github openclaw/openclaw v2026.5.14-beta.2
openclaw 2026.5.14-beta.2
on GitHub

latest release: v2026.5.14-beta.3
pre-release7 hours ago

Changes

  • Channels/SDK: add normalized command turn facts to channel turn construction and expose command-turn helpers for plugin inbound contexts.
  • Agents/config: support per-agent bootstrap profile overrides for contextInjection, bootstrapMaxChars, and bootstrapTotalMaxChars, inheriting from agents.defaults when omitted. Fixes #69966. Thanks @BunsDev.
  • Dependencies: route root ambient Node proxy agents through @openclaw/proxyline and drop root proxy-agent, https-proxy-agent, and minimatch dependencies.
  • Canvas: lazy-load HTTP host, hosted media resolver, CLI implementation, and tool runtime modules so Gateway startup only pays Canvas implementation cost on first use. (#82001) Thanks @samzong.
  • Control UI/i18n: add a pnpm ui:i18n:report baseline report for hardcoded-copy focus areas and locale fallback metadata. (#81320) Thanks @samzong.
  • Maintainer tooling: add a repo-local codex-review skill for Codex closeout reviews, including local dirty-work and PR-branch review helpers that rerun until no accepted/actionable findings remain and avoid unsupported inline prompts with --base.
  • Maintainer tooling: fail CI when pull requests add package patch files or pnpm patched dependencies, preserving the upstream-and-bump dependency workflow.
  • Codex app-server: stream commentary preambles into editable channel progress drafts without promoting them to final answers.
  • Codex migration: remove the bundled codex-cli backend and repair legacy codex-cli/* model refs to the Codex app-server route on openai/*.
  • Gateway/startup: add owner-level startup trace attribution for auth, plugin loading, lookup counts, and plugin sidecar services. (#81738) Thanks @samzong.
  • Plugins/hooks: expose the resolved effective contextTokenBudget plus source/reference metadata on llm_output and sanitized model_call_* hook events/contexts so plugin cost and context-health alerts can use agent-level context caps. Fixes #64327. Thanks @BunsDev.
  • Channels/status reactions: wire StatusReactionController into WhatsApp message turns (queued → thinking → tool → done/error lifecycle, on par with Telegram and Discord), add deploy/build/concierge emoji categories with tool-token routing, and replace the status reaction defaults with self-explanatory emoji (🧠 thinking, 🛠️ tool, 💻 coding, 🌐 web, ⏳ stallSoft, ⚠️ stallHard, ✅ done, ❌ error, 🗜️ compacting) so stall and lifecycle reactions read as status indicators instead of emotional commentary. Fixes #59077. (#80612) Thanks @gado-ships-it.
  • Control UI: add a browser-local Text size setting in Appearance and Quick Settings, scaling chat and dense UI text while keeping inputs above the mobile Safari focus-zoom threshold. Fixes #8547. Thanks @BunsDev.
  • Docs: add a dedicated ds4 provider page with local DeepSeek V4 Flash config, on-demand startup, context sizing, and live verification steps.
  • Release validation: add a package-installed Docker user-journey lane that verifies onboarding, mocked model setup, external plugin install/uninstall, ClickClack outbound/inbound messaging, Gateway restart survival, and doctor.
  • Release validation: add package-installed Docker lanes for real TTY onboarding, media and memory persistence, published-package upgrade journeys, and local marketplace plugin install/update/uninstall coverage.
  • Maintainers: add a Clawdtributor skill for Discrawl-backed contributor PR triage, live status checks, and compact review formatting.
  • Telegram: support Mini App web_app buttons in generic message presentation payloads, allowing openclaw message send --presentation to render Telegram Web App inline buttons for private chats. (#81356) Thanks @jzakirov.
  • Scripts: add OPENCLAW_HEAVY_CHECK_LOCK_SCOPE=worktree so high-capacity local worktrees can use independent heavy-check locks while shared locks remain the default. Fixes #80729. (#80734) Thanks @samzong.
  • Agents/subagents: deliver native sessions_spawn tasks in the child session's first visible [Subagent Task] message instead of hiding the task in the sub-agent system prompt, keeping delegation auditable without duplicating tokens. Fixes #78592. Thanks @bradestes and @stainlu.
  • Messages/queue: make mid-turn prompts steer active runs by default via /queue steer, preserve /queue followup and /queue collect for users who want messages to queue by default, and make /steer continue as a normal prompt when steering is unavailable. (#77023) Thanks @fuller-stack-dev.
  • Voice Call/Telnyx: add realtime media-streaming call support for conversational voice calls. (#81024) Thanks @dynamite-bud.
  • Dependencies: add release dependency evidence reports, npm advisory gating, and PR dependency-change awareness so maintainers can review dependency risk before and during releases. Thanks @joshavant.
  • Gateway: expose optional isHeartbeat metadata on agent event payloads so clients can distinguish scheduled heartbeat runs from ordinary chat runs. (#80610) Thanks @medns.
  • Agents: add agents.defaults.runRetries and agents.list[].runRetries config for embedded Pi runner retry loop limits. (#80661) Thanks @medns.
  • Codex: add node-backed Codex CLI session listing and binding so an OpenClaw conversation can continue an existing Codex CLI session running on a paired node.

Fixes

  • Models/providers: trust the exact configured custom/local provider baseUrl origin for guarded model HTTP requests, so loopback, LAN, tailnet, and private DNS endpoints work without broad private-network access while different ports and metadata/link-local pivots remain blocked. Fixes #80732. (#80751) Thanks @Kaspre and @msitarzewski.
  • Bind shell script operands after combined options [AI]. (#81882) Thanks @pgondhi987.
  • fix(canvas): validate snapshot response formats [AI]. (#81881) Thanks @pgondhi987.
  • Constrain provider catalog entry paths [AI]. (#81884) Thanks @pgondhi987.
  • Require canonical node platform IDs [AI]. (#81880) Thanks @pgondhi987.
  • Agents/Azure OpenAI Responses: default unset Azure OpenAI API versions to preview so /openai/v1/responses calls use Azure's current Responses API route. (#82026) Thanks @leoge007.
  • Control UI/WebChat: compact the desktop chat header controls into a single aligned row so the session, model, thinking, and action controls no longer waste vertical space. Thanks @BunsDev.
  • Agents: retry empty final turns for generic anthropic-messages providers instead of limiting non-visible recovery to Kimi, so custom/proxied Anthropic-compatible routes can recover with a visible answer. Addresses #46080. Thanks @wmgx, @w1tv, and @iFwu.
  • Agents/replies: strip workflow <function_response> scaffolding from user-visible sanitizer paths so raw tool output does not leak into chat history, transcript mirrors, or channel replies. Fixes #47444. Thanks @5toCode.
  • Agents/media: deliver generated image, music, and video results through structured attachments, keep message-tool-only Codex completions on the message tool, and fail completion handoff when expected media is not actually sent.
  • Diagnostics/Codex: recover stalled embedded Codex app-server runs after the shorter default stalled-run window so queued turns resume sooner.
  • Control UI: rotate browser service-worker caches per build so updated Gateways are less likely to keep serving stale dashboard bundles that trigger protocol mismatch errors.
  • Gateway/protocol: lazy-compile protocol validators on first use instead of compiling every AJV schema during cold import, reducing startup CPU and RSS. (#82064) Thanks @samzong.
  • Discord: report unresolved configured bot-token SecretRefs during startup instead of treating the account as unconfigured. (#82009) Thanks @giodl73-repo.
  • CLI/config: preserve numeric-looking object keys such as Discord guild IDs during config patch recursive merges. (#81999) Thanks @giodl73-repo.
  • Gateway/OpenAI-compatible HTTP: forward response_format from /v1/chat/completions requests through agent stream params to upstream Chat Completions and Responses transports, restoring structured-output support. Fixes #82003. (#82004) Thanks @Lellansin.
  • Control UI/WebChat: let sidebar markdown code-block Copy buttons use the same delegated clipboard handler as chat messages. (#58709) Thanks @tikitoki.
  • Discord/streaming: only mark partial draft previews delivered after final edit or fallback delivery succeeds, so failed finalization cleanup removes stale truncated drafts instead of leaving them as the visible reply. Fixes #82035. Thanks @compoodment.
  • macOS/Gateway: surface leftover ai.openclaw.update.* launchd updater jobs in openclaw gateway status --deep and doctor so post-update launchd loops point at the stale job cleanup. Fixes #81859. Thanks @BKF-Gitty.
  • macOS/screen snapshots: reject malformed screen.snapshot params before capture, bound base64 results against the projected node.invoke.result frame, and preserve stable caller-facing errors for oversized payloads and capture failures. Fixes #68181. Thanks @shaun0927 and @BunsDev.
  • Config/doctor: rotate capped .clobbered.* repair snapshots by artifact timestamp so repeated repairs keep the newest forensic copy instead of preserving only the first capped set. (#82012) Thanks @Kaspre.
  • Telegram: initialize the bot before isolated polling drains spooled updates so default isolated polling no longer retries every update with Bot not initialized and stalls replies. Fixes #81973. (#81975) Thanks @neeravmakwana.
  • Telegram: apply method-aware Bot API request timeouts to direct message/action clients so openclaw message delete --channel telegram no longer waits on grammY's 500-second default when the API request wedges. Fixes #81908. Thanks @DashLabsDev.
  • Cron: treat attempt dispatch and assembled context as execution-start milestones so isolated agent jobs that have reached backend dispatch are governed by their configured job timeout instead of the 60s pre-execution watchdog. Fixes #81368. (#81871) Thanks @alexph-dev.
  • Doctor/auth: warn about stale per-agent OAuth auth profile shadows and let openclaw doctor --fix remove the local shadow so agents inherit the fresher main-agent credential.
  • Status/channels: show configured channels whose plugin setup failed to load as plugin load failed: dependency tree corrupted; run openclaw doctor --fix instead of silently dropping them from openclaw status.
  • Status/update: show pending or failed update restart handoffs in openclaw status and make openclaw update print explicit gateway restart verified, skipped, or failed guidance.
  • QA/update: add an E2E corrupt plugin dependency lane that verifies status --all guidance, doctor --fix cleanup, and channel status recovery.
  • Discord/channels: make openclaw channels list --all prefer reachable Gateway runtime account status and mark configured-but-unavailable credentials, avoiding false not configured output when Discord is running from service-only env. Fixes #79343. Thanks @EricY019.
  • WhatsApp: mark text slash commands as command turns so authorized group command replies stay visible under message-tool-only group reply mode. (#81972) Thanks @barbarhan.
  • Providers/OpenCode Go: stop sending unsupported reasoning parameters to Kimi K2.5/K2.6, avoiding OpenCode Go payload-validation failures while preserving DeepSeek V4 reasoning support.
  • Installer: handle noninteractive git installs from moving refs without tag-fetch conflicts, while keeping immutable refs on frozen lockfile installs. (#81875) Thanks @keshavbotagent.
  • Codex app-server: inject native client factories per run and compaction attempt instead of using module-scope test state, avoiding temporal-dead-zone reads during cyclic startup. (#81148) Thanks @bdjben.
  • Plugin skills: replace generated Windows plugin-skill directories before publishing the current skill link, avoiding repeated EINVAL warnings from stale non-symlink entries. Fixes #81432. (#81446) Thanks @hclsys and @vincentkoc.
  • Channels/config: treat channel entries with only enabled: true as configured state so plugin-backed channels can auto-enable from an explicit on switch. Fixes #81323. (#81331) Thanks @EvanYao826 and @vincentkoc.
  • CLI/update: add an update finalization path for externally swapped core runtimes, running update-time doctor repair and plugin convergence from post-doctor config and install-record state before reporting completion. Thanks @shakkernerd.
  • CLI/update: refresh config after package-update doctor repairs before post-update plugin sync, avoiding stale-hash conflicts during package upgrade journeys.
  • macOS/Gateway: hand managed LaunchAgent package self-updates to the post-exit CLI path and report handoff failures through the update restart sentinel instead of leaving agent-invoked updates pending. Fixes #81894. (#81945) Thanks @BKF-Gitty.
  • Agents/WebChat: stop a successful assistant turn whose stale errorMessage matches a billing, auth, or rate-limit pattern from rotating profiles, falling back, or surfacing a hard FailoverError unless the current attempt has a real failover failure. (#70900) Thanks @truffle-dev.
  • Control UI/usage: remove the duplicated inner Usage page heading so the shared dashboard header is the only page title. Thanks @BunsDev.
  • Control UI/WebChat: keep mobile PWA composer controls above the iOS home indicator when standalone safe-area insets under-report. Fixes #77408. Thanks @BunsDev.
  • Control UI/logs: make the Gateway Logs stream height responsive to the viewport with a minimum height floor, so larger screens can show substantially more log lines without collapsing on shorter viewports. (#53916) Thanks @extrasmall0.
  • ACP/Codex: surface redacted Codex wrapper stderr for generic ACP internal failures and preserve safe Codex model/provider routing in isolated CODEX_HOME, making sessions_spawn(runtime="acp", agentId="codex") failures actionable. Fixes #80079. (#80718) Thanks @leoge007.
  • Agents/trace: mark execution traces as fallback-used when merged fallback attempts prove a primary model failed before the winning attempt, keeping /trace raw and agent JSON telemetry consistent. Addresses fallback telemetry in #81213. Thanks @BKF-Gitty.
  • ACP: treat rejected timeout config options as best-effort hints so ACP turns continue with adapters that do not support session/set_config_option timeout keys. Fixes #81250. (#81603) Thanks @qkal.
  • Cron/Codex: default exact-command scheduled agent turns to lightweight bootstrap context so automation runs the command before loading workspace identity or memory context.
  • Codex cron: disable native Codex project-doc loading for lightweight app-server cron turns so scheduled jobs avoid project-doc injection after OpenClaw suppresses bootstrap context. (#81822) Thanks @jalehman.
  • Codex plugin/Gateway: strip unpaired UTF-16 surrogates from Codex app-server JSON-RPC payloads and let stale reply-work recovery abort stalled reply runs, preventing malformed media turns from wedging gateway lanes.
  • Codex app server: force OAuth refresh requests to perform a real token refresh instead of reusing unchanged inherited auth-profile tokens after refresh failures. (#80738) Thanks @simplyclever914.
  • Control UI/WebChat: render /tts audio replies as playable audio attachments through the assistant-media ticket path, with structured-audio compatibility for older live payloads. (#81722) Thanks @Conan-Scott.
  • Bind gateway approval access to requester metadata [AI]. (#81380) Thanks @pgondhi987.
  • Telegram: let isolated polling drain independent topics, DMs, and status/control commands concurrently while preserving same-lane order. (#81849) Thanks @VACInc.
  • Telegram: derive readable plain-text retries from HTML fallback sends so parse failures show label (url) links instead of raw anchors. (#81764) Thanks @alexph-dev.
  • Ollama/Doctor: copy explicit native Ollama contextWindow or maxTokens provider/model budgets into params.num_ctx during openclaw doctor --fix, preserving large-context configs after native Ollama stopped inferring per-request num_ctx. Fixes #81878. (#81928) Thanks @joshavant and @ArthurusDent.
  • Discord: honor threadName on message send to existing threads by renaming the thread after successful delivery, and warn when the rename cannot be applied. Fixes #81836. (#81933) Thanks @joshavant.
  • Build: keep externalized Slack, OpenShell sandbox, and Anthropic Vertex runtime dependency declarations out of the root dist artifact build.
  • ClawHub: include Amazon Bedrock and Bedrock Mantle provider packages in the published registry metadata so the externalized providers are discoverable from ClawHub as well as npm.
  • Codex account/status: hide empty rate-limit buckets and show server-reported usage-limit blocks without calling them available.
  • Auto-reply/Claude CLI: bridge CLI-runtime assistant text-delta agent events into the chat reasoning preview through onReasoningStream, mirroring the existing assistant-text (#76914) and tool-event (#80046) bridges and adding gating so non-CLI runtimes are unaffected. Thanks @anagnorisis2peripeteia and @pashpashpash.
  • Mantis: keep QA evidence in Actions artifacts only and stop publishing evidence files to Git-backed artifact branches.
  • CLI/migrate: handle delayed Codex plugin marketplace responses so warnings, next-steps, and conflict states render with ⚠️ glyphs and post-install migration retries the marketplace fetch instead of silently skipping plugin items. (#81625) Thanks @sjf.
  • Channels/Weixin: bump the bundled @tencent-weixin/openclaw-weixin external entry to 2.4.3 (from 2.4.1) so onboarding and openclaw channels add install the current Tencent Weixin (personal WeChat) plugin release. (#81730) Thanks @scotthuang.
  • CLI: lazy-load model, plugin, and device runtime helpers and keep channel option help on generated startup metadata or generic fallback text so parent/help output renders without importing those runtime paths.
  • CLI: route plugins list --json through the parsed command fast path and cover it in response budgets so plugin JSON inventory avoids full CLI registration work.
  • Control UI/Overview: render recent session rows through the shared session display resolver so label/displayName priority, key-equivalent labels, and channel fallbacks stay consistent with the chat selector. (#50696) Thanks @Maple778 and @BunsDev.
  • Gateway/network: keep OpenClaw-installed undici dispatchers on HTTP/1.1 and treat destroyed HTTP/2 session errors as recoverable network teardown, preventing ERR_HTTP2_INVALID_SESSION from crashing active gateway turns. Fixes #81627. (#81838) Thanks @joshavant.
  • Memory/daily-files: widen the daily-memory file matcher used by Dreaming, rem-backfill, rem-harness, the doctor sweep, and short-term promotion so memory/YYYY-MM-DD-<slug>.md files written by the bundled session-memory hook (and any future slugged variants) are discovered alongside the date-only memory/YYYY-MM-DD.md shape. Date extraction still uses the leading YYYY-MM-DD capture group, so per-day ingestion/promotion semantics are unchanged for existing date-only files; slugged files now flow through the same paths instead of being silently skipped. Fixes #69536. Thanks @jack-stormentswe.
  • macOS/Gateway: fail managed LaunchAgent stop and restart when the configured gateway port remains busy after cleanup instead of reporting success while a listener survives. Fixes #73132. Thanks @BunsDev.
  • Telegram: reuse the sticky IPv4 Bot API transport for periodic getMe health checks, so IPv4-working hosts with broken IPv6 egress stop logging repeated probe timeouts. Fixes #76852. (#76856) Thanks @SymbolStar.
  • Telegram: ship the isolated polling worker at the root dist path used by the bundled worker loader, avoiding startup failures looking for dist/telegram-ingress-worker.runtime.js.
  • Control UI/Gateway: stop stale token-mismatch reconnect loops when no trusted device-token retry is available, and cap rendered chat history by raw tool-output size so dashboard auth/history work cannot keep degrading channel sockets. Fixes #72139. Thanks @BunsDev.
  • Memory/daily-files: prioritize the canonical memory/YYYY-MM-DD.md daily note before same-day slugged session captures during capped live ingestion and historical seeding, preserving existing daily-note behavior when slugged files exist.
  • Gateway/OpenAI-compatible HTTP: parse shared JSON endpoint paths without trusting malformed Host headers, avoiding 500s before /v1/chat/completions, /v1/responses, and /v1/embeddings request handling.
  • Telegram: resolve plugin native commands with the active runtime config so commands like /codex ... stay on the native command path.
  • Voice-call webhooks: parse webhook and realtime upgrade paths without trusting malformed Host headers, avoiding 500s before provider signature checks or path rejection.
  • Media store: reject malformed redirect Location headers as media-download failures instead of letting URL parsing escape the async response callback.
  • ClickClack: skip malformed realtime websocket frames instead of stopping the channel monitor on a single bad JSON event.
  • Browser tool: treat malformed node proxy payloadJSON responses as browser proxy failures instead of leaking raw JSON parser errors.
  • Gateway HTTP: match models, session kill, and session history route paths without trusting malformed Host headers, avoiding pre-auth 500s on those endpoints.
  • Google Meet/Codex: report malformed node proxy payloadJSON responses with plugin-owned errors instead of leaking raw JSON parser failures.
  • Debug proxy: reject malformed relative-form proxy targets with a controlled 400 response instead of letting URL parsing escape the request handler.
  • File transfer: reject malformed inline file_write base64 before computing hashes or invoking paired nodes, avoiding Node's lenient base64 decoder.
  • QA channel: skip malformed inline inbound attachment base64 instead of staging silently corrupted media for agent turns.
  • Microsoft Teams: reject malformed inline HTML image base64 padding instead of decoding corrupted data: image attachments.
  • Voice-call realtime: ignore malformed provider media-frame base64 before forwarding audio into bridge and transcription paths.
  • QQBot: reject malformed stored cron payload base64 before JSON decoding structured reminder data.
  • Telnyx voice-call: use the raw client_state fallback when webhook state is malformed base64 instead of using silently corrupted decoded text.
  • Google Meet: report malformed node-host params JSON with plugin-owned errors instead of leaking raw JSON parser failures.
  • CLI/export-trajectory: report malformed encoded request JSON with a stable CLI error instead of leaking raw parser output.
  • ComfyUI: report malformed workflow API JSON responses with owned errors instead of leaking raw parser failures.
  • DeepInfra video: report malformed successful API JSON responses with provider-owned errors instead of leaking raw parser failures.
  • Brave Search: report malformed web and LLM-context API JSON with provider-owned errors instead of leaking raw parser failures.
  • xAI tools: report malformed web search, X search, and code execution JSON with provider-owned errors instead of leaking raw parser failures.
  • Nextcloud Talk: report malformed room-info and bot-admin JSON with channel-owned errors instead of leaking raw parser failures.
  • Microsoft Teams: report malformed Graph and delegated OAuth JSON with channel-owned errors instead of leaking raw parser failures.
  • Google Chat: report malformed Chat API and certificate JSON with channel-owned errors instead of leaking raw parser failures.
  • Firecrawl: report malformed search and scrape API JSON with provider-owned errors instead of leaking raw parser failures.
  • Tavily: report malformed search and extract API JSON with provider-owned errors instead of leaking raw parser failures.
  • Perplexity: report malformed Search API and chat completion JSON with provider-owned errors instead of leaking raw parser failures.
  • Exa: report malformed search API JSON with a provider-owned error instead of leaking raw parser failures.
  • Memory host SDK: report malformed remote JSON with caller-scoped errors for POST and batch file upload responses instead of leaking raw parser failures.
  • Media providers: report malformed operation-poll and audio-transcription JSON with provider-owned errors instead of leaking raw parser failures.
  • MiniMax, Gemini, Kimi, and Ollama web search: report malformed API JSON with provider-owned errors instead of leaking raw parser failures.
  • Twilio voice-call: report malformed successful API JSON responses with provider-owned errors instead of leaking raw parser failures.
  • Voice-call provider APIs: report malformed successful guarded JSON responses with provider-prefixed errors instead of leaking raw parser failures.
  • Realtime transcription: report malformed provider websocket JSON frames with owned parser errors instead of leaking raw SyntaxError objects.
  • Microsoft Foundry: report malformed Azure CLI token JSON with owned auth errors instead of leaking raw parser failures.
  • Gateway/model pricing: report malformed external pricing catalog JSON with source-owned errors instead of leaking raw parser failures.
  • QA Lab: report malformed model-catalog subprocess JSON with an owned error and ignore invalid catalog rows.
  • Google Meet: report malformed browser-control status JSON with plugin-owned errors instead of leaking raw parser failures.
  • Google provider: report malformed SSE stream JSON with provider-owned errors instead of leaking raw parser failures.
  • Node host: report malformed built-in invoke paramsJSON with stable invalid-request errors instead of leaking raw parser failures.
  • Amazon Bedrock embeddings: report malformed provider response JSON with provider-owned errors instead of leaking raw parser failures.
  • QQBot: report malformed access-token JSON with provider-owned errors instead of leaking raw parser failures.
  • OpenAI embeddings: report malformed batch output JSONL with provider-owned errors instead of leaking raw parser failures.
  • Synology Chat: report malformed JSON webhook payloads with stable channel-owned parser errors.
  • Mattermost: report malformed interaction callback JSON with stable channel-owned parser errors.
  • Twilio voice-call: report malformed media stream WebSocket JSON with an owned parser error instead of logging raw parser failures.
  • Tlon/Urbit: report malformed SSE event JSON with an owned parser error instead of logging raw parser failures.
  • Signal: return a stable installer error when GitHub release metadata is malformed JSON.
  • ClawHub: report malformed successful marketplace JSON responses with owned errors instead of leaking raw parser failures.
  • Provider usage: report malformed successful usage JSON responses with stable provider errors instead of leaking raw parser failures.
  • Tlon/Urbit: report malformed scry response JSON with owned errors instead of leaking raw parser failures.
  • LM Studio: report malformed model list and model load JSON with owned errors instead of leaking raw parser failures.
  • Matrix: ignore malformed percent-encoding in optional location URI parameters instead of letting a bad geo: event abort inbound message handling.
  • Web search: auto-detect Brave through its legacy tools.web.search.apiKey compatibility fallback while keeping doctor migration to plugins.entries.brave.config.webSearch.apiKey as the canonical repair, so allowlisted isolated cron runs do not report web_search unavailable before migration. Fixes #81538. Thanks @atomicmonk.
  • Plugins: memoize repeated in-process plugin metadata snapshots and keep vanished managed-install residue from forcing full derived discovery, reducing gateway/status startup scans under large plugin sets. Fixes #81143 and #79806. (#81570) Thanks @Kaspre, @holgergruenhagen, @JanPlessow, and @mjamiv.
  • CLI/plugins: route lazy plugin command-registration chatter to stderr only during JSON-output command registration, keeping plugin-backed --json stdout parseable without changing parse-only or pass-through --json behavior. Fixes #81535. (#81536) Thanks @ScientificProgrammer and @vincentkoc.
  • Plugins: treat git plugin install refs as refs instead of checkout flags, so option-like selectors fail checkout instead of silently installing the default branch. Fixes #79898. (#79901) Thanks @afurm and @vincentkoc.
  • Doctor/memory: stop warning that no memory plugin is active when an enabled alternate memory plugin explicitly owns the memory slot, while preserving the warning for missing or disabled slot entries. Fixes #78540. (#78557) Thanks @carladams1299-lab and @vincentkoc.
  • Plugins: keep process-local plugin metadata snapshot memo freshness tied to the cached registry snapshot so policy-stale derived plugin metadata edits invalidate the memo instead of returning stale owners or command aliases. (#81064) Thanks @Kaspre.
  • Plugins: discover provider plugins from setup.providers[].envVars credentials during provider discovery while keeping the deprecated providerAuthEnvVars fallback. (#81542) Thanks @JARVIS-Glasses.
  • Docs/Codex harness: clarify that per-agent CODEX_HOME isolates ~/.codex while inherited HOME intentionally keeps .agents discovery and subprocess user-home state available.
  • CLI/plugins: keep bare plugin and parent-command help on the lightweight path, avoiding plugin registry discovery before rendering help.
  • Auth: reclaim dead-owner stale file locks before retrying locked writes, so crashed OAuth refreshes no longer wedge auth-profiles.json until manual cleanup.
  • CLI tables: preserve muted/color styling on wrapped continuation lines after multiline cells, keeping openclaw plugins list descriptions readable.
  • Process execution: collapse case-insensitive duplicate child environment keys on Windows so caller-provided overrides such as PATH cannot be shadowed by host Path.
  • Browser CLI: request the existing operator.admin gateway scope explicitly for browser control commands, avoiding unnecessary scope-upgrade approval loops. Fixes #81555. (#81716) Thanks @joshavant.
  • Web: honor explicitly configured global web_search providers during provider ownership resolution while keeping sandboxed web_fetch limited to bundled providers.
  • Plugins/doctor: repair configured legacy npm declaration stubs by reinstalling their npm packages into the managed plugin root instead of loading workspace node_modules, and warn when discovery sees those stubs. Fixes #79632. Thanks @Dylanzhang1128 and @vincentkoc.
  • Channels: keep configured third-party channel plugins visible in openclaw channels list when their manifest declares channels but has not added channelConfigs metadata yet. Fixes #81334. (#81340) Thanks @AllynSheep and @vincentkoc.
  • Agents: skip bootstrap file and hook preload work on completed continuation-skip turns when no workspace bootstrap is pending, reducing isolated-agent prep latency without changing first-turn bootstrap behavior. Fixes #81548. Thanks @delizaran-unpa.
  • Config: validate JSON dry-runs against plugin-owned channel schemas, so external channel fields are not rejected by stale bundled schemas. Fixes #77887. (#81504) Thanks @giodl73-repo.
  • iOS: restore first-use Contacts, Calendar, and Reminders permission prompts and add Privacy & Access status/actions in Settings. Thanks @BunsDev.
  • Canvas: return not found for malformed percent-encoded Canvas/A2UI/document asset paths and keep decoded parent traversal blocked before path normalization.
  • Telegram: allow trusted local Bot API media files whose filenames start with dots instead of falling back to remote download.
  • Agents/Codex app-server: remap injected context files under dot-dot-prefixed workspace directories when a run switches to an effective sandbox workspace.
  • Control UI/i18n: use the installed workspace pi runtime for locale refreshes, update the fallback package pin, and skip scheduled refreshes with invalid provider credentials instead of failing main.
  • CI/performance: authenticate the clawgrit report repository remote during both checkout and publish so performance report pushes do not fail after benchmarks complete.
  • Hooks: load workspace-relative legacy hook modules from dot-dot-prefixed directories without treating the filename prefix as parent traversal.
  • Plugins: preserve installed package metadata and persisted registry freshness checks for plugin package paths under dot-dot-prefixed directories.
  • Agents: allow dot-dot-prefixed filenames such as ..note.txt through sandbox FS bridge, remote sandbox reads, and apply_patch summaries without mistaking the name for parent traversal.
  • CLI/migrate: hide per-item source/plugin hints on non-conflicting Codex skill and plugin selection prompts, keeping the hint text reserved for rows that actually need attention. Thanks @sjf.
  • Codex harness: treat high-confidence app-server OAuth refresh invalidation as a terminal auth-profile failure, stopping repeated raw token-refresh errors without turning entitlement or usage-limit payloads into re-auth prompts.
  • CLI/migrate: humanize Codex conflict-status messaging across the migrate UI so selection prompts and plan/result rows say "Codex skill already installed in workspace" instead of surfacing internal MIGRATION_REASON_* codes. Thanks @sjf.
  • CLI/migrate: render migrate result rows with distinct glyphs for manual-review (🔍) and archive (📖) items instead of the misleading "skipped" and "migrated" checkmarks, so users can see which entries still need attention versus which were filed away. Thanks @sjf.
  • CLI/migrate: split Codex migrate output into separate preview and result phases so the Before plan and After result render through clack with independently tunable copy. Thanks @sjf.
  • Codex app-server: project bundle and user MCP servers into Codex threads, rotate threads when an MCP server is disabled, scope bundle MCP injection to bundled servers, and resend user MCP config on resume so MCP changes take effect mid-session without restarting the agent. (#81551) Thanks @jalehman.
  • Codex migration: invoke the managed Codex binary instead of a stale system codex for source-config migration plans, so users running the bundled Codex runtime get plan output that matches the binary the gateway will actually use. (#81582) Thanks @fuller-stack-dev.
  • Subagents/maintenance: preserve pending subagent registry sessions during session-store cleanup, pruning, and disk-budget enforcement so in-flight subagent runs are not deleted by background maintenance before they complete. (#81498) Thanks @ai-hpc.
  • Control UI/chat: reconcile terminal and reconnect run cleanup with cached session activity, stale compaction/fallback indicators, and a compact composer run-status chip so completed or interrupted turns do not leave Stop active. Fixes #76874 and #64220; refs #71630. Thanks @BunsDev.
  • Maintainer tooling: clarify which pnpm test/check commands are safe locally versus inside Codex worktrees, routing linked-worktree gates through node wrappers and Crabbox/Testbox.
  • Auto-reply: preserve same-key ordering when debounced inbound work falls back to immediate flushes, so follow-up turns cannot overtake an active buffered flush.
  • Telegram/WhatsApp: keep Telegram same-chat replies ordered behind active no-delay turns without blocking WhatsApp follow-up message dispatch.
  • Codex migration: avoid duplicate cached plugin bundle warnings when app-server plugin inventory is available.
  • Agents: suppress aborted embedded assistant partials, reasoning text, reply directives, and stale prior replies before user-facing delivery while preserving clean timeout/error payloads. Fixes #48241. Thanks @BunsDev, @andyliu, and @yassinebkr.
  • Agents: allow dot-dot-prefixed filenames such as ..file.txt inside workspace and sandbox path policy while still rejecting real parent traversal.
  • Native image input: detect Windows drive image paths in plain prompts so C:\...\screenshot.png references are not missed.
  • Media: normalize Windows-style filename hints before staging attachments, remote media, audio transcodes, and saved-media display names, so POSIX hosts do not preserve drive or directory text in generated filenames.
  • Media references: resolve first-level inbound media files whose IDs start with dots instead of treating names like ..photo.png as parent traversal.
  • iOS/chat: resize PhotosPicker image attachments to capped JPEGs before staging and sending, stripping source metadata and keeping oversized camera photos under the chat upload budget. Fixes #68524. Thanks @BunsDev.
  • Control UI: keep shared form, config, and usage text-entry controls at 16px on touch-primary devices while preserving chat composer input sizing, so iOS Safari no longer auto-zooms focused fields. Fixes #64651; carries forward #64673. Thanks @NianJiuZst and @BunsDev.
  • Agents/trajectory: make the trajectory flush cleanup timeout configurable with OPENCLAW_TRAJECTORY_FLUSH_TIMEOUT_MS, preserving the 10s default while slower stores drain. Refs #75839. Thanks @BunsDev.
  • Skills: load ClawHub and local-manager skill-directory symlinks from managed ~/.openclaw/skills and personal ~/.agents/skills roots while keeping workspace, extra, bundled, and per-skill SKILL.md containment fail-closed. Fixes #44051. Refs #59219. Thanks @Devattom, @ArthurNie, and @luoxiao6645.
  • Config: return the canonical persisted config from config.set, config.apply, and config.patch responses after write-time shaping. Fixes #77455.
  • Codex auth: accept OAuth profiles backed by oauthRef during runtime auth selection, so official Codex OAuth logins are used by app-server agent runs. (#81633) Thanks @obviyus.
  • Telegram: release stopped polling leases after the gateway stop grace so in-process restarts can reuse the same bot token without weakening active duplicate-poller protection. Fixes #81507. (#81890) Thanks @joshavant.
  • ACP: preserve redacted numeric JSON-RPC RequestError details in runtime failure text, so backend diagnostics are visible instead of only Internal error. Fixes #81126. (#81188) Thanks @vyctorbrzezowski.
  • Agents: cache unchanged PI model discovery stores and model lookups, reducing repeated model-resolution startup latency under large model configs. Fixes #78851.
  • Onboarding: carry returned Codex plugin migration config through the OpenAI model wizard so accepted plugin migrations are saved with the final config write.
  • Security/Windows ACL audit: classify Anonymous Logon, Guests, Interactive, Local, and Network SIDs as world-equivalent principals so broadly writable paths stay critical instead of being downgraded to group-writable. Fixes #74350. (#74383) Thanks @dwc1997.
  • Media-understanding: retry transient remote attachment fetch failures before audio or vision processing, so Discord voice notes are not lost after one network/CDN blip. Fixes #74316. Thanks @vyctorbrzezowski and @gabrielexito-stack.
  • Control UI: order timestamped live stream and tool items before untimestamped history fallbacks, keeping chat history in visible time order. Fixes #80759. (#81016) Thanks @akrimm702.
  • ClawHub: cancel stalled archive body reads for skill, package, and ClawPack downloads instead of leaving installs hanging after headers arrive. Fixes #52073. Refs #80006. Thanks @xinhuagu and @stainlu.
  • macOS/Chat: render persisted assistant provider failures from errorMessage in refreshed chat history while keeping stale non-error provider details hidden. (#65689) Thanks @javierdici.
  • Control UI/config: discard stale redacted placeholders from form-mode config saves while preserving restorable saved secrets, so unrelated settings changes no longer submit __OPENCLAW_REDACTED__ as real data. Fixes #60917. Thanks @giodl73-repo and @BunsDev.
  • OpenAI plugin: clarify remote Codex OAuth login copy so tunneled users know sign-in may finish automatically before they paste the redirect URL. (#81301) Thanks @rubencu.
  • SGLang: preserve replayed reasoning history for OpenAI-compatible chat completions, keeping thinking-capable local models from losing prior reasoning turns. (#81091) Thanks @akrimm702.
  • Plugins/install: derive managed peer dependency pins from npm's lockfile planner instead of recursively scanning node_modules, while keeping OpenClaw host peers out of managed root ownership and preserving active root-managed runtimes. Thanks @fuller-stack-dev.
  • Control UI/WebChat: keep short assistant replies clear of in-bubble copy/open action buttons by applying the existing reserved action spacing in the grouped chat renderer. Fixes #79509. (#81244) Thanks @JARVIS-Glasses.
  • Codex harness: make the live test wrapper portable to Windows and defer locked temp cleanup so native Windows and WSL2 live runs complete.
  • Link understanding: fetch page content through the SSRF guard before running configured CLI summarizers, preventing curl/wget-style link fetchers from reaching private redirect or DNS-rebound targets.
  • fix: harden safe-bin argument validation [AI]. (#80999) Thanks @pgondhi987.
  • Codex/status: align /codex status rate-limit wording with /status by showing remaining quota and compact reset durations instead of used quota and raw ISO timestamps. Thanks @MatthewSchleder.
  • Mattermost: log a structured mattermost no-visible-reply diagnostic when a substantive (non-reasoning) final reply payload reaches deliverMattermostReplyPayload but the underlying deliverTextOrMediaReply returns "empty" — previously the run completed with a misleading delivered reply to <channel> log even though no Mattermost API send happened, masking silent completions in channel/thread contexts. No behavior change; the diagnostic surfaces the failure so operators can detect it instead of seeing the agent appear to go silent. Fixes #80501. Thanks @robbyproc87.
  • Telegram: limit concurrent startup getMe probes across multi-account bots so large Telegram configs do not fan out all account probes at once during gateway startup. Refs #80695. (#80986) Thanks @stainlu.
  • fix(config): reject auto-managed meta.lastTouched* paths in config set/unset (#80856). Thanks @ai-hpc
  • Test state: seed isolated auth-profile secret keys for generated homes, preventing helper-backed proof runs from falling back to host Keychain secrets. (#81393) Thanks @altaywtf.
  • Plugins/update: clear stale allow/deny entries and selected plugin slots when disabling a plugin after update failure, keeping failed external plugin updates from leaving half-disabled config. (#81512) Thanks @JARVIS-Glasses.
  • Memory/LanceDB: make auto-capture recognize short CJK memory phrases and configurable literal triggers, so Chinese, Japanese, and Korean users can capture memories without regex or LLM intent detection. Fixes #75680. Thanks @vyctorbrzezowski and @guokewuming.
  • Plugins doctor: report stale plugin config warnings and avoid claiming full plugin health when config warnings remain. (#81515) Thanks @BKF-Gitty.
  • Sessions: display model: "<agentId>-acp" / modelProvider: "acpx" (ACP-runtime sentinel) for ACP control-plane sessions in openclaw sessions output, instead of the agent's configured model which was misleading. Catalog finding 20. (#79543)
  • Slack: normalize message read before and after timestamp bounds before calling Slack history or thread reply APIs. Fixes #80835. (#81338) Thanks @honor2030.
  • Gateway: throttle assistant/thinking agent event fanout during streaming bursts without dropping buffered deltas. (#80335) Thanks @samzong.
  • Models: restore authenticated CLI runtime providers in the /models picker while keeping legacy runtime aliases hidden from setup/default model choices. Closes #81212. (#81239) Thanks @anagnorisis2peripeteia.
  • Changelog gates: reject bot/app handles as Thanks attribution and require explicit human credit for bot/app-authored changelog entries. (#81357) Thanks @hxy91819.
  • Agents/heartbeat: fix seven layered issues that broke multi-agent heartbeat cadence — (1) fan out the scheduler broadcast wake across agents in parallel via Promise.all instead of awaiting each runOnce sequentially, so one agent doing real work no longer starves every later agent in iteration order; (2) scope skipWhenBusy to lanes attributable to the firing agent via session-key parsing of session:agent:<id>:… / nested:agent:<id>:… lane names, instead of consulting the global subagent lane, so a single stuck subagent on one agent no longer silently disables every other agent's heartbeat; (3) always append workspace HEARTBEAT.md directives (everything outside an optional tasks: block) to the dispatch prompt, so prose-runbook HEARTBEAT.md files reach the model directly instead of being silently dropped unless periodic tasks are declared; (4) race the initial stream-establishment promise inside streamWithIdleTimeout against the same watchdog timer that previously only guarded inter-token gaps, so SDK requests stuck at TCP/TLS handshake or before the first response byte no longer hang indefinitely (the stalled-session diagnostic's recovery=none case); (5) emit an openclaw doctor warning when heartbeat.session pins a session key that has no entry in the agent's session store, so silently-dropped heartbeat deliveries surface at config-validation time; (6) also route the commitment-only task dispatch path (tasks configured, none due) through appendHeartbeatFileDirectives so prose directives outside the tasks: block reach the model on this path as well; (7) wrap the synchronous baseFn(...) invocation inside streamWithIdleTimeout in a try/catch that clears the connect watchdog timer before rethrowing, so a provider stream function that throws during setup no longer leaves a live timer that can fire onIdleTimeout later with a stale error and keep the process open past the real failure. Thanks @zeroaltitude.
  • Matrix: stop running npm install/pnpm install at runtime from a parent-derived plugin path; missing Matrix runtime dependencies now fail with repair guidance instead of mutating the wrong node_modules tree. Fixes #80758. (#80876) Thanks @kinjitakabe.
  • Agents/memory-flush: surface non-abort memory-flush failures (provider timeout, transport error, generic agent failure) as visible reply payloads so the outer reply loop short-circuits and isolated cron runs propagate the error into meta.error instead of completing silently with status: "ok" and an empty payload. Previously only the specific "Memory flush writes are restricted to ..." message was surfaced. Fixes #80755. Thanks @nailujac.
  • Channels/loop-guard: enforce shared per-pair bot loop protection in the core channel-turn kernel, with Discord, Slack, Matrix, and Google Chat supplying bot-pair facts where they can reliably identify accepted bot-authored messages. The generic guard keys on (scope, conversation, participant pair), suppresses every additional bot-to-bot event in either direction once a pair crosses the configured budget, and lifts suppression after cooldownSeconds. Defaults are maxEventsPerWindow: 20, windowSeconds: 60, and cooldownSeconds: 60 whenever a channel lets bot-authored messages reach dispatch; they can be set globally via channels.defaults.botLoopProtection and overridden per channel/account or supported per-conversation config. Fixes #58789. Thanks @pandadev66.
  • Agents/memory-flush: surface non-abort memory-flush failures (provider timeout, transport error, generic agent failure) as visible reply payloads so the outer reply loop short-circuits and isolated cron runs propagate the error into meta.error instead of completing silently with status: "ok" and an empty payload. Previously only the specific "Memory flush writes are restricted to ..." message was surfaced. Refs #80755. Thanks @kinjitakabe and @nailujac.
  • Codex harness: use the active Codex runtime context window for OpenAI-selected budgeting, manual /compact, and /status, so stale OpenAI session metadata no longer overstates context limits. (#81906) thanks @jalehman.
Check out latest releases or
releases around openclaw/openclaw v2026.5.14-beta.2

Don't miss a new openclaw release

NewReleases is sending notifications on new releases.

Get notifications