OpenClaw Release Notes

Changes

• Exec approvals: remove the old cat SKILL.md && printf ... && <skill-wrapper> allowlist compatibility path so skill files must be loaded with the read tool and only the real skill executable is auto-allowed.
• Discord: let voice sessions follow configured Discord users into voice channels, with allowed-channel checks, multi-user handoff, bounded reconciliation, and DAVE recovery preservation. (#84264) Thanks @fuller-stack-dev.
• Discord/voice: include bounded IDENTITY.md, USER.md, and SOUL.md profile context in realtime voice session instructions by default, with voice.realtime.bootstrapContextFiles: [] available to disable it. (#84499) Thanks @fuller-stack-dev.
• Dependencies: bump the bundled Codex harness to @openai/codex 0.132.0 and refresh the app-server model-list docs for the new catalog.
• CLI/policy: add the bundled Policy plugin for policy-backed channel conformance checks, doctor lint findings, and opt-in workspace repair. (#80407) Thanks @giodl73-repo.
• Agents/config: allow agents.list[].experimental.localModelLean so lean local-model mode can be enabled for one configured agent instead of globally.
• Providers/xAI: add device-code OAuth login so remote and headless setups can authorize xAI without a localhost browser callback. (#84005) Thanks @fuller-stack-dev.
• Providers/OpenRouter: honor provider-level params.provider routing policy for OpenRouter requests, with model and agent params overriding the defaults. Thanks @amknight.

Fixes

• CLI/tasks: include stale-running task maintenance decisions in openclaw tasks maintenance --json so retained and reconcile candidates explain backing-session, cron, CLI, and wedged-subagent state. (#84691) Thanks @efpiva.
• Codex app-server: keep system-prompt reports working when bootstrap hooks provide workspace files with only a path and content, so hook-supplied SOUL/IDENTITY/TOOLS/USER context still reports injected characters correctly. (#84736) Thanks @JARVIS-Glasses.
• Providers/MiniMax music: stop advertising durationSeconds control and remove prompt-injected duration hints, so music_generate reports MiniMax duration as an unsupported override instead of suggesting MiniMax can enforce track length. Fixes #84508. Thanks @neeravmakwana.
• Doctor: warn when sandbox tool policy hides configured MCP server tools before provider requests. (#84699) Thanks @nxmxbbd.
• WhatsApp: update Baileys to 7.0.0-rc12.
• Build: suppress per-locale rolldown-plugin-dts:fake-js CommonJS dts warnings emitted while bundling the intentionally-inlined zod/v4/locales/*.d.cts files, so pnpm build output stays readable after the 0.25.1 plugin bump. Thanks @RomneyDa.
• CLI/nodes: route lazy plugin-registration logs to stderr for JSON-mode openclaw nodes commands so stdout stays parseable. (#84684) Thanks @TurboTheTurtle.
• Approvals: route manual /approve decisions through the trusted approval runtime so active exec and plugin approvals no longer look unknown or expired.
• Mac app: update the About settings copyright year to 2026. (#84385) Thanks @pejmanjohn.
• Dependencies: update @openclaw/fs-safe to 0.2.7 so OpenClaw's default Python-helper-off policy keeps best-effort Node write fallbacks for private stores, secret writes, run logs, and media attachments on Linux/macOS.
• Infra/secrets: restore the fail-closed contract for tryReadSecretFileSync so credential loaders that pass rejectSymlink: true (Telegram, LINE, Zalo, IRC, Nextcloud Talk tokens) refuse symlinked credential files instead of silently accepting them, and the infra-state CI shard's secret-file symlink test passes again. Thanks @RomneyDa.
• Browser: honor the configured image sanitization limit for screenshots and labeled snapshots so browser-captured images follow the same resize policy as other image results. (#84595)
• Doctor: remove unrecognized models.providers..models[].compat.thinkingFormat values during doctor --fix so stale provider model config can validate after upgrade. Fixes #77803.
• Doctor: warn when openclaw.json stores plaintext secret-bearing config fields, including model provider API keys and sensitive provider headers. (#84718) Thanks @lukaIvanic.
• Status: show the configured default, session-selected model, reason, clear hint, and docs link when a session remains pinned to a model that differs from agents.defaults.model.primary.
• WebChat: clear stale typing indicators when session change events mark the active chat run complete.
• Mac app: keep local packaging signed with a stable app identity for permission testing and fix Control UI production builds under current Vite/Highlight.js exports.
• macOS app: update the embedded Peekaboo bridge to 3.2.1 so OpenClaw-hosted UI automation works with current Peekaboo CLI capture flows.
• Cron: deliver preferred final assistant output for successful scheduled runs when trailing plain tool warnings remain in diagnostics instead of marking the run failed.
• fix(mattermost): fail closed on missing channel type [AI]. (#84091) Thanks @pgondhi987.
• Recheck rebuilt system.run argv [AI]. (#84090) Thanks @pgondhi987.
• CLI: keep the private QA subcommand out of exported command descriptors unless OPENCLAW_ENABLE_PRIVATE_QA_CLI=1, so root help and subcommand markers match runtime registration. (#84519)
• CLI/cron: bound openclaw cron show job lookup pagination so non-advancing or unbounded cron.list responses fail instead of hanging the command. Fixes #83856. (#83989)
• Agents/messages: stop message-tool-only turns after a successful source-channel message send while keeping transcript mirrors under the session write lock. (#84289)
• Agents: filter silent heartbeat response-tool transcript artifacts out of embedded context snapshots so later user turns are not polluted by heartbeat no-op messages. (#83477) Thanks @fuller-stack-dev.
• Agents/OpenAI: log repeated strict tool-schema downgrade diagnostics once per provider/model/tool signature, reducing duplicate debug noise while preserving strict=false fallback behavior. Fixes #82930. (#82933) Thanks @galiniliev.
• Agents/code mode: spell out the exec tool's JavaScript/TypeScript, no Node module, and catalog-bridge constraints in model-visible schema text so agents can use enabled tools without trial-and-error. (#84269) Thanks @Kaspre.
• Codex: give image_generate dynamic-tool calls a 120s default watchdog when no per-call or configured image timeout is set, so image generation no longer falls back to the generic 30s bridge timeout. (#84254) Thanks @moritzmmayerhofer.
• Codex: avoid duplicate dynamic tool terminal diagnostics while large diagnostic backlogs drain without blocking tool responses. (#82937) Thanks @galiniliev.
• CLI/message: include a stable top-level messageId in openclaw message --json output when channel sends return one. (#84191) Thanks @100menotu001.
• Cron: preserve legacy top-level array jobs.json stores when loading or adding scheduled jobs so old cron jobs are no longer treated as an empty store during upgrade. Fixes #60799. (#84433) Thanks @IWhatsskill.
• Gateway/agents: use an agent's identity.name in Gateway agent summaries when agents.list[].name is unset, so configured agent labels remain visible in clients. (#84355; refs #57835) Thanks @luoyanglang.
• Channels/replies: keep normal /verbose failed-tool progress compact in message-tool replies and prevent late text-only tool output from appearing after the final answer. (#84303) Thanks @VACInc.
• Plugins/hooks: apply a default 30-second timeout to before_compaction and after_compaction hooks so a hung plugin handler no longer blocks compaction completion. (#84153)
• Discord: preserve disabled presentation buttons when adapting and rendering Discord message controls. (#84188) Thanks @100menotu001.
• Twitch: add a test-only client-manager registry reset helper so non-isolated Twitch tests can clear cached managers between cases. Fixes #83887. (#84244) Thanks @hclsys.
• Cron: run main-session scheduled work on a cron-owned wake lane while preserving reply delivery context, so background cron turns no longer block human main-session chat. Fixes #82766. (#82767) Thanks @galiniliev.
• Cron: use structured embedded-run denial metadata for isolated scheduled tasks so blocked exec requests fail the job without treating ordinary assistant prose as a denial. (#84067) Thanks @abnershang.
• Cron: keep recovered tool warnings diagnostic for successful scheduled runs so final cron output is delivered instead of being replaced by a post-processing warning. (#84045) Thanks @abnershang.
• Plugins/perf: thread explicit plugin discovery results through loadBundledCapabilityRuntimeRegistry, resolveBundledPluginSources, and listChannelCatalogEntries so callers that already hold a discovery result skip redundant filesystem walks. Thanks @SebTardif.
• harden update restart script creation [AI]. (#84088) Thanks @pgondhi987.
• Docker: keep the bundled Codex plugin in official release image keep lists so the default OpenAI agent harness remains available after Docker pruning. Fixes #83613. (#83626) Thanks @YuanHanzhong.
• CLI/channels: preserve the first line of openclaw channels logs output when the rolling tail window starts exactly on a line boundary, mirroring the already-fixed readLogSlice behavior in src/logging/log-tail.ts.
• Control UI: treat terminal session status as authoritative over stale active-run flags so completed terminal runs stop showing abort/live UI. (#84057)
• CLI: preserve embedded equals signs in inline root option values instead of truncating after the second separator. (#83995) Thanks @ThiagoCAltoe.
• Matrix/config: accept messages.queue.byChannel.matrix queue overrides and keep queue provider schema/type keys aligned for Matrix, Google Chat, and Mattermost. Thanks @bdjben.
• CLI: format openclaw acp client failures through the shared error formatter so object-shaped errors stay readable instead of printing [object Object]. Fixes #83904. (#84080)
• Providers/Ollama: default unknown-capabilities models to tool-capable so discovered native Ollama models can use tools when /api/show omits capabilities. (#84055) Thanks @dutifulbob.
• Installer/Windows: launch install.ps1 onboarding as an attached child process so fresh native Windows installs do not freeze visibly at Starting setup... or corrupt the wizard's terminal rendering.
• CLI/update: keep restart health checks working across one-version CLI/Gateway protocol skew and use the managed Gateway service Node for all follow-up commands even when the package root is unchanged, so openclaw update no longer silently switches the gateway to a different Node binary when multiple Node installations are present. Thanks @amknight.
• CLI/gateway: include the running Gateway version in gateway status JSON output, preserving existing server metadata while falling back to status RPC data for read probes. Fixes #56222. Thanks @galiniliev.
• Memory/search: close local embedding providers when active-memory searches time out so pending local model loads and embedding contexts are aborted and released. (#83858) Thanks @brokemac79.
• CLI/nodes: request pending node surface approval scopes before openclaw nodes approve so exec-capable node approval can use admin-scoped Gateway credentials instead of failing with missing scope: operator.admin. (#84392) Thanks @joshavant.
• Gateway: reject slow node event sends before outbound buffers grow unbounded and log the rejected payload diagnostic. (#84387) Thanks @samzong.
• Agents: include bounded trajectory queued-writer diagnostics in pi-trajectory-flush timeout warnings so flush stalls show pending writes, queued bytes, and append state. Fixes #82961. (#82962) Thanks @galiniliev.
• Agents/subagents: recover stale completion announces by retrying unsupported transcript-wait wakes without transcript waiting and forcing a message-tool handoff when the requester run is already stale. Fixes #83699. (#83700) Thanks @galiniliev.
• Agents/subagents: constrain wildcard subagent target allowlists to configured agents while preserving explicitly listed compatibility targets. Fixes #84040. (#84357) Thanks @joshavant.
• Providers/Anthropic: route Anthropic model refs selected with Claude CLI auth through the Claude CLI runtime so shorthand refs such as anthropic/opus-4.7 no longer fall back to embedded Anthropic billing. Fixes #84222. (#84374) Thanks @joshavant.
• Agents: honor explicit models.providers.<id>.timeoutSeconds values above the default idle watchdog for cloud and self-hosted providers, so long first-token waits no longer fall back at ~120s when the provider timeout is higher. (#83979) Thanks @yujiawei.
• Agents/Codex: keep encrypted Responses reasoning replay provenance-bound so stale mirrored Codex transcripts drop invalid encrypted content before request assembly while preserving matching same-session replay. Fixes #83836. (#84367) Thanks @joshavant.
• Agents/subagents: skip stale embedded-run wake probes for dormant completion requesters, so late subagent completions go straight to requester-agent/direct handoff instead of producing reason=no_active_run queue noise. (#82964) Thanks @galiniliev.
• CLI: retry config snapshot reads after a transient failure so one rejected read no longer poisons later commands in the same process. (#83931) Thanks @honor2030.
• Media: decode URL path basenames before using them as remote media fallback filenames, so files like My%20Report.pdf are surfaced as My Report.pdf. Fixes #84050. (#84052) Thanks @jbetala7.
• WhatsApp: clarify inbound group diagnostics so observed but unregistered groups point to channels.whatsapp.groups without changing routing or sender authorization. (#83846) Thanks @neeravmakwana.
• WhatsApp: drain pending outbound deliveries on a 30s periodic timer in addition to the reconnect handler, so messages enqueued while the provider is already connected no longer wait for the next reconnect to send. (#79083) Thanks @Oviemudiaga.
• CLI/TUI: include gateway plugin slash commands in TUI autocomplete, so connected sessions can suggest plugin-owned commands exposed by the running Gateway. (#83640) Thanks @se7en-agent.
• Gateway/mobile: restore QR setup-code handoff of bounded operator tokens for iOS and Android onboarding while keeping admin and pairing scopes out of bootstrap. (#83684) Thanks @ngutman.
• iOS: repair Release archive compilation for the TestFlight build. (#84255) Thanks @ngutman.
• Agents/compaction: bound plugin-owned CLI transcript compaction with the host safety timeout so a hung context engine can no longer stall post-turn cleanup. (#84083) Thanks @100yenadmin.
• Control UI/usage: truncate long context skill, tool, and file names in the usage panel while keeping the full name available on hover. (#42197) Thanks @Rain120.
• Codex: respect explicit models auth order set and config.auth.order precedence over stale lastGood in /codex account, and show no working credential when every explicit-order profile is ineligible instead of marking a lower-ranked profile as active. Fixes #84386. (#84412) Thanks @openperf.
• Agents: honor messages.suppressToolErrors for mutating tool failures so configured chat surfaces do not receive separate warning payloads. (#81561) Thanks @moeedahmed.
• Agents/fallback: surface billing guidance for mixed rate-limit plus billing fallback exhaustion instead of generic failure copy. Fixes #79396. (#79489) Thanks @aayushprsingh.

Release verification

• npm package: https://www.npmjs.com/package/openclaw/v/2026.5.20
• registry tarball: https://registry.npmjs.org/openclaw/-/openclaw-2026.5.20.tgz
• integrity: sha512-cgshS76CxS3Vp9NGtJR2UGtVZxVR5/4rvok8DKGGL19DugAftNabsXfYajyAEiJ3dC8QTXNqF62MdQNzUnQe8Q==
• full release CI report: https://github.com/openclaw/releases-private/blob/main/evidence/2026.5.20/release-evidence.md
• full release validation: https://github.com/openclaw/openclaw/actions/runs/26248546974
• full release validation manifest: https://github.com/openclaw/openclaw/actions/runs/26248546974/artifacts/7146395269
• normal full CI: https://github.com/openclaw/openclaw/actions/runs/26248760810
• release checks: https://github.com/openclaw/openclaw/actions/runs/26248762847
• plugin prerelease: https://github.com/openclaw/openclaw/actions/runs/26248761192
• npm preflight: https://github.com/openclaw/openclaw/actions/runs/26248551138
• release publish: https://github.com/openclaw/openclaw/actions/runs/26251157671
• plugin npm publish: https://github.com/openclaw/openclaw/actions/runs/26251316669
• plugin ClawHub publish: https://github.com/openclaw/openclaw/actions/runs/26251319171
• OpenClaw npm publish: https://github.com/openclaw/openclaw/actions/runs/26251677950
• npm Telegram package E2E: https://github.com/openclaw/openclaw/actions/runs/26252161788
• macOS preflight/sign/notarize: https://github.com/openclaw/releases-private/actions/runs/26252146980
• macOS validation: https://github.com/openclaw/releases-private/actions/runs/26253801999
• macOS publish/appcast: https://github.com/openclaw/releases-private/actions/runs/26253953375
• appcast: https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml
• macOS zip: https://github.com/openclaw/openclaw/releases/download/v2026.5.20/OpenClaw-2026.5.20.zip
• macOS dmg: https://github.com/openclaw/openclaw/releases/download/v2026.5.20/OpenClaw-2026.5.20.dmg
• macOS dSYM: https://github.com/openclaw/openclaw/releases/download/v2026.5.20/OpenClaw-2026.5.20.dSYM.zip

Original source

Changes

Exec approvals: remove the old cat SKILL.md && printf ... && <skill-wrapper> allowlist compatibility path so skill files must be loaded with the read tool and only the real skill executable is auto-allowed.

Discord: let voice sessions follow configured Discord users into voice channels, with allowed-channel checks, multi-user handoff, bounded reconciliation, and DAVE recovery preservation. (#84264) Thanks @fuller-stack-dev.

Discord/voice: include bounded IDENTITY.md, USER.md, and SOUL.md profile context in realtime voice session instructions by default, with voice.realtime.bootstrapContextFiles: [] available to disable it. (#84499) Thanks @fuller-stack-dev.

Dependencies: bump the bundled Codex harness to @openai/codex 0.132.0 and refresh the app-server model-list docs for the new catalog.

CLI/policy: add the bundled Policy plugin for policy-backed channel conformance checks, doctor lint findings, and opt-in workspace repair. (#80407) Thanks @giodl73-repo.

Agents/config: allow agents.list[].experimental.localModelLean so lean local-model mode can be enabled for one configured agent instead of globally.

Providers/xAI: add device-code OAuth login so remote and headless setups can authorize xAI without a localhost browser callback. (#84005) Thanks @fuller-stack-dev.

Providers/OpenRouter: honor provider-level params.provider routing policy for OpenRouter requests, with model and agent params overriding the defaults. Thanks @amknight.

Fixes

CLI/tasks: include stale-running task maintenance decisions in openclaw tasks maintenance --json so retained and reconcile candidates explain backing-session, cron, CLI, and wedged-subagent state. (#84691) Thanks @efpiva.

Codex app-server: keep system-prompt reports working when bootstrap hooks provide workspace files with only a path and content, so hook-supplied SOUL/IDENTITY/TOOLS/USER context still reports injected characters correctly. (#84736) Thanks @JARVIS-Glasses.

Providers/MiniMax music: stop advertising durationSeconds control and remove prompt-injected duration hints, so music_generate reports MiniMax duration as an unsupported override instead of suggesting MiniMax can enforce track length. Fixes #84508. Thanks @neeravmakwana.

Doctor: warn when sandbox tool policy hides configured MCP server tools before provider requests. (#84699) Thanks @nxmxbbd.

WhatsApp: update Baileys to 7.0.0-rc12.

Build: suppress per-locale rolldown-plugin-dts:fake-js CommonJS dts warnings emitted while bundling the intentionally-inlined zod/v4/locales/*.d.cts files, so pnpm build output stays readable after the 0.25.1 plugin bump. Thanks @RomneyDa.

CLI/nodes: route lazy plugin-registration logs to stderr for JSON-mode openclaw nodes commands so stdout stays parseable. (#84684) Thanks @TurboTheTurtle.

Approvals: route manual /approve decisions through the trusted approval runtime so active exec and plugin approvals no longer look unknown or expired.

Mac app: update the About settings copyright year to 2026. (#84385) Thanks @pejmanjohn.

Dependencies: update @openclaw/fs-safe to 0.2.7 so OpenClaw's default Python-helper-off policy keeps best-effort Node write fallbacks for private stores, secret writes, run logs, and media attachments on Linux/macOS.

Infra/secrets: restore the fail-closed contract for tryReadSecretFileSync so credential loaders that pass rejectSymlink: true (Telegram, LINE, Zalo, IRC, Nextcloud Talk tokens) refuse symlinked credential files instead of silently accepting them, and the infra-state CI shard's secret-file symlink test passes again. Thanks @RomneyDa.

Browser: honor the configured image sanitization limit for screenshots and labeled snapshots so browser-captured images follow the same resize policy as other image results. (#84595)

Doctor: remove unrecognized models.providers..models[].compat.thinkingFormat values during doctor --fix so stale provider model config can validate after upgrade. Fixes #77803.

Doctor: warn when openclaw.json stores plaintext secret-bearing config fields, including model provider API keys and sensitive provider headers. (#84718) Thanks @lukaIvanic.

Status: show the configured default, session-selected model, reason, clear hint, and docs link when a session remains pinned to a model that differs from agents.defaults.model.primary.

WebChat: clear stale typing indicators when session change events mark the active chat run complete.

Mac app: keep local packaging signed with a stable app identity for permission testing and fix Control UI production builds under current Vite/Highlight.js exports.

macOS app: update the embedded Peekaboo bridge to 3.2.1 so OpenClaw-hosted UI automation works with current Peekaboo CLI capture flows.

Cron: deliver preferred final assistant output for successful scheduled runs when trailing plain tool warnings remain in diagnostics instead of marking the run failed.

fix(mattermost): fail closed on missing channel type [AI]. (#84091) Thanks @pgondhi987.

Recheck rebuilt system.run argv [AI]. (#84090) Thanks @pgondhi987.

CLI: keep the private QA subcommand out of exported command descriptors unless OPENCLAW_ENABLE_PRIVATE_QA_CLI=1, so root help and subcommand markers match runtime registration. (#84519)

CLI/cron: bound openclaw cron show job lookup pagination so non-advancing or unbounded cron.list responses fail instead of hanging the command. Fixes #83856. (#83989)

Agents/messages: stop message-tool-only turns after a successful source-channel message send while keeping transcript mirrors under the session write lock. (#84289)

Agents: filter silent heartbeat response-tool transcript artifacts out of embedded context snapshots so later user turns are not polluted by heartbeat no-op messages. (#83477) Thanks @fuller-stack-dev.

Agents/OpenAI: log repeated strict tool-schema downgrade diagnostics once per provider/model/tool signature, reducing duplicate debug noise while preserving strict=false fallback behavior. Fixes #82930. (#82933) Thanks @galiniliev.

Agents/code mode: spell out the exec tool's JavaScript/TypeScript, no Node module, and catalog-bridge constraints in model-visible schema text so agents can use enabled tools without trial-and-error. (#84269) Thanks @Kaspre.

Codex: give image_generate dynamic-tool calls a 120s default watchdog when no per-call or configured image timeout is set, so image generation no longer falls back to the generic 30s bridge timeout. (#84254) Thanks @moritzmmayerhofer.

Codex: avoid duplicate dynamic tool terminal diagnostics while large diagnostic backlogs drain without blocking tool responses. (#82937) Thanks @galiniliev.

CLI/message: include a stable top-level messageId in openclaw message --json output when channel sends return one. (#84191) Thanks @100menotu001.

Cron: preserve legacy top-level array jobs.json stores when loading or adding scheduled jobs so old cron jobs are no longer treated as an empty store during upgrade. Fixes #60799. (#84433) Thanks @IWhatsskill.

Gateway/agents: use an agent's identity.name in Gateway agent summaries when agents.list[].name is unset, so configured agent labels remain visible in clients. (#84355; refs #57835) Thanks @luoyanglang.

Channels/replies: keep normal /verbose failed-tool progress compact in message-tool replies and prevent late text-only tool output from appearing after the final answer. (#84303) Thanks @VACInc.

Plugins/hooks: apply a default 30-second timeout to before_compaction and after_compaction hooks so a hung plugin handler no longer blocks compaction completion. (#84153)

Discord: preserve disabled presentation buttons when adapting and rendering Discord message controls. (#84188) Thanks @100menotu001.

Twitch: add a test-only client-manager registry reset helper so non-isolated Twitch tests can clear cached managers between cases. Fixes #83887. (#84244) Thanks @hclsys.

Cron: run main-session scheduled work on a cron-owned wake lane while preserving reply delivery context, so background cron turns no longer block human main-session chat. Fixes #82766. (#82767) Thanks @galiniliev.

Cron: use structured embedded-run denial metadata for isolated scheduled tasks so blocked exec requests fail the job without treating ordinary assistant prose as a denial. (#84067) Thanks @abnershang.

Cron: keep recovered tool warnings diagnostic for successful scheduled runs so final cron output is delivered instead of being replaced by a post-processing warning. (#84045) Thanks @abnershang.

Plugins/perf: thread explicit plugin discovery results through loadBundledCapabilityRuntimeRegistry, resolveBundledPluginSources, and listChannelCatalogEntries so callers that already hold a discovery result skip redundant filesystem walks. Thanks @SebTardif.

harden update restart script creation [AI]. (#84088) Thanks @pgondhi987.

Docker: keep the bundled Codex plugin in official release image keep lists so the default OpenAI agent harness remains available after Docker pruning. Fixes #83613. (#83626) Thanks @YuanHanzhong.

CLI/channels: preserve the first line of openclaw channels logs output when the rolling tail window starts exactly on a line boundary, mirroring the already-fixed readLogSlice behavior in src/logging/log-tail.ts.

Control UI: treat terminal session status as authoritative over stale active-run flags so completed terminal runs stop showing abort/live UI. (#84057)

CLI: preserve embedded equals signs in inline root option values instead of truncating after the second separator. (#83995) Thanks @ThiagoCAltoe.

Matrix/config: accept messages.queue.byChannel.matrix queue overrides and keep queue provider schema/type keys aligned for Matrix, Google Chat, and Mattermost. Thanks @bdjben.

CLI: format openclaw acp client failures through the shared error formatter so object-shaped errors stay readable instead of printing [object Object]. Fixes #83904. (#84080)

Providers/Ollama: default unknown-capabilities models to tool-capable so discovered native Ollama models can use tools when /api/show omits capabilities. (#84055) Thanks @dutifulbob.

Installer/Windows: launch install.ps1 onboarding as an attached child process so fresh native Windows installs do not freeze visibly at Starting setup... or corrupt the wizard's terminal rendering.

CLI/update: keep restart health checks working across one-version CLI/Gateway protocol skew and use the managed Gateway service Node for all follow-up commands even when the package root is unchanged, so openclaw update no longer silently switches the gateway to a different Node binary when multiple Node installations are present. Thanks @amknight.

CLI/gateway: include the running Gateway version in gateway status JSON output, preserving existing server metadata while falling back to status RPC data for read probes. Fixes #56222. Thanks @galiniliev.

Memory/search: close local embedding providers when active-memory searches time out so pending local model loads and embedding contexts are aborted and released. (#83858) Thanks @brokemac79.

CLI/nodes: request pending node surface approval scopes before openclaw nodes approve so exec-capable node approval can use admin-scoped Gateway credentials instead of failing with missing scope: operator.admin. (#84392) Thanks @joshavant.

Gateway: reject slow node event sends before outbound buffers grow unbounded and log the rejected payload diagnostic. (#84387) Thanks @samzong.

Agents: include bounded trajectory queued-writer diagnostics in pi-trajectory-flush timeout warnings so flush stalls show pending writes, queued bytes, and append state. Fixes #82961. (#82962) Thanks @galiniliev.

Agents/subagents: recover stale completion announces by retrying unsupported transcript-wait wakes without transcript waiting and forcing a message-tool handoff when the requester run is already stale. Fixes #83699. (#83700) Thanks @galiniliev.

Agents/subagents: constrain wildcard subagent target allowlists to configured agents while preserving explicitly listed compatibility targets. Fixes #84040. (#84357) Thanks @joshavant.

Providers/Anthropic: route Anthropic model refs selected with Claude CLI auth through the Claude CLI runtime so shorthand refs such as anthropic/opus-4.7 no longer fall back to embedded Anthropic billing. Fixes #84222. (#84374) Thanks @joshavant.

Agents: honor explicit models.providers.<id>.timeoutSeconds values above the default idle watchdog for cloud and self-hosted providers, so long first-token waits no longer fall back at ~120s when the provider timeout is higher. (#83979) Thanks @yujiawei.

Agents/Codex: keep encrypted Responses reasoning replay provenance-bound so stale mirrored Codex transcripts drop invalid encrypted content before request assembly while preserving matching same-session replay. Fixes #83836. (#84367) Thanks @joshavant.

Agents/subagents: skip stale embedded-run wake probes for dormant completion requesters, so late subagent completions go straight to requester-agent/direct handoff instead of producing reason=no_active_run queue noise. (#82964) Thanks @galiniliev.

CLI: retry config snapshot reads after a transient failure so one rejected read no longer poisons later commands in the same process. (#83931) Thanks @honor2030.

Media: decode URL path basenames before using them as remote media fallback filenames, so files like My%20Report.pdf are surfaced as My Report.pdf. Fixes #84050. (#84052) Thanks @jbetala7.

WhatsApp: clarify inbound group diagnostics so observed but unregistered groups point to channels.whatsapp.groups without changing routing or sender authorization. (#83846) Thanks @neeravmakwana.

WhatsApp: drain pending outbound deliveries on a 30s periodic timer in addition to the reconnect handler, so messages enqueued while the provider is already connected no longer wait for the next reconnect to send. (#79083) Thanks @Oviemudiaga.

CLI/TUI: include gateway plugin slash commands in TUI autocomplete, so connected sessions can suggest plugin-owned commands exposed by the running Gateway. (#83640) Thanks @se7en-agent.

Gateway/mobile: restore QR setup-code handoff of bounded operator tokens for iOS and Android onboarding while keeping admin and pairing scopes out of bootstrap. (#83684) Thanks @ngutman.

iOS: repair Release archive compilation for the TestFlight build. (#84255) Thanks @ngutman.

Agents/compaction: bound plugin-owned CLI transcript compaction with the host safety timeout so a hung context engine can no longer stall post-turn cleanup. (#84083) Thanks @100yenadmin.

Control UI/usage: truncate long context skill, tool, and file names in the usage panel while keeping the full name available on hover. (#42197) Thanks @Rain120.

Codex: respect explicit models auth order set and config.auth.order precedence over stale lastGood in /codex account, and show no working credential when every explicit-order profile is ineligible instead of marking a lower-ranked profile as active. Fixes #84386. (#84412) Thanks @openperf.

Agents: honor messages.suppressToolErrors for mutating tool failures so configured chat surfaces do not receive separate warning payloads. (#81561) Thanks @moeedahmed.

Agents/fallback: surface billing guidance for mixed rate-limit plus billing fallback exhaustion instead of generic failure copy. Fixes #79396. (#79489) Thanks @aayushprsingh.

Release verification

npm package: https://www.npmjs.com/package/openclaw/v/2026.5.20-beta.2

registry tarball: https://registry.npmjs.org/openclaw/-/openclaw-2026.5.20-beta.2.tgz

integrity: sha512-+4KVWXl74QqLVS/ODKI9+xJXcW1O3pNw6VlNEnQ/lRJvdJbJfymVLOFrYer+2WI9dYH0V4UOoWT78Pfn3hZdOQ==

release publish: https://github.com/openclaw/openclaw/actions/runs/26236203338

npm preflight: https://github.com/openclaw/openclaw/actions/runs/26234059241

full release validation: https://github.com/openclaw/openclaw/actions/runs/26234053358

plugin npm publish: https://github.com/openclaw/openclaw/actions/runs/26236412882

plugin ClawHub publish: dispatched separately, not awaited by this proof: https://github.com/openclaw/openclaw/actions/runs/26236416443

OpenClaw npm publish: https://github.com/openclaw/openclaw/actions/runs/26236812220

npm Telegram beta E2E: https://github.com/openclaw/openclaw/actions/runs/26237173717

Parallels all-OS npm update/fresh proof: pass; fresh [email protected], same-guest update to 2026.5.20-beta.2, and fresh [email protected] on macOS/Windows/Linux; local artifact run openclaw-parallels-npm-update.ur3ttx

Original source

Changes

Discord: let voice sessions follow configured Discord users into voice channels, with allowed-channel checks, multi-user handoff, bounded reconciliation, and DAVE recovery preservation. (#84264) Thanks @fuller-stack-dev.

Discord/voice: include bounded IDENTITY.md, USER.md, and SOUL.md profile context in realtime voice session instructions by default, with voice.realtime.bootstrapContextFiles: [] available to disable it. (#84499) Thanks @fuller-stack-dev.

Dependencies: bump the bundled Codex harness to @openai/codex 0.132.0 and refresh the app-server model-list docs for the new catalog.

CLI/policy: add the bundled Policy plugin for policy-backed channel conformance checks, doctor lint findings, and opt-in workspace repair. (#80407) Thanks @giodl73-repo.

Agents/config: allow agents.list[].experimental.localModelLean so lean local-model mode can be enabled for one configured agent instead of globally.

Providers/xAI: add device-code OAuth login so remote and headless setups can authorize xAI without a localhost browser callback. (#84005) Thanks @fuller-stack-dev.

Providers/OpenRouter: honor provider-level params.provider routing policy for OpenRouter requests, with model and agent params overriding the defaults. Thanks @amknight.

Fixes

WhatsApp: update Baileys to 7.0.0-rc12.

Dependencies: update @openclaw/fs-safe to 0.2.7 so OpenClaw's default Python-helper-off policy keeps best-effort Node write fallbacks for private stores, secret writes, run logs, and media attachments on Linux/macOS.

Browser: honor the configured image sanitization limit for screenshots and labeled snapshots so browser-captured images follow the same resize policy as other image results. (#84595)

Doctor: remove unrecognized models.providers..models[].compat.thinkingFormat values during doctor --fix so stale provider model config can validate after upgrade. Fixes #77803.

Status: show the configured default, session-selected model, reason, clear hint, and docs link when a session remains pinned to a model that differs from agents.defaults.model.primary.

Mac app: keep local packaging signed with a stable app identity for permission testing and fix Control UI production builds under current Vite/Highlight.js exports.

macOS app: update the embedded Peekaboo bridge to 3.2.1 so OpenClaw-hosted UI automation works with current Peekaboo CLI capture flows.

Cron: deliver preferred final assistant output for successful scheduled runs when trailing plain tool warnings remain in diagnostics instead of marking the run failed.

fix(mattermost): fail closed on missing channel type [AI]. (#84091) Thanks @pgondhi987.

Recheck rebuilt system.run argv [AI]. (#84090) Thanks @pgondhi987.

CLI: keep the private QA subcommand out of exported command descriptors unless OPENCLAW_ENABLE_PRIVATE_QA_CLI=1, so root help and subcommand markers match runtime registration. (#84519)

CLI/cron: bound openclaw cron show job lookup pagination so non-advancing or unbounded cron.list responses fail instead of hanging the command. Fixes #83856. (#83989)

Agents/messages: stop message-tool-only turns after a successful source-channel message send while keeping transcript mirrors under the session write lock. (#84289)

Agents: filter silent heartbeat response-tool transcript artifacts out of embedded context snapshots so later user turns are not polluted by heartbeat no-op messages. (#83477) Thanks @fuller-stack-dev.

Agents/OpenAI: log repeated strict tool-schema downgrade diagnostics once per provider/model/tool signature, reducing duplicate debug noise while preserving strict=false fallback behavior. Fixes #82930. (#82933) Thanks @galiniliev.

Agents/code mode: spell out the exec tool's JavaScript/TypeScript, no Node module, and catalog-bridge constraints in model-visible schema text so agents can use enabled tools without trial-and-error. (#84269) Thanks @Kaspre.

Codex: give image_generate dynamic-tool calls a 120s default watchdog when no per-call or configured image timeout is set, so image generation no longer falls back to the generic 30s bridge timeout. (#84254) Thanks @moritzmmayerhofer.

Codex: avoid duplicate dynamic tool terminal diagnostics while large diagnostic backlogs drain without blocking tool responses. (#82937) Thanks @galiniliev.

CLI/message: include a stable top-level messageId in openclaw message --json output when channel sends return one. (#84191) Thanks @100menotu001.

Cron: preserve legacy top-level array jobs.json stores when loading or adding scheduled jobs so old cron jobs are no longer treated as an empty store during upgrade. Fixes #60799. (#84433) Thanks @IWhatsskill.

Gateway/agents: use an agent's identity.name in Gateway agent summaries when agents.list[].name is unset, so configured agent labels remain visible in clients. (#84355; refs #57835) Thanks @luoyanglang.

Channels/replies: keep normal /verbose failed-tool progress compact in message-tool replies and prevent late text-only tool output from appearing after the final answer. (#84303) Thanks @VACInc.

Plugins/hooks: apply a default 30-second timeout to before_compaction and after_compaction hooks so a hung plugin handler no longer blocks compaction completion. (#84153)

Discord: preserve disabled presentation buttons when adapting and rendering Discord message controls. (#84188) Thanks @100menotu001.

Twitch: add a test-only client-manager registry reset helper so non-isolated Twitch tests can clear cached managers between cases. Fixes #83887. (#84244) Thanks @hclsys.

Cron: run main-session scheduled work on a cron-owned wake lane while preserving reply delivery context, so background cron turns no longer block human main-session chat. Fixes #82766. (#82767) Thanks @galiniliev.

Cron: use structured embedded-run denial metadata for isolated scheduled tasks so blocked exec requests fail the job without treating ordinary assistant prose as a denial. (#84067) Thanks @abnershang.

Cron: keep recovered tool warnings diagnostic for successful scheduled runs so final cron output is delivered instead of being replaced by a post-processing warning. (#84045) Thanks @abnershang.

Plugins/perf: thread explicit plugin discovery results through loadBundledCapabilityRuntimeRegistry, resolveBundledPluginSources, and listChannelCatalogEntries so callers that already hold a discovery result skip redundant filesystem walks. Thanks @SebTardif.

harden update restart script creation [AI]. (#84088) Thanks @pgondhi987.

Docker: keep the bundled Codex plugin in official release image keep lists so the default OpenAI agent harness remains available after Docker pruning. Fixes #83613. (#83626) Thanks @YuanHanzhong.

CLI/channels: preserve the first line of openclaw channels logs output when the rolling tail window starts exactly on a line boundary, mirroring the already-fixed readLogSlice behavior in src/logging/log-tail.ts.

Control UI: treat terminal session status as authoritative over stale active-run flags so completed terminal runs stop showing abort/live UI. (#84057)

CLI: preserve embedded equals signs in inline root option values instead of truncating after the second separator. (#83995) Thanks @ThiagoCAltoe.

Matrix/config: accept messages.queue.byChannel.matrix queue overrides and keep queue provider schema/type keys aligned for Matrix, Google Chat, and Mattermost. Thanks @bdjben.

CLI: format openclaw acp client failures through the shared error formatter so object-shaped errors stay readable instead of printing [object Object]. Fixes #83904. (#84080)

Providers/Ollama: default unknown-capabilities models to tool-capable so discovered native Ollama models can use tools when /api/show omits capabilities. (#84055) Thanks @dutifulbob.

Installer/Windows: launch install.ps1 onboarding as an attached child process so fresh native Windows installs do not freeze visibly at Starting setup... or corrupt the wizard's terminal rendering.

CLI/update: keep restart health checks working across one-version CLI/Gateway protocol skew and use the managed Gateway service Node for all follow-up commands even when the package root is unchanged, so openclaw update no longer silently switches the gateway to a different Node binary when multiple Node installations are present. Thanks @amknight.

CLI/gateway: include the running Gateway version in gateway status JSON output, preserving existing server metadata while falling back to status RPC data for read probes. Fixes #56222. Thanks @galiniliev.

Memory/search: close local embedding providers when active-memory searches time out so pending local model loads and embedding contexts are aborted and released. (#83858) Thanks @brokemac79.

CLI/nodes: request pending node surface approval scopes before openclaw nodes approve so exec-capable node approval can use admin-scoped Gateway credentials instead of failing with missing scope: operator.admin. (#84392) Thanks @joshavant.

Agents: include bounded trajectory queued-writer diagnostics in pi-trajectory-flush timeout warnings so flush stalls show pending writes, queued bytes, and append state. Fixes #82961. (#82962) Thanks @galiniliev.

Agents/subagents: recover stale completion announces by retrying unsupported transcript-wait wakes without transcript waiting and forcing a message-tool handoff when the requester run is already stale. Fixes #83699. (#83700) Thanks @galiniliev.

Agents/subagents: constrain wildcard subagent target allowlists to configured agents while preserving explicitly listed compatibility targets. Fixes #84040. (#84357) Thanks @joshavant.

Providers/Anthropic: route Anthropic model refs selected with Claude CLI auth through the Claude CLI runtime so shorthand refs such as anthropic/opus-4.7 no longer fall back to embedded Anthropic billing. Fixes #84222. (#84374) Thanks @joshavant.

Agents: honor explicit models.providers.<id>.timeoutSeconds values above the default idle watchdog for cloud and self-hosted providers, so long first-token waits no longer fall back at ~120s when the provider timeout is higher. (#83979) Thanks @yujiawei.

Agents/Codex: keep encrypted Responses reasoning replay provenance-bound so stale mirrored Codex transcripts drop invalid encrypted content before request assembly while preserving matching same-session replay. Fixes #83836. (#84367) Thanks @joshavant.

Agents/subagents: skip stale embedded-run wake probes for dormant completion requesters, so late subagent completions go straight to requester-agent/direct handoff instead of producing reason=no_active_run queue noise. (#82964) Thanks @galiniliev.

CLI: retry config snapshot reads after a transient failure so one rejected read no longer poisons later commands in the same process. (#83931) Thanks @honor2030.

Media: decode URL path basenames before using them as remote media fallback filenames, so files like My%20Report.pdf are surfaced as My Report.pdf. Fixes #84050. (#84052) Thanks @jbetala7.

WhatsApp: clarify inbound group diagnostics so observed but unregistered groups point to channels.whatsapp.groups without changing routing or sender authorization. (#83846) Thanks @neeravmakwana.

WhatsApp: drain pending outbound deliveries on a 30s periodic timer in addition to the reconnect handler, so messages enqueued while the provider is already connected no longer wait for the next reconnect to send. (#79083) Thanks @Oviemudiaga.

CLI/TUI: include gateway plugin slash commands in TUI autocomplete, so connected sessions can suggest plugin-owned commands exposed by the running Gateway. (#83640) Thanks @se7en-agent.

Gateway/mobile: restore QR setup-code handoff of bounded operator tokens for iOS and Android onboarding while keeping admin and pairing scopes out of bootstrap. (#83684) Thanks @ngutman.

iOS: repair Release archive compilation for the TestFlight build. (#84255) Thanks @ngutman.

Agents/compaction: bound plugin-owned CLI transcript compaction with the host safety timeout so a hung context engine can no longer stall post-turn cleanup. (#84083) Thanks @100yenadmin.

Control UI/usage: truncate long context skill, tool, and file names in the usage panel while keeping the full name available on hover. (#42197) Thanks @Rain120.

Codex: respect explicit models auth order set and config.auth.order precedence over stale lastGood in /codex account, and show no working credential when every explicit-order profile is ineligible instead of marking a lower-ranked profile as active. Fixes #84386. (#84412) Thanks @openperf.

Agents: honor messages.suppressToolErrors for mutating tool failures so configured chat surfaces do not receive separate warning payloads. (#81561) Thanks @moeedahmed.

Agents/fallback: surface billing guidance for mixed rate-limit plus billing fallback exhaustion instead of generic failure copy. Fixes #79396. (#79489) Thanks @aayushprsingh.

Release verification

npm package: https://www.npmjs.com/package/openclaw/v/2026.5.20-beta.1

registry tarball: https://registry.npmjs.org/openclaw/-/openclaw-2026.5.20-beta.1.tgz

integrity: sha512-6xBnBZqnqI4HoAs7CU1ZmzFDqPhe/aauKr0DsmMEReLvxap9DyLK7YPTTDU/A5v3dlSHlCgzFbVIvgTaUXgy4w==

full release validation: https://github.com/openclaw/openclaw/actions/runs/26195853190

npm preflight: https://github.com/openclaw/openclaw/actions/runs/26195855712

publish: https://github.com/openclaw/openclaw/actions/runs/26196993217

npm Telegram beta E2E: https://github.com/openclaw/openclaw/actions/runs/26198047747

Original source

Changes

Agents: clarify that fixes should default to clean bounded refactors, lean internals, and explicit plugin SDK/API deprecation paths.

Dependencies: update @openclaw/proxyline to 0.3.3.

Dependencies: update Pi packages to 0.75.1 and raise the minimum supported Node.js 22 line to 22.19.

Docker/Podman: add OPENCLAW_IMAGE_APT_PACKAGES as the runtime-neutral image build arg for extra apt packages while keeping OPENCLAW_DOCKER_APT_PACKAGES as a legacy fallback. (#62431) Thanks @urtabajev.

Gateway/ACPX: attribute startup probe, config, runtime, and resource-count costs in restart traces without changing readiness behavior. (#83300) Thanks @samzong.

Gateway: overlap startup logging and plugin-service startup with channel sidecars to reduce restart ready latency while preserving /readyz sidecar gating. (#83301) Thanks @samzong.

Plugins/admin-http-rpc: allow trusted admin HTTP RPC clients to start and wait for web QR login flows. (#83259) Thanks @liorb-mountapps.

Mac app: redesign Settings pages with consistent card layouts, cached navigation, cleaner permissions/voice/skills/cron/exec/debug panes, and steadier spacing around the native sidebar.

Mac app: refine Voice & Talk recognition-language and wake-phrase settings so they use the same compact card rows as the rest of Settings.

Skills: rename the repo-local Codex closeout review skill and helper to autoreview while preserving the Codex-first fallback behavior.

Skills: add a meme-maker skill for curated template search, local SVG/PNG rendering, Imgflip hosted rendering, and Know Your Meme provenance links.

Skills CLI: allow openclaw skills install and openclaw skills update to target shared managed skills with --global. (#74466) Thanks @Marvae.

Browser: surface pending and recently handled modal dialogs in snapshots, return blockedByDialog when an action opens a modal, and allow browser dialog --dialog-id to answer pending dialogs.

Browser CLI: add openclaw browser evaluate --timeout-ms so long-running page functions can extend both the evaluate action and request timeout budgets. (#83447) Thanks @eefreenyc.

Codex app-server: scope OpenClaw prompt guidance by runtime surface so native Codex keeps Codex-owned base/personality instructions while OpenClaw contributes only runtime context, delivery guidance, and explicitly scoped command hints. (#83454) Thanks @100yenadmin.

Docker/Podman: add OPENCLAW_IMAGE_PIP_PACKAGES for opt-in Python package installation in local image builds. (#83771) Thanks @stephenredmond-straiteis.

Agents/tools: shorten built-in tool descriptions and schema hints across media, messaging, sessions, cron, Gateway, web, image/PDF, TTS, nodes, and plan tools while preserving routing guardrails.

Skills: add node inspector debugging, fused diagram generation, and throwaway spike workflow skills.

CLI/plugins: add defineToolPlugin plus openclaw plugins build, validate, and init for typed simple tool plugins with generated manifest metadata, optional tool declarations, and context factories.

Agents/skills: tighten bundled skill prompts and metadata, quote skill descriptions, refresh current CLI/API guidance, and update embedded sherpa-onnx runtime downloads.

Skills: update the Obsidian skill to target the official obsidian CLI and require its registered binary instead of the third-party obsidian-cli.

Skills: add a Python debugging skill for pdb, breakpoint(), post-mortem inspection, and debugpy remote attach.

Codex: add /codex plugins list, enable, and disable for managing configured native Codex plugins from chat without editing config by hand.

Plugins/messages: add presentation capability limits for channel renderers, adapt rich message controls before native rendering, and mark legacy interactive/Slack directive producer APIs as deprecated.

Plugins/subagents: store channel delivery routes as canonical session metadata and deprecate ad hoc subagent hook delivery-origin fields in favor of core route projection.

Proxy: support HTTPS managed forward-proxy endpoints and scoped proxy.tls.caFile CA trust for proxy endpoint TLS. (#79171) Thanks @jesse-merhi.

QA-Lab: add first-hour 20-turn and optional 100-turn runtime parity scenarios, with tier metadata for standard and soak QA gates. Fixes #80338; refs #80337. Thanks @100yenadmin.

QA-Lab: add openclaw qa suite --runtime-parity-tier and wire the standard Codex-vs-Pi tier into release checks separately from optional/live-only/soak lanes. Fixes #80337. Thanks @100yenadmin.

QA-Lab: add a live-only Codex Pi-shaped Read vocabulary canary so runtime parity catches native workspace-read prompt compatibility drift. (#80323) Thanks @100yenadmin.

QA-Lab: add live-only harness self-health scenarios for plugin hook crashes, manifest contract errors, and WebChat direct-reply self-message routing. (#80323) Thanks @100yenadmin.

QA-Lab: add runtime tool fixture scenarios and coverage reporting for Codex-native workspace tools, OpenClaw dynamic tools, and optional plugin-backed tools. Fixes #80173. Thanks @100yenadmin.

QA-Lab: expose runtime tool fixture coverage through openclaw qa coverage --tools, with optional suite-summary evaluation for parity gate artifacts. Thanks @100yenadmin.

QA-Lab: schedule a live-frontier Codex-vs-Pi runtime token-efficiency artifact lane in the all-lanes QA workflow. Fixes #80175. Thanks @100yenadmin.

QA-Lab: hard-gate required OpenClaw dynamic runtime-tool drift in the standard Codex-vs-Pi tier with a blocking release-check verifier and publish the tool coverage report artifact. Fixes #80339; refs #80319. Thanks @100yenadmin.

QA-Lab: add the personal-agent approval-denial scenario so the benchmark pack verifies denied local reads stop cleanly without tool progress or fixture leaks. (#83150) Thanks @iFiras-Max1.

QA-Lab: extend the personal-agent benchmark pack with a local task followthrough scenario for proof-backed pending, blocked, and done status reporting. Thanks @iFiras-Max1.

QA-Lab: add a report-only dreaming shadow-trial scenario so candidate memory promotion can be evaluated without mutating MEMORY.md. Thanks @iFiras-Max1.

Gateway/performance: add pnpm test:restart:gateway benchmark tooling for repeated restart readiness, downtime, trace, and resource-slope evidence. (#83299) Thanks @samzong.

Android: switch Talk Mode to realtime Gateway relay voice sessions with streaming mic input, realtime audio playback, tool-result bridging, and on-screen transcripts. (#83130) Thanks @sliekens.

Gateway/config: expose config lookup reload metadata so tools can distinguish restart-required, hot-reloadable, and no-op fields before applying config edits. Fixes #81409. (#81612) Thanks @LLagoon3.

Telegram: add allowlisted native DM draft previews for transient tool progress while keeping final answers on the normal persistent delivery path. (#83622) Thanks @akrimm702.

QA-Lab: add a personal-agent share-safe diagnostics artifact scenario so support handoffs keep useful status while omitting raw personal content. Thanks @iFiras-Max1.

QA-Lab: add a personal-agent no-fake-progress scenario so completion claims stay tied to local evidence instead of unsupported external progress. (#83824) Thanks @iFiras-Max1.

Fixes

CLI: reject explicit port numbers above 65535 before they reach Gateway or Node bind paths. Fixes #83900. (#84008) Thanks @hclsys.

Codex app-server: preserve plugin tool auth profiles when Codex owns model transport so OpenClaw dynamic tools can resolve their provider credentials. (#83603) Thanks @rubencu.

Memory/search: scan the JS-side fallback vector path (used when the sqlite-vec index is unavailable or has a mismatched dimension) in bounded rowid batches and yield to the event loop between batches so large chunk tables can no longer pin the Node.js main thread for multi-second windows. Also keeps the SQL prepared statement rooted in a local so node:sqlite cannot finalize it mid-scan under heap pressure. Fixes #81172. Thanks @dev23xyz-oss.

Memory Wiki: preserve fs-safe diagnostics when bridge source page writes fail for non-symlink filesystem safety reasons, so directory collisions are reported with the underlying error code. (#83776) Thanks @TurboTheTurtle.

Telegram: keep forum topics from blocking sibling topic traffic by routing inbound serialization, media/text buffers, and account API queues on topic-aware lanes. (#83829)

Telegram: keep queued forum-topic follow-up messages from inheriting superseded source abort signals, so later same-topic user turns can still run and reply after an active turn is replaced. (#83827) Thanks @VACInc.

CLI/update: bypass npm freshness filters consistently during managed package and plugin installs so freshly published release plugins remain installable. Thanks @jalehman.

CLI/update: guide root-owned npm install EACCES recovery by stopping the managed Gateway before manual package replacement, then reinstalling and restarting the service. Fixes #83747. (#83757) Thanks @brokemac79.

Twitch: register refreshing chat tokens with Twurple's chat intent so automatic token refresh keeps chat access available. (#83750) Thanks @TurboTheTurtle.

Agents/subagents: keep collect-mode announce queues batching unresolved-origin items with compatible same-route messages and resume collection after a true cross-channel drain when a later compatible batch remains. Fixes #83577.

Skills: refresh existing session skill snapshots when watched skill roots change, so changed extra skill directories take effect without starting a new session. Fixes #83782. (#83800) Thanks @hclsys.

Providers/Anthropic: preserve native image input for current Claude model rows when stale local catalog data marks them text-only. (#83756) Thanks @TurboTheTurtle.

Providers/Anthropic: preserve Claude 4 image capability when configured model refs resolve through a stale local catalog row. (#83756) Thanks @TurboTheTurtle.

Providers/DeepSeek: normalize MCP tool schemas with anyOf/oneOf unions before normal and compaction requests reach DeepSeek, preventing union-shaped parameters from being rejected. (#83766) Thanks @TurboTheTurtle.

Control UI: render live tool progress from session-scoped session.tool Gateway events so externally started runs show their tool cards in the active session. (#83734) Thanks @TurboTheTurtle.

Outbound: resolve send-capable channel plugins from the active runtime registry when the pinned startup registry only has setup metadata. (#83733) Thanks @TurboTheTurtle.

Discord: preserve streamed reply previews when recovered tool-warning finals are delivered before or after the assistant's final reply. (#84169) Thanks @neeravmakwana.

Control UI: keep the chat delete confirmation popover clamped inside the visible viewport on small screens. (#83804) Thanks @ThiagoCAltoe.

Browser: enforce current-tab URL allowlist checks for /act evaluate/batch actions and /highlight routes while leaving tab-management actions unblocked. (#78523)

CI: require real-behavior-proof verdict markers to come from the ClawSweeper GitHub App before accepting exact-head proof. (#83692)

Models: show the effective OpenAI/Codex auth profile in /models provider headers instead of falling back to the OpenAI env-key label. (#83697) Thanks @yu-xin-c.

CLI: include active bundled loopback MCP tools in CLI system prompts and reset provider-side CLI sessions when that prompt-visible tool surface changes. (#83785) Thanks @TurboTheTurtle.

Browser: keep a profile cdpPort when its cdpUrl omits a port, while still letting explicitly written URL ports win. (#82166) Thanks @Marvae.

Agents/image generation: allow distinct image_generate prompts to start separate session-backed background tasks while same-prompt retries still return the active task status. (#83614) Thanks @Elarwei001.

Gateway/WebChat: honor configured channels.webchat.textChunkLimit and chunkMode overrides when chunking WebChat replies. (#83713)

Control UI: stop the chat reading indicator from sticking after an assistant response finishes. (#83515) Thanks @njuboy11.

Skills: reject empty or whitespace-only skill names and descriptions during quick validation. (#27061)

Sessions: skip trailing custom transcript entries when checking tail assistant replies so embedded CLI gap-fill does not duplicate canonical assistant output. (#83635) Thanks @yaoyi1222.

Memory Wiki: keep wiki_lint tool output path-safe by reporting vault-internal lint reports as relative paths in tool text and details while preserving absolute report paths for CLI/file callers. (#83439) Thanks @LLagoon3.

Telegram: keep verbose tool progress visible without mirroring non-final progress into active session transcripts, preventing embedded provider replies from aborting mid-run. (#83631) Thanks @kurplunkin.

Telegram: log successful outbound text and media deliveries with account, chat, message, operation, thread, reply, silent, and chunk metadata while keeping message bodies out of logs. Fixes #83196. (#83247) Thanks @jrwrest.

Cron: link isolated scheduled task runs to their stable cron session so task status and cleanup can follow the backing agent run. (#83606) Thanks @jai.

Codex app-server: mark Codex-native subagent task mirrors terminal when blocked or failed spawn-agent calls arrive with stale initializing child state, preventing task registry entries from staying running. Fixes #83852. (#83945) Thanks @joshavant.

CLI: enforce the documented Node.js 22.19 runtime floor in the source launcher.

Release stability: repair broad-gate regressions in requester-agent completion handoff, QA-Lab mock spawn attribution, Slack monitor test isolation, plugin uninstall peer fixtures, and Node-floor launcher contract coverage.

Agents/replies: persist queued follow-up user messages and assistant error stubs only once across model-fallback retries, preventing repeated provider rejections from corrupted same-role session transcripts. Fixes #83404. (#83417) Thanks @yetval.

Telegram: preserve reply-target context for bare mention replies on runtime-only turns so the model sees the replied-to message body. Fixes #83767. (#83953) Thanks @joshavant.

ClawHub: preserve configured base URL path prefixes when building API request URLs, so self-hosted ClawHub instances mounted under a subpath keep routing correctly. (#83982) Thanks @ThiagoCAltoe.

Slack: persist delivered inbound message IDs and fail closed when same-channel thread replies lose their thread context, preventing delayed duplicate replies and accidental channel-root posts. Fixes #83521. Thanks @shannon0430.

Codex app-server: complete OpenClaw dynamic tool diagnostics at the request boundary so successful, failed, timed out, aborted, and blocked tool calls do not leave active tool state behind. Fixes #83474. Thanks @rozmiarD.

Gateway/config: keep config writes from failing on unrelated unresolved auth-profile SecretRefs while preserving live auth-profile runtime snapshots.

Gateway/sessions: clear stored CLI provider resume bindings on non-subagent /reset so the next turn starts a fresh provider-side CLI conversation instead of resuming old context. (#83448) Thanks @jasonyliu.

Doctor: preserve legacy whole-agent Claude CLI intent by moving matching Anthropic model selections to model-scoped runtime policy before removing stale runtime pins. Fixes #83491. Thanks @danielcrick.

Discord/OpenAI: keep realtime Discord voice sessions hearing follow-up turns with OpenAI realtime and prebuffer assistant playback to avoid choppy starts. (#80505) Thanks @Solvely-Colin.

LM Studio: resolve env-template API keys like ${LMSTUDIO_API_KEY} through the standard SecretInput path instead of sending the raw template as the bearer token, and preserve header-auth and discovery-key precedence when the template is unset. Fixes #80495. (#80568) Thanks @MonkeyLeeT.

Discord/subagents: route the initial reply from thread-bound delegated sessions into the bound Discord thread instead of the parent channel. Fixes #83170. (#83172) Thanks @100menotu001.

Gateway/sessions: rotate failed agent sessions when their transcript file is missing instead of wedging per-channel lanes. Fixes #83488. (#83553) Thanks @LLagoon3.

Agents: refresh final-delivery routing from fresh session state before declaring a no-send failure, keeping recovered runs on the normal durable delivery path. (#83835) Thanks @joshavant.

Agents: guard final-delivery fresh session routing against mismatched logical sessions before reusing recovered delivery context. (#83928) Thanks @joshavant.

Media: prevent image metadata probing from invoking external decoder delegates on unrecognized image bytes, and stop fallback chaining after real processing errors.

Media: install Sharp with the root package and fall back to sips, Windows native imaging, ImageMagick, GraphicsMagick, or ffmpeg for image resizing/conversion when Sharp is unavailable. Fixes #83401. Thanks @scotthuang.

Telegram: deliver generated media completions back into forum topics by preserving topic IDs across requester-agent handoff. (#83556) Thanks @fuller-stack-dev.

Gateway: defer update-check startup until after readiness so package update checks no longer block sidecar-ready startup, while preserving update broadcasts and shutdown cleanup. (#83520) Thanks @samzong.

Telegram: keep /btw and read-only status commands from aborting active runs, and avoid retaining raw update payloads in timed-out spool tombstones. Refs #83272.

Agents: log strict-agentic execution contract diagnostics only when the planning-only retry path actually triggers.

Agents: stop embedded session takeover and session write-lock errors from consuming model fallbacks while preserving provider fallback metadata. Fixes #83510. Thanks @luyao618.

Agents/video: hide video_generate reference-audio parameters unless a registered video provider supports audio inputs.

Plugins: fall back to npm for official ClawHub updates when artifact downloads are unavailable, including beta-to-default fallback and dry-run version reporting.

Plugins/xAI: echo PKCE challenge fields during OAuth authorization-code token exchange for xAI token-endpoint compatibility. (#83499) Thanks @fuller-stack-dev.

Codex app-server: hydrate current inbound image attachments before queued runs so Responses-backed agents receive Discord and other channel images as native vision input. Fixes #83466. Thanks @iannwu.

Codex app-server: keep native code mode available without forcing code-mode-only so OpenClaw dynamic tool turns complete through the app-server tool bridge. Fixes #83109. Thanks @daswass.

Codex app-server: expose OpenClaw's sandbox-routed shell as sandbox_exec/sandbox_process for non-Docker sandbox backends so SSH sandbox agents keep a correctly routed shell path without shadowing Codex native shell. Fixes #80322. Thanks @keramblock.

Release stability: recover stale session diagnostics and Codex OAuth fallback state so stuck runs and reused refresh tokens clear without blocking follow-up work. (#83503) Thanks @100yenadmin.

Messages/TTS: apply TTS directives before message-tool sends reach core, gateway, or plugin delivery so opt-in message-tool rooms and proactive sends attach voice notes instead of leaking raw tags. Fixes #81598. Thanks @CG-Intelligence-Agent-Jack and @CoronovirusG10.

Messages/Codex: keep Codex direct/source chats on message-tool visible delivery by default while documenting and testing messages.visibleReplies: "automatic" as the old-mode opt-out; channel wildcard model overrides now apply to direct chats before harness delivery defaults.

Memory/QMD: keep archived session transcript hits visible after QMD export while preserving normal .md session ids that only resemble archive names. (#83518; fixes #83506) Thanks @tanshanshan.

Codex app-server: preserve network access for sandboxed Codex code-mode turns when the OpenClaw sandbox allows outbound egress. Fixes #83347. Thanks @YusukeIt0.

Codex app-server: honor writable Docker bind mounts for sandboxed workspace-write turns while disabling native Code Mode when container-path aliases or read-only bind shadows cannot be represented safely host-side. Fixes #83737. (#83849) Thanks @joshavant.

QA-Lab: keep the OTLP smoke decoder independent of removed OpenTelemetry generated-root internals.

Messages: default group/channel visible replies to automatic final delivery again, keeping message_tool opt-in for ambient/shared rooms and tool-reliable models.

CLI/TUI: force standalone /exit runs to terminate after runTui returns so onboarding-launched TUI children do not stay alive invisibly. (#83501) Thanks @fuller-stack-dev.

Agents/code mode: honor per-agent code-mode config in schema, runtime catalog activation, and model payload filtering. Fixes #83388. Thanks @Kaspre.

Agents/code mode: preserve agent, session, run, and channel context in before_tool_call hooks for top-level exec/wait dispatches. Fixes #83387.

QQBot: shorten C2C typing indicators to a 10-second window renewed every 5 seconds, capped to keep a final passive-reply slot available. (#83469)

Replies: keep final payload delivery after live preview updates so channels can finalize or send the completed answer instead of losing preview-only drafts. (#83468)

Discord: deliver final replies in progress-mode preview streams instead of deduplicating the final visible message. (#83443) Thanks @compoodment.

Providers/Xiaomi: replay MiMo Anthropic-compatible reasoning_content as provider-required thinking blocks even when OpenClaw thinking is disabled, fixing follow-up tool turns for mimo-v2-flash. Fixes #83407. Thanks @Xgenious7.

Agents/exec approvals: forward approval-runtime credentials on agent-owned Gateway approval calls so approved async commands complete through the existing runtime path instead of stalling on unauthenticated follow-up calls. Thanks @IWhatsskill, @Patrick-Erichsen, and @jesse-merhi.

Gateway/skills: preflight remote macOS skill-bin refreshes with a WebSocket connectivity check so stale node sessions skip quickly instead of logging slow system.which timeout warnings.

CLI/config: keep broken discovered plugins that are not referenced by active config from failing openclaw config validate, while preserving fatal errors for explicitly configured plugin entries.

GitHub Copilot: drop unsafe native Responses reasoning replay items with non-replayable IDs before dispatch, preventing affected Copilot sessions from failing with invalid_request_body. Fixes #83220. Thanks @galiniliev.

Agents/Codex: fail closed when an explicitly requested Codex harness is not registered instead of silently trying configured model fallbacks. Fixes #83349. Thanks @r2-vibes.

QA-Lab: make runtime tool coverage fail on missing required tool exercise instead of treating pass/pass parity envelope drift as missing coverage.

Core/plugins: harden clawpatch-reported edge cases across gateway auth cleanup, Claude session id paths, plugin activation policy, apply-patch hunk handling, diagnostic redaction, and plugin metadata validation.

UI: show reasoning choices as plain labels instead of leaking internal override wording in session and chat pickers.

Mac app: avoid repeating the Configuration heading inside channel quick settings.

Mac app: keep the Settings sidebar always visible and remove the redundant titlebar hide/show control.

Mac app: normalize Settings pane content margins so pages share the same left and right rail.

Mac app: prefer explicit private/Tailscale/LAN Gateway endpoints over SSH tunnels, preserve legacy loopback tunnel configs, persist transport choices, and show captured SSH stderr when tunneling really fails.

Gateway/sessions: keep ACP/acpx and runtime child sessions visible in configured-only session lists when their owner or parent session belongs to a configured agent.

Mac app: keep app-level menu commands and Dashboard failure states reachable when the remote Gateway is disconnected.

Mac app: allow longer Gateway and Context errors to wrap in the menu instead of truncating the useful failure detail.

Mac app: tighten remote Gateway fields in Settings so the Connection pane keeps readable labels and full action button text.

Mac app: keep custom Settings card rows left-aligned and full-width so Discovery and status sections no longer appear centered or detached.

Mac app: align Location permission controls to the same trailing column as the rest of Settings.

Mac app: add Dashboard, Chat, Canvas, and Settings shortcuts to the Dock icon menu.

Mac app: replace the Settings window's native split-view sidebar with an explicit layout so page content keeps its leading gutter when the sidebar is shown or hidden.

Mac app: render channel quick config as aligned Settings rows and hide schema-only variants that cannot be edited safely from the quick pane.

Gateway/webchat: hide internal runtime-context and other display: false transcript messages from Chat history and live message events. Fixes #83216. Thanks @EmpireCreator.

CLI/help: keep gateway, doctor, status, and health help registration out of action/runtime imports so subcommand --help stays lightweight in constrained terminals. Fixes #83228. Thanks @dfguerrerom.

CLI/help: show plugin-owned command help based on the active memory slot so LanceDB memory users see ltm instead of unavailable memory commands. Fixes #83745. (#83841) Thanks @joshavant.

Cron/Discord: keep explicit announce runs in message-tool-only source-reply mode so scheduled agent turns post once instead of also echoing through automatic visible replies. Fixes #83261. Thanks @Theralley.

Telegram: preserve forum-topic origin targets in inbound, audio-preflight, and skipped-message hook contexts so follow-up delivery stays bound to the originating topic. Fixes #83302. Thanks @M00zyx.

Telegram: retry HTTP 421 Misdirected Request send failures on a fresh fallback transport so transient edge-node routing errors no longer drop outbound replies. Fixes #48892. (#48908) Thanks @MarsDoge.

Telegram: fail topic sends closed when Telegram reports message thread not found instead of retrying without message_thread_id into the base chat. Refs #83302.

Config/subagents: remove ignored agent-model timeoutMs keys, keep subagent model config to primary/fallback selection, and clean shipped stale config through doctor. Fixes #83291. Thanks @giodl73-repo.

Mac app: align the Sessions settings pane with the standard Settings page gutter and row spacing.

OpenAI/Codex: stop rejecting available openai-codex GPT-5.1, GPT-5.2, and GPT-5.3 model refs during config validation, while keeping removed Spark aliases suppressed. Fixes #83303.

Plugins/xAI: complete OAuth-backed xAI login and sidecar auth fixes, including guarded loopback callback CORS handling, video generation polling/defaults, and native-host User-Agent attribution. (#83322) Thanks @Jaaneek.

Codex app-server: preserve streamed native command output in mirrored transcripts and trajectory exports when final snapshots omit aggregated output. (#83200) Thanks @rozmiarD.

Codex app-server: fail closed when chat or sender policy denies tools, disabling native code, app, environment, and user MCP surfaces for restricted turns. (#82374) Thanks @VACInc.

Codex app-server: keep recent context-engine messages when oversized projected history is truncated, so short follow-ups in long channel sessions do not fall back to stale earlier turns. (#83127) Thanks @VACInc.

Codex app-server: keep OpenClaw session spawning searchable while steering Codex-native delegation through native subagents, avoiding duplicate direct subagent surfaces. (#83329) Thanks @fuller-stack-dev.

Codex app-server: recover stale childless Codex-native subagent task mirrors during maintenance and allow their registry rows to be cancelled without an OpenClaw child session. (#82836) Thanks @yshimadahrs-ship-it and @joshavant.

Feishu: return bound subagent delivery origins from session thread setup so Feishu subagent completions route back to the same DM or topic. (#83190) Thanks @100menotu001.

CLI/update: tailor post-update Gateway recovery hints by platform, showing systemd, LaunchAgent, Scheduled Task, or generic service-manager guidance instead of macOS-only recovery text. (#83096) Thanks @rubencu.

Plugins: apply a default 15-second timeout to legacy before_agent_start hooks so hung plugin handlers no longer block agent startup. Fixes #48534. (#83136) Thanks @therahul-yo.

Feishu: refresh inbound session delivery context for DM, group, and broadcast turns so later replies do not inherit stale WebChat routing. Fixes #78274.

Agents/subagents: require the initial subagent registry save before reporting spawn accepted, returning a spawn error instead of losing an untracked run when the registry write fails. (#83146) Thanks @yetval.

QA-Lab/qa-channel: attach redacted agent tool-start traces to outbound QaBusMessage records so scenarios can assert actual tool use instead of relying only on reply text. Fixes #67637. Thanks @100yenadmin.

QA-Lab: fail live runtime parity reports when assistant-message usage is missing, preventing 0 vs 0 live token rows from being reported as passing proof. Fixes #80411. Thanks @100yenadmin.

QA-Lab: add a runtime token-efficiency sidecar report that classifies Codex savings separately from regressions and fails only positive Codex-over-Pi live token deltas above threshold. Fixes #81093. Thanks @100yenadmin.

QA-Lab: fail Codex-backed OpenAI live runtime-pair runs before launching isolated workers when no portable Codex auth is available, while staging API-key fallbacks and configured Codex keys for isolated QA agents. Fixes #80412. Thanks @100yenadmin.

QA-Lab: refresh parity gates, mock frontier fixtures, model scenarios, and workflow artifact lanes to compare GPT-5.5 against Claude Opus 4.7. Fixes #74262. Thanks @100yenadmin.

QA-Lab: make mock parity dispatch provider-aware for source discovery and subagent scenarios so OpenAI and Anthropic lanes no longer share identical canned plans. Fixes #64879. Thanks @100yenadmin.

QA-Lab: stop returning Control UI bearer tokens from unauthenticated bootstrap payloads and bind Docker harness ports to loopback-only host addresses. (#66355) Thanks @pgondhi987.

Mac app: avoid a SwiftUI metadata crash when rendering the Cron Jobs settings pane.

Agents/subagents: preserve run-mode keep subagent registry entries past the session sweep TTL, so kept subagent runs remain visible after cleanup completes. Fixes #83132. (#83168) Thanks @yetval.

Agents/OpenAI streams: yield via setTimeout(0) instead of setImmediate between bursty Responses chunks so abort timers can fire during the yield, keeping cancel-on-timeout responsive on hot streams. Refs #82462.

Agents/Codex: keep legacy oauthRef-backed OAuth profiles usable while openclaw doctor --fix migrates them back to inline credentials, without creating new sidecar credentials. (#83312) Thanks @joshavant.

Agents/Codex: load the selected provider owner alongside the Codex harness runtime so openai-codex models resolve when plugin allowlists scope runtime loading. Fixes #83380. (#83519) Thanks @joshavant.

Telegram: fail stalled isolated-ingress handlers into tombstones and abort same-lane reply work before restarting, so later same-chat updates drain after a hung turn. Fixes #83272. (#83505) Thanks @joshavant.

CLI/config: send SecretRef diagnostics to stderr so JSON command stdout remains parseable.

CLI/doctor: seed Control UI allowed origins when migrating legacy non-loopback gateway bind host aliases like 0.0.0.0. Fixes #83286. Thanks @giodl73-repo.

CLI/plugins: ship the bundled memory CLI as a package entry so package-installed openclaw memory commands register correctly.

CLI/update: defer doctor-time plugin package installs during package swaps and seed post-core repair from the updated install registry, preventing duplicate reinstall failures.

CLI/update: preserve old-parent-readable config metadata during legacy package handoffs, fall back only to official @openclaw/* npm plugin packages when ClawHub plugin artifacts are unavailable, and keep managed service package roots authoritative during updates.

Feishu: detect SecretRef top-level credentials as a configured default account instead of treating object-backed app secrets as missing.

Gateway/restart: keep ordinary unmanaged SIGUSR1/config restarts in-process instead of detach-spawning an orphaned child, preserving custom supervisor PID tracking while leaving update restarts on the fresh-process path. Fixes #65668.

CLI/completion: resolve concrete PowerShell profile paths and reload commands during setup and doctor completion installation. Fixes #44296. (#83059) Thanks @yu-xin-c.

Telegram: keep isolated long polling below the hard getUpdates request guard so idle bot accounts with high timeoutSeconds do not false-disconnect and restart-loop. Fixes #83264. Thanks @riccodecarvalho.

Providers/Google: preserve and recover Gemini 3 tool-call thought signatures during native replay so function-calling turns no longer fail with missing thought_signature 400s. Fixes #72879. (#80358) Thanks @abnershang.

Telegram: skip transcript-only delivery mirrors and gateway-injected rows when resolving latest assistant text, preventing retained previews from replacing final replies with stale fragments. Fixes #83159. (#83362) Thanks @joshavant.

Memory/QMD: keep lexical search on raw hyphenated queries while normalizing semantic QMD sub-searches, avoiding fallback to the builtin index for dashed identifiers and dates. Fixes #81328.

Memory-core: distinguish sqlite-vec load failures from missing semantic vector embeddings in degraded memory index warnings, so vector recall diagnostics point at unresolved dimensions instead of blaming sqlite-vec when the store is ready. Fixes #75624. (#83056) Thanks @xuruiray and @Noah3521.

Agents/subagents: preserve sandbox-peer controller ownership while routing completion announcements back to the originating run session, keeping subagent control and completion delivery scoped correctly. Fixes #80201. (#80242) Thanks @Jerry-Xin.

Gateway: continue restarting remaining channels when one hot-reload channel restart fails, while still reporting aggregate reload failure and rolling back plugin pre-replace stops. Fixes #83054. Thanks @zqchris.

Gateway/plugins: bind admin HTTP RPC dispatch to the accepting gateway instance so multi-gateway processes cannot execute plugin HTTP control-plane calls against another live gateway. Fixes #83486. (#83487) Thanks @coygeek.

Telegram: keep hot-reload restarts from marking polling accounts manually stopped and restart isolated ingress cleanly after worker shutdown, preserving Telegram replies across config reloads. Fixes #83008. (#83410) Thanks @joshavant.

Telegram/Ollama: pass current Telegram image attachments into native PI/Ollama vision turns so live photo prompts reach Ollama as native images. Fixes #83023. (#83516) Thanks @joshavant.

Gateway/secrets: split the lightweight secrets runtime state and auth-store cache from the full secrets runtime and take a startup fast path when the gateway startup config has no SecretRef values, speeding up secrets startup while preserving cleanup and refresh semantics.

Codex app-server: rotate oversized native Codex threads before resume and cap dynamic tool-result text entering native Codex sessions, preventing stale oversized context from surviving OpenClaw compaction. (#82981) Thanks @hansolo949.

Gateway/restart: drain pending replies and active chat runs during restart shutdown before sockets and channels close, aborting timed-out chat runs through the normal cleanup path. (#69121) Thanks @alexlomt.

Agents/Codex: use the Codex runtime context window for OpenAI-model preflight compaction and memory flush checks, so GPT-5.5 Codex sessions compact before hitting the smaller native context limit. Fixes #82982. Thanks @vliuyt.

QA-Lab: clean orphaned gateway temp roots when a suite parent exits and wait on gateway plus transport readiness after config restarts, reducing stale qa-channel noise from interrupted runs. Fixes #65506. Thanks @100yenadmin.

QA-Lab: wake qa-bus long polls that arrive with stale future cursors after a bus restart, preserving reconnect readiness for harness clients. (#67142) Thanks @hxy91819.

QA-Lab: stage Multipass transfer scripts under OpenClaw's preferred temp root instead of raw OS temp paths, keeping the VM runner inside temp-path guardrails. (#64098) Thanks @ImLukeF.

Agents/replies: keep surviving reply media and append a warning when other media references fail, so partial media normalization no longer drops failures silently. Thanks @Jerry-Xin.

Config/models: accept thinkingFormat: "together" in model compat config so Together routes can opt into the Together-specific thinking response shape.

Plugins/tokenjuice: bump the bundled tokenjuice runtime to 0.7.1, bringing Codex hook approval compatibility, pre-tool command wrapping fixes, and Rolldown/Vitest output compaction improvements into the OpenClaw plugin.

Agents/OpenAI: stop post-processing GPT-5 final replies with hardcoded brevity caps, preserving full channel responses instead of appending synthetic ellipses, and log when strict-agentic GPT-5 execution activates. Fixes #82910.

Mac app: refine the Settings General and Connection panes with cleaner status panels, card rows, and a single native titlebar sidebar toggle.

Agents/media: deliver failed async image, music, and video generation completions directly when requester-session completion handoff fails, so channel users see provider errors instead of silent fallback stalls.

Browser/CDP: keep loopback proxy bypass active across both NO_PROXY casings and redact home-relative Chrome MCP profile paths in attach-failure diagnostics.

Agents/music: steer song, jingle, beat, anthem, and instrumental requests toward music_generate audio creation instead of lyric-only replies, and reserve lyrics for exact sung words.

Codex app-server: record native Codex tool calls and results into trajectory artifacts so debug/trajectory exports capture the full Codex-native tool history, not just OpenClaw-bridged turns. Thanks @vyctorbrzezowski.

Codex/app-server: keep bound conversation sessions on the owning agent runtime so native Codex control and follow-up turns do not fall back to the default agent client. Fixes #82954. (#82993)

CLI/infer: run gateway model probes in fresh explicit sessions so one-shot provider checks do not inherit default agent transcript state. (#82861) Thanks @Kaspre.

Providers/Together: send video-generation requests to Together's v2 video API even when shared text-model config still points at the v1 base URL. (#82992)

Browser CLI: preserve browser-level options on nested commands, skip option values during lazy command registration, and keep long-running wait/download/dialog hooks open for their advertised wait window.

CLI/sessions: accept openclaw sessions list as an alias for openclaw sessions, matching other list-style commands. Fixes #81139. (#81163) Thanks @YB0y.

Channels/stream previews: widen compact progress draft lines and cut prose at word boundaries while preserving command/path suffixes, with streaming.progress.maxLineChars for channel-specific tuning.

CLI/plugins: have openclaw plugins doctor warn when a configured runtime needs a missing owner plugin, sharing the same install mapping as openclaw doctor --fix. Fixes #81326. (#81674) Thanks @Zavianx.

Agents/Codex: route OpenAI runs that resolve to openai-codex through the Codex provider and bootstrap OpenClaw's stored OAuth profile into the Codex harness when the harness owns transport, so openai/* model refs no longer fail with No API key found for openai-codex despite an existing Codex OAuth profile. (#82864) Thanks @ragesaq.

Agents/ACP: distinguish prompt-submitted and runtime-active child stalls from true interactive waits, including redacted proxy-env diagnostics for Codex ACP no-output runs. Fixes #44810.

Agents/memory: explain that memory-triggered compaction exposes only read and append-only write when configured core tools are unavailable in tools.allow warnings. Fixes #82941. Thanks @galiniliev.

Agents/OpenAI: preserve deterministic tool payload ordering for prompt-cache reuse across OpenAI Responses and chat completions calls. (#82940) Thanks @galiniliev.

ACP/Codex: honor terminal ACP turn results so failed Codex/acpx runs are not recorded as successful after only progress text. Fixes #79522. Thanks @dudaefj.

Telegram: warn when a media group drops photos that fail to download, including albums where every photo is skipped. Fixes #55216. (#82987) Thanks @eldar702.

Agents/diagnostics: treat repeated same-handle embedded-run cleanup as idempotent while preserving true replacement-handle mismatch diagnostics. Fixes #82959. (#82960) Thanks @galiniliev.

Agents/subagents: preserve high-priority AGENTS.md policy in bootstrap context when oversized files are trimmed, and warn agents to read the full policy file before relying on scoped rules. Fixes #82920. (#82921) Thanks @galiniliev.

Agents/skills: apply the full effective tool policy pipeline to inline command-dispatch: tool skill dispatch before owner-only filtering, preserving configured allow, deny, sandbox, sender, group, and subagent restrictions. (#78525)

Codex: avoid spawning native hook relay subprocesses for post-tool/finalize events with no registered hook handlers while preserving pre-tool safety and approval relays. Fixes #76552. (#78004) Thanks @evgyur.

Channel accounts: keep top-level default channel accounts visible when named accounts are added alongside default credential material, so mixed legacy/new account configs keep resolving default instead of silently dropping it.

Agents/CLI: reject empty successful CLI subprocess replies as empty_response and keep them out of shared auth-profile health, so blank Claude CLI results no longer become green no-payload turns. Fixes #83231. (#83421) Thanks @joshavant.

Codex/Telegram: synthesize native Codex tool progress from final turn snapshots so Telegram /verbose stays visible when command events arrive only at completion.

Codex/Telegram: deliver Codex verbose tool summaries in direct message-tool-only turns while suppressing message-send and activity-log noise. (#83186) Thanks @kurplunkin.

Mac app: make Channels settings open faster by deferring config-schema work, avoiding startup channel probes, caching decoded channel status rows, and showing only compact quick settings instead of the full generated channel schema.

Control UI: include the Control UI and Gateway protocol versions in protocol-mismatch errors so stale app/dashboard pairings identify which side needs rebuilding or restarting.

Gateway/protocol: restore Gateway WS protocol v4 and keep message.action room-event metadata on the existing inboundTurnKind wire field while preserving internal inbound-event classification.

Agents/tools: prefer non-webchat session-key routes when the message tool has stale webchat context, so message-tool-only replies keep delivering to the originating channel. Fixes #82911. (#83004) Thanks @joshavant.

Channels: keep direct-message last-route writes on isolated per-channel-peer sessions instead of contaminating the agent main session with channel delivery context. Fixes #36614. Thanks @aspenas.

Mac app: move the Settings sidebar toggle into the native titlebar and tighten the General pane width.

Mac app: keep visited Settings panes mounted so switching tabs no longer blanks and reloads their content.

Mac app: make Config settings open from shallow schema lookups and load selected paths on demand instead of fetching and rendering the full generated config schema up front.

Codex: sanitize inline image payloads before Codex app-server and OpenAI Responses replay, and clear poisoned Codex thread bindings after invalid image errors. Fixes #82878.

Providers/GitHub Copilot: request identity-encoded Copilot API responses across token exchange, catalog, model calls, usage, and embeddings so compressed Business-account error payloads no longer reach JSON parsers as gzip bytes. Fixes #82871. Thanks @tonyfe01.

Telegram: redact nested raw-update identifiers and user metadata before verbose raw update logging, preserving useful update/message ids without exposing chat, user, command, or profile details. (#82945) Thanks @galiniliev and @joshavant.

Telegram: preserve replied-to bot messages, captions, and media metadata in group reply chains so follow-up replies understand what the user is reacting to. (#82863)

Providers/Together: update PI runtime packages to 0.74.1 and emit Together-style reasoning.enabled/max_tokens controls for reasoning-capable OpenAI-completions models.

Agents/diagnostics: split slow embedded-run attempt-dispatch startup summaries into workspace, prompt, runtime-plan, and final dispatch subspans so traces identify the delayed setup phase. Fixes #82782. (#82783) Thanks @galiniliev.

Agents/Codex: flatten nested tool-result middleware blocks into bounded text so successful message sends are no longer replaced with Tool output unavailable due to post-processing error. Fixes #82912. Thanks @joeykrug.

CLI/media: accept HTTP(S) URLs in openclaw infer image describe --file, fetching remote images through the guarded media path instead of treating URLs as local files. Fixes #82837. (#82854) Thanks @neeravmakwana.

Agents/subagents: keep session-backed parent runs active when the child wait call times out before the child session has actually settled, so late subagent completions are reconciled instead of being lost. Fixes #82787. Thanks @ramitrkar-hash.

Control UI: advertise shared Gateway protocol constants in browser connect frames, fixing protocol mismatch handshakes after protocol constant drift. Fixes #82882. Thanks @galiniliev.

Gateway: add rollback protocol-mismatch diagnostics, including client protocol ranges in Gateway logs and deep status/doctor hints for stale client processes. Fixes #82841. (#82908)

Agents/subagents: keep successful keep-mode completion payloads pending after final-delivery retry exhaustion, so requester recovery no longer loses final subagent results. Fixes #82583. (#82999) Thanks @joshavant.

Gateway/auth: allow same-host trusted-proxy callers to use the documented local direct gateway.auth.password fallback after revisiting the #78684 fail-closed policy, while keeping token fallback rejected and forwarded-header requests on the trusted-proxy path. Fixes #82607. (#82953) Thanks @joshavant.

Agents/subagents: wait for queued completion handoffs to reach the parent transcript before marking them announced, preventing busy parent runs from cleaning up before observing child results. Fixes #82913. (#83039) Thanks @joshavant.

Agents/subagents: route group/channel subagent completions through message-tool-only handoffs when required and keep active-requester wake failures from dropping completion delivery. Fixes #82803. Thanks @galiniliev, @yozakura-ava, and @moeedahmed.

Memory-core: scan persisted memory source sessions on startup, comparing on-disk transcripts against the index and marking only missing/newer/resized files dirty for incremental sync. Fixes #82341. (#82341) Thanks @giodl73-repo.

Telegram: keep the top-level default account in the account list when named accounts or bindings are added alongside top-level credentials, preserving default polling while still letting named-only configs resolve to a single account. Fixes #82794. (#82794) Thanks @giodl73-repo.

CLI/models: reuse command-scoped plugin metadata across model listing, provider catalog, auth, and synthetic-auth checks, restoring fast openclaw models runs for plugin-heavy installs. Fixes #82881. (#83033) Thanks @joshavant.

CLI/channels: show configured official external channels such as Discord in openclaw channels list when their plugin package is missing, including the install and doctor repair command instead of reporting no configured channels. Fixes #82813.

Signal: preserve mixed-case group IDs through routing and session persistence so group auto-replies keep delivering after updates. Fixes #82827.

Agents/tools: keep the message tool available in embedded runs when it is explicitly allowed through tools.alsoAllow or runtime tool allowlists, so channel plugins with custom reply delivery can still use configured message sends. Fixes #82833. Thanks @cn1313113.

WhatsApp: honor forced document delivery for outbound image, GIF, and video media so forceDocument/asDocument sends preserve original media bytes instead of using compressed media payloads. (#79272) Thanks @itsuzef.

WhatsApp: name outbound document attachments from their MIME type when no filename is provided, so PDF and CSV sends arrive as file.pdf and file.csv instead of an extensionless file. Thanks @mcaxtr.

Process/diagnostics: report active lane blockers in lane wait warnings so queueAhead=0 no longer hides commands waiting behind active work. Fixes #82791. (#82792) Thanks @galiniliev.

Process/diagnostics: stop counting the active processing turn as queued backlog in liveness warnings so transient max-only event-loop spikes do not surface as gateway warnings.

Agents/replies: classify provider conversation-state rejections and return a clear message-channel error instead of auto-resetting or falling back to a generic runner failure. (#82616) Thanks @dutifulbob.

Browser plugin: trust managed Chrome CDP diagnostics when launch HTTP probes race cold-start readiness, avoiding false startup failures. Fixes #82904. (#82986) Thanks @kmanan and @hclsys.

Android: prompt before replacing a changed Gateway TLS thumbprint, showing the old and new SHA-256 fingerprints so users can accept expected certificate rotations instead of hard failing on pin mismatch. (#83077) Thanks @sliekens.

CLI/status: render extra gateway-like service diagnostics as warning/info output instead of error output. Fixes #46930. (#82922) thanks @giodl73-repo.

Agents/failover: classify Moonshot/Kimi exhausted-balance HTTP 429 payloads as billing instead of generic rate limits, preserving billing guidance and fallback behavior. Fixes #43447. (#83079) Thanks @leno23.

Plugin SDK: bundle openclaw/plugin-sdk/zod into the published package artifact and verify the packed zod subpath stays self-contained, so

Original source

2026.5.18

OpenClaw 2026.5.18 is the stable rollup after 2026.5.12. It includes the 2026.5.14 and 2026.5.17 beta trains plus the final 2026.5.18 fixes below.

Consolidated Since 2026.5.12

Control UI and Mac app: faster Settings, cleaner chat/session controls, responsive logs, remote gateway setup, native Dashboard, improved pairing sheets, and more stable protocol negotiation.

Realtime, voice, and mobile: Android Talk Mode moves to realtime Gateway relay voice sessions; Discord/OpenAI realtime follow-ups keep hearing turns; iOS/Mac permission, chat, and settings flows were polished.

Telegram and Discord reliability: isolated Telegram polling/topic lanes, media/forum-topic delivery, /stop and /btw handling, progress drafts, final reply recovery, and Discord progress/final-message delivery were tightened.

Codex/OpenAI runtime: app-server context projection, MCP projection, native tool progress, code-mode/network handling, OAuth fallback, stale-thread recovery, and transcript/trajectory fidelity were improved.

Agents and subagents: queued follow-ups, manual-turn priority, subagent completion handoffs, session locks, context usage, fallback diagnostics, and final payload delivery were made more predictable.

Plugins and SDK: typed tool-plugin helpers, plugin RPC metadata, install/update repair, externalized plugin recovery, manifest validation, and SDK packaging were hardened.

Models/providers: xAI OAuth and media fixes, Anthropic/Claude CLI routing, OpenRouter/OpenAI-compatible reasoning replay, Gemini thought signatures, Ollama/Qwen/Together/Xiaomi/Copilot fixes, and local/custom provider guardrails landed.

Gateway and update path: startup tracing, restart readiness, update-check deferral, service recovery hints, package-swap doctor repair, npm freshness bypasses, and Docker/package validation were improved.

QA and release validation: personal-agent packs, Codex-vs-Pi parity, runtime tool coverage, Docker/package install/update lanes, and release evidence gates were expanded.

Security and robustness: audit suppressions, gateway auth/log redaction, malformed JSON/base64/URL handling, SSRF/private-network guardrails, exec approval realpath binding, and Docker non-loopback fail-closed behavior were tightened.

Detailed 2026.5.18 Changes

Changes

• Agents: clarify that fixes should default to clean bounded refactors, lean internals, and explicit plugin SDK/API deprecation paths.
• Dependencies: update @openclaw/proxyline to 0.3.3.
• Dependencies: update Pi packages to 0.75.1 and raise the minimum supported Node.js 22 line to 22.19.
• Docker/Podman: add OPENCLAW_IMAGE_APT_PACKAGES as the runtime-neutral image build arg for extra apt packages while keeping OPENCLAW_DOCKER_APT_PACKAGES as a legacy fallback. (#62431) Thanks @urtabajev.
• Gateway/ACPX: attribute startup probe, config, runtime, and resource-count costs in restart traces without changing readiness behavior. (#83300) Thanks @samzong.
• Gateway: overlap startup logging and plugin-service startup with channel sidecars to reduce restart ready latency while preserving /readyz sidecar gating. (#83301) Thanks @samzong.
• Plugins/admin-http-rpc: allow trusted admin HTTP RPC clients to start and wait for web QR login flows. (#83259) Thanks @liorb-mountapps.
• Mac app: redesign Settings pages with consistent card layouts, cached navigation, cleaner permissions/voice/skills/cron/exec/debug panes, and steadier spacing around the native sidebar.
• Skills: rename the repo-local Codex closeout review skill and helper to autoreview while preserving the Codex-first fallback behavior.
• Skills: add a meme-maker skill for curated template search, local SVG/PNG rendering, Imgflip hosted rendering, and Know Your Meme provenance links.
• Browser: surface pending and recently handled modal dialogs in snapshots, return blockedByDialog when an action opens a modal, and allow browser dialog --dialog-id to answer pending dialogs.
• Agents/tools: shorten built-in tool descriptions and schema hints across media, messaging, sessions, cron, Gateway, web, image/PDF, TTS, nodes, and plan tools while preserving routing guardrails.
• Skills: add node inspector debugging, fused diagram generation, and throwaway spike workflow skills.
• CLI/plugins: add defineToolPlugin plus openclaw plugins build, validate, and init for typed simple tool plugins with generated manifest metadata, optional tool declarations, and context factories.
• Agents/skills: tighten bundled skill prompts and metadata, quote skill descriptions, refresh current CLI/API guidance, and update embedded sherpa-onnx runtime downloads.
• Skills: update the Obsidian skill to target the official obsidian CLI and require its registered binary instead of the third-party obsidian-cli.
• Skills: add a Python debugging skill for pdb, breakpoint(), post-mortem inspection, and debugpy remote attach.
• Plugins/messages: add presentation capability limits for channel renderers, adapt rich message controls before native rendering, and mark legacy interactive/Slack directive producer APIs as deprecated.
• Proxy: support HTTPS managed forward-proxy endpoints and scoped proxy.tls.caFile CA trust for proxy endpoint TLS. (#79171) Thanks @jesse-merhi.
• QA-Lab: add first-hour 20-turn and optional 100-turn runtime parity scenarios, with tier metadata for standard and soak QA gates. Fixes #80338; refs #80337. Thanks @100yenadmin.
• QA-Lab: add openclaw qa suite --runtime-parity-tier and wire the standard Codex-vs-Pi tier into release checks separately from optional/live-only/soak lanes. Fixes #80337. Thanks @100yenadmin.
• QA-Lab: add a live-only Codex Pi-shaped Read vocabulary canary so runtime parity catches native workspace-read prompt compatibility drift. (#80323) Thanks @100yenadmin.
• QA-Lab: add live-only harness self-health scenarios for plugin hook crashes, manifest contract errors, and WebChat direct-reply self-message routing. (#80323) Thanks @100yenadmin.
• QA-Lab: add runtime tool fixture scenarios and coverage reporting for Codex-native workspace tools, OpenClaw dynamic tools, and optional plugin-backed tools. Fixes #80173. Thanks @100yenadmin.
• QA-Lab: expose runtime tool fixture coverage through openclaw qa coverage --tools, with optional suite-summary evaluation for parity gate artifacts. Thanks @100yenadmin.
• QA-Lab: schedule a live-frontier Codex-vs-Pi runtime token-efficiency artifact lane in the all-lanes QA workflow. Fixes #80175. Thanks @100yenadmin.
• QA-Lab: hard-gate required OpenClaw dynamic runtime-tool drift in the standard Codex-vs-Pi tier with a blocking release-check verifier and publish the tool coverage report artifact. Fixes #80339; refs #80319. Thanks @100yenadmin.
• QA-Lab: add the personal-agent approval-denial scenario so the benchmark pack verifies denied local reads stop cleanly without tool progress or fixture leaks. (#83150) Thanks @iFiras-Max1.
• QA-Lab: extend the personal-agent benchmark pack with a local task followthrough scenario for proof-backed pending, blocked, and done status reporting. Thanks @iFiras-Max1.
• Gateway/performance: add pnpm test:restart:gateway benchmark tooling for repeated restart readiness, downtime, trace, and resource-slope evidence. (#83299) Thanks @samzong.
• Android: switch Talk Mode to realtime Gateway relay voice sessions with streaming mic input, realtime audio playback, tool-result bridging, and on-screen transcripts. (#83130) Thanks @sliekens.

Fixes

• Discord/OpenAI: keep realtime Discord voice sessions hearing follow-up turns with OpenAI realtime and prebuffer assistant playback to avoid choppy starts. (#80505) Thanks @Solvely-Colin.
• Media: prevent image metadata probing from invoking external decoder delegates on unrecognized image bytes, and stop fallback chaining after real processing errors.
• Media: install Sharp with the root package and fall back to sips, Windows native imaging, ImageMagick, GraphicsMagick, or ffmpeg for image resizing/conversion when Sharp is unavailable. Fixes #83401. Thanks @scotthuang.
• Telegram: deliver generated media completions back into forum topics by preserving topic IDs across requester-agent handoff. (#83556) Thanks @fuller-stack-dev.
• Gateway: defer update-check startup until after readiness so package update checks no longer block sidecar-ready startup, while preserving update broadcasts and shutdown cleanup. (#83520) Thanks @samzong.
• Telegram: keep /btw and read-only status commands from aborting active runs, and avoid retaining raw update payloads in timed-out spool tombstones. Refs #83272.
• Agents/video: hide video_generate reference-audio parameters unless a registered video provider supports audio inputs.
• Plugins/xAI: echo PKCE challenge fields during OAuth authorization-code token exchange for xAI token-endpoint compatibility. (#83499) Thanks @fuller-stack-dev.
• Codex app-server: hydrate current inbound image attachments before queued runs so Responses-backed agents receive Discord and other channel images as native vision input. Fixes #83466. Thanks @iannwu.
• Codex app-server: keep native code mode available without forcing code-mode-only so OpenClaw dynamic tool turns complete through the app-server tool bridge. Fixes #83109. Thanks @daswass.
• Release stability: recover stale session diagnostics and Codex OAuth fallback state so stuck runs and reused refresh tokens clear without blocking follow-up work. (#83503) Thanks @100yenadmin.
• Messages/TTS: apply TTS directives before message-tool sends reach core, gateway, or plugin delivery so opt-in message-tool rooms and proactive sends attach voice notes instead of leaking raw tags. Fixes #81598. Thanks @CG-Intelligence-Agent-Jack and @CoronovirusG10.
• Codex app-server: preserve network access for sandboxed Codex code-mode turns when the OpenClaw sandbox allows outbound egress. Fixes #83347. Thanks @YusukeIt0.
• QA-Lab: keep the OTLP smoke decoder independent of removed OpenTelemetry generated-root internals.
• Messages: default group/channel visible replies to automatic final delivery again, keeping message_tool opt-in for ambient/shared rooms and tool-reliable models.
• CLI/TUI: force standalone /exit runs to terminate after runTui returns so onboarding-launched TUI children do not stay alive invisibly. (#83501) Thanks @fuller-stack-dev.
• Agents/code mode: honor per-agent code-mode config in schema, runtime catalog activation, and model payload filtering. Fixes #83388. Thanks @Kaspre.
• Agents/code mode: preserve agent, session, run, and channel context in before_tool_call hooks for top-level exec/wait dispatches. Fixes #83387.
• QQBot: shorten C2C typing indicators to a 10-second window renewed every 5 seconds, capped to keep a final passive-reply slot available. (#83469)
• Replies: keep final payload delivery after live preview updates so channels can finalize or send the completed answer instead of losing preview-only drafts. (#83468)
• Discord: deliver final replies in progress-mode preview streams instead of deduplicating the final visible message. (#83443) Thanks @compoodment.
• Providers/Xiaomi: replay MiMo Anthropic-compatible reasoning_content as provider-required thinking blocks even when OpenClaw thinking is disabled, fixing follow-up tool turns for mimo-v2-flash. Fixes #83407. Thanks @Xgenious7.
• Agents/exec approvals: forward approval-runtime credentials on agent-owned Gateway approval calls so approved async commands complete through the existing runtime path instead of stalling on unauthenticated follow-up calls. Thanks @IWhatsskill, @Patrick-Erichsen, and @jesse-merhi.
• Gateway/skills: preflight remote macOS skill-bin refreshes with a WebSocket connectivity check so stale node sessions skip quickly instead of logging slow system.which timeout warnings.
• CLI/config: keep broken discovered plugins that are not referenced by active config from failing openclaw config validate, while preserving fatal errors for explicitly configured plugin entries.
• GitHub Copilot: drop unsafe native Responses reasoning replay items with non-replayable IDs before dispatch, preventing affected Copilot sessions from failing with invalid_request_body. Fixes #83220. Thanks @galiniliev.
• Agents/Codex: fail closed when an explicitly requested Codex harness is not registered instead of silently trying configured model fallbacks. Fixes #83349. Thanks @r2-vibes.
• QA-Lab: make runtime tool coverage fail on missing required tool exercise instead of treating pass/pass parity envelope drift as missing coverage.
• Core/plugins: harden clawpatch-reported edge cases across gateway auth cleanup, Claude session id paths, plugin activation policy, apply-patch hunk handling, diagnostic redaction, and plugin metadata validation.
• UI: show reasoning choices as plain labels instead of leaking internal override wording in session and chat pickers.
• Mac app: avoid repeating the Configuration heading inside channel quick settings.
• Mac app: keep the Settings sidebar always visible and remove the redundant titlebar hide/show control.
• Mac app: prefer explicit private/Tailscale/LAN Gateway endpoints over SSH tunnels, preserve legacy loopback tunnel configs, persist transport choices, and show captured SSH stderr when tunneling really fails.
• Gateway/sessions: keep ACP/acpx and runtime child sessions visible in configured-only session lists when their owner or parent session belongs to a configured agent.
• Mac app: keep app-level menu commands and Dashboard failure states reachable when the remote Gateway is disconnected.
• Mac app: allow longer Gateway and Context errors to wrap in the menu instead of truncating the useful failure detail.
• Mac app: tighten remote Gateway fields in Settings so the Connection pane keeps readable labels and full action button text.
• Mac app: keep custom Settings card rows left-aligned and full-width so Discovery and status sections no longer appear centered or detached.
• Mac app: align Location permission controls to the same trailing column as the rest of Settings.
• Mac app: add Dashboard, Chat, Canvas, and Settings shortcuts to the Dock icon menu.
• Mac app: replace the Settings window's native split-view sidebar with an explicit layout so page content keeps its leading gutter when the sidebar is shown or hidden.
• Mac app: render channel quick config as aligned Settings rows and hide schema-only variants that cannot be edited safely from the quick pane.
• Gateway/webchat: hide internal runtime-context and other display: false transcript messages from Chat history and live message events. Fixes #83216. Thanks @EmpireCreator.
• CLI/help: keep gateway, doctor, status, and health help registration out of action/runtime imports so subcommand --help stays lightweight in constrained terminals. Fixes #83228. Thanks @dfguerrerom.
• Cron/Discord: keep explicit announce runs in message-tool-only source-reply mode so scheduled agent turns post once instead of also echoing through automatic visible replies. Fixes #83261. Thanks @Theralley.
• Telegram: preserve forum-topic origin targets in inbound, audio-preflight, and skipped-message hook contexts so follow-up delivery stays bound to the originating topic. Fixes #83302. Thanks @M00zyx.
• Telegram: retry HTTP 421 Misdirected Request send failures on a fresh fallback transport so transient edge-node routing errors no longer drop outbound replies. Fixes #48892. (#48908) Thanks @MarsDoge.
• Telegram: fail topic sends closed when Telegram reports message thread not found instead of retrying without message_thread_id into the base chat. Refs #83302.
• Config/subagents: remove ignored agent-model timeoutMs keys, keep subagent model config to primary/fallback selection, and clean shipped stale config through doctor. Fixes #83291. Thanks @giodl73-repo.
• Mac app: align the Sessions settings pane with the standard Settings page gutter and row spacing.
• OpenAI/Codex: stop rejecting available openai-codex GPT-5.1, GPT-5.2, and GPT-5.3 model refs during config validation, while keeping removed Spark aliases suppressed. Fixes #83303.
• Plugins/xAI: complete OAuth-backed xAI login and sidecar auth fixes, including guarded loopback callback CORS handling, video generation polling/defaults, and native-host User-Agent attribution. (#83322) Thanks @Jaaneek.
• Codex app-server: preserve streamed native command output in mirrored transcripts and trajectory exports when final snapshots omit aggregated output. (#83200) Thanks @rozmiarD.
• Codex app-server: fail closed when chat or sender policy denies tools, disabling native code, app, environment, and user MCP surfaces for restricted turns. (#82374) Thanks @VACInc.
• Codex app-server: keep recent context-engine messages when oversized projected history is truncated, so short follow-ups in long channel sessions do not fall back to stale earlier turns. (#83127) Thanks @VACInc.
• Codex app-server: keep OpenClaw session spawning searchable while steering Codex-native delegation through native subagents, avoiding duplicate direct subagent surfaces. (#83329) Thanks @fuller-stack-dev.
• Codex app-server: recover stale childless Codex-native subagent task mirrors during maintenance and allow their registry rows to be cancelled without an OpenClaw child session. (#82836) Thanks @yshimadahrs-ship-it and @joshavant.
• Feishu: return bound subagent delivery origins from session thread setup so Feishu subagent completions route back to the same DM or topic. (#83190) Thanks @100menotu001.
• CLI/update: tailor post-update Gateway recovery hints by platform, showing systemd, LaunchAgent, Scheduled Task, or generic service-manager guidance instead of macOS-only recovery text. (#83096) Thanks @rubencu.
• Plugins: apply a default 15-second timeout to legacy before_agent_start hooks so hung plugin handlers no longer block agent startup. Fixes #48534. (#83136) Thanks @therahul-yo.
• Feishu: refresh inbound session delivery context for DM, group, and broadcast turns so later replies do not inherit stale WebChat routing. Fixes #78274.
• Agents/subagents: require the initial subagent registry save before reporting spawn accepted, returning a spawn error instead of losing an untracked run when the registry write fails. (#83146) Thanks @yetval.
• QA-Lab/qa-channel: attach redacted agent tool-start traces to outbound QaBusMessage records so scenarios can assert actual tool use instead of relying only on reply text. Fixes #67637. Thanks @100yenadmin.
• QA-Lab: fail live runtime parity reports when assistant-message usage is missing, preventing 0 vs 0 live token rows from being reported as passing proof. Fixes #80411. Thanks @100yenadmin.
• QA-Lab: add a runtime token-efficiency sidecar report that classifies Codex savings separately from regressions and fails only positive Codex-over-Pi live token deltas above threshold. Fixes #81093. Thanks @100yenadmin.
• QA-Lab: fail Codex-backed OpenAI live runtime-pair runs before launching isolated workers when no portable Codex auth is available, while staging API-key fallbacks and configured Codex keys for isolated QA agents. Fixes #80412. Thanks @100yenadmin.
• QA-Lab: refresh parity gates, mock frontier fixtures, model scenarios, and workflow artifact lanes to compare GPT-5.5 against Claude Opus 4.7. Fixes #74262. Thanks @100yenadmin.
• QA-Lab: make mock parity dispatch provider-aware for source discovery and subagent scenarios so OpenAI and Anthropic lanes no longer share identical canned plans. Fixes #64879. Thanks @100yenadmin.
• QA-Lab: stop returning Control UI bearer tokens from unauthenticated bootstrap payloads and bind Docker harness ports to loopback-only host addresses. (#66355) Thanks @pgondhi987.
• Mac app: avoid a SwiftUI metadata crash when rendering the Cron Jobs settings pane.
• Agents/subagents: preserve run-mode keep subagent registry entries past the session sweep TTL, so kept subagent runs remain visible after cleanup completes. Fixes #83132. (#83168) Thanks @yetval.
• Agents/OpenAI streams: yield via setTimeout(0) instead of setImmediate between bursty Responses chunks so abort timers can fire during the yield, keeping cancel-on-timeout responsive on hot streams. Refs #82462.
• Agents/Codex: keep legacy oauthRef-backed OAuth profiles usable while openclaw doctor --fix migrates them back to inline credentials, without creating new sidecar credentials. (#83312) Thanks @joshavant.
• Agents/Codex: load the selected provider owner alongside the Codex harness runtime so openai-codex models resolve when plugin allowlists scope runtime loading. Fixes #83380. (#83519) Thanks @joshavant.
• Telegram: fail stalled isolated-ingress handlers into tombstones and abort same-lane reply work before restarting, so later same-chat updates drain after a hung turn. Fixes #83272. (#83505) Thanks @joshavant.
• CLI/config: send SecretRef diagnostics to stderr so JSON command stdout remains parseable.
• CLI/doctor: seed Control UI allowed origins when migrating legacy non-loopback gateway bind host aliases like 0.0.0.0. Fixes #83286. Thanks @giodl73-repo.
• CLI/plugins: ship the bundled memory CLI as a package entry so package-installed openclaw memory commands register correctly.
• CLI/update: defer doctor-time plugin package installs during package swaps and seed post-core repair from the updated install registry, preventing duplicate reinstall failures.
• CLI/update: preserve old-parent-readable config metadata during legacy package handoffs, fall back only to official @openclaw/* npm plugin packages when ClawHub plugin artifacts are unavailable, and keep managed service package roots authoritative during updates.
• Feishu: detect SecretRef top-level credentials as a configured default account instead of treating object-backed app secrets as missing.
• Gateway/restart: keep ordinary unmanaged SIGUSR1/config restarts in-process instead of detach-spawning an orphaned child, preserving custom supervisor PID tracking while leaving update restarts on the fresh-process path. Fixes #65668.
• CLI/completion: resolve concrete PowerShell profile paths and reload commands during setup and doctor completion installation. Fixes #44296. (#83059) Thanks @yu-xin-c.
• Telegram: keep isolated long polling below the hard getUpdates request guard so idle bot accounts with high timeoutSeconds do not false-disconnect and restart-loop. Fixes #83264. Thanks @riccodecarvalho.
• Providers/Google: preserve and recover Gemini 3 tool-call thought signatures during native replay so function-calling turns no longer fail with missing thought_signature 400s. Fixes #72879. (#80358) Thanks @abnershang.
• Telegram: skip transcript-only delivery mirrors and gateway-injected rows when resolving latest assistant text, preventing retained previews from replacing final replies with stale fragments. Fixes #83159. (#83362) Thanks @joshavant.
• Memory/QMD: keep lexical search on raw hyphenated queries while normalizing semantic QMD sub-searches, avoiding fallback to the builtin index for dashed identifiers and dates. Fixes #81328.
• Memory-core: distinguish sqlite-vec load failures from missing semantic vector embeddings in degraded memory index warnings, so vector recall diagnostics point at unresolved dimensions instead of blaming sqlite-vec when the store is ready. Fixes #75624. (#83056) Thanks @xuruiray and @Noah3521.
• Agents/subagents: preserve sandbox-peer controller ownership while routing completion announcements back to the originating run session, keeping subagent control and completion delivery scoped correctly. Fixes #80201. (#80242) Thanks @Jerry-Xin.
• Gateway: continue restarting remaining channels when one hot-reload channel restart fails, while still reporting aggregate reload failure and rolling back plugin pre-replace stops. Fixes #83054. Thanks @zqchris.
• Telegram: keep hot-reload restarts from marking polling accounts manually stopped and restart isolated ingress cleanly after worker shutdown, preserving Telegram replies across config reloads. Fixes #83008. (#83410) Thanks @joshavant.
• Telegram/Ollama: pass current Telegram image attachments into native PI/Ollama vision turns so live photo prompts reach Ollama as native images. Fixes #83023. (#83516) Thanks @joshavant.
• Gateway/secrets: split the lightweight secrets runtime state and auth-store cache from the full secrets runtime and take a startup fast path when the gateway startup config has no SecretRef values, speeding up secrets startup while preserving cleanup and refresh semantics.
• Codex app-server: rotate oversized native Codex threads before resume and cap dynamic tool-result text entering native Codex sessions, preventing stale oversized context from surviving OpenClaw compaction. (#82981) Thanks @hansolo949.
• Gateway/restart: drain pending replies and active chat runs during restart shutdown before sockets and channels close, aborting timed-out chat runs through the normal cleanup path. (#69121) Thanks @alexlomt.
• Agents/Codex: use the Codex runtime context window for OpenAI-model preflight compaction and memory flush checks, so GPT-5.5 Codex sessions compact before hitting the smaller native context limit. Fixes #82982. Thanks @vliuyt.
• QA-Lab: clean orphaned gateway temp roots when a suite parent exits and wait on gateway plus transport readiness after config restarts, reducing stale qa-channel noise from interrupted runs. Fixes #65506. Thanks @100yenadmin.
• QA-Lab: wake qa-bus long polls that arrive with stale future cursors after a bus restart, preserving reconnect readiness for harness clients. (#67142) Thanks @hxy91819.
• QA-Lab: stage Multipass transfer scripts under OpenClaw's preferred temp root instead of raw OS temp paths, keeping the VM runner inside temp-path guardrails. (#64098) Thanks @ImLukeF.
• Agents/replies: keep surviving reply media and append a warning when other media references fail, so partial media normalization no longer drops failures silently. Thanks @Jerry-Xin.
• Config/models: accept thinkingFormat: "together" in model compat config so Together routes can opt into the Together-specific thinking response shape.
• Plugins/tokenjuice: bump the bundled tokenjuice runtime to 0.7.1, bringing Codex hook approval compatibility, pre-tool command wrapping fixes, and Rolldown/Vitest output compaction improvements into the OpenClaw plugin.
• Agents/OpenAI: stop post-processing GPT-5 final replies with hardcoded brevity caps, preserving full channel responses instead of appending synthetic ellipses, and log when strict-agentic GPT-5 execution activates. Fixes #82910.
• Mac app: refine the Settings General and Connection panes with cleaner status panels, card rows, and a single native titlebar sidebar toggle.
• Agents/media: deliver failed async image, music, and video generation completions directly when requester-session completion handoff fails, so channel users see provider errors instead of silent fallback stalls.
• Browser/CDP: keep loopback proxy bypass active across both NO_PROXY casings and redact home-relative Chrome MCP profile paths in attach-failure diagnostics.
• Agents/music: steer song, jingle, beat, anthem, and instrumental requests toward music_generate audio creation instead of lyric-only replies, and reserve lyrics for exact sung words.
• Codex app-server: record native Codex tool calls and results into trajectory artifacts so debug/trajectory exports capture the full Codex-native tool history, not just OpenClaw-bridged turns. Thanks @vyctorbrzezowski.
• Codex/app-server: keep bound conversation sessions on the owning agent runtime so native Codex control and follow-up turns do not fall back to the default agent client. Fixes #82954. (#82993)
• CLI/infer: run gateway model probes in fresh explicit sessions so one-shot provider checks do not inherit default agent transcript state. (#82861) Thanks @Kaspre.
• Providers/Together: send video-generation requests to Together's v2 video API even when shared text-model config still points at the v1 base URL. (#82992)
• Browser CLI: preserve browser-level options on nested commands, skip option values during lazy command registration, and keep long-running wait/download/dialog hooks open for their advertised wait window.
• CLI/sessions: accept openclaw sessions list as an alias for openclaw sessions, matching other list-style commands. Fixes #81139. (#81163) Thanks @YB0y.
• Channels/stream previews: widen compact progress draft lines and cut prose at word boundaries while preserving command/path suffixes, with streaming.progress.maxLineChars for channel-specific tuning.
• CLI/plugins: have openclaw plugins doctor warn when a configured runtime needs a missing owner plugin, sharing the same install mapping as openclaw doctor --fix. Fixes #81326. (#81674) Thanks @Zavianx.
• Agents/Codex: route OpenAI runs that resolve to openai-codex through the Codex provider and bootstrap OpenClaw's stored OAuth profile into the Codex harness when the harness owns transport, so openai/* model refs no longer fail with No API key found for openai-codex despite an existing Codex OAuth profile. (#82864) Thanks @ragesaq.
• Agents/ACP: distinguish prompt-submitted and runtime-active child stalls from true interactive waits, including redacted proxy-env diagnostics for Codex ACP no-output runs. Fixes #44810.
• Agents/memory: explain that memory-triggered compaction exposes only read and append-only write when configured core tools are unavailable in tools.allow warnings. Fixes #82941. Thanks @galiniliev.
• Agents/OpenAI: preserve deterministic tool payload ordering for prompt-cache reuse across OpenAI Responses and chat completions calls. (#82940) Thanks @galiniliev.
• ACP/Codex: honor terminal ACP turn results so failed Codex/acpx runs are not recorded as successful after only progress text. Fixes #79522. Thanks @dudaefj.
• Telegram: warn when a media group drops photos that fail to download, including albums where every photo is skipped. Fixes #55216. (#82987) Thanks @eldar702.
• Agents/skills: apply the full effective tool policy pipeline to inline command-dispatch: tool skill dispatch before owner-only filtering, preserving configured allow, deny, sandbox, sender, group, and subagent restrictions. (#78525)
• Codex: avoid spawning native hook relay subprocesses for post-tool/finalize events with no registered hook handlers while preserving pre-tool safety and approval relays. Fixes #76552. (#78004) Thanks @evgyur.
• Channel accounts: keep top-level default channel accounts visible when named accounts are added alongside default credential material, so mixed legacy/new account configs keep resolving default instead of silently dropping it.
• Agents/CLI: reject empty successful CLI subprocess replies as empty_response and keep them out of shared auth-profile health, so blank Claude CLI results no longer become green no-payload turns. Fixes #83231. (#83421) Thanks @joshavant.
• Codex/Telegram: synthesize native Codex tool progress from final turn snapshots so Telegram /verbose stays visible when command events arrive only at completion.
• Codex/Telegram: deliver Codex verbose tool summaries in direct message-tool-only turns while suppressing message-send and activity-log noise. (#83186) Thanks @kurplunkin.
• Mac app: make Channels settings open faster by deferring config-schema work, avoiding startup channel probes, caching decoded channel status rows, and showing only compact quick settings instead of the full generated channel schema.
• Control UI: include the Control UI and Gateway protocol versions in protocol-mismatch errors so stale app/dashboard pairings identify which side needs rebuilding or restarting.
• Gateway/protocol: restore Gateway WS protocol v4 and keep message.action room-event metadata on the existing inboundTurnKind wire field while preserving internal inbound-event classification.
• Agents/tools: prefer non-webchat session-key routes when the message tool has stale webchat context, so message-tool-only replies keep delivering to the originating channel. Fixes #82911. (#83004) Thanks @joshavant.
• Channels: keep direct-message last-route writes on isolated per-channel-peer sessions instead of contaminating the agent main session with channel delivery context. Fixes #36614. Thanks @aspenas.
• Mac app: move the Settings sidebar toggle into the native titlebar and tighten the General pane width.
• Mac app: keep visited Settings panes mounted so switching tabs no longer blanks and reloads their content.
• Mac app: make Config settings open from shallow schema lookups and load selected paths on demand instead of fetching and rendering the full generated config schema up front.
• Codex: sanitize inline image payloads before Codex app-server and OpenAI Responses replay, and clear poisoned Codex thread bindings after invalid image errors. Fixes #82878.
• Providers/GitHub Copilot: request identity-encoded Copilot API responses across token exchange, catalog, model calls, usage, and embeddings so compressed Business-account error payloads no longer reach JSON parsers as gzip bytes. Fixes #82871. Thanks @tonyfe01.
• Telegram: redact nested raw-update identifiers and user metadata before verbose raw update logging, preserving useful update/message ids without exposing chat, user, command, or profile details. (#82945) Thanks @galiniliev and @joshavant.
• Telegram: preserve replied-to bot messages, captions, and media metadata in group reply chains so follow-up replies understand what the user is reacting to. (#82863)
• Providers/Together: update PI runtime packages to 0.74.1 and emit Together-style reasoning.enabled/max_tokens controls for reasoning-capable OpenAI-completions models.
• Agents/diagnostics: split slow embedded-run attempt-dispatch startup summaries into workspace, prompt, runtime-plan, and final dispatch subspans so traces identify the delayed setup phase. Fixes #82782. (#82783) Thanks @galiniliev.
• Agents/Codex: flatten nested tool-result middleware blocks into bounded text so successful message sends are no longer replaced with Tool output unavailable due to post-processing error. Fixes #82912. Thanks @joeykrug.
• CLI/media: accept HTTP(S) URLs in openclaw infer image describe --file, fetching remote images through the guarded media path instead of treating URLs as local files. Fixes #82837. (#82854) Thanks @neeravmakwana.
• Agents/subagents: keep session-backed parent runs active when the child wait call times out before the child session has actually settled, so late subagent completions are reconciled instead of being lost. Fixes #82787. Thanks @ramitrkar-hash.
• Control UI: advertise shared Gateway protocol constants in browser connect frames, fixing protocol mismatch handshakes after protocol constant drift. Fixes #82882. Thanks @galiniliev.
• Gateway: add rollback protocol-mismatch diagnostics, including client protocol ranges in Gateway logs and deep status/doctor hints for stale client processes. Fixes #82841. (#82908)
• Agents/subagents: keep successful keep-mode completion payloads pending after final-delivery retry exhaustion, so requester recovery no longer loses final subagent results. Fixes #82583. (#82999) Thanks @joshavant.
• Gateway/auth: allow same-host trusted-proxy callers to use the documented local direct gateway.auth.password fallback after revisiting the #78684 fail-closed policy, while keeping token fallback rejected and forwarded-header requests on the trusted-proxy path. Fixes #82607. (#82953) Thanks @joshavant.
• Agents/subagents: wait for queued completion handoffs to reach the parent transcript before marking them announced, preventing busy parent runs from cleaning up before observing child results. Fixes #82913. (#83039) Thanks @joshavant.
• Agents/subagents: route group/channel subagent completions through message-tool-only handoffs when required and keep active-requester wake failures from dropping completion delivery. Fixes #82803. Thanks @galiniliev, @yozakura-ava, and @moeedahmed.
• Memory-core: scan persisted memory source sessions on startup, comparing on-disk transcripts against the index and marking only missing/newer/resized files dirty for incremental sync. Fixes #82341. (#82341) Thanks @giodl73-repo.
• Telegram: keep the top-level default account in the account list when named accounts or bindings are added alongside top-level credentials, preserving default polling while still letting named-only configs resolve to a single account. Fixes #82794. (#82794) Thanks @giodl73-repo.
• CLI/models: reuse command-scoped plugin metadata across model listing, provider catalog, auth, and synthetic-auth checks, restoring fast openclaw models runs for plugin-heavy installs. Fixes #82881. (#83033) Thanks @joshavant.
• CLI/channels: show configured official external channels such as Discord in openclaw channels list when their plugin package is missing, including the install and doctor repair command instead of reporting no configured channels. Fixes #82813.
• Signal: preserve mixed-case group IDs through routing and session persistence so group auto-replies keep delivering after updates. Fixes #82827.
• Agents/tools: keep the message tool available in embedded runs when it is explicitly allowed through tools.alsoAllow or runtime tool allowlists, so channel plugins with custom reply delivery can still use configured message sends. Fixes #82833. Thanks @cn1313113.
• WhatsApp: honor forced document delivery for outbound image, GIF, and video media so forceDocument/asDocument sends preserve original media bytes instead of using compressed media payloads. (#79272) Thanks @itsuzef.
• WhatsApp: name outbound document attachments from their MIME type when no filename is provided, so PDF and CSV sends arrive as file.pdf and file.csv instead of an extensionless file. Thanks @mcaxtr.
• Process/diagnostics: report active lane blockers in lane wait warnings so queueAhead=0 no longer hides commands waiting behind active work. Fixes #82791. (#82792) Thanks @galiniliev.
• Process/diagnostics: stop counting the active processing turn as queued backlog in liveness warnings so transient max-only event-loop spikes do not surface as gateway warnings.
• Agents/replies: classify provider conversation-state rejections and return a clear message-channel error instead of auto-resetting or falling back to a generic runner failure. (#82616) Thanks @dutifulbob.
• Browser plugin: trust managed Chrome CDP diagnostics when launch HTTP probes race cold-start readiness, avoiding false startup failures. Fixes #82904. (#82986) Thanks @kmanan and @hclsys.
• Android: prompt before replacing a changed Gateway TLS thumbprint, showing the old and new SHA-256 fingerprints so users can accept expected certificate rotations instead of hard failing on pin mismatch. (#83077) Thanks @sliekens.
• CLI/status: render extra gateway-like service diagnostics as warning/info output instead of error output. Fixes #46930. (#82922) thanks @giodl73-repo.
• Agents/failover: classify Moonshot/Kimi exhausted-balance HTTP 429 payloads as billing instead of generic rate limits, preserving billing guidance and fallback behavior. Fixes #43447. (#83079) Thanks @leno23.
• Plugin SDK: bundle openclaw/plugin-sdk/zod into the published package artifact and verify the packed zod subpath stays self-contained, so pnpm global installs can register plugins without a package-local zod symlink. Fixes #78398. (#78515) Thanks @ggzeng.
• Providers/Google: drop compaction-truncated Gemini thought signatures before replay so malformed Base64 no longer aborts the next assistant turn. (#82995) Thanks @wAngByg.

Original source

Changes

Security/audit: add security.audit.suppressions for intentionally accepted audit findings, keeping suppressed matches out of the active summary while preserving them in JSON output with an active suppression notice. (#76949) Thanks @100menotu001.

Agents/subagents: label delegated task and subagent completion handoffs as ready for parent review, and tell requester agents to review/verify results before calling them done. (#78985) Thanks @100menotu001.

Providers/media: add fal and OpenRouter music-generation providers for the shared music_generate tool, including fal MiniMax/ACE/Stable Audio endpoints and OpenRouter Lyria audio output.

Maintainer tooling: warn before running JS package commands on raw Crabbox AWS boxes, pointing maintainers to Actions hydration or Blacksmith Testbox for CI-like proof.

Control UI: show provider quota usage in the Overview card and Chat header, and recover stale Chat in-progress state after missed terminal events. (#82647)

Mac app remote setup can now be preconfigured from openclaw-mac configure-remote, skips onboarding when config is already complete, supports direct LAN/Tailnet gateway URLs, allows private same-origin Control UI loads, and owns the SSH tunnel process when SSH is selected.

Providers/xAI: add xAI Grok OAuth login for SuperGrok subscribers, letting xai/* models and xAI media/tool providers authenticate without XAI_API_KEY.

CLI/cron: add openclaw cron run --wait with timeout and poll interval controls, plus exact cron.runs --run-id filtering so automation can block on one queued manual run. (#81929) Thanks @ificator.

Maintainer tooling: route Crabbox skill defaults through the repo brokered AWS config, leaving Blacksmith Testbox as an explicit opt-in instead of the broad-proof default.

CLI/onboarding: localize the setup wizard and bundled channel setup flows for English, Simplified Chinese, and Traditional Chinese. (#80645) Thanks @GaosCode.

Agents/skills: cache hydrated resolvedSkills across warm gateway turns while keying reuse by the redacted effective config, reducing redundant skill snapshot rebuilds without crossing config-gated skill boundaries. (#81451) Thanks @solodmd.

Group chat: add core inbound event classification with opt-in messages.groupChat.unmentionedInbound: "room_event", so always-on unmentioned room chatter can run as quiet context and speak visibly only via the message tool. (#81317) Thanks @obviyus.

Codex/context engines: bind thread-bootstrap projection epochs to Codex app-server threads, carry redacted tool-result context into fresh threads, and rotate backend threads when projection state changes. (#82351) Thanks @jalehman.

Agents/media: run image_generate through the shared async media-generation task lifecycle in session-backed chats, with task status, duplicate guarding, and message-tool completion delivery matching music/video.

Gateway: add opt-in restart trace logs for restart signal, active-work drain, close, next-start, ready, and memory spans. (#82396) Thanks @samzong.

Gateway/performance: split startup benchmark HTTP-listen timing from full gateway-ready timing and add post-bind plugin and sidecar diagnostics to restart-readiness traces. (#82603) Thanks @samzong.

QA-Lab: add a deterministic local personal-agent scenario pack covering reminders, threaded replies, scoped memory recall, redaction, and safe tool followthrough. (#78219) Thanks @iFiras-Max1.

QA-Lab: add --pack personal-agent for openclaw qa suite so maintainers can run the accepted personal-agent scenario pack by selector. (#82760) Thanks @iFiras-Max1.

QA-Lab: add a private Codex-vs-Pi runtime parity axis with runtime-pair suite runs, parity reports, and release-check wiring. (#80238) Thanks @100yenadmin.

Slack: add Slack assistant thread lifecycle support with assistant view manifest entries, suggested prompts, thread-scoped assistant sessions, and Slack-provided assistant context. Fixes #80787. Thanks @mobybot27.

Fixes

Agents/subagents: route group/channel subagent completions through message-tool-only handoffs when required and keep active-requester wake failures from dropping completion delivery. Fixes #82803. Thanks @galiniliev, @yozakura-ava, and @moeedahmed.

Memory-core: scan persisted memory source sessions on startup, comparing on-disk transcripts against the index and marking only missing/newer/resized files dirty for incremental sync. Fixes #82341. (#82341) Thanks @giodl73-repo.

Telegram: keep the top-level default account in the account list when named accounts or bindings are added alongside top-level credentials, preserving default polling while still letting named-only configs resolve to a single account. Fixes #82794. (#82794) Thanks @giodl73-repo.

WhatsApp: honor forced document delivery for outbound image, GIF, and video media so forceDocument/asDocument sends preserve original media bytes instead of using compressed media payloads. (#79272) Thanks @itsuzef.

Gateway/usage: refresh large session usage summaries in the background and reuse durable transcript metadata so sessions.usage no longer blocks Gateway requests on full transcript rescans. Fixes #82773. (#82778) Thanks @hclsys.

TUI: restore the submitted draft when chat is busy instead of clearing it or queueing another run. Fixes #45326. (#82774) Thanks @hyspacex.

Browser plugin: redact attach-details from Chrome MCP diagnostics and keep raw Chrome launch error output around long enough to surface in user reports without leaking sensitive paths.

System prompts: clarify MEMORY guidance over generic TTS hints in the embedded speech-core/system-prompt scaffolding so agents prefer memory-store usage over speech defaults. Fixes #81930. Thanks @giodl73-repo.

Agents/auth: include the checked credential source in missing API key errors, so users can see which env var, profile, or config path to fix. Fixes #82785. Thanks @loeclos.

Providers/GitHub Copilot: hash Responses replay item ids with sha256 instead of a weak 32-bit hash and build same-provider Copilot tool-call ids distinctly, so concurrent tool-call replays no longer collide and reject follow-up turns.

Agents/replay: normalize malformed assistant replay content before transport conversion while preserving empty-stop replay repair, so bad provider history no longer crashes with non-iterable content. Fixes #43795. (#82748) Thanks @IWhatsskill.

Gateway/macOS: write LaunchAgent stdout under ~/Library/Logs/openclaw, suppress stderr, and attach stdin to /dev/null so launchd startup avoids symlinked state-dir log failures and silent module-evaluation hangs. Fixes #40207 and #46153. Thanks @dhruvkelawala and @frankr.

CLI/configure: let model-only section setup enter provider auth directly instead of first asking where the Gateway runs, unblocking OAuth/token setup in terminals where that unrelated prompt is unresponsive. Fixes #39223. Thanks @LevityLeads.

Providers/Anthropic-messages: extract reasoning_content from thinking blocks during assistant replay so proxy providers that route through the Anthropic-messages transport preserve reasoning context across tool-call follow-up turns. Thanks @Sunnyone2three.

Agents/GitHub Copilot: normalize replayed Responses tool-call IDs before dispatch so resumed sessions with historical overlong tool IDs continue instead of failing Copilot schema validation. (#82750) Thanks @galiniliev.

CLI/web: resolve provider-scoped web search/fetch SecretRefs for infer web ... --provider ... while leaving unrelated plugin secrets untouched. Fixes #82621. Thanks @leno23.

Providers/Anthropic Vertex: resolve installed provider public surfaces from package-local dist/, restoring anthropic-vertex/* model calls after plugin externalization. Fixes #82781. Thanks @0L1v3DaD.

Gateway/exec approvals: bind path-shaped allowlists, safe-bin trust, skill auto-allow, Allow Always persistence, and approval audit metadata to the executable realpath so symlinked binaries cannot keep approvals after retargeting. Fixes #45595. Thanks @jasonftl.

Mac app: let menu gateway/session error text wrap across a few lines and stop rebuilding dynamic Context/Gateway menu rows while the menu is open, reducing flicker.

Mac app: make device pairing approval sheets friendlier, with concise Mac/device copy, shortened identifiers, friendly scope labels, and Approve as the primary action.

Providers/Qwen: honor session thinking level for qwen-chat-template payloads so /think off disables nested llama.cpp chat-template thinking controls. Fixes #82768. Thanks @bfox55.

Feishu/wiki: reject numeric wiki space IDs before creating Lark clients and keep numeric-looking IDs documented as quoted opaque strings, preventing JavaScript precision loss in knowledge base calls. Fixes #45301. (#82769) Thanks @hyspacex.

Control UI: simplify Talk settings to Voice, Model, and Sensitivity defaults, with provider, transport, exact VAD, and timing controls behind Advanced.

Telegram: let catch-all mention patterns match captionless group photos, so media-only group messages reach the agent when the group is intentionally configured to respond to all messages. Fixes #44833. (#82756) Thanks @IWhatsskill.

Gateway/pairing: reject forged loopback Control UI origins from non-local proxy paths, and keep mobile pairing setup on Tailscale bind mode pointing users to Tailscale Serve/Funnel instead of cleartext tailnet WebSockets.

Telegram/Gateway: persist isolated polling offsets only after main-thread dispatch and preserve gateway caller scopes for Telegram message actions, fixing consumed-but-unrouted polling updates and recursive CLI send scope approvals. Fixes #82277. (#82705) Thanks @udaymanish6.

Memory-core: abort timed-out embedding provider calls so remote embedding HTTP requests do not continue running after memory query or indexing timeouts. Fixes #82732. Thanks @adityarya24.

Channels/stream previews: contain rejected background draft-stream flushes so preview send failures do not surface as fatal unhandled rejections. Fixes #82712. (#82713) Thanks @coygeek.

Codex/app-server: keep shared native app-server clients isolated per agent runtime key so starting one agent no longer closes another agent's active Codex turn. Fixes #82758. Thanks @PashaGanson.

Providers/OpenAI Codex: include base gpt-5.5 and gpt-5.4 reasoning metadata in the bundled Codex catalog so /think xhigh remains available for those models. Fixes #82744.

Providers/OpenAI Codex: keep the native hook relay as the final Codex app-server thread config patch so hook-backed approvals stay enabled even when lower-priority config disables hooks. Thanks @solomonneas.

Providers/MiniMax: declare CN endpoint auth aliases in the plugin manifest so minimax-cn and minimax-portal-cn reuse the correct base auth profiles instead of falling back to unrelated models after 401s. Fixes #63823. Thanks @kamusis.

Secrets/audit: treat $VAR auth-profile values as env SecretRefs and stop reporting env-ref credentials as plaintext, including mixed keyRef plus env-ref profile states. Fixes #53998. Thanks @schirloc and @artwalker.

Agents/model fallback: suppress fallback notices when the active OpenAI Codex runtime reports the same canonical OpenAI model.

Agents/music generation: remove model-controlled request timeouts, default internal provider requests to five minutes, and keep configured timeouts at a 120-second floor.

Agents/media generation: stop logging delivered failure summaries as missing message-tool delivery when no generated media was expected.

Agents/sessions: prioritize manual user turns ahead of queued cron and maintenance work in the same session lane, so visible follow-ups no longer wait behind background runs. Fixes #82764. (#82765) Thanks @galiniliev.

Agents/edit tool: honor file_path and related path aliases when resolving edit-recovery targets, so post-write errors no longer surface false edit failures after the file actually changed. Fixes #81909. Thanks @giodl73-repo.

QQBot: treat only explicit truthy QQBOT_DEBUG values as enabling debug logs, so false-like values such as 0 no longer expose debug output. Fixes #82644. (#82697) Thanks @leno23.

Agents/session_status: resolve implicit no-arg status lookups against the live run session, so /think changes report the current thinking level instead of stale sandbox state. Fixes #82669. (#82696) Thanks @leno23.

Discord: keep progress drafts visible for message-tool-only guild replies under the default coding tool profile. Fixes #82747. Thanks @eliranwong.

Discord: keep unmentioned room-event history until a visible Discord send succeeds, so quiet ambient context does not disappear before message-tool delivery. (#82573) Thanks @obviyus.

CLI/setup: order the model/auth provider picker as OpenAI, Anthropic, xAI, Google, then the remaining providers alphabetically.

Diagnostics/usage/voice-call: treat explicit zero and non-finite limits as empty results and reject invalid voice-call numeric CLI flags. Fixes #82646, #82650, #82651, and #82653. (#82679) Thanks @leno23.

CLI/config: avoid redundant startup config/plugin checks for the guided openclaw config flow and show progress while source checkout CLI artifacts build or load.

Config/Mac app: accept gateway.remote.remotePort in core config validation so Mac SSH remote setup stays compatible with the CLI.

Gateway/diagnostics: add opt-in critical memory pressure stability snapshots with gateway logs, V8 heap, cgroup, active-resource, and redacted large session-file evidence. Fixes #82518.

Doctor/Gateway: avoid treating unrelated macOS LaunchAgents as legacy gateways just because their environment values mention old checkout paths.

Gateway/heartbeat: defer heartbeat runs while the target reply operation is queued or active, preventing heartbeat prompts from interleaving with WebChat responses before the streaming lane starts. Fixes #82722. Thanks @Andy-Xie-1145.

CLI/setup: collapse raw gateway config keys in existing-config summaries into friendly Model and Gateway rows.

CLI/config: show concise human config-write output with an indented backup path instead of printing checksum-heavy overwrite audit details by default.

CLI/docs: call the canonical lowercase docs MCP search tool and surface MCP errors instead of returning empty search results. Fixes #82702. (#82704) Thanks @hclsys.

QA-Lab: add gateway log sentinels for plugin hook failures, Codex app-server stalls/timeouts, cron allowlist drift, live quota blockers, and direct-reply self-message transcripts so harness proof fails on self-health regressions. (#80323) Thanks @100yenadmin.

QA-Lab: ignore heartbeat-only operational transcripts when capturing runtime parity cells so background checks cannot replace the scenario reply. (#80323) Thanks @100yenadmin.

QA-Lab: pin threaded-memory parity runs to memory-core, keep bundled plugin resolution enabled for QA commands, and retry transient session-store lock reads. (#72045) Thanks @WuKongAI-CMU.

QA-Lab/qa-channel: keep mock memory ranking, inbound media notes, and opened-file realpath checks stable for mock OpenAI qa-channel runs. (#66826) Thanks @gumadeiras.

Gateway/exec approvals: wait for accepted async approval follow-up runs instead of direct-fallback sending duplicate completions when retries use different nonce keys. Fixes #82711. (#82717) Thanks @udaymanish6.

Agents/subagents: mark completed subagent handoffs as ready for parent review so requester agents verify results and continue required follow-up work before reporting done. (#82724) Thanks @100menotu001.

QA-Lab: validate Capture saved views loaded from browser storage so malformed local state cannot poison Capture inspector filters or layout controls. (#77722) Thanks @AsaZhou923.

Agents/performance: reuse prepared plugin manifest metadata across local CLI turns, model catalog normalization, auth lookups, and tool capability checks, restoring fast pre-provider startup for plugin-heavy installs. Thanks @shakkernerd.

CLI/config: add --dry-run support to openclaw config unset, with --json output and allow-exec validation parity with config set/config patch dry-run handling. (#81895) Thanks @giodl73-repo.

CLI/infer: resolve command SecretRefs before local provider-backed capability runs, so web search/fetch and other local infer commands can use plugin-scoped credential refs. Fixes #82621. (#82798) Thanks @joshavant.

Memory-core: retry disabled dreaming cron cleanup until cron is available after startup, so persisted managed dreaming jobs are removed after restart. Fixes #82383. (#82389) Thanks @neeravmakwana.

Providers/xAI: keep retired Grok 3, Grok 4 Fast, Grok 4.1 Fast, and Grok Code slugs out of model pickers while preserving compatibility resolution for existing configs.

Providers/xAI: replace the retired grok-imagine-image-pro image model with grok-imagine-image-quality in the bundled image-generation provider and docs. (#81399) Thanks @KateWilkins.

Providers/OAuth: let browser-hosted identity provider pages read successful localhost callback responses, preventing xAI Grok OAuth from showing a false connection failure after OpenClaw completes login.

Gateway/security: reject malformed HTTP and WebSocket request targets with the existing auth failure response instead of letting invalid URL parsing crash the Gateway. Fixes GHSA-6hc3-f4rg-377m.

Browser/CDP: redact credential-bearing Chrome MCP and managed Chrome launch diagnostics, and require exact loopback entries before treating NO_PROXY as already covering local CDP proxy bypasses.

Gateway/diagnostics: redact credential-bearing gateway target URLs and client diagnostics while preserving raw connection URLs for programmatic use, so connect-failure logs no longer surface embedded tokens.

Gateway/auth: honor OPENCLAW_GATEWAY_TOKEN as the remote interactive fallback when no remote token is configured, keeping remote TUI setup aligned with documented auth precedence.

Providers/xAI: continue polling video generations while xAI reports in-flight jobs as pending, so Grok video requests no longer fail before the final done response. (#82610) Thanks @Manzojunior.

Logs: redact raw Basic auth and named security headers from logs.tail output before returning lines to read-scoped clients. Fixes #66832. Thanks @Magicray1217.

CLI/gateway: emit structured JSON for gateway transport close/timeout failures when --json is requested by health, gateway health, and devices list commands. Fixes #79108. Thanks @TurboTheTurtle.

Telegram: normalize announce group targets via a new resolveSessionTarget channel hook so scheduled announcements resolve consistently against the same Telegram session conversation registry as inbound turns. Fixes #81229. Thanks @giodl73-repo.

QA/RTT: let pnpm rtt lease Convex-backed Telegram credentials while preserving RTT sample counts, sample timeouts, and result stats on the RTT harness path.

Discord: bind delayed gateway identify retries to the originating socket generation so retries triggered after a reconnect do not identify against a fresh socket. Fixes #82225. Thanks @giodl73-repo.

ACP/control plane: refresh cached runtime handles when agent config changes so ACP sessions stop using stale runtimes after agents.defaults edits. Fixes #82237. Thanks @giodl73-repo.

Gateway/sessions: scope session data lookups by agent id so multi-agent gateway state cannot cross-leak session records across configured agents. (#81386) Thanks @pgondhi987.

Gateway/restart: mark active main sessions as restart-aborted before forced restarts so startup recovery can resume interrupted turns instead of leaving them stranded as running. Fixes #82433. (#82772) Thanks @joshavant.

Agents/media: require generated music/video completion agents to use the message tool for visible delivery and stop merging generated image attachments into message-tool-only source reply mirrors, avoiding direct fallback posts that can duplicate media the model already sent.

Agents/media: accept generated media attachments on internal completion events and report delivery-loss failures as errors, so completed background music/video tasks do not disappear after provider success.

Matrix/approvals: release in-flight reaction bindings when the channel approval handler stops mid-delivery, preventing stale approval targets after restart. Fixes #82485. (#82482) Thanks @Feelw00.

Matrix/E2EE: stop requesting MSC4222 state_after sync responses so homeservers with incomplete state-after data do not leave fresh encrypted rooms without outbound room encryptors. Fixes #82515. Thanks @nickdecooman.

TUI: update the displayed model in real time when an auto-fallback resolution swaps in a different model mid-turn, so the status line reflects the actual model handling the run. Fixes #82296. Thanks @giodl73-repo.

Gateway/sessions: estimate context usage from local/OpenAI-compatible transcripts when provider usage telemetry is missing, so status no longer shows empty usage for real local-model sessions. Fixes #73990. (#82317) Thanks @giodl73-repo.

Update/installers: override npm min-release-age quarantine for OpenClaw-managed package installs, so openclaw update, plugin updates, and hosted installer scripts can install the requested latest release immediately.

Agents/sessions: preserve fresh post-compaction token snapshots across stale usage updates, preventing repeated auto-compaction after every message. Fixes #82576. (#82578) Thanks @njuboy11.

Agents/replies: preserve active inbound reply context at the LLM boundary so Discord referenced-message turns do not answer from stale session history. Fixes #82608. (#82801) Thanks @joshavant.

Agents/OpenAI Responses: log redacted diagnostics for detail-less response.failed events while preserving failed response ids, so operators can correlate provider-side failures. Fixes #82558.

Agents/OpenRouter: strip non-replayable Anthropic/xAI reasoning provenance tags from follow-up requests, preventing poisoned thinking signatures from breaking second turns. Fixes #82335. (#82380) Thanks @hclsys.

Providers/xAI: send configurable reasoning effort only for Grok 4.3, preserving xAI's default low reasoning while omitting unsupported controls for Grok 4.20 reasoning models. (#81227) Thanks @jason-allen-oneal.

Image generation: raise Google, OpenRouter, and xAI hosted provider default timeouts to 180 seconds so slow hosted image requests have more time to complete. (#75337)

Agents/auth: redact OAuth refresh failure causes against in-memory, attempted, and reloaded credentials before generic token masking while ensuring failed ACP dispatch cleanup closes initialized runtimes.

Google/Gemini CLI OAuth: add provider-owned refresh support for google-gemini-cli so expired Gemini CLI tokens refresh in OpenClaw instead of falling through to the generic unknown-provider path. Fixes #42541. Thanks @jason-allen-oneal.

Agents/Anthropic transport: replay reasoning_content from compatible thinking blocks for Xiaomi/MiMo-style Anthropic Messages routes, preventing follow-up turns from losing required reasoning context. Fixes #81261. Thanks @Sunnyone2three.

Telegram: cache successful startup bot identity by account and token fingerprint for up to 24 hours, so restarts can skip redundant getMe probes during Telegram API slow periods without permanently pinning renamed bots. Refs #82525.

Telegram: keep streamed text replies in place when delayed TTS audio arrives, sending the audio as a follow-up instead of deleting the preview. Fixes #82570. (#82820) Thanks @joshavant.

Gateway/sessions: discard stale metadata when recreating dead main session rows, so replacement sessions do not inherit old labels or transcript paths.

Codex app-server: mark native context compaction completion events as successful, preventing false "Compaction incomplete" notices after successful Codex-managed compaction. Fixes #82470. (#81593) Thanks @Kyzcreig.

Codex app-server: keep long-running turns alive while current-turn approvals, user input, dynamic tools, and notifications make progress, and carry that progress into the outer run timeout. (#82601) Thanks @100yenadmin.

Gateway/channels: hand off traced channel account startup outside the startup diagnostic phase so long-lived channel tasks do not keep liveness warnings pinned to channel startup. Refs #82398.

Gateway/restart: queue restart and shutdown signals received while the gateway startup loop is still returning its server handle, so startup-time restarts are not dropped during update churn. (#82660) Thanks @samzong.

Gateway/restart: carry operator restart intent reasons into macOS LaunchAgent restart traces, so cascade diagnostics identify gateway.restart instead of a bare SIGTERM.

GitHub Copilot: route device-login requests through the plugin SSRF guard with a GitHub-only policy.

Group/channel replies: keep message-tool-preferred final replies private when the agent misses the message tool, and log suppressed payload metadata in the gateway debug log for quieter diagnosis.

Gateway/WebChat: route image attachments through a configured vision-capable imageModel plan before inlining images, and carry that image-model fallback chain through runtime retries. (#82524) Thanks @frankekn.

macOS app: open the Dashboard in a native WebKit window with standard macOS traffic-light controls, keep the Dock icon visible by default, and reuse the app's connected gateway auth for automatic Control UI login.

WebChat: show progress while manual /compact is running by streaming a session operation event to subscribed Control UI clients. Fixes #82407. Thanks @Conan-Scott.

Codex app-server: limit canonical OpenAI Codex app-server attribution rewrites to local transcript and trajectory records, leaving runtime/tool routing on the selected OpenAI model metadata so OpenAI API-key backup profiles keep their billing path.

Codex app-server: hide native tool-search control tools from dynamic tool exposure while preserving the message tool.

Android/chat: make bare and markdown URLs in chat messages tappable by preserving Compose URL annotations in rendered markdown. Fixes #82187. (#82392) Thanks @neeravmakwana.

Plugins/doctor: migrate legacy top-level plugin tools declarations into contracts.tools, so openclaw doctor --fix repairs local plugins for the manifest tool contract. (#81112) Thanks @100yenadmin.

Slack: guide agents to use stable <@USER_ID> mention tokens from context instead of plain @name text, so user mentions link and notify correctly. Fixes #82090. (#82152) Thanks @neeravmakwana.

Auth: serialize provider login writes through the auth-profile lock for OpenAI Codex, Anthropic, Cloudflare AI Gateway, GitHub Copilot, and z.ai, preserving upsert semantics so a live Gateway cannot overwrite freshly refreshed OAuth credentials with an expired in-memory snapshot.

Auth/Codex: remove runtime support for oauthRef sidecar-backed OAuth profiles and add a doctor repair that migrates affected Codex profiles back to inline auth-profiles.json credentials. (#82777) Thanks @joshavant.

Slack: keep DM thread replies on the main direct-message session instead of routing them to invisible thread-scoped sessions. Refs #82390. (#82418) Thanks @kagura-agent.

Auth/macOS: avoid creating the OAuth profile master key in Keychain automatically, falling back to the file-backed secret key so headless agents do not trigger a Keychain prompt.

Codex app-server: release raw assistant completions when turn/completed is missing while keeping commentary/status items as progress, preventing completed Codex runs from hanging until timeout. Fixes #82343. (#82403) Thanks @IWhatsskill.

Codex app-server: keep a bounded terminal guard after post-tool raw assistant completions so missing turn/completed events fail fast instead of leaving embedded runs stuck. Fixes #82775. (#82816) Thanks @joshavant.

Agents/sessions: remove the transient *.bak-<pid>-<ts> backup written by repairSessionFileIfNeeded once the atomic replace succeeds, so a stuck session with a persistently malformed JSONL line no longer accumulates one snapshot per repair invocation. Fixes #80960. (#80969) Thanks @100yenadmin. Co-authored by @tynamite.

CLI/status: show plain empty-state messages instead of empty Channels and Sessions tables when no channels or sessions exist.

CLI/dashboard: probe Gateway readiness before handing out the dashboard URL, prompting to start or install the managed service when the Gateway is stopped and printing recovery commands instead of opening a dead browser tab.

CLI/dashboard: treat Gateway device identity required probes as proof that the dashboard listener is reachable, so openclaw dashboard can still open the Control UI.

CLI: hide decorative startup and status emoji on terminals that are unlikely to render them correctly, keeping semantic message and identity emoji intact.

CLI/gateway: recover the Linux user systemd bus environment when openclaw dashboard starts the Gateway from stripped desktop shells such as VNC terminals.

Gateway/WebSocket: log expected startup 1013 gateway starting retry closes at debug instead of warn while preserving WARN for unexpected pre-connect failures. Fixes #76361. (#82457) Thanks @IWhatsskill.

Providers/Xiaomi: strip synthetic empty array items from MiMo tool schemas while preserving typed array items, avoiding strict OpenAI-compatible schema rejection.

Telegram: send the transcript-backed full final answer after progress-mode tool drafts when the dispatcher final payload is an ellipsis-truncated snapshot. Fixes #82409. Thanks @PashaGanson.

Providers/Ollama: omit truthy native think payloads for models marked non-reasoning while preserving supported thinking models and explicit think: false. (#82445) Thanks @leno23.

Update/channels: preserve pre-update channel config through package-swap doctor and post-core plugin repair so externalized channel upgrades do not drop configured chat channels. Fixes #82533. Thanks @imbaig.

CLI/context engines: bootstrap and finalize non-legacy context engines for CLI turns while preserving transcript snapshots and deferred maintenance ownership. (#81869) Thanks @sahilsatralkar.

Telegram: persist polling updates through restart replay so queued same-topic messages resume in order instead of losing context after a gateway restart. (#82256) Thanks @VACInc.

Gateway/Gmail: abort in-flight Gmail watcher startup and hot-reload restarts before shutdown so reloads cannot spawn gog serve after the Gateway is closing. Thanks @frankekn.

Agents/Codex: fall back to the embedded PI runner when OpenAI's implicit Codex harness preference cannot find a registered Codex plugin, preventing OpenAI-compatible gateway requests from failing with an unregistered harness error. Fixes #82437.

Agents/OpenAI: honor openai-codex:* entries placed ahead of API-key backups in auth.order.openai for explicit OpenAI PI runs, and accept models auth login --provider openai-codex --device-code for headless sign-in. Fixes #82521. (#82605)

CLI/channels: install missing externalized same-id channel plugins during channels add --channel <id>, so recovery for WhatsApp and other externalized stock channels does not require a separate plugins enable step. Fixes #82533.

MCP plugin tools: forward host MCP tools/call AbortSignal through createPluginToolsMcpHandlers().callTool into plugin tool.execute, so host cancellation actually cancels in-flight plugin tool calls instead of letting them run to completion. Fixes #82424. (#82443) Thanks @joshavant.

Agents/sandbox: honor explicit Docker sandbox env variables with credential-looking names during container creation, and recreate affected sandbox containers when the effective env policy changes. Fixes #82695. (#82763) Thanks @joshavant.

Plugins: accept deprecated api.on("deactivate") registrations as a dated compatibility alias for gateway_stop, so external plugin cleanup handlers run on Gateway shutdown while authors get migration guidance.

Plugins: resolve bundled entry, dist-runtime, package-state, and public artifact paths from packaged roots, so bundled plugin probes and hardlinked public surfaces no longer fall back to source files or fail during restart. Fixes #78462. Fixes #75797. Refs #76865. Thanks @ginishuh and @ymebosma.

Media: ignore image MIME and filename hints when bytes sniff as generic containers, so zip/octet-stream payloads mislabeled as images do not become local image media or keep image file extensions when staged.

Update/doctor: avoid materializing groupAllowFrom for channel schemas that reject it, so package-swap doctor repairs do not fail on externalized Slack configs.

Gateway/media: prevent image filenames from overriding generic non-image byte sniffing, so zip/octet-stream payloads mislabeled as images are offloaded or rejected before they become inline image attachments.

Plugins/web search: downgrade stale optional provider installs to warnings so Gateway and doctor repair paths keep running after startup provider selection. Refs #82313. Thanks @crackmac.

Telegram/Gateway: route targeted Telegram /stop@bot messages onto the control lane without cached bot metadata and match gateway stop requests across raw/canonical session aliases. (#82298) Thanks @VACInc.

MS Teams/media: sniff inline data:image/* attachment bytes before staging them, skipping payloads that are not actually images.

WebChat/media: require trusted local-media provenance before preserving local audio reply paths for display, so untrusted audio-looking paths go through normal staging and read-policy checks.

WebChat: trust local Auto-TTS audio on block-streamed replies, including ACP-dispatched tails, so synthesized browser audio renders instead of being silently dropped. Fixes #82628. (#82701) Thanks @leno23.

Agents/tool media: preserve trusted local-media provenance when merging generated tool attachments into final reply payloads, so trusted audio/media survives outbound display normalization.

Anthropic/Claude CLI: write model-scoped claude-cli runtime policy when reusing local Claude CLI auth, so upgraded Telegram and Dashboard gateway turns keep using the CLI backend instead of falling through to Anthropic API billing. Fixes #82344. Thanks @amknight.

Update: let package-swap doctor --fix persist core config repairs while plugin schemas are still converging, preventing update failures on externalized channel configs.

Update: carry plugin-validation bypasses into config mutation pre-write reads, so package update doctor repairs can finish while externalized plugin schemas are converging.

Update/doctor: keep plugin-validation bypasses on the top-level $include config write path, so package repair can update included plugin config files without flattening them into the root config.

Agents/subagents: warn and continue completion announce cleanup when lifecycle cleanup fails, preventing ended subagent runs from becoming silent ghosts. Fixes #82306. Thanks @SebTardif.

Telegram: let authorized text /stop commands use the fast-abort path before queued agent work, so active turns stop immediately instead of processing the abort after the turn finishes; foreign-bot /stop@otherbot mentions now stay on the regular topic lane instead of being routed into our control lane. Fixes #82162. Thanks @civiltox.

Sessions: drop persisted entries with invalid session ids and strip malformed transcript file metadata before hydrating session runtime state.

Auth/device: normalize malformed persisted device-auth token metadata before returning or preserving token entries.

Pairing: skip malformed persisted pending pairing requests before approving valid channel pairing codes.

Commitments: strip malformed optional reminder scope metadata from persisted commitments before matching pending follow-ups.

Config persistence: normalize malformed auth profile credential fields/state, skip JSON-valid garbage transcript checkpoint rows, and let openclaw doctor --fix remove unrepairable cron job rows.

Cron: skip persisted job rows with malformed schedule or payload shapes in memory, leaving the store for openclaw doctor --fix instead of hydrating them into runtime state.

Cron: keep legacy string schedules and blank system-event jobs available for runtime repair/skip handling instead of dropping them as malformed persisted rows.

Cron: reject empty scheduled main/isolated payloads before persisting jobs, keeping runtime stores compatible with malformed-row hardening.

Task persistence: drop malformed array/scalar requester-origin JSON from task and task-flow SQLite sidecars instead of restoring it as delivery metadata.

Agents/timeouts: clarify model idle-timeout errors and docs so provider timeoutSeconds is shown as bounded by the whole agent/run timeout ceiling.

Agents/OpenAI streams: yield cooperatively while processing bursty Completions and Responses chunks, keeping aborts, channel liveness timers, and startup heartbeats responsive under noisy model output. Refs #82462.

Media/images: avoid broad model/plugin discovery while preparing image requests, preventing Windows event-loop stalls that could block Telegram polling. Fixes #82338. (#82799) Thanks @joshavant.

Release tooling: align the published launcher Node floor, npm start, package script checks, sharded lint locking, Vitest root project coverage, and plugin-SDK declaration build cache metadata so release/package validation does not silently skip or ship stale surfaces.

Cron/agents: honor configured subagent model fallbacks for isolated scheduled runs and forward that fallback policy into embedded agent timeout failover. Fixes #74985. Thanks @chrisgwynne.

Codex app-server/MCP: scope user MCP servers to specific OpenClaw agent ids through an optional mcp.servers.<name>.codex.agents list and accept codex.defaultToolsApprovalMode (auto/prompt/approve) for native Codex approval defaults; OpenClaw strips the codex block before handing mcp_servers config to Codex. (#82180) Thanks @sercada.

Agents/OpenAI Responses: clamp input_tokens - cached_tokens at zero and reconstruct totalTokens from input + output + cached components so Responses-API streams report consistent usage when providers under-report input_tokens relative to cached_tokens.

Agents: mark adapter-caught tool execution failures as error tool results in embedded Pi sessions, so models can retry recoverable edit failures instead of seeing a successful tool result. Fixes #81546. (#81564) Thanks @najef1979-code and @MonkeyLeeT.

Plugins: reject malformed package.json openclaw.extensions metadata during install, discovery, and post-update payload smoke instead of silently dropping invalid entries.

Plugins: reject package metadata records whose package.json resolves outside the plugin root instead of trusting persisted or reconstructed registry snapshots.

Plugins: ignore malformed persisted package channel/install metadata instead of crashing catalog reconstruction or leaking invalid install hints.

Plugin releases: reject package files negations that would omit advertised package-local runtime entries from npm plugin tarballs.

Media/files: sniff input_file bytes before trusting declared MIME headers, rejecting spoofed image or zip payloads before they become agent-visible text.

Plugins/dependencies: scrub stale managed-root openclaw ownership metadata without deleting a linked active host package, preventing plugin installs from downgrading npm-global hosts. Fixes #79462. Thanks @lisandromachado.

Gateway/update: keep shutdown hook-runner imports on a stable dist entry and ship a legacy chunk alias so package swaps do not strand running gateways on missing shutdown chunks. Fixes #81819. Thanks @najef1979-code.

Config persistence: ignore malformed array/scalar auth profile, cron job state, and session store entries instead of hydrating them into numeric profile ids, crashed cron rows, or invalid session records.

Config persistence: strip malformed pending final-delivery session fields on load so replay/recovery paths skip poisoned reply metadata instead of crashing on raw objects.

Config persistence: strip malformed plugin extension state and promoted session-slot ownership on load so corrupted session rows do not leak poisoned plugin metadata into replay/projection paths.

Gateway/sessions: ignore malformed compaction checkpoint rows during session projection so corrupted stores do not crash session list/describe responses or show bogus checkpoint counts.

Gateway/sessions: keep reachable transcript history when imported tree transcripts reference missing or legacy parent rows, preventing session history reads from going empty after a partial import.

Trajectory export: report incomplete transcript parent chains and stop cyclic branch walks so malformed imports cannot hang /export-trajectory.

Session replay: skip malformed user/assistant-shaped transcript rows during silent session resets instead of copying invalid entries into the fresh transcript.

Backup verify: report malformed archive manifests with a stable error instead of leaking raw JSON parser details.

Session export: report skipped malformed transcript JSONL rows instead of silently omitting them from exported HTML archives.

Providers: reject malformed successful Runway, BytePlus, and Ollama embedding responses with provider-owned errors instead of raw parser/type failures, silent bad vectors, or long bogus polling.

Providers/images: reject malformed successful OpenAI-compatible, OpenAI, Google, fal, and OpenRouter image responses with provider-owned errors instead of raw shape failures, silent invalid base64 skips, or empty image results.

Providers/videos: reject malformed successful xAI, OpenRouter, and fal video create, poll, and result responses with provider-owned errors instead of raw parser failures or long bogus polling.

Providers/videos: let selected-model capability overlays clear inherited providerOptions, so fallback skips models that explicitly accept no provider-specific options instead of forwarding unsupported knobs.

TTS/providers: honor preferred provider aliases when routing model override directives, so alias-selected speech providers receive unqualified [[tts:*]] overrides.

Providers/audio: reject malformed successful OpenAI-compatible, ElevenLabs, and Deepgram speech responses with provider-owned errors instead of raw parser failures, wrong-shaped transcripts, or JSON/text bodies treated as audio.

Providers/embeddings: reject malformed successful OpenAI-compatible, Google Gemini, and Amazon Bedrock embedding responses instead of silently returning empty or coerced vectors.

Providers/catalogs: reject malformed successful LM Studio, GitHub Copilot, DeepInfra, Vercel AI Gateway, and Kilocode model-list responses with provider-owned errors instead of raw parser/type failures or silent fallback catalogs.

Providers/polling: reject array, null, or scalar successful operation status responses with provider-owned malformed JSON errors instead of waiting until timeout.

ACPX/Codex: reap plugin-local Codex ACP adapter orphans on startup after wrapper crashes while keeping direct adapter commands out of launch-lease injection. Fixes #82364. (#82459) Thanks @joshavant.

Agents/model fallback: periodically probe the configured primary for auto-pinned fallback sessions, announce fallback/recovery transitions, and clear the pin when it recovers, preventing sessions from staying on a fallback model indefinitely. Fixes #82544. Thanks @crpol.

Telegram: send presentation-only payloads by rendering fallback text and inline buttons instead of treating them as empty. Fixes #82404. (#82449) Thanks @joshavant.

Providers/Kimi: preserve Kimi Coding reasoning_content replay and backfill assistant tool-call placeholders when thinking is enabled, so kimi-for-coding follow-up tool turns no longer fail after prior tool use. Fixes #82161. Thanks @amknight.

Providers/search tools: reject malformed successful xAI, Gemini, and Kimi web/code search responses with provider-owned errors instead of silent No response payloads or ungrounded fallback state.

Trajectory export: skip and report malformed session/runtime JSONL rows in manifest.json instead of letting wrong-shaped session rows crash support bundle export.

Voice calls: persist rejected inbound-call replay keys so duplicate carrier webhook retries stay ignored after a Gateway restart.

Config/doctor: copy fallback-enabled channel allowFrom entries into explicit groupAllowFrom allowlists during openclaw doctor --fix, preserving current group access without adding runtime fallback-transition flags.

Config/doctor: replace source-only official Brave and Slack plugin installs from trusted catalog metadata during openclaw doctor --fix, unblocking externalized stock plugin recovery after upgrade. (#82425) Thanks @joshavant.

Config/memory: warn instead of rejecting configs that select the official external memory-lancedb slot before the plugin is installed, with an explicit no-persistent-memory startup warning and install hint. Fixes #82428. (#82438) Thanks @giodl73-repo.

Agents/bootstrap: ignore stale completed root BOOTSTRAP.md context after workspace setup cleanup fails, preventing channel agent turns from treating it as a directory. (#82463) Thanks @joshavant.

Update/doctor: re-enable the Codex plugin during openclaw doctor --fix when configured OpenAI agent models require the Codex runtime, preventing upgraded configs from failing with an unregistered Codex harness. Fixes #82368. (#82502) Thanks @joshavant.

Configure: show one OpenAI provider entry with ChatGPT/Codex sign-in and API key choices, and keep browsed Codex models in the saved /model picker allowlist.

Agents/model fallback: preserve auto fallback chains across deferred config reloads when session fallback provenance survives but modelOverrideSource is missing. Fixes #81982. Thanks @joshavant.

Hooks: raise bounded gateway lifecycle hook wait budgets to 5 seconds for shutdown and 10 seconds for pre-restart, giving short restart notification handlers time to finish before shutdown continues. (#82273) Thanks @bryanbaer.

Plugin releases: require external package compatibility metadata in the npm plugin publish plan, matching the ClawHub package contract before packages ship.

Agents/OpenAI-compatible: honor per-model max_completion_tokens/max_tokens params in embedded OpenAI-completions runs so high-token Kimi-style routes keep their configured completion cap. Fixes #82230. Thanks @albert-zen.

Agents/local: install a local gateway request scope around trusted openclaw agent --local runs, so subagent completion announces can use in-process gateway dispatch without crashing. Fixes #82140. Thanks @Kushmaro.

Cron: keep failed isolated-agent runs from marking successful result delivery when only the failure notification was delivered. Fixes #72985. Thanks @Allenbluff.

Discord: validate message-read results before normalizing channel history and report unexpected payloads with a Discord boundary error instead of map is not a function. Fixes #82252. Thanks @jessewunderlich.

Agents/runtime: apply agents.defaults.models["provider/*"].agentRuntime as provider-wide model runtime policy while preserving exact model runtime precedence. Fixes #82243. Thanks @rendrag-git.

Model picker: show the effective Codex runtime first for official OpenAI routes while keeping Pi available as an alternate and preserving Pi-first custom OpenAI-compatible providers. Fixes #82269. Thanks @rendrag-git.

Agents/auto-reply: restrict NO_REPLY prompt guidance to automatic group/channel replies, remove legacy silent-reply rewrites, and suppress accidental direct-chat silent tokens instead of delivering fallback text. Fixes #82254. Thanks @absol89.

Telegram: retain a longer partial-stream preview when a final callback only carries an ellipsis-truncated snapshot, preventing the visible answer and transcript mirror from being replaced by the short preview. Fixes #82239. Thanks @crash2kx.

Telegram/active-memory: run blocking memory recall through the Telegram provider for direct-message turns even when the hook context carries the raw chat id, preventing embedded recall from launching against an invalid numeric channel. Fixes #82177. Thanks @cslash-zz.

Control UI/WebChat: keep optimistic image messages from embedding large inline data: previews and preserve image-only user turns in chat history, avoiding browser stack overflows when sending image attachments. Fixes #82182. Thanks @ExploreSheep.

Agents/media: preserve message-tool-only delivery for generated music and video completion handoffs, so group/channel completions do not finish without posting the generated attachment.

Telegram: drain queued outbound deliveries after polling reconnect confirms fresh getUpdates activity, so stale-socket and network recovery do not leave failed replies stranded. Fixes #50040. Refs #82175. Thanks @dmitriiforpost-commits and @shellyrocklobster.

Gateway/model auth: abort active provider runs when saved auth is removed through the Gateway control plane, refresh live runtime auth snapshots, and surface stopReason: "auth-revoked" to clients. Fixes #81987. (#82346) Thanks @joshavant.

Codex app-server: keep the raw tool-output idle watchdog armed after custom_tool_call_output notifications, so post-tool stream silence fails fast instead of waiting for the terminal idle timeout. Fixes #82274. (#82378) Thanks @joshavant.

Codex app-server: enforce OpenClaw before_tool_call policy for Codex-native app-server shell and approval paths, preventing native tool execution from bypassing plugin policy. Fixes #82372. (#82496) Thanks @joshavant.

Telegram: mark isolated polling ingress unhealthy when a spooled inbound backlog stalls while Bot API polling still succeeds, so gateway/channel health no longer stays green after Telegram DM processing wedges. Fixes #82175. Thanks @shellyrocklobster.

Telegram: drop expired approval callbacks from isolated polling after approval id expiry so stale inline-button updates do not retry forever across restarts. Fixes #82347. (#82455) Thanks @joshavant.

Agents: strip Gemini/Gemma <final> tags with attributes or self-closing syntax from delivered replies, including strict final-tag streaming enforcement. Fixes #65867. Thanks @grizdum.

macOS/update: disarm legacy ai.opencl

Original source

Changes

Providers/xAI: add xAI Grok OAuth login for SuperGrok subscribers, letting xai/* models and xAI media/tool providers authenticate without XAI_API_KEY.

CLI/cron: add openclaw cron run --wait with timeout and poll interval controls, plus exact cron.runs --run-id filtering so automation can block on one queued manual run. (#81929) Thanks @ificator.

Maintainer tooling: route Crabbox skill defaults through the repo brokered AWS config, leaving Blacksmith Testbox as an explicit opt-in instead of the broad-proof default.

CLI/onboarding: localize the setup wizard and bundled channel setup flows for English, Simplified Chinese, and Traditional Chinese. (#80645) Thanks @GaosCode.

Agents/skills: cache hydrated resolvedSkills across warm gateway turns while keying reuse by the redacted effective config, reducing redundant skill snapshot rebuilds without crossing config-gated skill boundaries. (#81451) Thanks @solodmd.

Telegram/group chat: add opt-in messages.groupChat.ambientTurns: "room_event" handling so always-on ambient chatter can run as quiet room context and speak visibly only via the message tool. (#81317) Thanks @obviyus.

Codex/context engines: bind thread-bootstrap projection epochs to Codex app-server threads, carry redacted tool-result context into fresh threads, and rotate backend threads when projection state changes. (#82351) Thanks @jalehman.

Gateway: add opt-in restart trace logs for restart signal, active-work drain, close, next-start, ready, and memory spans. (#82396) Thanks @samzong.

Gateway/performance: split startup benchmark HTTP-listen timing from full gateway-ready timing and add post-bind plugin and sidecar diagnostics to restart-readiness traces. (#82603) Thanks @samzong.

Fixes

Gateway/diagnostics: redact credential-bearing gateway target URLs and client diagnostics while preserving raw connection URLs for programmatic use, so connect-failure logs no longer surface embedded tokens.

Telegram: normalize announce group targets via a new resolveSessionTarget channel hook so scheduled announcements resolve consistently against the same Telegram session conversation registry as inbound turns. Fixes #81229. Thanks @giodl73-repo.

Discord: bind delayed gateway identify retries to the originating socket generation so retries triggered after a reconnect do not identify against a fresh socket. Fixes #82225. Thanks @giodl73-repo.

ACP/control plane: refresh cached runtime handles when agent config changes so ACP sessions stop using stale runtimes after agents.defaults edits. Fixes #82237. Thanks @giodl73-repo.

Gateway/sessions: scope session data lookups by agent id so multi-agent gateway state cannot cross-leak session records across configured agents. (#81386) Thanks @pgondhi987.

Agents/media: accept generated media attachments on internal completion events and report delivery-loss failures as errors, so completed background music/video tasks do not disappear after provider success.

Matrix/approvals: release in-flight reaction bindings when the channel approval handler stops mid-delivery, preventing stale approval targets after restart. Fixes #82485. (#82482) Thanks @Feelw00.

Matrix/E2EE: stop requesting MSC4222 state_after sync responses so homeservers with incomplete state-after data do not leave fresh encrypted rooms without outbound room encryptors. Fixes #82515. Thanks @nickdecooman.

TUI: update the displayed model in real time when an auto-fallback resolution swaps in a different model mid-turn, so the status line reflects the actual model handling the run. Fixes #82296. Thanks @giodl73-repo.

Gateway/sessions: estimate context usage from local/OpenAI-compatible transcripts when provider usage telemetry is missing, so status no longer shows empty usage for real local-model sessions. Fixes #73990. (#82317) Thanks @giodl73-repo.

Update/installers: override npm min-release-age quarantine for OpenClaw-managed package installs, so openclaw update, plugin updates, and hosted installer scripts can install the requested latest release immediately.

Agents/sessions: preserve fresh post-compaction token snapshots across stale usage updates, preventing repeated auto-compaction after every message. Fixes #82576. (#82578) Thanks @njuboy11.

Agents/OpenAI Responses: log redacted diagnostics for detail-less response.failed events while preserving failed response ids, so operators can correlate provider-side failures. Fixes #82558.

Agents/auth: redact OAuth refresh failure causes against in-memory, attempted, and reloaded credentials before generic token masking while ensuring failed ACP dispatch cleanup closes initialized runtimes.

Telegram: cache successful startup bot identity by account and token fingerprint for up to 24 hours, so restarts can skip redundant getMe probes during Telegram API slow periods without permanently pinning renamed bots. Refs #82525.

Gateway/sessions: discard stale metadata when recreating dead main session rows, so replacement sessions do not inherit old labels or transcript paths.

Codex app-server: mark native context compaction completion events as successful, preventing false "Compaction incomplete" notices after successful Codex-managed compaction. Fixes #82470. (#81593) Thanks @Kyzcreig.

Codex app-server: keep long-running turns alive while current-turn approvals, user input, dynamic tools, and notifications make progress, and carry that progress into the outer run timeout. (#82601) Thanks @100yenadmin.

Gateway/channels: hand off traced channel account startup outside the startup diagnostic phase so long-lived channel tasks do not keep liveness warnings pinned to channel startup. Refs #82398.

Gateway/restart: queue restart and shutdown signals received while the gateway startup loop is still returning its server handle, so startup-time restarts are not dropped during update churn. (#82660) Thanks @samzong.

GitHub Copilot: route device-login requests through the plugin SSRF guard with a GitHub-only policy.

Group/channel replies: keep message-tool-preferred final replies private when the agent misses the message tool, and log suppressed payload metadata in the gateway debug log for quieter diagnosis.

Gateway/WebChat: route image attachments through a configured vision-capable imageModel plan before inlining images, and carry that image-model fallback chain through runtime retries. (#82524) Thanks @frankekn.

WebChat: show progress while manual /compact is running by streaming a session operation event to subscribed Control UI clients. Fixes #82407. Thanks @Conan-Scott.

Codex app-server: limit canonical OpenAI Codex app-server attribution rewrites to local transcript and trajectory records, leaving runtime/tool routing on the selected OpenAI model metadata so OpenAI API-key backup profiles keep their billing path.

Codex app-server: hide native tool-search control tools from dynamic tool exposure while preserving the message tool.

Android/chat: make bare and markdown URLs in chat messages tappable by preserving Compose URL annotations in rendered markdown. Fixes #82187. (#82392) Thanks @neeravmakwana.

Plugins/doctor: migrate legacy top-level plugin tools declarations into contracts.tools, so openclaw doctor --fix repairs local plugins for the manifest tool contract. (#81112) Thanks @100yenadmin.

Slack: guide agents to use stable <@USER_ID> mention tokens from context instead of plain @name text, so user mentions link and notify correctly. Fixes #82090. (#82152) Thanks @neeravmakwana.

Auth: serialize provider login writes through the auth-profile lock for OpenAI Codex, Anthropic, Cloudflare AI Gateway, GitHub Copilot, and z.ai, preserving upsert semantics so a live Gateway cannot overwrite freshly refreshed OAuth credentials with an expired in-memory snapshot.

Slack: keep DM thread replies on the main direct-message session instead of routing them to invisible thread-scoped sessions. Refs #82390. (#82418) Thanks @kagura-agent.

Auth/macOS: avoid creating the OAuth profile master key in Keychain automatically, falling back to the file-backed secret key so headless agents do not trigger a Keychain prompt.

Codex app-server: release raw assistant completions when turn/completed is missing while keeping commentary/status items as progress, preventing completed Codex runs from hanging until timeout. Fixes #82343. (#82403) Thanks @IWhatsskill.

Agents/sessions: remove the transient *.bak-<pid>-<ts> backup written by repairSessionFileIfNeeded once the atomic replace succeeds, so a stuck session with a persistently malformed JSONL line no longer accumulates one snapshot per repair invocation. Fixes #80960. (#80969) Thanks @100yenadmin. Co-authored by @tynamite.

CLI/status: show plain empty-state messages instead of empty Channels and Sessions tables when no channels or sessions exist.

CLI/dashboard: probe Gateway readiness before handing out the dashboard URL, prompting to start or install the managed service when the Gateway is stopped and printing recovery commands instead of opening a dead browser tab.

CLI/dashboard: treat Gateway device identity required probes as proof that the dashboard listener is reachable, so openclaw dashboard can still open the Control UI.

CLI: hide decorative startup and status emoji on terminals that are unlikely to render them correctly, keeping semantic message and identity emoji intact.

CLI/gateway: recover the Linux user systemd bus environment when openclaw dashboard starts the Gateway from stripped desktop shells such as VNC terminals.

Gateway/WebSocket: log expected startup 1013 gateway starting retry closes at debug instead of warn while preserving WARN for unexpected pre-connect failures. Fixes #76361. (#82457) Thanks @IWhatsskill.

Providers/Xiaomi: strip synthetic empty array items from MiMo tool schemas while preserving typed array items, avoiding strict OpenAI-compatible schema rejection.

Telegram: send the transcript-backed full final answer after progress-mode tool drafts when the dispatcher final payload is an ellipsis-truncated snapshot. Fixes #82409. Thanks @PashaGanson.

Providers/Ollama: omit truthy native think payloads for models marked non-reasoning while preserving supported thinking models and explicit think: false. (#82445) Thanks @leno23.

Update/channels: preserve pre-update channel config through package-swap doctor and post-core plugin repair so externalized channel upgrades do not drop configured chat channels. Fixes #82533. Thanks @imbaig.

CLI/context engines: bootstrap and finalize non-legacy context engines for CLI turns while preserving transcript snapshots and deferred maintenance ownership. (#81869) Thanks @sahilsatralkar.

Telegram: persist polling updates through restart replay so queued same-topic messages resume in order instead of losing context after a gateway restart. (#82256) Thanks @VACInc.

Gateway/Gmail: abort in-flight Gmail watcher startup and hot-reload restarts before shutdown so reloads cannot spawn gog serve after the Gateway is closing. Thanks @frankekn.

Agents/Codex: fall back to the embedded PI runner when OpenAI's implicit Codex harness preference cannot find a registered Codex plugin, preventing OpenAI-compatible gateway requests from failing with an unregistered harness error. Fixes #82437.

Agents/OpenAI: honor openai-codex:* entries placed ahead of API-key backups in auth.order.openai for explicit OpenAI PI runs, and accept models auth login --provider openai-codex --device-code for headless sign-in. Fixes #82521. (#82605)

CLI/channels: install missing externalized same-id channel plugins during channels add --channel <id>, so recovery for WhatsApp and other externalized stock channels does not require a separate plugins enable step. Fixes #82533.

MCP plugin tools: forward host MCP tools/call AbortSignal through createPluginToolsMcpHandlers().callTool into plugin tool.execute, so host cancellation actually cancels in-flight plugin tool calls instead of letting them run to completion. Fixes #82424. (#82443) Thanks @joshavant.

Plugins: accept deprecated api.on("deactivate") registrations as a dated compatibility alias for gateway_stop, so external plugin cleanup handlers run on Gateway shutdown while authors get migration guidance.

Media: ignore image MIME and filename hints when bytes sniff as generic containers, so zip/octet-stream payloads mislabeled as images do not become local image media or keep image file extensions when staged.

Update/doctor: avoid materializing groupAllowFrom for channel schemas that reject it, so package-swap doctor repairs do not fail on externalized Slack configs.

Gateway/media: prevent image filenames from overriding generic non-image byte sniffing, so zip/octet-stream payloads mislabeled as images are offloaded or rejected before they become inline image attachments.

Plugins/web search: downgrade stale optional provider installs to warnings so Gateway and doctor repair paths keep running after startup provider selection. Refs #82313. Thanks @crackmac.

Telegram/Gateway: route targeted Telegram /stop@bot messages onto the control lane without cached bot metadata and match gateway stop requests across raw/canonical session aliases. (#82298) Thanks @VACInc.

MS Teams/media: sniff inline data:image/* attachment bytes before staging them, skipping payloads that are not actually images.

WebChat/media: require trusted local-media provenance before preserving local audio reply paths for display, so untrusted audio-looking paths go through normal staging and read-policy checks.

Agents/tool media: preserve trusted local-media provenance when merging generated tool attachments into final reply payloads, so trusted audio/media survives outbound display normalization.

Anthropic/Claude CLI: write model-scoped claude-cli runtime policy when reusing local Claude CLI auth, so upgraded Telegram and Dashboard gateway turns keep using the CLI backend instead of falling through to Anthropic API billing. Fixes #82344. Thanks @amknight.

Update: let package-swap doctor --fix persist core config repairs while plugin schemas are still converging, preventing update failures on externalized channel configs.

Update: carry plugin-validation bypasses into config mutation pre-write reads, so package update doctor repairs can finish while externalized plugin schemas are converging.

Update/doctor: keep plugin-validation bypasses on the top-level $include config write path, so package repair can update included plugin config files without flattening them into the root config.

Agents/subagents: warn and continue completion announce cleanup when lifecycle cleanup fails, preventing ended subagent runs from becoming silent ghosts. Fixes #82306. Thanks @SebTardif.

Telegram: let authorized text /stop commands use the fast-abort path before queued agent work, so active turns stop immediately instead of processing the abort after the turn finishes; foreign-bot /stop@otherbot mentions now stay on the regular topic lane instead of being routed into our control lane. Fixes #82162. Thanks @civiltox.

Sessions: drop persisted entries with invalid session ids and strip malformed transcript file metadata before hydrating session runtime state.

Auth/device: normalize malformed persisted device-auth token metadata before returning or preserving token entries.

Pairing: skip malformed persisted pending pairing requests before approving valid channel pairing codes.

Commitments: strip malformed optional reminder scope metadata from persisted commitments before matching pending follow-ups.

Config persistence: normalize malformed auth profile credential fields/state, skip JSON-valid garbage transcript checkpoint rows, and let openclaw doctor --fix remove unrepairable cron job rows.

Cron: skip persisted job rows with malformed schedule or payload shapes in memory, leaving the store for openclaw doctor --fix instead of hydrating them into runtime state.

Cron: keep legacy string schedules and blank system-event jobs available for runtime repair/skip handling instead of dropping them as malformed persisted rows.

Cron: reject empty scheduled main/isolated payloads before persisting jobs, keeping runtime stores compatible with malformed-row hardening.

Task persistence: drop malformed array/scalar requester-origin JSON from task and task-flow SQLite sidecars instead of restoring it as delivery metadata.

Agents/timeouts: clarify model idle-timeout errors and docs so provider timeoutSeconds is shown as bounded by the whole agent/run timeout ceiling.

Agents/OpenAI streams: yield cooperatively while processing bursty Completions and Responses chunks, keeping aborts, channel liveness timers, and startup heartbeats responsive under noisy model output. Refs #82462.

Release tooling: align the published launcher Node floor, npm start, package script checks, sharded lint locking, Vitest root project coverage, and plugin-SDK declaration build cache metadata so release/package validation does not silently skip or ship stale surfaces.

Cron/agents: honor configured subagent model fallbacks for isolated scheduled runs and forward that fallback policy into embedded agent timeout failover. Fixes #74985. Thanks @chrisgwynne.

Codex app-server/MCP: scope user MCP servers to specific OpenClaw agent ids through an optional mcp.servers.<name>.codex.agents list and accept codex.defaultToolsApprovalMode (auto/prompt/approve) for native Codex approval defaults; OpenClaw strips the codex block before handing mcp_servers config to Codex. (#82180) Thanks @sercada.

Agents/OpenAI Responses: clamp input_tokens - cached_tokens at zero and reconstruct totalTokens from input + output + cached components so Responses-API streams report consistent usage when providers under-report input_tokens relative to cached_tokens.

Agents: mark adapter-caught tool execution failures as error tool results in embedded Pi sessions, so models can retry recoverable edit failures instead of seeing a successful tool result. Fixes #81546. (#81564) Thanks @najef1979-code and @MonkeyLeeT.

Plugins: reject malformed package.json openclaw.extensions metadata during install, discovery, and post-update payload smoke instead of silently dropping invalid entries.

Plugins: reject package metadata records whose package.json resolves outside the plugin root instead of trusting persisted or reconstructed registry snapshots.

Plugins: ignore malformed persisted package channel/install metadata instead of crashing catalog reconstruction or leaking invalid install hints.

Plugin releases: reject package files negations that would omit advertised package-local runtime entries from npm plugin tarballs.

Media/files: sniff input_file bytes before trusting declared MIME headers, rejecting spoofed image or zip payloads before they become agent-visible text.

Plugins/dependencies: scrub stale managed-root openclaw ownership metadata without deleting a linked active host package, preventing plugin installs from downgrading npm-global hosts. Fixes #79462. Thanks @lisandromachado.

Gateway/update: keep shutdown hook-runner imports on a stable dist entry and ship a legacy chunk alias so package swaps do not strand running gateways on missing shutdown chunks. Fixes #81819. Thanks @najef1979-code.

Config persistence: ignore malformed array/scalar auth profile, cron job state, and session store entries instead of hydrating them into numeric profile ids, crashed cron rows, or invalid session records.

Config persistence: strip malformed pending final-delivery session fields on load so replay/recovery paths skip poisoned reply metadata instead of crashing on raw objects.

Config persistence: strip malformed plugin extension state and promoted session-slot ownership on load so corrupted session rows do not leak poisoned plugin metadata into replay/projection paths.

Gateway/sessions: ignore malformed compaction checkpoint rows during session projection so corrupted stores do not crash session list/describe responses or show bogus checkpoint counts.

Gateway/sessions: keep reachable transcript history when imported tree transcripts reference missing or legacy parent rows, preventing session history reads from going empty after a partial import.

Trajectory export: report incomplete transcript parent chains and stop cyclic branch walks so malformed imports cannot hang /export-trajectory.

Session replay: skip malformed user/assistant-shaped transcript rows during silent session resets instead of copying invalid entries into the fresh transcript.

Backup verify: report malformed archive manifests with a stable error instead of leaking raw JSON parser details.

Session export: report skipped malformed transcript JSONL rows instead of silently omitting them from exported HTML archives.

Providers: reject malformed successful Runway, BytePlus, and Ollama embedding responses with provider-owned errors instead of raw parser/type failures, silent bad vectors, or long bogus polling.

Providers/images: reject malformed successful OpenAI-compatible, OpenAI, Google, fal, and OpenRouter image responses with provider-owned errors instead of raw shape failures, silent invalid base64 skips, or empty image results.

Providers/videos: reject malformed successful xAI, OpenRouter, and fal video create, poll, and result responses with provider-owned errors instead of raw parser failures or long bogus polling.

Providers/videos: let selected-model capability overlays clear inherited providerOptions, so fallback skips models that explicitly accept no provider-specific options instead of forwarding unsupported knobs.

TTS/providers: honor preferred provider aliases when routing model override directives, so alias-selected speech providers receive unqualified [[tts:*]] overrides.

Providers/audio: reject malformed successful OpenAI-compatible, ElevenLabs, and Deepgram speech responses with provider-owned errors instead of raw parser failures, wrong-shaped transcripts, or JSON/text bodies treated as audio.

Providers/embeddings: reject malformed successful OpenAI-compatible, Google Gemini, and Amazon Bedrock embedding responses instead of silently returning empty or coerced vectors.

Providers/catalogs: reject malformed successful LM Studio, GitHub Copilot, DeepInfra, Vercel AI Gateway, and Kilocode model-list responses with provider-owned errors instead of raw parser/type failures or silent fallback catalogs.

Providers/polling: reject array, null, or scalar successful operation status responses with provider-owned malformed JSON errors instead of waiting until timeout.

ACPX/Codex: reap plugin-local Codex ACP adapter orphans on startup after wrapper crashes while keeping direct adapter commands out of launch-lease injection. Fixes #82364. (#82459) Thanks @joshavant.

Telegram: send presentation-only payloads by rendering fallback text and inline buttons instead of treating them as empty. Fixes #82404. (#82449) Thanks @joshavant.

Providers/Kimi: preserve Kimi Coding reasoning_content replay and backfill assistant tool-call placeholders when thinking is enabled, so kimi-for-coding follow-up tool turns no longer fail after prior tool use. Fixes #82161. Thanks @amknight.

Providers/search tools: reject malformed successful xAI, Gemini, and Kimi web/code search responses with provider-owned errors instead of silent No response payloads or ungrounded fallback state.

Trajectory export: skip and report malformed session/runtime JSONL rows in manifest.json instead of letting wrong-shaped session rows crash support bundle export.

Voice calls: persist rejected inbound-call replay keys so duplicate carrier webhook retries stay ignored after a Gateway restart.

Config/doctor: copy fallback-enabled channel allowFrom entries into explicit groupAllowFrom allowlists during openclaw doctor --fix, preserving current group access without adding runtime fallback-transition flags.

Config/doctor: replace source-only official Brave and Slack plugin installs from trusted catalog metadata during openclaw doctor --fix, unblocking externalized stock plugin recovery after upgrade. (#82425) Thanks @joshavant.

Config/memory: warn instead of rejecting configs that select the official external memory-lancedb slot before the plugin is installed, with an explicit no-persistent-memory startup warning and install hint. Fixes #82428. (#82438) Thanks @giodl73-repo.

Agents/bootstrap: ignore stale completed root BOOTSTRAP.md context after workspace setup cleanup fails, preventing channel agent turns from treating it as a directory. (#82463) Thanks @joshavant.

Update/doctor: re-enable the Codex plugin during openclaw doctor --fix when configured OpenAI agent models require the Codex runtime, preventing upgraded configs from failing with an unregistered Codex harness. Fixes #82368. (#82502) Thanks @joshavant.

Configure: show one OpenAI provider entry with ChatGPT/Codex sign-in and API key choices, and keep browsed Codex models in the saved /model picker allowlist.

Agents/model fallback: preserve auto fallback chains across deferred config reloads when session fallback provenance survives but modelOverrideSource is missing. Fixes #81982. Thanks @joshavant.

Hooks: raise bounded gateway lifecycle hook wait budgets to 5 seconds for shutdown and 10 seconds for pre-restart, giving short restart notification handlers time to finish before shutdown continues. (#82273) Thanks @bryanbaer.

Plugin releases: require external package compatibility metadata in the npm plugin publish plan, matching the ClawHub package contract before packages ship.

Agents/OpenAI-compatible: honor per-model max_completion_tokens/max_tokens params in embedded OpenAI-completions runs so high-token Kimi-style routes keep their configured completion cap. Fixes #82230. Thanks @albert-zen.

Agents/local: install a local gateway request scope around trusted openclaw agent --local runs, so subagent completion announces can use in-process gateway dispatch without crashing. Fixes #82140. Thanks @Kushmaro.

Cron: keep failed isolated-agent runs from marking successful result delivery when only the failure notification was delivered. Fixes #72985. Thanks @Allenbluff.

Discord: validate message-read results before normalizing channel history and report unexpected payloads with a Discord boundary error instead of map is not a function. Fixes #82252. Thanks @jessewunderlich.

Agents/runtime: apply agents.defaults.models["provider/*"].agentRuntime as provider-wide model runtime policy while preserving exact model runtime precedence. Fixes #82243. Thanks @rendrag-git.

Model picker: show the effective Codex runtime first for official OpenAI routes while keeping Pi available as an alternate and preserving Pi-first custom OpenAI-compatible providers. Fixes #82269. Thanks @rendrag-git.

Agents/auto-reply: restrict NO_REPLY prompt guidance to automatic group/channel replies, remove legacy silent-reply rewrites, and suppress accidental direct-chat silent tokens instead of delivering fallback text. Fixes #82254. Thanks @absol89.

Telegram: retain a longer partial-stream preview when a final callback only carries an ellipsis-truncated snapshot, preventing the visible answer and transcript mirror from being replaced by the short preview. Fixes #82239. Thanks @crash2kx.

Telegram/active-memory: run blocking memory recall through the Telegram provider for direct-message turns even when the hook context carries the raw chat id, preventing embedded recall from launching against an invalid numeric channel. Fixes #82177. Thanks @cslash-zz.

Control UI/WebChat: keep optimistic image messages from embedding large inline data: previews and preserve image-only user turns in chat history, avoiding browser stack overflows when sending image attachments. Fixes #82182. Thanks @ExploreSheep.

Agents/media: preserve message-tool-only delivery for generated music and video completion handoffs, so group/channel completions do not finish without posting the generated attachment.

Telegram: drain queued outbound deliveries after polling reconnect confirms fresh getUpdates activity, so stale-socket and network recovery do not leave failed replies stranded. Fixes #50040. Refs #82175. Thanks @dmitriiforpost-commits and @shellyrocklobster.

Gateway/model auth: abort active provider runs when saved auth is removed through the Gateway control plane, refresh live runtime auth snapshots, and surface stopReason: "auth-revoked" to clients. Fixes #81987. (#82346) Thanks @joshavant.

Codex app-server: keep the raw tool-output idle watchdog armed after custom_tool_call_output notifications, so post-tool stream silence fails fast instead of waiting for the terminal idle timeout. Fixes #82274. (#82378) Thanks @joshavant.

Codex app-server: enforce OpenClaw before_tool_call policy for Codex-native app-server shell and approval paths, preventing native tool execution from bypassing plugin policy. Fixes #82372. (#82496) Thanks @joshavant.

Telegram: mark isolated polling ingress unhealthy when a spooled inbound backlog stalls while Bot API polling still succeeds, so gateway/channel health no longer stays green after Telegram DM processing wedges. Fixes #82175. Thanks @shellyrocklobster.

Telegram: drop expired approval callbacks from isolated polling after approval id expiry so stale inline-button updates do not retry forever across restarts. Fixes #82347. (#82455) Thanks @joshavant.

Agents: strip Gemini/Gemma <final> tags with attributes or self-closing syntax from delivered replies, including strict final-tag streaming enforcement. Fixes #65867. Thanks @grizdum.

macOS/update: disarm legacy ai.openclaw.update.* LaunchAgents when openclaw update starts from one, preventing KeepAlive relaunch loops that repeatedly restart the Gateway and replay update continuations. Fixes #82167. Thanks @DougButdorf.

Agents/replay: strip internal runtime-context metadata and NO_REPLY sentinels from provider replay and pending final-delivery recovery so restart and heartbeat resumes do not feed control text back to the model. Fixes #76629. Thanks @fuyizheng3120, @bryan-chx, and @cael-dandelion-cult.

Agents/replay: skip malformed transcript tail rows when deduping embedded assistant gap-fill, preventing truncated JSONL from duplicating the final assistant reply during replay recovery.

LINE: acknowledge signed webhook events before agent processing so slow model replies do not cause LINE request_timeout delivery failures. Fixes #65375. Thanks @myericho.

LINE: stop cron recovery from inferring lowercased LINE recipients from canonical session keys, so long-running task replies do not silently retry undeliverable push targets. Fixes #81628. (#81704) Thanks @edenfunf.

TTS: preserve channel-derived voice-note delivery for /tts audio replies even when the provider output is not natively voice-compatible. (#82174) Thanks @xuruiray.

Codex app-server: preserve inbound sender metadata and source-channel provenance on mirrored user prompts, including failure snapshots, so channel history keeps the original sender identity. (#82184) Thanks @zknicker.

Codex app-server: yield projector work to the event loop between embedded-run notifications while preserving pre-turn rate-limit capture, reducing gateway stalls from account and MCP status notifications. Fixes #81936. (#82333) Thanks @joshavant.

Plugins/web search: start the configured web_search provider plugin during gateway startup, including auto-enabled external providers behind allowlists. Fixes #82313. (#82376) Thanks @joshavant.

Codex account/status: treat metadata-only rate-limit buckets as returned but empty so /codex status and /codex account report none returned instead of counting phantom limits.

Codex/Lossless: keep Codex explicit compaction on native app-server threads while allowing Lossless through the context-engine slot; openclaw doctor --fix now migrates legacy compaction.provider: "lossless-claw" config to plugins.slots.contextEngine.

Cron/doctor: report scheduled jobs with explicit payload.model overrides, including provider namespace counts and default-model mismatches, so stale cron model pins are visible during auth or billing investigations. Fixes #82151. Thanks @mgonto.

Codex app-server: keep the short turn-completion idle watchdog armed after the last non-assistant current-turn item completes, so a quiet Codex app-server releases the OpenClaw session lane before the outer attempt timeout. Fixes #82171. (#82172) Thanks @funmerlin.

Providers/OpenRouter: stop adding empty DeepSeek V4 reasoning_content placeholders to assistant tool-call replay messages and strip empty replay artifacts before follow-up Chat Completions requests, so openrouter/deepseek/deepseek-v4-pro no longer fails after tool use. Fixes #82150. (#82158) Thanks @luyao618 and @Suquir0.

OpenAI-compatible providers: honor streaming-usage compatibility metadata when deciding whether to send stream_options.include_usage, while keeping bundled Volcengine routes opted in to Ark streaming usage. Refs #44845. (#82181) Thanks @xuruiray.

Gateway/approvals: treat turnSourceTo as optional in canBridgeNoDeviceChatApprovalFromBackend, matching the existing optional handling of turnSourceAccountId and turnSourceThreadId. Channels without a recipient concept (webchat, control-ui) leave turnSourceTo null on both the approval snapshot and the replay params, so the prior required-string check rejected every backend replay with APPROVAL_CLIENT_MISMATCH. Cross-channel replay is still gated by the required turnSourceChannel and sessionKey checks. Fixes #82132. (#82136) Thanks @ottodeng.

OC Path: add openclaw path set --dry-run --diff so addressed edits can be reviewed as a unified diff before writing.

Cron: load runtime plugins before isolated cron model and delivery resolution so external channels can be selected for scheduled runs. (#82111) Thanks @medns.

Cron: mirror successful direct scheduled deliveries into the resolved destination session transcript while preserving isolated-delivery awareness policy. (#80786) Thanks @cavit99.

Cron: preserve rotated transcript identity after session-bound scheduled runs compact, so sessionTarget: "current" keeps the next user message on the same conversation. Fixes #82164. Thanks @weissfl.

Twitch: keep gateway accounts running until shutdown instead of treating successful monitor startup as a clean channel exit, preventing immediate auto-restart loops. Fixes #60071. (#81853) Thanks @edenfunf.

Agents/auto-reply: honor agents.defaults.silentReply and per-surface group silent-reply policy when generic agent-run failure fallbacks decide whether to send visible fallback text. Fixes #82060. (#82086) Thanks @taozengabc.

Discord: render channel topic context as structured untrusted metadata in reply prompts and stop duplicating inbound message bodies or exposing raw EXTERNAL_UNTRUSTED_CONTENT envelopes. Fixes #82168. Thanks @ronan-dandelion-cult.

Codex app-server: arm the short idle watchdog as soon as Codex accepts a turn, so accepted turns with no current-turn progress release the OpenClaw session lane before the outer model timeout. Fixes #82129. Thanks @Francois3d.

Agents/replies: also strip <function_response> workflow output when it becomes visible after an adjacent stripped tool-call XML block, closing the remaining sanitizer leak from #47444. Thanks @5toCode.

Control UI/WebChat: focus the composer when users click the visible input chrome and restore larger, labeled desktop composer controls while preserving compact mobile taps. Fixes #45656. Thanks @BunsDev.

Discord: suppress generated link embeds on outbound messages by default so agent-sent URLs stay as plain links unless channels.discord.suppressEmbeds is disabled.

System events: keep owner downgrades in structured metadata while rendering queued prompt text as plain System: lines, preserving least-privilege wakeups without prompt-visible trust labels. (#82067)

Gateway/agents: abort active embedded runs when diagnostics detect a stale native tool call, preventing nested agent sessions from staying deadlocked through restart recovery. Fixes #81976. (#82369) Thanks @joshavant.

Slack: default outbound bot link unfurls off so agent-sent URLs no longer expand into inline previews unless channels.slack.unfurlLinks is enabled. (#82123) Thanks @kibi-bsp.

Slack: keep finalized draft-preview replies visible when a later same-turn tool warning is delivered normally instead of clearing the edited answer. Fixes #81903. (#81979) Thanks @neeravmakwana.

Providers/Xiaomi: preserve MiMo reasoning_content on multi-turn tool-call replay, including custom Xiaomi-compatible proxy routes, so follow-up turns no longer fail with 400 Param Incorrect. Fixes #81419. (#81589) Thanks @lovelefeng-glitch and @jimdawdy-hub.

Slack/plugins: route plugin-owned modal view_submission and view_closed events through Slack interactive handlers before compacting the agent-visible system event, so plugins can persist full submitted form state while the transcript stays compact. Fixes #82102. Thanks @shannon0430.

Providers/Xiaomi: promote legacy MiMo V2 reasoning-only final answers to visible text, including Xiaomi-compatible proxy routes, so mimo-v2-pro and mimo-v2-omni replies no longer appear blank when the answer arrives in reasoning_content. Fixes #60261. (#60304) Thanks @HiddenPuppy.

Providers: preserve required reasoning_content replay for Kimi K2.6/K2 thinking and MiMo V2.6 OpenAI-compatible tool-call follow-up turns while keeping the stock OpenAI/Qwen strip path intact. Fixes #82139. Thanks @yimao.

Memory search: stop using chokidar write-stability polling for memory and QMD watchers so large Markdown extraPath trees no longer build up regular file descriptors; changed files now settle through the existing debounced sync queue. Fixes #77327 and #78224. (#81802) Thanks @frankekn, @loyur, and @JanPlessow.

Message tool: rename the Discord channel-create schema field exposed to models from type to channelType, avoiding NVIDIA NIM JSON Schema parser failures while still accepting legacy type tool calls. (#78920) Thanks @YashSaliya.

Feishu: send CardKit streaming cards as delivered deltas and retry failed updates, preventing duplicated or dropped streamed text. Fixes #82417. (#82419) Thanks @hclsys.

Gateway/Gmail: stop queued post-ready Gmail sidecars before hot reload and abort stale Tailscale setup, so cancelled watcher restarts cannot rewrite an old public hook target or report abort-killed commands as success. (#82395) Thanks @samzong.

Original source

Changes

Providers/xAI: add xAI Grok OAuth login for SuperGrok subscribers, letting xai/* models and xAI media/tool providers authenticate without XAI_API_KEY.

CLI/cron: add openclaw cron run --wait with timeout and poll interval controls, plus exact cron.runs --run-id filtering so automation can block on one queued manual run. (#81929) Thanks @ificator.

Maintainer tooling: route Crabbox skill defaults through the repo brokered AWS config, leaving Blacksmith Testbox as an explicit opt-in instead of the broad-proof default.

CLI/onboarding: localize the setup wizard and bundled channel setup flows for English, Simplified Chinese, and Traditional Chinese. (#80645) Thanks @GaosCode.

Agents/skills: cache hydrated resolvedSkills across warm gateway turns while keying reuse by the redacted effective config, reducing redundant skill snapshot rebuilds without crossing config-gated skill boundaries. (#81451) Thanks @solodmd.

Telegram/group chat: add opt-in messages.groupChat.ambientTurns: "room_event" handling so always-on ambient chatter can run as quiet room context and speak visibly only via the message tool. (#81317) Thanks @obviyus.

Codex/context engines: bind thread-bootstrap projection epochs to Codex app-server threads, carry redacted tool-result context into fresh threads, and rotate backend threads when projection state changes. (#82351) Thanks @jalehman.

Fixes

Telegram: persist polling updates through restart replay so queued same-topic messages resume in order instead of losing context after a gateway restart. (#82256) Thanks @VACInc.

Gateway/Gmail: abort in-flight Gmail watcher startup and hot-reload restarts before shutdown so reloads cannot spawn gog serve after the Gateway is closing. Thanks @frankekn.

MCP plugin tools: forward host MCP tools/call AbortSignal through createPluginToolsMcpHandlers().callTool into plugin tool.execute, so host cancellation actually cancels in-flight plugin tool calls instead of letting them run to completion. Fixes #82424. (#82443) Thanks @joshavant.

Media: ignore image MIME and filename hints when bytes sniff as generic containers, so zip/octet-stream payloads mislabeled as images do not become local image media or keep image file extensions when staged.

Update/doctor: avoid materializing groupAllowFrom for channel schemas that reject it, so package-swap doctor repairs do not fail on externalized Slack configs.

Gateway/media: prevent image filenames from overriding generic non-image byte sniffing, so zip/octet-stream payloads mislabeled as images are offloaded or rejected before they become inline image attachments.

Plugins/web search: downgrade stale optional provider installs to warnings so Gateway and doctor repair paths keep running after startup provider selection. Refs #82313. Thanks @crackmac.

Telegram/Gateway: route targeted Telegram /stop@bot messages onto the control lane without cached bot metadata and match gateway stop requests across raw/canonical session aliases. (#82298) Thanks @VACInc.

MS Teams/media: sniff inline data:image/* attachment bytes before staging them, skipping payloads that are not actually images.

Update: let package-swap doctor --fix persist core config repairs while plugin schemas are still converging, preventing update failures on externalized channel configs.

Update: carry plugin-validation bypasses into config mutation pre-write reads, so package update doctor repairs can finish while externalized plugin schemas are converging.

Update/doctor: keep plugin-validation bypasses on the top-level $include config write path, so package repair can update included plugin config files without flattening them into the root config.

Agents/subagents: warn and continue completion announce cleanup when lifecycle cleanup fails, preventing ended subagent runs from becoming silent ghosts. Fixes #82306. Thanks @SebTardif.

Telegram: let authorized text /stop commands use the fast-abort path before queued agent work, so active turns stop immediately instead of processing the abort after the turn finishes; foreign-bot /stop@otherbot mentions now stay on the regular topic lane instead of being routed into our control lane. Fixes #82162. Thanks @civiltox.

Sessions: drop persisted entries with invalid session ids and strip malformed transcript file metadata before hydrating session runtime state.

Auth/device: normalize malformed persisted device-auth token metadata before returning or preserving token entries.

Pairing: skip malformed persisted pending pairing requests before approving valid channel pairing codes.

Commitments: strip malformed optional reminder scope metadata from persisted commitments before matching pending follow-ups.

Config persistence: normalize malformed auth profile credential fields/state, skip JSON-valid garbage transcript checkpoint rows, and let openclaw doctor --fix remove unrepairable cron job rows.

Cron: skip persisted job rows with malformed schedule or payload shapes in memory, leaving the store for openclaw doctor --fix instead of hydrating them into runtime state.

Cron: reject empty scheduled main/isolated payloads before persisting jobs, keeping runtime stores compatible with malformed-row hardening.

Task persistence: drop malformed array/scalar requester-origin JSON from task and task-flow SQLite sidecars instead of restoring it as delivery metadata.

Agents/timeouts: clarify model idle-timeout errors and docs so provider timeoutSeconds is shown as bounded by the whole agent/run timeout ceiling.

Release tooling: align the published launcher Node floor, npm start, package script checks, sharded lint locking, Vitest root project coverage, and plugin-SDK declaration build cache metadata so release/package validation does not silently skip or ship stale surfaces.

Cron/agents: honor configured subagent model fallbacks for isolated scheduled runs and forward that fallback policy into embedded agent timeout failover. Fixes #74985. Thanks @chrisgwynne.

Codex app-server/MCP: scope user MCP servers to specific OpenClaw agent ids through an optional mcp.servers.<name>.codex.agents list and accept codex.defaultToolsApprovalMode (auto/prompt/approve) for native Codex approval defaults; OpenClaw strips the codex block before handing mcp_servers config to Codex. (#82180) Thanks @sercada.

Agents/OpenAI Responses: clamp input_tokens - cached_tokens at zero and reconstruct totalTokens from input + output + cached components so Responses-API streams report consistent usage when providers under-report input_tokens relative to cached_tokens.

Agents: mark adapter-caught tool execution failures as error tool results in embedded Pi sessions, so models can retry recoverable edit failures instead of seeing a successful tool result. Fixes #81546. (#81564) Thanks @najef1979-code and @MonkeyLeeT.

Plugins: reject malformed package.json openclaw.extensions metadata during install, discovery, and post-update payload smoke instead of silently dropping invalid entries.

Plugins: reject package metadata records whose package.json resolves outside the plugin root instead of trusting persisted or reconstructed registry snapshots.

Plugins: ignore malformed persisted package channel/install metadata instead of crashing catalog reconstruction or leaking invalid install hints.

Plugin releases: reject package files negations that would omit advertised package-local runtime entries from npm plugin tarballs.

Media/files: sniff input_file bytes before trusting declared MIME headers, rejecting spoofed image or zip payloads before they become agent-visible text.

Plugins/dependencies: scrub stale managed-root openclaw ownership metadata without deleting a linked active host package, preventing plugin installs from downgrading npm-global hosts. Fixes #79462. Thanks @lisandromachado.

Gateway/update: keep shutdown hook-runner imports on a stable dist entry and ship a legacy chunk alias so package swaps do not strand running gateways on missing shutdown chunks. Fixes #81819. Thanks @najef1979-code.

Config persistence: ignore malformed array/scalar auth profile, cron job state, and session store entries instead of hydrating them into numeric profile ids, crashed cron rows, or invalid session records.

Config persistence: strip malformed pending final-delivery session fields on load so replay/recovery paths skip poisoned reply metadata instead of crashing on raw objects.

Config persistence: strip malformed plugin extension state and promoted session-slot ownership on load so corrupted session rows do not leak poisoned plugin metadata into replay/projection paths.

Gateway/sessions: ignore malformed compaction checkpoint rows during session projection so corrupted stores do not crash session list/describe responses or show bogus checkpoint counts.

Gateway/sessions: keep reachable transcript history when imported tree transcripts reference missing or legacy parent rows, preventing session history reads from going empty after a partial import.

Providers: reject malformed successful Runway, BytePlus, and Ollama embedding responses with provider-owned errors instead of raw parser/type failures, silent bad vectors, or long bogus polling.

Providers/images: reject malformed successful OpenAI-compatible, OpenAI, Google, fal, and OpenRouter image responses with provider-owned errors instead of raw shape failures, silent invalid base64 skips, or empty image results.

Providers/videos: reject malformed successful xAI, OpenRouter, and fal video create, poll, and result responses with provider-owned errors instead of raw parser failures or long bogus polling.

Providers/audio: reject malformed successful OpenAI-compatible, ElevenLabs, and Deepgram speech responses with provider-owned errors instead of raw parser failures, wrong-shaped transcripts, or JSON/text bodies treated as audio.

Providers/embeddings: reject malformed successful OpenAI-compatible, Google Gemini, and Amazon Bedrock embedding responses instead of silently returning empty or coerced vectors.

Providers/catalogs: reject malformed successful LM Studio, GitHub Copilot, DeepInfra, Vercel AI Gateway, and Kilocode model-list responses with provider-owned errors instead of raw parser/type failures or silent fallback catalogs.

Providers/polling: reject array, null, or scalar successful operation status responses with provider-owned malformed JSON errors instead of waiting until timeout.

ACPX/Codex: reap plugin-local Codex ACP adapter orphans on startup after wrapper crashes while keeping direct adapter commands out of launch-lease injection. Fixes #82364. (#82459) Thanks @joshavant.

Telegram: send presentation-only payloads by rendering fallback text and inline buttons instead of treating them as empty. Fixes #82404. (#82449) Thanks @joshavant.

Trajectory export: skip and report malformed session/runtime JSONL rows in manifest.json instead of letting wrong-shaped session rows crash support bundle export.

Voice calls: persist rejected inbound-call replay keys so duplicate carrier webhook retries stay ignored after a Gateway restart.

Config/doctor: copy fallback-enabled channel allowFrom entries into explicit groupAllowFrom allowlists during openclaw doctor --fix, preserving current group access without adding runtime fallback-transition flags.

Config/doctor: replace source-only official Brave and Slack plugin installs from trusted catalog metadata during openclaw doctor --fix, unblocking externalized stock plugin recovery after upgrade. (#82425) Thanks @joshavant.

Agents/bootstrap: ignore stale completed root BOOTSTRAP.md context after workspace setup cleanup fails, preventing channel agent turns from treating it as a directory. (#82463) Thanks @joshavant.

Update/doctor: re-enable the Codex plugin during openclaw doctor --fix when configured OpenAI agent models require the Codex runtime, preventing upgraded configs from failing with an unregistered Codex harness. Fixes #82368. (#82502) Thanks @joshavant.

Configure: show one OpenAI provider entry with ChatGPT/Codex sign-in and API key choices, and keep browsed Codex models in the saved /model picker allowlist.

Agents/model fallback: preserve auto fallback chains across deferred config reloads when session fallback provenance survives but modelOverrideSource is missing. Fixes #81982. Thanks @joshavant.

Hooks: raise bounded gateway lifecycle hook wait budgets to 5 seconds for shutdown and 10 seconds for pre-restart, giving short restart notification handlers time to finish before shutdown continues. (#82273) Thanks @bryanbaer.

Plugin releases: require external package compatibility metadata in the npm plugin publish plan, matching the ClawHub package contract before packages ship.

Agents/OpenAI-compatible: honor per-model max_completion_tokens/max_tokens params in embedded OpenAI-completions runs so high-token Kimi-style routes keep their configured completion cap. Fixes #82230. Thanks @albert-zen.

Agents/local: install a local gateway request scope around trusted openclaw agent --local runs, so subagent completion announces can use in-process gateway dispatch without crashing. Fixes #82140. Thanks @Kushmaro.

Cron: keep failed isolated-agent runs from marking successful result delivery when only the failure notification was delivered. Fixes #72985. Thanks @Allenbluff.

Discord: validate message-read results before normalizing channel history and report unexpected payloads with a Discord boundary error instead of map is not a function. Fixes #82252. Thanks @jessewunderlich.

Agents/runtime: apply agents.defaults.models["provider/*"].agentRuntime as provider-wide model runtime policy while preserving exact model runtime precedence. Fixes #82243. Thanks @rendrag-git.

Agents/auto-reply: restrict NO_REPLY prompt guidance to automatic group/channel replies, remove legacy silent-reply rewrites, and suppress accidental direct-chat silent tokens instead of delivering fallback text. Fixes #82254. Thanks @absol89.

Telegram: retain a longer partial-stream preview when a final callback only carries an ellipsis-truncated snapshot, preventing the visible answer and transcript mirror from being replaced by the short preview. Fixes #82239. Thanks @crash2kx.

Telegram/active-memory: run blocking memory recall through the Telegram provider for direct-message turns even when the hook context carries the raw chat id, preventing embedded recall from launching against an invalid numeric channel. Fixes #82177. Thanks @cslash-zz.

Control UI/WebChat: keep optimistic image messages from embedding large inline data: previews and preserve image-only user turns in chat history, avoiding browser stack overflows when sending image attachments. Fixes #82182. Thanks @ExploreSheep.

Agents/media: preserve message-tool-only delivery for generated music and video completion handoffs, so group/channel completions do not finish without posting the generated attachment.

Telegram: drain queued outbound deliveries after polling reconnect confirms fresh getUpdates activity, so stale-socket and network recovery do not leave failed replies stranded. Fixes #50040. Refs #82175. Thanks @dmitriiforpost-commits and @shellyrocklobster.

Gateway/model auth: abort active provider runs when saved auth is removed through the Gateway control plane, refresh live runtime auth snapshots, and surface stopReason: "auth-revoked" to clients. Fixes #81987. (#82346) Thanks @joshavant.

Codex app-server: keep the raw tool-output idle watchdog armed after custom_tool_call_output notifications, so post-tool stream silence fails fast instead of waiting for the terminal idle timeout. Fixes #82274. (#82378) Thanks @joshavant.

Codex app-server: enforce OpenClaw before_tool_call policy for Codex-native app-server shell and approval paths, preventing native tool execution from bypassing plugin policy. Fixes #82372. (#82496) Thanks @joshavant.

Telegram: mark isolated polling ingress unhealthy when a spooled inbound backlog stalls while Bot API polling still succeeds, so gateway/channel health no longer stays green after Telegram DM processing wedges. Fixes #82175. Thanks @shellyrocklobster.

Telegram: drop expired approval callbacks from isolated polling after approval id expiry so stale inline-button updates do not retry forever across restarts. Fixes #82347. (#82455) Thanks @joshavant.

Agents: strip Gemini/Gemma <final> tags with attributes or self-closing syntax from delivered replies, including strict final-tag streaming enforcement. Fixes #65867. Thanks @grizdum.

macOS/update: disarm legacy ai.openclaw.update.* LaunchAgents when openclaw update starts from one, preventing KeepAlive relaunch loops that repeatedly restart the Gateway and replay update continuations. Fixes #82167. Thanks @DougButdorf.

Agents/replay: strip internal runtime-context metadata and NO_REPLY sentinels from provider replay and pending final-delivery recovery so restart and heartbeat resumes do not feed control text back to the model. Fixes #76629. Thanks @fuyizheng3120, @bryan-chx, and @cael-dandelion-cult.

Agents/replay: skip malformed transcript tail rows when deduping embedded assistant gap-fill, preventing truncated JSONL from duplicating the final assistant reply during replay recovery.

LINE: acknowledge signed webhook events before agent processing so slow model replies do not cause LINE request_timeout delivery failures. Fixes #65375. Thanks @myericho.

LINE: stop cron recovery from inferring lowercased LINE recipients from canonical session keys, so long-running task replies do not silently retry undeliverable push targets. Fixes #81628. (#81704) Thanks @edenfunf.

TTS: preserve channel-derived voice-note delivery for /tts audio replies even when the provider output is not natively voice-compatible. (#82174) Thanks @xuruiray.

Codex app-server: preserve inbound sender metadata and source-channel provenance on mirrored user prompts, including failure snapshots, so channel history keeps the original sender identity. (#82184) Thanks @zknicker.

Codex app-server: yield projector work to the event loop between embedded-run notifications while preserving pre-turn rate-limit capture, reducing gateway stalls from account and MCP status notifications. Fixes #81936. (#82333) Thanks @joshavant.

Plugins/web search: start the configured web_search provider plugin during gateway startup, including auto-enabled external providers behind allowlists. Fixes #82313. (#82376) Thanks @joshavant.

Codex account/status: treat metadata-only rate-limit buckets as returned but empty so /codex status and /codex account report none returned instead of counting phantom limits.

Codex/Lossless: keep Codex explicit compaction on native app-server threads while allowing Lossless through the context-engine slot; openclaw doctor --fix now migrates legacy compaction.provider: "lossless-claw" config to plugins.slots.contextEngine.

Cron/doctor: report scheduled jobs with explicit payload.model overrides, including provider namespace counts and default-model mismatches, so stale cron model pins are visible during auth or billing investigations. Fixes #82151. Thanks @mgonto.

Codex app-server: keep the short turn-completion idle watchdog armed after the last non-assistant current-turn item completes, so a quiet Codex app-server releases the OpenClaw session lane before the outer attempt timeout. Fixes #82171. (#82172) Thanks @funmerlin.

Providers/OpenRouter: stop adding empty DeepSeek V4 reasoning_content placeholders to assistant tool-call replay messages and strip empty replay artifacts before follow-up Chat Completions requests, so openrouter/deepseek/deepseek-v4-pro no longer fails after tool use. Fixes #82150. (#82158) Thanks @luyao618 and @Suquir0.

OpenAI-compatible providers: honor streaming-usage compatibility metadata when deciding whether to send stream_options.include_usage, while keeping bundled Volcengine routes opted in to Ark streaming usage. Refs #44845. (#82181) Thanks @xuruiray.

Gateway/approvals: treat turnSourceTo as optional in canBridgeNoDeviceChatApprovalFromBackend, matching the existing optional handling of turnSourceAccountId and turnSourceThreadId. Channels without a recipient concept (webchat, control-ui) leave turnSourceTo null on both the approval snapshot and the replay params, so the prior required-string check rejected every backend replay with APPROVAL_CLIENT_MISMATCH. Cross-channel replay is still gated by the required turnSourceChannel and sessionKey checks. Fixes #82132. (#82136) Thanks @ottodeng.

OC Path: add openclaw path set --dry-run --diff so addressed edits can be reviewed as a unified diff before writing.

Cron: load runtime plugins before isolated cron model and delivery resolution so external channels can be selected for scheduled runs. (#82111) Thanks @medns.

Cron: mirror successful direct scheduled deliveries into the resolved destination session transcript while preserving isolated-delivery awareness policy. (#80786) Thanks @cavit99.

Cron: preserve rotated transcript identity after session-bound scheduled runs compact, so sessionTarget: "current" keeps the next user message on the same conversation. Fixes #82164. Thanks @weissfl.

Twitch: keep gateway accounts running until shutdown instead of treating successful monitor startup as a clean channel exit, preventing immediate auto-restart loops. Fixes #60071. (#81853) Thanks @edenfunf.

Agents/auto-reply: honor agents.defaults.silentReply and per-surface group silent-reply policy when generic agent-run failure fallbacks decide whether to send visible fallback text. Fixes #82060. (#82086) Thanks @taozengabc.

Discord: render channel topic context as structured untrusted metadata in reply prompts and stop duplicating inbound message bodies or exposing raw EXTERNAL_UNTRUSTED_CONTENT envelopes. Fixes #82168. Thanks @ronan-dandelion-cult.

Codex app-server: arm the short idle watchdog as soon as Codex accepts a turn, so accepted turns with no current-turn progress release the OpenClaw session lane before the outer model timeout. Fixes #82129. Thanks @Francois3d.

Agents/replies: also strip <function_response> workflow output when it becomes visible after an adjacent stripped tool-call XML block, closing the remaining sanitizer leak from #47444. Thanks @5toCode.

Control UI/WebChat: focus the composer when users click the visible input chrome and restore larger, labeled desktop composer controls while preserving compact mobile taps. Fixes #45656. Thanks @BunsDev.

Discord: suppress generated link embeds on outbound messages by default so agent-sent URLs stay as plain links unless channels.discord.suppressEmbeds is disabled.

System events: keep owner downgrades in structured metadata while rendering queued prompt text as plain System: lines, preserving least-privilege wakeups without prompt-visible trust labels. (#82067)

Gateway/agents: abort active embedded runs when diagnostics detect a stale native tool call, preventing nested agent sessions from staying deadlocked through restart recovery. Fixes #81976. (#82369) Thanks @joshavant.

Slack: default outbound bot link unfurls off so agent-sent URLs no longer expand into inline previews unless channels.slack.unfurlLinks is enabled. (#82123) Thanks @kibi-bsp.

Slack: keep finalized draft-preview replies visible when a later same-turn tool warning is delivered normally instead of clearing the edited answer. Fixes #81903. (#81979) Thanks @neeravmakwana.

Providers/Xiaomi: preserve MiMo reasoning_content on multi-turn tool-call replay, including custom Xiaomi-compatible proxy routes, so follow-up turns no longer fail with 400 Param Incorrect. Fixes #81419. (#81589) Thanks @lovelefeng-glitch and @jimdawdy-hub.

Slack/plugins: route plugin-owned modal view_submission and view_closed events through Slack interactive handlers before compacting the agent-visible system event, so plugins can persist full submitted form state while the transcript stays compact. Fixes #82102. Thanks @shannon0430.

Providers/Xiaomi: promote legacy MiMo V2 reasoning-only final answers to visible text, including Xiaomi-compatible proxy routes, so mimo-v2-pro and mimo-v2-omni replies no longer appear blank when the answer arrives in reasoning_content. Fixes #60261. (#60304) Thanks @HiddenPuppy.

Providers: preserve required reasoning_content replay for Kimi K2.6/K2 thinking and MiMo V2.6 OpenAI-compatible tool-call follow-up turns while keeping the stock OpenAI/Qwen strip path intact. Fixes #82139. Thanks @yimao.

Memory search: stop using chokidar write-stability polling for memory and QMD watchers so large Markdown extraPath trees no longer build up regular file descriptors; changed files now settle through the existing debounced sync queue. Fixes #77327 and #78224. (#81802) Thanks @frankekn, @loyur, and @JanPlessow.

Message tool: rename the Discord channel-create schema field exposed to models from type to channelType, avoiding NVIDIA NIM JSON Schema parser failures while still accepting legacy type tool calls. (#78920) Thanks @YashSaliya.

Feishu: send CardKit streaming cards as delivered deltas and retry failed updates, preventing duplicated or dropped streamed text. Fixes #82417. (#82419) Thanks @hclsys.

Gateway/Gmail: stop queued post-ready Gmail sidecars before hot reload and abort stale Tailscale setup, so cancelled watcher restarts cannot rewrite an old public hook target or report abort-killed commands as success. (#82395) Thanks @samzong.

Original source

Changes

Maintainer tooling: route Crabbox skill defaults through the repo brokered AWS config, leaving Blacksmith Testbox as an explicit opt-in instead of the broad-proof default.

CLI/onboarding: localize the setup wizard and bundled channel setup flows for English, Simplified Chinese, and Traditional Chinese. (#80645) Thanks @GaosCode.

Agents/skills: cache hydrated resolvedSkills across warm gateway turns while keying reuse by the redacted effective config, reducing redundant skill snapshot rebuilds without crossing config-gated skill boundaries. (#81451) Thanks @solodmd.

Telegram/group chat: add opt-in messages.groupChat.ambientTurns: "room_event" handling so always-on ambient chatter can run as quiet room context and speak visibly only via the message tool. (#81317) Thanks @obviyus.

Fixes

Release tooling: align the published launcher Node floor, npm start, package script checks, sharded lint locking, Vitest root project coverage, and plugin-SDK declaration build cache metadata so release/package validation does not silently skip or ship stale surfaces.

Cron/agents: honor configured subagent model fallbacks for isolated scheduled runs and forward that fallback policy into embedded agent timeout failover. Fixes #74985. Thanks @chrisgwynne.

Codex app-server/MCP: scope user MCP servers to specific OpenClaw agent ids through an optional mcp.servers.<name>.codex.agents list and accept codex.defaultToolsApprovalMode (auto/prompt/approve) for native Codex approval defaults; OpenClaw strips the codex block before handing mcp_servers config to Codex. (#82180) Thanks @sercada.

Agents/OpenAI Responses: clamp input_tokens - cached_tokens at zero and reconstruct totalTokens from input + output + cached components so Responses-API streams report consistent usage when providers under-report input_tokens relative to cached_tokens.

Plugins: reject malformed package.json openclaw.extensions metadata during install, discovery, and post-update payload smoke instead of silently dropping invalid entries.

Media/files: sniff input_file bytes before trusting declared MIME headers, rejecting spoofed image or zip payloads before they become agent-visible text.

Config persistence: ignore malformed array/scalar auth profile, cron job state, and session store entries instead of hydrating them into numeric profile ids, crashed cron rows, or invalid session records.

Providers: reject malformed successful Runway, BytePlus, and Ollama embedding responses with provider-owned errors instead of raw parser/type failures, silent bad vectors, or long bogus polling.

Trajectory export: skip and report malformed session/runtime JSONL rows in manifest.json instead of letting wrong-shaped session rows crash support bundle export.

Config/doctor: copy fallback-enabled channel allowFrom entries into explicit groupAllowFrom allowlists during openclaw doctor --fix, preserving current group access without adding runtime fallback-transition flags.

Hooks: raise bounded gateway lifecycle hook wait budgets to 5 seconds for shutdown and 10 seconds for pre-restart, giving short restart notification handlers time to finish before shutdown continues. (#82273) Thanks @bryanbaer.

Plugin releases: require external package compatibility metadata in the npm plugin publish plan, matching the ClawHub package contract before packages ship.

Agents/OpenAI-compatible: honor per-model max_completion_tokens/max_tokens params in embedded OpenAI-completions runs so high-token Kimi-style routes keep their configured completion cap. Fixes #82230. Thanks @albert-zen.

Agents/local: install a local gateway request scope around trusted openclaw agent --local runs, so subagent completion announces can use in-process gateway dispatch without crashing. Fixes #82140. Thanks @Kushmaro.

Cron: keep failed isolated-agent runs from marking successful result delivery when only the failure notification was delivered. Fixes #72985. Thanks @Allenbluff.

Discord: validate message-read results before normalizing channel history and report unexpected payloads with a Discord boundary error instead of map is not a function. Fixes #82252. Thanks @jessewunderlich.

Agents/runtime: apply agents.defaults.models["provider/*"].agentRuntime as provider-wide model runtime policy while preserving exact model runtime precedence. Fixes #82243. Thanks @rendrag-git.

Agents/auto-reply: restrict NO_REPLY prompt guidance to automatic group/channel replies, remove legacy silent-reply rewrites, and suppress accidental direct-chat silent tokens instead of delivering fallback text. Fixes #82254. Thanks @absol89.

Telegram: retain a longer partial-stream preview when a final callback only carries an ellipsis-truncated snapshot, preventing the visible answer and transcript mirror from being replaced by the short preview. Fixes #82239.

Telegram/active-memory: run blocking memory recall through the Telegram provider for direct-message turns even when the hook context carries the raw chat id, preventing embedded recall from launching against an invalid numeric channel. Fixes #82177. Thanks @cslash-zz.

Control UI/WebChat: keep optimistic image messages from embedding large inline data: previews and preserve image-only user turns in chat history, avoiding browser stack overflows when sending image attachments. Fixes #82182. Thanks @ExploreSheep.

Agents/media: preserve message-tool-only delivery for generated music and video completion handoffs, so group/channel completions do not finish without posting the generated attachment.

Telegram: drain queued outbound deliveries after polling reconnect confirms fresh getUpdates activity, so stale-socket and network recovery do not leave failed replies stranded. Fixes #50040. Refs #82175. Thanks @dmitriiforpost-commits and @shellyrocklobster.

Telegram: mark isolated polling ingress unhealthy when a spooled inbound backlog stalls while Bot API polling still succeeds, so gateway/channel health no longer stays green after Telegram DM processing wedges. Fixes #82175. Thanks @shellyrocklobster.

Agents: strip Gemini/Gemma <final> tags with attributes or self-closing syntax from delivered replies, including strict final-tag streaming enforcement. Fixes #65867.

macOS/update: disarm legacy ai.openclaw.update.* LaunchAgents when openclaw update starts from one, preventing KeepAlive relaunch loops that repeatedly restart the Gateway and replay update continuations. Fixes #82167.

Agents/replay: strip internal runtime-context metadata and NO_REPLY sentinels from provider replay and pending final-delivery recovery so restart and heartbeat resumes do not feed control text back to the model. Fixes #76629. Thanks @fuyizheng3120, @bryan-chx, and @cael-dandelion-cult.

LINE: acknowledge signed webhook events before agent processing so slow model replies do not cause LINE request_timeout delivery failures. Fixes #65375. Thanks @myericho.

LINE: stop cron recovery from inferring lowercased LINE recipients from canonical session keys, so long-running task replies do not silently retry undeliverable push targets. Fixes #81628. (#81704) Thanks @edenfunf.

TTS: preserve channel-derived voice-note delivery for /tts audio replies even when the provider output is not natively voice-compatible. (#82174) Thanks @xuruiray.

Codex app-server: preserve inbound sender metadata and source-channel provenance on mirrored user prompts, including failure snapshots, so channel history keeps the original sender identity. (#82184) Thanks @zknicker.

Codex account/status: treat metadata-only rate-limit buckets as returned but empty so /codex status and /codex account report none returned instead of counting phantom limits.

Codex/Lossless: keep Codex explicit compaction on native app-server threads while allowing Lossless through the context-engine slot; openclaw doctor --fix now migrates legacy compaction.provider: "lossless-claw" config to plugins.slots.contextEngine.

Cron/doctor: report scheduled jobs with explicit payload.model overrides, including provider namespace counts and default-model mismatches, so stale cron model pins are visible during auth or billing investigations. Fixes #82151. Thanks @mgonto.

Codex app-server: keep the short turn-completion idle watchdog armed after the last non-assistant current-turn item completes, so a quiet Codex app-server releases the OpenClaw session lane before the outer attempt timeout. Fixes #82171. (#82172) Thanks @funmerlin.

Providers/OpenRouter: stop adding empty DeepSeek V4 reasoning_content placeholders to assistant tool-call replay messages and strip empty replay artifacts before follow-up Chat Completions requests, so openrouter/deepseek/deepseek-v4-pro no longer fails after tool use. Fixes #82150. (#82158) Thanks @luyao618 and @Suquir0.

OpenAI-compatible providers: honor streaming-usage compatibility metadata when deciding whether to send stream_options.include_usage, while keeping bundled Volcengine routes opted in to Ark streaming usage. Refs #44845. (#82181) Thanks @xuruiray.

Gateway/approvals: treat turnSourceTo as optional in canBridgeNoDeviceChatApprovalFromBackend, matching the existing optional handling of turnSourceAccountId and turnSourceThreadId. Channels without a recipient concept (webchat, control-ui) leave turnSourceTo null on both the approval snapshot and the replay params, so the prior required-string check rejected every backend replay with APPROVAL_CLIENT_MISMATCH. Cross-channel replay is still gated by the required turnSourceChannel and sessionKey checks. Fixes #82132. (#82136) Thanks @ottodeng.

Cron: load runtime plugins before isolated cron model and delivery resolution so external channels can be selected for scheduled runs. (#82111) Thanks @medns.

Cron: mirror successful direct scheduled deliveries into the resolved destination session transcript while preserving isolated-delivery awareness policy. (#80786) Thanks @cavit99.

Cron: preserve rotated transcript identity after session-bound scheduled runs compact, so sessionTarget: "current" keeps the next user message on the same conversation. Fixes #82164. Thanks @weissfl.

Twitch: keep gateway accounts running until shutdown instead of treating successful monitor startup as a clean channel exit, preventing immediate auto-restart loops. Fixes #60071. (#81853) Thanks @edenfunf.

Agents/auto-reply: honor agents.defaults.silentReply and per-surface group silent-reply policy when generic agent-run failure fallbacks decide whether to send visible fallback text. Fixes #82060. (#82086) Thanks @taozengabc.

Discord: render channel topic context as structured untrusted metadata in reply prompts and stop duplicating inbound message bodies or exposing raw EXTERNAL_UNTRUSTED_CONTENT envelopes. Fixes #82168. Thanks @ronan-dandelion-cult.

Codex app-server: arm the short idle watchdog as soon as Codex accepts a turn, so accepted turns with no current-turn progress release the OpenClaw session lane before the outer model timeout. Fixes #82129. Thanks @Francois3d.

Agents/replies: also strip <function_response> workflow output when it becomes visible after an adjacent stripped tool-call XML block, closing the remaining sanitizer leak from #47444.

Control UI/WebChat: focus the composer when users click the visible input chrome and restore larger, labeled desktop composer controls while preserving compact mobile taps. Fixes #45656. Thanks @BunsDev.

Discord: suppress generated link embeds on outbound messages by default so agent-sent URLs stay as plain links unless channels.discord.suppressEmbeds is disabled.

System events: keep owner downgrades in structured metadata while rendering queued prompt text as plain System: lines, preserving least-privilege wakeups without prompt-visible trust labels. (#82067)

Slack: default outbound bot link unfurls off so agent-sent URLs no longer expand into inline previews unless channels.slack.unfurlLinks is enabled. (#82123) Thanks @kibi-bsp.

Slack: keep finalized draft-preview replies visible when a later same-turn tool warning is delivered normally instead of clearing the edited answer. Fixes #81903. (#81979) Thanks @neeravmakwana.

Providers/Xiaomi: preserve MiMo reasoning_content on multi-turn tool-call replay, including custom Xiaomi-compatible proxy routes, so follow-up turns no longer fail with 400 Param Incorrect. Fixes #81419. (#81589) Thanks @lovelefeng-glitch and @jimdawdy-hub.

Slack/plugins: route plugin-owned modal view_submission and view_closed events through Slack interactive handlers before compacting the agent-visible system event, so plugins can persist full submitted form state while the transcript stays compact. Fixes #82102. Thanks @shannon0430.

Providers/Xiaomi: promote legacy MiMo V2 reasoning-only final answers to visible text, including Xiaomi-compatible proxy routes, so mimo-v2-pro and mimo-v2-omni replies no longer appear blank when the answer arrives in reasoning_content. Fixes #60261. (#60304) Thanks @HiddenPuppy.

Providers: preserve required reasoning_content replay for Kimi K2.6/K2 thinking and MiMo V2.6 OpenAI-compatible tool-call follow-up turns while keeping the stock OpenAI/Qwen strip path intact. Fixes #82139. Thanks @yimao.

Memory search: stop using chokidar write-stability polling for memory and QMD watchers so large Markdown extraPath trees no longer build up regular file descriptors; changed files now settle through the existing debounced sync queue. Fixes #77327 and #78224. (#81802) Thanks @frankekn, @loyur, and @JanPlessow.

Message tool: rename the Discord channel-create schema field exposed to models from type to channelType, avoiding NVIDIA NIM JSON Schema parser failures while still accepting legacy type tool calls. (#78920) Thanks @YashSaliya.

Original source

Changes

Dependencies: route root ambient Node proxy agents through @openclaw/proxyline and drop root proxy-agent, https-proxy-agent, and minimatch dependencies.

Control UI/i18n: add a pnpm ui:i18n:report baseline report for hardcoded-copy focus areas and locale fallback metadata. (#81320) Thanks @samzong.

Maintainer tooling: add a repo-local codex-review skill for Codex closeout reviews, including local dirty-work and PR-branch review helpers that rerun until no accepted/actionable findings remain and avoid unsupported inline prompts with --base.

Maintainer tooling: fail CI when pull requests add package patch files or pnpm patched dependencies, preserving the upstream-and-bump dependency workflow.

Codex app-server: stream commentary preambles into editable channel progress drafts without promoting them to final answers.

Codex migration: remove the bundled codex-cli backend and repair legacy codex-cli/* model refs to the Codex app-server route on openai/*.

Gateway/startup: add owner-level startup trace attribution for auth, plugin loading, lookup counts, and plugin sidecar services. (#81738) Thanks @samzong.

Channels/status reactions: wire StatusReactionController into WhatsApp message turns (queued → thinking → tool → done/error lifecycle, on par with Telegram and Discord), add deploy/build/concierge emoji categories with tool-token routing, and replace the status reaction defaults with self-explanatory emoji (🧠 thinking, 🛠️ tool, 💻 coding, 🌐 web, ⏳ stallSoft, ⚠️ stallHard, ✅ done, ❌ error, 🗜️ compacting) so stall and lifecycle reactions read as status indicators instead of emotional commentary. Fixes #59077. (#80612) Thanks @gado-ships-it.

Control UI: add a browser-local Text size setting in Appearance and Quick Settings, scaling chat and dense UI text while keeping inputs above the mobile Safari focus-zoom threshold. Fixes #8547. Thanks @BunsDev.

Docs: add a dedicated ds4 provider page with local DeepSeek V4 Flash config, on-demand startup, context sizing, and live verification steps.

Release validation: add a package-installed Docker user-journey lane that verifies onboarding, mocked model setup, external plugin install/uninstall, ClickClack outbound/inbound messaging, Gateway restart survival, and doctor.

Release validation: add package-installed Docker lanes for real TTY onboarding, media and memory persistence, published-package upgrade journeys, and local marketplace plugin install/update/uninstall coverage.

Maintainers: add a Clawdtributor skill for Discrawl-backed contributor PR triage, live status checks, and compact review formatting.

Telegram: support Mini App web_app buttons in generic message presentation payloads, allowing openclaw message send --presentation to render Telegram Web App inline buttons for private chats. (#81356) Thanks @jzakirov.

Scripts: add OPENCLAW_HEAVY_CHECK_LOCK_SCOPE=worktree so high-capacity local worktrees can use independent heavy-check locks while shared locks remain the default. Fixes #80729. (#80734) Thanks @samzong.

Agents/subagents: deliver native sessions_spawn tasks in the child session's first visible [Subagent Task] message instead of hiding the task in the sub-agent system prompt, keeping delegation auditable without duplicating tokens. Fixes #78592. Thanks @bradestes and @stainlu.

Messages/queue: make mid-turn prompts steer active runs by default via /queue steer, preserve /queue followup and /queue collect for users who want messages to queue by default, and make /steer continue as a normal prompt when steering is unavailable. (#77023) Thanks @fuller-stack-dev.

Voice Call/Telnyx: add realtime media-streaming call support for conversational voice calls. (#81024) Thanks @dynamite-bud.

Dependencies: add release dependency evidence reports, npm advisory gating, and PR dependency-change awareness so maintainers can review dependency risk before and during releases. Thanks @joshavant.

Gateway: expose optional isHeartbeat metadata on agent event payloads so clients can distinguish scheduled heartbeat runs from ordinary chat runs. (#80610) Thanks @medns.

Agents: add agents.defaults.runRetries and agents.list[].runRetries config for embedded Pi runner retry loop limits. (#80661) Thanks @medns.

Codex: add node-backed Codex CLI session listing and binding so an OpenClaw conversation can continue an existing Codex CLI session running on a paired node.

Fixes

Cron/Codex: default exact-command scheduled agent turns to lightweight bootstrap context so automation runs the command before loading workspace identity or memory context.

Codex plugin/Gateway: strip unpaired UTF-16 surrogates from Codex app-server JSON-RPC payloads and let stale reply-work recovery abort stalled reply runs, preventing malformed media turns from wedging gateway lanes.

Codex app server: force OAuth refresh requests to perform a real token refresh instead of reusing unchanged inherited auth-profile tokens after refresh failures. (#80738) Thanks @simplyclever914.

Control UI/WebChat: render /tts audio replies as playable audio attachments through the assistant-media ticket path, with structured-audio compatibility for older live payloads. (#81722) Thanks @Conan-Scott.

Bind gateway approval access to requester metadata [AI]. (#81380) Thanks @pgondhi987.

Telegram: let isolated polling drain independent topics, DMs, and status/control commands concurrently while preserving same-lane order. (#81849) Thanks @VACInc.

Build: keep externalized Slack, OpenShell sandbox, and Anthropic Vertex runtime dependency declarations out of the root dist artifact build.

ClawHub: include Amazon Bedrock and Bedrock Mantle provider packages in the published registry metadata so the externalized providers are discoverable from ClawHub as well as npm.

Auto-reply/Claude CLI: bridge CLI-runtime assistant text-delta agent events into the chat reasoning preview through onReasoningStream, mirroring the existing assistant-text (#76914) and tool-event (#80046) bridges and adding gating so non-CLI runtimes are unaffected. Thanks @anagnorisis2peripeteia and @pashpashpash.

Mantis: keep QA evidence in Actions artifacts only and stop publishing evidence files to Git-backed artifact branches.

CLI/migrate: handle delayed Codex plugin marketplace responses so warnings, next-steps, and conflict states render with ⚠️ glyphs and post-install migration retries the marketplace fetch instead of silently skipping plugin items. (#81625) Thanks @sjf.

Channels/Weixin: bump the bundled @tencent-weixin/openclaw-weixin external entry to 2.4.3 (from 2.4.1) so onboarding and openclaw channels add install the current Tencent Weixin (personal WeChat) plugin release. (#81730) Thanks @scotthuang.

CLI: lazy-load model, plugin, and device runtime helpers and keep channel option help on generated startup metadata or generic fallback text so parent/help output renders without importing those runtime paths.

CLI: route plugins list --json through the parsed command fast path and cover it in response budgets so plugin JSON inventory avoids full CLI registration work.

Gateway/network: keep OpenClaw-installed undici dispatchers on HTTP/1.1 and treat destroyed HTTP/2 session errors as recoverable network teardown, preventing ERR_HTTP2_INVALID_SESSION from crashing active gateway turns. Fixes #81627. (#81838) Thanks @joshavant.

Memory/daily-files: widen the daily-memory file matcher used by Dreaming, rem-backfill, rem-harness, the doctor sweep, and short-term promotion so memory/YYYY-MM-DD-<slug>.md files written by the bundled session-memory hook (and any future slugged variants) are discovered alongside the date-only memory/YYYY-MM-DD.md shape. Date extraction still uses the leading YYYY-MM-DD capture group, so per-day ingestion/promotion semantics are unchanged for existing date-only files; slugged files now flow through the same paths instead of being silently skipped. Fixes #69536. Thanks @jack-stormentswe.

macOS/Gateway: fail managed LaunchAgent stop and restart when the configured gateway port remains busy after cleanup instead of reporting success while a listener survives. Fixes #73132. Thanks @BunsDev.

Telegram: reuse the sticky IPv4 Bot API transport for periodic getMe health checks, so IPv4-working hosts with broken IPv6 egress stop logging repeated probe timeouts. Fixes #76852. (#76856) Thanks @SymbolStar.

Telegram: ship the isolated polling worker at the root dist path used by the bundled worker loader, avoiding startup failures looking for dist/telegram-ingress-worker.runtime.js.

Control UI/Gateway: stop stale token-mismatch reconnect loops when no trusted device-token retry is available, and cap rendered chat history by raw tool-output size so dashboard auth/history work cannot keep degrading channel sockets. Fixes #72139. Thanks @BunsDev.

Memory/daily-files: prioritize the canonical memory/YYYY-MM-DD.md daily note before same-day slugged session captures during capped live ingestion and historical seeding, preserving existing daily-note behavior when slugged files exist.

Gateway/OpenAI-compatible HTTP: parse shared JSON endpoint paths without trusting malformed Host headers, avoiding 500s before /v1/chat/completions, /v1/responses, and /v1/embeddings request handling.

Telegram: resolve plugin native commands with the active runtime config so commands like /codex ... stay on the native command path.

Voice-call webhooks: parse webhook and realtime upgrade paths without trusting malformed Host headers, avoiding 500s before provider signature checks or path rejection.

Media store: reject malformed redirect Location headers as media-download failures instead of letting URL parsing escape the async response callback.

ClickClack: skip malformed realtime websocket frames instead of stopping the channel monitor on a single bad JSON event.

Browser tool: treat malformed node proxy payloadJSON responses as browser proxy failures instead of leaking raw JSON parser errors.

Gateway HTTP: match models, session kill, and session history route paths without trusting malformed Host headers, avoiding pre-auth 500s on those endpoints.

Google Meet/Codex: report malformed node proxy payloadJSON responses with plugin-owned errors instead of leaking raw JSON parser failures.

Debug proxy: reject malformed relative-form proxy targets with a controlled 400 response instead of letting URL parsing escape the request handler.

File transfer: reject malformed inline file_write base64 before computing hashes or invoking paired nodes, avoiding Node's lenient base64 decoder.

QA channel: skip malformed inline inbound attachment base64 instead of staging silently corrupted media for agent turns.

Microsoft Teams: reject malformed inline HTML image base64 padding instead of decoding corrupted data: image attachments.

Voice-call realtime: ignore malformed provider media-frame base64 before forwarding audio into bridge and transcription paths.

QQBot: reject malformed stored cron payload base64 before JSON decoding structured reminder data.

Telnyx voice-call: use the raw client_state fallback when webhook state is malformed base64 instead of using silently corrupted decoded text.

Google Meet: report malformed node-host params JSON with plugin-owned errors instead of leaking raw JSON parser failures.

CLI/export-trajectory: report malformed encoded request JSON with a stable CLI error instead of leaking raw parser output.

Twilio voice-call: report malformed successful API JSON responses with provider-owned errors instead of leaking raw parser failures.

Voice-call provider APIs: report malformed successful guarded JSON responses with provider-prefixed errors instead of leaking raw parser failures.

Realtime transcription: report malformed provider websocket JSON frames with owned parser errors instead of leaking raw SyntaxError objects.

Microsoft Foundry: report malformed Azure CLI token JSON with owned auth errors instead of leaking raw parser failures.

Gateway/model pricing: report malformed external pricing catalog JSON with source-owned errors instead of leaking raw parser failures.

QA Lab: report malformed model-catalog subprocess JSON with an owned error and ignore invalid catalog rows.

Google Meet: report malformed browser-control status JSON with plugin-owned errors instead of leaking raw parser failures.

Google provider: report malformed SSE stream JSON with provider-owned errors instead of leaking raw parser failures.

Node host: report malformed built-in invoke paramsJSON with stable invalid-request errors instead of leaking raw parser failures.

Amazon Bedrock embeddings: report malformed provider response JSON with provider-owned errors instead of leaking raw parser failures.

QQBot: report malformed access-token JSON with provider-owned errors instead of leaking raw parser failures.

OpenAI embeddings: report malformed batch output JSONL with provider-owned errors instead of leaking raw parser failures.

Synology Chat: report malformed JSON webhook payloads with stable channel-owned parser errors.

Mattermost: report malformed interaction callback JSON with stable channel-owned parser errors.

Matrix: ignore malformed percent-encoding in optional location URI parameters instead of letting a bad geo: event abort inbound message handling.

Web search: auto-detect Brave through its legacy tools.web.search.apiKey compatibility fallback while keeping doctor migration to plugins.entries.brave.config.webSearch.apiKey as the canonical repair, so allowlisted isolated cron runs do not report web_search unavailable before migration. Fixes #81538. Thanks @atomicmonk.

Plugins: memoize repeated in-process plugin metadata snapshots and keep vanished managed-install residue from forcing full derived discovery, reducing gateway/status startup scans under large plugin sets. Fixes #81143 and #79806. (#81570) Thanks @Kaspre, @holgergruenhagen, @JanPlessow, and @mjamiv.

CLI/plugins: route lazy plugin command-registration chatter to stderr only during JSON-output command registration, keeping plugin-backed --json stdout parseable without changing parse-only or pass-through --json behavior. Fixes #81535. (#81536) Thanks @ScientificProgrammer and @vincentkoc.

Plugins: treat git plugin install refs as refs instead of checkout flags, so option-like selectors fail checkout instead of silently installing the default branch. Fixes #79898. (#79901) Thanks @afurm and @vincentkoc.

Web: honor explicitly configured global web_search providers during provider ownership resolution while keeping sandboxed web_fetch limited to bundled providers.

Plugins/doctor: repair configured legacy npm declaration stubs by reinstalling their npm packages into the managed plugin root instead of loading workspace node_modules, and warn when discovery sees those stubs. Fixes #79632. Thanks @Dylanzhang1128 and @vincentkoc.

Channels: keep configured third-party channel plugins visible in openclaw channels list when their manifest declares channels but has not added channelConfigs metadata yet. Fixes #81334. (#81340) Thanks @AllynSheep and @vincentkoc.

Agents: skip bootstrap file and hook preload work on completed continuation-skip turns when no workspace bootstrap is pending, reducing isolated-agent prep latency without changing first-turn bootstrap behavior. Fixes #81548. Thanks @delizaran-unpa.

Config: validate JSON dry-runs against plugin-owned channel schemas, so external channel fields are not rejected by stale bundled schemas. Fixes #77887. (#81504) Thanks @giodl73-repo.

iOS: restore first-use Contacts, Calendar, and Reminders permission prompts and add Privacy & Access status/actions in Settings. Thanks @BunsDev.

Canvas: return not found for malformed percent-encoded Canvas/A2UI/document asset paths and keep decoded parent traversal blocked before path normalization.

Telegram: allow trusted local Bot API media files whose filenames start with dots instead of falling back to remote download.

Agents/Codex app-server: remap injected context files under dot-dot-prefixed workspace directories when a run switches to an effective sandbox workspace.

Control UI/i18n: use the installed workspace pi runtime for locale refreshes, update the fallback package pin, and skip scheduled refreshes with invalid provider credentials instead of failing main.

CI/performance: authenticate the clawgrit report repository remote during both checkout and publish so performance report pushes do not fail after benchmarks complete.

Hooks: load workspace-relative legacy hook modules from dot-dot-prefixed directories without treating the filename prefix as parent traversal.

Plugins: preserve installed package metadata and persisted registry freshness checks for plugin package paths under dot-dot-prefixed directories.

Agents: allow dot-dot-prefixed filenames such as ..note.txt through sandbox FS bridge, remote sandbox reads, and apply_patch summaries without mistaking the name for parent traversal.

CLI/migrate: hide per-item source/plugin hints on non-conflicting Codex skill and plugin selection prompts, keeping the hint text reserved for rows that actually need attention. Thanks @sjf.

Codex harness: treat high-confidence app-server OAuth refresh invalidation as a terminal auth-profile failure, stopping repeated raw token-refresh errors without turning entitlement or usage-limit payloads into re-auth prompts.

CLI/migrate: humanize Codex conflict-status messaging across the migrate UI so selection prompts and plan/result rows say "Codex skill already installed in workspace" instead of surfacing internal MIGRATION_REASON_* codes. Thanks @sjf.

CLI/migrate: render migrate result rows with distinct glyphs for manual-review (🔍) and archive (📖) items instead of the misleading "skipped" and "migrated" checkmarks, so users can see which entries still need attention versus which were filed away. Thanks @sjf.

CLI/migrate: split Codex migrate output into separate preview and result phases so the Before plan and After result render through clack with independently tunable copy. Thanks @sjf.

Codex app-server: project bundle and user MCP servers into Codex threads, rotate threads when an MCP server is disabled, scope bundle MCP injection to bundled servers, and resend user MCP config on resume so MCP changes take effect mid-session without restarting the agent. (#81551) Thanks @jalehman.

Codex migration: invoke the managed Codex binary instead of a stale system codex for source-config migration plans, so users running the bundled Codex runtime get plan output that matches the binary the gateway will actually use. (#81582) Thanks @fuller-stack-dev.

Subagents/maintenance: preserve pending subagent registry sessions during session-store cleanup, pruning, and disk-budget enforcement so in-flight subagent runs are not deleted by background maintenance before they complete. (#81498) Thanks @ai-hpc.

Control UI/chat: reconcile terminal and reconnect run cleanup with cached session activity, stale compaction/fallback indicators, and a compact composer run-status chip so completed or interrupted turns do not leave Stop active. Fixes #76874 and #64220; refs #71630. Thanks @BunsDev.

Maintainer tooling: clarify which pnpm test/check commands are safe locally versus inside Codex worktrees, routing linked-worktree gates through node wrappers and Crabbox/Testbox.

Auto-reply: preserve same-key ordering when debounced inbound work falls back to immediate flushes, so follow-up turns cannot overtake an active buffered flush.

Telegram/WhatsApp: keep Telegram same-chat replies ordered behind active no-delay turns without blocking WhatsApp follow-up message dispatch.

Codex migration: avoid duplicate cached plugin bundle warnings when app-server plugin inventory is available.

Agents: suppress aborted embedded assistant partials, reasoning text, reply directives, and stale prior replies before user-facing delivery while preserving clean timeout/error payloads. Fixes #48241. Thanks @BunsDev, @andyliu, and @yassinebkr.

Agents: allow dot-dot-prefixed filenames such as ..file.txt inside workspace and sandbox path policy while still rejecting real parent traversal.

Native image input: detect Windows drive image paths in plain prompts so C:...\screenshot.png references are not missed.

Media: normalize Windows-style filename hints before staging attachments, remote media, audio transcodes, and saved-media display names, so POSIX hosts do not preserve drive or directory text in generated filenames.

Media references: resolve first-level inbound media files whose IDs start with dots instead of treating names like ..photo.png as parent traversal.

iOS/chat: resize PhotosPicker image attachments to capped JPEGs before staging and sending, stripping source metadata and keeping oversized camera photos under the chat upload budget. Fixes #68524. Thanks @BunsDev.

Control UI: keep shared form, config, and usage text-entry controls at 16px on touch-primary devices while preserving chat composer input sizing, so iOS Safari no longer auto-zooms focused fields. Fixes #64651; carries forward #64673. Thanks @NianJiuZst and @BunsDev.

Agents/trajectory: make the trajectory flush cleanup timeout configurable with OPENCLAW_TRAJECTORY_FLUSH_TIMEOUT_MS, preserving the 10s default while slower stores drain. Refs #75839. Thanks @BunsDev.

Codex auth: accept OAuth profiles backed by oauthRef during runtime auth selection, so official Codex OAuth logins are used by app-server agent runs. (#81633) Thanks @obviyus.

Telegram: release stopped polling leases after the gateway stop grace so in-process restarts can reuse the same bot token without weakening active duplicate-poller protection. Fixes #81507. (#81890) Thanks @joshavant.

ACP: preserve redacted numeric JSON-RPC RequestError details in runtime failure text, so backend diagnostics are visible instead of only Internal error. Fixes #81126. (#81188) Thanks @vyctorbrzezowski.

Agents: cache unchanged PI model discovery stores and model lookups, reducing repeated model-resolution startup latency under large model configs. Fixes #78851.

Onboarding: carry returned Codex plugin migration config through the OpenAI model wizard so accepted plugin migrations are saved with the final config write.

Security/Windows ACL audit: classify Anonymous Logon, Guests, Interactive, Local, and Network SIDs as world-equivalent principals so broadly writable paths stay critical instead of being downgraded to group-writable. Fixes #74350. (#74383) Thanks @dwc1997.

Media-understanding: retry transient remote attachment fetch failures before audio or vision processing, so Discord voice notes are not lost after one network/CDN blip. Fixes #74316. Thanks @vyctorbrzezowski and @gabrielexito-stack.

Control UI: order timestamped live stream and tool items before untimestamped history fallbacks, keeping chat history in visible time order. Fixes #80759. (#81016) Thanks @akrimm702.

ClawHub: cancel stalled archive body reads for skill, package, and ClawPack downloads instead of leaving installs hanging after headers arrive. Fixes #52073. Refs #80006. Thanks @xinhuagu and @stainlu.

Control UI/config: discard stale redacted placeholders from form-mode config saves while preserving restorable saved secrets, so unrelated settings changes no longer submit OPENCLAW_REDACTED as real data. Fixes #60917. Thanks @giodl73-repo and @BunsDev.

OpenAI plugin: clarify remote Codex OAuth login copy so tunneled users know sign-in may finish automatically before they paste the redirect URL. (#81301) Thanks @rubencu.

SGLang: preserve replayed reasoning history for OpenAI-compatible chat completions, keeping thinking-capable local models from losing prior reasoning turns. (#81091) Thanks @akrimm702.

Plugins/install: derive managed peer dependency pins from npm's lockfile planner instead of recursively scanning node_modules, while keeping OpenClaw host peers out of managed root ownership and preserving active root-managed runtimes. Thanks @fuller-stack-dev.

Control UI/WebChat: keep short assistant replies clear of in-bubble copy/open action buttons by applying the existing reserved action spacing in the grouped chat renderer. Fixes #79509. (#81244) Thanks @JARVIS-Glasses.

Codex harness: make the live test wrapper portable to Windows and defer locked temp cleanup so native Windows and WSL2 live runs complete.

Link understanding: fetch page content through the SSRF guard before running configured CLI summarizers, preventing curl/wget-style link fetchers from reaching private redirect or DNS-rebound targets.

fix: harden safe-bin argument validation [AI]. (#80999) Thanks @pgondhi987.

Codex/status: align /codex status rate-limit wording with /status by showing remaining quota and compact reset durations instead of used quota and raw ISO timestamps. Thanks @MatthewSchleder.

Mattermost: log a structured mattermost no-visible-reply diagnostic when a substantive (non-reasoning) final reply payload reaches deliverMattermostReplyPayload but the underlying deliverTextOrMediaReply returns "empty" — previously the run completed with a misleading delivered reply to <channel> log even though no Mattermost API send happened, masking silent completions in channel/thread contexts. No behavior change; the diagnostic surfaces the failure so operators can detect it instead of seeing the agent appear to go silent. Fixes #80501. Thanks @robbyproc87.

Telegram: limit concurrent startup getMe probes across multi-account bots so large Telegram configs do not fan out all account probes at once during gateway startup. Refs #80695. (#80986) Thanks @stainlu.

fix(config): reject auto-managed meta.lastTouched* paths in config set/unset (#80856). Thanks @ai-hpc

Test state: seed isolated auth-profile secret keys for generated homes, preventing helper-backed proof runs from falling back to host Keychain secrets. (#81393) Thanks @altaywtf.

Plugins/update: clear stale allow/deny entries and selected plugin slots when disabling a plugin after update failure, keeping failed external plugin updates from leaving half-disabled config. (#81512) Thanks @JARVIS-Glasses.

Memory/LanceDB: make auto-capture recognize short CJK memory phrases and configurable literal triggers, so Chinese, Japanese, and Korean users can capture memories without regex or LLM intent detection. Fixes #75680. Thanks @vyctorbrzezowski and @guokewuming.

Plugins doctor: report stale plugin config warnings and avoid claiming full plugin health when config warnings remain. (#81515) Thanks @BKF-Gitty.

Sessions: display model: "<agentId>-acp" / modelProvider: "acpx" (ACP-runtime sentinel) for ACP control-plane sessions in openclaw sessions output, instead of the agent's configured model which was misleading. Catalog finding 20. (#79543)

Slack: normalize message read before and after timestamp bounds before calling Slack history or thread reply APIs. Fixes #80835. (#81338) Thanks @honor2030.

Gateway: throttle assistant/thinking agent event fanout during streaming bursts without dropping buffered deltas. (#80335) Thanks @samzong.

Models: restore authenticated CLI runtime providers in the /models picker while keeping legacy runtime aliases hidden from setup/default model choices. Closes #81212. (#81239) Thanks @anagnorisis2peripeteia.

Changelog gates: reject bot/app handles as Thanks attribution and require explicit human credit for bot/app-authored changelog entries. (#81357) Thanks @hxy91819.

Agents/heartbeat: fix seven layered issues that broke multi-agent heartbeat cadence — (1) fan out the scheduler broadcast wake across agents in parallel via Promise.all instead of awaiting each runOnce sequentially, so one agent doing real work no longer starves every later agent in iteration order; (2) scope skipWhenBusy to lanes attributable to the firing agent via session-key parsing of session:agent:<id>:… / nested:agent:<id>:… lane names, instead of consulting the global subagent lane, so a single stuck subagent on one agent no longer silently disables every other agent's heartbeat; (3) always append workspace HEARTBEAT.md directives (everything outside an optional tasks: block) to the dispatch prompt, so prose-runbook HEARTBEAT.md files reach the model directly instead of being silently dropped unless periodic tasks are declared; (4) race the initial stream-establishment promise inside streamWithIdleTimeout against the same watchdog timer that previously only guarded inter-token gaps, so SDK requests stuck at TCP/TLS handshake or before the first response byte no longer hang indefinitely (the stalled-session diagnostic's recovery=none case); (5) emit an openclaw doctor warning when heartbeat.session pins a session key that has no entry in the agent's session store, so silently-dropped heartbeat deliveries surface at config-validation time; (6) also route the commitment-only task dispatch path (tasks configured, none due) through appendHeartbeatFileDirectives so prose directives outside the tasks: block reach the model on this path as well; (7) wrap the synchronous baseFn(...) invocation inside streamWithIdleTimeout in a try/catch that clears the connect watchdog timer before rethrowing, so a provider stream function that throws during setup no longer leaves a live timer that can fire onIdleTimeout later with a stale error and keep the process open past the real failure. Thanks @zeroaltitude.

Matrix: stop running npm install/pnpm install at runtime from a parent-derived plugin path; missing Matrix runtime dependencies now fail with repair guidance instead of mutating the wrong node_modules tree. Fixes #80758. (#80876) Thanks @kinjitakabe.

Agents/memory-flush: surface non-abort memory-flush failures (provider timeout, transport error, generic agent failure) as visible reply payloads so the outer reply loop short-circuits and isolated cron runs propagate the error into meta.error instead of completing silently with status: "ok" and an empty payload. Previously only the specific "Memory flush writes are restricted to ..." message was surfaced. Fixes #80755. Thanks @nailujac.

Channels/loop-guard: enforce shared per-pair bot loop protection in the core channel-turn kernel, with Discord, Slack, Matrix, and Google Chat supplying bot-pair facts where they can reliably identify accepted bot-authored messages. The generic guard keys on (scope, conversation, participant pair), suppresses every additional bot-to-bot event in either direction once a pair crosses the configured budget, and lifts suppression after cooldownSeconds. Defaults are maxEventsPerWindow: 20, windowSeconds: 60, and cooldownSeconds: 60 whenever a channel lets bot-authored messages reach dispatch; they can be set globally via channels.defaults.botLoopProtection and overridden per channel/account or supported per-conversation config. Fixes #58789. Thanks @pandadev66.

Agents/memory-flush: surface non-abort memory-flush failures (provider timeout, transport error, generic agent failure) as visible reply payloads so the outer reply loop short-circuits and isolated cron runs propagate the error into meta.error instead of completing silently with status: "ok" and an empty payload. Previously only the specific "Memory flush writes are restricted to ..." message was surfaced. Refs #80755. Thanks @kinjitakabe and @nailujac.

Original source