinned. (#70997) Thanks @vincentkoc.
Plugins/source metadata: warn when openclaw.install.defaultChoice is invalid or points at a missing source, keeping catalog diagnostics explicit without breaking existing plugins. Thanks @vincentkoc.
Plugins/source metadata: warn when openclaw.install.expectedIntegrity is present without a valid npm source, keeping orphaned integrity metadata visible without rejecting existing plugins. Thanks @vincentkoc.
Plugins/source metadata: warn when provider or channel catalog package identity drifts from openclaw.install.npmSpec, keeping diagnostics visible without rejecting compatible external catalogs. Thanks @vincentkoc.
Plugins/Bonjour: move LAN Gateway discovery advertising into a default-enabled bundled plugin with its own @homebridge/ciao dependency, so users can disable Bonjour without cutting wide-area discovery. Thanks @vincentkoc.
Plugins/compatibility: add a central plugin compatibility registry and docs for SDK/config/setup/runtime deprecation records, including dated migration metadata for legacy harness naming and other plugin-facing aliases. Thanks @vincentkoc.
TUI/dependencies: remove direct cli-highlight usage from the OpenClaw TUI code-block renderer, keeping themed code coloring without the extra root dependency. Thanks @vincentkoc.
Dependencies/SBOM: add an ownership-backed dependency risk report for root closure size, native/build-risk packages, and missing owner records. Thanks @vincentkoc.
Diagnostics/OTEL: export run, model-call, and tool-execution diagnostic lifecycle events as OTEL spans without retaining live span state. Thanks @vincentkoc.
Diagnostics/OTEL: accept opt-in diagnostics.otel.captureContent controls for future model/tool content span attributes while keeping raw content export disabled by default. Thanks @vincentkoc.
Diagnostics/OTEL: add a lightweight diagnostic trace-context carrier for future span correlation without adding OTEL SDK state to core. Thanks @vincentkoc.
Diagnostics/OTEL: attach diagnostic trace context to exported OTEL logs so log records can correlate with future spans without adding retained process state. Thanks @vincentkoc.
Diagnostics/OTEL: pass immutable per-run diagnostic trace context through agent and tool hook contexts, and parent exported diagnostic spans from validated context without retaining global trace state. Thanks @vincentkoc.
Diagnostics/OTEL: make exporter startup restart-safe so config reloads do not retain stale SDKs, log transports, or diagnostic event listeners. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded exec-process diagnostics and export them as openclaw.exec spans without exposing command text, working directories, or container identifiers. (#70424) Thanks @jlapenna.
Diagnostics/OTEL: support OPENCLAWOTELPRELOADED=1 so the plugin can reuse an already-registered OpenTelemetry SDK while keeping OpenClaw diagnostic listeners wired. (#70424) Thanks @jlapenna.
Diagnostics: emit structured tool execution diagnostic events with trace context, timing, and redacted error metadata. Thanks @vincentkoc.
Diagnostics: emit structured run and model-call diagnostic events with trace context, duration, and non-message error metadata. Thanks @vincentkoc.
CLI/Gateway: make gateway status start faster by skipping plugin loading on the read-only status path. (#71364) Thanks @andyylin.

Fixes

Packaged installs: preserve package-root runtime dependencies and their exported subpaths when bundled plugin runtime mirrors fall back to copying shared chunks, fixing Windows npm updates that could fail to load copied dist modules.
Heartbeat: clamp oversized scheduler delays through the shared safe timer helper, preventing every values over Node's timeout cap from becoming a 1 ms crash loop. Fixes #71414. (#71478) Thanks @hclsys.
Agents/heartbeat: stop injecting the heartbeat system prompt into non-heartbeat runs, preventing ordinary user replies from being suppressed as HEARTBEAT_OK acknowledgments. Fixes #69079. (#69278) Thanks @stainlu.
MCP: retire one-shot embedded bundled MCP runtimes at run end, skip bundle-MCP startup when a runtime tool allowlist cannot reach bundle-MCP tools, and add mcp.sessionIdleTtlMs idle eviction for leaked session runtimes. Fixes #71106, #71110, #70389, and #70808.
Gateway/restart continuation: durably hand restart continuations to a session-delivery queue before deleting the restart sentinel, recover queued continuation work after crashy restarts, and fall back to a session-only wake when no channel route survives reboot. (#70780) Thanks @fuller-stack-dev.
Agents/tool-result pruning: harden the tool-result character estimator and context-pruning loops against malformed { type: "text" } blocks created by void or undefined tool handler results, serializing non-string text payloads for size accounting so they cannot bypass trimming as zero-sized. Fixes #34979. (#51267) Thanks @cgdusek.
Daemon/service-env: add Nix Home Manager profile bin directories to generated gateway service PATHs on macOS and Linux, honoring NIX_PROFILES right-to-left precedence and falling back to ~/.nix-profile/bin when unset. Fixes #44402. (#59935) Thanks @jerome-benoit.
Feishu: back off streaming-card creation after HTTP 400 startup failures, so unsupported card setups fall back without delaying every message. Fixes #56981. Thanks @JinnanDuan.
Feishu/topic groups: key native Feishu/Lark topic-group sessions by threadid so starter messages and replies with different rootid formats stay in the same group_topic conversation. Fixes #71438. Thanks @1335848090.
Feishu: suppress duplicate final card delivery when idle closes a streaming card before the final payload arrives. (#68491) Thanks @MoerAI.
Signal: preserve sender attachment filenames and resolve missing MIME types from those filenames, so Linux signal-cli voice notes without contentType still enter audio transcription. Fixes #48614. Thanks @mindfury.
Telegram/agents: suppress the phantom "Agent couldn't generate a response" fallback after a reply was already committed through the messaging tool. (#70623) Thanks @chinar-amrutkar.
Models/CLI: show provider runtime contextTokens beside native contextWindow in openclaw models list, and align openai-codex/gpt-5.5 with Codex's 272K runtime cap plus 400K native window. Fixes #71403.
Dashboard/security: avoid writing tokenized Control UI URLs or SSH hints to runtime logs, keeping gateway bearer fragments out of console-captured logs readable through logs.tail. (#70029) Thanks @Ziy1-Tan.
Providers/OpenRouter: treat DeepSeek refs as cache-TTL eligible without injecting Anthropic cache-control markers, aligning context pruning with OpenRouter-managed prompt caching. (#51983) Thanks @QuinnH496.
Control UI/browser: defer temp-dir access-mode constants until Node-only temp-dir resolution runs, preventing browser bundles from crashing when node:fs constants are stubbed. (#48930) Thanks @Valentinws.
Discord/cron: deliver text-only isolated cron and heartbeat announce output from the canonical final assistant text once, avoiding duplicate Discord posts when streamed block payloads and the final answer contain the same content. Fixes #71406. Thanks @alexgross21.
macOS Gateway: wait for launchd to reload the exited Gateway LaunchAgent before bootstrapping repair fallback, preventing config-triggered restarts from leaving the service not loaded. Fixes #45178. Thanks @vincentkoc.
macOS Gateway: tolerate launchctl bootstrap's already-loaded exit during restart fallback and use non-killing kickstart after bootstrap, avoiding a second race that can unload the LaunchAgent. Fixes #41934. Thanks @zerone0x.
macOS Gateway: rewrite stale LaunchAgent plists before restart fallback bootstrap, matching install repair behavior when gateway restart has to re-register launchd. Thanks @maybegeeker.
TTS/hooks: preserve audio-only TTS transcripts for messagesending and messagesent hooks without rendering the transcript as a media caption. Thanks @zqchris.
WhatsApp/TTS: preserve audioAsVoice through shared media payload sends and the WhatsApp outbound adapter, so [[audioasvoice]] reply payloads keep their voice-note intent when routed through sendPayload. Fixes #66053. Thanks @masatohoshino.
Control UI/WebChat: hide heartbeat prompts, HEARTBEAT_OK acknowledgments, and internal-only runtime context turns from visible chat history while leaving the underlying transcript intact. Fixes #71381. Thanks @gerald1950ggg-ai.
Control UI/chat: keep optimistic user and assistant tail messages visible when a final history refresh briefly returns an older snapshot, preventing message cards from flash-disappearing until the next refresh. Fixes #71371. Thanks @WolvenRA.
Talk/TTS: resolve configured extension speech providers from the active runtime registry before provider-list discovery, so Talk mode no longer rejects valid plugin speech providers as unsupported.
Sessions/subagents: stop stale ended runs and old store-only child reverse links from reappearing in childSessions, while keeping live descendants and recently-ended children visible. Fixes #57920.
Subagents: recover child sessions after recoverable wait transport failures without exposing an extra wait state, and keep terminal lifecycle timer ordering deterministic. (#71423) Thanks @ZiPengWei.
Subagents: stop stale unended runs from counting as active or pending forever, while preserving restart-aborted recovery for recoverable child sessions. Fixes #71252. Thanks @hclsys.
Gateway/tools: allow POST /tools/invoke to reach plugin-backed catalog tools such as browser when no core implementation exists, while still preferring built-in tools for real core names. Thanks @chat2way.
Browser/security: require operator.admin for the browser.request gateway method, matching the host/browser-node control authority exposed by that route. Thanks @RichardCao.
Browser/profiles: allow local managed profiles to override browser.executablePath, so different profiles can launch different Chromium-based browsers. Thanks @nobrainer-tech.
Agents/replay: repair displaced or missing tool results before strict provider replay, use Codex-compatible aborted outputs for OpenAI Responses history, and drop partial aborted/error transport turns before retries.
Browser/startup: deduplicate concurrent lazy-start calls per profile so simultaneous browser tool requests no longer race into duplicate Chrome launches and PortInUseError. (#61772) Thanks @sukhdeepjohar.
Browser/profiles: recover from stale Chromium Singleton* profile locks after crashes or host moves by clearing dead/foreign locks and retrying launch once. Thanks @seanc-dev.
Browser/existing-session: keep Chrome MCP status probes transport-only and ephemeral, and retry stale cached Playwright attaches once so idle profile checks no longer poison the next real attach. (#57245) Thanks @josephbergvinson.
Cron/exec: suppress automatic background exec completion wakes only for silent cron jobs with delivery.mode="none" while keeping webhook and announce runs observable. (#71391) Thanks @goldmar.
Reply media: allow sandboxed replies to deliver OpenClaw-managed media/outbound and media/tool-* attachments without treating them as sandbox escapes, while keeping alias-escape checks on the managed media root. Fixes #71138. Thanks @mayor686, @truffle-dev, and @neeravmakwana.
CLI/agent: keep openclaw agent --json stdout reserved for the JSON response by routing gateway, plugin, and embedded-fallback diagnostics to stderr before execution starts. Fixes #71319.
Agents/Gemini: retry reasoning-only, empty, and planning-only Gemini turns instead of letting sessions silently stall. Fixes #71074. (#71362) Thanks @neeravmakwana.
Providers/DeepSeek: add missing reasoning_content placeholders for replayed assistant tool-call turns when DeepSeek V4 thinking is enabled, so switching an existing session to deepseek-v4-flash or deepseek-v4-pro no longer trips the provider's 400 replay check. Fixes #71372. Thanks @yangyang1719.
Exec approvals: allow bare command-name allowlist patterns to match PATH-resolved executable basenames without trusting ./tool or absolute path-selected binaries. Fixes #71315. Thanks @chen-zhang-cs-code and @dengluozhang.
Config/recovery: skip whole-file last-known-good rollback when invalidity is scoped to plugins.entries.*, preserving unrelated user settings during plugin schema or host-version skew. Fixes #71289. Thanks @jalehman.
Agents/tools: keep resolved reply-run configs from being overwritten by stale runtime snapshots, and let empty web runtime metadata fall back to configured provider auto-detection so standard and queued turns expose the same tool set. Fixes #71355. Thanks @c-g14.
Agents/TTS: pass the resolved shared config into the tts tool, so tool-triggered speech uses configured providers and voices instead of falling back to a fresh config load.
Reply media: strip MEDIA: attachments from final replies when the same media already went out through block streaming, preventing duplicate Telegram voice notes and files. Fixes #65468. Thanks @aurora-openclaw.
Agents/TTS: preserve voice media when a tool-generated reply is paired with an exact NO_REPLY sentinel, stripping the sentinel text instead of dropping the audio payload. Fixes #66092.
Compaction: honor explicit agents.defaults.compaction.keepRecentTokens for manual /compact, re-distill safeguard summaries instead of snowballing previous summaries, and enable safeguard summary quality checks by default. Fixes #71357. Thanks @WhiteGiverMa.
Sessions: honor configured session.maintenance settings during load-time maintenance instead of falling back to default entry caps. Fixes #71356. Thanks @comolago.
Browser/sandbox: pass the resolved browser.ssrfPolicy into sandbox browser bridges and refresh cached bridges when the effective policy changes, so sandboxed browser navigation honors private-network opt-ins. Fixes #45153 and #57055. Thanks @jzakirov, @zuoanCo, and @kybrcore.
Browser/proxy: keep Gateway/provider proxy environment variables from proxying the OpenClaw-managed browser, so HTTPPROXY and HTTPSPROXY no longer block ordinary browser navigation. Fixes #71358. Thanks @Sanjays2402.
Agents/MCP: validate draft-2020-12 MCP tool output schemas with a draft-aware bundle-MCP client validator, so external MCP servers no longer fail catalog/tool execution with missing schema refs. Fixes #68772 and #70196. Thanks @mwiesen.
Dashboard/Windows: open Control UI and OAuth URLs through the system URL handler without cmd.exe parsing or PATH-based rundll32 lookup, and reject non-HTTP browser-open inputs. Fixes #71098. Thanks @Sanjays2402.
Config/doctor: reject legacy secretref-env:<ENV_VAR> marker strings on SecretRef credential paths and migrate valid markers to structured env SecretRefs with openclaw doctor --fix. Fixes #51794. Thanks @halointellicore.
Plugin SDK/browser: export the resolved browser tab-cleanup config type through the browser profile facade, keeping SDK subpath contracts aligned.
Providers/OpenAI: separate API-key and Codex sign-in onboarding groups, and avoid replaying stale OpenAI Responses reasoning blocks after a model route switch.
Providers/OpenAI-compatible: forward promptcachekey on Completions requests only for providers that opt in with compat.supportsPromptCacheKey, keeping default proxy payloads unchanged. Fixes #69272.
Providers/OpenAI-compatible: skip null or non-object streaming chunks from custom providers instead of failing the turn after partial output. Fixes #51112.
Providers/OpenAI-compatible: treat singular MLX-style finishreason: "toolcall" as tool use instead of a provider error. Fixes #61499.
Docs/TTS: clarify that legacy flat TTS provider config blocks are repaired by openclaw doctor --fix, not accepted by strict runtime schema on load. Fixes #56220.
Plugins/OpenCode: strip unsupported disabled Responses reasoning payloads for OpenCode image understanding. Fixes #70252.
Plugins/OpenCode/OpenCode Go: register image understanding metadata so the image tool is available for OpenCode catalog models with vision support. Fixes #70482 and #61789.
Plugins/OpenCode Go: update the default Go catalog model to opencode-go/kimi-k2.6. Thanks @masrlinu.
Providers/ElevenLabs: omit the MP3-only Accept header for PCM telephony synthesis, so Voice Call requests for pcm_22050 no longer receive MP3 audio. Fixes #67340. Thanks @marcchabot.
Providers/MiniMax TTS: truncate fractional pitch overrides before sending T2A requests, matching MiniMax's integer pitch contract while preserving fractional speed and volume. Fixes #62144.
Providers/MiniMax TTS: transcode voice-note targets to Opus so Feishu/Telegram receive native voice messages instead of MP3 file attachments. Fixes #63540, #64134, and #70445.
Providers/Microsoft TTS: keep allowlisted bundled speech providers discoverable even when another speech plugin has already registered, so Edge/Microsoft TTS is available alongside OpenAI. Fixes #62117 and #66850.
Providers/Microsoft TTS: honor legacy messages.tts.providers.edge voice settings after normalizing Edge TTS to the Microsoft provider. Fixes #64153.
Providers/OpenRouter: add an OpenRouter TTS provider using the OpenAI-compatible /audio/speech endpoint and OPENROUTERAPIKEY. Fixes #71268.
macOS Talk Mode: retry failed local ElevenLabs stream playback through gateway talk.speak before falling back to the system voice, so configured ElevenLabs voices still play when streaming playback fails. Fixes #65662.
Plugins/Voice Call: reap stale pre-answer calls by default, honor configured TTS timeouts for Twilio media-stream playback, and fail empty telephony audio instead of completing as silence. Fixes #42071; supersedes #60957. Thanks @Ryce and @sliekens.
Plugins/Voice Call: fail fast when Twilio, Telnyx, or Plivo would fall back to a loopback/private webhook URL, so calls do not start with an unreachable callback endpoint. Thanks @artemgetmann.
Plugins/Voice Call: resolve queued-but-not-yet-playing Twilio TTS entries when barge-in or stream teardown clears the playback queue, so callers awaiting queueTts() do not hang. Thanks @kevinWangSheng.
Plugins/Voice Call: terminate expired restored call sessions with the provider and restart restored max-duration timers with only the remaining duration, preventing stale outbound retry loops after Gateway restarts. Fixes #48739. Thanks @mira-solari.
Plugins/Voice Call: start provider STT after Telnyx outbound conversation greetings and pass configured Telnyx voice IDs through to the speak action. Fixes #56091. Thanks @Roshan.
Skills: honor legacy metadata.clawdbot requirements and installer hints when metadata.openclaw is absent, so older skills no longer appear ready when required binaries are missing. Fixes #71323. Thanks @chen-zhang-cs-code.
Browser/config: expand ~ in browser.executablePath before Chromium launch, so home-relative custom browser paths no longer fail with ENOENT. Fixes #67264. Thanks @Quratulain-bilal.
Channels/streaming: keep Telegram tool-progress preview updates enabled by default to match released behavior, document streaming.preview.toolProgress: false for disabling only those status lines, and prevent preview progress text from triggering Telegram Markdown links, Discord mentions, or Slack mrkdwn mentions. Fixes #71320. Thanks @neeravmakwana.
Gateway/sessions: copy the oversized sessions.json to a rotation backup before the atomic rewrite instead of renaming the live store away, so a crash during rotation keeps the existing session-to-transcript mapping authoritative. Fixes #68229. Thanks @jjjojoj.
Providers/OpenAI-compatible: strip OpenAI-only Completions store from proxy payloads and allow extra_body/extraBody passthrough params for provider-specific request fields. Fixes #61826 and #69717.
Discord/subagents: preserve thread-bound completion delivery by keeping the requester-agent announce path primary and falling back to direct thread sends only when the announce produces no visible output. (#71064) Thanks @DolencLuka.
Discord/proxy: serialize proxied multipart attachment uploads with undici FormData, so Discord media sends work through configured REST proxies. (#71383) Thanks @TC500.
Browser/tool: give Chrome MCP existing-session manage calls a longer default timeout, pass explicit tool timeouts through tab management, and recover stale selected-page MCP sessions instead of forcing a manual reset.
Browser/sandbox: clean up idle tracked tabs opened by primary-agent browser sessions, while preserving active tab reuse and lifecycle cleanup for subagents, cron, and ACP sessions. Fixes #71165. Thanks @dwbutler.
Plugins/Voice Call: reuse the webhook runtime across in-process plugin contexts, avoiding EADDRINUSE when agent tools or CLI commands run while the Gateway already owns the voice webhook port. Fixes #58115. Thanks @sfbrian.
Plugins/Voice Call: answer accepted Telnyx inbound Call Control legs on call.initiated, so webhooks that reach OpenClaw no longer leave the caller ringing until hangup. Fixes #58231 and #40131. Thanks @KonsultDigital.
Plugins/Voice Call: coalesce concurrent webhook server starts on the same runtime instance, avoiding a second listen() bind when overlapping startup paths race. Thanks @education-01.
Plugins/Voice Call: pin voice response sessions to responseModel before embedded agent runs, avoiding live-session model switch failures when the global default model differs. Fixes #60118. Thanks @xinbenlv.
Plugins/Voice Call: add agentId for voice response generation, so phone calls can use a dedicated agent workspace instead of always routing through main. Fixes #42155. Thanks @TheOpie.
Plugins/Voice Call: scope embedded voice response sandbox resolution to the selected voice agent, so implicit main voice sessions respect agents.defaults.sandbox.mode: "off" even when other agents define sandboxed Docker binds. Fixes #56367. Thanks @crpol.
Media tools: honor the configured web-fetch SSRF policy for media understanding, image/music/video generation references, and PDF inputs, so explicit RFC2544 opt-ins cover WebChat OSS uploads without weakening defaults. Fixes #71300. (#71321) Thanks @neeravmakwana.
Agents/TTS: suppress successful spoken transcripts from verbose chat tool output when structured voice media is already queued, while preserving text output for non-builtin tool-name collisions. Fixes #71282. Thanks @neeravmakwana.
Plugins/Google Meet: reuse active Meet tabs across harmless URL query differences, recover already-open tabs after browser timeouts, surface manual-action details for login or permission blockers, and let googlemeet recover-tab inspect paired browser nodes from the terminal.
Cron/isolated sessions: clear stale runtime, lifecycle, auth, model, exec, heartbeat, usage, privilege, routing, and delivery artifacts when creating a fresh isolated run, and persist per-run session rows as snapshots so old base-session state no longer leaks into new cron executions. Thanks @vincentkoc.
Gateway/sessions: recover main-agent turns interrupted by a gateway restart from stale transcript-lock evidence, avoiding stuck status: "running" sessions without broad post-boot transcript scans. Fixes #70555. Thanks @bitloi.
Codex approvals: sanitize MCP elicitation approval titles, descriptions, and display parameters before forwarding them to OpenClaw approval prompts. (#71343) Thanks @Lucenx9.
Codex approvals: keep command approval responses within Codex app-server availableDecisions, including deny/cancel fallbacks for prompts that do not offer decline. (#71338) Thanks @Lucenx9.
Codex harness: reject same-thread app-server notifications without turnId or turn.id after a bound turn starts, preventing unscoped events from mutating or completing the active reply. (#71317) Thanks @Lucenx9.
Plugins/Google Meet: include live Chrome-node readiness and Parallels recovery checks in setup, so stale node tokens or disconnected VM browsers are visible before an agent opens a meeting.
Context engine: keep safeguard compaction checks active after context-engine windowing and for ownsCompaction engines, so large transcripts can compact before prompt submission instead of waiting for provider overflow. Fixes #71325.
Approvals: compact structured home-directory paths to ~ across Codex permission prompts and exec approval metadata without repeating them as a separate high-risk warning, while preserving filesystem root and wildcard host warnings.
Plugins/runtime deps: isolate the internal npm cache used for bundled plugin runtime-dependency repair and let package updates refresh/verify already-current installs, so failed update or sudo doctor runs can be repaired by rerunning openclaw update.
Agents/delete: keep --json output machine-readable and retain workspaces that overlap another agent's workspace instead of moving shared state to Trash. Fixes #70889 and #70890. (#70897) Thanks @kaseonedge.
Browser/screenshot: honor timeoutMs through host and node screenshot requests, bound raw CDP screenshot commands, and avoid beyond-viewport CDP capture for ordinary viewport screenshots, so Windows Chrome captures no longer hang past the requested deadline. Fixes #68330. Thanks @Woodylai24.
Telegram/model picker: show configured model display names when browsing models through provider buttons, matching typed /models <provider> output. Fixes #70560. (#71016) Thanks @iskim77.
Plugins/runtime deps: stage bundled plugin runtime dependencies for packaged/global installs in an external runtime root and retain already staged deps across repairs, avoiding package-tree update races and npm pruning after upgrades.
Plugins/runtime deps: log bundled plugin runtime-dependency staging before synchronous npm installs start and include elapsed timing afterward, so first boot after upgrades no longer looks hung while dependencies are being repaired.
Memory/Bedrock: skip Bedrock during automatic memory embedding selection when AWS credentials are unavailable, so memory_search can fall back to lexical search instead of failing on the first embed call. Fixes #71143 via #71245. Thanks @bitloi.
Agents/failover: forward embedded run abort signals into provider-owned model streams, cap implicit LLM idle watchdogs below long run timeouts, and mark 429 responses without usable retry timing as non-retryable so GitHub Copilot rate limits fail over or surface promptly instead of hanging until run timeout. Fixes #71120.
Plugins/Google Meet: make meeting creation join by default, with an explicit URL-only opt-out, so agents that create a Meet also enter it.
Telegram/polling: persist accepted update offsets before long-running handlers complete so poller restarts do not replay already-ingested updates, while keeping same-process retries for handler failures.
Telegram/config: include generated Telegram channel config schema metadata in packaged plugin manifests so forum-topic/group config is accepted before runtime loads.
CLI/Claude: include user-configured mcp.servers in the strict Claude CLI MCP bundle config, matching Pi runs while preserving the OpenClaw loopback override. Fixes #70909. Thanks @keishingu.
Browser/tool: keep explicit AI snapshots from inheriting the efficient role-snapshot default and preserve numeric Playwright AI refs, so --format ai remains a real AI snapshot path. Fixes #62550. Thanks @ly85206559.
Gateway/config: keep in-process config patch reload comparisons on the resolved source snapshot when ${VAR} env refs are restored on disk, avoiding false full gateway restarts for unchanged gateway/plugin secrets. Fixes #71208. Thanks @robbiethompson18.
Slack/messages: serialize write-client requests and whole outbound sends per target so rapid multi-message Slack replies preserve send order. Fixes #69101. (#69105) Thanks @nightq and @ztexydt-cqh.
Slack/messages: keep Slack bot tokens out of internal message-ordering and DM cache keys.
Slack/exec approvals: resolve native approval button clicks over the Gateway instead of delivering /approve ... as plain agent text, preserving retry buttons if Gateway resolution fails. Fixes #71023. (#71025) Thanks @marusan03.
Browser/tool: expose browser doctor diagnostics to agents and extend openclaw doctor browser readiness notes for managed Chromium launch prerequisites. (#62948, #62936) Thanks @seanc-dev.
Slack/files: return non-image download-file results as local file paths instead of image payloads, and include Slack file IDs in inbound file placeholders so agents can call download-file. Fixes #71212. Thanks @teamrazo.
Browser control: scope standalone loopback auth to the resolved active gateway credential and fail closed when password mode lacks a resolved password, so inactive tokens or passwords no longer authorize browser routes. Fixes #65626. (#65639) Thanks @coygeek.
Control UI/Codex harness: emit native Codex app-server assistant and lifecycle completion events so live webchat runs stop spinning without needing a transcript reload fallback. (#70815) Thanks @lesaai.
Agents/sessions: persist the runtime-resolved context budget from embedded agent runs, so Codex GPT-5.5 sessions keep the catalog/runtime context cap instead of falling back to the generic 200k status value. Fixes #71294. Thanks @tud0r.
Agents/tools: fail runs before model submission when explicit tool allowlists resolve to no callable tools, preventing text-only hallucinated tool results for missing tools such as plugin commands that were not registered. Fixes #71292.
Agents/embedded: skip provider submission when an embedded run has no prompt, replay history, or prompt-local images, preventing empty OpenAI Responses requests from surfacing provider errors into user channels. Fixes #71130.
Providers/Google: map /think adaptive to Gemini dynamic thinking instead of a fixed medium/high budget, using Gemini 3's provider default and Gemini 2.5's thinkingBudget: -1. Fixes #71316.
Providers/MiniMax: keep M2.7 chat model metadata text-only so image tool requests route through MiniMax-VL-01 instead of the Anthropic-compatible chat endpoint. Fixes #71296. Thanks @ilker-cevikkaya.
Discord/replies: run message_sending plugin hooks for Discord reply delivery, including DM targets, so plugins can transform or cancel outbound Discord replies consistently with other channels. Fixes #59350. (#71094) Thanks @wei840222.
Discord/replies: preserve single-use native reply semantics across shared payload fallback, component, voice, and queued delivery paths, so explicit reply tags no longer consume implicit reply slots and chunked fallback sends reply only once.
Control UI/commands: carry provider-owned thinking option ids/labels in session rows and defaults so fresh sessions show and accept dynamic modes such as adaptive, xhigh, and max. Fixes #71269. Thanks @Young-Khalil.
Image generation: make explicit model= overrides exact-only so failed openai/gpt-image-2 requests no longer fall through to Gemini or other configured providers, and update image_generate list to mention OpenAI Codex OAuth as valid auth for openai/gpt-image-2. Fixes #71290 and #71231. Thanks @Young-Khalil.
Providers/GitHub Copilot: keep the plugin stream wrapper from claiming transport selection before OpenClaw picks a boundary-aware stream path, avoiding Pi's stale fallback Copilot headers on normal model turns.
Discord/subagents: pass runtime config into thread-bound native subagent binding and require it at the helper boundary so Discord channel resolution keeps account-aware config. Fixes #71054. (#70945) Thanks @jai.
Slack/Assistant: accept Slack Assistant DM message_changed events when their metadata identifies the human sender, while continuing to drop self-authored bot edits. Fixes #55445. Thanks @AlfredPros.
Slack/native streaming: suppress reasoning-only payloads before chat.startStream/appendStream, so Claude extended-thinking blocks no longer appear as visible Slack messages. Fixes #59687. Thanks @vision-ifc.
Slack/block replies: keep multi-part block deliveries in the first Slack reply thread when replyToMode is first, matching text reply threading instead of leaking later blocks into the channel. Fixes #49341. Thanks @pholmstr and @xiwuqi.
Slack/thread broadcasts: process thread_broadcast events as user messages so replies sent with "Also send to channel" reach the agent instead of becoming metadata-only system events. Fixes #56605 and #4351. Thanks @clawSean and @jlowin.
Slack/threading: ignore internal reply ids when choosing Slack thread_ts values, so resumed replies keep the real Slack thread anchor instead of leaking to the channel root. Fixes #68790. Thanks @MonkeyLeeT and @martingarramon.
Agents/failover: stop body-less HTTP 400/422 proxy failures from defaulting to "format" classification, so embedded retries surface the opaque provider failure instead of falling into a compaction loop. Fixes #66462. (#67024) Thanks @altaywtf and @HongzhuLiu.
Plugins/loader: use cached discovery-mode snapshot loads for read-only plugin capability lookups, keep snapshot caches isolated from active Gateway registries, and make same-plugin channel/HTTP route re-registration idempotent so repeated snapshot or hot-reload paths no longer rerun full plugin side effects or accumulate duplicate surfaces. Fixes #51781, #52031, #54181, and #57514. Thanks @livingghost, @okuyam2y, @ShionEria, and @bbshih.
Plugins/loader: reuse the compatible active Gateway registry for broad runtime plugin ensure calls after a gateway-bindable boot load, so non-bundled plugins no longer re-run register() during the same boot path. Fixes #69250. Thanks @markthebest12.
Plugins/hooks: keep the gateway-bindable hook runner installed when later default-mode plugin loads activate a different registry, preserving Gateway subagent lifecycle hooks across runtime cache misses. Fixes #63166.
Plugins/hooks: refresh live Gateway runtime hooks before inbound channel dispatch, so externally installed plugins keep messagereceived, beforedispatch, and reply hooks active after scoped startup plugin loads. Fixes #71167.
Media/input: resolve canonical inbound media refs through the shared media loader so native prompt image replay and explicit image/PDF tools can read media://inbound/<id> and managed inbound replay paths under workspace-only file policy.
Media/tools: centralize media reference scheme classification for image, PDF, image-generation, video-generation, and music-generation inputs so managed inbound refs are accepted consistently.
Control UI/media: resolve canonical inbound media refs before serving assistant media previews, so media://inbound/<id> sources no longer pass access checks but fail file open.
Auth/Codex: bootstrap openai-codex:default from Codex CLI credentials on fresh installs without replacing a locally refreshed OpenClaw OAuth token later. Fixes #71305. Thanks @Gforce10-design.
Plugin SDK/tool-result transforms: bound middleware details, validate in-place result mutations, and mark fail-closed middleware fallbacks with canonical error status. Thanks @vincentkoc.
Discord/gateway: prevent startup from getting stuck at awaiting gateway readiness when Carbon gateway registration races with a lifecycle reconnect. Fixes #52372. (#68159) Thanks @IVY-AI-gif.
Discord/gateway: supervise Carbon's async gateway registration promise so fatal Discord metadata failures surface through startup instead of process-level unhandled rejections. (#62451) Thanks @safzanpirani.
Discord/gateway: record websocket frame activity as transport liveness, so idle but healthy Discord gateways no longer look stale between user messages. (#68213) Thanks @bmadwaves.
Slack/streaming: suppress block replies while native or draft preview streaming owns the turn, preventing duplicate Slack delivery when block streaming is also enabled. Addresses #56675. Thanks @hsiaoa.
Plugins/cache: restore plugin command and interactive handler registries on loader cache hits without resetting interactive callback dedupe, so cached external plugins keep slash commands and callback handlers available after reloads. Fixes #71100. Thanks @BomBastikDE.
Gateway/OpenAI-compatible: report non-zero token usage for /v1/chat/completions when the agent run has only last-call usage metadata available. Fixes #71118. (#71242) Thanks @RenzoMXD.
Plugin SDK/tool-result transforms: restrict harness tool-result middleware to bundled plugins, fail closed on middleware errors, validate rewritten result shapes, preserve Pi per-call ids, and keep Codex media trust checks anchored to raw tool provenance. Thanks @vincentkoc.
Gateway/MCP loopback: apply owner-only tool policy and run before-tool-call hooks on 127.0.0.1/mcp tools/list and tools/call, so non-owner bearer callers can no longer see or invoke owner-only tools such as cron, gateway, and nodes, matching the existing HTTP /tools/invoke and embedded-agent paths. (#71159) Thanks @mmaps.
Codex harness/security: wait for final app-server approval decisions and sanitize approval preview text, so native Codex permission prompts cannot be resolved by an early placeholder decision or render unsafe terminal/control content. (#70751, #70569) Thanks @Lucenx9.
Providers/voice security: route ElevenLabs TTS and OpenAI Realtime browser-session secret creation through guarded fetch paths, preserving provider calls while keeping SSRF protections on voice surfaces.
Agents/OpenAI WS: match Codex's Responses WebSocket continuation strategy, sending only strict incremental follow-up input with previousresponseid and falling back to full context when the replay chain or request shape differs. Fixes #44948. Thanks @hss-oss.
Plugins/Google Chat: log webhook auth rejection reasons only after all candidates fail, and warn when add-on appPrincipal values do not match configuration. Fixes #71078. (#71145) Thanks @luyao618.
Models/configure: preserve the existing default model when provider auth is re-run from configure while keeping explicit default-setting commands authoritative. Fixes #70696. (#70793) Thanks @Sathvik-1007.
Config/plugins: accept plugins.entries.*.hooks.allowConversationAccess in validation, generated schema metadata, and plugin policy inspection so trusted external plugins can enable conversation-access hooks such as agent_end without local schema patches. Fixes #71215. (#71221) Thanks @BillChirico.
Models/runtime: show one model provider choice per provider and move Codex, Claude CLI, and Gemini CLI execution into explicit runtime selection while keeping fallback-only legacy runtime refs unchanged. Thanks @vincentkoc.
Plugins/runtime deps: respect explicit plugin and channel disablement when repairing bundled runtime dependencies, so doctor and health checks no longer install deps for disabled configured channels. Thanks @vincentkoc.
Diagnostics/OTEL: export logs through bounded diagnostic log events instead of a direct logger transport hook. Thanks @vincentkoc.
WhatsApp/plugins: support an explicit opt-in for inbound message_received hooks with canonical channel, conversation, session, and sender fields. Thanks @vincentkoc.
Channels/setup: keep bundled setup entries dependency-light and stage WhatsApp runtime dependencies only when login actually needs them, so first-run setup and read-only channel discovery avoid unused SDK imports.
Slack/HTTP: keep webhook handlers in a process-global registry so HTTP mode survives plugin-loader/native-import splits and /slack/events/<account> no longer returns 404 after logging as active. Fixes #67955, #46245, and #46246. Thanks @chrisabad and @cesararevalo.
Diagnostics: harden tool and model diagnostic events against hostile errors, blocking listeners, and unsafe stability reason fields. Thanks @vincentkoc.
Plugins/onboarding: record local plugin install source metadata without duplicating raw absolute local paths in persisted plugins.installs, while preserving linked load-path cleanup. (#70970) Thanks @vincentkoc.
Group chats/silent replies: tighten NO_REPLY prompt guidance so groups stay quiet without narrating silence or emitting fallback chatter when silence is the intended outcome. (#70954, #71209) Thanks @Takhoffman.
WhatsApp/groups+direct: setting systemPrompt: "" on a specific groups.<id> or direct.<peerId> entry now suppresses the wildcard system prompt instead of falling through to it, so users can silence the global prompt for a specific group or peer. (#70381) Thanks @Bluetegu.
Browser/tool: tell agents not to pass per-call timeoutMs on existing-session type, evaluate, and other Chrome MCP actions that reject timeout overrides.
Browser/tool: use Playwright's current AI aria snapshot API for refs="aria" and fall back to role refs when a node browser cannot provide aria refs, so agents can still inspect and click controls such as Google Meet admission buttons.
Browser/tool: expose stable tabId handles such as t1 plus optional tab labels, and accept those handles anywhere a browser tab target is needed.
Browser/tool: return suggestedTargetId first in tab payloads so agents naturally reuse labels or stable tab handles instead of raw DevTools ids.
Browser/tool: bundle a browser-automation skill with the multi-step snapshot, stable-tab, stale-ref, and manual-blocker loop for agent-controlled pages.
Browser/tool: add openclaw browser doctor, URL-expanded snapshots, direct labeled screenshots, and clearer tab-target errors for agents that accidentally pass positional indexes.
Plugins/Google Meet: use browser automation to classify and clear Meet entry blockers such as microphone-choice interstitials, and reuse in-progress create tabs on retry instead of opening duplicates.
Codex/GPT-5.4: harden fallback, auth-profile, tool-schema, and replay edge cases across native and embedded runtime paths. (#70743) Thanks @100yenadmin.
Models/fallback: resolve bare fallback model provider ids before model switching, so configured fallback chains keep working when a fallback is named without an explicit provider prefix.
Voice-call/Telnyx: preserve inbound/outbound callback metadata and read transcription text from Telnyx's current transcription_data payload.
Providers/DeepSeek: wire V4 thinking controls and OpenAI-compatible replay policy so follow-up turns preserve DeepSeek reasoning_content, while the None/off thinking path strips replayed reasoning fields. Fixes #70931. Thanks @lsdsjy.
Providers/GitHub Copilot: align Copilot request headers across Anthropic, Responses, and built-in compaction summarization paths, including tool-result and image follow-up turns, without enabling unverified Responses continuation.
Codex harness: send verbose tool progress to chat channels for native app-server runs, matching the Pi harness /verbose on and /verbose full behavior. (#70966) Thanks @jalehman.
Codex models: fetch paginated Codex app-server model catalogs, mark truncated /codex models output, and keep ChatGPT OAuth defaults on the openai-codex/gpt-5.5 route instead of the OpenAI API-key route.
Codex status: report Codex CLI OAuth as oauth (codex-cli) for native codex/* sessions instead of showing unknown auth. Fixes #70688. Thanks @jb510.
Channels/CLI: accept explicit shared-secret, base-URL, and auth-directory setup flags, and map legacy Nextcloud Talk --url/--token add commands to the bundled plugin setup input. Fixes #61759 and #61923.
Models/CLI: keep openclaw models list read-only while still showing eligible configured-provider rows, so listing models no longer rewrites per-agent models.json. (#70847) Thanks @shakkernerd.
Agents/transport: propagate configured attempt timeouts into guarded per-request dispatchers, so slow local LLM calls such as Ollama no longer fail at Undici's default 60-second body timeout. Fixes #70829. (#70831) Thanks @DranboFieldston.
Plugins/providers: mirror runtime auth choices in bundled provider manifests and detect KIMIAPIKEY for Moonshot/Kimi web search before plugin runtime loads. Thanks @vincentkoc.
Gateway/chat: register chat.send runs in the chat run registry so lifecycle error events reach the client instead of being silently dropped, fixing stuck 'waiting' state and /abort reporting no active run. (#69747) Thanks @wangshu94.
Plugins/QQ Bot: enable the bundled qqbot plugin by default so its runtime dependency @tencent-connect/qqbot-connector is installed on first launch, unblocking the QR-code binding flow that dynamically imports the connector before any account is configured. (#71051) Thanks @cxyhhhhh.
Gateway/agent RPC: register active agent runs into the chat abort controller map so chat.abort and sessions.abort can interrupt them, matching chat.send behavior and unblocking external runtimes that drive the Gateway through the public agent RPC. Fixes #71128. (#71214) Thanks @bitloi.
Matrix/CLI: pass resolved runtime config into verify commands, so openclaw matrix verify status and sibling verify subcommands no longer crash before acquiring the Matrix client. Fixes #70992. (#71102) Thanks @luyao618.
Gateway/startup: await startup sidecars before channel monitors report ready, reducing Discord and plugin startup races while still keeping gateway boot observability intact.
Plugins/Google Meet: report required manual actions for Chrome joins, use browser automation for Meet entry, and persist the private-WS node opt-in so paired-node realtime sessions keep their intended network policy.
Slack: route native stream fallback replies through the normal chunked sender so long buffered Slack Connect responses are not dropped or duplicated. (#71124) Thanks @martingarramon.
WhatsApp: transcribe accepted voice notes before agent dispatch while keeping spoken transcripts out of command authorization. (#64120) Thanks @rogerdigital.
Plugins/CLI: expose channel plugin CLI descriptors during discovery-mode plugin loads so snapshot registries keep channel commands visible without activating full runtimes. (#71309) Thanks @gumadeiras.
WhatsApp: deliver media generated by tool-result replies while still suppressing text-only tool chatter. (#60968) Thanks @adaclaw.
Config/agents: accept agents.list[].contextTokens in strict config validation so per-agent overrides survive hot reload, letting /status reflect the configured model window instead of the 200k fallback. Fixes #70692. (#71247) Thanks @statxc.
Heartbeat: include async exec completion details in heartbeat prompts so command-finished notifications relay the actual output. (#71213) Thanks @GodsBoy.
Memory search: apply session visibility and agent-to-agent policy to session transcript hits, and keep corpus=sessions ranking scoped to session collections before result limiting. (#70761) Thanks @nefainl.
Agents/sessions: stop session write-lock timeouts from entering model failover, so local lock contention surfaces directly instead of cascading across providers. (#68700) Thanks @MonkeyLeeT.
Auto-reply: run inbound reply delivery through message_sending hooks so plugins can transform or cancel generated replies before they are sent. (#70118) Thanks @jzakirov.
CI/release-checks: pass workflow inputs and matrix values through step environment variables instead of embedding them directly into run: shell commands, reducing template-injection surface in the cross-OS release-check workflow. (#66884) Thanks @alexlomt.

v2026.4.24-beta.5 pre BREAKING [Apr 25, 2026] (5d ago) details → github →

# openclaw 2026.4.24-beta.5

2026.4.24

Highlights

Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs.
DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns.
Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers.
Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery.
Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs.

Fixes

Packaged installs: preserve package-root runtime dependencies and their exported subpaths when bundled plugin runtime mirrors fall back to copying shared chunks, fixing Windows npm updates that could fail to load copied dist modules.
Heartbeat: clamp oversized scheduler delays through the shared safe timer helper, preventing every values over Node's timeout cap from becoming a 1 ms crash loop. Fixes #71414. (#71478) Thanks @hclsys.
Telegram: remove the startup persisted-offset getUpdates preflight so polling restarts do not self-conflict before the runner starts. Fixes #69304. (#69779) Thanks @chinar-amrutkar.
Browser/Playwright: ignore benign already-handled route races during guarded navigation so browser-page tasks no longer fail when Playwright tears down a route mid-flight. (#68708) Thanks @Steady-ai.
Browser/aria snapshots: bind format=aria axN refs to live DOM nodes through backend DOM ids when Playwright is available, so follow-up browser actions can use those refs without timing out. (#62434) Thanks @MrKipler.
Telegram: prevent duplicate in-process long pollers for the same bot token and add clearer getUpdates conflict diagnostics for external duplicate pollers. Fixes #56230.
Browser/Linux: detect Chromium-based installs under /opt/google, /opt/brave.com, /usr/lib/chromium, and /usr/lib/chromium-browser before asking users to set browser.executablePath. (#48563) Thanks @lupuletic.
Sessions/browser: close tracked browser tabs when idle, daily, /new, or /reset session rollover archives the previous transcript, preventing tabs from leaking past the old session. Thanks @jakozloski.
Sessions/forking: fall back to transcript-estimated parent token counts when cached totals are stale or missing, so oversized thread forks start fresh instead of cloning the full parent transcript. Thanks @jalehman.
OpenAI/Codex: send Codex Responses system prompts through top-level

instructions while preserving the existing native Codex payload controls.

MCP/CLI: retire bundled MCP runtimes at the end of one-shot openclaw agent and openclaw infer model run gateway/local executions, so repeated scripted runs do not accumulate stdio MCP child processes. Fixes #71457.
OpenAI/Codex image generation: canonicalize legacy openai-codex.baseUrl values such as https://chatgpt.com/backend-api to the Codex Responses backend before calling gpt-image-2, matching the chat transport. Fixes #71460.
Control UI: make /usage use the fresh context snapshot for context percentage, and include cache-write tokens in the Usage overview cache-hit denominator. Fixes #47885. Thanks @imwyvern and @Ante042.
GitHub Copilot: preserve encrypted Responses reasoning item IDs during replay so Copilot can validate encrypted reasoning payloads across requests. (#71448) Thanks @a410979729-sys.
Agents/replies: recover final-answer text when streamed assistant chunks contain only whitespace, preventing completed turns from surfacing as empty-payload errors. Fixes #71454. (#71467) Thanks @Sanjays2402.
Feishu/TTS: transcode voice-intent MP3 and other audio replies to Ogg/Opus before sending native Feishu audio bubbles, while keeping ordinary MP3 attachments as files. Fixes #61249 and #37868.
Telegram/webhook: acknowledge validated webhook updates before running bot middleware, keeping slow agent turns from tripping Telegram delivery retries while preserving per-chat processing lanes. Fixes #71392. Thanks @joelforsberg46-source.
MCP: retire one-shot embedded bundled MCP runtimes at run end, skip bundle-MCP startup when a runtime tool allowlist cannot reach bundle-MCP tools, and add mcp.sessionIdleTtlMs idle eviction for leaked session runtimes. Fixes #71106, #71110, #70389, and #70808.
MCP/config reload: hot-apply mcp.* changes by disposing cached session MCP runtimes, and dispose bundled MCP runtimes during gateway shutdown so removed mcp.servers entries reap child processes promptly. Fixes #60656.
Gateway/restart continuation: durably hand restart continuations to a session-delivery queue before deleting the restart sentinel, recover queued continuation work after crashy restarts, and fall back to a session-only wake when no channel route survives reboot. (#70780) Thanks @fuller-stack-dev.
Agents/tool-result pruning: harden the tool-result character estimator and context-pruning loops against malformed { type: "text" } blocks created by void or undefined tool handler results, serializing non-string text payloads for size accounting so they cannot bypass trimming as zero-sized. Fixes #34979. (#51267) Thanks @cgdusek, @alvinttang, and @coffeexcoin.
Daemon/service-env: add Nix Home Manager profile bin directories to generated gateway service PATHs on macOS and Linux, honoring NIX_PROFILES right-to-left precedence and falling back to ~/.nix-profile/bin when unset. Fixes #44402. (#59935) Thanks @jerome-benoit.

v2026.4.24-beta.4 pre BREAKING [Apr 25, 2026] (5d ago) details → github →

# openclaw 2026.4.24-beta.4

2026.4.24

Highlights

Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs.
DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns.
Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers.
Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery.
Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs.

Fixes

Packaged installs: preserve package-root runtime dependencies and their exported subpaths when bundled plugin runtime mirrors fall back to copying shared chunks, fixing Windows npm updates that could fail to load copied dist modules.
Heartbeat: clamp oversized scheduler delays through the shared safe timer helper, preventing every values over Node's timeout cap from becoming a 1 ms crash loop. Fixes #71414. (#71478) Thanks @hclsys.
Telegram: remove the startup persisted-offset getUpdates preflight so polling restarts do not self-conflict before the runner starts. Fixes #69304. (#69779) Thanks @chinar-amrutkar.
Browser/Playwright: ignore benign already-handled route races during guarded navigation so browser-page tasks no longer fail when Playwright tears down a route mid-flight. (#68708) Thanks @Steady-ai.
Browser/aria snapshots: bind format=aria axN refs to live DOM nodes through backend DOM ids when Playwright is available, so follow-up browser actions can use those refs without timing out. (#62434) Thanks @MrKipler.
Telegram: prevent duplicate in-process long pollers for the same bot token and add clearer getUpdates conflict diagnostics for external duplicate pollers. Fixes #56230.
Browser/Linux: detect Chromium-based installs under /opt/google, /opt/brave.com, /usr/lib/chromium, and /usr/lib/chromium-browser before asking users to set browser.executablePath. (#48563) Thanks @lupuletic.
Sessions/browser: close tracked browser tabs when idle, daily, /new, or /reset session rollover archives the previous transcript, preventing tabs from leaking past the old session. Thanks @jakozloski.
Sessions/forking: fall back to transcript-estimated parent token counts when cached totals are stale or missing, so oversized thread forks start fresh instead of cloning the full parent transcript. Thanks @jalehman.
OpenAI/Codex: send Codex Responses system prompts through top-level

instructions while preserving the existing native Codex payload controls.

MCP/CLI: retire bundled MCP runtimes at the end of one-shot openclaw agent and openclaw infer model run gateway/local executions, so repeated scripted runs do not accumulate stdio MCP child processes. Fixes #71457.
OpenAI/Codex image generation: canonicalize legacy openai-codex.baseUrl values such as https://chatgpt.com/backend-api to the Codex Responses backend before calling gpt-image-2, matching the chat transport. Fixes #71460.
Control UI: make /usage use the fresh context snapshot for context percentage, and include cache-write tokens in the Usage overview cache-hit denominator. Fixes #47885. Thanks @imwyvern and @Ante042.
GitHub Copilot: preserve encrypted Responses reasoning item IDs during replay so Copilot can validate encrypted reasoning payloads across requests. (#71448) Thanks @a410979729-sys.
Agents/replies: recover final-answer text when streamed assistant chunks contain only whitespace, preventing completed turns from surfacing as empty-payload errors. Fixes #71454. (#71467) Thanks @Sanjays2402.
Feishu/TTS: transcode voice-intent MP3 and other audio replies to Ogg/Opus before sending native Feishu audio bubbles, while keeping ordinary MP3 attachments as files. Fixes #61249 and #37868.
Telegram/webhook: acknowledge validated webhook updates before running bot middleware, keeping slow agent turns from tripping Telegram delivery retries while preserving per-chat processing lanes. Fixes #71392. Thanks @joelforsberg46-source.
MCP: retire one-shot embedded bundled MCP runtimes at run end, skip bundle-MCP startup when a runtime tool allowlist cannot reach bundle-MCP tools, and add mcp.sessionIdleTtlMs idle eviction for leaked session runtimes. Fixes #71106, #71110, #70389, and #70808.
MCP/config reload: hot-apply mcp.* changes by disposing cached session MCP runtimes, and dispose bundled MCP runtimes during gateway shutdown so removed mcp.servers entries reap child processes promptly. Fixes #60656.
Gateway/restart continuation: durably hand restart continuations to a session-delivery queue before deleting the restart sentinel, recover queued continuation work after crashy restarts, and fall back to a session-only wake when no channel route survives reboot. (#70780) Thanks @fuller-stack-dev.
Agents/tool-result pruning: harden the tool-result character estimator and context-pruning loops against malformed { type: "text" } blocks created by void or undefined tool handler results, serializing non-string text payloads for size accounting so they cannot bypass trimming as zero-sized. Fixes #34979. (#51267) Thanks @cgdusek, @alvinttang, and @coffeexcoin.
Daemon/service-env: add Nix Home Manager profile bin directories to generated gateway service PATHs on macOS and Linux, honoring NIX_PROFILES right-to-left precedence and falling back to ~/.nix-profile/bin when unset. Fixes #44402. (#59935) Thanks @jerome-benoit.

v2026.4.24-beta.3 pre BREAKING [Apr 25, 2026] (5d ago) details → github →

# openclaw 2026.4.24-beta.3

2026.4.24

Highlights

Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs.
DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns.
Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers.
Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery.
Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs.

Fixes

Packaged installs: preserve package-root runtime dependencies when bundled plugin runtime mirrors fall back to copying shared chunks, fixing Windows npm updates that could fail to load copied dist modules.
Heartbeat: clamp oversized scheduler delays through the shared safe timer helper, preventing every values over Node's timeout cap from becoming a 1 ms crash loop. Fixes #71414. (#71478) Thanks @hclsys.
Telegram: remove the startup persisted-offset getUpdates preflight so polling restarts do not self-conflict before the runner starts. Fixes #69304. (#69779) Thanks @chinar-amrutkar.
Browser/Playwright: ignore benign already-handled route races during guarded navigation so browser-page tasks no longer fail when Playwright tears down a route mid-flight. (#68708) Thanks @Steady-ai.
Browser/aria snapshots: bind format=aria axN refs to live DOM nodes through backend DOM ids when Playwright is available, so follow-up browser actions can use those refs without timing out. (#62434) Thanks @MrKipler.
Telegram: prevent duplicate in-process long pollers for the same bot token and add clearer getUpdates conflict diagnostics for external duplicate pollers. Fixes #56230.
Browser/Linux: detect Chromium-based installs under /opt/google, /opt/brave.com, /usr/lib/chromium, and /usr/lib/chromium-browser before asking users to set browser.executablePath. (#48563) Thanks @lupuletic.
Sessions/browser: close tracked browser tabs when idle, daily, /new, or /reset session rollover archives the previous transcript, preventing tabs from leaking past the old session. Thanks @jakozloski.
Sessions/forking: fall back to transcript-estimated parent token counts when cached totals are stale or missing, so oversized thread forks start fresh instead of cloning the full parent transcript. Thanks @jalehman.
OpenAI/Codex: send Codex Responses system prompts through top-level

instructions while preserving the existing native Codex payload controls.

MCP/CLI: retire bundled MCP runtimes at the end of one-shot openclaw agent and openclaw infer model run gateway/local executions, so repeated scripted runs do not accumulate stdio MCP child processes. Fixes #71457.
OpenAI/Codex image generation: canonicalize legacy openai-codex.baseUrl values such as https://chatgpt.com/backend-api to the Codex Responses backend before calling gpt-image-2, matching the chat transport. Fixes #71460.
Control UI: make /usage use the fresh context snapshot for context percentage, and include cache-write tokens in the Usage overview cache-hit denominator. Fixes #47885. Thanks @imwyvern and @Ante042.
GitHub Copilot: preserve encrypted Responses reasoning item IDs during replay so Copilot can validate encrypted reasoning payloads across requests. (#71448) Thanks @a410979729-sys.
Agents/replies: recover final-answer text when streamed assistant chunks contain only whitespace, preventing completed turns from surfacing as empty-payload errors. Fixes #71454. (#71467) Thanks @Sanjays2402.
Feishu/TTS: transcode voice-intent MP3 and other audio replies to Ogg/Opus before sending native Feishu audio bubbles, while keeping ordinary MP3 attachments as files. Fixes #61249 and #37868.
Telegram/webhook: acknowledge validated webhook updates before running bot middleware, keeping slow agent turns from tripping Telegram delivery retries while preserving per-chat processing lanes. Fixes #71392. Thanks @joelforsberg46-source.
MCP: retire one-shot embedded bundled MCP runtimes at run end, skip bundle-MCP startup when a runtime tool allowlist cannot reach bundle-MCP tools, and add mcp.sessionIdleTtlMs idle eviction for leaked session runtimes. Fixes #71106, #71110, #70389, and #70808.
MCP/config reload: hot-apply mcp.* changes by disposing cached session MCP runtimes, and dispose bundled MCP runtimes during gateway shutdown so removed mcp.servers entries reap child processes promptly. Fixes #60656.
Gateway/restart continuation: durably hand restart continuations to a session-delivery queue before deleting the restart sentinel, recover queued continuation work after crashy restarts, and fall back to a session-only wake when no channel route survives reboot. (#70780) Thanks @fuller-stack-dev.
Agents/tool-result pruning: harden the tool-result character estimator and context-pruning loops against malformed { type: "text" } blocks created by void or undefined tool handler results, serializing non-string text payloads for size accounting so they cannot bypass trimming as zero-sized. Fixes #34979. (#51267) Thanks @cgdusek, @alvinttang, and @coffeexcoin.
Daemon/service-env: add Nix Home Manager profile bin directories to generated gateway service PATHs on macOS and Linux, honoring NIX_PROFILES right-to-left precedence and falling back to ~/.nix-profile/bin when unset. Fixes #44402. (#59935) Thanks @jerome-benoit.

v2026.4.24-beta.2 pre [Apr 25, 2026] (5d ago) details → github →

# OpenClaw 2026.4.24 beta 2

Beta 2 fixes packaged bundled-plugin runtime mirrors on Windows and other copied-runtime installs so shared package-root dependencies remain resolvable during npm updates.

It also keeps future bundled plugins disabled while older hosts perform the updater step from 2026.4.23, avoiding compatibility failures before the update target is installed.

v2026.4.24-beta.1 pre BREAKING [Apr 25, 2026] (5d ago) details → github →

# openclaw 2026.4.24-beta.1

2026.4.24

Highlights

Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs.
DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns.
Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers.
Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery.
Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs.

Breaking

Plugin SDK/tool-result transforms: remove the Pi-only api.registerEmbeddedExtensionFactory(...) compatibility path. Bundled tool-result rewrites must use api.registerAgentToolResultMiddleware(...) with contracts.agentToolResultMiddleware declaring the targeted harnesses, so transforms run consistently across Pi and Codex app-server dynamic tools. Thanks @vincentkoc.

Changes

Control UI/Talk: add browser WebRTC realtime voice sessions backed by OpenAI Realtime, with Gateway-minted ephemeral client secrets and openclawagentconsult handoff to the full OpenClaw agent.
Plugins/Google Meet: add a bundled participant plugin with personal Google auth, explicit meeting URL joins, Chrome and Twilio realtime transports, paired-node chrome-node support for Parallels-style Chrome/BlackHole/SoX hosts, and full-agent consults inside live voice sessions. (#70765)
Plugins/Google Meet: add artifact and attendance workflows for conference records, recordings, transcripts, smart notes, and participant sessions, including markdown/file output, latest-record lookup, and --all-conference-records history scans.
Plugins/Google Meet: add OAuth and browser-state doctor/recovery flows, including googlemeet doctor --oauth and recovercurrenttab/recover-tab so agents can inspect already-open Meet tabs without opening duplicates.
Plugins/Voice Call: expose the shared openclawagentconsult realtime tool so live phone calls can ask the full OpenClaw agent for deeper/tool-backed answers.
Plugins/Voice Call: add voicecall setup and a dry-run-by-default voicecall smoke command so Twilio/provider readiness can be checked before placing a live test call.
Providers/Google: add a Gemini Live realtime voice provider for backend Voice Call and Google Meet audio bridges, with bidirectional audio and function-call support.
Providers/Google: let Gemini TTS prepend configured audioProfile and speakerName prompt text for reusable speech style control. Thanks @tdack.
Gateway/VoiceClaw: add a realtime brain WebSocket endpoint backed by Gemini Live, with owner-auth gating and async OpenClaw tool handoff. (#70938) Thanks @yagudaev.
Control UI: refine the agent Tool Access panel with compact live-tool chips, collapsible tool groups, direct per-tool toggles, and clearer runtime/source provenance. (#71405) Thanks @BunsDev.
Control UI/chat: add a Steer action on queued messages so a browser follow-up can be injected into the active run without retyping it.
Browser: add viewport coordinate clicks for managed and existing-session automation, plus openclaw browser click-coords for CLI use. (#54452) Thanks @dluttz.
Browser: add browser.actionTimeoutMs and use a 60s default action budget so healthy long browser waits do not fail at the client transport boundary. (#62589) Thanks @andyylin.
Browser/config: support per-profile browser.profiles.<name>.headless overrides for locally launched browser profiles, so one profile can run headless without forcing all browser profiles headless. Thanks @nakamotoliu.
Matrix: require full cross-signing identity trust for self-device verification and add openclaw matrix verify self so operators can establish that trust from the CLI. (#70401) Thanks @gumadeiras.
Gradium: add a bundled text-to-speech provider with voice-note and telephony output support. (#64958) Thanks @LaurentMazare.
Memory-core/hybrid search: expose raw vectorScore and textScore alongside the combined score on hybrid memory search results, so callers can inspect vector-versus-text retrieval contribution before temporal decay or MMR reordering. Fixes #68166. (#68286) Thanks @ajfonthemove.
Dependencies/memory: stop installing node-llama-cpp by default; local embeddings now load it only when operators install the optional runtime package. Thanks @vincentkoc.
Providers/DeepSeek: add DeepSeek V4 Flash and V4 Pro to the bundled catalog and make V4 Flash the onboarding default. Thanks @lsdsjy.
Dependencies/Pi: update bundled Pi packages to 0.70.2, use Pi's upstream gpt-5.5 and DeepSeek V4 catalog metadata, and keep only local gpt-5.5-pro forward-compat handling. Thanks @lsdsjy.
Models/CLI: speed up model listing with safe static catalogs for bundled providers, narrower row-source orchestration, and less broad registry enumeration for default openclaw models list. (#70632, #70883, #70867) Thanks @shakkernerd.
Models/commands: deprecate /models add so chat attempts now return a deprecation message instead of writing model configuration, and remove the add action from /models provider menus. (#71175) Thanks @Takhoffman.
Models/catalog: add manifest-sourced model rows, duplicate provider/model conflict reporting, and shared src/model-catalog normalization for provider index, cache, onboarding, and listing consumers without loading provider runtime. (#71368, #71360) Thanks @shakkernerd.
Codex harness/context-engine: run context-engine bootstrap, assembly, post-turn maintenance, and engine-owned compaction in Codex app-server sessions while keeping native Codex thread state and compaction auditable. (#70809) Thanks @jalehman.
Codex runtime plan: consolidate contract-first Pi/Codex parity coverage and accept legacy Codex auth-provider aliases in app-server profile login and refresh paths. (#71096) Thanks @100yenadmin.
Codex harness: bridge Codex-native tool hooks into OpenClaw plugin hooks and approvals, with bounded relay payloads and approval spam protection. (#71008) Thanks @pashpashpash.
Plugin SDK/Codex harness: add provider-owned transport/auth/follow-up seams and harness result classification so Codex-style runtimes can participate in fallback policy without core special-casing. (#70772) Thanks @100yenadmin.
Gateway/nodes: add disabled-by-default gateway.nodes.pairing.autoApproveCidrs for first-time node pairing from explicit trusted CIDRs, while keeping operator/browser pairing and all upgrade flows manual. Fixes #60800. Thanks @sahilsatralkar.
WebChat/sessions: keep runtime-only prompt context out of visible transcript history and scrub legacy wrappers from session history surfaces. Thanks @91wan.
Agents/bootstrap: add agents.defaults.contextInjection: "never" to disable workspace bootstrap file injection for agents that fully own their prompt lifecycle. (#65006) Thanks @xDarkicex.
Plugins/manifest: add a modelCatalog contract for provider-owned model rows, aliases, suppression rules, and discovery mode metadata without loading plugin runtime. (#71342) Thanks @shakkernerd.
Plugins/setup: honor explicit setup.requiresRuntime: false as a descriptor-only setup contract while keeping omitted values on the legacy setup-api fallback path. Thanks @vincentkoc.
Plugins/setup: report descriptor/runtime drift when setup-api registrations disagree with setup.providers or setup.cliBackends, without rejecting legacy setup plugins. Thanks @vincentkoc.
Plugins/setup: include setup.providers[].envVars in generic provider auth/env lookups and warn non-bundled plugins that still rely on deprecated providerAuthEnvVars compatibility metadata. Thanks @vincentkoc.
Plugins/setup: derive generic provider setup choices from descriptor-safe setup.providers[].authMethods before falling back to setup runtime. Thanks @vincentkoc.
Plugins/setup: surface manifest provider auth choices directly in provider setup flow before falling back to setup runtime or install-catalog choices. Thanks @vincentkoc.
Plugins/setup: warn when descriptor-only setup plugins still ship ignored setup runtime entries, keeping setup.requiresRuntime: false semantics explicit without breaking existing metadata. Thanks @vincentkoc.
Plugins/channels: use manifest channelConfigs for read-only external channel discovery when no setup entry is available or setup descriptors declare runtime unnecessary. Thanks @vincentkoc.
Plugin hooks: expose first-class run, message, sender, session, and trace correlation fields on message hook contexts and run lifecycle events. Thanks @vincentkoc.
Plugins/PDF: move local PDF extraction into a bundled document-extract plugin so core no longer owns pdfjs-dist or PDF image-rendering dependencies. Thanks @vincentkoc.
Providers/Anthropic Vertex: move the Vertex SDK runtime behind the bundled provider plugin so core no longer owns that provider-specific dependency. Thanks @vincentkoc.
Plugins/activation: expose activation plan reasons and a richer plan API so callers can inspect why a plugin was selected while preserving existing id-list activation behavior. (#70943) Thanks @vincentkoc.
Plugins/source metadata: expose normalized install-source facts on provider and channel catalogs so onboarding can explain npm pinning, integrity state, and local availability before runtime loads. (#70951) Thanks @vincentkoc.
Plugins/catalog: pin the official external WeCom channel source to an exact npm release plus dist integrity, with a guard that official external sources stay integrity-pinned. (#70997) Thanks @vincentkoc.
Plugins/source metadata: warn when openclaw.install.defaultChoice is invalid or points at a missing source, keeping catalog diagnostics explicit without breaking existing plugins. Thanks @vincentkoc.
Plugins/source metadata: warn when openclaw.install.expectedIntegrity is present without a valid npm source, keeping orphaned integrity metadata visible without rejecting existing plugins. Thanks @vincentkoc.
Plugins/source metadata: warn when provider or channel catalog package identity drifts from openclaw.install.npmSpec, keeping diagnostics visible without rejecting compatible external catalogs. Thanks @vincentkoc.
Plugins/Bonjour: move LAN Gateway discovery advertising into a default-enabled bundled plugin with its own @homebridge/ciao dependency, so users can disable Bonjour without cutting wide-area discovery. Thanks @vincentkoc.
Plugins/compatibility: add a central plugin compatibility registry and docs for SDK/config/setup/runtime deprecation records, including dated migration metadata for legacy harness naming and other plugin-facing aliases. Thanks @vincentkoc.
TUI/dependencies: remove direct cli-highlight usage from the OpenClaw TUI code-block renderer, keeping themed code coloring without the extra root dependency. Thanks @vincentkoc.
Dependencies/SBOM: add an ownership-backed dependency risk report for root closure size, native/build-risk packages, and missing owner records. Thanks @vincentkoc.
Diagnostics/OTEL: export run, model-call, and tool-execution diagnostic lifecycle events as OTEL spans without retaining live span state. Thanks @vincentkoc.
Diagnostics/OTEL: accept opt-in diagnostics.otel.captureContent controls for future model/tool content span attributes while keeping raw content export disabled by default. Thanks @vincentkoc.
Diagnostics/OTEL: add a lightweight diagnostic trace-context carrier for future span correlation without adding OTEL SDK state to core. Thanks @vincentkoc.
Diagnostics/OTEL: attach diagnostic trace context to exported OTEL logs so log records can correlate with future spans without adding retained process state. Thanks @vincentkoc.
Diagnostics/OTEL: pass immutable per-run diagnostic trace context through agent and tool hook contexts, and parent exported diagnostic spans from validated context without retaining global trace state. Thanks @vincentkoc.
Diagnostics/OTEL: make exporter startup restart-safe so config reloads do not retain stale SDKs, log transports, or diagnostic event listeners. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded exec-process diagnostics and export them as openclaw.exec spans without exposing command text, working directories, or container identifiers. (#70424) Thanks @jlapenna.
Diagnostics/OTEL: support OPENCLAWOTELPRELOADED=1 so the plugin can reuse an already-registered OpenTelemetry SDK while keeping OpenClaw diagnostic listeners wired. (#70424) Thanks @jlapenna.
Diagnostics: emit structured tool execution diagnostic events with trace context, timing, and redacted error metadata. Thanks @vincentkoc.
Diagnostics: emit structured run and model-call diagnostic events with trace context, duration, and non-message error metadata. Thanks @vincentkoc.
CLI/Gateway: make gateway status start faster by skipping plugin loading on the read-only status path. (#71364) Thanks @andyylin.

Fixes

MCP: retire one-shot embedded bundled MCP runtimes at run end, skip bundle-MCP startup when a runtime tool allowlist cannot reach bundle-MCP tools, and add mcp.sessionIdleTtlMs idle eviction for leaked session runtimes. Fixes #71106, #71110, #70389, and #70808.
Gateway/restart continuation: durably hand restart continuations to a session-delivery queue before deleting the restart sentinel, recover queued continuation work after crashy restarts, and fall back to a session-only wake when no channel route survives reboot. (#70780) Thanks @fuller-stack-dev.
Agents/tool-result pruning: harden the tool-result character estimator and context-pruning loops against malformed { type: "text" } blocks created by void or undefined tool handler results, serializing non-string text payloads for size accounting so they cannot bypass trimming as zero-sized. Fixes #34979. (#51267) Thanks @cgdusek.
Daemon/service-env: add Nix Home Manager profile bin directories to generated gateway service PATHs on macOS and Linux, honoring NIX_PROFILES right-to-left precedence and falling back to ~/.nix-profile/bin when unset. Fixes #44402. (#59935) Thanks @jerome-benoit.
Feishu: back off streaming-card creation after HTTP 400 startup failures, so unsupported card setups fall back without delaying every message. Fixes #56981. Thanks @JinnanDuan.
Feishu/topic groups: key native Feishu/Lark topic-group sessions by threadid so starter messages and replies with different rootid formats stay in the same group_topic conversation. Fixes #71438. Thanks @1335848090.
Feishu: suppress duplicate final card delivery when idle closes a streaming card before the final payload arrives. (#68491) Thanks @MoerAI.
Signal: preserve sender attachment filenames and resolve missing MIME types from those filenames, so Linux signal-cli voice notes without contentType still enter audio transcription. Fixes #48614. Thanks @mindfury.
Telegram/agents: suppress the phantom "Agent couldn't generate a response" fallback after a reply was already committed through the messaging tool. (#70623) Thanks @chinar-amrutkar.
Models/CLI: show provider runtime contextTokens beside native contextWindow in openclaw models list, and align openai-codex/gpt-5.5 with Codex's 272K runtime cap plus 400K native window. Fixes #71403.
Dashboard/security: avoid writing tokenized Control UI URLs or SSH hints to runtime logs, keeping gateway bearer fragments out of console-captured logs readable through logs.tail. (#70029) Thanks @Ziy1-Tan.
Providers/OpenRouter: treat DeepSeek refs as cache-TTL eligible without injecting Anthropic cache-control markers, aligning context pruning with OpenRouter-managed prompt caching. (#51983) Thanks @QuinnH496.
Control UI/browser: defer temp-dir access-mode constants until Node-only temp-dir resolution runs, preventing browser bundles from crashing when node:fs constants are stubbed. (#48930) Thanks @Valentinws.
Discord/cron: deliver text-only isolated cron and heartbeat announce output from the canonical final assistant text once, avoiding duplicate Discord posts when streamed block payloads and the final answer contain the same content. Fixes #71406. Thanks @alexgross21.
macOS Gateway: wait for launchd to reload the exited Gateway LaunchAgent before bootstrapping repair fallback, preventing config-triggered restarts from leaving the service not loaded. Fixes #45178. Thanks @vincentkoc.
macOS Gateway: tolerate launchctl bootstrap's already-loaded exit during restart fallback and use non-killing kickstart after bootstrap, avoiding a second race that can unload the LaunchAgent. Fixes #41934. Thanks @zerone0x.
macOS Gateway: rewrite stale LaunchAgent plists before restart fallback bootstrap, matching install repair behavior when gateway restart has to re-register launchd. Thanks @maybegeeker.
TTS/hooks: preserve audio-only TTS transcripts for messagesending and messagesent hooks without rendering the transcript as a media caption. Thanks @zqchris.
WhatsApp/TTS: preserve audioAsVoice through shared media payload sends and the WhatsApp outbound adapter, so [[audioasvoice]] reply payloads keep their voice-note intent when routed through sendPayload. Fixes #66053. Thanks @masatohoshino.
Control UI/WebChat: hide heartbeat prompts, HEARTBEAT_OK acknowledgments, and internal-only runtime context turns from visible chat history while leaving the underlying transcript intact. Fixes #71381. Thanks @gerald1950ggg-ai.
Control UI/chat: keep optimistic user and assistant tail messages visible when a final history refresh briefly returns an older snapshot, preventing message cards from flash-disappearing until the next refresh. Fixes #71371. Thanks @WolvenRA.
Talk/TTS: resolve configured extension speech providers from the active runtime registry before provider-list discovery, so Talk mode no longer rejects valid plugin speech providers as unsupported.
Sessions/subagents: stop stale ended runs and old store-only child reverse links from reappearing in childSessions, while keeping live descendants and recently-ended children visible. Fixes #57920.
Subagents: recover child sessions after recoverable wait transport failures without exposing an extra wait state, and keep terminal lifecycle timer ordering deterministic. (#71423) Thanks @ZiPengWei.
Subagents: stop stale unended runs from counting as active or pending forever, while preserving restart-aborted recovery for recoverable child sessions. Fixes #71252. Thanks @hclsys.
Gateway/tools: allow POST /tools/invoke to reach plugin-backed catalog tools such as browser when no core implementation exists, while still preferring built-in tools for real core names. Thanks @chat2way.
Browser/security: require operator.admin for the browser.request gateway method, matching the host/browser-node control authority exposed by that route. Thanks @RichardCao.
Browser/profiles: allow local managed profiles to override browser.executablePath, so different profiles can launch different Chromium-based browsers. Thanks @nobrainer-tech.
Agents/replay: repair displaced or missing tool results before strict provider replay, use Codex-compatible aborted outputs for OpenAI Responses history, and drop partial aborted/error transport turns before retries.
Browser/startup: deduplicate concurrent lazy-start calls per profile so simultaneous browser tool requests no longer race into duplicate Chrome launches and PortInUseError. (#61772) Thanks @sukhdeepjohar.
Browser/profiles: recover from stale Chromium Singleton* profile locks after crashes or host moves by clearing dead/foreign locks and retrying launch once. Thanks @seanc-dev.
Browser/existing-session: keep Chrome MCP status probes transport-only and ephemeral, and retry stale cached Playwright attaches once so idle profile checks no longer poison the next real attach. (#57245) Thanks @josephbergvinson.
Cron/exec: suppress automatic background exec completion wakes only for silent cron jobs with delivery.mode="none" while keeping webhook and announce runs observable. (#71391) Thanks @goldmar.
Reply media: allow sandboxed replies to deliver OpenClaw-managed media/outbound and media/tool-* attachments without treating them as sandbox escapes, while keeping alias-escape checks on the managed media root. Fixes #71138. Thanks @mayor686, @truffle-dev, and @neeravmakwana.
CLI/agent: keep openclaw agent --json stdout reserved for the JSON response by routing gateway, plugin, and embedded-fallback diagnostics to stderr before execution starts. Fixes #71319.
Agents/Gemini: retry reasoning-only, empty, and planning-only Gemini turns instead of letting sessions silently stall. Fixes #71074. (#71362) Thanks @neeravmakwana.
Providers/DeepSeek: add missing reasoning_content placeholders for replayed assistant tool-call turns when DeepSeek V4 thinking is enabled, so switching an existing session to deepseek-v4-flash or deepseek-v4-pro no longer trips the provider's 400 replay check. Fixes #71372. Thanks @yangyang1719.
Exec approvals: allow bare command-name allowlist patterns to match PATH-resolved executable basenames without trusting ./tool or absolute path-selected binaries. Fixes #71315. Thanks @chen-zhang-cs-code and @dengluozhang.
Config/recovery: skip whole-file last-known-good rollback when invalidity is scoped to plugins.entries.*, preserving unrelated user settings during plugin schema or host-version skew. Fixes #71289. Thanks @jalehman.
Agents/tools: keep resolved reply-run configs from being overwritten by stale runtime snapshots, and let empty web runtime metadata fall back to configured provider auto-detection so standard and queued turns expose the same tool set. Fixes #71355. Thanks @c-g14.
Agents/TTS: pass the resolved shared config into the tts tool, so tool-triggered speech uses configured providers and voices instead of falling back to a fresh config load.
Reply media: strip MEDIA: attachments from final replies when the same media already went out through block streaming, preventing duplicate Telegram voice notes and files. Fixes #65468. Thanks @aurora-openclaw.
Agents/TTS: preserve voice media when a tool-generated reply is paired with an exact NO_REPLY sentinel, stripping the sentinel text instead of dropping the audio payload. Fixes #66092.
Compaction: honor explicit agents.defaults.compaction.keepRecentTokens for manual /compact, re-distill safeguard summaries instead of snowballing previous summaries, and enable safeguard summary quality checks by default. Fixes #71357. Thanks @WhiteGiverMa.
Sessions: honor configured session.maintenance settings during load-time maintenance instead of falling back to default entry caps. Fixes #71356. Thanks @comolago.
Browser/sandbox: pass the resolved browser.ssrfPolicy into sandbox browser bridges and refresh cached bridges when the effective policy changes, so sandboxed browser navigation honors private-network opt-ins. Fixes #45153 and #57055. Thanks @jzakirov, @zuoanCo, and @kybrcore.
Browser/proxy: keep Gateway/provider proxy environment variables from proxying the OpenClaw-managed browser, so HTTPPROXY and HTTPSPROXY no longer block ordinary browser navigation. Fixes #71358. Thanks @Sanjays2402.
Agents/MCP: validate draft-2020-12 MCP tool output schemas with a draft-aware bundle-MCP client validator, so external MCP servers no longer fail catalog/tool execution with missing schema refs. Fixes #68772 and #70196. Thanks @mwiesen.
Dashboard/Windows: open Control UI and OAuth URLs through the system URL handler without cmd.exe parsing or PATH-based rundll32 lookup, and reject non-HTTP browser-open inputs. Fixes #71098. Thanks @Sanjays2402.
Config/doctor: reject legacy secretref-env:<ENV_VAR> marker strings on SecretRef credential paths and migrate valid markers to structured env SecretRefs with openclaw doctor --fix. Fixes #51794. Thanks @halointellicore.
Plugin SDK/browser: export the resolved browser tab-cleanup config type through the browser profile facade, keeping SDK subpath contracts aligned.
Providers/OpenAI: separate API-key and Codex sign-in onboarding groups, and avoid replaying stale OpenAI Responses reasoning blocks after a model route switch.
Providers/OpenAI-compatible: forward promptcachekey on Completions requests only for providers that opt in with compat.supportsPromptCacheKey, keeping default proxy payloads unchanged. Fixes #69272.
Providers/OpenAI-compatible: skip null or non-object streaming chunks from custom providers instead of failing the turn after partial output. Fixes #51112.
Providers/OpenAI-compatible: treat singular MLX-style finishreason: "toolcall" as tool use instead of a provider error. Fixes #61499.
Docs/TTS: clarify that legacy flat TTS provider config blocks are repaired by openclaw doctor --fix, not accepted by strict runtime schema on load. Fixes #56220.
Plugins/OpenCode: strip unsupported disabled Responses reasoning payloads for OpenCode image understanding. Fixes #70252.
Plugins/OpenCode/OpenCode Go: register image understanding metadata so the image tool is available for OpenCode catalog models with vision support. Fixes #70482 and #61789.
Plugins/OpenCode Go: update the default Go catalog model to opencode-go/kimi-k2.6. Thanks @masrlinu.
Providers/ElevenLabs: omit the MP3-only Accept header for PCM telephony synthesis, so Voice Call requests for pcm_22050 no longer receive MP3 audio. Fixes #67340. Thanks @marcchabot.
Providers/MiniMax TTS: truncate fractional pitch overrides before sending T2A requests, matching MiniMax's integer pitch contract while preserving fractional speed and volume. Fixes #62144.
Providers/MiniMax TTS: transcode voice-note targets to Opus so Feishu/Telegram receive native voice messages instead of MP3 file attachments. Fixes #63540, #64134, and #70445.
Providers/Microsoft TTS: keep allowlisted bundled speech providers discoverable even when another speech plugin has already registered, so Edge/Microsoft TTS is available alongside OpenAI. Fixes #62117 and #66850.
Providers/Microsoft TTS: honor legacy messages.tts.providers.edge voice settings after normalizing Edge TTS to the Microsoft provider. Fixes #64153.
Providers/OpenRouter: add an OpenRouter TTS provider using the OpenAI-compatible /audio/speech endpoint and OPENROUTERAPIKEY. Fixes #71268.
macOS Talk Mode: retry failed local ElevenLabs stream playback through gateway talk.speak before falling back to the system voice, so configured ElevenLabs voices still play when streaming playback fails. Fixes #65662.
Plugins/Voice Call: reap stale pre-answer calls by default, honor configured TTS timeouts for Twilio media-stream playback, and fail empty telephony audio instead of completing as silence. Fixes #42071; supersedes #60957. Thanks @Ryce and @sliekens.
Plugins/Voice Call: fail fast when Twilio, Telnyx, or Plivo would fall back to a loopback/private webhook URL, so calls do not start with an unreachable callback endpoint. Thanks @artemgetmann.
Plugins/Voice Call: resolve queued-but-not-yet-playing Twilio TTS entries when barge-in or stream teardown clears the playback queue, so callers awaiting queueTts() do not hang. Thanks @kevinWangSheng.
Plugins/Voice Call: terminate expired restored call sessions with the provider and restart restored max-duration timers with only the remaining duration, preventing stale outbound retry loops after Gateway restarts. Fixes #48739. Thanks @mira-solari.
Plugins/Voice Call: start provider STT after Telnyx outbound conversation greetings and pass configured Telnyx voice IDs through to the speak action. Fixes #56091. Thanks @Roshan.
Skills: honor legacy metadata.clawdbot requirements and installer hints when metadata.openclaw is absent, so older skills no longer appear ready when required binaries are missing. Fixes #71323. Thanks @chen-zhang-cs-code.
Browser/config: expand ~ in browser.executablePath before Chromium launch, so home-relative custom browser paths no longer fail with ENOENT. Fixes #67264. Thanks @Quratulain-bilal.
Channels/streaming: keep Telegram tool-progress preview updates enabled by default to match released behavior, document streaming.preview.toolProgress: false for disabling only those status lines, and prevent preview progress text from triggering Telegram Markdown links, Discord mentions, or Slack mrkdwn mentions. Fixes #71320. Thanks @neeravmakwana.
Gateway/sessions: copy the oversized sessions.json to a rotation backup before the atomic rewrite instead of renaming the live store away, so a crash during rotation keeps the existing session-to-transcript mapping authoritative. Fixes #68229. Thanks @jjjojoj.
Providers/OpenAI-compatible: strip OpenAI-only Completions store from proxy payloads and allow extra_body/extraBody passthrough params for provider-specific request fields. Fixes #61826 and #69717.
Discord/subagents: preserve thread-bound completion delivery by keeping the requester-agent announce path primary and falling back to direct thread sends only when the announce produces no visible output. (#71064) Thanks @DolencLuka.
Discord/proxy: serialize proxied multipart attachment uploads with undici FormData, so Discord media sends work through configured REST proxies. (#71383) Thanks @TC500.
Browser/tool: give Chrome MCP existing-session manage calls a longer default timeout, pass explicit tool timeouts through tab management, and recover stale selected-page MCP sessions instead of forcing a manual reset.
Browser/sandbox: clean up idle tracked tabs opened by primary-agent browser sessions, while preserving active tab reuse and lifecycle cleanup for subagents, cron, and ACP sessions. Fixes #71165. Thanks @dwbutler.
Plugins/Voice Call: reuse the webhook runtime across in-process plugin contexts, avoiding EADDRINUSE when agent tools or CLI commands run while the Gateway already owns the voice webhook port. Fixes #58115. Thanks @sfbrian.
Plugins/Voice Call: answer accepted Telnyx inbound Call Control legs on call.initiated, so webhooks that reach OpenClaw no longer leave the caller ringing until hangup. Fixes #58231 and #40131. Thanks @KonsultDigital.
Plugins/Voice Call: coalesce concurrent webhook server starts on the same runtime instance, avoiding a second listen() bind when overlapping startup paths race. Thanks @education-01.
Plugins/Voice Call: pin voice response sessions to responseModel before embedded agent runs, avoiding live-session model switch failures when the global default model differs. Fixes #60118. Thanks @xinbenlv.
Plugins/Voice Call: add agentId for voice response generation, so phone calls can use a dedicated agent workspace instead of always routing through main. Fixes #42155. Thanks @TheOpie.
Plugins/Voice Call: scope embedded voice response sandbox resolution to the selected voice agent, so implicit main voice sessions respect agents.defaults.sandbox.mode: "off" even when other agents define sandboxed Docker binds. Fixes #56367. Thanks @crpol.
Media tools: honor the configured web-fetch SSRF policy for media understanding, image/music/video generation references, and PDF inputs, so explicit RFC2544 opt-ins cover WebChat OSS uploads without weakening defaults. Fixes #71300. (#71321) Thanks @neeravmakwana.
Agents/TTS: suppress successful spoken transcripts from verbose chat tool output when structured voice media is already queued, while preserving text output for non-builtin tool-name collisions. Fixes #71282. Thanks @neeravmakwana.
Plugins/Google Meet: reuse active Meet tabs across harmless URL query differences, recover already-open tabs after browser timeouts, surface manual-action details for login or permission blockers, and let googlemeet recover-tab inspect paired browser nodes from the terminal.
Cron/isolated sessions: clear stale runtime, lifecycle, auth, model, exec, heartbeat, usage, privilege, routing, and delivery artifacts when creating a fresh isolated run, and persist per-run session rows as snapshots so old base-session state no longer leaks into new cron executions. Thanks @vincentkoc.
Gateway/sessions: recover main-agent turns interrupted by a gateway restart from stale transcript-lock evidence, avoiding stuck status: "running" sessions without broad post-boot transcript scans. Fixes #70555. Thanks @bitloi.
Codex approvals: sanitize MCP elicitation approval titles, descriptions, and display parameters before forwarding them to OpenClaw approval prompts. (#71343) Thanks @Lucenx9.
Codex approvals: keep command approval responses within Codex app-server availableDecisions, including deny/cancel fallbacks for prompts that do not offer decline. (#71338) Thanks @Lucenx9.
Codex harness: reject same-thread app-server notifications without turnId or turn.id after a bound turn starts, preventing unscoped events from mutating or completing the active reply. (#71317) Thanks @Lucenx9.
Plugins/Google Meet: include live Chrome-node readiness and Parallels recovery checks in setup, so stale node tokens or disconnected VM browsers are visible before an agent opens a meeting.
Context engine: keep safeguard compaction checks active after context-engine windowing and for ownsCompaction engines, so large transcripts can compact before prompt submission instead of waiting for provider overflow. Fixes #71325.
Approvals: compact structured home-directory paths to ~ across Codex permission prompts and exec approval metadata without repeating them as a separate high-risk warning, while preserving filesystem root and wildcard host warnings.
Plugins/runtime deps: isolate the internal npm cache used for bundled plugin runtime-dependency repair and let package updates refresh/verify already-current installs, so failed update or sudo doctor runs can be repaired by rerunning openclaw update.
Agents/delete: keep --json output machine-readable and retain workspaces that overlap another agent's workspace instead of moving shared state to Trash. Fixes #70889 and #70890. (#70897) Thanks @kaseonedge.
Browser/screenshot: honor timeoutMs through host and node screenshot requests, bound raw CDP screenshot commands, and avoid beyond-viewport CDP capture for ordinary viewport screenshots, so Windows Chrome captures no longer hang past the requested deadline. Fixes #68330. Thanks @Woodylai24.
Telegram/model picker: show configured model display names when browsing models through provider buttons, matching typed /models <provider> output. Fixes #70560. (#71016) Thanks @iskim77.
Plugins/runtime deps: stage bundled plugin runtime dependencies for packaged/global installs in an external runtime root and retain already staged deps across repairs, avoiding package-tree update races and npm pruning after upgrades.
Plugins/runtime deps: log bundled plugin runtime-dependency staging before synchronous npm installs start and include elapsed timing afterward, so first boot after upgrades no longer looks hung while dependencies are being repaired.
Memory/Bedrock: skip Bedrock during automatic memory embedding selection when AWS credentials are unavailable, so memory_search can fall back to lexical search instead of failing on the first embed call. Fixes #71143 via #71245. Thanks @bitloi.
Agents/failover: forward embedded run abort signals into provider-owned model streams, cap implicit LLM idle watchdogs below long run timeouts, and mark 429 responses without usable retry timing as non-retryable so GitHub Copilot rate limits fail over or surface promptly instead of hanging until run timeout. Fixes #71120.
Plugins/Google Meet: make meeting creation join by default, with an explicit URL-only opt-out, so agents that create a Meet also enter it.
Telegram/polling: persist accepted update offsets before long-running handlers complete so poller restarts do not replay already-ingested updates, while keeping same-process retries for handler failures.
Telegram/config: include generated Telegram channel config schema metadata in packaged plugin manifests so forum-topic/group config is accepted before runtime loads.
CLI/Claude: include user-configured mcp.servers in the strict Claude CLI MCP bundle config, matching Pi runs while preserving the OpenClaw loopback override. Fixes #70909. Thanks @keishingu.
Browser/tool: keep explicit AI snapshots from inheriting the efficient role-snapshot default and preserve numeric Playwright AI refs, so --format ai remains a real AI snapshot path. Fixes #62550. Thanks @ly85206559.
Gateway/config: keep in-process config patch reload comparisons on the resolved source snapshot when ${VAR} env refs are restored on disk, avoiding false full gateway restarts for unchanged gateway/plugin secrets. Fixes #71208. Thanks @robbiethompson18.
Slack/messages: serialize write-client requests and whole outbound sends per target so rapid multi-message Slack replies preserve send order. Fixes #69101. (#69105) Thanks @nightq and @ztexydt-cqh.
Slack/messages: keep Slack bot tokens out of internal message-ordering and DM cache keys.
Slack/exec approvals: resolve native approval button clicks over the Gateway instead of delivering /approve ... as plain agent text, preserving retry buttons if Gateway resolution fails. Fixes #71023. (#71025) Thanks @marusan03.
Browser/tool: expose browser doctor diagnostics to agents and extend openclaw doctor browser readiness notes for managed Chromium launch prerequisites. (#62948, #62936) Thanks @seanc-dev.
Slack/files: return non-image download-file results as local file paths instead of image payloads, and include Slack file IDs in inbound file placeholders so agents can call download-file. Fixes #71212. Thanks @teamrazo.
Browser control: scope standalone loopback auth to the resolved active gateway credential and fail closed when password mode lacks a resolved password, so inactive tokens or passwords no longer authorize browser routes. Fixes #65626. (#65639) Thanks @coygeek.
Control UI/Codex harness: emit native Codex app-server assistant and lifecycle completion events so live webchat runs stop spinning without needing a transcript reload fallback. (#70815) Thanks @lesaai.
Agents/sessions: persist the runtime-resolved context budget from embedded agent runs, so Codex GPT-5.5 sessions keep the catalog/runtime context cap instead of falling back to the generic 200k status value. Fixes #71294. Thanks @tud0r.
Agents/tools: fail runs before model submission when explicit tool allowlists resolve to no callable tools, preventing text-only hallucinated tool results for missing tools such as plugin commands that were not registered. Fixes #71292.
Agents/embedded: skip provider submission when an embedded run has no prompt, replay history, or prompt-local images, preventing empty OpenAI Responses requests from surfacing provider errors into user channels. Fixes #71130.
Providers/Google: map /think adaptive to Gemini dynamic thinking instead of a fixed medium/high budget, using Gemini 3's provider default and Gemini 2.5's thinkingBudget: -1. Fixes #71316.
Providers/MiniMax: keep M2.7 chat model metadata text-only so image tool requests route through MiniMax-VL-01 instead of the Anthropic-compatible chat endpoint. Fixes #71296. Thanks @ilker-cevikkaya.
Discord/replies: run message_sending plugin hooks for Discord reply delivery, including DM targets, so plugins can transform or cancel outbound Discord replies consistently with other channels. Fixes #59350. (#71094) Thanks @wei840222.
Discord/replies: preserve single-use native reply semantics across shared payload fallback, component, voice, and queued delivery paths, so explicit reply tags no longer consume implicit reply slots and chunked fallback sends reply only once.
Control UI/commands: carry provider-owned thinking option ids/labels in session rows and defaults so fresh sessions show and accept dynamic modes such as adaptive, xhigh, and max. Fixes #71269. Thanks @Young-Khalil.
Image generation: make explicit model= overrides exact-only so failed openai/gpt-image-2 requests no longer fall through to Gemini or other configured providers, and update image_generate list to mention OpenAI Codex OAuth as valid auth for openai/gpt-image-2. Fixes #71290 and #71231. Thanks @Young-Khalil.
Providers/GitHub Copilot: keep the plugin stream wrapper from claiming transport selection before OpenClaw picks a boundary-aware stream path, avoiding Pi's stale fallback Copilot headers on normal model turns.
Discord/subagents: pass runtime config into thread-bound native subagent binding and require it at the helper boundary so Discord channel resolution keeps account-aware config. Fixes #71054. (#70945) Thanks @jai.
Slack/Assistant: accept Slack Assistant DM message_changed events when their metadata identifies the human sender, while continuing to drop self-authored bot edits. Fixes #55445. Thanks @AlfredPros.
Slack/native streaming: suppress reasoning-only payloads before chat.startStream/appendStream, so Claude extended-thinking blocks no longer appear as visible Slack messages. Fixes #59687. Thanks @vision-ifc.
Slack/block replies: keep multi-part block deliveries in the first Slack reply thread when replyToMode is first, matching text reply threading instead of leaking later blocks into the channel. Fixes #49341. Thanks @pholmstr and @xiwuqi.
Slack/thread broadcasts: process thread_broadcast events as user messages so replies sent with "Also send to channel" reach the agent instead of becoming metadata-only system events. Fixes #56605 and #4351. Thanks @clawSean and @jlowin.
Slack/threading: ignore internal reply ids when choosing Slack thread_ts values, so resumed replies keep the real Slack thread anchor instead of leaking to the channel root. Fixes #68790. Thanks @MonkeyLeeT and @martingarramon.
Agents/failover: stop body-less HTTP 400/422 proxy failures from defaulting to "format" classification, so embedded retries surface the opaque provider failure instead of falling into a compaction loop. Fixes #66462. (#67024) Thanks @altaywtf and @HongzhuLiu.
Plugins/loader: use cached discovery-mode snapshot loads for read-only plugin capability lookups, keep snapshot caches isolated from active Gateway registries, and make same-plugin channel/HTTP route re-registration idempotent so repeated snapshot or hot-reload paths no longer rerun full plugin side effects or accumulate duplicate surfaces. Fixes #51781, #52031, #54181, and #57514. Thanks @livingghost, @okuyam2y, @ShionEria, and @bbshih.
Plugins/loader: reuse the compatible active Gateway registry for broad runtime plugin ensure calls after a gateway-bindable boot load, so non-bundled plugins no longer re-run register() during the same boot path. Fixes #69250. Thanks @markthebest12.
Plugins/hooks: keep the gateway-bindable hook runner installed when later default-mode plugin loads activate a different registry, preserving Gateway subagent lifecycle hooks across runtime cache misses. Fixes #63166.
Plugins/hooks: refresh live Gateway runtime hooks before inbound channel dispatch, so externally installed plugins keep messagereceived, beforedispatch, and reply hooks active after scoped startup plugin loads. Fixes #71167.
Media/input: resolve canonical inbound media refs through the shared media loader so native prompt image replay and explicit image/PDF tools can read media://inbound/<id> and managed inbound replay paths under workspace-only file policy.
Media/tools: centralize media reference scheme classification for image, PDF, image-generation, video-generation, and music-generation inputs so managed inbound refs are accepted consistently.
Control UI/media: resolve canonical inbound media refs before serving assistant media previews, so media://inbound/<id> sources no longer pass access checks but fail file open.
Auth/Codex: bootstrap openai-codex:default from Codex CLI credentials on fresh installs without replacing a locally refreshed OpenClaw OAuth token later. Fixes #71305. Thanks @Gforce10-design.
Plugin SDK/tool-result transforms: bound middleware details, validate in-place result mutations, and mark fail-closed middleware fallbacks with canonical error status. Thanks @vincentkoc.
Discord/gateway: prevent startup from getting stuck at awaiting gateway readiness when Carbon gateway registration races with a lifecycle reconnect. Fixes #52372. (#68159) Thanks @IVY-AI-gif.
Discord/gateway: supervise Carbon's async gateway registration promise so fatal Discord metadata failures surface through startup instead of process-level unhandled rejections. (#62451) Thanks @safzanpirani.
Discord/gateway: record websocket frame activity as transport liveness, so idle but healthy Discord gateways no longer look stale between user messages. (#68213) Thanks @bmadwaves.
Slack/streaming: suppress block replies while native or draft preview streaming owns the turn, preventing duplicate Slack delivery when block streaming is also enabled. Addresses #56675. Thanks @hsiaoa.
Plugins/cache: restore plugin command and interactive handler registries on loader cache hits without resetting interactive callback dedupe, so cached external plugins keep slash commands and callback handlers available after reloads. Fixes #71100. Thanks @BomBastikDE.
Gateway/OpenAI-compatible: report non-zero token usage for /v1/chat/completions when the agent run has only last-call usage metadata available. Fixes #71118. (#71242) Thanks @RenzoMXD.
Plugin SDK/tool-result transforms: restrict harness tool-result middleware to bundled plugins, fail closed on middleware errors, validate rewritten result shapes, preserve Pi per-call ids, and keep Codex media trust checks anchored to raw tool provenance. Thanks @vincentkoc.
Gateway/MCP loopback: apply owner-only tool policy and run before-tool-call hooks on 127.0.0.1/mcp tools/list and tools/call, so non-owner bearer callers can no longer see or invoke owner-only tools such as cron, gateway, and nodes, matching the existing HTTP /tools/invoke and embedded-agent paths. (#71159) Thanks @mmaps.
Codex harness/security: wait for final app-server approval decisions and sanitize approval preview text, so native Codex permission prompts cannot be resolved by an early placeholder decision or render unsafe terminal/control content. (#70751, #70569) Thanks @Lucenx9.
Providers/voice security: route ElevenLabs TTS and OpenAI Realtime browser-session secret creation through guarded fetch paths, preserving provider calls while keeping SSRF protections on voice surfaces.
Agents/OpenAI WS: match Codex's Responses WebSocket continuation strategy, sending only strict incremental follow-up input with previousresponseid and falling back to full context when the replay chain or request shape differs. Fixes #44948. Thanks @hss-oss.
Plugins/Google Chat: log webhook auth rejection reasons only after all candidates fail, and warn when add-on appPrincipal values do not match configuration. Fixes #71078. (#71145) Thanks @luyao618.
Models/configure: preserve the existing default model when provider auth is re-run from configure while keeping explicit default-setting commands authoritative. Fixes #70696. (#70793) Thanks @Sathvik-1007.
Config/plugins: accept plugins.entries.*.hooks.allowConversationAccess in validation, generated schema metadata, and plugin policy inspection so trusted external plugins can enable conversation-access hooks such as agent_end without local schema patches. Fixes #71215. (#71221) Thanks @BillChirico.
Models/runtime: show one model provider choice per provider and move Codex, Claude CLI, and Gemini CLI execution into explicit runtime selection while keeping fallback-only legacy runtime refs unchanged. Thanks @vincentkoc.
Plugins/runtime deps: respect explicit plugin and channel disablement when repairing bundled runtime dependencies, so doctor and health checks no longer install deps for disabled configured channels. Thanks @vincentkoc.
Diagnostics/OTEL: export logs through bounded diagnostic log events instead of a direct logger transport hook. Thanks @vincentkoc.
WhatsApp/plugins: support an explicit opt-in for inbound message_received hooks with canonical channel, conversation, session, and sender fields. Thanks @vincentkoc.
Channels/setup: keep bundled setup entries dependency-light and stage WhatsApp runtime dependencies only when login actually needs them, so first-run setup and read-only channel discovery avoid unused SDK imports.
Slack/HTTP: keep webhook handlers in a process-global registry so HTTP mode survives plugin-loader/native-import splits and /slack/events/<account> no longer returns 404 after logging as active. Fixes #67955, #46245, and #46246. Thanks @chrisabad and @cesararevalo.
Diagnostics: harden tool and model diagnostic events against hostile errors, blocking listeners, and unsafe stability reason fields. Thanks @vincentkoc.
Plugins/onboarding: record local plugin install source metadata without duplicating raw absolute local paths in persisted plugins.installs, while preserving linked load-path cleanup. (#70970) Thanks @vincentkoc.
Group chats/silent replies: tighten NO_REPLY prompt guidance so groups stay quiet without narrating silence or emitting fallback chatter when silence is the intended outcome. (#70954, #71209) Thanks @Takhoffman.
WhatsApp/groups+direct: setting systemPrompt: "" on a specific groups.<id> or direct.<peerId> entry now suppresses the wildcard system prompt instead of falling through to it, so users can silence the global prompt for a specific group or peer. (#70381) Thanks @Bluetegu.
Browser/tool: tell agents not to pass per-call timeoutMs on existing-session type, evaluate, and other Chrome MCP actions that reject timeout overrides.
Browser/tool: use Playwright's current AI aria snapshot API for refs="aria" and fall back to role refs when a node browser cannot provide aria refs, so agents can still inspect and click controls such as Google Meet admission buttons.
Browser/tool: expose stable tabId handles such as t1 plus optional tab labels, and accept those handles anywhere a browser tab target is needed.
Browser/tool: return suggestedTargetId first in tab payloads so agents naturally reuse labels or stable tab handles instead of raw DevTools ids.
Browser/tool: bundle a browser-automation skill with the multi-step snapshot, stable-tab, stale-ref, and manual-blocker loop for agent-controlled pages.
Browser/tool: add openclaw browser doctor, URL-expanded snapshots, direct labeled screenshots, and clearer tab-target errors for agents that accidentally pass positional indexes.
Plugins/Google Meet: use browser automation to classify and clear Meet entry blockers such as microphone-choice interstitials, and reuse in-progress create tabs on retry instead of opening duplicates.
Codex/GPT-5.4: harden fallback, auth-profile, tool-schema, and replay edge cases across native and embedded runtime paths. (#70743) Thanks @100yenadmin.
Models/fallback: resolve bare fallback model provider ids before model switching, so configured fallback chains keep working when a fallback is named without an explicit provider prefix.
Voice-call/Telnyx: preserve inbound/outbound callback metadata and read transcription text from Telnyx's current transcription_data payload.
Providers/DeepSeek: wire V4 thinking controls and OpenAI-compatible replay policy so follow-up turns preserve DeepSeek reasoning_content, while the None/off thinking path strips replayed reasoning fields. Fixes #70931. Thanks @lsdsjy.
Providers/GitHub Copilot: align Copilot request headers across Anthropic, Responses, and built-in compaction summarization paths, including tool-result and image follow-up turns, without enabling unverified Responses continuation.
Codex harness: send verbose tool progress to chat channels for native app-server runs, matching the Pi harness /verbose on and /verbose full behavior. (#70966) Thanks @jalehman.
Codex models: fetch paginated Codex app-server model catalogs, mark truncated /codex models output, and keep ChatGPT OAuth defaults on the openai-codex/gpt-5.5 route instead of the OpenAI API-key route.
Codex status: report Codex CLI OAuth as oauth (codex-cli) for native codex/* sessions instead of showing unknown auth. Fixes #70688. Thanks @jb510.
Channels/CLI: accept explicit shared-secret, base-URL, and auth-directory setup flags, and map legacy Nextcloud Talk --url/--token add commands to the bundled plugin setup input. Fixes #61759 and #61923.
Models/CLI: keep openclaw models list read-only while still showing eligible configured-provider rows, so listing models no longer rewrites per-agent models.json. (#70847) Thanks @shakkernerd.
Agents/transport: propagate configured attempt timeouts into guarded per-request dispatchers, so slow local LLM calls such as Ollama no longer fail at Undici's default 60-second body timeout. Fixes #70829. (#70831) Thanks @DranboFieldston.
Plugins/providers: mirror runtime auth choices in bundled provider manifests and detect KIMIAPIKEY for Moonshot/Kimi web search before plugin runtime loads. Thanks @vincentkoc.
Gateway/chat: register chat.send runs in the chat run registry so lifecycle error events reach the client instead of being silently dropped, fixing stuck 'waiting' state and /abort reporting no active run. (#69747) Thanks @wangshu94.
Plugins/QQ Bot: enable the bundled qqbot plugin by default so its runtime dependency @tencent-connect/qqbot-connector is installed on first launch, unblocking the QR-code binding flow that dynamically imports the connector before any account is configured. (#71051) Thanks @cxyhhhhh.
Gateway/agent RPC: register active agent runs into the chat abort controller map so chat.abort and sessions.abort can interrupt them, matching chat.send behavior and unblocking external runtimes that drive the Gateway through the public agent RPC. Fixes #71128. (#71214) Thanks @bitloi.
Matrix/CLI: pass resolved runtime config into verify commands, so openclaw matrix verify status and sibling verify subcommands no longer crash before acquiring the Matrix client. Fixes #70992. (#71102) Thanks @luyao618.
Gateway/startup: await startup sidecars before channel monitors report ready, reducing Discord and plugin startup races while still keeping gateway boot observability intact.
Plugins/Google Meet: report required manual actions for Chrome joins, use browser automation for Meet entry, and persist the private-WS node opt-in so paired-node realtime sessions keep their intended network policy.
Slack: route native stream fallback replies through the normal chunked sender so long buffered Slack Connect responses are not dropped or duplicated. (#71124) Thanks @martingarramon.
WhatsApp: transcribe accepted voice notes before agent dispatch while keeping spoken transcripts out of command authorization. (#64120) Thanks @rogerdigital.
Plugins/CLI: expose channel plugin CLI descriptors during discovery-mode plugin loads so snapshot registries keep channel commands visible without activating full runtimes. (#71309) Thanks @gumadeiras.
WhatsApp: deliver media generated by tool-result replies while still suppressing text-only tool chatter. (#60968) Thanks @adaclaw.
Config/agents: accept agents.list[].contextTokens in strict config validation so per-agent overrides survive hot reload, letting /status reflect the configured model window instead of the 200k fallback. Fixes #70692. (#71247) Thanks @statxc.
Heartbeat: include async exec completion details in heartbeat prompts so command-finished notifications relay the actual output. (#71213) Thanks @GodsBoy.
Memory search: apply session visibility and agent-to-agent policy to session transcript hits, and keep corpus=sessions ranking scoped to session collections before result limiting. (#70761) Thanks @nefainl.
Agents/sessions: stop session write-lock timeouts from entering model failover, so local lock contention surfaces directly instead of cascading across providers. (#68700) Thanks @MonkeyLeeT.
Auto-reply: run inbound reply delivery through message_sending hooks so plugins can transform or cancel generated replies before they are sent. (#70118) Thanks @jzakirov.
CI/release-checks: pass workflow inputs and matrix values through step environment variables instead of embedding them directly into run: shell commands, reducing template-injection surface in the cross-OS release-check workflow. (#66884) Thanks @alexlomt.

v2026.4.23 BREAKING [Apr 24, 2026] (6d ago) details → github →

# openclaw 2026.4.23

2026.4.23

Changes

Providers/OpenAI: add image generation and reference-image editing through Codex OAuth, so openai/gpt-image-2 works without an OPENAIAPIKEY. Fixes #70703.
Providers/OpenRouter: add image generation and reference-image editing through imagegenerate, so OpenRouter image models work with OPENROUTERAPI_KEY. Fixes #55066 via #67668. Thanks @notamicrodose.
Image generation: let agents request provider-supported quality and output format hints, and pass OpenAI-specific background, moderation, compression, and user hints through the image_generate tool. (#70503) Thanks @ottodeng.
Agents/subagents: add optional forked context for native sessions_spawn runs so agents can let a child inherit the requester transcript when needed, while keeping clean isolated sessions as the default; includes prompt guidance, context-engine hook metadata, docs, and QA coverage.
Agents/tools: add optional per-call timeoutMs support for image, video, music, and TTS generation tools so agents can extend provider request timeouts only when a specific generation needs it.
Memory/local embeddings: add configurable memorySearch.local.contextSize with a 4096 default so local embedding contexts can be tuned for constrained hosts without patching the memory host. (#70544) Thanks @aalekh-sarvam.
Dependencies/Pi: update bundled Pi packages to 0.70.0, use Pi's upstream gpt-5.5 catalog metadata for OpenAI and OpenAI Codex, and keep only local gpt-5.5-pro forward-compat handling.
Codex harness: add structured debug logging for embedded harness selection decisions so /status stays simple while gateway logs explain auto-selection and Pi fallback reasons. (#70760) Thanks @100yenadmin.

Fixes

Codex harness: route native requestuserinput prompts back to the originating chat, preserve queued follow-up answers, and honor newer app-server command approval amendment decisions.
Codex harness/context-engine: redact context-engine assembly failures before logging, so fallback warnings do not serialize raw error objects. (#70809) Thanks @jalehman.
WhatsApp/onboarding: keep first-run setup entry loading off the Baileys runtime dependency path, so packaged QuickStart installs can show WhatsApp setup before runtime deps are staged. Fixes #70932.
Block streaming: suppress final assembled text after partial block-delivery aborts when the already-sent text chunks exactly cover the final reply, preventing duplicate replies without dropping unrelated short messages. Fixes #70921.
Codex harness/Windows: resolve npm-installed codex.cmd shims through PATHEXT before starting the native app-server, so codex/* models work without a manual .exe shim. Fixes #70913.
Slack/groups: classify MPIM group DMs as group chat context and suppress verbose tool/plan progress on Slack non-DM surfaces, so internal "Working…" traces no longer leak into rooms. Fixes #70912.
Agents/replay: stop OpenAI/Codex transcript replay from synthesizing missing tool results while still preserving synthetic repair on Anthropic, Gemini, and Bedrock transport-owned sessions. (#61556) Thanks @VictorJeon and @vincentkoc.
Telegram/media replies: parse remote markdown image syntax into outbound media payloads on the final reply path, so Telegram group chats stop falling back to plain-text image URLs when the model or a tool emits !... instead of a MEDIA: token. (#66191) Thanks @apezam and @vincentkoc.
Agents/WebChat: surface non-retryable provider failures such as billing, auth, and rate-limit errors from the embedded runner instead of logging surface_error and leaving webchat with no rendered error. Fixes #70124. (#70848) Thanks @truffle-dev.
WhatsApp: unify outbound media normalization across direct sends and auto-replies. Thanks @mcaxtr.
Memory/CLI: declare the built-in local embedding provider in the memory-core manifest, so standalone openclaw memory status, index, and search can resolve local embeddings just like the gateway runtime. Fixes #70836. (#70873) Thanks @mattznojassist.
Gateway/WebChat: preserve image attachments for text-only primary models by offloading them as media refs instead of dropping them, so configured image tools can still inspect the original file. Fixes #68513, #44276, #51656, #70212.
Plugins/Google Meet: hang up delegated Twilio calls on leave, clean up Chrome realtime audio bridges when launch fails, and use a flat provider-safe tool schema.
Media understanding: honor explicit image-model configuration before native-vision skips, including agents.defaults.imageModel, tools.media.image.models, and provider image defaults such as MiniMax VL when the active chat model is text-only. Fixes #47614, #63722, #69171.
Codex/media understanding: support codex/ image models through bounded Codex app-server image turns, while keeping openai-codex/ on the OpenAI Codex OAuth route and validating app-server responses against generated protocol contracts. Fixes #70201.
Providers/OpenAI Codex: synthesize the openai-codex/gpt-5.5 OAuth model row when Codex catalog discovery omits it, so cron and subagent runs do not fail with Unknown model while the account is authenticated.
Models/Codex: preserve Codex provider metadata when adding models from chat or CLI commands, so manually added Codex models keep the right auth and routing behavior. (#70820) Thanks @Takhoffman.
Providers/OpenAI: route openai/gpt-image-2 through configured Codex OAuth directly when an openai-codex profile is active, instead of probing OPENAIAPIKEY first.
Providers/OpenAI: harden image generation auth routing and Codex OAuth response parsing so fallback only applies to public OpenAI API routes and bounded SSE results. Thanks @Takhoffman.
OpenAI/image generation: send reference-image edits as guarded multipart uploads instead of JSON data URLs, restoring complex multi-reference gpt-image-2 edits. Fixes #70642. Thanks @dashhuang.
Providers/OpenRouter: send image-understanding prompts as user text before image parts, restoring non-empty vision responses for OpenRouter multimodal models. Fixes #70410.
Providers/Google: honor the private-network SSRF opt-in for Gemini image generation requests, so trusted proxy setups that resolve Google API hosts to private addresses can use image_generate. Fixes #67216.
Agents/transport: stop embedded runs from lowering the process-wide undici stream timeouts, so slow Gemini image generation and other long-running provider requests no longer inherit short run-attempt headers timeouts. Fixes #70423. Thanks @giangthb.
Providers/OpenAI: honor the private-network SSRF opt-in for OpenAI-compatible image generation endpoints, so trusted LocalAI/LAN image_generate routes work without disabling SSRF checks globally. Fixes #62879. Thanks @seitzbg.
Providers/OpenAI: stop advertising the removed gpt-5.3-codex-spark Codex model through fallback catalogs, and suppress stale rows with a GPT-5.5 recovery hint.
Control UI/chat: persist assistant-generated images as authenticated managed media and accept paired-device tokens for assistant media fetches, so webchat history reloads keep showing generated images. (#70719, #70741) Thanks @Patrick-Erichsen.
Control UI/chat: queue Stop-button aborts across Gateway reconnects so a disconnected active run is canceled on reconnect instead of only clearing local UI state. (#70673) Thanks @chinar-amrutkar.
Memory/QMD: recreate stale managed QMD collections when startup repair finds the collection name already exists, so root memory narrows back to MEMORY.md instead of staying on broad workspace markdown indexing.
Agents/OpenAI: surface selected-model capacity failures from PI, Codex, and auto-reply harness paths with a model-switch hint instead of the generic empty-response error. Thanks @vincentkoc.
Plugins/QR: replace legacy qrcode-terminal QR rendering with bounded qrcode-tui helpers for plugin login/setup flows. (#65969) Thanks @vincentkoc.
Voice-call/realtime: wait for OpenAI session configuration before greeting or forwarding buffered audio, and reject non-allowlisted Twilio callers before stream setup. (#43501) Thanks @forrestblount.
ACPX/Codex: stop materializing auth.json bridge files for Codex ACP, Codex app-server, and Codex CLI runs; Codex-owned runtimes now use their normal CODEX_HOME/~/.codex auth path directly.
Auto-reply/system events: route async exec-event completion replies through the persisted session delivery context, so long-running command results return to the originating channel instead of being dropped when live origin metadata is missing. (#70258) Thanks @wzfukui.
Gateway/sessions: extend the webchat session-mutation guard to sessions.compact and sessions.compaction.restore, so WEBCHAT_UI clients are rejected from compaction-side session mutations consistently with the existing patch/delete guards. (#70716) Thanks @drobison00.
QA channel/security: reject non-HTTP(S) inbound attachment URLs before media fetch, and log rejected schemes so suspicious or misconfigured payloads are visible during debugging. (#70708) Thanks @vincentkoc.
Plugins/install: link the host OpenClaw package into external plugins that declare openclaw as a peer dependency, so peer-only plugin SDK imports resolve after install without bundling a duplicate host package. (#70462) Thanks @anishesg.
Plugins/Windows: refresh the packaged plugin SDK alias in place during bundled runtime dependency repair, so gateway and CLI plugin startup no longer race on ENOTEMPTY/EPERM after same-guest npm updates.
Teams/security: require shared Bot Framework audience tokens to name the configured Teams app via verified appid or azp, blocking cross-bot token replay on the global audience. (#70724) Thanks @vincentkoc.
Plugins/startup: resolve bundled plugin Jiti loads relative to the target plugin module instead of the central loader, so Bun global installs no longer hang while discovering bundled image providers. (#70073) Thanks @yidianyiko.
Anthropic/CLI security: derive Claude CLI bypassPermissions from OpenClaw's existing YOLO exec policy, preserve explicit raw Claude --permission-mode overrides, and strip malformed permission-mode args instead of silently falling back to a bypass. (#70723) Thanks @vincentkoc.
Android/security: require loopback-only cleartext gateway connections on Android manual and scanned routes, so private-LAN and link-local ws:// endpoints now fail closed unless TLS is enabled. (#70722) Thanks @vincentkoc.
Pairing/security: require private-IP or loopback hosts for cleartext mobile pairing, and stop treating .local or dotless hostnames as safe cleartext endpoints. (#70721) Thanks @vincentkoc.
Plugins/security: stop setup-api lookup from falling back to the launch directory, so workspace-local extensions/<plugin>/setup-api.* files cannot be executed during provider setup resolution. (#70718) Thanks @drobison00.
Approvals/security: require explicit chat exec-approval enablement instead of auto-enabling approval clients just because approvers resolve from config or owner allowlists. (#70715) Thanks @vincentkoc.
Discord/security: keep native slash-command channel policy from bypassing configured owner or member restrictions, while preserving channel-policy fallback when no stricter access rule exists. (#70711) Thanks @vincentkoc.
Android/security: stop ASK_OPENCLAW intents from auto-sending injected prompts, so external app actions only prefill the draft instead of dispatching it immediately. (#70714) Thanks @vincentkoc.
Secrets/Windows: strip UTF-8 BOMs from file-backed secrets and keep unavailable ACL checks fail-closed unless trusted file or exec providers explicitly opt into allowInsecurePath. (#70662) Thanks @zhanggpcsu.
Agents/image generation: escape ignored override values in tool warnings so parsed MEDIA: directives cannot be injected through unsupported model options. (#70710) Thanks @vincentkoc.
QQBot/security: require framework auth for /bot-approve so unauthorized QQ senders cannot change exec approval settings through the unauthenticated pre-dispatch slash-command path. (#70706) Thanks @vincentkoc.
MCP/tools: stop the ACPX OpenClaw tools bridge from listing or invoking owner-only tools such as cron, closing a privilege-escalation path for non-owner MCP callers. (#70698) Thanks @vincentkoc.
Feishu/onboarding: load Feishu setup surfaces through a setup-only barrel so first-run setup no longer imports Feishu's Lark SDK before bundled runtime deps are staged. (#70339) Thanks @andrejtr.
Approvals/startup: let native approval handlers report ready after gateway authentication while replaying pending approvals in the background, so slow or failing replay delivery no longer blocks handler startup or amplifies reconnect storms.
WhatsApp/security: keep contact/vCard/location structured-object free text out of the inline message body and render it through fenced untrusted metadata JSON, limiting hidden prompt-injection payloads in names, phone fields, and location labels/comments.
Group-chat/security: keep channel-sourced group names and participant labels out of inline group system prompts and render them through fenced untrusted metadata JSON.
Agents/replay: preserve Kimi-style functions.<name>:<index> tool-call IDs during strict replay sanitization so custom OpenAI-compatible Kimi routes keep multi-turn tool use intact. (#70693) Thanks @geri4.
Discord/replies: preserve final reply permission context through outbound delivery so Discord replies keep the same channel/member routing rules at send time.
Plugins/startup: restore bundled plugin openclaw/plugin-sdk/* resolution from packaged installs and external runtime-deps stage roots, so Telegram/Discord no longer crash-loop with Cannot find package 'openclaw' after missing dependency repair. (#70852) Thanks @simonemacario.
CLI/Claude: run the same prompt-build hooks and trigger/channel context on claude-cli turns as on direct embedded runs, keeping Claude Code sessions aligned with OpenClaw workspace identity, routing, and hook-driven prompt mutations. (#70625) Thanks @mbelinky.
Discord/plugin startup: keep subagent hooks lazy behind Discord's channel entry so packaged entry imports stay narrow and report import failures with the channel id and entry path.
Memory/doctor: keep root durable memory canonicalized on MEMORY.md, stop treating lowercase memory.md as a runtime fallback, and let openclaw doctor --fix merge true split-brain root files into MEMORY.md with a backup. (#70621) Thanks @mbelinky.
Providers/Anthropic Vertex: restore ADC-backed model discovery after the lightweight provider-discovery path by resolving emitted discovery entries, exposing synthetic auth on bootstrap discovery, and honoring copied env snapshots when probing the default GCP ADC path. Fixes #65715. (#65716) Thanks @feiskyer.
Codex harness/status: pin embedded harness selection per session, show active non-PI harness ids such as codex in /status, and keep legacy transcripts on PI until /new or /reset so config changes cannot hot-switch existing sessions.
Gateway/security: fail closed on agent-driven gateway config.apply/config.patch runtime edits by allowlisting a narrow set of agent-tunable prompt, model, and mention-gating paths (including Telegram topic-level requireMention) instead of relying on a hand-maintained denylist of protected subtrees that could miss new sensitive config keys. (#70726) Thanks @drobison00.
Webhooks/security: re-resolve SecretRef-backed webhook route secrets on each request so openclaw secrets reload revokes the previous secret immediately instead of waiting for a gateway restart. (#70727) Thanks @drobison00.
Memory/dreaming: decouple the managed dreaming cron from heartbeat by running it as an isolated lightweight agent turn, so dreaming runs even when heartbeat is disabled for the default agent and is no longer skipped by heartbeat.activeHours. openclaw doctor --fix migrates stale main-session dreaming jobs in persisted cron configs to the new shape. Fixes #69811, #67397, #68972. (#70737) Thanks @jalehman.
Agents/CLI: keep --agent plus --session-id lookup scoped to the requested agent store, so explicit agent resumes cannot select another agent's session. (#70985) Thanks @frankekn.

v2026.4.23-beta.6 pre BREAKING [Apr 24, 2026] (6d ago) details → github →

# openclaw 2026.4.23-beta.6

2026.4.23

Changes

Providers/OpenAI: add image generation and reference-image editing through Codex OAuth, so openai/gpt-image-2 works without an OPENAIAPIKEY. Fixes #70703.
Providers/OpenRouter: add image generation and reference-image editing through imagegenerate, so OpenRouter image models work with OPENROUTERAPI_KEY. Fixes #55066 via #67668. Thanks @notamicrodose.
Image generation: let agents request provider-supported quality and output format hints, and pass OpenAI-specific background, moderation, compression, and user hints through the image_generate tool. (#70503) Thanks @ottodeng.
Agents/subagents: add optional forked context for native sessions_spawn runs so agents can let a child inherit the requester transcript when needed, while keeping clean isolated sessions as the default; includes prompt guidance, context-engine hook metadata, docs, and QA coverage.
Agents/tools: add optional per-call timeoutMs support for image, video, music, and TTS generation tools so agents can extend provider request timeouts only when a specific generation needs it.
Memory/local embeddings: add configurable memorySearch.local.contextSize with a 4096 default so local embedding contexts can be tuned for constrained hosts without patching the memory host. (#70544) Thanks @aalekh-sarvam.
Dependencies/Pi: update bundled Pi packages to 0.70.0, use Pi's upstream gpt-5.5 catalog metadata for OpenAI and OpenAI Codex, and keep only local gpt-5.5-pro forward-compat handling.
Codex harness: add structured debug logging for embedded harness selection decisions so /status stays simple while gateway logs explain auto-selection and Pi fallback reasons. (#70760) Thanks @100yenadmin.

Fixes

Codex harness: route native requestuserinput prompts back to the originating chat, preserve queued follow-up answers, and honor newer app-server command approval amendment decisions.
Codex harness/context-engine: redact context-engine assembly failures before logging, so fallback warnings do not serialize raw error objects. (#70809) Thanks @jalehman.
WhatsApp/onboarding: keep first-run setup entry loading off the Baileys runtime dependency path, so packaged QuickStart installs can show WhatsApp setup before runtime deps are staged. Fixes #70932.
Block streaming: suppress final assembled text after partial block-delivery aborts when the already-sent text chunks exactly cover the final reply, preventing duplicate replies without dropping unrelated short messages. Fixes #70921.
Codex harness/Windows: resolve npm-installed codex.cmd shims through PATHEXT before starting the native app-server, so codex/* models work without a manual .exe shim. Fixes #70913.
Slack/groups: classify MPIM group DMs as group chat context and suppress verbose tool/plan progress on Slack non-DM surfaces, so internal "Working…" traces no longer leak into rooms. Fixes #70912.
Agents/replay: stop OpenAI/Codex transcript replay from synthesizing missing tool results while still preserving synthetic repair on Anthropic, Gemini, and Bedrock transport-owned sessions. (#61556) Thanks @VictorJeon and @vincentkoc.
Telegram/media replies: parse remote markdown image syntax into outbound media payloads on the final reply path, so Telegram group chats stop falling back to plain-text image URLs when the model or a tool emits !... instead of a MEDIA: token. (#66191) Thanks @apezam and @vincentkoc.
Agents/WebChat: surface non-retryable provider failures such as billing, auth, and rate-limit errors from the embedded runner instead of logging surface_error and leaving webchat with no rendered error. Fixes #70124. (#70848) Thanks @truffle-dev.
WhatsApp: unify outbound media normalization across direct sends and auto-replies. Thanks @mcaxtr.
Memory/CLI: declare the built-in local embedding provider in the memory-core manifest, so standalone openclaw memory status, index, and search can resolve local embeddings just like the gateway runtime. Fixes #70836. (#70873) Thanks @mattznojassist.
Gateway/WebChat: preserve image attachments for text-only primary models by offloading them as media refs instead of dropping them, so configured image tools can still inspect the original file. Fixes #68513, #44276, #51656, #70212.
Plugins/Google Meet: hang up delegated Twilio calls on leave, clean up Chrome realtime audio bridges when launch fails, and use a flat provider-safe tool schema.
Media understanding: honor explicit image-model configuration before native-vision skips, including agents.defaults.imageModel, tools.media.image.models, and provider image defaults such as MiniMax VL when the active chat model is text-only. Fixes #47614, #63722, #69171.
Codex/media understanding: support codex/ image models through bounded Codex app-server image turns, while keeping openai-codex/ on the OpenAI Codex OAuth route and validating app-server responses against generated protocol contracts. Fixes #70201.
Providers/OpenAI Codex: synthesize the openai-codex/gpt-5.5 OAuth model row when Codex catalog discovery omits it, so cron and subagent runs do not fail with Unknown model while the account is authenticated.
Models/Codex: preserve Codex provider metadata when adding models from chat or CLI commands, so manually added Codex models keep the right auth and routing behavior. (#70820) Thanks @Takhoffman.
Providers/OpenAI: route openai/gpt-image-2 through configured Codex OAuth directly when an openai-codex profile is active, instead of probing OPENAIAPIKEY first.
Providers/OpenAI: harden image generation auth routing and Codex OAuth response parsing so fallback only applies to public OpenAI API routes and bounded SSE results. Thanks @Takhoffman.
OpenAI/image generation: send reference-image edits as guarded multipart uploads instead of JSON data URLs, restoring complex multi-reference gpt-image-2 edits. Fixes #70642. Thanks @dashhuang.
Providers/OpenRouter: send image-understanding prompts as user text before image parts, restoring non-empty vision responses for OpenRouter multimodal models. Fixes #70410.
Providers/Google: honor the private-network SSRF opt-in for Gemini image generation requests, so trusted proxy setups that resolve Google API hosts to private addresses can use image_generate. Fixes #67216.
Agents/transport: stop embedded runs from lowering the process-wide undici stream timeouts, so slow Gemini image generation and other long-running provider requests no longer inherit short run-attempt headers timeouts. Fixes #70423. Thanks @giangthb.
Providers/OpenAI: honor the private-network SSRF opt-in for OpenAI-compatible image generation endpoints, so trusted LocalAI/LAN image_generate routes work without disabling SSRF checks globally. Fixes #62879. Thanks @seitzbg.
Providers/OpenAI: stop advertising the removed gpt-5.3-codex-spark Codex model through fallback catalogs, and suppress stale rows with a GPT-5.5 recovery hint.
Control UI/chat: persist assistant-generated images as authenticated managed media and accept paired-device tokens for assistant media fetches, so webchat history reloads keep showing generated images. (#70719, #70741) Thanks @Patrick-Erichsen.
Control UI/chat: queue Stop-button aborts across Gateway reconnects so a disconnected active run is canceled on reconnect instead of only clearing local UI state. (#70673) Thanks @chinar-amrutkar.
Memory/QMD: recreate stale managed QMD collections when startup repair finds the collection name already exists, so root memory narrows back to MEMORY.md instead of staying on broad workspace markdown indexing.
Agents/OpenAI: surface selected-model capacity failures from PI, Codex, and auto-reply harness paths with a model-switch hint instead of the generic empty-response error. Thanks @vincentkoc.
Plugins/QR: replace legacy qrcode-terminal QR rendering with bounded qrcode-tui helpers for plugin login/setup flows. (#65969) Thanks @vincentkoc.
Voice-call/realtime: wait for OpenAI session configuration before greeting or forwarding buffered audio, and reject non-allowlisted Twilio callers before stream setup. (#43501) Thanks @forrestblount.
ACPX/Codex: stop materializing auth.json bridge files for Codex ACP, Codex app-server, and Codex CLI runs; Codex-owned runtimes now use their normal CODEX_HOME/~/.codex auth path directly.
Auto-reply/system events: route async exec-event completion replies through the persisted session delivery context, so long-running command results return to the originating channel instead of being dropped when live origin metadata is missing. (#70258) Thanks @wzfukui.
Gateway/sessions: extend the webchat session-mutation guard to sessions.compact and sessions.compaction.restore, so WEBCHAT_UI clients are rejected from compaction-side session mutations consistently with the existing patch/delete guards. (#70716) Thanks @drobison00.
QA channel/security: reject non-HTTP(S) inbound attachment URLs before media fetch, and log rejected schemes so suspicious or misconfigured payloads are visible during debugging. (#70708) Thanks @vincentkoc.
Plugins/install: link the host OpenClaw package into external plugins that declare openclaw as a peer dependency, so peer-only plugin SDK imports resolve after install without bundling a duplicate host package. (#70462) Thanks @anishesg.
Plugins/Windows: refresh the packaged plugin SDK alias in place during bundled runtime dependency repair, so gateway and CLI plugin startup no longer race on ENOTEMPTY/EPERM after same-guest npm updates.
Teams/security: require shared Bot Framework audience tokens to name the configured Teams app via verified appid or azp, blocking cross-bot token replay on the global audience. (#70724) Thanks @vincentkoc.
Plugins/startup: resolve bundled plugin Jiti loads relative to the target plugin module instead of the central loader, so Bun global installs no longer hang while discovering bundled image providers. (#70073) Thanks @yidianyiko.
Anthropic/CLI security: derive Claude CLI bypassPermissions from OpenClaw's existing YOLO exec policy, preserve explicit raw Claude --permission-mode overrides, and strip malformed permission-mode args instead of silently falling back to a bypass. (#70723) Thanks @vincentkoc.
Android/security: require loopback-only cleartext gateway connections on Android manual and scanned routes, so private-LAN and link-local ws:// endpoints now fail closed unless TLS is enabled. (#70722) Thanks @vincentkoc.
Pairing/security: require private-IP or loopback hosts for cleartext mobile pairing, and stop treating .local or dotless hostnames as safe cleartext endpoints. (#70721) Thanks @vincentkoc.
Plugins/security: stop setup-api lookup from falling back to the launch directory, so workspace-local extensions/<plugin>/setup-api.* files cannot be executed during provider setup resolution. (#70718) Thanks @drobison00.
Approvals/security: require explicit chat exec-approval enablement instead of auto-enabling approval clients just because approvers resolve from config or owner allowlists. (#70715) Thanks @vincentkoc.
Discord/security: keep native slash-command channel policy from bypassing configured owner or member restrictions, while preserving channel-policy fallback when no stricter access rule exists. (#70711) Thanks @vincentkoc.
Android/security: stop ASK_OPENCLAW intents from auto-sending injected prompts, so external app actions only prefill the draft instead of dispatching it immediately. (#70714) Thanks @vincentkoc.
Secrets/Windows: strip UTF-8 BOMs from file-backed secrets and keep unavailable ACL checks fail-closed unless trusted file or exec providers explicitly opt into allowInsecurePath. (#70662) Thanks @zhanggpcsu.
Agents/image generation: escape ignored override values in tool warnings so parsed MEDIA: directives cannot be injected through unsupported model options. (#70710) Thanks @vincentkoc.
QQBot/security: require framework auth for /bot-approve so unauthorized QQ senders cannot change exec approval settings through the unauthenticated pre-dispatch slash-command path. (#70706) Thanks @vincentkoc.
MCP/tools: stop the ACPX OpenClaw tools bridge from listing or invoking owner-only tools such as cron, closing a privilege-escalation path for non-owner MCP callers. (#70698) Thanks @vincentkoc.
Feishu/onboarding: load Feishu setup surfaces through a setup-only barrel so first-run setup no longer imports Feishu's Lark SDK before bundled runtime deps are staged. (#70339) Thanks @andrejtr.
Approvals/startup: let native approval handlers report ready after gateway authentication while replaying pending approvals in the background, so slow or failing replay delivery no longer blocks handler startup or amplifies reconnect storms.
WhatsApp/security: keep contact/vCard/location structured-object free text out of the inline message body and render it through fenced untrusted metadata JSON, limiting hidden prompt-injection payloads in names, phone fields, and location labels/comments.
Group-chat/security: keep channel-sourced group names and participant labels out of inline group system prompts and render them through fenced untrusted metadata JSON.
Agents/replay: preserve Kimi-style functions.<name>:<index> tool-call IDs during strict replay sanitization so custom OpenAI-compatible Kimi routes keep multi-turn tool use intact. (#70693) Thanks @geri4.
Discord/replies: preserve final reply permission context through outbound delivery so Discord replies keep the same channel/member routing rules at send time.
Plugins/startup: restore bundled plugin openclaw/plugin-sdk/* resolution from packaged installs and external runtime-deps stage roots, so Telegram/Discord no longer crash-loop with Cannot find package 'openclaw' after missing dependency repair. (#70852) Thanks @simonemacario.
CLI/Claude: run the same prompt-build hooks and trigger/channel context on claude-cli turns as on direct embedded runs, keeping Claude Code sessions aligned with OpenClaw workspace identity, routing, and hook-driven prompt mutations. (#70625) Thanks @mbelinky.
Discord/plugin startup: keep subagent hooks lazy behind Discord's channel entry so packaged entry imports stay narrow and report import failures with the channel id and entry path.
Memory/doctor: keep root durable memory canonicalized on MEMORY.md, stop treating lowercase memory.md as a runtime fallback, and let openclaw doctor --fix merge true split-brain root files into MEMORY.md with a backup. (#70621) Thanks @mbelinky.
Providers/Anthropic Vertex: restore ADC-backed model discovery after the lightweight provider-discovery path by resolving emitted discovery entries, exposing synthetic auth on bootstrap discovery, and honoring copied env snapshots when probing the default GCP ADC path. Fixes #65715. (#65716) Thanks @feiskyer.
Codex harness/status: pin embedded harness selection per session, show active non-PI harness ids such as codex in /status, and keep legacy transcripts on PI until /new or /reset so config changes cannot hot-switch existing sessions.
Gateway/security: fail closed on agent-driven gateway config.apply/config.patch runtime edits by allowlisting a narrow set of agent-tunable prompt, model, and mention-gating paths (including Telegram topic-level requireMention) instead of relying on a hand-maintained denylist of protected subtrees that could miss new sensitive config keys. (#70726) Thanks @drobison00.
Webhooks/security: re-resolve SecretRef-backed webhook route secrets on each request so openclaw secrets reload revokes the previous secret immediately instead of waiting for a gateway restart. (#70727) Thanks @drobison00.
Memory/dreaming: decouple the managed dreaming cron from heartbeat by running it as an isolated lightweight agent turn, so dreaming runs even when heartbeat is disabled for the default agent and is no longer skipped by heartbeat.activeHours. openclaw doctor --fix migrates stale main-session dreaming jobs in persisted cron configs to the new shape. Fixes #69811, #67397, #68972. (#70737) Thanks @jalehman.
Agents/CLI: keep --agent plus --session-id lookup scoped to the requested agent store, so explicit agent resumes cannot select another agent's session. (#70985) Thanks @frankekn.

v2026.4.23-beta.5 pre BREAKING [Apr 24, 2026] (6d ago) details → github →

# OpenClaw 2026.4.23 beta 5

2026.4.23

Changes

Providers/OpenAI: add image generation and reference-image editing through Codex OAuth, so openai/gpt-image-2 works without an OPENAIAPIKEY. Fixes #70703.
Providers/OpenRouter: add image generation and reference-image editing through imagegenerate, so OpenRouter image models work with OPENROUTERAPI_KEY. Fixes #55066 via #67668. Thanks @notamicrodose.
Image generation: let agents request provider-supported quality and output format hints, and pass OpenAI-specific background, moderation, compression, and user hints through the image_generate tool. (#70503) Thanks @ottodeng.
Agents/subagents: add optional forked context for native sessions_spawn runs so agents can let a child inherit the requester transcript when needed, while keeping clean isolated sessions as the default; includes prompt guidance, context-engine hook metadata, docs, and QA coverage.
Agents/tools: add optional per-call timeoutMs support for image, video, music, and TTS generation tools so agents can extend provider request timeouts only when a specific generation needs it.
Memory/local embeddings: add configurable memorySearch.local.contextSize with a 4096 default so local embedding contexts can be tuned for constrained hosts without patching the memory host. (#70544) Thanks @aalekh-sarvam.
Dependencies/Pi: update bundled Pi packages to 0.70.0, use Pi's upstream gpt-5.5 catalog metadata for OpenAI and OpenAI Codex, and keep only local gpt-5.5-pro forward-compat handling.
Codex harness: add structured debug logging for embedded harness selection decisions so /status stays simple while gateway logs explain auto-selection and Pi fallback reasons. (#70760) Thanks @100yenadmin.

Fixes

Codex harness: route native requestuserinput prompts back to the originating chat, preserve queued follow-up answers, and honor newer app-server command approval amendment decisions.
Codex harness/context-engine: redact context-engine assembly failures before logging, so fallback warnings do not serialize raw error objects. (#70809) Thanks @jalehman.
WhatsApp/onboarding: keep first-run setup entry loading off the Baileys runtime dependency path, so packaged QuickStart installs can show WhatsApp setup before runtime deps are staged. Fixes #70932.
Block streaming: suppress final assembled text after partial block-delivery aborts when the already-sent text chunks exactly cover the final reply, preventing duplicate replies without dropping unrelated short messages. Fixes #70921.
Codex harness/Windows: resolve npm-installed codex.cmd shims through PATHEXT before starting the native app-server, so codex/* models work without a manual .exe shim. Fixes #70913.
Slack/groups: classify MPIM group DMs as group chat context and suppress verbose tool/plan progress on Slack non-DM surfaces, so internal "Working…" traces no longer leak into rooms. Fixes #70912.
Agents/replay: stop OpenAI/Codex transcript replay from synthesizing missing tool results while still preserving synthetic repair on Anthropic, Gemini, and Bedrock transport-owned sessions. (#61556) Thanks @VictorJeon and @vincentkoc.
Telegram/media replies: parse remote markdown image syntax into outbound media payloads on the final reply path, so Telegram group chats stop falling back to plain-text image URLs when the model or a tool emits !... instead of a MEDIA: token. (#66191) Thanks @apezam and @vincentkoc.
Agents/WebChat: surface non-retryable provider failures such as billing, auth, and rate-limit errors from the embedded runner instead of logging surface_error and leaving webchat with no rendered error. Fixes #70124. (#70848) Thanks @truffle-dev.
WhatsApp: unify outbound media normalization across direct sends and auto-replies. Thanks @mcaxtr.
Memory/CLI: declare the built-in local embedding provider in the memory-core manifest, so standalone openclaw memory status, index, and search can resolve local embeddings just like the gateway runtime. Fixes #70836. (#70873) Thanks @mattznojassist.
Gateway/WebChat: preserve image attachments for text-only primary models by offloading them as media refs instead of dropping them, so configured image tools can still inspect the original file. Fixes #68513, #44276, #51656, #70212.
Plugins/Google Meet: hang up delegated Twilio calls on leave, clean up Chrome realtime audio bridges when launch fails, and use a flat provider-safe tool schema.
Media understanding: honor explicit image-model configuration before native-vision skips, including agents.defaults.imageModel, tools.media.image.models, and provider image defaults such as MiniMax VL when the active chat model is text-only. Fixes #47614, #63722, #69171.
Codex/media understanding: support codex/ image models through bounded Codex app-server image turns, while keeping openai-codex/ on the OpenAI Codex OAuth route and validating app-server responses against generated protocol contracts. Fixes #70201.
Providers/OpenAI Codex: synthesize the openai-codex/gpt-5.5 OAuth model row when Codex catalog discovery omits it, so cron and subagent runs do not fail with Unknown model while the account is authenticated.
Models/Codex: preserve Codex provider metadata when adding models from chat or CLI commands, so manually added Codex models keep the right auth and routing behavior. (#70820) Thanks @Takhoffman.
Providers/OpenAI: route openai/gpt-image-2 through configured Codex OAuth directly when an openai-codex profile is active, instead of probing OPENAIAPIKEY first.
Providers/OpenAI: harden image generation auth routing and Codex OAuth response parsing so fallback only applies to public OpenAI API routes and bounded SSE results. Thanks @Takhoffman.
OpenAI/image generation: send reference-image edits as guarded multipart uploads instead of JSON data URLs, restoring complex multi-reference gpt-image-2 edits. Fixes #70642. Thanks @dashhuang.
Providers/OpenRouter: send image-understanding prompts as user text before image parts, restoring non-empty vision responses for OpenRouter multimodal models. Fixes #70410.
Providers/Google: honor the private-network SSRF opt-in for Gemini image generation requests, so trusted proxy setups that resolve Google API hosts to private addresses can use image_generate. Fixes #67216.
Agents/transport: stop embedded runs from lowering the process-wide undici stream timeouts, so slow Gemini image generation and other long-running provider requests no longer inherit short run-attempt headers timeouts. Fixes #70423. Thanks @giangthb.
Providers/OpenAI: honor the private-network SSRF opt-in for OpenAI-compatible image generation endpoints, so trusted LocalAI/LAN image_generate routes work without disabling SSRF checks globally. Fixes #62879. Thanks @seitzbg.
Providers/OpenAI: stop advertising the removed gpt-5.3-codex-spark Codex model through fallback catalogs, and suppress stale rows with a GPT-5.5 recovery hint.
Control UI/chat: persist assistant-generated images as authenticated managed media and accept paired-device tokens for assistant media fetches, so webchat history reloads keep showing generated images. (#70719, #70741) Thanks @Patrick-Erichsen.
Control UI/chat: queue Stop-button aborts across Gateway reconnects so a disconnected active run is canceled on reconnect instead of only clearing local UI state. (#70673) Thanks @chinar-amrutkar.
Memory/QMD: recreate stale managed QMD collections when startup repair finds the collection name already exists, so root memory narrows back to MEMORY.md instead of staying on broad workspace markdown indexing.
Agents/OpenAI: surface selected-model capacity failures from PI, Codex, and auto-reply harness paths with a model-switch hint instead of the generic empty-response error. Thanks @vincentkoc.
Plugins/QR: replace legacy qrcode-terminal QR rendering with bounded qrcode-tui helpers for plugin login/setup flows. (#65969) Thanks @vincentkoc.
Voice-call/realtime: wait for OpenAI session configuration before greeting or forwarding buffered audio, and reject non-allowlisted Twilio callers before stream setup. (#43501) Thanks @forrestblount.
ACPX/Codex: stop materializing auth.json bridge files for Codex ACP, Codex app-server, and Codex CLI runs; Codex-owned runtimes now use their normal CODEX_HOME/~/.codex auth path directly.
Auto-reply/system events: route async exec-event completion replies through the persisted session delivery context, so long-running command results return to the originating channel instead of being dropped when live origin metadata is missing. (#70258) Thanks @wzfukui.
Gateway/sessions: extend the webchat session-mutation guard to sessions.compact and sessions.compaction.restore, so WEBCHAT_UI clients are rejected from compaction-side session mutations consistently with the existing patch/delete guards. (#70716) Thanks @drobison00.
QA channel/security: reject non-HTTP(S) inbound attachment URLs before media fetch, and log rejected schemes so suspicious or misconfigured payloads are visible during debugging. (#70708) Thanks @vincentkoc.
Plugins/install: link the host OpenClaw package into external plugins that declare openclaw as a peer dependency, so peer-only plugin SDK imports resolve after install without bundling a duplicate host package. (#70462) Thanks @anishesg.
Plugins/Windows: refresh the packaged plugin SDK alias in place during bundled runtime dependency repair, so gateway and CLI plugin startup no longer race on ENOTEMPTY/EPERM after same-guest npm updates.
Teams/security: require shared Bot Framework audience tokens to name the configured Teams app via verified appid or azp, blocking cross-bot token replay on the global audience. (#70724) Thanks @vincentkoc.
Plugins/startup: resolve bundled plugin Jiti loads relative to the target plugin module instead of the central loader, so Bun global installs no longer hang while discovering bundled image providers. (#70073) Thanks @yidianyiko.
Anthropic/CLI security: derive Claude CLI bypassPermissions from OpenClaw's existing YOLO exec policy, preserve explicit raw Claude --permission-mode overrides, and strip malformed permission-mode args instead of silently falling back to a bypass. (#70723) Thanks @vincentkoc.
Android/security: require loopback-only cleartext gateway connections on Android manual and scanned routes, so private-LAN and link-local ws:// endpoints now fail closed unless TLS is enabled. (#70722) Thanks @vincentkoc.
Pairing/security: require private-IP or loopback hosts for cleartext mobile pairing, and stop treating .local or dotless hostnames as safe cleartext endpoints. (#70721) Thanks @vincentkoc.
Plugins/security: stop setup-api lookup from falling back to the launch directory, so workspace-local extensions/<plugin>/setup-api.* files cannot be executed during provider setup resolution. (#70718) Thanks @drobison00.
Approvals/security: require explicit chat exec-approval enablement instead of auto-enabling approval clients just because approvers resolve from config or owner allowlists. (#70715) Thanks @vincentkoc.
Discord/security: keep native slash-command channel policy from bypassing configured owner or member restrictions, while preserving channel-policy fallback when no stricter access rule exists. (#70711) Thanks @vincentkoc.
Android/security: stop ASK_OPENCLAW intents from auto-sending injected prompts, so external app actions only prefill the draft instead of dispatching it immediately. (#70714) Thanks @vincentkoc.
Secrets/Windows: strip UTF-8 BOMs from file-backed secrets and keep unavailable ACL checks fail-closed unless trusted file or exec providers explicitly opt into allowInsecurePath. (#70662) Thanks @zhanggpcsu.
Agents/image generation: escape ignored override values in tool warnings so parsed MEDIA: directives cannot be injected through unsupported model options. (#70710) Thanks @vincentkoc.
QQBot/security: require framework auth for /bot-approve so unauthorized QQ senders cannot change exec approval settings through the unauthenticated pre-dispatch slash-command path. (#70706) Thanks @vincentkoc.
MCP/tools: stop the ACPX OpenClaw tools bridge from listing or invoking owner-only tools such as cron, closing a privilege-escalation path for non-owner MCP callers. (#70698) Thanks @vincentkoc.
Feishu/onboarding: load Feishu setup surfaces through a setup-only barrel so first-run setup no longer imports Feishu's Lark SDK before bundled runtime deps are staged. (#70339) Thanks @andrejtr.
Approvals/startup: let native approval handlers report ready after gateway authentication while replaying pending approvals in the background, so slow or failing replay delivery no longer blocks handler startup or amplifies reconnect storms.
WhatsApp/security: keep contact/vCard/location structured-object free text out of the inline message body and render it through fenced untrusted metadata JSON, limiting hidden prompt-injection payloads in names, phone fields, and location labels/comments.
Group-chat/security: keep channel-sourced group names and participant labels out of inline group system prompts and render them through fenced untrusted metadata JSON.
Agents/replay: preserve Kimi-style functions.<name>:<index> tool-call IDs during strict replay sanitization so custom OpenAI-compatible Kimi routes keep multi-turn tool use intact. (#70693) Thanks @geri4.
Discord/replies: preserve final reply permission context through outbound delivery so Discord replies keep the same channel/member routing rules at send time.
Plugins/startup: restore bundled plugin openclaw/plugin-sdk/* resolution from packaged installs and external runtime-deps stage roots, so Telegram/Discord no longer crash-loop with Cannot find package 'openclaw' after missing dependency repair. (#70852) Thanks @simonemacario.
CLI/Claude: run the same prompt-build hooks and trigger/channel context on claude-cli turns as on direct embedded runs, keeping Claude Code sessions aligned with OpenClaw workspace identity, routing, and hook-driven prompt mutations. (#70625) Thanks @mbelinky.
Discord/plugin startup: keep subagent hooks lazy behind Discord's channel entry so packaged entry imports stay narrow and report import failures with the channel id and entry path.
Memory/doctor: keep root durable memory canonicalized on MEMORY.md, stop treating lowercase memory.md as a runtime fallback, and let openclaw doctor --fix merge true split-brain root files into MEMORY.md with a backup. (#70621) Thanks @mbelinky.
Providers/Anthropic Vertex: restore ADC-backed model discovery after the lightweight provider-discovery path by resolving emitted discovery entries, exposing synthetic auth on bootstrap discovery, and honoring copied env snapshots when probing the default GCP ADC path. Fixes #65715. (#65716) Thanks @feiskyer.
Codex harness/status: pin embedded harness selection per session, show active non-PI harness ids such as codex in /status, and keep legacy transcripts on PI until /new or /reset so config changes cannot hot-switch existing sessions.
Gateway/security: fail closed on agent-driven gateway config.apply/config.patch runtime edits by allowlisting a narrow set of agent-tunable prompt, model, and mention-gating paths (including Telegram topic-level requireMention) instead of relying on a hand-maintained denylist of protected subtrees that could miss new sensitive config keys. (#70726) Thanks @drobison00.
Webhooks/security: re-resolve SecretRef-backed webhook route secrets on each request so openclaw secrets reload revokes the previous secret immediately instead of waiting for a gateway restart. (#70727) Thanks @drobison00.

v2026.4.23-beta.4 pre BREAKING [Apr 24, 2026] (6d ago) details → github →

# openclaw 2026.4.23-beta.4

Changes

Providers/OpenAI: add image generation and reference-image editing through Codex OAuth, so openai/gpt-image-2 works without an OPENAIAPIKEY. Fixes #70703.
Providers/OpenRouter: add image generation and reference-image editing through imagegenerate, so OpenRouter image models work with OPENROUTERAPI_KEY. Fixes #55066 via #67668. Thanks @notamicrodose.
Image generation: let agents request provider-supported quality and output format hints, and pass OpenAI-specific background, moderation, compression, and user hints through the image_generate tool. (#70503) Thanks @ottodeng.
Agents/subagents: add optional forked context for native sessions_spawn runs so agents can let a child inherit the requester transcript when needed, while keeping clean isolated sessions as the default; includes prompt guidance, context-engine hook metadata, docs, and QA coverage.
Agents/tools: add optional per-call timeoutMs support for image, video, music, and TTS generation tools so agents can extend provider request timeouts only when a specific generation needs it.
Memory/local embeddings: add configurable memorySearch.local.contextSize with a 4096 default so local embedding contexts can be tuned for constrained hosts without patching the memory host. (#70544) Thanks @aalekh-sarvam.
Dependencies/Pi: update bundled Pi packages to 0.70.0, use Pi's upstream gpt-5.5 catalog metadata for OpenAI and OpenAI Codex, and keep only local gpt-5.5-pro forward-compat handling.
Codex harness: add structured debug logging for embedded harness selection decisions so /status stays simple while gateway logs explain auto-selection and Pi fallback reasons. (#70760) Thanks @100yenadmin.

Fixes

Codex harness: route native requestuserinput prompts back to the originating chat, preserve queued follow-up answers, and honor newer app-server command approval amendment decisions.
Codex harness/context-engine: redact context-engine assembly failures before logging, so fallback warnings do not serialize raw error objects. (#70809) Thanks @jalehman.
WhatsApp/onboarding: keep first-run setup entry loading off the Baileys runtime dependency path, so packaged QuickStart installs can show WhatsApp setup before runtime deps are staged. Fixes #70932.
Block streaming: suppress final assembled text after partial block-delivery aborts when the already-sent text chunks exactly cover the final reply, preventing duplicate replies without dropping unrelated short messages. Fixes #70921.
Codex harness/Windows: resolve npm-installed codex.cmd shims through PATHEXT before starting the native app-server, so codex/* models work without a manual .exe shim. Fixes #70913.
Slack/groups: classify MPIM group DMs as group chat context and suppress verbose tool/plan progress on Slack non-DM surfaces, so internal "Working…" traces no longer leak into rooms. Fixes #70912.
Agents/replay: stop OpenAI/Codex transcript replay from synthesizing missing tool results while still preserving synthetic repair on Anthropic, Gemini, and Bedrock transport-owned sessions. (#61556) Thanks @VictorJeon and @vincentkoc.
Telegram/media replies: parse remote markdown image syntax into outbound media payloads on the final reply path, so Telegram group chats stop falling back to plain-text image URLs when the model or a tool emits !... instead of a MEDIA: token. (#66191) Thanks @apezam and @vincentkoc.
Agents/WebChat: surface non-retryable provider failures such as billing, auth, and rate-limit errors from the embedded runner instead of logging surface_error and leaving webchat with no rendered error. Fixes #70124. (#70848) Thanks @truffle-dev.
WhatsApp: unify outbound media normalization across direct sends and auto-replies. Thanks @mcaxtr.
Memory/CLI: declare the built-in local embedding provider in the memory-core manifest, so standalone openclaw memory status, index, and search can resolve local embeddings just like the gateway runtime. Fixes #70836. (#70873) Thanks @mattznojassist.
Gateway/WebChat: preserve image attachments for text-only primary models by offloading them as media refs instead of dropping them, so configured image tools can still inspect the original file. Fixes #68513, #44276, #51656, #70212.
Plugins/Google Meet: hang up delegated Twilio calls on leave, clean up Chrome realtime audio bridges when launch fails, and use a flat provider-safe tool schema.
Media understanding: honor explicit image-model configuration before native-vision skips, including agents.defaults.imageModel, tools.media.image.models, and provider image defaults such as MiniMax VL when the active chat model is text-only. Fixes #47614, #63722, #69171.
Codex/media understanding: support codex/ image models through bounded Codex app-server image turns, while keeping openai-codex/ on the OpenAI Codex OAuth route and validating app-server responses against generated protocol contracts. Fixes #70201.
Providers/OpenAI Codex: synthesize the openai-codex/gpt-5.5 OAuth model row when Codex catalog discovery omits it, so cron and subagent runs do not fail with Unknown model while the account is authenticated.
Models/Codex: preserve Codex provider metadata when adding models from chat or CLI commands, so manually added Codex models keep the right auth and routing behavior. (#70820) Thanks @Takhoffman.
Providers/OpenAI: route openai/gpt-image-2 through configured Codex OAuth directly when an openai-codex profile is active, instead of probing OPENAIAPIKEY first.
Providers/OpenAI: harden image generation auth routing and Codex OAuth response parsing so fallback only applies to public OpenAI API routes and bounded SSE results. Thanks @Takhoffman.
OpenAI/image generation: send reference-image edits as guarded multipart uploads instead of JSON data URLs, restoring complex multi-reference gpt-image-2 edits. Fixes #70642. Thanks @dashhuang.
Providers/OpenRouter: send image-understanding prompts as user text before image parts, restoring non-empty vision responses for OpenRouter multimodal models. Fixes #70410.
Providers/Google: honor the private-network SSRF opt-in for Gemini image generation requests, so trusted proxy setups that resolve Google API hosts to private addresses can use image_generate. Fixes #67216.
Agents/transport: stop embedded runs from lowering the process-wide undici stream timeouts, so slow Gemini image generation and other long-running provider requests no longer inherit short run-attempt headers timeouts. Fixes #70423. Thanks @giangthb.
Providers/OpenAI: honor the private-network SSRF opt-in for OpenAI-compatible image generation endpoints, so trusted LocalAI/LAN image_generate routes work without disabling SSRF checks globally. Fixes #62879. Thanks @seitzbg.
Providers/OpenAI: stop advertising the removed gpt-5.3-codex-spark Codex model through fallback catalogs, and suppress stale rows with a GPT-5.5 recovery hint.
Control UI/chat: persist assistant-generated images as authenticated managed media and accept paired-device tokens for assistant media fetches, so webchat history reloads keep showing generated images. (#70719, #70741) Thanks @Patrick-Erichsen.
Control UI/chat: queue Stop-button aborts across Gateway reconnects so a disconnected active run is canceled on reconnect instead of only clearing local UI state. (#70673) Thanks @chinar-amrutkar.
Memory/QMD: recreate stale managed QMD collections when startup repair finds the collection name already exists, so root memory narrows back to MEMORY.md instead of staying on broad workspace markdown indexing.
Agents/OpenAI: surface selected-model capacity failures from PI, Codex, and auto-reply harness paths with a model-switch hint instead of the generic empty-response error. Thanks @vincentkoc.
Plugins/QR: replace legacy qrcode-terminal QR rendering with bounded qrcode-tui helpers for plugin login/setup flows. (#65969) Thanks @vincentkoc.
Voice-call/realtime: wait for OpenAI session configuration before greeting or forwarding buffered audio, and reject non-allowlisted Twilio callers before stream setup. (#43501) Thanks @forrestblount.
ACPX/Codex: stop materializing auth.json bridge files for Codex ACP, Codex app-server, and Codex CLI runs; Codex-owned runtimes now use their normal CODEX_HOME/~/.codex auth path directly.
Auto-reply/system events: route async exec-event completion replies through the persisted session delivery context, so long-running command results return to the originating channel instead of being dropped when live origin metadata is missing. (#70258) Thanks @wzfukui.
Gateway/sessions: extend the webchat session-mutation guard to sessions.compact and sessions.compaction.restore, so WEBCHAT_UI clients are rejected from compaction-side session mutations consistently with the existing patch/delete guards. (#70716) Thanks @drobison00.
QA channel/security: reject non-HTTP(S) inbound attachment URLs before media fetch, and log rejected schemes so suspicious or misconfigured payloads are visible during debugging. (#70708) Thanks @vincentkoc.
Plugins/install: link the host OpenClaw package into external plugins that declare openclaw as a peer dependency, so peer-only plugin SDK imports resolve after install without bundling a duplicate host package. (#70462) Thanks @anishesg.
Plugins/Windows: refresh the packaged plugin SDK alias in place during bundled runtime dependency repair, so gateway and CLI plugin startup no longer race on ENOTEMPTY/EPERM after same-guest npm updates.
Teams/security: require shared Bot Framework audience tokens to name the configured Teams app via verified appid or azp, blocking cross-bot token replay on the global audience. (#70724) Thanks @vincentkoc.
Plugins/startup: resolve bundled plugin Jiti loads relative to the target plugin module instead of the central loader, so Bun global installs no longer hang while discovering bundled image providers. (#70073) Thanks @yidianyiko.
Anthropic/CLI security: derive Claude CLI bypassPermissions from OpenClaw's existing YOLO exec policy, preserve explicit raw Claude --permission-mode overrides, and strip malformed permission-mode args instead of silently falling back to a bypass. (#70723) Thanks @vincentkoc.
Android/security: require loopback-only cleartext gateway connections on Android manual and scanned routes, so private-LAN and link-local ws:// endpoints now fail closed unless TLS is enabled. (#70722) Thanks @vincentkoc.
Pairing/security: require private-IP or loopback hosts for cleartext mobile pairing, and stop treating .local or dotless hostnames as safe cleartext endpoints. (#70721) Thanks @vincentkoc.
Plugins/security: stop setup-api lookup from falling back to the launch directory, so workspace-local extensions/<plugin>/setup-api.* files cannot be executed during provider setup resolution. (#70718) Thanks @drobison00.
Approvals/security: require explicit chat exec-approval enablement instead of auto-enabling approval clients just because approvers resolve from config or owner allowlists. (#70715) Thanks @vincentkoc.
Discord/security: keep native slash-command channel policy from bypassing configured owner or member restrictions, while preserving channel-policy fallback when no stricter access rule exists. (#70711) Thanks @vincentkoc.
Android/security: stop ASK_OPENCLAW intents from auto-sending injected prompts, so external app actions only prefill the draft instead of dispatching it immediately. (#70714) Thanks @vincentkoc.
Secrets/Windows: strip UTF-8 BOMs from file-backed secrets and keep unavailable ACL checks fail-closed unless trusted file or exec providers explicitly opt into allowInsecurePath. (#70662) Thanks @zhanggpcsu.
Agents/image generation: escape ignored override values in tool warnings so parsed MEDIA: directives cannot be injected through unsupported model options. (#70710) Thanks @vincentkoc.
QQBot/security: require framework auth for /bot-approve so unauthorized QQ senders cannot change exec approval settings through the unauthenticated pre-dispatch slash-command path. (#70706) Thanks @vincentkoc.
MCP/tools: stop the ACPX OpenClaw tools bridge from listing or invoking owner-only tools such as cron, closing a privilege-escalation path for non-owner MCP callers. (#70698) Thanks @vincentkoc.
Feishu/onboarding: load Feishu setup surfaces through a setup-only barrel so first-run setup no longer imports Feishu's Lark SDK before bundled runtime deps are staged. (#70339) Thanks @andrejtr.
Approvals/startup: let native approval handlers report ready after gateway authentication while replaying pending approvals in the background, so slow or failing replay delivery no longer blocks handler startup or amplifies reconnect storms.
WhatsApp/security: keep contact/vCard/location structured-object free text out of the inline message body and render it through fenced untrusted metadata JSON, limiting hidden prompt-injection payloads in names, phone fields, and location labels/comments.
Group-chat/security: keep channel-sourced group names and participant labels out of inline group system prompts and render them through fenced untrusted metadata JSON.
Agents/replay: preserve Kimi-style functions.<name>:<index> tool-call IDs during strict replay sanitization so custom OpenAI-compatible Kimi routes keep multi-turn tool use intact. (#70693) Thanks @geri4.
Discord/replies: preserve final reply permission context through outbound delivery so Discord replies keep the same channel/member routing rules at send time.
Plugins/startup: restore bundled plugin openclaw/plugin-sdk/* resolution from packaged installs and external runtime-deps stage roots, so Telegram/Discord no longer crash-loop with Cannot find package 'openclaw' after missing dependency repair. (#70852) Thanks @simonemacario.
CLI/Claude: run the same prompt-build hooks and trigger/channel context on claude-cli turns as on direct embedded runs, keeping Claude Code sessions aligned with OpenClaw workspace identity, routing, and hook-driven prompt mutations. (#70625) Thanks @mbelinky.
Discord/plugin startup: keep subagent hooks lazy behind Discord's channel entry so packaged entry imports stay narrow and report import failures with the channel id and entry path.
Memory/doctor: keep root durable memory canonicalized on MEMORY.md, stop treating lowercase memory.md as a runtime fallback, and let openclaw doctor --fix merge true split-brain root files into MEMORY.md with a backup. (#70621) Thanks @mbelinky.
Providers/Anthropic Vertex: restore ADC-backed model discovery after the lightweight provider-discovery path by resolving emitted discovery entries, exposing synthetic auth on bootstrap discovery, and honoring copied env snapshots when probing the default GCP ADC path. Fixes #65715. (#65716) Thanks @feiskyer.
Codex harness/status: pin embedded harness selection per session, show active non-PI harness ids such as codex in /status, and keep legacy transcripts on PI until /new or /reset so config changes cannot hot-switch existing sessions.
Gateway/security: fail closed on agent-driven gateway config.apply/config.patch runtime edits by allowlisting a narrow set of agent-tunable prompt, model, and mention-gating paths (including Telegram topic-level requireMention) instead of relying on a hand-maintained denylist of protected subtrees that could miss new sensitive config keys. (#70726) Thanks @drobison00.
Webhooks/security: re-resolve SecretRef-backed webhook route secrets on each request so openclaw secrets reload revokes the previous secret immediately instead of waiting for a gateway restart. (#70727) Thanks @drobison00.

v2026.4.22 BREAKING [Apr 23, 2026] (7d ago) details → github →

# openclaw 2026.4.22

2026.4.22

Changes

Providers/xAI: add image generation, text-to-speech, and speech-to-text support, including grok-imagine-image / grok-imagine-image-pro, reference-image edits, six live xAI voices, MP3/WAV/PCM/G.711 TTS formats, grok-stt audio transcription, and xAI realtime transcription for Voice Call streaming. (#68694) Thanks @KateWilkins.
Providers/STT: add Voice Call streaming transcription for Deepgram, ElevenLabs, and Mistral, alongside the existing OpenAI and xAI realtime STT paths; ElevenLabs also gains Scribe v2 batch audio transcription for inbound media.
TUI: add local embedded mode for running terminal chats without a Gateway while keeping plugin approval gates enforced. (#66767) Thanks @fuller-stack-dev.
Onboarding: auto-install missing provider and channel plugins during setup so first-run configuration can complete without manual plugin recovery.
OpenAI/Responses: use OpenAI's native websearch tool automatically for direct OpenAI Responses models when web search is enabled and no managed search provider is pinned; explicit providers such as Brave keep the managed websearch tool.
Models/commands: add /models add <provider> <modelId> so you can register a model from chat and use it without restarting the gateway; keep /models as a simple provider browser while adding clearer add guidance and copy-friendly command examples. (#70211) Thanks @Takhoffman.
WhatsApp: add configurable native reply quoting with replyToMode for WhatsApp conversations. Thanks @mcaxtr.
WhatsApp/groups+direct: forward per-group and per-direct systemPrompt config into inbound context GroupSystemPrompt so configured per-chat behavioral instructions are injected on every turn. Supports "*" wildcard fallback and account-scoped overrides under channels.whatsapp.accounts.<id>.{groups,direct}; account maps fully replace root maps (no deep merge), matching the existing requireMention pattern. Closes #7011. (#59553) Thanks @Bluetegu.
Agents/sessions: add mailbox-style sessions_list filters for label, agent, and search plus visibility-scoped derived title and last-message previews. (#69839) Thanks @dangoZhang.
Control UI/settings+chat: add a browser-local personal identity for the operator (name plus local-safe avatar), route user identity rendering through the shared chat/avatar path used by assistant and agent surfaces, and tighten Quick Settings, agent fallback chips, and narrow-screen chat layouts so personalization no longer wastes space or clips controls. (#70362) Thanks @BunsDev.
Gateway/diagnostics: enable payload-free stability recording by default and add a support-ready diagnostics export with sanitized logs, status, health, config, and stability snapshots for bug reports. (#70324) Thanks @gumadeiras.
Providers/Tencent: add the bundled Tencent Cloud provider plugin with TokenHub onboarding, docs, hy3-preview model catalog entries, and tiered Hy3 pricing metadata. (#68460) Thanks @JuniperSling.
Providers/Amazon Bedrock Mantle: add Claude Opus 4.7 through Mantle's Anthropic Messages route with provider-owned bearer-auth streaming, so the model is actually callable without treating AWS bearer tokens like Anthropic API keys. Thanks @wirjo.
Providers/GPT-5: move the GPT-5 prompt overlay into the shared provider runtime so compatible GPT-5 models receive the same behavior and heartbeat guidance through OpenAI, OpenRouter, OpenCode, Codex, and other GPT providers; add agents.defaults.promptOverlays.gpt5.personality as the global friendly-style toggle while keeping the OpenAI plugin setting as a fallback.
Providers/OpenAI Codex: remove the Codex CLI auth import path from onboarding and provider discovery so OpenClaw no longer copies ~/.codex OAuth material into agent auth stores; use browser login or device pairing instead. (#70390) Thanks @pashpashpash.
CLI/Claude: default claude-cli runs to warm stdio sessions, including custom configs that omit transport fields, and resume from the stored Claude session after Gateway restarts or idle exits. (#69679) Thanks @obviyus.
Pi/models: update the bundled pi packages to 0.68.1 and let the OpenCode Go catalog come from pi instead of plugin-maintained model aliases, adding the refreshed opencode-go/kimi-k2.6, Qwen, GLM, MiMo, and MiniMax entries.
Tokenjuice: add bundled native OpenClaw support for tokenjuice as an opt-in plugin that compacts noisy exec and bash tool results in Pi embedded runs. (#69946) Thanks @vincentkoc.
ACPX: add an explicit openClawToolsMcpBridge option that injects a core OpenClaw MCP server for selected built-in tools, starting with cron.
CLI/doctor plugins: lazy-load doctor plugin paths and prefer installed plugin dist/* runtime entries over source-adjacent JavaScript fallbacks, reducing the measured doctor --non-interactive runtime by about 74% while keeping cold doctor startup on built plugin artifacts. (#69840) Thanks @gumadeiras.
CLI/debugging: add an opt-in temporary debug timing helper for local CLI performance investigations, with readable stderr output, JSONL capture, and docs for removing probes before landing fixes. (#70469) Thanks @shakkernerd.
Docs/i18n: add Thai translation support for the docs site.
Providers/OpenAI-compatible: mark known local backends such as vLLM, SGLang, llama.cpp, LM Studio, LocalAI, Jan, TabbyAPI, and text-generation-webui as streaming-usage compatible, so their token accounting no longer degrades to unknown/stale totals. (#68711) Thanks @gaineyllc.
Providers/OpenAI-compatible: recover streamed token usage from llama.cpp-style timings.promptn / timings.predictedn metadata and sanitize usage counts before accumulation, fixing unknown or stale totals when compatible servers do not emit an OpenAI-shaped usage object. (#41056) Thanks @xaeon2026.
Plugins/startup: prefer native Jiti loading for built bundled plugin dist modules on supported runtimes, cutting measured bundled plugin load time by 82-90% while keeping source TypeScript on the transform path. (#69925) Thanks @aauren.
Plugin SDK/STT: share realtime transcription WebSocket transport and multipart batch transcription form helpers across bundled STT providers, reducing provider plugin boilerplate while preserving proxy capture, reconnects, audio queueing, close flushing, upload filename normalization, and ready handshakes.
Plugin SDK/Pi embedded runs: add a bundled-plugin embedded extension factory seam so native plugins can extend Pi embedded runs with async runtime hooks such as tool_result handling instead of falling back to the older synchronous persistence path. (#69946) Thanks @vincentkoc.
Codex harness/hooks: route native Codex app-server turns through beforepromptbuild and emit beforecompaction / aftercompaction for native compaction items so prompt and compaction hooks stop drifting from Pi. Thanks @vincentkoc.
Codex harness/plugins: add a bundled-plugin Codex app-server extension seam for async toolresult middleware, fire aftertoolcall for Codex tool runs, and route mirrored Codex transcript writes through beforemessage_write so tool integrations stop diverging from Pi. Thanks @vincentkoc.
Codex harness/hooks: fire llminput, llmoutput, and agent_end for native Codex app-server turns so lifecycle hooks stop drifting from Pi. Thanks @vincentkoc.
QA/Telegram: record per-scenario reply RTT in the live Telegram QA report and summary, starting with the canary response. (#70550) Thanks @obviyus.
Status: add an explicit Runner: field to /status so sessions now report whether they are running on embedded Pi, a CLI-backed provider, or an ACP harness agent/backend such as codex (acp/acpx) or gemini (acp/acpx). (#70595)

Fixes

Thinking defaults/status: raise the implicit default thinking level for reasoning-capable models from legacy off/low fallback behavior to a safe provider-supported medium equivalent when no explicit config default is set, preserve configured-model reasoning metadata when runtime catalog loading is empty, and make /status report the same resolved default as runtime.
Gateway/model pricing: fetch OpenRouter and LiteLLM pricing asynchronously at startup and extend catalog fetch timeouts to 30 seconds, reducing noisy timeout warnings during slow upstream responses.
Agents/sessions: keep daily reset and idle-maintenance bookkeeping from bumping session activity or pruning freshly active routes, so active conversations no longer look newer or disappear for maintenance-only updates.
Plugins/install: add newly installed plugin ids to an existing plugins.allow list before enabling them, so allowlisted configs load installed plugins after restart.
Status: show Fast in /status when fast mode is enabled, including config/default-derived fast mode, and omit it when disabled.
OpenAI/image generation: detect Azure OpenAI-style image endpoints, use Azure api-key auth plus deployment-scoped image URLs, honor AZUREOPENAIAPI_VERSION, and document the Azure setup path so image generation and edits work against Azure-hosted OpenAI resources. (#70570) Thanks @zhanggpcsu.
Telegram/forum topics: cache recovered forum metadata with bounded expiry so supergroup updates no longer need repeated getChat lookups before topic routing.
Onboarding/WeCom: show the official WeCom channel plugin with its native Enterprise WeChat display name and blurb in the external channel catalog.
Models/auth: merge provider-owned default-model additions from openclaw models auth login instead of replacing agents.defaults.models, so re-authenticating an OAuth provider such as OpenAI Codex no longer wipes other providers' aliases and per-model params. Migrations that must rename keys (Anthropic -> Claude CLI) opt in with replaceDefaultModels. Fixes #69414. (#70435) Thanks @neeravmakwana.
Media understanding/audio: prefer configured or key-backed STT providers before auto-detected local Whisper CLIs, so installed local transcription tools no longer shadow API providers such as Groq/OpenAI in tools.media.audio auto mode. Fixes #68727.
Providers/OpenAI: lock the auth picker wording for OpenAI API key, Codex browser login, and Codex device pairing so the setup choices no longer imply a mixed Codex/API-key auth path. (#67848) Thanks @tmlxrd.
Agents/BTW: route /btw side questions through provider stream registration with the session workspace, so Ollama provider URL construction and workspace-scoped hooks apply correctly. Fixes #68336. (#70413) Thanks @suboss87.
Agents/sessions: make session transcript write locks non-reentrant by default, so same-process transcript writers contend unless a helper explicitly opts into nested lock ownership.
ACPX/probe: expose an optional probeAgent plugin config field so the embedded ACP runtime health probe can target a configured agent (for example opencode or claude) instead of hardcoding codex, and stop marking the entire ACP runtime backend unavailable when the default probe agent is simply not installed or not authenticated. (#68409) Thanks @lyfuci.
Memory search: use sqlite-vec KNN for vector recall while preserving full post-filter result limits in multi-model indexes. Fixes #69666. (#69680) Thanks @aalekh-sarvam.
Providers/OpenAI Codex: stop stale per-agent openai-codex:default OAuth profiles from shadowing a newer main-agent identity-scoped profile, and let openclaw doctor offer the matching cleanup. (#70393) Thanks @pashpashpash.
ACPX: route OpenClaw ACP bridge commands through the MCP-free runtime path even when the command is wrapped with env, has bridge flags, or is resumed from persisted session state, so documented acpx openclaw setups no longer fail on per-session MCP injection. (#68741) Thanks @alexlomt.
Codex harness: route Codex-tagged MCP tool approval elicitations through OpenClaw plugin approvals, including current empty-schema app-server requests, while leaving generic user-input prompts fail-closed. (#68807) Thanks @kesslerio.
WhatsApp/outbound: hold an in-memory active-delivery claim while a live outbound send is in flight, so a concurrent reconnect drain no longer re-drives the same pending queue entry and duplicates cron sends 7-12x after the 30-minute inbound-silence watchdog fires mid-delivery. Crash-replay of fresh queue entries left behind by a dead process is preserved because the claim is intentionally process-local. Fixes #70386. (#70428) Thanks @neeravmakwana.
Matrix/commands: keep Matrix DM allowlist state out of room control-command authorization, so trusted DM senders do not accidentally gain room-command access.
Providers/SDK retry: cap long Retry-After sleeps in Stainless-based Anthropic/OpenAI model SDKs so 60s+ retry windows surface immediately for OpenClaw failover instead of blocking the run. (#68474) Thanks @jetd1.
Agents/TTS: preserve spoken text in TTS tool results while defusing reply directives in transcript content, so future turns remember voice replies without treating spoken MEDIA: or voice tags as delivery metadata. (#68869) Thanks @zqchris.
Providers/OpenAI: harden Voice Call realtime transcription against OpenAI Realtime session-update drift, forward language and prompt hints, and add live coverage for realtime STT.
Agents/Pi embedded runs: suppress the "⚠️ Agent couldn't generate a response" warning when the assistant already delivered user-visible content through a messaging tool and the turn ended cleanly (stopReason=stop). Real failure modes (tool errors, provider stopReason=error, interrupted tool use) still surface the existing "verify before retrying" warning. Fixes #70396. (#70425) Thanks @neeravmakwana.
Gateway/Linux: wrap gateway-managed supervisor, PTY, MCP stdio, and browser child processes in a tiny /bin/sh shim that raises the child's own oomscoreadj on Linux, so under cgroup memory pressure the kernel prefers transient workers over the long-lived gateway. Opt out with OPENCLAWCHILDOOMSCOREADJ=0. Fixes #70404. (#70419) Thanks @neeravmakwana.
Providers/Moonshot: stop strict-sanitizing Kimi's native tool_call IDs (shaped like functions.<name>:<index>) on the OpenAI-compatible transport, so multi-turn agentic flows through Kimi K2.6 no longer break after 2-3 tool-calling rounds when the serving layer fails to match mangled IDs against the original tool definitions. Adds a sanitizeToolCallIds opt-out to the shared openai-compatible replay family helper and wires Moonshot to it. Fixes #62319. (#70030) Thanks @LeoDu0314.
Dependencies/security: override transitive uuid to 14.0.0, clearing the runtime advisory across dependencies.
Codex harness: ignore dynamic tool descriptions when deciding whether to reuse a native app-server thread while still fingerprinting tool schemas, so channel-specific copy changes no longer reset otherwise compatible Codex conversations. (#69976) Thanks @chen-zhang-cs-code.
Codex harness: expose the Codex app-server model catalog in models list/status, avoid startup hangs from app-server discovery timeouts, and accept current Codex turn-completion notifications so Docker live gateway turns finish reliably.
Codex harness: drop invalid legacy app-server serviceTier values such as "priority" before native thread and turn requests, while keeping supported Codex tiers limited to "fast" and "flex". Fixes #64815.
Codex harness: show bounded, sanitized permission target samples in app-server approval prompts, so native permission requests keep their specific hosts, roots, and paths visible without leaking home usernames or URL credentials. (#70340) Thanks @Lucenx9.
Docs/Codex harness: narrow native compaction docs to the current start/completion signals, without promising a readable summary or kept-entry audit list yet. (#69612) Thanks @91wan.
Providers/Amazon Bedrock: use known context-window metadata for discovered models while keeping the unknown-model fallback conservative, so compaction and overflow handling improve for newer Bedrock models without overstating unlisted model limits. Thanks @wirjo.
Providers/Amazon Bedrock Mantle: refresh IAM-backed bearer tokens at runtime instead of baking discovery-time tokens into provider config, so long-lived Mantle sessions keep working after the initial token ages out. Thanks @wirjo.
Config/includes: write through single-file top-level includes for isolated OpenClaw-owned mutations, so plugins install and plugins update update an included plugins.json5 file instead of flattening modular $include configs. Fixes #41050 and #66048.
Config/reload: plan gateway reloads from source-authored config instead of runtime-materialized snapshots, so plugin update writes no longer trigger false restarts from derived provider/plugin config paths. Fixes #68732.
Plugins/update: skip npm plugin reinstall/config rewrites when the installed version and recorded artifact identity already match the registry target, let bare npm package names resolve back to tracked install records, and point already-installed plugins install attempts at plugins update / --force instead of a hook-pack fallback. Fixes #46955, #67957, and #68073.
Agents/MCP: keep mcp.servers and bundle MCP tools available in Pi embedded

coding and messaging sessions while preserving minimal profile and tools.deny: ["bundle-mcp"] opt-out behavior. Fixes #68875 and #68818.

Plugins/startup: tolerate transient bundled-channel catalog/metadata drift while auto-enabling configured plugins, so CLI and gateway startup no longer crash when a channel id is known but its display metadata is unavailable.
CLI/Claude: report CLI-backed reply runs as streaming while Claude/Codex CLI turns are still in flight, so WebChat keeps visible response state until the backend finishes. Fixes #70125.
Slack/streaming: fall back to normal Slack replies for Slack Connect streams rejected before the SDK flushes its local buffer, so short replies no longer disappear or report success before Slack acknowledges delivery. Fixes #70295. (#70370) Thanks @mvanhorn.
Codex harness: rotate the shared app-server websocket client when the configured bearer token changes, so auth-token refreshes reconnect with the new Authorization header instead of reusing a stale socket. (#70328) Thanks @Lucenx9.
Channels/sandbox: derive runtime policy keys for external direct messages that share the main conversation, so sandbox/tool policy no longer treats channel-originated DMs as local main-session runs.
Config/models: merge provider-scoped model allowlist updates and protect model/provider map writes from accidental full replacement, adding config set --merge for additive updates and --replace for intentional clobbers. Fixes #65920, #68392, and #68653.
Agents/Pi auth: preserve AWS SDK-authenticated Bedrock runs for IMDS and task-role setups, clear stale refresh timers on sentinel fallback, and log unexpected runtime-auth prep failures instead of silently leaving the provider unauthenticated. Thanks @wirjo.
Config/gateway: restore last-known-good config on critical clobber signatures such as missing metadata, missing gateway.mode, or sharp size drops, preventing gateway crash loops when a valid backup exists. Fixes #70336.
Config/gateway: recover configs accidentally prefixed with non-JSON output during gateway startup or openclaw doctor --fix, preserving the clobbered file as a backup while leaving normal config reads read-only.
Agents/GitHub Copilot: normalize connection-bound Responses item IDs in the Copilot provider wrapper so replayed histories no longer fail after the upstream connection changes. (#69362) Thanks @Menci.
Pi embedded runs: pass real built-in tools into Pi session creation and then narrow active tool names after custom tool registration, so the runner and compaction paths compile cleanly and keep OpenClaw-managed custom tool allowlists without feeding string arrays into createAgentSession. Thanks @vincentkoc.
Agents/OpenAI websocket: route native OpenAI websocket metadata and session-header decisions through the shared endpoint classifier so local mocks and custom models.providers.openai.baseUrl endpoints stay out of the native OpenAI path consistently across embedded-runner and websocket transport code. Thanks @vincentkoc.
Cron/MCP: retire bundled MCP runtimes through one shared cleanup path for isolated cron run ends, persistent cron session rollover, and direct cron deleteAfterRun fallback cleanup. Fixes #69145, #68623, and #68827.
MCP/gateway: tear down stdio MCP process trees on transport close and dispose bundled MCP runtimes during session delete/reset, preventing orphaned wrapper/server processes from accumulating. Fixes #68809 and #69465.
Agents/MCP: retire bundled MCP runtimes after completed one-shot subagent cleanup and nested sessions_send steps, while keeping persistent subagent sessions warm.
Config: render validation warnings with real line breaks instead of a literal \n sequence in CLI/audit output. Fixes #70140.
Cron/doctor: repair malformed persisted cron job IDs through openclaw doctor, including legacy jobId, non-string id, and missing id rows, so cron list no longer needs display-layer coercion for corrupt store data. Fixes #70128.
Discord: normalize prefixed channel targets only at the thread-binding API boundary, so sessions_spawn({ runtime: "acp", thread: true }) can create child threads from Discord channels without breaking current-channel ACP bindings. (#68034) Thanks @Zetarcos.
Discord: harden inbound thread metadata handling against partial Carbon channel getters, so non-command thread messages and queued jobs no longer crash when name, parentId, parent, or ownerId requires fetched raw data.
Discord: let message tool reactions resolve user:<id> DM targets and preserve channels.discord.guilds.<guild>.channels.<channel>.requireMention: false during reply-stage activation fallback. Fixes #70165 and #69441.
Plugins/startup: pre-normalize and cache Jiti alias maps before creating plugin loaders, so module-scoped loader filenames do not reintroduce per-plugin alias-normalization startup cost. Fixes #70186.
ACP/Codex: run the bundled Codex ACP harness with an isolated CODEX_HOME and avoid writing incomplete ChatGPT auth bridge files, so Codex ACP sessions no longer clobber the user's real Codex CLI auth. Fixes #70234. Thanks @Lonobers88.
Gateway/client: keep long-running RPCs such as ACP agent.wait calls in charge of their own timeout instead of closing the websocket on a missed app-level tick while work is still pending.
Telegram/webhooks: lower the grammY webhook callback timeout to 5s so Telegram gets an early 200 response instead of retrying long-running updates as read timeouts. (#70146) Thanks @friday-james.
Telegram/polling: rebuild the polling HTTP transport after getUpdates 409 conflicts, so retries use a fresh TCP connection instead of looping on a Telegram-terminated keep-alive socket. (#69873) Thanks @hclsys.
Media delivery: strip persisted base64 audio payloads from webchat history, resolve stored media://inbound/* attachments before local-root checks, suppress duplicate Telegram voice/audio sends when TTS emits the same media twice, and support custom image-model IDs that already include their provider prefix.
Slack/files: resolve downloadFile bot tokens from the runtime config when callers provide cfg without an explicit token or prebuilt client, preserving cfg-only file downloads outside the action runtime path. (#70160) Thanks @martingarramon.
Slack/HTTP: dispatch registered Request URL webhooks through the same handler registry used by Slack monitor setup, so HTTP-mode Slack events no longer 404 after successful route registration. (#70275) Thanks @FroeMic.
Slack/runtime bindings: route focused Slack thread replies through their bound ACP session instead of preparing replies against the default agent shell. Fixes #67739. Thanks @Frankla20.
CLI/Claude: keep stored Claude CLI sessions through OAuth refresh-token rotation by keying auth epochs on stable account identity instead of mutable OAuth token material. (#70452) Thanks @obviyus.
CLI/Claude: verify stored Claude CLI session ids have a readable project transcript before resuming, clearing phantom bindings with reason=transcript-missing instead of silently starting fresh under --resume. Fixes #70177.
CLI sessions: persist CLI session clearing through the atomic session-store merge path, so expired Claude/Codex CLI bindings are actually removed before retrying without the stale session id. (#70298) Thanks @HFConsultant.
ACP/sessions_spawn: honor explicit model overrides for ACP child sessions instead of silently falling back to the target agent default model. (#70210) Thanks @felix-miao.
Diffs/viewer: re-read remote viewer access policy from live runtime config on each request, so toggling plugins.entries.diffs.config.security.allowRemoteViewer closes proxied viewer access immediately instead of waiting for a restart. Thanks @vincentkoc.
Diffs/tooling: re-read viewerBaseUrl, presentation defaults, and viewer access policy from live runtime config, and fail closed when the live diffs plugin entry disappears instead of reviving startup viewer settings. Thanks @vincentkoc.
Memory/LanceDB: stop resurrecting removed live memory-lancedb hook config from startup snapshots, so deleting or disabling the plugin entry shuts off auto-recall and auto-capture without a restart. Thanks @vincentkoc.
Memory/LanceDB: keep auto-recall and auto-capture hooks wired when those settings start disabled, so turning them on in live config starts recall and capture without waiting for a restart. Thanks @vincentkoc.
Skill Workshop: keep the tool plus beforepromptbuild / agent_end hooks wired while the plugin is disabled at startup, so turning the plugin back on in live config starts guidance and capture without waiting for a restart. Thanks @vincentkoc.
Active Memory: stop reviving removed live active-memory config from startup snapshots, so removing the plugin entry turns the hook off immediately instead of waiting for a restart. Thanks @vincentkoc.
GitHub Copilot: re-read plugin discovery config from the live runtime snapshot, so toggling plugins.entries.github-copilot.config.discovery.enabled takes effect without a restart. Thanks @vincentkoc.
Ollama: re-read plugin discovery config from the live runtime snapshot, so toggling plugins.entries.ollama.config.discovery.enabled takes effect without a restart. Thanks @vincentkoc.
OpenAI: re-read the plugin prompt-overlay personality from live runtime config, so GPT-5 system prompt contributions update without a restart when plugins.entries.openai.config.personality changes. Thanks @vincentkoc.
Amazon Bedrock: re-read live discovery and guardrail plugin config, so toggling plugins.entries.amazon-bedrock.config.discovery or plugins.entries.amazon-bedrock.config.guardrail takes effect without a restart. Thanks @vincentkoc.
Codex: re-read the plugin discovery config from the live runtime snapshot, so toggling plugins.entries.codex.config.discovery takes effect without a restart. Thanks @vincentkoc.
Agents/subagents: drop bare NO_REPLY from the parent turn when the session still has pending spawned children, so direct-conversation surfaces such as Telegram DMs no longer rewrite the sentinel into visible fallback chatter while waiting for the child completion event. (#69942) Thanks @neeravmakwana.
Plugins/install: keep bundled plugin dependencies off npm install while repairing them when plugins activate from a packaged install, including Feishu/Lark, Browser, and direct bundled channel setup-entry loads.
CLI/channels: skip and cache bundled channel plugin, setup, and secrets load failures during read-only discovery, so one broken unused bundled channel cannot crash openclaw status or bootstrap secret scans.
Memory/LanceDB: retry initialization after a failed LanceDB load and report unsupported Intel macOS native runtime clearly instead of caching the failure or repeatedly attempting an install that cannot work.
CLI/Claude: hash only static extra system prompt parts when deciding whether to reuse a CLI session, so per-message inbound metadata no longer resets Claude CLI conversations on every turn. (#70122) Thanks @zijunl.
Hooks/Slack: standardize shared message hook routing fields (threadId / replyToId) and stop Slack outbound delivery from re-running message_sending inside the channel adapter, so plugins like thread-ownership make one outbound routing decision per reply. Thanks @vincentkoc.
Auto-reply/media: share one run-scoped reply media context between streamed block delivery and final payload filtering, so a local MEDIA: attachment is staged once and duplicate media sends are suppressed reliably. (#68111) Thanks @ayeshakhalid192007-dev.
Plugins/gateway hooks: expose startup config, workspace dir, and a live cron getter on the typed gateway_start hook, and move memory-core managed dreaming off the internal gateway:startup bridge so cron reconciliation stays on the public plugin hook path. Thanks @vincentkoc.
Plugins/config: read plugin trust decisions from the source config snapshot when a resolved runtime snapshot is active, so plugins.allow remains enforced and doctor/gateway startup no longer warn that the allowlist is empty when it is configured. Fixes #70161. Also fixes #70141.
Agents/openai-completions: enable malformed streamed tool-call argument repair for self-hosted OpenAI-compatible backends such as Kimi/SGLang, so fragmented tool-call arguments no longer reach tools as empty or unusable objects. Fixes #69672. (#70294) Thanks @MonkeyLeeT.
Gateway/restart: preserve group and channel chat context when resuming an agent turn after a Gateway restart, so continuation replies keep the same prompt, routing, and tool-status behavior as the original conversation.
Gateway/pairing: shared-secret loopback CLI clients now silently auto-approve metadata-upgrade pairing (platform / device family refresh) instead of being disconnected with 1008 pairing required. This matches the scope-upgrade and role-upgrade behavior added in #69431 and unblocks non-interactive CLI automation when a paired-device record has a stale platform string (e.g. device key replicated across hosts, install migrated between OSes, or platform-string format changed between OpenClaw versions). Browser / Control-UI clients keep the existing approval-required flow for metadata changes.
Gateway/pairing: treat any forwarded-header evidence (Forwarded, X-Forwarded-*, or X-Real-IP) as proxied WebSocket traffic before pairing locality checks, so reverse-proxy topologies cannot use the loopback shared-secret helper auto-pairing path.
Agents/OpenAI: treat exact NO_REPLY assistant output as a deliberate silent reply in embedded runs, so GPT-5.4 turns with signed reasoning plus a silent final no longer surface a false incomplete-turn error.
Auto-reply/streaming: preserve streamed reply directives through chunk boundaries and phase-aware final_answer delivery, so split MEDIA:<path> lines, voice tags, and reply targets reach channel delivery instead of leaking as text or being dropped. (#70243) Thanks @zqchris.
Anthropic/Claude Opus 4.7: normalize Opus 4.7 and claude-cli Opus 4.7 variants to a 1M context window in resolved runtime metadata and active-agent status/context reporting, so they no longer inherit the stale 200k fallback. Thanks @BunsDev.
Gateway/pairing webchat: render /pair qr replies as structured media instead of raw markdown text, preserve inline reply threading and silent-control handling on media replies, avoid persisting sensitive QR images into transcript history, and keep local webchat media embedding behind internal-only trust markers. (#70047) Thanks @BunsDev.
Codex harness: default app-server runs to unchained local execution, so OpenAI heartbeats can use network and shell tools without stalling behind native Codex approvals or the workspace-write sandbox.
Codex harness: fail closed for unknown native app-server approval methods instead of routing unsupported future approval shapes through OpenClaw approval grants. (#70356) Thanks @Lucenx9.
Codex harness: apply the GPT-5 behavior and heartbeat prompt overlay to native Codex app-server runs, so codex/gpt-5.x sessions get the same follow-through, tool-use, and proactive heartbeat guidance as OpenAI GPT-5 runs.
Codex harness: add an explicit Guardian mode for Codex app-server approvals, plus a Docker live probe for approved and ask-back Guardian decisions, while keeping default app-server runs unchained for unattended local heartbeats. The legacy OPENCLAWCODEXAPPSERVERGUARDIAN shortcut is removed; use plugin config appServer.mode: "guardian" or OPENCLAWCODEXAPPSERVERMODE=guardian. Thanks @pashpashpash.
OpenAI/Responses: keep embedded OpenAI Responses runs on HTTP when models.providers.openai.baseUrl points at a local mock or other non-public endpoint, so mocked/custom endpoints no longer drift onto the hardcoded public websocket transport. (#69815) Thanks @vincentkoc.
Channels/config: require resolved runtime config on channel send/action/client helpers and block runtime helper loadConfig() calls, so SecretRefs are resolved at startup/boundaries instead of being re-read during sends.
Discord: pass resolved runtime config through guild and moderation action helpers, so thread-originated Discord commands can run channel, member, role, and guild actions without falling back to runtime config reads. (#70215) Thanks @szponeczek.
CLI/channels: preserve bundled setup promotion metadata when a loaded partial channel plugin omits it, so adding a non-default account still moves legacy single-account fields such as Telegram streaming into accounts.default.
Telegram: keep the sent-message ownership cache isolated per configured session store, so own-message reaction filtering remains correct with custom session.store paths.
Security/update: fail closed when exact pinned npm plugin or hook-pack updates detect integrity drift, and expose aborted plugin drift details in openclaw update --json.
Ollama: forward OpenClaw thinking control to native /api/chat requests as top-level think, so /think off and openclaw agent --thinking off suppress thinking on models such as qwen3 instead of idling until the watchdog fires. Fixes #69902. (#69967) Thanks @WZH8898.
Memory-core/dreaming: suppress the startup-only managed dreaming cron unavailable warning when the cron service is still attaching, while preserving the runtime warning if cron genuinely remains unavailable. Fixes #69939. (#69941) Thanks @Sanjays2402.
Mattermost: suppress reasoning-only payloads even when they arrive as blockquoted > Reasoning: text, preventing /reasoning on from leaking thinking into channel posts. (#69927) Thanks @lawrence3699.
Discord: read channel.parentId through a safe accessor in the slash-command, reaction, and model-picker paths so partial GuildThreadChannel prototype getters no longer throw Cannot access rawData on partial Channel when commands like /new run from inside a thread. Fixes #69861. (#69908) Thanks @neeravmakwana.
Discord: use safe channel name and parent accessors across voice command authorization, so /vc commands from partial Discord thread channels no longer crash on Carbon rawData getters. (#70199) Thanks @hanamizuki.
Discord: make auto-thread parent transcript inheritance opt-in via channels.discord.thread.inheritParent, keeping newly created Discord thread sessions isolated by default while preserving explicit inheritance for configured accounts. Fixes #69907. (#69986) Thanks @Blahdude.
Browser/Chrome MCP: reset cached existing-session control sessions when a navigate_page call times out, so one stuck navigation no longer poisons the browser profile until a gateway restart. (#69733) Thanks @ayeshakhalid192007-dev.
Browser/Chrome MCP: propagate click timeouts and abort signals to existing-session actions so a stuck click fails fast and reconnects instead of poisoning the browser tool until gateway restart. (#63524) Thanks @dongseok0.
Amazon Bedrock/prompt caching: resolve opaque application inference profile targets before injecting Bedrock cache points, require every routed target to support explicit cache points, and retry transient profile lookups instead of caching a false negative for the rest of the process. (#69953) Thanks @anirudhmarc and @vincentkoc.
Gateway/channel health: base stale-socket recovery on provider-proven transport activity instead of inbound app-event freshness, preventing quiet Slack, Discord, Telegram, Matrix, and local-style channels from being restarted solely because no user traffic arrived. (#69833) Thanks @bek91.
OpenCode Go: canonicalize stale bundled opencode-go base URLs from /go or /go/v1 to /zen/go or /zen/go/v1, so older generated model metadata stops hitting the 404 HTML endpoint. (#69898)
CLI/channels: honor channels.<id>.enabled=false as a hard read-only presence opt-out, so env vars, manifest env vars, or stale persisted auth state no longer make disabled channel plugins appear in status, doctor, or setup-only discovery.
Channels/preview streaming: centralize draft-preview finalization so Slack, Discord, Mattermost, and Matrix no longer flush temporary preview messages for media/error finals, and preserve first-reply threading for normal fallback delivery.
Discord: keep slash command follow-up chunks ephemeral when the command is configured for ephemeral replies, so long /status output no longer leaks fallback model or runtime details into the public channel. (#69869) thanks @gumadeiras.
Gateway/session history: re-check current auth and chat.history scope before later SSE keepalives and transcript updates, so active session-history streams close before delivering post-revocation events.
Plugins/discovery: reject package plugin source entries that escape the package directory before explicit runtime entries or inferred built JavaScript peers can be used. (#69868) thanks @gumadeiras.
CLI/channels: resolve channel presence through a shared policy that keeps ambient env vars and stale persisted auth from surfacing disabled bundled plugins in status, doctor, security audit, and cron delivery validation unless the channel or plugin is effectively enabled or explicitly configured. (#69862) Thanks @gumadeiras.
Doctor/plugins: hydrate legacy partial interactive handler state before plugin reload clears dedupe caches, so openclaw doctor and post-update doctor runs no longer crash with Cannot read properties of undefined (reading 'clear'). (#70135) Thanks @ngutman.
Control UI/config: preserve intentionally empty raw config snapshots when clearing pending updates so reset restores the original bytes instead of synthesizing JSON for blank config files. (#68178) Thanks @BunsDev.
memory-core/dreaming: surface a Dreaming status: blocked line in openclaw memory status when dreaming is enabled but the heartbeat that drives the managed cron is not firing for the default agent, and add a Troubleshooting section to the dreaming docs covering the two common causes (per-agent heartbeat blocks excluding main, and heartbeat.every set to 0/empty/invalid), so the silent failure described in #69843 becomes legible on the status surface.
Cron/run-log: report generic message tool sends under the resolved delivery channel when they match the cron target, while preserving account-specific mismatch checks for delivery traces. (#69940) Thanks @davehappyminion.
Doctor/channels: merge configured-channel doctor hooks across read-only, loaded, setup, and runtime plugin discovery so partial adapters no longer hide runtime-only compatibility repair or allowlist warnings, preserve disabled-channel opt-outs, and ignore malformed hook values before they can mask valid fallbacks. (#69919) Thanks @gumadeiras.
Models/CLI: show bundled provider-owned static catalog rows in models list --all before auth is configured, including Kimi K2.6 rows for Moonshot, OpenRouter, and Vercel AI Gateway, while keeping local-only and workspace plugin catalog paths isolated. (#69909) Thanks @shakkernerd.
Models/CLI: clarify that models list --provider expects provider ids and reject display labels before loading model discovery. (#70504) Thanks @shakkernerd.
Configure: skip generic CLI startup bootstrap for openclaw configure and bound hint-only gateway probes so the onboarding TUI reaches its first prompt faster when the Gateway is unavailable. (#69984) Thanks @obviyus.
Agents/harness: surface selected plugin harness failures directly instead of replaying the same turn through embedded PI, preventing misleading secondary PI auth errors and avoiding duplicate side effects.
OpenAI Codex: add a ChatGPT device-code auth option beside browser OAuth, so headless or callback-hostile setups can sign in without relying on the localhost browser callback. (#69557) Thanks @vincentkoc.
CLI sessions: keep provider-owned CLI sessions through implicit daily expiry while preserving explicit reset behavior, and retain Claude CLI binding metadata across gateway agent requests. (#70106) Thanks @obviyus.
fix(config): accept truncateAfterCompaction (#68395). Thanks @MonkeyLeeT
CLI/Claude: keep Claude CLI session bindings stable across OAuth access-token refreshes, so gateway restarts continue the same Claude conversation instead of minting a fresh one. (#70132) Thanks @obviyus.
QQBot: add INTERACTION intent (1 << 26) to the gateway constants and include it in the FULL_INTENTS mask so interaction events are received. (#70143) Thanks @cxyhhhhh.
Gateway/restart: preserve one-shot continuation instructions across gateway restarts so agents can resume and reply back to the original chat after reboot. (#63406) Thanks @VACInc.
Gateway/restart: write restart sentinel files atomically so interrupted writes cannot leave a truncated sentinel behind. (#70225) Thanks @obviyus.
Pairing: remove stale pending requests for a device when that paired device is deleted, so an old repair approval cannot recreate the removed device from leftover state.
Security/dotenv: block workspace .env overrides for Matrix, Mattermost, IRC, and Synology endpoint settings so cloned workspaces cannot redirect bundled connector traffic through local endpoint config. (#70240) Thanks @drobison00.
Telegram: require the same /models authorization for group model-picker callbacks, so unauthorized participants can no longer browse or change the session model through inline buttons. (#70235) Thanks @drobison00.
Agents/Pi: keep the filtered tool-name allowlist active for embedded OpenAI/OpenAI Codex GPT-5 runs and compaction sessions, so bundled and client tools still execute after the Pi 0.68.1 session-tool allowlist change instead of stopping at plan-only replies with no tool call. (#70281) Thanks @jalehman.
Agents/Pi: honor explicit strict-agentic execution contracts for incomplete-turn retry guards across providers, so manually opted-in local or compatible models get the same retry behavior without relying on OpenAI model inference. (#66750) Thanks @ziomancer.
OpenShell/sandbox: pin verified file reads to an already-opened descriptor, walk the ancestor chain for symlinked parents on platforms without fd-path readlink, and re-check file identity so parent symlink swaps cannot redirect in-sandbox reads to host files outside the allowed mount root. (#69798) Thanks @drobison00.
Gateway/Control UI: require authenticated Control UI read access before serving /__openclaw/control-ui-config.json when gateway.auth is enabled, so unauthenticated callers can no longer read bootstrap metadata. (#70247) Thanks @drobison00.
Gateway/restart: default session-scoped restart sentinels to a one-shot agent continuation, so chat-initiated Gateway restarts acknowledge successful boot automatically. (#70269) Thanks @obviyus.
Build/npm publish: fail postpublish verification when root dist/* files import bundled plugin runtime dependencies without mirroring them in the root package manifest, so Slack-style plugin deps cannot silently ship on the wrong module-resolution path again. (#60112) thanks @medns.

v2026.4.21 BREAKING [Apr 22, 2026] (8d ago) details → github →

# openclaw 2026.4.21

2026.4.21

Changes

OpenAI/images: default the bundled image-generation provider and live media smoke tests to gpt-image-2, and advertise the newer 2K/4K OpenAI size hints in image-generation docs and tool metadata.

Fixes

Plugins/doctor: repair bundled plugin runtime dependencies from doctor paths so packaged installs can recover missing channel/provider dependencies without broad core dependency installs.
Image generation: log failed provider/model candidates at warn level before automatic provider fallback, so OpenAI image failures are visible in the gateway log even when a later provider succeeds.
Auth/commands: require owner identity (an owner-candidate match or internal operator.admin) for owner-enforced commands instead of treating wildcard channel allowFrom or empty owner-candidate lists as sufficient, so non-owner senders can no longer reach owner-only commands through a permissive fallback when enforceOwnerForCommands=true and commands.ownerAllowFrom is unset. (#69774) Thanks @drobison00.
Slack: preserve thread aliases in runtime outbound sends so generic runtime sends stay in the intended Slack thread when the caller supplies threadTs. (#62947) Thanks @bek91.
Browser: reject invalid ax<N> accessibility refs in act paths immediately instead of waiting for the browser action timeout. (#69924) Thanks @Patrick-Erichsen.
npm/install: mirror the node-domexception alias into root package.json overrides, so npm installs stop surfacing the deprecated google-auth-library -> gaxios -> node-fetch -> fetch-blob -> node-domexception chain pulled through Pi/Google runtime deps. Thanks @vincentkoc.

v2026.4.20 BREAKING [Apr 21, 2026] (8d ago) details → github →

# openclaw 2026.4.20

2026.4.20

Changes

Onboard/wizard: restyle the setup security disclaimer with a single yellow warning banner, section headings and bulleted checklists, and un-dim the note body so key guidance is easy to scan; add a loading spinner during the initial model catalog load so the wizard no longer goes blank while it runs; add an "API key" placeholder to provider API key prompts. (#69553) Thanks @Patrick-Erichsen.
Agents/prompts: strengthen the default system prompt and OpenAI GPT-5 overlay with clearer completion bias, live-state checks, weak-result recovery, and verification-before-final guidance.
Models/costs: support tiered model pricing from cached catalogs and configured models, and include bundled Moonshot Kimi K2.6/K2.5 cost estimates for token-usage reports. (#67605) Thanks @sliverp.
Sessions/Maintenance: enforce the built-in entry cap and age prune by default, and prune oversized stores at load time so accumulated cron/executor session backlogs cannot OOM the gateway before the write path runs. (#69404) Thanks @bobrenze-bot.
Plugins/tests: reuse plugin loader alias and Jiti config resolution across repeated same-context loads, reducing import-heavy test overhead. (#69316) Thanks @amknight.
Cron: split runtime execution state into jobs-state.json so jobs.json stays stable for git-tracked job definitions. (#63105) Thanks @Feelw00.
Agents/compaction: send opt-in start and completion notices during context compaction. (#67830) Thanks @feniix.
Moonshot/Kimi: default bundled Moonshot setup, web search, and media-understanding surfaces to kimi-k2.6 while keeping kimi-k2.5 available for compatibility. (#69477) Thanks @scoootscooob.
Moonshot/Kimi: allow thinking.keep = "all" on moonshot/kimi-k2.6, and strip it for other Moonshot models or requests where pinned tool_choice disables thinking. (#68816) Thanks @aniaan.
BlueBubbles/groups: forward per-group systemPrompt config into inbound context GroupSystemPrompt so configured group-specific behavioral instructions (for example threaded-reply and tapback conventions) are injected on every turn. Supports "*" wildcard fallback matching the existing requireMention pattern. Closes #60665. (#69198) Thanks @omarshahine.
Plugins/tasks: add a detached runtime registration contract so plugin executors can own detached task lifecycle and cancellation without reaching into core task internals. (#68915) Thanks @mbelinky.
Terminal/logging: optimize sanitizeForLog() by replacing the iterative control-character stripping loop with a single regex pass while preserving the existing ANSI-first sanitization behavior. (#67205) Thanks @bulutmuf.
QA/CI: make openclaw qa suite and openclaw qa telegram fail by default when scenarios fail, add --allow-failures for artifact-only runs, and tighten live-lane defaults for CI automation. (#69122) Thanks @joshavant.
Mattermost: stream thinking, tool activity, and partial reply text into a single draft preview post that finalizes in place when safe. (#47838) thanks @ninjaa.

Fixes

Exec/YOLO: stop rejecting gateway-host exec in security=full plus ask=off mode via the Python/Node script preflight hardening path, so promptless YOLO exec once again runs direct interpreter stdin and heredoc forms such as node <<'NODE' ... NODE.
OpenAI Codex: normalize legacy openai-completions transport overrides on default OpenAI/Codex and GitHub Copilot-compatible hosts back to the native Codex Responses transport while leaving custom proxies untouched. (#45304, #42194) Thanks @dyss1992 and @DeadlySilent.
Anthropic/plugins: scope Anthropic api: "anthropic-messages" defaulting to Anthropic-owned providers, so openai-codex and other providers without an explicit api no longer get rewritten to the wrong transport. Fixes #64534.
fix(qqbot): add SSRF guard to direct-upload URL paths in uploadC2CMedia and uploadGroupMedia [AI-assisted]. (#69595) Thanks @pgondhi987.
fix(gateway): enforce allowRequestSessionKey gate on template-rendered mapping sessionKeys. (#69381) Thanks @pgondhi987.
Browser/Chrome MCP: surface DevToolsActivePort attach failures as browser-connectivity errors instead of a generic "waiting for tabs" timeout, and point signed-out fallbacks toward the managed openclaw profile.
Webchat/images: treat inline image attachments as media for empty-turn gating while still ignoring metadata-only blank turns. (#69474) Thanks @Jaswir.
Discord/think: only show adaptive in /think autocomplete for provider/model pairs that actually support provider-managed adaptive thinking, so GPT/OpenAI models no longer advertise an Anthropic-only option.
Thinking: only expose max for models that explicitly support provider max reasoning, and remap stored max settings to the largest supported thinking mode when users switch to another model.
Gateway/usage: bound the cost usage cache with FIFO eviction so date/range lookups cannot grow unbounded. (#68842) Thanks @Feelw00.
OpenAI/Responses: resolve /think levels against each GPT model's supported reasoning efforts so /think off no longer becomes high reasoning or sends unsupported reasoning.effort: "none" payloads.
Lobster/TaskFlow: allow managed approval resumes to use approvalId without a resume token, and persist that id in approval wait state. (#69559) Thanks @kirkluokun.
Plugins/startup: install bundled runtime dependencies into each plugin's own runtime directory, reuse source-checkout repair caches after rebuilds, and log only packages that were actually installed so repeated Gateway starts stay quiet once deps are present.
Plugins/startup: ignore pnpm's npm_execpath when repairing bundled plugin runtime dependencies and skip workspace-only package specs so npm-only install flags or local workspace links do not break packaged plugin startup.
MCP: block interpreter-startup env keys such as NODE_OPTIONS for stdio servers while preserving ordinary credential and proxy env vars. (#69540) Thanks @drobison00.
Agents/shell: ignore non-interactive placeholder shells like /usr/bin/false and /sbin/nologin, falling back to sh so service-user exec runs no longer exit immediately. (#69308) Thanks @sk7n4k3d.
Setup/TUI: relaunch the setup hatch TUI in a fresh process while preserving the configured gateway target and auth source, so onboarding recovers terminal state cleanly without exposing gateway secrets on command-line args. (#69524) Thanks @shakkernerd.
Codex: avoid re-exposing the image-generation tool on native vision turns with inbound images, and keep bare image-model overrides on the configured image provider. (#65061) Thanks @zhulijin1991.
Sessions/reset: clear auto-sourced model, provider, and auth-profile overrides on /new and /reset while preserving explicit user selections, so channel sessions stop staying pinned to runtime fallback choices. (#69419) Thanks @sk7n4k3d.
Sessions/costs: snapshot estimatedCostUsd like token counters so repeated persist paths no longer compound the same run cost by up to dozens of times. (#69403) Thanks @MrMiaigi.
OpenAI Codex: route ChatGPT/Codex OAuth Responses requests through the /backend-api/codex endpoint so openai-codex/gpt-5.4 no longer hits the removed /backend-api/responses alias. (#69336) Thanks @mzogithub.
OpenAI/Responses: omit disabled reasoning payloads when /think off is active, so GPT reasoning models no longer receive unsupported reasoning.effort: "none" requests. (#61982) Thanks @a-tokyo.
Gateway/pairing: treat loopback shared-secret node-host, TUI, and gateway clients as local for pairing decisions, so trusted local tools no longer reconnect as remote clients and fail with pairing required. (#69431) Thanks @SARAMALI15792.
Active Memory: degrade gracefully when memory recall fails during prompt building, logging a warning and letting the reply continue without memory context instead of failing the whole turn. (#69485) Thanks @Magicray1217.
Ollama: add provider-policy defaults for baseUrl and models so implicit local discovery can run before config validation rejects a minimal Ollama provider config. (#69370) Thanks @PratikRai0101.
Agents/model selection: clear transient auto-failover session overrides before each turn so recovered primary models are retried immediately without emitting user-override reset warnings. (#69365) Thanks @hitesh-github99.
Auto-reply: apply silent NO_REPLY policy per conversation type, so direct chats get a helpful rewritten reply while groups and internal deliveries can remain quiet. (#68644) Thanks @Takhoffman.
Telegram/status reactions: honor messages.removeAckAfterReply when lifecycle status reactions are enabled, clearing or restoring the reaction after success/error using the configured hold timings. (#68067) Thanks @poiskgit.
Web search/plugins: resolve plugin-scoped SecretRef API keys for bundled Exa, Firecrawl, Gemini, Kimi, Perplexity, Tavily, and Grok web-search providers when they are selected through the shared web-search config. (#68424) Thanks @afurm.
Telegram/polling: raise the default polling watchdog threshold from 90s to 120s and add configurable channels.telegram.pollingStallThresholdMs (also per-account) so long-running Telegram work gets more room before polling is treated as stalled. (#57737) Thanks @Vitalcheffe.
Telegram/polling: bound the persisted-offset confirmation getUpdates probe with a client-side timeout so a zombie socket cannot hang polling recovery before the runner watchdog starts. (#50368) Thanks @boticlaw.
Agents/Pi runner: retry silent stopReason=error turns with no output when no side effects ran, so non-frontier providers that briefly return empty error turns get another chance instead of ending the session early. (#68310) Thanks @Chased1k.
Plugins/memory: preserve the active memory capability when read-only snapshot plugin loads run, so status and provider discovery paths no longer wipe memory public artifacts. (#69219) Thanks @zeroaltitude.
Plugins: keep only the highest-precedence manifest when distinct discovered plugins share an id, so lower-precedence global or workspace duplicates no longer load beside bundled or config-selected plugins. (#41626) Thanks @Tortes.
fix(security): block MINIMAXAPIHOST workspace env injection and remove env-driven URL routing [AI-assisted]. (#67300) Thanks @pgondhi987.
Cron/delivery: treat explicit delivery.mode: "none" runs as not requested even if the runner reports delivered: false, so no-delivery cron jobs no longer persist false delivery failures or errors. (#69285) Thanks @matsuri1987.
Plugins/install: repair active and default-enabled bundled plugin runtime dependencies before import in packaged installs, so bundled Discord, WhatsApp, Slack, Telegram, and provider plugins work without putting their dependency trees in core.
BlueBubbles: raise the outbound /api/v1/message/text send timeout default from 10s to 30s, and add a configurable channels.bluebubbles.sendTimeoutMs (also per-account) so macOS 26 setups where Private API iMessage sends stall for 60+ seconds no longer silently lose messages at the 10s abort. Probes, chat lookups, and health checks keep the shorter 10s default. Fixes #67486. (#69193) Thanks @omarshahine.
Agents/bootstrap: budget truncation markers against per-file caps, preserve source content instead of silently wasting bootstrap bytes, and avoid marker-only output in tiny-budget truncation cases. (#69114) Thanks @BKF-Gitty.
Context engine/plugins: stop rejecting third-party context engines whose info.id differs from the registered plugin slot id. The strict-match contract added in 2026.4.14 broke lossless-claw and other plugins whose internal engine id does not equal the slot id they are registered under, producing repeated info.id must match registered id lane failures on every turn. Fixes #66601. (#66678) Thanks @GodsBoy.
Agents/compaction: rename embedded Pi compaction lifecycle events to compactionstart / compactionend so OpenClaw stays aligned with pi-coding-agent 0.66.1 event naming. (#67713) Thanks @mpz4life.
Security/dotenv: block all OPENCLAW_* keys from untrusted workspace .env files so workspace-local env loading fails closed for new runtime-control variables instead of silently inheriting them. (#473)
Gateway/device pairing: restrict non-admin paired-device sessions (device-token auth) to their own pairing list, approve, and reject actions so a paired device cannot enumerate other devices or approve/reject pairing requests authored by another device. Admin and shared-secret operator sessions retain full visibility. (#69375) Thanks @eleqtrizit.
Agents/gateway tool: extend the agent-facing gateway tool's config mutation guard so model-driven config.patch and config.apply cannot rewrite operator-trusted paths (sandbox, plugin trust, gateway auth/TLS, hook routing and tokens, SSRF policy, MCP servers, workspace filesystem hardening) and cannot bypass the guard by editing per-agent sandbox, tools, or embedded-Pi overrides in place under agents.list[]. (#69377) Thanks @eleqtrizit.
Gateway/websocket broadcasts: require operator.read (or higher) for chat, agent, and tool-result event frames so pairing-scoped and node-role sessions no longer passively receive session chat content, and scope-gate unknown broadcast events by default. Plugin-defined plugin.* broadcasts are scoped to operator.write/admin, and status/transport events (heartbeat, presence, tick, etc.) remain unrestricted. Per-client sequence numbers preserve per-connection monotonicity. (#69373) Thanks @eleqtrizit.
Agents/compaction: always reload embedded Pi resources through an explicit loader and reapply reserve-token overrides so runs without extension factories no longer silently lose compaction settings before session start. (#67146) Thanks @ly85206559.
Memory-core/dreaming: normalize sweep timestamps and reuse hashed narrative session keys for fallback cleanup so Dreaming narrative sub-sessions stop leaking. (#67023) Thanks @chiyouYCH.
Gateway/startup: delay HTTP bind until websocket handlers are attached, so immediate post-startup websocket health/connect probes no longer hit the startup race window. (#43392) Thanks @dalefrieswthat.
Codex/app-server: release the session lane when a downstream consumer throws while draining the turn/completed notification, so follow-up messages after a Codex plugin reply stop queueing behind a stale lane lock. Fixes #67996. (#69072) Thanks @ayeshakhalid192007-dev.
Codex/app-server: default approval handling to on-request so Codex harness sessions do not start with overly permissive tool approvals. (#68721) Thanks @Lucenx9.
Cron/delivery: keep isolated cron chat delivery tools available, resolve channel: "last" targets from the gateway, show delivery previews in cron list/show, and avoid duplicate fallback sends after direct message-tool delivery. (#69587) Thanks @obviyus.
Cron/Telegram: key isolated direct-delivery dedupe to each cron execution instead of the reused session id, so recurring Telegram announce runs no longer report delivered while silently skipping later sends. (#69000) Thanks @obviyus.
Models/Kimi: default bundled Kimi thinking to off and normalize Anthropic-compatible thinking payloads so stale session /think state no longer silently re-enables reasoning on Kimi runs. (#68907) Thanks @frankekn.
Control UI/cron: keep the runtime-only last delivery sentinel from being materialized into persisted cron delivery and failure-alert channel configs when jobs are created or edited. (#68829) Thanks @tianhaocui.
OpenAI/Responses: strip orphaned reasoning blocks before outbound Responses API calls so compacted or restored histories no longer fail on standalone reasoning items. (#55787) Thanks @suboss87.
Cron/CLI: parse PowerShell-style --tools allow-lists the same way as comma-separated input, so cron add and cron edit no longer persist exec read write as one combined tool entry on Windows. (#68858) Thanks @chen-zhang-cs-code.
Browser/user-profile: let existing-session profile="user" tool calls auto-route to a connected browser node or use explicit target="node", while still honoring explicit target="host" pinning. (#48677)
Discord/slash commands: tolerate partial Discord channel metadata in slash-command and model-picker flows so partial channel objects no longer crash when channel names, topics, or thread parent metadata are unavailable. (#68953) Thanks @dutifulbob.
BlueBubbles: consolidate outbound HTTP through a typed BlueBubblesClient that resolves the SSRF policy once at construction so image attachments stop getting blocked on localhost and reactions stop getting blocked on private-IP BB deployments. Fixes #34749 and #59722. (#68234) Thanks @omarshahine.
Cron/gateway: reject ambiguous announce delivery config at add/update time so invalid multi-channel or target-id provider settings fail early instead of persisting broken cron jobs. (#69015) Thanks @obviyus.
Cron/main-session delivery: preserve heartbeat.target="last" through deferred wake queuing, gateway wake forwarding, and same-target wake coalescing so queued cron replies still return to the last active chat. (#69021) Thanks @obviyus.
Cron/gateway: ignore disabled channels when announce delivery ambiguity is checked, and validate main-session delivery patches against the live cron service default agent so hot-reloaded agent config does not falsely reject valid updates. (#69040) Thanks @obviyus.
Matrix/allowlists: hot-reload dm.allowFrom and groupAllowFrom entries on inbound messages while keeping config removals authoritative, so Matrix allowlist changes no longer require a channel restart to add or revoke a sender. (#68546) Thanks @johnlanni.
BlueBubbles: always set method explicitly on outbound text sends ("private-api" when available, "apple-script" otherwise), and prefer Private API on macOS 26 even for plain text. Fixes silent delivery failure on macOS setups without Private API where an omitted method let BB Server fall back to version-dependent default behavior that silently drops the message (#64480), and the AppleScript -1700 error on macOS 26 Tahoe plain text sends (#53159). (#69070) Thanks @xqing3.
Matrix/commands: recognize slash commands that are prefixed with the bot's Matrix mention, so room messages like @bot:server /new trigger the command path without requiring custom mention regexes. (#68570) Thanks @nightq and @johnlanni.
Gateway/pairing: return reason-specific PAIRING_REQUIRED details, remediation hints, and request ids so unapproved-device and scope-upgrade failures surface actionable recovery guidance in the CLI and Control UI. (#69227) Thanks @obviyus.
Agents/subagents: include requested role and runtime timing on subagent failure payloads so parent agents can correlate failed or timed-out child work. (#68726) Thanks @BKF-Gitty.
Gateway/sessions: reject stale agent-scoped sessions after an agent is removed from config while preserving legacy default-agent main-session aliases. (#65986) Thanks @bittoby.
Doctor/gateway: surface pending device pairing requests, scope-upgrade approval drift, and stale device-token mismatch repair steps so openclaw doctor --fix no longer leaves pairing/auth setup failures unexplained. (#69210) Thanks @obviyus.
Cron/isolated-agent: preserve explicit delivery.mode: "none" message targets for isolated runs without inheriting implicit last routing, so agent-initiated Telegram sends keep their authored destination while bare mode:none jobs stay targetless. (#69153) Thanks @obviyus.
Cron/isolated-agent: keep delivery.mode: "none" account-only or thread-only configs from inheriting a stale implicit recipient, so isolated runs only resolve message routing when the job authored an explicit to target. (#69163) Thanks @obviyus.
Gateway/TUI: retry session history while the local gateway is still finishing startup, so openclaw tui reconnects no longer fail on transient chat.history unavailable during gateway startup errors. (#69164) Thanks @shakkernerd.
BlueBubbles/reactions: fall back to love when an agent reacts with an emoji outside the iMessage tapback set (love/like/dislike/laugh/emphasize/question), so wider-vocabulary model reactions like 👀 still produce a visible tapback instead of failing the whole reaction request. Configured ack reactions still validate strictly via the new normalizeBlueBubblesReactionInputStrict path. (#64693) Thanks @zqchris.
BlueBubbles: prefer iMessage over SMS when both chats exist for the same handle, honor explicit sms: targets, and never silently downgrade iMessage-available recipients. (#61781) Thanks @rmartin.
Telegram/setup: require numeric allowFrom user IDs during setup instead of offering unsupported @username DM resolution, and point operators to from.id/getUpdates for discovery. (#69191) Thanks @obviyus.
GitHub Copilot/onboarding: default GitHub Copilot setup to claude-opus-4.6 and keep the bundled default model list aligned, so new Copilot setups no longer start on the older gpt-4o default. (#69207) Thanks @obviyus.
Gateway/status: separate reachability, capability, and read-probe reporting so connect-only or scope-limited sessions no longer look fully healthy, and normalize SSH targets entered as ssh user@host. (#69215) Thanks @obviyus.
Slack: fix outbound replies failing with "unresolved SecretRef" for accounts configured via file or exec secret sources; the send path now tolerates the runtime snapshot retaining an unresolved channel SecretRef when a boot-resolved token override is already available. (#68954) Thanks @openperf.
Control UI/device pairing: explain scope and role approval upgrades during reconnects, and show requested versus approved access in the Control UI and openclaw devices so broader reconnects no longer look like lost pairings. (#69221) Thanks @obviyus.
Gateway/Control UI: surface pending scope, role, and device-metadata pairing approvals in auth errors and Control UI hints so broader reconnects no longer look like random auth breakage. (#69226) Thanks @obviyus.

v2026.4.20-beta.2 pre BREAKING [Apr 21, 2026] (8d ago) details → github →

# openclaw 2026.4.20-beta.2

2026.4.20

Changes

Onboard/wizard: restyle the setup security disclaimer with a single yellow warning banner, section headings and bulleted checklists, and un-dim the note body so key guidance is easy to scan; add a loading spinner during the initial model catalog load so the wizard no longer goes blank while it runs; add an "API key" placeholder to provider API key prompts. (#69553) Thanks @Patrick-Erichsen.
Agents/prompts: strengthen the default system prompt and OpenAI GPT-5 overlay with clearer completion bias, live-state checks, weak-result recovery, and verification-before-final guidance.
Models/costs: support tiered model pricing from cached catalogs and configured models, and include bundled Moonshot Kimi K2.6/K2.5 cost estimates for token-usage reports. (#67605) Thanks @sliverp.
Sessions/Maintenance: enforce the built-in entry cap and age prune by default, and prune oversized stores at load time so accumulated cron/executor session backlogs cannot OOM the gateway before the write path runs. (#69404) Thanks @bobrenze-bot.
Plugins/tests: reuse plugin loader alias and Jiti config resolution across repeated same-context loads, reducing import-heavy test overhead. (#69316) Thanks @amknight.
Cron: split runtime execution state into jobs-state.json so jobs.json stays stable for git-tracked job definitions. (#63105) Thanks @Feelw00.
Agents/compaction: send opt-in start and completion notices during context compaction. (#67830) Thanks @feniix.
Moonshot/Kimi: default bundled Moonshot setup, web search, and media-understanding surfaces to kimi-k2.6 while keeping kimi-k2.5 available for compatibility. (#69477) Thanks @scoootscooob.
Moonshot/Kimi: allow thinking.keep = "all" on moonshot/kimi-k2.6, and strip it for other Moonshot models or requests where pinned tool_choice disables thinking. (#68816) Thanks @aniaan.
BlueBubbles/groups: forward per-group systemPrompt config into inbound context GroupSystemPrompt so configured group-specific behavioral instructions (for example threaded-reply and tapback conventions) are injected on every turn. Supports "*" wildcard fallback matching the existing requireMention pattern. Closes #60665. (#69198) Thanks @omarshahine.
Plugins/tasks: add a detached runtime registration contract so plugin executors can own detached task lifecycle and cancellation without reaching into core task internals. (#68915) Thanks @mbelinky.
Terminal/logging: optimize sanitizeForLog() by replacing the iterative control-character stripping loop with a single regex pass while preserving the existing ANSI-first sanitization behavior. (#67205) Thanks @bulutmuf.
QA/CI: make openclaw qa suite and openclaw qa telegram fail by default when scenarios fail, add --allow-failures for artifact-only runs, and tighten live-lane defaults for CI automation. (#69122) Thanks @joshavant.
Mattermost: stream thinking, tool activity, and partial reply text into a single draft preview post that finalizes in place when safe. (#47838) thanks @ninjaa.

Fixes

Exec/YOLO: stop rejecting gateway-host exec in security=full plus ask=off mode via the Python/Node script preflight hardening path, so promptless YOLO exec once again runs direct interpreter stdin and heredoc forms such as node <<'NODE' ... NODE.
OpenAI Codex: normalize legacy openai-completions transport overrides on default OpenAI/Codex and GitHub Copilot-compatible hosts back to the native Codex Responses transport while leaving custom proxies untouched. (#45304, #42194) Thanks @dyss1992 and @DeadlySilent.
Anthropic/plugins: scope Anthropic api: "anthropic-messages" defaulting to Anthropic-owned providers, so openai-codex and other providers without an explicit api no longer get rewritten to the wrong transport. Fixes #64534.
fix(qqbot): add SSRF guard to direct-upload URL paths in uploadC2CMedia and uploadGroupMedia [AI-assisted]. (#69595) Thanks @pgondhi987.
fix(gateway): enforce allowRequestSessionKey gate on template-rendered mapping sessionKeys. (#69381) Thanks @pgondhi987.
Browser/Chrome MCP: surface DevToolsActivePort attach failures as browser-connectivity errors instead of a generic "waiting for tabs" timeout, and point signed-out fallbacks toward the managed openclaw profile.
Webchat/images: treat inline image attachments as media for empty-turn gating while still ignoring metadata-only blank turns. (#69474) Thanks @Jaswir.
Discord/think: only show adaptive in /think autocomplete for provider/model pairs that actually support provider-managed adaptive thinking, so GPT/OpenAI models no longer advertise an Anthropic-only option.
Thinking: only expose max for models that explicitly support provider max reasoning, and remap stored max settings to the largest supported thinking mode when users switch to another model.
Gateway/usage: bound the cost usage cache with FIFO eviction so date/range lookups cannot grow unbounded. (#68842) Thanks @Feelw00.
OpenAI/Responses: resolve /think levels against each GPT model's supported reasoning efforts so /think off no longer becomes high reasoning or sends unsupported reasoning.effort: "none" payloads.
Lobster/TaskFlow: allow managed approval resumes to use approvalId without a resume token, and persist that id in approval wait state. (#69559) Thanks @kirkluokun.
Plugins/startup: install bundled runtime dependencies into each plugin's own runtime directory, reuse source-checkout repair caches after rebuilds, and log only packages that were actually installed so repeated Gateway starts stay quiet once deps are present.
Plugins/startup: ignore pnpm's npm_execpath when repairing bundled plugin runtime dependencies and skip workspace-only package specs so npm-only install flags or local workspace links do not break packaged plugin startup.
MCP: block interpreter-startup env keys such as NODE_OPTIONS for stdio servers while preserving ordinary credential and proxy env vars. (#69540) Thanks @drobison00.
Agents/shell: ignore non-interactive placeholder shells like /usr/bin/false and /sbin/nologin, falling back to sh so service-user exec runs no longer exit immediately. (#69308) Thanks @sk7n4k3d.
Setup/TUI: relaunch the setup hatch TUI in a fresh process while preserving the configured gateway target and auth source, so onboarding recovers terminal state cleanly without exposing gateway secrets on command-line args. (#69524) Thanks @shakkernerd.
Codex: avoid re-exposing the image-generation tool on native vision turns with inbound images, and keep bare image-model overrides on the configured image provider. (#65061) Thanks @zhulijin1991.
Sessions/reset: clear auto-sourced model, provider, and auth-profile overrides on /new and /reset while preserving explicit user selections, so channel sessions stop staying pinned to runtime fallback choices. (#69419) Thanks @sk7n4k3d.
Sessions/costs: snapshot estimatedCostUsd like token counters so repeated persist paths no longer compound the same run cost by up to dozens of times. (#69403) Thanks @MrMiaigi.
OpenAI Codex: route ChatGPT/Codex OAuth Responses requests through the /backend-api/codex endpoint so openai-codex/gpt-5.4 no longer hits the removed /backend-api/responses alias. (#69336) Thanks @mzogithub.
OpenAI/Responses: omit disabled reasoning payloads when /think off is active, so GPT reasoning models no longer receive unsupported reasoning.effort: "none" requests. (#61982) Thanks @a-tokyo.
Gateway/pairing: treat loopback shared-secret node-host, TUI, and gateway clients as local for pairing decisions, so trusted local tools no longer reconnect as remote clients and fail with pairing required. (#69431) Thanks @SARAMALI15792.
Active Memory: degrade gracefully when memory recall fails during prompt building, logging a warning and letting the reply continue without memory context instead of failing the whole turn. (#69485) Thanks @Magicray1217.
Ollama: add provider-policy defaults for baseUrl and models so implicit local discovery can run before config validation rejects a minimal Ollama provider config. (#69370) Thanks @PratikRai0101.
Agents/model selection: clear transient auto-failover session overrides before each turn so recovered primary models are retried immediately without emitting user-override reset warnings. (#69365) Thanks @hitesh-github99.
Auto-reply: apply silent NO_REPLY policy per conversation type, so direct chats get a helpful rewritten reply while groups and internal deliveries can remain quiet. (#68644) Thanks @Takhoffman.
Telegram/status reactions: honor messages.removeAckAfterReply when lifecycle status reactions are enabled, clearing or restoring the reaction after success/error using the configured hold timings. (#68067) Thanks @poiskgit.
Web search/plugins: resolve plugin-scoped SecretRef API keys for bundled Exa, Firecrawl, Gemini, Kimi, Perplexity, Tavily, and Grok web-search providers when they are selected through the shared web-search config. (#68424) Thanks @afurm.
Telegram/polling: raise the default polling watchdog threshold from 90s to 120s and add configurable channels.telegram.pollingStallThresholdMs (also per-account) so long-running Telegram work gets more room before polling is treated as stalled. (#57737) Thanks @Vitalcheffe.
Telegram/polling: bound the persisted-offset confirmation getUpdates probe with a client-side timeout so a zombie socket cannot hang polling recovery before the runner watchdog starts. (#50368) Thanks @boticlaw.
Agents/Pi runner: retry silent stopReason=error turns with no output when no side effects ran, so non-frontier providers that briefly return empty error turns get another chance instead of ending the session early. (#68310) Thanks @Chased1k.
Plugins/memory: preserve the active memory capability when read-only snapshot plugin loads run, so status and provider discovery paths no longer wipe memory public artifacts. (#69219) Thanks @zeroaltitude.
Plugins: keep only the highest-precedence manifest when distinct discovered plugins share an id, so lower-precedence global or workspace duplicates no longer load beside bundled or config-selected plugins. (#41626) Thanks @Tortes.
fix(security): block MINIMAXAPIHOST workspace env injection and remove env-driven URL routing [AI-assisted]. (#67300) Thanks @pgondhi987.
Cron/delivery: treat explicit delivery.mode: "none" runs as not requested even if the runner reports delivered: false, so no-delivery cron jobs no longer persist false delivery failures or errors. (#69285) Thanks @matsuri1987.
Plugins/install: repair active and default-enabled bundled plugin runtime dependencies before import in packaged installs, so bundled Discord, WhatsApp, Slack, Telegram, and provider plugins work without putting their dependency trees in core.
BlueBubbles: raise the outbound /api/v1/message/text send timeout default from 10s to 30s, and add a configurable channels.bluebubbles.sendTimeoutMs (also per-account) so macOS 26 setups where Private API iMessage sends stall for 60+ seconds no longer silently lose messages at the 10s abort. Probes, chat lookups, and health checks keep the shorter 10s default. Fixes #67486. (#69193) Thanks @omarshahine.
Agents/bootstrap: budget truncation markers against per-file caps, preserve source content instead of silently wasting bootstrap bytes, and avoid marker-only output in tiny-budget truncation cases. (#69114) Thanks @BKF-Gitty.
Context engine/plugins: stop rejecting third-party context engines whose info.id differs from the registered plugin slot id. The strict-match contract added in 2026.4.14 broke lossless-claw and other plugins whose internal engine id does not equal the slot id they are registered under, producing repeated info.id must match registered id lane failures on every turn. Fixes #66601. (#66678) Thanks @GodsBoy.
Agents/compaction: rename embedded Pi compaction lifecycle events to compactionstart / compactionend so OpenClaw stays aligned with pi-coding-agent 0.66.1 event naming. (#67713) Thanks @mpz4life.
Security/dotenv: block all OPENCLAW_* keys from untrusted workspace .env files so workspace-local env loading fails closed for new runtime-control variables instead of silently inheriting them. (#473)
Gateway/device pairing: restrict non-admin paired-device sessions (device-token auth) to their own pairing list, approve, and reject actions so a paired device cannot enumerate other devices or approve/reject pairing requests authored by another device. Admin and shared-secret operator sessions retain full visibility. (#69375) Thanks @eleqtrizit.
Agents/gateway tool: extend the agent-facing gateway tool's config mutation guard so model-driven config.patch and config.apply cannot rewrite operator-trusted paths (sandbox, plugin trust, gateway auth/TLS, hook routing and tokens, SSRF policy, MCP servers, workspace filesystem hardening) and cannot bypass the guard by editing per-agent sandbox, tools, or embedded-Pi overrides in place under agents.list[]. (#69377) Thanks @eleqtrizit.
Gateway/websocket broadcasts: require operator.read (or higher) for chat, agent, and tool-result event frames so pairing-scoped and node-role sessions no longer passively receive session chat content, and scope-gate unknown broadcast events by default. Plugin-defined plugin.* broadcasts are scoped to operator.write/admin, and status/transport events (heartbeat, presence, tick, etc.) remain unrestricted. Per-client sequence numbers preserve per-connection monotonicity. (#69373) Thanks @eleqtrizit.
Agents/compaction: always reload embedded Pi resources through an explicit loader and reapply reserve-token overrides so runs without extension factories no longer silently lose compaction settings before session start. (#67146) Thanks @ly85206559.
Memory-core/dreaming: normalize sweep timestamps and reuse hashed narrative session keys for fallback cleanup so Dreaming narrative sub-sessions stop leaking. (#67023) Thanks @chiyouYCH.
Gateway/startup: delay HTTP bind until websocket handlers are attached, so immediate post-startup websocket health/connect probes no longer hit the startup race window. (#43392) Thanks @dalefrieswthat.
Codex/app-server: release the session lane when a downstream consumer throws while draining the turn/completed notification, so follow-up messages after a Codex plugin reply stop queueing behind a stale lane lock. Fixes #67996. (#69072) Thanks @ayeshakhalid192007-dev.
Codex/app-server: default approval handling to on-request so Codex harness sessions do not start with overly permissive tool approvals. (#68721) Thanks @Lucenx9.
Cron/delivery: keep isolated cron chat delivery tools available, resolve channel: "last" targets from the gateway, show delivery previews in cron list/show, and avoid duplicate fallback sends after direct message-tool delivery. (#69587) Thanks @obviyus.
Cron/Telegram: key isolated direct-delivery dedupe to each cron execution instead of the reused session id, so recurring Telegram announce runs no longer report delivered while silently skipping later sends. (#69000) Thanks @obviyus.
Models/Kimi: default bundled Kimi thinking to off and normalize Anthropic-compatible thinking payloads so stale session /think state no longer silently re-enables reasoning on Kimi runs. (#68907) Thanks @frankekn.
Control UI/cron: keep the runtime-only last delivery sentinel from being materialized into persisted cron delivery and failure-alert channel configs when jobs are created or edited. (#68829) Thanks @tianhaocui.
OpenAI/Responses: strip orphaned reasoning blocks before outbound Responses API calls so compacted or restored histories no longer fail on standalone reasoning items. (#55787) Thanks @suboss87.
Cron/CLI: parse PowerShell-style --tools allow-lists the same way as comma-separated input, so cron add and cron edit no longer persist exec read write as one combined tool entry on Windows. (#68858) Thanks @chen-zhang-cs-code.
Browser/user-profile: let existing-session profile="user" tool calls auto-route to a connected browser node or use explicit target="node", while still honoring explicit target="host" pinning. (#48677)
Discord/slash commands: tolerate partial Discord channel metadata in slash-command and model-picker flows so partial channel objects no longer crash when channel names, topics, or thread parent metadata are unavailable. (#68953) Thanks @dutifulbob.
BlueBubbles: consolidate outbound HTTP through a typed BlueBubblesClient that resolves the SSRF policy once at construction so image attachments stop getting blocked on localhost and reactions stop getting blocked on private-IP BB deployments. Fixes #34749 and #59722. (#68234) Thanks @omarshahine.
Cron/gateway: reject ambiguous announce delivery config at add/update time so invalid multi-channel or target-id provider settings fail early instead of persisting broken cron jobs. (#69015) Thanks @obviyus.
Cron/main-session delivery: preserve heartbeat.target="last" through deferred wake queuing, gateway wake forwarding, and same-target wake coalescing so queued cron replies still return to the last active chat. (#69021) Thanks @obviyus.
Cron/gateway: ignore disabled channels when announce delivery ambiguity is checked, and validate main-session delivery patches against the live cron service default agent so hot-reloaded agent config does not falsely reject valid updates. (#69040) Thanks @obviyus.
Matrix/allowlists: hot-reload dm.allowFrom and groupAllowFrom entries on inbound messages while keeping config removals authoritative, so Matrix allowlist changes no longer require a channel restart to add or revoke a sender. (#68546) Thanks @johnlanni.
BlueBubbles: always set method explicitly on outbound text sends ("private-api" when available, "apple-script" otherwise), and prefer Private API on macOS 26 even for plain text. Fixes silent delivery failure on macOS setups without Private API where an omitted method let BB Server fall back to version-dependent default behavior that silently drops the message (#64480), and the AppleScript -1700 error on macOS 26 Tahoe plain text sends (#53159). (#69070) Thanks @xqing3.
Matrix/commands: recognize slash commands that are prefixed with the bot's Matrix mention, so room messages like @bot:server /new trigger the command path without requiring custom mention regexes. (#68570) Thanks @nightq and @johnlanni.
Gateway/pairing: return reason-specific PAIRING_REQUIRED details, remediation hints, and request ids so unapproved-device and scope-upgrade failures surface actionable recovery guidance in the CLI and Control UI. (#69227) Thanks @obviyus.
Agents/subagents: include requested role and runtime timing on subagent failure payloads so parent agents can correlate failed or timed-out child work. (#68726) Thanks @BKF-Gitty.
Gateway/sessions: reject stale agent-scoped sessions after an agent is removed from config while preserving legacy default-agent main-session aliases. (#65986) Thanks @bittoby.
Doctor/gateway: surface pending device pairing requests, scope-upgrade approval drift, and stale device-token mismatch repair steps so openclaw doctor --fix no longer leaves pairing/auth setup failures unexplained. (#69210) Thanks @obviyus.
Cron/isolated-agent: preserve explicit delivery.mode: "none" message targets for isolated runs without inheriting implicit last routing, so agent-initiated Telegram sends keep their authored destination while bare mode:none jobs stay targetless. (#69153) Thanks @obviyus.
Cron/isolated-agent: keep delivery.mode: "none" account-only or thread-only configs from inheriting a stale implicit recipient, so isolated runs only resolve message routing when the job authored an explicit to target. (#69163) Thanks @obviyus.
Gateway/TUI: retry session history while the local gateway is still finishing startup, so openclaw tui reconnects no longer fail on transient chat.history unavailable during gateway startup errors. (#69164) Thanks @shakkernerd.
BlueBubbles/reactions: fall back to love when an agent reacts with an emoji outside the iMessage tapback set (love/like/dislike/laugh/emphasize/question), so wider-vocabulary model reactions like 👀 still produce a visible tapback instead of failing the whole reaction request. Configured ack reactions still validate strictly via the new normalizeBlueBubblesReactionInputStrict path. (#64693) Thanks @zqchris.
BlueBubbles: prefer iMessage over SMS when both chats exist for the same handle, honor explicit sms: targets, and never silently downgrade iMessage-available recipients. (#61781) Thanks @rmartin.
Telegram/setup: require numeric allowFrom user IDs during setup instead of offering unsupported @username DM resolution, and point operators to from.id/getUpdates for discovery. (#69191) Thanks @obviyus.
GitHub Copilot/onboarding: default GitHub Copilot setup to claude-opus-4.6 and keep the bundled default model list aligned, so new Copilot setups no longer start on the older gpt-4o default. (#69207) Thanks @obviyus.
Gateway/status: separate reachability, capability, and read-probe reporting so connect-only or scope-limited sessions no longer look fully healthy, and normalize SSH targets entered as ssh user@host. (#69215) Thanks @obviyus.
Slack: fix outbound replies failing with "unresolved SecretRef" for accounts configured via file or exec secret sources; the send path now tolerates the runtime snapshot retaining an unresolved channel SecretRef when a boot-resolved token override is already available. (#68954) Thanks @openperf.
Control UI/device pairing: explain scope and role approval upgrades during reconnects, and show requested versus approved access in the Control UI and openclaw devices so broader reconnects no longer look like lost pairings. (#69221) Thanks @obviyus.
Gateway/Control UI: surface pending scope, role, and device-metadata pairing approvals in auth errors and Control UI hints so broader reconnects no longer look like random auth breakage. (#69226) Thanks @obviyus.

v2026.4.20-beta.1 pre BREAKING [Apr 21, 2026] (9d ago) details → github →

# openclaw 2026.4.20-beta.1

Changes

Onboard/wizard: restyle the setup security disclaimer with a single yellow warning banner, section headings and bulleted checklists, and un-dim the note body so key guidance is easy to scan; add a loading spinner during the initial model catalog load so the wizard no longer goes blank while it runs; add an "API key" placeholder to provider API key prompts. (#69553) Thanks @Patrick-Erichsen.
Agents/prompts: strengthen the default system prompt and OpenAI GPT-5 overlay with clearer completion bias, live-state checks, weak-result recovery, and verification-before-final guidance.
Models/costs: support tiered model pricing from cached catalogs and configured models, and include bundled Moonshot Kimi K2.6/K2.5 cost estimates for token-usage reports. (#67605) Thanks @sliverp.
Sessions/Maintenance: enforce the built-in entry cap and age prune by default, and prune oversized stores at load time so accumulated cron/executor session backlogs cannot OOM the gateway before the write path runs. (#69404) Thanks @bobrenze-bot.
Plugins/tests: reuse plugin loader alias and Jiti config resolution across repeated same-context loads, reducing import-heavy test overhead. (#69316) Thanks @amknight.
Cron: split runtime execution state into jobs-state.json so jobs.json stays stable for git-tracked job definitions. (#63105) Thanks @Feelw00.
Agents/compaction: send opt-in start and completion notices during context compaction. (#67830) Thanks @feniix.
Moonshot/Kimi: default bundled Moonshot setup, web search, and media-understanding surfaces to kimi-k2.6 while keeping kimi-k2.5 available for compatibility. (#69477) Thanks @scoootscooob.
Moonshot/Kimi: allow thinking.keep = "all" on moonshot/kimi-k2.6, and strip it for other Moonshot models or requests where pinned tool_choice disables thinking. (#68816) Thanks @aniaan.
BlueBubbles/groups: forward per-group systemPrompt config into inbound context GroupSystemPrompt so configured group-specific behavioral instructions (for example threaded-reply and tapback conventions) are injected on every turn. Supports "*" wildcard fallback matching the existing requireMention pattern. Closes #60665. (#69198) Thanks @omarshahine.
Plugins/tasks: add a detached runtime registration contract so plugin executors can own detached task lifecycle and cancellation without reaching into core task internals. (#68915) Thanks @mbelinky.
Terminal/logging: optimize sanitizeForLog() by replacing the iterative control-character stripping loop with a single regex pass while preserving the existing ANSI-first sanitization behavior. (#67205) Thanks @bulutmuf.
QA/CI: make openclaw qa suite and openclaw qa telegram fail by default when scenarios fail, add --allow-failures for artifact-only runs, and tighten live-lane defaults for CI automation. (#69122) Thanks @joshavant.
Mattermost: stream thinking, tool activity, and partial reply text into a single draft preview post that finalizes in place when safe. (#47838) thanks @ninjaa.

Fixes

Exec/YOLO: stop rejecting gateway-host exec in security=full plus ask=off mode via the Python/Node script preflight hardening path, so promptless YOLO exec once again runs direct interpreter stdin and heredoc forms such as node <<'NODE' ... NODE.
OpenAI Codex: normalize legacy openai-completions transport overrides on default OpenAI/Codex and GitHub Copilot-compatible hosts back to the native Codex Responses transport while leaving custom proxies untouched. (#45304, #42194) Thanks @dyss1992 and @DeadlySilent.
Anthropic/plugins: scope Anthropic api: "anthropic-messages" defaulting to Anthropic-owned providers, so openai-codex and other providers without an explicit api no longer get rewritten to the wrong transport. Fixes #64534.
fix(qqbot): add SSRF guard to direct-upload URL paths in uploadC2CMedia and uploadGroupMedia [AI-assisted]. (#69595) Thanks @pgondhi987.
fix(gateway): enforce allowRequestSessionKey gate on template-rendered mapping sessionKeys. (#69381) Thanks @pgondhi987.
Browser/Chrome MCP: surface DevToolsActivePort attach failures as browser-connectivity errors instead of a generic "waiting for tabs" timeout, and point signed-out fallbacks toward the managed openclaw profile.
Webchat/images: treat inline image attachments as media for empty-turn gating while still ignoring metadata-only blank turns. (#69474) Thanks @Jaswir.
Discord/think: only show adaptive in /think autocomplete for provider/model pairs that actually support provider-managed adaptive thinking, so GPT/OpenAI models no longer advertise an Anthropic-only option.
Thinking: only expose max for models that explicitly support provider max reasoning, and remap stored max settings to the largest supported thinking mode when users switch to another model.
Gateway/usage: bound the cost usage cache with FIFO eviction so date/range lookups cannot grow unbounded. (#68842) Thanks @Feelw00.
OpenAI/Responses: resolve /think levels against each GPT model's supported reasoning efforts so /think off no longer becomes high reasoning or sends unsupported reasoning.effort: "none" payloads.
Lobster/TaskFlow: allow managed approval resumes to use approvalId without a resume token, and persist that id in approval wait state. (#69559) Thanks @kirkluokun.
Plugins/startup: install bundled runtime dependencies into each plugin's own runtime directory, reuse source-checkout repair caches after rebuilds, and log only packages that were actually installed so repeated Gateway starts stay quiet once deps are present.
Plugins/startup: ignore pnpm's npm_execpath when repairing bundled plugin runtime dependencies and skip workspace-only package specs so npm-only install flags or local workspace links do not break packaged plugin startup.
MCP: block interpreter-startup env keys such as NODE_OPTIONS for stdio servers while preserving ordinary credential and proxy env vars. (#69540) Thanks @drobison00.
Agents/shell: ignore non-interactive placeholder shells like /usr/bin/false and /sbin/nologin, falling back to sh so service-user exec runs no longer exit immediately. (#69308) Thanks @sk7n4k3d.
Setup/TUI: relaunch the setup hatch TUI in a fresh process while preserving the configured gateway target and auth source, so onboarding recovers terminal state cleanly without exposing gateway secrets on command-line args. (#69524) Thanks @shakkernerd.
Codex: avoid re-exposing the image-generation tool on native vision turns with inbound images, and keep bare image-model overrides on the configured image provider. (#65061) Thanks @zhulijin1991.
Sessions/reset: clear auto-sourced model, provider, and auth-profile overrides on /new and /reset while preserving explicit user selections, so channel sessions stop staying pinned to runtime fallback choices. (#69419) Thanks @sk7n4k3d.
Sessions/costs: snapshot estimatedCostUsd like token counters so repeated persist paths no longer compound the same run cost by up to dozens of times. (#69403) Thanks @MrMiaigi.
OpenAI Codex: route ChatGPT/Codex OAuth Responses requests through the /backend-api/codex endpoint so openai-codex/gpt-5.4 no longer hits the removed /backend-api/responses alias. (#69336) Thanks @mzogithub.
OpenAI/Responses: omit disabled reasoning payloads when /think off is active, so GPT reasoning models no longer receive unsupported reasoning.effort: "none" requests. (#61982) Thanks @a-tokyo.
Gateway/pairing: treat loopback shared-secret node-host, TUI, and gateway clients as local for pairing decisions, so trusted local tools no longer reconnect as remote clients and fail with pairing required. (#69431) Thanks @SARAMALI15792.
Active Memory: degrade gracefully when memory recall fails during prompt building, logging a warning and letting the reply continue without memory context instead of failing the whole turn. (#69485) Thanks @Magicray1217.
Ollama: add provider-policy defaults for baseUrl and models so implicit local discovery can run before config validation rejects a minimal Ollama provider config. (#69370) Thanks @PratikRai0101.
Agents/model selection: clear transient auto-failover session overrides before each turn so recovered primary models are retried immediately without emitting user-override reset warnings. (#69365) Thanks @hitesh-github99.
Auto-reply: apply silent NO_REPLY policy per conversation type, so direct chats get a helpful rewritten reply while groups and internal deliveries can remain quiet. (#68644) Thanks @Takhoffman.
Telegram/status reactions: honor messages.removeAckAfterReply when lifecycle status reactions are enabled, clearing or restoring the reaction after success/error using the configured hold timings. (#68067) Thanks @poiskgit.
Web search/plugins: resolve plugin-scoped SecretRef API keys for bundled Exa, Firecrawl, Gemini, Kimi, Perplexity, Tavily, and Grok web-search providers when they are selected through the shared web-search config. (#68424) Thanks @afurm.
Telegram/polling: raise the default polling watchdog threshold from 90s to 120s and add configurable channels.telegram.pollingStallThresholdMs (also per-account) so long-running Telegram work gets more room before polling is treated as stalled. (#57737) Thanks @Vitalcheffe.
Telegram/polling: bound the persisted-offset confirmation getUpdates probe with a client-side timeout so a zombie socket cannot hang polling recovery before the runner watchdog starts. (#50368) Thanks @boticlaw.
Agents/Pi runner: retry silent stopReason=error turns with no output when no side effects ran, so non-frontier providers that briefly return empty error turns get another chance instead of ending the session early. (#68310) Thanks @Chased1k.
Plugins/memory: preserve the active memory capability when read-only snapshot plugin loads run, so status and provider discovery paths no longer wipe memory public artifacts. (#69219) Thanks @zeroaltitude.
Plugins: keep only the highest-precedence manifest when distinct discovered plugins share an id, so lower-precedence global or workspace duplicates no longer load beside bundled or config-selected plugins. (#41626) Thanks @Tortes.
fix(security): block MINIMAXAPIHOST workspace env injection and remove env-driven URL routing [AI-assisted]. (#67300) Thanks @pgondhi987.
Cron/delivery: treat explicit delivery.mode: "none" runs as not requested even if the runner reports delivered: false, so no-delivery cron jobs no longer persist false delivery failures or errors. (#69285) Thanks @matsuri1987.
Plugins/install: repair active and default-enabled bundled plugin runtime dependencies before import in packaged installs, so bundled Discord, WhatsApp, Slack, Telegram, and provider plugins work without putting their dependency trees in core.
BlueBubbles: raise the outbound /api/v1/message/text send timeout default from 10s to 30s, and add a configurable channels.bluebubbles.sendTimeoutMs (also per-account) so macOS 26 setups where Private API iMessage sends stall for 60+ seconds no longer silently lose messages at the 10s abort. Probes, chat lookups, and health checks keep the shorter 10s default. Fixes #67486. (#69193) Thanks @omarshahine.
Agents/bootstrap: budget truncation markers against per-file caps, preserve source content instead of silently wasting bootstrap bytes, and avoid marker-only output in tiny-budget truncation cases. (#69114) Thanks @BKF-Gitty.
Context engine/plugins: stop rejecting third-party context engines whose info.id differs from the registered plugin slot id. The strict-match contract added in 2026.4.14 broke lossless-claw and other plugins whose internal engine id does not equal the slot id they are registered under, producing repeated info.id must match registered id lane failures on every turn. Fixes #66601. (#66678) Thanks @GodsBoy.
Agents/compaction: rename embedded Pi compaction lifecycle events to compactionstart / compactionend so OpenClaw stays aligned with pi-coding-agent 0.66.1 event naming. (#67713) Thanks @mpz4life.
Security/dotenv: block all OPENCLAW_* keys from untrusted workspace .env files so workspace-local env loading fails closed for new runtime-control variables instead of silently inheriting them. (#473)
Gateway/device pairing: restrict non-admin paired-device sessions (device-token auth) to their own pairing list, approve, and reject actions so a paired device cannot enumerate other devices or approve/reject pairing requests authored by another device. Admin and shared-secret operator sessions retain full visibility. (#69375) Thanks @eleqtrizit.
Agents/gateway tool: extend the agent-facing gateway tool's config mutation guard so model-driven config.patch and config.apply cannot rewrite operator-trusted paths (sandbox, plugin trust, gateway auth/TLS, hook routing and tokens, SSRF policy, MCP servers, workspace filesystem hardening) and cannot bypass the guard by editing per-agent sandbox, tools, or embedded-Pi overrides in place under agents.list[]. (#69377) Thanks @eleqtrizit.
Gateway/websocket broadcasts: require operator.read (or higher) for chat, agent, and tool-result event frames so pairing-scoped and node-role sessions no longer passively receive session chat content, and scope-gate unknown broadcast events by default. Plugin-defined plugin.* broadcasts are scoped to operator.write/admin, and status/transport events (heartbeat, presence, tick, etc.) remain unrestricted. Per-client sequence numbers preserve per-connection monotonicity. (#69373) Thanks @eleqtrizit.
Agents/compaction: always reload embedded Pi resources through an explicit loader and reapply reserve-token overrides so runs without extension factories no longer silently lose compaction settings before session start. (#67146) Thanks @ly85206559.
Memory-core/dreaming: normalize sweep timestamps and reuse hashed narrative session keys for fallback cleanup so Dreaming narrative sub-sessions stop leaking. (#67023) Thanks @chiyouYCH.
Gateway/startup: delay HTTP bind until websocket handlers are attached, so immediate post-startup websocket health/connect probes no longer hit the startup race window. (#43392) Thanks @dalefrieswthat.
Codex/app-server: release the session lane when a downstream consumer throws while draining the turn/completed notification, so follow-up messages after a Codex plugin reply stop queueing behind a stale lane lock. Fixes #67996. (#69072) Thanks @ayeshakhalid192007-dev.
Codex/app-server: default approval handling to on-request so Codex harness sessions do not start with overly permissive tool approvals. (#68721) Thanks @Lucenx9.
Cron/delivery: keep isolated cron chat delivery tools available, resolve channel: "last" targets from the gateway, show delivery previews in cron list/show, and avoid duplicate fallback sends after direct message-tool delivery. (#69587) Thanks @obviyus.
Cron/Telegram: key isolated direct-delivery dedupe to each cron execution instead of the reused session id, so recurring Telegram announce runs no longer report delivered while silently skipping later sends. (#69000) Thanks @obviyus.
Models/Kimi: default bundled Kimi thinking to off and normalize Anthropic-compatible thinking payloads so stale session /think state no longer silently re-enables reasoning on Kimi runs. (#68907) Thanks @frankekn.
Control UI/cron: keep the runtime-only last delivery sentinel from being materialized into persisted cron delivery and failure-alert channel configs when jobs are created or edited. (#68829) Thanks @tianhaocui.
OpenAI/Responses: strip orphaned reasoning blocks before outbound Responses API calls so compacted or restored histories no longer fail on standalone reasoning items. (#55787) Thanks @suboss87.
Cron/CLI: parse PowerShell-style --tools allow-lists the same way as comma-separated input, so cron add and cron edit no longer persist exec read write as one combined tool entry on Windows. (#68858) Thanks @chen-zhang-cs-code.
Browser/user-profile: let existing-session profile="user" tool calls auto-route to a connected browser node or use explicit target="node", while still honoring explicit target="host" pinning. (#48677)
Discord/slash commands: tolerate partial Discord channel metadata in slash-command and model-picker flows so partial channel objects no longer crash when channel names, topics, or thread parent metadata are unavailable. (#68953) Thanks @dutifulbob.
BlueBubbles: consolidate outbound HTTP through a typed BlueBubblesClient that resolves the SSRF policy once at construction so image attachments stop getting blocked on localhost and reactions stop getting blocked on private-IP BB deployments. Fixes #34749 and #59722. (#68234) Thanks @omarshahine.
Cron/gateway: reject ambiguous announce delivery config at add/update time so invalid multi-channel or target-id provider settings fail early instead of persisting broken cron jobs. (#69015) Thanks @obviyus.
Cron/main-session delivery: preserve heartbeat.target="last" through deferred wake queuing, gateway wake forwarding, and same-target wake coalescing so queued cron replies still return to the last active chat. (#69021) Thanks @obviyus.
Cron/gateway: ignore disabled channels when announce delivery ambiguity is checked, and validate main-session delivery patches against the live cron service default agent so hot-reloaded agent config does not falsely reject valid updates. (#69040) Thanks @obviyus.
Matrix/allowlists: hot-reload dm.allowFrom and groupAllowFrom entries on inbound messages while keeping config removals authoritative, so Matrix allowlist changes no longer require a channel restart to add or revoke a sender. (#68546) Thanks @johnlanni.
BlueBubbles: always set method explicitly on outbound text sends ("private-api" when available, "apple-script" otherwise), and prefer Private API on macOS 26 even for plain text. Fixes silent delivery failure on macOS setups without Private API where an omitted method let BB Server fall back to version-dependent default behavior that silently drops the message (#64480), and the AppleScript -1700 error on macOS 26 Tahoe plain text sends (#53159). (#69070) Thanks @xqing3.
Matrix/commands: recognize slash commands that are prefixed with the bot's Matrix mention, so room messages like @bot:server /new trigger the command path without requiring custom mention regexes. (#68570) Thanks @nightq and @johnlanni.
Gateway/pairing: return reason-specific PAIRING_REQUIRED details, remediation hints, and request ids so unapproved-device and scope-upgrade failures surface actionable recovery guidance in the CLI and Control UI. (#69227) Thanks @obviyus.
Agents/subagents: include requested role and runtime timing on subagent failure payloads so parent agents can correlate failed or timed-out child work. (#68726) Thanks @BKF-Gitty.
Gateway/sessions: reject stale agent-scoped sessions after an agent is removed from config while preserving legacy default-agent main-session aliases. (#65986) Thanks @bittoby.
Doctor/gateway: surface pending device pairing requests, scope-upgrade approval drift, and stale device-token mismatch repair steps so openclaw doctor --fix no longer leaves pairing/auth setup failures unexplained. (#69210) Thanks @obviyus.
Cron/isolated-agent: preserve explicit delivery.mode: "none" message targets for isolated runs without inheriting implicit last routing, so agent-initiated Telegram sends keep their authored destination while bare mode:none jobs stay targetless. (#69153) Thanks @obviyus.
Cron/isolated-agent: keep delivery.mode: "none" account-only or thread-only configs from inheriting a stale implicit recipient, so isolated runs only resolve message routing when the job authored an explicit to target. (#69163) Thanks @obviyus.
Gateway/TUI: retry session history while the local gateway is still finishing startup, so openclaw tui reconnects no longer fail on transient chat.history unavailable during gateway startup errors. (#69164) Thanks @shakkernerd.
BlueBubbles/reactions: fall back to love when an agent reacts with an emoji outside the iMessage tapback set (love/like/dislike/laugh/emphasize/question), so wider-vocabulary model reactions like 👀 still produce a visible tapback instead of failing the whole reaction request. Configured ack reactions still validate strictly via the new normalizeBlueBubblesReactionInputStrict path. (#64693) Thanks @zqchris.
BlueBubbles: prefer iMessage over SMS when both chats exist for the same handle, honor explicit sms: targets, and never silently downgrade iMessage-available recipients. (#61781) Thanks @rmartin.
Telegram/setup: require numeric allowFrom user IDs during setup instead of offering unsupported @username DM resolution, and point operators to from.id/getUpdates for discovery. (#69191) Thanks @obviyus.
GitHub Copilot/onboarding: default GitHub Copilot setup to claude-opus-4.6 and keep the bundled default model list aligned, so new Copilot setups no longer start on the older gpt-4o default. (#69207) Thanks @obviyus.
Gateway/status: separate reachability, capability, and read-probe reporting so connect-only or scope-limited sessions no longer look fully healthy, and normalize SSH targets entered as ssh user@host. (#69215) Thanks @obviyus.
Slack: fix outbound replies failing with "unresolved SecretRef" for accounts configured via file or exec secret sources; the send path now tolerates the runtime snapshot retaining an unresolved channel SecretRef when a boot-resolved token override is already available. (#68954) Thanks @openperf.
Control UI/device pairing: explain scope and role approval upgrades during reconnects, and show requested versus approved access in the Control UI and openclaw devices so broader reconnects no longer look like lost pairings. (#69221) Thanks @obviyus.
Gateway/Control UI: surface pending scope, role, and device-metadata pairing approvals in auth errors and Control UI hints so broader reconnects no longer look like random auth breakage. (#69226) Thanks @obviyus.

v2026.4.19-beta.2 pre [Apr 19, 2026] (11d ago) details → github →

# openclaw 2026.4.19-beta.2

2026.4.19-beta.2

Fixes

Agents/openai-completions: always send streamoptions.includeusage on streaming requests, so local and custom OpenAI-compatible backends report real context usage instead of showing 0%. (#68746) Thanks @kagura-agent.
Agents/nested lanes: scope nested agent work per target session so a long-running nested run on one session no longer head-of-line blocks unrelated sessions across the gateway. (#67785) Thanks @stainlu.
Agents/status: preserve carried-forward session token totals for providers that omit usage metadata, so /status and openclaw sessions keep showing the last known context usage instead of dropping back to unknown/0%. (#67695) Thanks @stainlu.
Install/update: keep legacy update verification compatible with the QA Lab runtime shim, so updating older global installs to beta no longer fails after npm installs the package successfully.

v2026.4.19-beta.1 pre [Apr 19, 2026] (11d ago) details → github →

# openclaw 2026.4.19-beta.1

Fixes

Agents/channels: route cross-agent subagent spawns through the target agent's bound channel account while preserving peer and workspace/role-scoped bindings, so child sessions no longer inherit the caller's account in shared rooms, workspaces, or multi-account setups. (#67508) Thanks @lukeboyett and @gumadeiras.
Telegram/callbacks: treat permanent callback edit errors as completed updates so stale command pagination buttons no longer wedge the update watermark and block newer Telegram updates. (#68588) Thanks @Lucenx9.
Browser/CDP: allow the selected remote CDP profile host for CDP health and control checks without widening browser navigation SSRF policy, so WSL-to-Windows Chrome endpoints no longer appear offline under strict defaults. Fixes #68108. (#68207) Thanks @Mlightsnow.
Codex: stop cumulative app-server token totals from being treated as fresh context usage, so session status no longer reports inflated context percentages after long Codex threads. (#64669) Thanks @cyrusaf.
Browser/CDP: add phase-specific CDP readiness diagnostics and normalize loopback WebSocket host aliases, so Windows browser startup failures surface whether HTTP discovery, WebSocket discovery, SSRF validation, or the Browser.getVersion health check failed.

v2026.4.15 BREAKING [Apr 16, 2026] (13d ago) details → github →

# openclaw 2026.4.15

Changes

Anthropic/models: default Anthropic selections, opus aliases, Claude CLI defaults, and bundled image understanding to Claude Opus 4.7.
Google/TTS: add Gemini text-to-speech support to the bundled google plugin, including provider registration, voice selection, WAV reply output, PCM telephony output, and setup/docs guidance. (#67515) Thanks @barronlroth.
Control UI/Overview: add a Model Auth status card showing OAuth token health and provider rate-limit pressure at a glance, with attention callouts when OAuth tokens are expiring or expired. Backed by a new models.authStatus gateway method that strips credentials and caches for 60s. (#66211) Thanks @omarshahine.
Memory/LanceDB: add cloud storage support to memory-lancedb so durable memory indexes can run on remote object storage instead of local disk only. (#63502) Thanks @rugvedS07.
GitHub Copilot/memory search: add a GitHub Copilot embedding provider for memory search, and expose a dedicated Copilot embedding host helper so plugins can reuse the transport while honoring remote overrides, token refresh, and safer payload validation. (#61718) Thanks @feiskyer and @vincentkoc.
Agents/local models: add experimental agents.defaults.experimental.localModelLean: true to drop heavyweight default tools like browser, cron, and message, reducing prompt size for weaker local-model setups without changing the normal path. (#66495) Thanks @ImLukeF.
Packaging/plugins: localize bundled plugin runtime deps to their owning extensions, trim the published docs payload, and tighten install/package-manager guardrails so published builds stay leaner and core stops carrying extension-owned runtime baggage. (#67099) Thanks @vincentkoc.
QA/Matrix: split Matrix live QA into a source-linked qa-matrix runner and keep repo-private qa-* surfaces out of packaged and published builds. (#66723) Thanks @gumadeiras.
Docs/showcase: add a scannable hero, complete section jump links, and a responsive video grid for community examples. (#48493) Thanks @jchopard69.

Fixes

Gateway/tools: anchor trusted local MEDIA: tool-result passthrough on the exact raw name of this run's registered built-in tools, and reject client tool definitions whose names normalize-collide with a built-in or with another client tool in the same request (400 invalidrequesterror on both JSON and SSE paths), so a client-supplied tool named like a built-in can no longer inherit its local-media trust. (#67303)
Agents/replay recovery: classify the provider wording 401 input item ID does not belong to this connection as replay-invalid, so users get the existing /new session reset guidance instead of a raw 401-style failure. (#66475) Thanks @dallylee.
Gateway/webchat: enforce localRoots containment on webchat audio embedding path [AI-assisted]. (#67298) Thanks @pgondhi987.
Matrix/pairing: block DM pairing-store entries from authorizing room control commands [AI-assisted]. (#67294) Thanks @pgondhi987.
Docker/build: verify @matrix-org/matrix-sdk-crypto-nodejs native bindings with find under node_modules instead of a hardcoded .pnpm/... path so pnpm v10+ virtual-store layouts no longer fail the image build. (#67143) thanks @ly85206559.
Matrix/E2EE: keep startup bootstrap conservative for passwordless token-auth bots, still attempt the guarded repair pass without requiring channels.matrix.password, and document the remaining password-UIA limitation. (#66228) Thanks @SARAMALI15792.
Cron/announce delivery: suppress mixed-content isolated cron announce replies that end with NO_REPLY so trailing silent sentinels no longer leak summary text to the target channel. (#65004) thanks @neo1027144-creator.
Plugins/bundled channels: partition bundled channel lazy caches by active bundled root so OPENCLAWBUNDLEDPLUGINS_DIR flips stop reusing stale plugin, setup, secrets, and runtime state. (#67200) Thanks @gumadeiras.
Packaging/plugins: prune common test/spec cargo from bundled plugin runtime dependencies and fail npm release validation if packaged test cargo reappears, keeping published tarballs leaner without plugin-specific special cases. (#67275) thanks @gumadeiras.
Agents/context + Memory: trim default startup/skills prompt budgets, cap memory_get excerpts by default with explicit continuation metadata, and keep QMD reads aligned with the same bounded excerpt contract so long sessions pull less context by default without losing deterministic follow-up reads.
Matrix/commands: skip DM pairing-store reads on room traffic now that room control-command authorization ignores pairing-store entries, keeping the room path narrower without changing room auth behavior. (#67325) Thanks @gumadeiras.
Memory-core/dreaming: skip dreaming narrative transcripts from session-store metadata before bootstrap records land so dream diary prompt/prose lines do not pollute session ingestion. (#67315) thanks @jalehman.
Agents/local models: clarify low-context preflight hints for self-hosted models, point config-backed caps at the relevant OpenClaw setting, and stop suggesting larger models when agents.defaults.contextTokens is the real limit. (#66236) Thanks @ImLukeF.
Dreaming/memory-core: change the default dreaming.storage.mode from inline to separate so Dreaming phase blocks (## Light Sleep, ## REM Sleep) land in memory/dreaming/{phase}/YYYY-MM-DD.md instead of being injected into memory/YYYY-MM-DD.md. Daily memory files no longer get dominated by structured candidate output, and the daily-ingestion scanner that already strips dream marker blocks no longer has to compete with hundreds of phase-block lines on every run. Operators who want the previous behavior can opt in by setting plugins.entries.memory-core.config.dreaming.storage.mode: "inline". (#66412) Thanks @mjamiv.
Control UI/Overview: fix false-positive "missing" alerts on the Model Auth status card for aliased providers, env-backed OAuth with auth.profiles, and unresolvable env SecretRefs. (#67253) Thanks @omarshahine.
Dashboard: constrain exec approval modal overflow on desktop so long command content no longer pushes action buttons out of view. (#67082) Thanks @Ziy1-Tan.
Agents/CLI transcripts: persist successful CLI-backed turns into the OpenClaw session transcript so google-gemini-cli replies appear in session history and the Control UI again. (#67490) Thanks @obviyus.
Discord/tool-call text: strip standalone Gemma-style <function>...</function> tool-call payloads from visible assistant text without truncating prose examples or trailing replies. (#67318) Thanks @joelnishanth.
WhatsApp/web-session: drain the pending per-auth creds save queue before reopening sockets so reconnect-time auth bootstrap no longer races in-flight creds.json writes and falsely restores from backup. (#67464) Thanks @neeravmakwana.
BlueBubbles/catchup: add a per-message retry ceiling (catchup.maxFailureRetries, default 10) so a persistently-failing message with a malformed payload no longer wedges the catchup cursor forever. After N consecutive processMessage failures against the same GUID, catchup logs a WARN, skips that message on subsequent sweeps, and lets the cursor advance past it. Transient failures still retry from the same point as before. Also fixes a lost-update race in the persistent dedupe file lock that silently dropped inbound GUIDs on concurrent writes, a dedupe file naming migration gap on version upgrade, and a balloon-event bypass that let catchup replay debouncer-coalesced events as standalone messages. (#67426, #66870) Thanks @omarshahine.
Ollama/chat: strip the ollama/ provider prefix from Ollama chat request model ids so configured refs like ollama/qwen3:14b-q8_0 stop 404ing against the Ollama API. (#67457) Thanks @suboss87.
Agents/tools: resolve non-workspace host tilde paths against the OS home directory and keep edit recovery aligned with that same path target, so ~/... host edit/write operations stop failing or reading back the wrong file when OPENCLAW_HOME differs. (#62804) Thanks @stainlu.
Speech/TTS: auto-enable the bundled Microsoft and ElevenLabs speech providers, and route generic TTS directive tokens through the explicit or active provider first so overrides like [[tts:speed=1.2]] stop silently landing on the wrong provider. (#62846) Thanks @stainlu.
OpenAI Codex/models: normalize stale native transport metadata in both runtime resolution and discovery/listing so legacy openai-codex rows with missing api or https://chatgpt.com/backend-api/v1 self-heal to the canonical Codex transport instead of routing requests through broken HTML/Cloudflare paths, combining the original fixes proposed in #66969 (saamuelng601-pixel) and #67159 (hclsys). (#67635)
Agents/failover: treat HTML provider error pages as upstream transport failures for CDN-style 5xx responses without misclassifying embedded body text as API rate limits, while still preserving auth remediation for HTML 401/403 pages and proxy remediation for HTML 407 pages. (#67642) Thanks @stainlu.
Gateway/skills: bump the cached skills-snapshot version whenever a config write touches skills.* (for example skills.allowBundled, skills.entries.<id>.enabled, or skills.profile). Existing agent sessions persist a skillsSnapshot in sessions.json that reuses the skill list frozen at session creation; without this invalidation, removing a bundled skill from the allowlist left the old snapshot live and the model kept calling the disabled tool, producing Tool <name> not found loops that ran until the embedded-run timeout. (#67401) Thanks @xantorres.
Agents/tool-loop: enable the unknown-tool stream guard by default. Previously resolveUnknownToolGuardThreshold returned undefined unless tools.loopDetection.enabled was explicitly set to true, which left the protection off in the default configuration. A hallucinated or removed tool (for example himalaya after it was dropped from skills.allowBundled) would then loop "Tool X not found" attempts until the full embedded-run timeout. The guard has no false-positive surface because it only triggers on tools that are objectively not registered in the run, so it now stays on regardless of tools.loopDetection.enabled and still accepts tools.loopDetection.unknownToolThreshold as a per-run override (default 10). (#67401) Thanks @xantorres.
TUI/streaming: add a client-side streaming watchdog to tui-event-handlers so the streaming · Xm Ys activity indicator resets to idle after 30s of delta silence on the active run. Guards against lost or late state: "final" chat events (WS reconnects, gateway restarts, etc.) leaving the TUI stuck on streaming indefinitely; a new system log line surfaces the reset so users know to send a new message to resync. The window is configurable via the new streamingWatchdogMs context option (set to 0 to disable), and the handler now exposes a dispose() that clears the pending timer on shutdown. (#67401) Thanks @xantorres.
Extensions/lmstudio: add exponential backoff to the inference-preload wrapper so an LM Studio model-load failure (for example the built-in memory guardrail rejecting a load because the swap is saturated) no longer produces a WARN line every ~2s for every chat request. The wrapper now records consecutive preload failures per (baseUrl, modelKey, contextLength) tuple with a 5s → 10s → 20s → … → 5min cooldown and skips the preload step entirely while a cooldown is active, letting chat requests proceed directly to the stream (the model is often already loaded via the LM Studio UI). The combined preload failed log line now reports consecutive-failure count and remaining cooldown so operators can act on the real issue instead of drowning in repeated warnings. (#67401) Thanks @xantorres.
Agents/replay: re-run tool/result pairing after strict replay tool-call ID sanitization on outbound requests so Anthropic-compatible providers like MiniMax no longer receive malformed orphan tool-result IDs such as ...toolresult1 during compaction and retry flows. (#67620) Thanks @stainlu.
Gateway/startup: fix spurious SIGUSR1 restart loop on Linux/systemd when plugin auto-enable is the only startup config write; the config hash guard was not captured for that write path, causing chokidar to treat each boot write as an external change and trigger a reload → restart cycle that corrupts manifest.db after repeated cycles. Fixes #67436. (#67557) thanks @openperf
Codex/harness: auto-enable the Codex plugin when codex is selected as an embedded agent harness runtime, including forced default, per-agent, and OPENCLAWAGENTRUNTIME paths. (#67474) Thanks @duqaXxX.
OpenAI Codex/CLI: keep resumed codex exec resume runs on the safe non-interactive path without reintroducing the removed dangerous bypass flag by passing the supported --skip-git-repo-check resume arg plus Codex's native sandbox_mode="workspace-write" config override. (#67666) Thanks @plgonzalezrx8.
Codex/app-server: parse Desktop-originated app-server user agents such as Codex Desktop/0.118.0, keeping the version gate working when the Codex CLI inherits a multi-word originator. (#64666) Thanks @cyrusaf.
Cron/announce delivery: keep isolated announce NOREPLY stripping case-insensitive across direct and text delivery, preserve structured media-only sends when a caption strips silent, and derive main-session awareness from the cleaned payloads so silent captions no longer leak stale NOREPLY text. (#65016) Thanks @BKF-Gitty.
Sessions/Codex: skip redundant delivery-mirror transcript appends only when the latest assistant message has the same visible text, preventing duplicate visible replies on Codex-backed turns without suppressing repeated answers across turns. (#67185) Thanks @andyylin.
Auto-reply/prompt-cache: keep volatile inbound chat IDs out of the stable system prompt so task-scoped adapters can reuse prompt caches across runs, while preserving conversation metadata for the user turn and media-only messages. (#65071) Thanks @MonkeyLeeT.
BlueBubbles/inbound: restore inbound image attachment downloads on Node 22+ by stripping incompatible bundled-undici dispatchers from the non-SSRF fetch path, accept updated-message webhooks carrying attachments, use event-type-aware dedup keys so attachment follow-ups are not rejected as duplicates, and retry attachment fetch from the BB API when the initial webhook arrives with an empty array. (#64105, #61861, #65430, #67510) Thanks @omarshahine.
Agents/skills: sort prompt-facing available_skills entries by skill name after merging sources so skills.load.extraDirs order no longer changes prompt-cache prefixes. (#64198) Thanks @Bartok9.
Agents/OpenAI Responses: add models.providers..models..compat.supportsPromptCacheKey so OpenAI-compatible proxies that forward promptcachekey can keep prompt caching enabled while incompatible endpoints can still force stripping. (#67427) Thanks @damselem.
Agents/context engines: keep loop-hook and final afterTurn prompt-cache touch metadata aligned with the current assistant turn so cache-aware context engines retain accurate cache TTL state during tool loops. (#67767) thanks @jalehman.
Memory/dreaming: strip AI-facing inbound metadata envelopes from session-corpus user turns before normalization so REM topic extraction sees the user's actual message text, including array-shaped split envelopes. (#66548) Thanks @zqchris.
Agents/errors: detect standalone Cloudflare/CDN HTML challenge pages before transport DNS classification so provider block pages no longer appear as local DNS lookup failures. (#67704) Thanks @chris-yyau.
Security/approvals: redact secrets in exec approval prompts so inline approval review can no longer leak credential material in rendered prompt content. (#61077, #64790)
CLI/configure: re-read the persisted config hash after writes so config updates stop failing with stale-hash races. (#64188, #66528)
CLI/update: prune stale packaged dist chunks after npm upgrades and keep downgrade/verify inventory checks compat-safe so global upgrades stop failing on stale chunk imports. (#66959) Thanks @obviyus.
Onboarding/CLI: fix channel-selection crashes on globally installed CLI setups during onboarding. (#66736)
Video generation/live tests: bound provider polling for live video smoke, default to the fast non-FAL text-to-video path, and use a one-second lobster prompt so release validation no longer waits indefinitely on slow provider queues.
Memory-core/QMD memory_get: reject reads of arbitrary workspace markdown paths and only allow canonical memory files (MEMORY.md, memory.md, DREAMS.md, dreams.md, memory/**) plus exact paths of active indexed QMD workspace documents, so the QMD memory backend can no longer be used as a generic workspace-file read shim that bypasses read tool-policy denials. (#66026) Thanks @eleqtrizit.
Cron/agents: forward embedded-run tool policy and internal event params into the attempt layer so --tools allowlists, cron-owned message-tool suppression, explicit message targeting, and command-path internal events all take effect at runtime again. (#62675) Thanks @hexsprite.
Setup/providers: guard preferred-provider lookup during setup so malformed plugin metadata with a missing provider id no longer crashes the wizard with Cannot read properties of undefined (reading 'trim'). (#66649) Thanks @Tianworld.
Matrix/security: normalize sandboxed profile avatar params, preserve mxc:// avatar URLs, and surface gmail watcher stop failures during reload. (#64701) Thanks @slepybear.
Telegram/documents: drop leaked binary caption bytes from inbound Telegram text handling so document uploads like .mobi or .epub no longer explode prompt token counts. (#66663) Thanks @joelnishanth.
Gateway/auth: resolve the active gateway bearer per-request on the HTTP server and the HTTP upgrade handler via getResolvedAuth(), mirroring the WebSocket path, so a secret rotated through secrets.reload or config hot-reload stops authenticating on /v1/*, /tools/invoke, plugin HTTP routes, and the canvas upgrade path immediately instead of remaining valid on HTTP until gateway restart. (#66651) Thanks @mmaps.
Agents/compaction: cap the compaction reserve-token floor to the model context window so small-context local models (e.g. Ollama with 16K tokens) no longer trigger context-overflow errors or infinite compaction loops on every prompt. (#65671) Thanks @openperf.
Agents/OpenAI Responses: classify the exact Unknown error (no error details in response) transport failure as failover reason unknown so assistant/model fallback still runs for that no-details failure path. (#65254) Thanks @OpenCodeEngineer.
Models/probe: surface invalid-model probe failures as format instead of unknown in models list --probe, and lock the invalid-model fallback path in with regression coverage. (#50028) Thanks @xiwuqi.
Agents/failover: classify OpenAI-compatible finishreason: networkerror stream failures as timeout so model fallback retries continue instead of stopping with an unknown failover reason. (#61784) thanks @lawrence3699.
Onboarding/channels: normalize channel setup metadata before discovery and validation so malformed or mixed-shape channel plugin metadata no longer breaks setup and onboarding channel lists. (#66706) Thanks @darkamenosa.
Slack/native commands: fix option menus for slash commands such as /verbose when Slack renders native buttons by giving each button a unique action ID while still routing them through the shared openclaw_cmdarg* listener. Thanks @Wangmerlyn.
Feishu/webhook: harden the webhook transport and card-action replay guards to fail closed on missing encryptKey and blank callback tokens — refuse to start the webhook transport without an encryptKey, reject unsigned requests when no key is present instead of accepting them, and drop blank card-action tokens before the dedupe claim and dispatcher. Defense-in-depth over the already-closed monitor-account layer. (#66707) Thanks @eleqtrizit.
Agents/workspace files: route agents.files.get, agents.files.set, and workspace listing through the shared fs-safe helpers (openFileWithinRoot/readFileWithinRoot/writeFileWithinRoot), reject symlink aliases for allowlisted agent files, and have fs-safe resolve opened-file real paths from the file descriptor before falling back to path-based realpath so a symlink swap between open and realpath can no longer redirect the validated path off the intended inode. (#66636) Thanks @eleqtrizit.
Gateway/MCP loopback: switch the /mcp bearer comparison from plain !== to constant-time safeEqualSecret (matching the convention every other auth surface in the codebase uses), and reject non-loopback browser-origin requests via checkBrowserOrigin before the auth gate runs. Loopback origins (127.0.0.1:, localhost:, same-origin) still go through, including the localhost↔127.0.0.1 host mismatch that browsers flag as Sec-Fetch-Site: cross-site. (#66665) Thanks @eleqtrizit.
Auto-reply/billing: classify pure billing cooldown fallback summaries from structured fallback reasons so users see billing guidance instead of the generic failure reply. (#66363) Thanks @Rohan5commit.
Agents/fallback: preserve the original prompt body on model fallback retries with session history so the retrying model keeps the active task instead of only seeing a generic continue message. (#66029) Thanks @WuKongAI-CMU.
Reply/secrets: resolve active reply channel/account SecretRefs before reply-run message-action discovery so channel token SecretRefs (for example Discord) do not degrade into discovery-time unresolved-secret failures. (#66796) Thanks @joshavant.
Agents/Anthropic: ignore non-positive Anthropic Messages token overrides and fail locally when no positive token budget remains, so invalid max_tokens values no longer reach the provider API. (#66664) thanks @jalehman
Agents/context engines: preserve prompt-only token counts, not full request totals, when deferred maintenance reuses after-turn runtime context so background compaction bookkeeping matches the active prompt window. (#66820) thanks @jalehman.
BlueBubbles/inbound: add a persistent file-backed GUID dedupe so MessagePoller webhook replays after BB Server restart or reconnect no longer cause the agent to re-reply to already-handled messages. (#19176, #12053, #66816) Thanks @omarshahine.
Secrets/plugins/status: align SecretRef inspect-vs-strict handling across plugin preload, read-only status/agents surfaces, and runtime auth paths so unresolved refs no longer crash read-only CLI flows while runtime-required non-env refs stay strict. (#66818) Thanks @joshavant.
Memory/dreaming: stop ordinary transcripts that merely quote the dream-diary prompt from being classified as internal dreaming runs and silently dropped from session recall ingestion. (#66852) Thanks @gumadeiras.
Telegram/documents: sanitize binary reply context and ZIP-like archive extraction so .epub and .mobi uploads can no longer leak raw binary into prompt context through reply metadata or archive-to-text/plain coercion. (#66877) Thanks @martinfrancois.
Telegram/native commands: restore plugin-registry-backed auto defaults for native commands and native skills so Telegram slash commands keep registering when commands.native and commands.nativeSkills stay on auto. (#66843) Thanks @kashevk0.
OpenRouter/Qwen3: parse reasoning_details stream deltas as thinking content without skipping same-chunk tool calls, so Qwen3 replies no longer fail empty on OpenRouter and mixed reasoning/tool-call chunks still execute normally. (#66905) Thanks @bladin.
BlueBubbles/catchup: replay missed webhook messages after gateway restart via a persistent per-account cursor and /api/v1/message/query?after=<ts> pass, so messages delivered while the gateway was down no longer disappear. Uses the existing processMessage path and is deduped by #66816's inbound GUID cache. (#66857, #66721) Thanks @omarshahine.
Telegram/native commands: keep Telegram command-sync cache process-local so gateway restarts re-register the menu instead of trusting stale on-disk sync state after Telegram cleared commands out-of-band. (#66730) Thanks @nightq.
Audio/self-hosted STT: restore models.providers.*.request.allowPrivateNetwork for audio transcription so private or LAN speech-to-text endpoints stop tripping SSRF blocks after the v2026.4.14 regression. (#66692) Thanks @jhsmith409.
Auto-reply/media: allow workspace-rooted absolute media paths in auto-reply send flows so valid local media references no longer fail path validation. (#66689)
WhatsApp/Baileys media upload: harden encrypted upload handling so large outbound media sends avoid buffer spikes and reliability regressions. (#65966) Thanks @frankekn.
QQBot/cron: guard against undefined event.content in parseFaceTags and filterInternalMarkers so cron-triggered agent turns with no content payload no longer crash with TypeError: Cannot read properties of undefined (reading 'startsWith'). (#66302) Thanks @xinmotlanthua.
CLI/plugins: stop --dangerously-force-unsafe-install plugin installs from falling back to hook-pack installs after security scan failures, while still preserving non-security fallback behavior for real hook packs. (#58909) Thanks @hxy91819.
Claude CLI/sessions: classify No conversation found with session ID as session_expired so expired CLI-backed conversations clear the stale binding and recover on the next turn. (#65028) thanks @Ivan-Fn.
Context Engine: gracefully fall back to the legacy engine when a third-party context engine plugin fails at resolution time (unregistered id, factory throw, or contract violation), preventing a full gateway outage on every channel. (#66930) Thanks @openperf.
Control UI/chat: keep optimistic user message cards visible during active sends by deferring same-session history reloads until the active run ends, including aborted and errored runs. (#66997) Thanks @scotthuang and @vincentkoc.
Media/Slack: allow host-local CSV and Markdown uploads only when the fallback buffer actually decodes as text, so real plain-text files work without letting opaque non-text blobs renamed to .csv or .md slip past the host-read guard. (#67047) Thanks @Unayung.
Ollama/onboarding: split setup into Cloud + Local, Cloud only, and Local only, support direct OLLAMAAPIKEY cloud setup without a local daemon, and keep Ollama web search on the local-host path. (#67005) Thanks @obviyus.
Webchat/security: reject remote-host file:// URLs in the media embedding path. (#67293) Thanks @pgondhi987.
Dreaming/memory-core: use the ingestion day, not the source file day, for daily recall dedupe so repeat sweeps of the same daily note can increment dailyCount across days instead of stalling at 1. (#67091) Thanks @Bartok9.
Node-host/tools.exec: let approval binding distinguish known native binaries from mutable shell payload files, while still fail-closing unknown or racy file probes so absolute-path node-host commands like /usr/bin/whoami no longer get rejected as unsafe interpreter/runtime commands. (#66731) Thanks @tmimmanuel.

v2026.4.15-beta.2 pre [Apr 16, 2026] (13d ago) details → github →

# openclaw 2026.4.15-beta.2

Changes

Anthropic/models: default Anthropic selections, opus aliases, Claude CLI defaults, and bundled image understanding to Claude Opus 4.7.
Google/TTS: add Gemini text-to-speech support to the bundled google plugin, including provider registration, voice selection, WAV reply output, PCM telephony output, and setup/docs guidance. (#67515) Thanks @barronlroth.

Fixes

Gateway/tools: anchor trusted local MEDIA: tool-result passthrough on the exact raw name of this run's registered built-in tools, and reject client tool definitions whose names normali

v2026.4.15-beta.1 pre [Apr 15, 2026] (14d ago) details → github →

# OpenClaw 2026.4.15-beta.1

Changes

Control UI/Overview: add a Model Auth status card showing OAuth token health and provider rate-limit pressure at a glance, with attention callouts when OAuth tokens are expiring or expired. Backed by a new models.authStatus gateway method that strips credentials and caches for 60s. (#66211) Thanks @omarshahine.
Memory/LanceDB: add cloud storage support to memory-lancedb so durable memory indexes can run on remote object storage instead of local disk only. (#63502) Thanks @rugvedS07.
GitHub Copilot/memory search: add a GitHub Copilot embedding provider for memory search, and expose a dedicated Copilot embedding host helper so plugins can reuse the transport while honoring remote overrides, token refresh, and safer payload validation. (#61718) Thanks @feiskyer and @vincentkoc.
Agents/local models: add experimental agents.defaults.experimental.localModelLean: true to drop heavyweight default tools like browser, cron, and message, reducing prompt size for weaker local-model setups without changing the normal path. (#66495) Thanks @ImLukeF.
Packaging/plugins: localize bundled plugin runtime deps to their owning extensions, trim the published docs payload, and tighten install/package-manager guardrails so published builds stay leaner and core stops carrying extension-owned runtime baggage. (#67099) Thanks @vincentkoc.
QA/Matrix: split Matrix live QA into a source-linked qa-matrix runner and keep repo-private qa-* surfaces out of packaged and published builds. (#66723) Thanks @gumadeiras.
Docs/showcase: add a scannable hero, complete section jump links, and a responsive video grid for community examples. (#48493) Thanks @jchopard69.

Fixes

Security/approvals: redact secrets in exec approval prompts so inline approval review can no longer leak credential material in rendered prompt content. (#61077, #64790)
CLI/configure: re-read the persisted config hash after writes so config updates stop failing with stale-hash races. (#64188, #66528)
CLI/update: prune stale packaged dist chunks after npm upgrades and keep downgrade/verify inventory checks compat-safe so global upgrades stop failing on stale chunk imports. (#66959) Thanks @obviyus.
Onboarding/CLI: fix channel-selection crashes on globally installed CLI setups during onboarding. (#66736)
Video generation/live tests: bound provider polling for live video smoke, default to the fast non-FAL text-to-video path, and use a one-second lobster prompt so release validation no longer waits indefinitely on slow provider queues.
Memory-core/QMD memory_get: reject reads of arbitrary workspace markdown paths and only allow canonical memory files (MEMORY.md, memory.md, DREAMS.md, dreams.md, memory/**) plus exact paths of active indexed QMD workspace documents, so the QMD memory backend can no longer be used as a generic workspace-file read shim that bypasses read tool-policy denials. (#66026) Thanks @eleqtrizit.
Cron/agents: forward embedded-run tool policy and internal event params into the attempt layer so --tools allowlists, cron-owned message-tool suppression, explicit message targeting, and command-path internal events all take effect at runtime again. (#62675) Thanks @hexsprite.
Setup/providers: guard preferred-provider lookup during setup so malformed plugin metadata with a missing provider id no longer crashes the wizard with Cannot read properties of undefined (reading 'trim'). (#66649) Thanks @Tianworld.
Matrix/security: normalize sandboxed profile avatar params, preserve mxc:// avatar URLs, and surface gmail watcher stop failures during reload. (#64701) Thanks @slepybear.
Telegram/documents: drop leaked binary caption bytes from inbound Telegram text handling so document uploads like .mobi or .epub no longer explode prompt token counts. (#66663) Thanks @joelnishanth.
Gateway/auth: resolve the active gateway bearer per-request on the HTTP server and the HTTP upgrade handler via getResolvedAuth(), mirroring the WebSocket path, so a secret rotated through secrets.reload or config hot-reload stops authenticating on /v1/*, /tools/invoke, plugin HTTP routes, and the canvas upgrade path immediately instead of remaining valid on HTTP until gateway restart. (#66651) Thanks @mmaps.
Agents/compaction: cap the compaction reserve-token floor to the model context window so small-context local models (e.g. Ollama with 16K tokens) no longer trigger context-overflow errors or infinite compaction loops on every prompt. (#65671) Thanks @openperf.
Agents/OpenAI Responses: classify the exact Unknown error (no error details in response) transport failure as failover reason unknown so assistant/model fallback still runs for that no-details failure path. (#65254) Thanks @OpenCodeEngineer.
Models/probe: surface invalid-model probe failures as format instead of unknown in models list --probe, and lock the invalid-model fallback path in with regression coverage. (#50028) Thanks @xiwuqi.
Agents/failover: classify OpenAI-compatible finishreason: networkerror stream failures as timeout so model fallback retries continue instead of stopping with an unknown failover reason. (#61784) thanks @lawrence3699.
Onboarding/channels: normalize channel setup metadata before discovery and validation so malformed or mixed-shape channel plugin metadata no longer breaks setup and onboarding channel lists. (#66706) Thanks @darkamenosa.
Slack/native commands: fix option menus for slash commands such as /verbose when Slack renders native buttons by giving each button a unique action ID while still routing them through the shared openclaw_cmdarg* listener. Thanks @Wangmerlyn.
Feishu/webhook: harden the webhook transport and card-action replay guards to fail closed on missing encryptKey and blank callback tokens — refuse to start the webhook transport without an encryptKey, reject unsigned requests when no key is present instead of accepting them, and drop blank card-action tokens before the dedupe claim and dispatcher. Defense-in-depth over the already-closed monitor-account layer. (#66707) Thanks @eleqtrizit.
Agents/workspace files: route agents.files.get, agents.files.set, and workspace listing through the shared fs-safe helpers (openFileWithinRoot/readFileWithinRoot/writeFileWithinRoot), reject symlink aliases for allowlisted agent files, and have fs-safe resolve opened-file real paths from the file descriptor before falling back to path-based realpath so a symlink swap between open and realpath can no longer redirect the validated path off the intended inode. (#66636) Thanks @eleqtrizit.
Gateway/MCP loopback: switch the /mcp bearer comparison from plain !== to constant-time safeEqualSecret (matching the convention every other auth surface in the codebase uses), and reject non-loopback browser-origin requests via checkBrowserOrigin before the auth gate runs. Loopback origins (127.0.0.1:, localhost:, same-origin) still go through, including the localhost↔127.0.0.1 host mismatch that browsers flag as Sec-Fetch-Site: cross-site. (#66665) Thanks @eleqtrizit.
Auto-reply/billing: classify pure billing cooldown fallback summaries from structured fallback reasons so users see billing guidance instead of the generic failure reply. (#66363) Thanks @Rohan5commit.
Agents/fallback: preserve the original prompt body on model fallback retries with session history so the retrying model keeps the active task instead of only seeing a generic continue message. (#66029) Thanks @WuKongAI-CMU.
Reply/secrets: resolve active reply channel/account SecretRefs before reply-run message-action discovery so channel token SecretRefs (for example Discord) do not degrade into discovery-time unresolved-secret failures. (#66796) Thanks @joshavant.
Agents/Anthropic: ignore non-positive Anthropic Messages token overrides and fail locally when no positive token budget remains, so invalid max_tokens values no longer reach the provider API. (#66664) thanks @jalehman
Agents/context engines: preserve prompt-only token counts, not full request totals, when deferred maintenance reuses after-turn runtime context so background compaction bookkeeping matches the active prompt window. (#66820) thanks @jalehman.
BlueBubbles/inbound: add a persistent file-backed GUID dedupe so MessagePoller webhook replays after BB Server restart or reconnect no longer cause the agent to re-reply to already-handled messages. (#19176, #12053, #66816) Thanks @omarshahine.
Secrets/plugins/status: align SecretRef inspect-vs-strict handling across plugin preload, read-only status/agents surfaces, and runtime auth paths so unresolved refs no longer crash read-only CLI flows while runtime-required non-env refs stay strict. (#66818) Thanks @joshavant.
Memory/dreaming: stop ordinary transcripts that merely quote the dream-diary prompt from being classified as internal dreaming runs and silently dropped from session recall ingestion. (#66852) Thanks @gumadeiras.
Telegram/documents: sanitize binary reply context and ZIP-like archive extraction so .epub and .mobi uploads can no longer leak raw binary into prompt context through reply metadata or archive-to-text/plain coercion. (#66877) Thanks @martinfrancois.
Telegram/native commands: restore plugin-registry-backed auto defaults for native commands and native skills so Telegram slash commands keep registering when commands.native and commands.nativeSkills stay on auto. (#66843) Thanks @kashevk0.
OpenRouter/Qwen3: parse reasoning_details stream deltas as thinking content without skipping same-chunk tool calls, so Qwen3 replies no longer fail empty on OpenRouter and mixed reasoning/tool-call chunks still execute normally. (#66905) Thanks @bladin.
fix(bluebubbles): replay missed webhook messages after gateway restart via a persistent per-account cursor and /api/v1/message/query?after=<ts> pass, so messages delivered while the gateway was down no longer disappear. Uses the existing processMessage path and is deduped by #66816's inbound GUID cache. (#66857, #66721) Thanks @omarshahine.
Telegram/native commands: keep Telegram command-sync cache process-local so gateway restarts re-register the menu instead of trusting stale on-disk sync state after Telegram cleared commands out-of-band. (#66730) Thanks @nightq.
Audio/self-hosted STT: restore models.providers.*.request.allowPrivateNetwork for audio transcription so private or LAN speech-to-text endpoints stop tripping SSRF blocks after the v2026.4.14 regression. (#66692) Thanks @jhsmith409.
Auto-reply/media: allow workspace-rooted absolute media paths in auto-reply send flows so valid local media references no longer fail path validation. (#66689)
WhatsApp/Baileys media upload: harden encrypted upload handling so large outbound media sends avoid buffer spikes and reliability regressions. (#65966) Thanks @frankekn.
QQBot/cron: guard against undefined event.content in parseFaceTags and filterInternalMarkers so cron-triggered agent turns with no content payload no longer crash with TypeError: Cannot read properties of undefined (reading 'startsWith'). (#66302) Thanks @xinmotlanthua.
CLI/plugins: stop --dangerously-force-unsafe-install plugin installs from falling back to hook-pack installs after security scan failures, while still preserving non-security fallback behavior for real hook packs. (#58909) Thanks @hxy91819.
Claude CLI/sessions: classify No conversation found with session ID as session_expired so expired CLI-backed conversations clear the stale binding and recover on the next turn. (#65028) thanks @Ivan-Fn.
Context Engine: gracefully fall back to the legacy engine when a third-party context engine plugin fails at resolution time (unregistered id, factory throw, or contract violation), preventing a full gateway outage on every channel. (#66930) Thanks @openperf.
Control UI/chat: keep optimistic user message cards visible during active sends by deferring same-session history reloads until the active run ends, including aborted and errored runs. (#66997) Thanks @scotthuang and @vincentkoc.
Media/Slack: allow host-local CSV and Markdown uploads only when the fallback buffer actually decodes as text, so real plain-text files work without letting opaque non-text blobs renamed to .csv or .md slip past the host-read guard. (#67047) Thanks @Unayung.
Ollama/onboarding: split setup into Cloud + Local, Cloud only, and Local only, support direct OLLAMAAPIKEY cloud setup without a local daemon, and keep Ollama web search on the local-host path. (#67005) Thanks @obviyus.
Docker/build: verify @matrix-org/matrix-sdk-crypto-nodejs native bindings with find under node_modules instead of a hardcoded .pnpm/... path so pnpm v10+ virtual-store layouts no longer fail the image build. (#67143) Thanks @ly85206559.
Matrix/E2EE: keep startup bootstrap conservative for passwordless token-auth bots, still attempt the guarded repair pass without requiring channels.matrix.password, and document the remaining password-UIA limitation. (#66228) Thanks @SARAMALI15792.
Cron/announce delivery: suppress mixed-content isolated cron announce replies that end with NO_REPLY so trailing silent sentinels no longer leak summary text to the target channel. (#65004) Thanks @neo1027144-creator.
Plugins/bundled channels: partition bundled channel lazy caches by active bundled root so OPENCLAWBUNDLEDPLUGINS_DIR flips stop reusing stale plugin, setup, secrets, and runtime state. (#67200) Thanks @gumadeiras.
Packaging/plugins: prune common test/spec cargo from bundled plugin runtime dependencies and fail npm release validation if packaged test cargo reappears, keeping published tarballs leaner without plugin-specific special cases. (#67275) Thanks @gumadeiras.
Agents/context + Memory: trim default startup/skills prompt budgets, cap memory_get excerpts by default with explicit continuation metadata, and keep QMD reads aligned with the same bounded excerpt contract so long sessions pull less context by default without losing deterministic follow-up reads.
Matrix/commands: skip DM pairing-store reads on room traffic now that room control-command authorization ignores pairing-store entries, keeping the room path narrower without changing room auth behavior. (#67325) Thanks @gumadeiras.
Matrix/security: block DM pairing-store entries from authorizing room control commands. (#67294) Thanks @pgondhi987.
Gateway/security: enforce localRoots containment on the webchat audio embedding path. (#67298) Thanks @pgondhi987.
Webchat/security: reject remote-host file:// URLs in the media embedding path. (#67293) Thanks @pgondhi987.
Dreaming/memory-core: use the ingestion day, not the source file day, for daily recall dedupe so repeat sweeps of the same daily note can increment dailyCount across days instead of stalling at 1. (#67091) Thanks @Bartok9.

v2026.4.14 BREAKING [Apr 14, 2026] (16d ago) details → github →

# openclaw 2026.4.14

OpenClaw 2026.4.14 is another broad quality release focused on model provider with explicit turn improvements for GPT-5 family and channel provider issues. Additionally we improved overal performance with refactors to our underlying core codebase.

Changes

OpenAI Codex/models: add forward-compat support for gpt-5.4-pro, including Codex pricing/limits and list/status visibility before the upstream catalog catches up. (#66453) Thanks @jepson-liu.

Telegram/forum topics: surface human topic names in agent context, prompt metadata, and plugin hook metadata by learning names from Telegram forum service messages. (#65973) Thanks @ptahdunbar.

Fixes

Agents/Ollama: forward the configured embedded-run timeout into the global undici stream timeout tuning so slow local Ollama runs no longer inherit the default stream cutoff instead of the operator-set run timeout. (#63175) Thanks @mindcraftreader and @vincentkoc.

Models/Codex: include apiKey in the codex provider catalog output so the Pi ModelRegistry validator no longer rejects the entry and silently drops all custom models from every provider in models.json. (#66180) Thanks @hoyyeva.

Tools/image+pdf: normalize configured provider/model refs before media-tool registry lookup so image and PDF tool runs stop rejecting valid Ollama vision models as unknown just because the tool path skipped the usual model-ref normalization step. (#59943) Thanks @yqli2420 and @vincentkoc.

Slack/interactions: apply the configured global allowFrom owner allowlist to channel block-action and modal interactive events, require an expected sender id for cross-verification, and reject ambiguous channel types so interactive triggers can no longer bypass the documented allowlist intent in channels without a users list. Open-by-default behavior is preserved when no allowlists are configured. (#66028) Thanks @eleqtrizit.

Media-understanding/attachments: fail closed when a local attachment path cannot be canonically resolved via realpath, so a realpath error can no longer downgrade the canonical-roots allowlist check to a non-canonical comparison; attachments that also have a URL still fall back to the network fetch path. (#66022) Thanks @eleqtrizit.

Agents/gateway-tool: reject config.patch and config.apply calls from the model-facing gateway tool when they would newly enable any flag enumerated by openclaw security audit (for example dangerouslyDisableDeviceAuth, allowInsecureAuth, dangerouslyAllowHostHeaderOriginFallback, hooks.gmail.allowUnsafeExternalContent, tools.exec.applyPatch.workspaceOnly: false); already-enabled flags pass through unchanged so non-dangerous edits in the same patch still apply, and direct authenticated operator RPC behavior is unchanged. (#62006) Thanks @eleqtrizit.

Google image generation: strip a trailing /openai suffix from configured Google base URLs only when calling the native Gemini image API so Gemini image requests stop 404ing without breaking explicit OpenAI-compatible Google endpoints. (#66445) Thanks @dapzthelegend.

Telegram/forum topics: persist learned topic names to the Telegram session sidecar store so agent context can keep using human topic names after a restart instead of relearning from future service metadata. (#66107) Thanks @obviyus.

Doctor/systemd: keep openclaw doctor --repair and service reinstall from re-embedding dotenv-backed secrets in user systemd units, while preserving newer inline overrides over stale state-dir .env values. (#66249) Thanks @tmimmanuel.

Ollama/OpenAI-compat: send streamoptions.includeusage for Ollama streaming completions so local Ollama runs report real usage instead of falling back to bogus prompt-token counts that trigger premature compaction. (#64568) Thanks @xchunzhao and @vincentkoc.

Doctor/plugins: cache external preferOver catalog lookups within each plugin auto-enable pass so large agents.list configs no longer peg CPU and repeatedly reread plugin catalogs during doctor/plugins resolution. (#66246) Thanks @yfge.

GitHub Copilot/thinking: allow github-copilot/gpt-5.4 to use xhigh reasoning so Copilot GPT-5.4 matches the rest of the GPT-5.4 family. (#50168) Thanks @jakepresent and @vincentkoc.

Memory/embeddings: preserve non-OpenAI provider prefixes when normalizing OpenAI-compatible embedding model refs so proxy-backed memory providers stop failing with Unknown memory embedding provider. (#66452) Thanks @jlapenna.

Agents/local models: clarify low-context preflight hints for self-hosted models, point config-backed caps at the relevant OpenClaw setting, and stop suggesting larger models when agents.defaults.contextTokens is the real limit. (#66236) Thanks @ImLukeF.

Browser/SSRF: restore hostname navigation under the default browser SSRF policy while keeping explicit strict mode reachable from config, and keep managed loopback CDP /json/new fallback requests on the local CDP control policy so browser follow-up fixes stop regressing normal navigation or self-blocking local CDP control. (#66386) Thanks @obviyus.

Models/Codex: canonicalize the legacy openai-codex/gpt-5.4-codex runtime alias to openai-codex/gpt-5.4 while still honoring alias-specific and canonical per-model overrides. (#43060) Thanks @Sapientropic and @vincentkoc.

Browser/SSRF: preserve explicit strict browser navigation mode for legacy browser.ssrfPolicy.allowPrivateNetwork: false configs by normalizing the legacy alias to the canonical strict marker instead of silently widening those installs to the default non-strict hostname-navigation path.

Onboarding/custom providers: use max_tokens=16 for OpenAI-compatible verification probes so stricter custom endpoints stop rejecting onboarding checks that only need a tiny completion. (#66450) Thanks @WuKongAI-CMU.

Agents/subagents: emit the subagent registry lazy-runtime stub on the stable dist path that both source and bundled runtime imports resolve, so the follow-up dist fix no longer still fails with ERRMODULENOT_FOUND at runtime. (#66420) Thanks @obviyus.

Media-understanding/proxy env: auto-upgrade provider HTTP helper requests to trusted env-proxy mode only when HTTPPROXY/HTTPSPROXY is active and the target is not bypassed by NO_PROXY, so remote media-understanding and transcription requests stop failing local DNS pre-resolution in proxy-only environments without widening SSRF bypasses. (#52162) Thanks @mjamiv and @vincentkoc.

Telegram/media downloads: let Telegram media fetches trust an operator-configured explicit proxy for target DNS resolution after hostname-policy checks, so proxy-backed installs stop failing could not download media on Bot API file downloads after the DNS-pinning regression. (#66245) Thanks @dawei41468 and @vincentkoc.

Browser: keep loopback CDP readiness checks reachable under strict SSRF defaults so OpenClaw can reconnect to locally started managed Chrome. (#66354) Thanks @hxy91819.

Agents/context engine: compact engine-owned sessions from the first tool-loop delta and preserve ingest fallback when afterTurn is absent, so long-running tool loops can stay bounded without dropping engine state. (#63555) Thanks @Bikkies.

OpenAI Codex/auth: keep malformed Codex CLI auth-file diagnostics on the debug logger instead of stdout so interactive command output stays clean while auth read failures remain traceable. (#66451) Thanks @SimbaKingjoe.

Discord/native commands: return the real status card for native /status interactions instead of falling through to the synthetic ✅ Done. ack when the generic dispatcher produces no visible reply. (#54629) Thanks @tkozzer and @vincentkoc.

Hooks/Ollama: let LLM-backed session-memory slug generation honor an explicit agents.defaults.timeoutSeconds override instead of always aborting after 15 seconds, so slow local Ollama runs stop silently dropping back to generic filenames. (#66237) Thanks @dmak and @vincentkoc.

Media/transcription: remap .aac filenames to .m4a for OpenAI-compatible audio uploads so AAC voice notes stop failing MIME-sensitive transcription endpoints. (#66446) Thanks @ben-z.

UI/chat: replace marked.js with markdown-it so maliciously crafted markdown can no longer freeze the Control UI via ReDoS. (#46707) Thanks @zhangfnf.

Auto-reply/send policy: keep sendPolicy: "deny" from blocking inbound message processing, so the agent still runs its turn while all outbound delivery is suppressed for observer-style setups. (#65461, #53328) Thanks @omarshahine.

BlueBubbles: lazy-refresh the Private API server-info cache on send when reply threading or message effects are requested but status is unknown, so sends no longer silently degrade to plain messages when the 10-minute cache expires. (#65447, #43764) Thanks @omarshahine.

Heartbeat/security: force owner downgrade for untrusted hook:wake system events [AI-assisted]. (#66031) Thanks @pgondhi987.

Browser/security: enforce SSRF policy on snapshot, screenshot, and tab routes [AI]. (#66040) Thanks @pgondhi987.

Microsoft Teams/security: enforce sender allowlist checks on SSO signin invokes [AI]. (#66033) Thanks @pgondhi987.

Config/security: redact sourceConfig and runtimeConfig alias fields in redactConfigSnapshot [AI]. (#66030) Thanks @pgondhi987.

Agents/context engines: run opt-in turn maintenance as idle-aware background work so the next foreground turn no longer waits on proactive maintenance. (#65233) Thanks @100yenadmin.

Plugins/status: report the registered context-engine IDs in plugins inspect instead of the owning plugin ID, so non-matching engine IDs and multi-engine plugins are classified correctly. (#58766) Thanks @zhuisDEV.

Context engines: reject resolved plugin engines whose reported info.id does not match their registered slot id, so malformed engines fail fast before id-based runtime branches can misbehave. (#63222) Thanks @fuller-stack-dev.

WhatsApp: patch installed Baileys media encryption writes during OpenClaw postinstall so the default npm/install.sh delivery path waits for encrypted media files to finish flushing before readback, avoiding transient ENOENT crashes on image sends. (#65896) Thanks @frankekn.

Gateway/update: unify service entrypoint resolution around the canonical bundled gateway entrypoint so update, reinstall, and doctor repair stop drifting between stale dist/entry.js and current dist/index.js paths. (#65984) Thanks @mbelinky.

Heartbeat/Telegram topics: keep isolated heartbeat replies on the bound forum topic when target=last, instead of dropping them into the group root chat. (#66035) Thanks @mbelinky.

Browser/CDP: let managed local Chrome readiness, status probes, and managed loopback CDP control bypass browser SSRF policy for their own loopback control plane, so OpenClaw no longer misclassifies a healthy child browser as "not reachable after start". (#65695, #66043) Thanks @mbelinky.

Gateway/sessions: stop heartbeat, cron-event, and exec-event turns from overwriting shared-session routing and origin metadata, preventing synthetic heartbeat targets from poisoning later cron or user delivery. (#66073, #63733, #35300) Thanks @mbelinky.

Browser/CDP: let local attach-only manual-cdp profiles reuse the local loopback CDP control plane under strict default policy and remote-class probe timeouts, so tabs/snapshot stop falsely reporting a live local browser session as not running. (#65611, #66080) Thanks @mbelinky.

Cron/scheduler: stop inventing short retries when cron next-run calculation returns no valid future slot, and keep a maintenance wake armed so enabled unscheduled jobs recover without entering a refire loop. (#66019, #66083) Thanks @mbelinky.

Cron/scheduler: preserve the active error-backoff floor when maintenance repair recomputes a missing cron next-run, so recurring errored jobs do not resume early after a transient next-run resolution failure. (#66019, #66083, #66113) Thanks @mbelinky.

Outbound/delivery-queue: persist the originating outbound session context on queued delivery entries and replay it during recovery, so write-ahead-queued sends keep their original outbound media policy context after restart instead of evaluating against a missing session. (#66025) Thanks @eleqtrizit.

Memory/Ollama: restore the built-in ollama embedding adapter in memory-core so explicit memorySearch.provider: "ollama" works again, and include endpoint-aware cache keys so different Ollama hosts do not reuse each other's embeddings. (#63429, #66078, #66163) Thanks @nnish16 and @vincentkoc.

Auto-reply/queue: split collect-mode followup drains into contiguous groups by per-message authorization context (sender id, owner status, exec/bash-elevated overrides), so queued items from different senders or exec configs no longer execute under the last queued run's owner-only and exec-approval context. (#66024) Thanks @eleqtrizit.

Dreaming/memory-core: require a live queued Dreaming cron event before the heartbeat hook runs the sweep, so managed Dreaming no longer replays on later heartbeats after the scheduled run was already consumed. (#66139) Thanks @mbelinky.

Control UI/Dreaming: stop Imported Insights and Memory Palace from calling optional memory-wiki gateway methods when the plugin is off, and refresh config before wiki reloads so the Dreaming tab stops showing misleading unknown-method failures. (#66140) Thanks @mbelinky.

Agents/tools: only mark streamed unknown-tool retries as counted when a streamed message actually classifies an unavailable tool, and keep incomplete streamed tool names from resetting the retry streak before the final assistant message arrives. (#66145) Thanks @dutifulbob.

Memory/active-memory: move recalled memory onto the hidden untrusted prompt-prefix path instead of system prompt injection, label the visible Active Memory status line fields, and include the resolved recall provider/model in gateway debug logs so trace/debug output matches what the model actually saw. (#66144) Thanks @Takhoffman.

Memory/QMD: stop treating legacy lowercase memory.md as a second default root collection, so QMD recall no longer searches phantom memory-alt-* collections and builtin/QMD root-memory fallback stays aligned. (#66141) Thanks @mbelinky.

Agents/subagents: ship dist/agents/subagent-registry.runtime.js in npm builds so runtime: "subagent" runs stop stalling in queued after the registry import fails. (#66189) Thanks @yqli2420 and @vincentkoc.

Agents/OpenAI: map minimal thinking to OpenAI's supported low reasoning effort for GPT-5.4 requests, so embedded runs stop failing request validation. Thanks @steipete.

Voice-call/media-stream: resolve the source IP from trusted forwarding headers for per-IP pending-connection limits when webhookSecurity.trustForwardingHeaders and trustedProxyIPs are configured, and reserve maxConnections capacity for in-flight WebSocket upgrades so concurrent handshakes can no longer momentarily exceed the operator-set cap. (#66027) Thanks @eleqtrizit.

Feishu/allowlist: canonicalize allowlist entries by explicit user/chat kind, strip repeated feishu:/lark: provider prefixes, and stop folding opaque Feishu IDs to lowercase, so allowlist matching no longer crosses user/chat namespaces or widens to case-insensitive ID matches the operator did not intend. (#66021) Thanks @eleqtrizit.

Telegram/status commands: let read-only status slash commands bypass busy topic turns, while keeping /export-session on the normal lane so it cannot interleave with an in-flight session mutation. (#66226) Thanks @VACInc and @vincentkoc.

TTS/reply media: persist OpenClaw temp voice outputs into managed outbound media and allow them through reply-media normalization, so voice-note replies stop silently dropping. (#63511) Thanks @jetd1.

Agents/tools: treat Windows drive-letter paths (C:\\...) as absolute when resolving sandbox and read-tool paths so workspace root is not prepended under POSIX path rules. (#54039) Thanks @ly85206559 and @vincentkoc.

Agents/OpenAI: recover embedded GPT-style runs when reasoning-only or empty turns need bounded continuation, with replay-safe retry gating and incomplete-turn fallback when no visible answer arrives. (#66167) thanks @jalehman

Outbound/relay-status: suppress internal relay-status placeholder payloads (No channel reply., Replied in-thread., Replied in #..., wiki-update status variants ending in No channel reply.) before channel delivery so internal housekeeping text does not leak to users.

Slack/doctor: add a dedicated doctor-contract sidecar so config warmup paths such as openclaw cron no longer fall back to Slack's broader contract surface, which could trigger Slack-related config-read crashes on affected setups. (#63192) Thanks @shhtheonlyperson.

Hooks/session-memory: pass the resolved agent workspace into gateway /new and /reset session-memory hooks so reset snapshots stay scoped to the right agent workspace instead of leaking into the default workspace. (#64735) Thanks @suboss87 and @vincentkoc.

CLI/approvals: raise the default openclaw approvals get gateway timeout and report config-load timeouts explicitly, so slow hosts stop showing a misleading Config unavailable. note when the approvals snapshot succeeds but the follow-up config RPC needs more time. (#66239) Thanks @neeravmakwana.

Media/store: honor configured agent media limits when saving generated media and persisting outbound reply media, so the store no longer hard-stops those flows at 5 MB before the configured limit applies. (#66229) Thanks @neeravmakwana and @vincentkoc.

v2026.4.14-beta.1 pre [Apr 14, 2026] (16d ago) details → github →

# openclaw 2026.4.14-beta.1

Changes

Telegram/forum topics: surface human topic names in agent context, prompt metadata, and plugin hook metadata by learning names from Telegram forum service messages. (#65973) Thanks @ptahdunbar.

Fixes

UI/chat: replace marked.js with markdown-it so maliciously crafted markdown can no longer freeze the Control UI via ReDoS. (#46707) Thanks @zhangfnf.
Auto-reply/send policy: keep sendPolicy: "deny" from blocking inbound message processing, so the agent still runs its turn while all outbound delivery is suppressed for observer-style setups. (#65461, #53328) Thanks @omarshahine.
BlueBubbles: lazy-refresh the Private API server-info cache on send when reply threading or message effects are requested but status is unknown, so sends no longer silently degrade to plain messages when the 10-minute cache expires. (#65447, #43764) Thanks @omarshahine.
Heartbeat/security: force owner downgrade for untrusted hook:wake system events [AI-assisted]. (#66031) Thanks @pgondhi987.
Browser/security: enforce SSRF policy on snapshot, screenshot, and tab routes [AI]. (#66040) Thanks @pgondhi987.
Microsoft Teams/security: enforce sender allowlist checks on SSO signin invokes [AI]. (#66033) Thanks @pgondhi987.
Config/security: redact sourceConfig and runtimeConfig alias fields in redactConfigSnapshot [AI]. (#66030) Thanks @pgondhi987.
Agents/context engines: run opt-in turn maintenance as idle-aware background work so the next foreground turn no longer waits on proactive maintenance. (#65233) Thanks @100yenadmin.
Plugins/status: report the registered context-engine IDs in plugins inspect instead of the owning plugin ID, so non-matching engine IDs and multi-engine plugins are classified correctly. (#58766) Thanks @zhuisDEV.
Context engines: reject resolved plugin engines whose reported info.id does not match their registered slot id, so malformed engines fail fast before id-based runtime branches can misbehave. (#63222) Thanks @fuller-stack-dev.
WhatsApp: patch installed Baileys media encryption writes during OpenClaw postinstall so the default npm/install.sh delivery path waits for encrypted media files to finish flushing before readback, avoiding transient ENOENT crashes on image sends. (#65896) Thanks @frankekn.
Gateway/update: unify service entrypoint resolution around the canonical bundled gateway entrypoint so update, reinstall, and doctor repair stop drifting between stale dist/entry.js and current dist/index.js paths. (#65984) Thanks @mbelinky.
Heartbeat/Telegram topics: keep isolated heartbeat replies on the bound forum topic when target=last, instead of dropping them into the group root chat. (#66035) Thanks @mbelinky.
Browser/CDP: let managed local Chrome readiness, status probes, and managed loopback CDP control bypass browser SSRF policy for their own loopback control plane, so OpenClaw no longer misclassifies a healthy child browser as "not reachable after start". (#65695, #66043) Thanks @mbelinky.
Gateway/sessions: stop heartbeat, cron-event, and exec-event turns from overwriting shared-session routing and origin metadata, preventing synthetic heartbeat targets from poisoning later cron or user delivery. (#66073, #63733, #35300) Thanks @mbelinky.
Browser/CDP: let local attach-only manual-cdp profiles reuse the local loopback CDP control plane under strict default policy and remote-class probe timeouts, so tabs/snapshot stop falsely reporting a live local browser session as not running. (#65611, #66080) Thanks @mbelinky.
Cron/scheduler: stop inventing short retries when cron next-run calculation returns no valid future slot, and keep a maintenance wake armed so enabled unscheduled jobs recover without entering a refire loop. (#66019, #66083) Thanks @mbelinky.
Cron/scheduler: preserve the active error-backoff floor when maintenance repair recomputes a missing cron next-run, so recurring errored jobs do not resume early after a transient next-run resolution failure. (#66019, #66083, #66113) Thanks @mbelinky.
Outbound/delivery-queue: persist the originating outbound session context on queued delivery entries and replay it during recovery, so write-ahead-queued sends keep their original outbound media policy context after restart instead of evaluating against a missing session. (#66025) Thanks @eleqtrizit.
Auto-reply/queue: split collect-mode followup drains into contiguous groups by per-message authorization context (sender id, owner status, exec/bash-elevated overrides), so queued items from different senders or exec configs no longer execute under the last queued run's owner-only and exec-approval context. (#66024) Thanks @eleqtrizit.
Dreaming/memory-core: require a live queued Dreaming cron event before the heartbeat hook runs the sweep, so managed Dreaming no longer replays on later heartbeats after the scheduled run was already consumed. (#66139) Thanks @mbelinky.
Control UI/Dreaming: stop Imported Insights and Memory Palace from calling optional memory-wiki gateway methods when the plugin is off, and refresh config before wiki reloads so the Dreaming tab stops showing misleading unknown-method failures. (#66140) Thanks @mbelinky.
Agents/tools: only mark streamed unknown-tool retries as counted when a streamed message actually classifies an unavailable tool, and keep incomplete streamed tool names from resetting the retry streak before the final assistant message arrives. (#66145) Thanks @dutifulbob.
Memory/active-memory: move recalled memory onto the hidden untrusted prompt-prefix path instead of system prompt injection, label the visible Active Memory status line fields, and include the resolved recall provider/model in gateway debug logs so trace/debug output matches what the model actually saw. (#66144) Thanks @Takhoffman.
Memory/QMD: stop treating legacy lowercase memory.md as a second default root collection, so QMD recall no longer searches phantom memory-alt-* collections and builtin/QMD root-memory fallback stays aligned. (#66141) Thanks @mbelinky.
Agents/OpenAI: map minimal thinking to OpenAI's supported low reasoning effort for GPT-5.4 requests, so embedded runs stop failing request validation. Thanks @steipete.
Voice-call/media-stream: resolve the source IP from trusted forwarding headers for per-IP pending-connection limits when webhookSecurity.trustForwardingHeaders and trustedProxyIPs are configured, and reserve maxConnections capacity for in-flight WebSocket upgrades so concurrent handshakes can no longer momentarily exceed the operator-set cap. (#66027) Thanks @eleqtrizit.
Feishu/allowlist: canonicalize allowlist entries by explicit user/chat kind, strip repeated feishu:/lark: provider prefixes, and stop folding opaque Feishu IDs to lowercase, so allowlist matching no longer crosses user/chat namespaces or widens to case-insensitive ID matches the operator did not intend. (#66021) Thanks @eleqtrizit.
TTS/reply media: persist OpenClaw temp voice outputs into managed outbound media and allow them through reply-media normalization, so voice-note replies stop silently dropping. (#63511) Thanks @jetd1.
Agents/tools: treat Windows drive-letter paths (C:\\...) as absolute when resolving sandbox and read-tool paths so workspace root is not prepended under POSIX path rules. (#54039) Thanks @ly85206559 and @vincentkoc.
Agents/OpenAI: recover embedded GPT-style runs when reasoning-only or empty turns need bounded continuation, with replay-safe retry gating and incomplete-turn fallback when no visible answer arrives. (#66167) thanks @jalehman
Outbound/relay-status: suppress internal relay-status placeholder payloads (No channel reply., Replied in-thread., Replied in #..., wiki-update status variants ending in No channel reply.) before channel delivery so internal housekeeping text does not leak to users.
Slack/doctor: add a dedicated doctor-contract sidecar so config warmup paths such as openclaw cron no longer fall back to Slack's broader contract surface, which could trigger Slack-related config-read crashes on affected setups. (#63192) Thanks @shhtheonlyperson.
Hooks/session-memory: pass the resolved agent workspace into gateway /new and /reset session-memory hooks so reset snapshots stay scoped to the right agent workspace instead of leaking into the default workspace. (#64735) Thanks @suboss87 and @vincentkoc.

v2026.4.12 BREAKING [Apr 13, 2026] (17d ago) details → github →

# openclaw 2026.4.12

OpenClaw 2026.4.12 is a broad quality release focused on plugin loading, memory and dreaming reliability, new local-model options, and a much smoother Feishu setup path.

Changes

QA/lab: add Convex-backed pooled Telegram credential leasing plus openclaw qa credentials admin commands and broker setup docs. (#65596) Thanks @joshavant.

Memory/Active Memory: add a new optional Active Memory plugin that gives OpenClaw a dedicated memory sub-agent right before the main reply, so ongoing chats can automatically pull in relevant preferences, context, and past details without making users remember to manually say "remember this" or "search memory" first. Includes configurable message/recent/full context modes, live /verbose inspection, advanced prompt/thinking overrides for tuning, and opt-in transcript persistence for debugging. (#63286) Thanks @Takhoffman.

macOS/Talk: add an experimental local MLX speech provider for Talk Mode, with explicit provider selection, local utterance playback, interruption handling, and system-voice fallback. (#63539) Thanks @ImLukeF.

CLI/exec policy: add a local openclaw exec-policy command with show, preset, and set subcommands for synchronizing requested tools.exec.* config with the local exec approvals file, plus follow-up hardening for node-host rejection, rollback safety, and sync conflict detection. (#64050)

Gateway: add a commands.list RPC so remote gateway clients can discover runtime-native, text, skill, and plugin commands with surface-aware naming and serialized argument metadata. (#62656) Thanks @samzong.

Models/providers: add per-provider models.providers.*.request.allowPrivateNetwork for trusted self-hosted OpenAI-compatible endpoints, keep the opt-in scoped to model request surfaces, and refresh cached WebSocket managers when request transport overrides change. (#63671) Thanks @qas.

QA/testing: add a --runner multipass lane for openclaw qa suite so repo-backed QA scenarios can run inside a disposable Linux VM and write back the usual report, summary, and VM logs. (#63426) Thanks @shakkernerd.

Docs i18n: chunk raw doc translation, reject truncated tagged outputs, avoid ambiguous body-only wrapper unwrapping, and recover from terminated Pi translation sessions without changing the default openai/gpt-5.4 path. (#62969, #63808) Thanks @hxy91819.

Control UI/dreaming: simplify the Scene and Diary surfaces, preserve unknown phase state for partial status payloads, and stabilize waiting-entry recency ordering so Dreaming status and review lists stay clear and deterministic. (#64035) Thanks @davemorin.

Gateway: split startup and runtime seams so gateway lifecycle sequencing, reload state, and shutdown behavior stay easier to maintain without changing observed behavior. (#63975) Thanks @gumadeiras.

Matrix/partial streaming: add MSC4357 live markers to draft preview sends and edits so supporting Matrix clients can render a live/typewriter animation and stop it when the final edit lands. (#63513) Thanks @TigerInYourDream.

QA/Telegram: add a live openclaw qa telegram lane for private-group bot-to-bot checks, harden its artifact handling, and preserve native Telegram command reply threading for QA verification. (#64303) Thanks @obviyus.

Models/Codex: add the bundled Codex provider and plugin-owned app-server harness so codex/gpt- models use Codex-managed auth, native threads, model discovery, and compaction while openai/gpt- stays on the normal OpenAI provider path. (#64298) Thanks @steipete.

Models/providers: add a bundled LM Studio provider with onboarding, runtime model discovery, stream preload support, and memory-search embeddings for local/self-hosted OpenAI-compatible models. (#53248) Thanks @rugvedS07.

Plugins/loading: narrow CLI, provider, and channel activation to manifest-declared needs, preserve explicit scope and trust boundaries, and centralize manifest-owner policy so startup, command discovery, and runtime activation avoid loading unrelated plugin runtime. (#65120, #65259, #65298, #65429, #65459) Thanks @vincentkoc.

Memory/active-memory: default QMD recall to search and surface better search-path telemetry so memory-backed recall works more predictably out of the box. (#65068) Thanks @Takhoffman.

Docs/providers: expand bundled provider docs with richer capability, env-var, and setup guidance across provider pages.

Docs/memory-wiki: add the recommended QMD + bridge-mode hybrid recipe plus zero-artifact troubleshooting guidance for memory-wiki bridge setups. (#63165) Thanks @sercada and @vincentkoc.

Fixes

Security/busybox: remove busybox/toybox from interpreter-like safe bins (#65713) Thanks @pgondhi987.

Security/Approval: prevent empty approver list from granting explicit approval authorization (#65714) Thanks @pgondhi987.

Security/Shell: broaden shell-wrapper detection and block env-argv assignment injection (#65717) Thanks @pgondhi987.

Gateway/startup: defer scheduled services until sidecars finish, gate chat history and model listing during sidecar resume, and let Control UI retry startup-gated history loads so Sandbox wake resumes channels first. (#65365) Thanks @lml2468.

Control UI/chat: load the live gateway slash-command catalog into the composer and command palette so dock commands, plugin commands, and direct skill aliases appear in chat, while keeping trusted local commands authoritative and bounding remote command metadata. (#65620) Thanks @BunsDev.

CLI/update: respawn tracked plugin refresh from the updated entrypoint after package self-updates so openclaw update stops failing on stale hashed dist/install.runtime-*.js chunk imports. (#65471)

Memory/active-memory: keep recall runs on the resolved channel when wrappers like mx-claw are enabled, improve lexical fallback ranking, and keep lexical boosts out of hybrid search so recall finds the right memories more consistently. (#65049, #65395) Thanks @Takhoffman.

Dreaming: consume managed heartbeat events exactly once, stage light-sleep confidence from all recorded short-term signals, wake scheduled jobs immediately, raise dreaming-only promotion enough to cross the durable-memory gate, and stop dreaming from re-ingesting its own narrative transcripts.

Dreaming/narrative: harden transient narrative cleanup by retrying timed-out deletes, scrubbing stale dreaming session artifacts through the lock-aware session-store path, and isolating transient narrative session keys per workspace. (#65320, #61674)

Memory/wiki: preserve Unicode letters, digits, and combining marks in wiki slugs and contradiction clustering, and cap Unicode filename segments to safe byte lengths so non-ASCII titles stop collapsing or overflowing path limits. (#64742) Thanks @zhouhe-xydt.

Memory/short-term recall: allow nested daily notes under memory//YYYY-MM-DD.md to feed short-term recall, while still excluding generated dream reports under memory/dreaming/ so dreaming does not promote its own output. (#64682) Thanks @SARAMALI15792.

UI/WebChat: hide synthetic transcript-repair tool results from chat history reloads so internal recovery markers do not leak into visible chat after reconnects. (#65247) Thanks @wangwllu.

WhatsApp/outbound: fall back to the first mediaUrls entry when mediaUrl is empty so gateway media sends stop silently dropping attachments that already have a resolved media list. (#64394) Thanks @eric-fr4 and @vincentkoc.

Doctor/Discord: stop openclaw doctor --fix from rewriting legacy Discord preview-streaming config into the nested modern shape, so downgrades can still recover without hand-editing channels.discord.streaming. (#65035) Thanks @vincentkoc.

Gateway/auth: blank the shipped example gateway credential in .env.example and fail startup when a copied placeholder token or password is still configured, so operators cannot accidentally launch with a publicly known secret. (#64586) Thanks @navarrotech and @vincentkoc.

Memory/active-memory+dreaming: keep active-memory recall runs on the strongest resolved channel, consume managed dreaming heartbeat events exactly once, stop dreaming from re-ingesting its own narrative transcripts, and add explicit repair/dedupe recovery flows in CLI, doctor, and the Dreams UI.

Agents/queueing: carry orphaned active-turn user text into the next prompt before repairing transcript ordering, so follow-up messages that arrive mid-run are no longer silently dropped. (#65388) Thanks @adminfedres and @vincentkoc.

Gateway/keepalive: stop marking WebSocket tick broadcasts as droppable so slow or backpressured clients do not self-disconnect with tick timeout while long-running work is still alive. (#65256) Thanks @100yenadmin and @vincentkoc.

Matrix/mentions: keep room mention gating strict while accepting visible @displayName Matrix URI labels, so requireMention works for non-OpenClaw Matrix clients again. (#64796) Thanks @hclsys.

Doctor: warn when on-disk agent directories still exist under ~/.openclaw/agents/<id>/agent but the matching agents.list[] entries are missing from config. (#65113) Thanks @neeravmakwana.

Telegram: route approval button callback queries onto a separate sequentializer lane so plugin approval clicks can resolve immediately instead of deadlocking behind the blocked agent turn. (#64979) Thanks @nk3750.

Telegram/direct sessions: keep commentary-only assistant fallback payloads out of visible direct delivery, so Codex planning chatter cannot leak into Telegram DMs when a run has no final_answer text.

Gateway/keepalive: stop marking WebSocket tick broadcasts as droppable so slow or backpressured clients do not self-disconnect with tick timeout while long-running work is still alive. (#65436)

Gateway/plugins: always send a non-empty idempotencyKey for plugin subagent runs, so dreaming narrative jobs stop failing gateway schema validation. (#65354) Thanks @CodeForgeNet.

Gateway/auth: blank the shipped example gateway credential in .env.example and fail startup when a copied placeholder token or password is still configured, so operators cannot accidentally launch with a publicly known secret. (#64586) Thanks @navarrotech.

Plugins/memory-core dreaming: keep bundled memory-core loaded alongside an explicit external memory slot owner only when that owner enables dreaming, while preserving plugins.slots.memory = "none" disable semantics. (#65411) Thanks @pradeep7127.

Doctor/Discord: stop openclaw doctor --fix from rewriting legacy Discord preview-streaming config into the nested modern shape, so downgrades can still recover without hand-editing channels.discord.streaming.

Doctor: warn when on-disk agent directories still exist under ~/.openclaw/agents/<id>/agent but the matching agents.list[] entries are missing from config. (#65113) Thanks @neeravmakwana.

CLI/plugins: honor memory-wiki when plugins.allow is set for openclaw wiki, and pass the active app config into the metadata registrar so plugin-owned wiki commands resolve the live plugin config instead of falling back to defaults. (#64779, #65012)

QA/packaging: stop packaged QA helpers from crashing when optional scenario execution config is unavailable, so npm distributions can skip the repo-only scenario pack without breaking completion-cache and startup paths. (#65118) Thanks @EdderTalmor.

Media/audio transcription: surface the real provider failure when every audio transcription attempt fails, so status output and the CLI stop collapsing those errors into generic skips. (#65096) Thanks @l0cka.

Infra/net: fix multipart FormData fields (including model) being silently dropped when a guarded runtime fetch body crosses a FormData implementation boundary, restoring OpenAI audio transcription requests that failed with HTTP 400. (#64349) Thanks @petr-sloup.

Dreaming/diary: use the host local timezone for diary timestamps when dreaming.timezone is unset, and include the timezone abbreviation so DREAMS.md and the UI make local or UTC time explicit. (#65034, #65057)

Dreaming/promotion: raise phase reinforcement enough for repeated dreaming-only revisits to clear the default durable-memory gate after multiple days, instead of stalling just below the score threshold. (#64068) Thanks @vincentkoc.

Dreaming/light-sleep: compute staged candidate confidence from all recorded short-term signals instead of recall-only counts, so dreaming-only entries stop rendering as confidence: 0.00. (#64599) Thanks @vincentkoc.

Plugins/memory: restore cached memory capability public artifacts on plugin-registry cache hits so memory-backed artifact surfaces stay visible after warm loads.

Gateway/cron: preserve requested isolated-agent config across runtime reloads so subagent jobs and heartbeat overrides keep the right workspace and heartbeat settings when the hot-loaded snapshot is stale.

Cron/isolated sessions: persist the right transcript path for each isolated run, including fresh session rollovers, so cron runs stop appending to stale session files.

Discord/gateway: clear stale heartbeat timers before reconnecting so zombie gateway callbacks cannot crash the process and drop in-flight replies. (#65009) Thanks @SARAMALI15792.

Matrix/mentions: keep room mention gating strict while accepting visible @displayName Matrix URI labels, so requireMention works for non-OpenClaw Matrix clients again. (#64796) Thanks @hclsys.

Agents/Anthropic replay: preserve immutable signed-thinking replay safety across stored and live reruns, keep non-thinking embedded tool_result user blocks intact, and drop conflicting preserved tool IDs before validation so retries stop degrading into omitted tool calls. (#65126) Thanks @shakkernerd.

Memory/QMD: allow channel sessions in the shipped default QMD scope, while still denying groups.

Memory/QMD: stop registering the legacy lowercase root memory file as a separate default collection, so QMD now prefers MEMORY.md and the memory/ tree without duplicate collection-add warnings.

Memory/memory-core: watch the memory directory directly and ignore non-markdown churn so nested note changes still sync on macOS + Node 25 environments where recursive memory/*/.md glob watching fails. (#64711) Thanks @jasonxargs-boop and @vincentkoc.

WhatsApp: centralize per-account connection ownership so reconnects, login recovery, and outbound readiness stay attached to the live socket instead of drifting across monitor and login paths. (#65290) Thanks @mcaxtr and @vincentkoc.

iMessage: retry transient watch.subscribe startup failures before tearing down the monitor, and sanitize startup error logging so brief local transport stalls do not immediately bounce the channel or leak raw imsg RPC payloads into logs. (#65393) Thanks @vincentkoc.

CLI/audio providers: report env-authenticated providers as configured in openclaw infer audio providers --json, while keeping trusted workspace provider env lookup defaults stable during auth setup. (#65491)

Plugins/install: reinstall bundled runtime packages when the matching platform native optional child is missing, so packaged Windows installs can recover dependencies that were packed on another host OS.

Memory/QMD: preserve explicit memory.qmd.command paths, create missing agent workspaces before QMD probes, and keep the current Node binary on QMD subprocess PATH so service and gateway environments do not fall back to builtin search unnecessarily.