The Performance Update
Standalone archive_result.py
The #1 performance win. PostToolUse hook now runs a lean 155-line standalone script instead of loading the full 380KB measure.py. 29ms median startup (was 135ms). Saves 13-18s per 200-tool session.
Read-cache default ON
No more opt-in env var. Read-cache is now on by default in warn mode. Opt out with TOKEN_OPTIMIZER_READ_CACHE=0 or config file {"read_cache_enabled": false} (handles ENV_SCRUB scenarios).
Per-session decisions.jsonl
Decision logs are now per-session files in decisions/ instead of a single global file. Faster stats queries, no cross-session noise, auto-pruned after 7 days.
OpenClaw regex cache
Pre-compiled fnmatch regex cache (Map<string, RegExp>) eliminates ~1,200 regex compilations per session.
Security & hardening (16 fixes from torture room)
- CSRF origin validation on dashboard POST endpoints
- Fixed UnboundLocalError crash in quality cache writer
- Fixed SNAPSHOT_DIR fallback path mismatch across scripts
- Manifest file TOCTOU race eliminated
- Self-healing quality-bar respects
quality_bar_disabledopt-out - Auto-update git pull now logs results
- Stdin reads capped across all entry points
- Type hints on archive_result.py
QA
57 tests passed (23 CLI regression + 34 full-suite integration). 4 verification agents confirmed all fixes. Zero remaining issues.
Full Changelog: v3.1.1...v3.2.0