openclaw/openclaw v2026.5.24-beta.1

openclaw 2026.5.24-beta.1

on GitHub

Changes

• Gateway/perf: reuse process-stable channel catalog reads, avoid repeated bundled-channel boundary checks, and rotate gateway watch CPU profiles so benchmark runs do not accumulate unbounded artifacts.
• Gateway/perf: cache stable install-record, channel-catalog, bundled-channel, and Telegram session-store metadata during process-local hot paths to reduce repeated JSON and manifest reads.
• Gateway/perf: reuse immutable plugin metadata snapshots across startup, config, model, channel, setup, and secret metadata readers so hot paths avoid repeated plugin file stats and manifest registry reloads.
• Talk/realtime: let WebUI and Discord voice callers ask for active OpenClaw run status, cancel, steer, or queue follow-up work while a consult is still running. (#84231) Thanks @Solvely-Colin.
• Discord/voice: add realtime wake-name gating with agent-name defaults and raise profile bootstrap context budget for longer USER.md/SOUL.md files.
• Gateway/perf: lazy-load startup-idle plugin work, core gateway method handlers, and the embedded ACPX runtime so Gateway health and ready signals no longer wait on unused handler trees or ACPX probes.
• Gateway/perf: cache plugin SDK public-surface alias maps and skip irrelevant macOS Linuxbrew PATH probes so Gateway startup avoids repeated filesystem walks and slow missing-directory stats.
• Image tool: add adaptive model-aware image compression with an agents.defaults.imageQuality preference for choosing token-efficient, balanced, or high-detail media handling.
• Meeting Notes: add a source-only external meeting-notes plugin and SDK source-provider contract outside the core npm package, with auto-start capture config, manual transcript imports, read-only openclaw meeting-notes CLI access, and Discord voice as the first live source.
• Meeting Notes/Discord: release channel account startup before meeting-notes auto-capture, wait for the Discord voice manager during gateway boot, and stop plugin services before channel shutdown so voice capture state remains available during startup and cleanup.
• Docs/channels/config: add Signal configPath, Telegram wildcard topic defaults, local-time backup archive names, Termux home fallback, include-path validation, secret-scanner-safe placeholder guidance, Gemini CLI/Antigravity media guidance, and macOS VM auto-login guidance. Thanks @NorseGaud, @yudistiraashadi, @huangqian8, @VibhorGautam, @maweibin, @tianxingleo, @IgnacioPro, and @xzcxzcyy-claw.
• Docs: clarify model-usage portability, Codex migration prerequisites, status bootstrap wording, thread-bound subagent limits, hook ownership, and config-preserving safety guidance. Thanks @aniruddhaadak80, @leno23, @TomDjerry, @matthewxmurphy, @vincentkoc, and @stablegenius49.
• Docs: clarify README onboarding and Gateway startup paths, WhatsApp QR/408 recovery, cron output language prompts, skill advanced features, gateway upstream 403 troubleshooting, and plugin fallback override guidance. Thanks @deepujain, @Zacxxx, @Jah-yee, @neyric, @usimic, @Renu-Cybe, @BigUncle, and @SeashoreShi.
• Docs: clarify context-pruning ratio bounds, local dashboard recovery, CLI env markers, remote onboarding token behavior, and Peekaboo Bridge permissions for subprocess agents. Thanks @ayesha-aziz123, @dishraters, @hougangdev, and @brandonlipman.
• Docs: clarify browser CDP diagnostics, Plugin SDK allowlist imports, status-reaction timing defaults, queue steering behavior, limited-tool troubleshooting, cron HEARTBEAT handling, Telegram multi-agent groups, Bitwarden SecretRef setup, and EasyRunner deployments. Thanks @Quratulain-bilal, @mbelinky, @Mickey-, @vancece, @xenouzik, @posigit, @surlymochan, @janaka, and @choiking.
• CLI/models: let openclaw models auth login store a single returned provider auth profile under a requested --profile-id, and document named Codex OAuth profile setup. (#49315) Thanks @DanielLSM.
• Crabbox/Testbox: run clean sparse-checkout Testbox syncs from a temporary full checkout and route remote changed gates through Corepack pnpm.
• Docs: clarify IPv4-only Gateway BYOH binding, trusted-proxy scope clearing, Android pairing approval, macOS Accessibility grants, Zalo profile env vars, password-store SecretRef setup, and Chinese memory navigation. Thanks @itskai-dev, @gwh7078, @longstoryscott, @MoeJaberr, and @yuaiccc.
• Docs: consolidate GLM under Z.AI, add the Upstash Box install guide and Gateway exposure runbook, clarify MEDIA directives, Copilot and Voyage setup, config path quoting, real behavior proof, and memory-file write guidance. Thanks @BobDu, @alitariksahin, @Jefsky, @musaabhasan, @OmerZeyveli, @leno23, @WuKongAI-CMU, @luoyanglang, and @majin1102.
• Docs: clarify media provider credentials, Codex/OpenClaw code-mode boundaries, Slack and Telegram ack reactions, Feishu dynamic agents, secrets plaintext boundaries, memory guidance, and Chinese glossary terms. Thanks @nielskaspers, @cosmopolitan033, @drclaw-iq, @alexgduarte, @zccyman, @chengoak, and @cassthebandit.
• Packaging: exclude documentation images and assets from the npm tarball, reducing published package size without affecting runtime docs search or CLI behavior. Thanks @SebTardif.
• Media understanding: stop auto-probing Gemini CLI and use Antigravity CLI only as a lower-priority image/video fallback after configured provider APIs.
• Diagnostics: emit sanitized secrets.prepare timeline spans for Gateway secret preparation so operators can distinguish secret startup latency without exposing provider names, secret ids, or secret values. (#83019) Thanks @samzong.
• Diagnostics: export bounded skill usage metrics/spans and tool source/owner labels for core, plugin, MCP, and channel tool execution without exposing raw paths or session identifiers. (#80370) Thanks @gauravprasadgp.
• Agents/subagents: limit default sub-agent bootstrap context to AGENTS.md and TOOLS.md, keeping persona, identity, user, memory, heartbeat, and setup files out of delegated workers by default. (#85283) Thanks @100yenadmin.
• Maintainer skills: require clean autoreview before surfacing bug-sweep PR URLs and treat changelog-only conflicts as routine busy-main churn.
• Maintainer skills: exclude plugin SDK/API boundary work from openclaw-landable-bug-sweep so bugbash sweeps stay focused on small paper-cut fixes.
• QA-Lab/diagnostics: extend the OpenTelemetry smoke harness to prove trace, metric, and log export, and add first-class Prometheus and observability smoke aliases.
• Plugin SDK: add a generic channel-message poll sender so channel plugins can expose poll delivery without depending on channel-specific SDK facades.
• Plugin SDK/cron delivery: route cron delivery through the modern target resolver and outbound session-route APIs, deprecate parser-backed target helpers and plugin-sdk/messaging-targets, and move bundled callers to plugin-sdk/channel-targets.
• Crabbox: keep the local wrapper's provider validation synced with the installed Crabbox binary while preserving supported aliases such as docker and blacksmith. (#85302) Thanks @hxy91819.
• Maintainer skills: add openclaw-landable-bug-sweep for producing five small, reviewed, CI-green OpenClaw bugfix PRs from issue/PR sweeps.
• Control UI/chat: add search and Load More pagination to the chat session picker, keeping initial session loads bounded while making older conversations reachable. (#85237) Thanks @amknight.
• CLI/onboarding: start classic onboarding when bare openclaw runs before an authored config exists, while keeping configured installs on Crestodian. (#72343) Thanks @fuller-stack-dev.
• Discord: allow configuring a bounded agentComponents.ttlMs callback registry lifetime for long-running component workflows, with per-account overrides and a 24-hour cap. (#84189) Thanks @100menotu001.
• xAI/Grok: reuse xAI OAuth auth profiles for Grok web_search, thread active-agent auth through web search, add Grok model aliases, and let media providers declare default operation timeouts. (#85182) Thanks @fuller-stack-dev.
• Plugin SDK: add row-level session workflow helpers and deprecate loadSessionStore so plugins can read and patch sessions without depending on the legacy whole-store shape. (#84693) Thanks @efpiva.
• Gateway/plugins: reuse a compatible Gateway startup plugin registry during dispatch so safe plugin dispatches avoid redundant registry loading. (#84324) Thanks @ai-hpc.
• Plugins/SDK: add a general embeddingProviders capability contract and registration API so embeddings can become a reusable provider surface outside memory-specific adapters.
• Dependencies: refresh provider, plugin, UI, and tooling packages, update protobufjs to 8.4.0 to clear the current npm advisory, and carry the Claude ACP completion patch forward to @agentclientprotocol/claude-agent-acp 0.36.1.
• Agents/tools: remove the old sender-owner tool gating path so configured tools stay visible for trusted sessions while command and channel-action auth still carry real sender identity.
• QA-Lab: add curated mock JSONL replay fixtures and first-drift reporting for runtime-parity audits. (#80323, refs #80176) Thanks @100yenadmin.
• QA-Lab: add a QA bus tool-trace visibility scenario for sanitized tool-call assertions.
• QA-Lab: replace generic evidence framing in seeded scenario prompts with concrete observed QA behavior.
• QA-Lab: list named scenario packs in the coverage report so personal-agent privacy coverage stays visible in audits.
• QA-Lab: list live transport lane membership in the coverage report so real transport checks stay separate from seeded qa-channel scenarios.
• Release/package: run package integrity checks before package acceptance lanes so public install/update validation fails before private QA assets can leak into the package.
• QA-Lab: include the optional 100-turn runtime parity soak in release-soak artifacts so long-run Codex/Pi transcript drift stays visible outside the default gate. (#80395) Thanks @100yenadmin.
• QA-Lab: add a live-only long-context progress watchdog scenario for Codex app-server timeout and stalled-run sentinels. (#80323) Thanks @100yenadmin.
• QA-Lab: tag gateway restart recovery and streaming final-integrity scenarios as live-only runtime parity lanes. (#80323) Thanks @100yenadmin.
• QA-Lab: add a personal-agent failure recovery scenario that checks honest partial status, retry boundaries, and local recovery artifacts. (#83872) Thanks @iFiras-Max1.
• QA-Lab: include an opt-in update.run package self-upgrade sentinel for destructive latest-package recovery checks.
• QA-Lab: add Codex plugin lifecycle and auth-profile fixture coverage for missing installs, pinned-version drift, first-turn install ordering, and doctor migration safety. (#80323, refs #80174) Thanks @100yenadmin.
• Models/perf: pre-warm the provider auth-state map at gateway startup so /models and every model-listing call short-circuits the per-provider plugin / external-CLI discovery on the hot path. Per-call cost drops from ~20 s to ~5 ms (~4,100×); the one-time startup warm resets and re-warms after hot reloads. (#84816) Thanks @sjf.
• Release/security: ship the root npm package and OpenClaw-owned npm plugins with generated shrinkwrap, support bundled plugin runtime dependencies for suitable plugin tarballs, and require review for lockfile/shrinkwrap changes so published installs use locked dependency graphs.
• Tests/perf: isolate doctor core health check unit coverage from real skills/workspace discovery so doctor-core-checks no longer dominates unit perf while keeping one real skills-readiness smoke. (#84493) Thanks @frankekn.

Fixes

• Gateway/update: avoid fetching unrelated tags during dev-channel git updates so moved release tags do not block branch-based updates. (#84737) Thanks @rubencu.
• MiniMax: store OAuth token expiry as an absolute millisecond timestamp so OAuth profiles no longer appear expired on every request. (#83480) Thanks @NianJiuZst.
• Agents/Anthropic: strip missing or blank thinking signatures for signed-thinking providers even when recovery supplies a narrow replay policy without signature preservation. Fixes #84430. (#84448) Thanks @NianJiuZst.
• Agents/channels: send a visible notice when an aborted main session cannot be resumed after restart, including Telegram group targets. (#85805) Thanks @pfrederiksen.
• Discord/voice: serialize overlapping voice joins, retry aborted startup readiness within the configured timeout, upgrade meeting-notes-only sessions to realtime when the normal follow join arrives, detach promoted meeting-notes ownership without leaving voice, and include OpenClaw in default realtime wake names.
• Gateway/restart: honor the configured restart drain budget for embedded runs and avoid spending the deferral timeout twice after forced restart timeouts. (#85708) Thanks @Kaspre.
• Gateway/boot: run BOOT.md startup checks in an isolated boot session so gateway restarts do not overwrite the agent's main session mapping. (#85479)
• Meeting Notes: include a speaker-labeled transcript section in generated summaries so Discord group voice captures show who said each captured utterance.
• Discord/voice: recover stale realtime playback state when Discord stream-close/player-idle events do not arrive, and keep generated runtime plugin aliases available after postbuild rewrites.
• Discord/voice: keep realtime playback running when meeting notes attaches to an existing voice session or a realtime consult starts, and route realtime user transcripts into meeting notes.
• Config/secrets: preflight active runtime SecretRefs before root and include config writes persist, and roll back unchanged file/env state when post-write refresh fails. Fixes #46531. (#84454) Thanks @samzong.
• CLI/models: preserve SecretRef-backed custom provider apiKey markers when models status regenerates models.json, avoiding resolved plaintext secrets on disk. Fixes #84632. (#84658) Thanks @NianJiuZst.
• WhatsApp/auto-reply: deliver deferred media replies through the foreground reply fence so overlapping no-reply turns no longer hide already visible responses. (#85517) Thanks @cavit99.
• Sessions/security: replace agent-to-agent wildcard allowlist regexes with a precompiled linear matcher so cross-agent access checks avoid backtracking-prone patterns. (#85849) Thanks @SebTardif.
• WebChat: keep the run-complete indicator in progress until deferred history replay renders the assistant reply, so Done no longer appears before response text. (#85374) Thanks @neeravmakwana.
• Agents/tools: give timed-out or cancelled process trees a bounded SIGTERM cleanup window before SIGKILL while preserving tree-aware cancellation. Fixes #66399. (#85865) Thanks @IWhatsskill.
• Agents/subagents: treat aborted subagent stop reasons as killed terminal failures so parent sessions get error announcements instead of silent success. Fixes #72293. (#85860) Thanks @IWhatsskill.
• Agents/providers: clamp proxy-like OpenAI Chat Completions output caps against the final request payload so strict local/API-compatible servers no longer reject prompts that already consume part of the context window. Fixes #83086. (#85889) Thanks @rendrag-git.
• Agents/compaction: skip agent-harness preflight for provider-owned CLI runtime sessions so over-threshold Claude CLI sessions continue through normal compaction instead of failing on a missing harness. Fixes #84857. (#84878) Thanks @zhangguiping-xydt.
• Codex/app-server: keep successful native hook relays available through a short post-turn grace window so late Codex hook subprocesses can finish policy enforcement without clearing a replacement relay. (#83987) Thanks @Kaspre.
• Control UI/config: save form-mode edits from the source config snapshot so runtime-only provider defaults like empty models.providers.<id>.baseUrl are not written back and rejected. Fixes #85831. Thanks @garyd9.
• Browser/existing-session: launch Chrome DevTools MCP with usage statistics disabled by default so its telemetry watchdog stays off unless an operator explicitly opts in. (#85886) Thanks @rohitjavvadi.
• Telegram: normalize legacy durable group retry targets before retry sends, polls, and pins so group retries keep using the real chat id. (#85656) Thanks @luoyanglang.
• Agents/PDF: route MiniMax PDF fallback policy through plugin metadata so MiniMax uses text extraction instead of VLM image fallback. (#85590, fixes #85575) Thanks @neeravmakwana.
• CLI/plugins: tighten timeout, numeric option, media payload, permission, profile/TLS, plugin metadata, JSON, and remote URL handling; prevent stuck progress/app-server/IRC/Synology/Twitch waits; and keep imported chat history ordering stable.
• Telegram/config: suppress the missing accounts.default warning when channels.telegram.defaultAccount names a configured account that also sorts first. Fixes #83948. Thanks @crypto86m.
• WebChat: summarize internal message-tool source replies so tool cards no longer duplicate the visible reply body. (#84773) Thanks @jason-allen-oneal.
• Gateway/WebChat: hide duplicate gateway-injected assistant rows when Cursor ACP already persisted the same acp-runtime reply. Fixes #85741. Thanks @lxf-lxf.
• WebChat: scope the visible attachment button to its own composer file input so clicking Upload reliably opens the file picker. (#83952, fixes #47983) Thanks @jason-allen-oneal.
• Gateway: preserve deferred lifecycle-error cleanup across later non-terminal events so provider timeouts can persist failed session state instead of leaving sessions stuck running. (#85256, fixes #63819) Thanks @samzong.
• Gateway/update: stop treating inherited macOS XPC_SERVICE_NAME values as launchd supervision during update respawn, so GUI-spawned gateways use detached respawn instead of exiting for a missing LaunchAgent. Fixes #85224. Thanks @richardmqq.
• Agents/subagents: report tool-only child progress during timeout summaries instead of showing no visible output.
• Telegram/ACP: preserve explicit :topic: conversation suffixes when inbound ACP targets do not carry a separate thread id.
• Browser/proxy: bypass the managed proxy for the exact local managed Chrome CDP readiness and DevTools WebSocket endpoints, so openclaw browser start works when the operator proxy blocks loopback egress. (#83255) Thanks @lightcap.
• Ollama: bypass the managed proxy for configured local embedding origins while keeping SSRF guardrails on unconfigured targets. Thanks @Kaspre.
• OpenAI/images: route Codex API-key image generation through the native OpenAI Images API instead of the Codex OAuth streaming backend, avoiding 401s from valid API keys.
• Agents/OpenAI completions: omit empty tool payload fields for proxy-like OpenAI-compatible endpoints so strict vLLM-style servers accept tool-free turns. (#85835) Thanks @rendrag-git.
• Sandbox: keep workspace skill mounts read-only for remote container-cwd file operations and reject symlinked skill roots before creating protected overlays. (#85591) Thanks @jason-allen-oneal.
• Scripts/Windows: route remaining QA, release, profile, and live-media pnpm launches through the managed runner so native Windows avoids brittle .cmd execution and shell-argv warnings.
• Release: align generated config/API baselines and the meeting-notes plugin version so release preflight stays green on native Windows.
• Install/Windows: run Git hook setup through a Node prepare helper so native Windows installs no longer print POSIX shell errors.
• Checks/Windows: chunk and serialize extension oxlint shards on native Windows so changed gates avoid Go-backed linter memory spikes.
• Release/Windows: run installed openclaw.cmd verification through explicit cmd.exe wrapping so npm prepublish/postpublish checks avoid Node shell-argv warnings.
• Plugins/Windows: run plugin npm package staging through the shared npm runner so native Windows release checks avoid bare npm lookup and .cmd shell-argv handling.
• Checks/Windows: route full pnpm check stage commands through the managed child runner so Windows avoids Node shell-argv deprecation warnings there too.
• Agents/fs: allow workspace-only host write/edit tools to write through in-workspace symlink directory parents while preserving outside-workspace symlink rejection. Fixes #84696. Thanks @garbagenetwork.
• Checks/Windows: run managed child commands through explicit cmd.exe wrapping instead of Node shell mode with argv, avoiding Node 24 subprocess deprecation warnings during changed checks.
• Gateway: omit internal stream-error placeholder entries from agent prompt history so failed assistant turns are not replayed as model-authored text. (#85652) Thanks @anyech.
• Sessions: enforce the session write-lock max-hold policy during lock acquisition so long-held locks can be reclaimed before the stale-lock window. (#85764) Thanks @njuboy11.
• Sessions/status: preserve user-facing model, fallback, usage, and cost attribution when internal subagent handoff runs use fallback models. (#85726, fixes #85082) Thanks @brokemac79.
• Install/update: honor OPENCLAW_HOME when deriving default dev checkout and installer onboarding paths, while keeping explicit OPENCLAW_GIT_DIR and OPENCLAW_CONFIG_PATH overrides authoritative. Fixes #54014. Thanks @robertPiro.
• Models: prune retired Groq, GitHub Copilot, OpenAI, xAI, and old Claude catalog entries, with doctor migration to upgrade existing configs to current provider refs.
• Plugins/Gateway: treat non-empty return values from plugin gateway method handlers as successful responses so openclaw gateway call no longer times out after completed plugin work. Fixes #59470. Thanks @HTMG23.
• Doctor/update: recognize junction-backed source checkouts as git installs by comparing canonical paths before showing package-manager update guidance. Fixes #82215. Thanks @igormf.
• Channels: honor /verbose on for tool/progress summaries across direct chats, groups, channels, and forum topics while preserving quiet default behavior. (#85488) Thanks @kurplunkin.
• Update: keep the detached gateway restart handoff best-effort when the restart script process cannot be spawned. (#83892) Thanks @davinci282828.
• Telegram: persist the prompt-context message cache through plugin state and record bot-authored replies after sends and draft streaming so later turns can include prior assistant replies without relying on the JSON sidecar. (#85231) Thanks @keshavbotagent.
• Agents/subagents: keep Codex persona and user workspace files turn-scoped so native Codex subagents inherit only shared tool guidance by default. (#85811) Thanks @lastguru-net.
• CLI/skills: show an all-ready note with next-step commands when skill setup has no missing dependencies to install. (#85032) Thanks @aniruddhaadak80.
• Microsoft Foundry: route DeepSeek V4 Pro and Flash models through the Foundry Responses API while keeping older DeepSeek models on their existing path. (#85549) Thanks @roslinmahmud.
• Status/usage: show configured cost estimates for AWS SDK models in full usage output while keeping token-only usage replies cost-free. (#85619) Thanks @ItsOtherMauridian.
• Agents/OpenAI Responses: retry non-visible reasoning-only turns for OpenAI Responses API families instead of treating them as empty failed turns. (#85603) Thanks @SebTardif.
• Directive tags: preserve message and content-part object identity when display stripping makes no directive-tag changes. (#85682) Thanks @willamhou.
• Telegram: send local path/filePath and structured attachment media from sendMessage actions instead of dropping them or sending text-only messages. (#85219) Thanks @keshavbotagent.
• Sessions/status: show the estimated context budget when fresh provider usage is unavailable and clear stale estimates across session resets and compaction boundaries. (#84830) Thanks @giodl73-repo.
• Gateway/config: pin relative OPENCLAW_STATE_DIR overrides to an absolute path at startup so later working-directory changes cannot retarget gateway state. (#52264) Thanks @PerfectPan.
• Checks/Parallels: make changed-lane scripts, shrinkwrap generation, and Parallels package smoke host commands run through native Windows-safe paths and npm/pnpm shims.
• Release/package: run npm release, prepublish, and postpublish verification through Windows-safe npm command shims so native Windows checks can execute npm.cmd instead of treating it as a binary.
• Agents/harness: pass CLI runtime aliases through harness selection so provider-owned CLI aliases no longer get rejected before reaching the right runtime. (#85631) Thanks @potterdigital.
• Secrets: show the irreversible apply warning after interactive secrets configure confirmation so confirmed migrations still get the final safety prompt. (#85638) Thanks @alkor2000.
• Agents/CLI output: ignore cumulative Claude stream-json result usage when assistant usage events are present, preventing inflated cache-read accounting. (#85625) Thanks @zhouhe-xydt.
• CLI: keep waitForever() alive by leaving its keep-alive interval ref'd so the public helper no longer exits immediately with Node's unsettled-await code. (#85694) Thanks @m1qaweb.
• Agents/bootstrap: guard bootstrap name checks against missing file names so malformed bootstrap entries warn and truncate instead of crashing. Fixes #85523. (#85615) Thanks @zhouhe-xydt.
• CLI/tasks: reject partially numeric openclaw tasks audit --limit values so audit limits must be real positive integers instead of accepting strings like 5abc. (#84901) Thanks @jbetala7.
• Status/diagnostics: bound deep Docker audit probes so openclaw status --deep reports slow container checks instead of hanging behind unbounded inspection. (#85476) Thanks @giodl73-repo.
• Providers/Anthropic: migrate 1M context handling to GA-capable Claude 4.x models by sizing eligible models at 1M without the retired context-1m-2025-08-07 beta, ignoring that retired beta in older configs, and preserving OAuth-required Anthropic beta headers. (#45613) Thanks @haoyu-haoyu.
• Cron/Telegram: parse forum-topic delivery targets through the Telegram plugin instead of cron core, including :topic: and :topicId forms for announce delivery. Thanks @etticat.
• Twitch: keep stale message-handler cleanup callbacks from removing newer handler registrations for the same account, preserving inbound message delivery after reconnects. Fixes #83888. (#85425) Thanks @alkor2000.
• Control UI/chat: keep light-mode model, thinking, config, and agents select arrows visible without tiling background icons. Fixes #85713. Thanks @Linux2010.
• Memory/LanceDB: expose public memory artifacts through the active memory provider bridge so memory-wiki imports durable memory files, daily notes, dream reports, and event logs without depending on memory-core internals. Fixes #83604. (#85060) Thanks @brokemac79.
• Crabbox: keep AWS hydration compatible with local Actions replay by inlining the hydrate workflow's Node/pnpm setup instead of invoking repo-local composite actions.
• Agents/subagents: simplify native sub-agent completion handoff so children report their latest visible assistant result to the requester without using message, while keeping parent-owned message-tool delivery policy intact. Fixes #85070. (#85089) Thanks @brokemac79.
• Docker setup: stop printing the Gateway bearer token in setup logs and printed follow-up commands.
• Gateway: defer channel account startup work until HTTP readiness and remove startup model prewarm, avoiding startup event-loop stalls and timer-delay warnings.
• Models/perf: reuse plugin metadata during models.json planning, keep bundled catalog augmentation manifest/static, and use static provider catalogs for metadata-only startup discovery so provider model normalization, auth discovery, and Gateway startup metadata do not reload broad plugin runtimes.
• Agents: let embedded compaction fallback retries proceed when PI-compatible candidates do not need agent harness plugin preparation.
• Agents/tools: honor configured custom provider API keys when deciding whether media, image-generation, video-generation, music-generation, and PDF tools are available. (#85570)
• StepFun: stop advertising stale generic API key auth choices so onboarding only offers runtime-backed Standard and Step Plan choices.
• Diagnostics: keep OpenTelemetry log bodies behind explicit content capture and scrub scoped agent-session keys from OpenTelemetry and Prometheus labels while preserving bounded queue-lane prefixes.
• Windows installer: fail Git checkout installs when pnpm install or pnpm build fails instead of writing a wrapper to a missing CLI build.
• Sessions: surface previous-transcript archive failures during /new rotation so disk rename errors are logged instead of silently hiding stranded transcript files. Fixes #81984. (#85586, from #82081) Thanks @0xghost42.
• TUI/agents: mirror internal-ui message-tool replies into final chat output so message-tool-only agents remain visible in openclaw tui. Fixes #85538. Thanks @danpolasek.
• Gateway/TUI: preserve source-reply metadata through reply normalization and emit message-tool-only agent replies over the live chat stream so openclaw tui renders Codex replies without waiting for a history refresh. Thanks @shakkernerd.
• Codex/TUI: keep long source-reply runs alive after Codex reasoning completes so delayed visible message calls can still reach openclaw tui. Thanks @shakkernerd.
• TUI: keep quiet active runs busy after the response watchdog notice instead of reopening the prompt and encouraging duplicate submissions while the backend turn is still running. Thanks @shakkernerd.
• Agents: preserve the latest assistant thinking blocks while stripping invalid replay signatures from older turns, and retry Anthropic thinking failures without thinking replay. Fixes #85557. Thanks @bryanbaer.
• Agents: keep parallel OpenAI-compatible tool-call deltas in separate argument buffers so interleaved tool calls no longer corrupt streamed arguments. (#82263) Thanks @luna-system.
• Memory/doctor: report missing or unusable QMD workspace directories as workspace failures instead of generic binary failures. (#63167) Thanks @sercada.
• Debug proxy: record CONNECT client-socket errors and destroy the paired upstream socket so abrupt client disconnects no longer leak tunnel resources. (#82444) Thanks @SebTardif.
• Diffs: continue hydrating later diff cards when one card fails so a single broken card no longer blanks the whole diff viewer. (#84775) Thanks @cosmopolitan033.
• Mac app: use the native settings sidebar window chrome so the sidebar toggle stays on the left and content no longer clips under oversized titlebar padding.
• QA-Lab/Codex: bundle auth/plugin fixture imports for flow scenarios and let terminal async media tools end Codex app-server turns without timing out. (#80397, refs #80323) Thanks @100yenadmin.
• WhatsApp: persist inbound message delivery state through plugin state before dispatch and delay read receipts until handler completion, so retryable failures can redeliver without adding a plugin-local disk cache. Thanks @samzong.
• Gateway/agents: preserve fresh session overrides and metadata when stale cached agent-session entries race with store updates, so subagent model/provider overrides and routing policy survive concurrent writes. (#19328) Thanks @CodeReclaimers.
• Control UI/chat: keep chat session search inline with the session selector so the header no longer shows a duplicate standalone search row.
• Control UI/chat: collapse focused-mode header chrome and suppress hidden-header scroll updates so focus mode no longer jumps while scrolling. Thanks @amknight.
• Codex app-server: restart the native app-server and retry once when server-side compaction times out, so preflight compaction stalls recover instead of failing every dispatch. (#85500)
• Restore Control UI gateway token pairing [AI]. (#85459) Thanks @pgondhi987.
• OpenAI video: honor configured provider request private-network opt-in for local/custom video endpoints so explicitly trusted mock and self-hosted providers are not blocked. Thanks @shakkernerd.
• OpenAI video: send uploaded video edit requests to the documented /videos/edits endpoint with a video file instead of posting MP4 references to /videos. Thanks @shakkernerd.
• Agents/channels: preserve message-tool delivery evidence through gateway agent completion handoffs so successful generated media sends are not followed by false failure messages. Thanks @shakkernerd.
• CLI/update: repair managed npm plugin openclaw peer links during post-core convergence and reject stale or wrong-target peer links before restart. (#83794) Thanks @fuller-stack-dev.
• CLI/agents: default new omitted-account bindings to all accounts when the channel has multiple configured accounts, and clarify account-scope docs. (#49769) Thanks @Gcaufy.
• Codex app-server: let authorized /codex control commands such as /codex detach escape plugin-owned conversation bindings while keeping unknown or unauthorized slash text routed to the bound plugin. Fixes #85157. (#85188) Thanks @TurboTheTurtle.
• Auto-reply/models: keep /models browse replies fast by sharing the bounded read-only catalog path with Gateway model listing. (#84735) Thanks @safrano9999.
• Browser/Doctor: read macOS Chrome app bundle versions from Info.plist before spawning Chrome and extend the fallback version probe timeout, avoiding false cold-cache warnings from Gatekeeper latency. Fixes #85418. Thanks @davidcittadini.
• Codex app-server: disable native Code Mode when the effective exec host is node and keep OpenClaw exec/process available, so /exec host=node routes shell commands through the selected node instead of the gateway. Fixes #85012. (#85090) Thanks @sahilsatralkar.
• Agents: bound embedded auto-compaction session write-lock watchdogs to the compaction timeout instead of the full run timeout, so stuck compaction cannot hold the live session lock for the whole run window. (#84949) Thanks @luoyanglang.
• Gateway/agents: return phase-aware agent.wait timeout attribution and only cool auth profiles on provider-started timeouts. Refs #65504. Thanks @100yenadmin.
• Gateway/systemd: launch managed update handoff helpers in a transient user scope so systemd-supervised Update Now flows survive the gateway unit restart. Fixes #84068.
• Gateway: defer provider auth-state prewarm until after startup readiness so early gateway tool/session requests are not blocked by provider auth discovery. (#85272) Thanks @dutifulbob.
• Gateway/models: coalesce provider auth-state rewarms after auth-profile failures and log event-loop delay for warm/rewarm work, so provider auth bursts no longer stack full auth sweeps behind channel replies.
• Gateway/models: stop cancelled provider auth-state prewarms from continuing full provider sweeps, so reload and auth-failure bursts no longer keep startup busy.
• Agents/Codex: show the first plan update as a transient chat status notice without counting it as final assistant content.
• CLI/update: walk the macOS process ancestry and honor the inherited Gateway runtime PID before package updates stop the managed Gateway service, so nested in-band updater children can refuse instead of killing the LaunchAgent-supervised Gateway that owns them. Fixes #85120.
• Gateway/LaunchAgent: wait for launchd reload bootout to finish and fall back to kickstart when bootstrap races, so reload handoff does not leave the service deregistered. Fixes #84630. (#84641) Thanks @NianJiuZst.
• Gateway/LaunchAgent: treat a concurrent launchd bootstrap as a successful restart when the service is already loaded, avoiding false macOS Gateway restart failures. Fixes #84721. (#84722) Thanks @googlerest.
• Gateway/service: include the active openclaw command bin directory in managed service PATH generation and doctor audit expectations for npm-global macOS installs. Fixes #84201. (#84475) Thanks @jbetala7.
• Control UI/chat: disable the thinking selector for known non-reasoning models instead of showing duplicate Off choices. Fixes #84069. Thanks @DrippingMellow.
• Memory: expand ~ in configured extra memory paths before resolving them, so home-relative folders are not treated as workspace-relative. Fixes #58026. Thanks @stadman.
• Skills: treat openclaw.os: macos as Darwin when checking skill requirements, so macOS-only skills no longer report as missing on macOS hosts. Fixes #61338. Thanks @Jessecq1995.
• Control UI/logs: strip ANSI escape sequences from displayed Gateway log messages so color codes no longer appear as raw text. Fixes #64399. Thanks @guguangxin-eng.
• Docker: pre-create the workspace and auth-profile config mount points with node ownership so first-run named volumes do not start root-owned. Fixes #85076. Thanks @Noerr.
• Telegram: pass configured markdown table mode through outbound markdown chunking so chunked sends render tables consistently. Fixes #85085. Thanks @ShuaiHui.
• Diagnostics/OTel: drop snake_case diagnostic id attributes alongside camelCase ids so exported telemetry cannot leak run, session, message, chat, trace, or tool-call identifiers. (#72645) Thanks @Lion0710.
• CLI/update: preserve managed Gateway service environment during package cutovers so macOS LaunchAgent repair/restart reads the pre-update service state instead of caller shell state. (#83026)
• Agents/providers: honor per-model api and baseUrl overrides in custom provider auth hooks and transport selection. Fixes #80487. (#80488) Thanks @huveewomg.
• Gateway/restart: eager-load the lifecycle runtime before in-place upgrade signal handling so package replacement does not deadlock restart imports. (#84890) Thanks @myps6415.
• CLI/update: start managed Gateway update handoff helpers from a stable existing directory and tolerate deleted cwd/package roots during macOS LaunchAgent handoff. Fixes #83808. (#83875) Thanks @jason-allen-oneal.
• Skills: watch each shared skill directory once across agent workspaces instead of once per agent, preventing file-descriptor exhaustion (EMFILE) that disposed bundle-mcp processes and stalled sessions on multi-agent gateways. Fixes #84968. (#85130) Thanks @openperf.
• Release/security: keep generated npm shrinkwrap package versions inside the pnpm lock graph so published package locks cannot bypass pnpm dependency age and override policy.
• Cron: honor cron.retry.retryOn: ["network"] for common network error codes such as EAI_AGAIN, EHOSTUNREACH, and ENETUNREACH.
• Gateway chat: broadcast returned agent-run error payloads after an agent starts so ACP/WebChat clients receive terminal idle-timeout errors. Fixes #84945.
• Gateway chat display: preserve OpenAI-compatible prompt_tokens, completion_tokens, and total_tokens usage fields in sanitized chat history so llama.cpp sessions keep context counts. Fixes #77992. Thanks @MarTT79.
• Dashboard/CLI: allow macOS browser launching through open even when SSH environment variables are present, while preserving Linux SSH no-display protection. Fixes #67088. Thanks @theglove44.
• Codex app-server: keep native web search observations out of mirrored chat transcripts while preserving available action query metadata in tool progress telemetry. Fixes #85109. Thanks @ugitmebaby.
• OpenCode Go: strip unsupported Kimi reasoning replay fields before provider requests so repeated kimi-k2.6 turns do not fail schema validation. Fixes #83812. Thanks @Sleeck.
• Browser/CDP: add a WSL2 portproxy self-loop hint when Chrome DevTools endpoints accept connections but return an empty HTTP reply. Fixes #59209. Thanks @Owlock.
• Agents/tools: add bounded tool-policy audit log entries that identify which allow/deny rule removed tools or blocked a sandboxed tool call. Fixes #55801. Thanks @justinjkline.
• CLI/logs: read implicit local Gateway logs through the passive backend client path so openclaw logs --follow does not register as a paired device, and use the active Linux systemd journal instead of stale configured-file fallbacks when live local RPC is unavailable. Fixes #83656 and #66841.
• Agents/OpenAI: preserve structured provider error code, type, and redacted body metadata on boundary-aware transport failures.
• Doctor/Codex: point native Codex asset warnings at the canonical openclaw migrate plan codex preview command. Fixes #84948. Thanks @markoa.
• CLI/models: make capability model auth logout --agent remove auth profiles from the selected non-default agent store. Fixes #85092. Thanks @islandpreneur007.
• Gateway/models: reuse prepared provider auth metadata during model-listing auth checks so repeated lookups avoid broad plugin discovery while preserving synthetic local auth.
• CLI/status: suppress systemd user-service setup hints when openclaw status --deep can already reach a running Gateway RPC service. Fixes #85094. Thanks @islandpreneur007.
• CLI/devices: recover local approval when a same-device repair request replaces the request ID being approved.
• CLI/agents: retry transient normal-close Gateway handshakes before falling back to embedded openclaw agent execution.
• CLI/update: keep managed Gateway service stop/restart status lines out of openclaw update --json stdout so package-update automation can parse the JSON payload.
• Plugins: resolve OpenClaw plugin SDK subpaths for native external plugin runtimes without mutating package installs or broadening process-wide module resolution.
• Agents/OpenAI: preserve Responses and Chat Completions reasoning_tokens usage metadata without double-counting it in aggregate output tokens. (#85319)
• Control UI/chat: convert pasted data:image/...;base64,... clipboard text into an image attachment instead of dumping the payload into the composer. Fixes #62604. Thanks @cpwilhelmi.
• Providers/Gemini: strip fractional seconds from web-search time range filters so Gemini accepts freshness-bound search requests. (#85071) Thanks @Noerr.
• OpenAI Codex: preserve image input support for sparse openai-codex/gpt-5.5 catalog rows. (#85095) Thanks @sercada.
• CLI/models: add a piped or pasted API-key path for OpenAI Codex auth and warn when API keys are pasted into token-mode auth. (#85533) Thanks @joshavant.
• Telegram: dead-letter missing-harness isolated ingress failures so a poisoned spooled update no longer blocks later same-lane messages. Fixes #85470. (#85605) Thanks @joshavant.
• Plugins/discovery: strip -plugin package suffixes when deriving plugin id hints so package names line up with manifest ids. (#85170) Thanks @JulyanXu.
• Tlon: stop advertising a non-existent agent tool contract in the plugin manifest.
• Telegram: preserve fenced code block languages through Markdown rendering so Telegram receives language-* code classes. (#85209) Thanks @leno23.
• Windows installer: run npm and Corepack command shims from a Windows-local directory so installs launched from WSL2 UNC paths do not fail before OpenClaw is installed.
• Windows updates: roll back git-backed updates to the previous checkout when dependency install, build, UI build, or doctor repair fails.
• Windows installer: persist user-local portable Git on PATH and activate the repo-pinned pnpm version for git-backed installs and updates.
• Windows installer: bootstrap a user-local portable Node.js when native Windows has no Node and no winget, Chocolatey, or Scoop, so first-run installs can continue on raw hosts.
• Windows installer: extract the downloaded portable Node.js directory with native tar before falling back to .NET zip extraction, avoiding PowerShell 5.1 archive and path-length failures.
• fix(integrations): enforce channel read target allowlists [AI]. (#84982) Thanks @pgondhi987.
• Agents/heartbeat: route single-owner session.dmScope=main direct-message exec and cron event wakes back to the agent main session so async completions no longer strand context in orphan direct-DM queues. Fixes #71581. (#83743) Thanks @Kaspre.
• Agents/code-mode: expose outer code-mode exec source through the command hook alias with toolKind/toolInputKind discriminators so exec-shaped policies can distinguish code-mode cells. (#83483) Thanks @Kaspre.
• Agents/code mode: return structured timeout and runtime-unavailable error codes for known worker failures. Fixes #83389. (#83444) Thanks @Kaspre.
• QA-Lab: isolate multi-scenario suite workers when scenarios need startup config patches, preventing message-routing config from leaking into unrelated scenarios.
• QA-Lab: make the commitments heartbeat-target-none scenario request an immediate heartbeat instead of waiting for the next scheduled heartbeat.
• Codex/Plugin SDK: deliver Codex-native subagent completions through a generic harness task runtime so harness-backed plugins can mirror durable task lifecycle and completion delivery without Codex-specific SDK imports. (#83445) Thanks @bryanpearson.
• Gateway CLI: surface local post-challenge connect assembly failures immediately instead of waiting for the wrapper timeout. Fixes #68944. (#85253) Thanks @samzong.
• Messages: strip unsupported web-search citation control markers from outbound replies before they reach WebChat or external channels. Fixes #85193. (#85204) Thanks @neeravmakwana.
• Agents/exec: treat denied exec approvals as terminal instead of feeding them back into agent follow-up work, and recognize Chinese stop phrases in abort handling. Fixes #69386. (#85194) Thanks @samzong.
• CLI/agents: abort accepted Gateway-backed openclaw agent runs on SIGINT/SIGTERM so cron and supervisor timeouts do not leave remote agent work alive. Fixes #71710. (#84381) Thanks @Kaspre.
• Codex app-server: retry replay-safe stdio client-close turns once using structured failure metadata, while surfacing idle turn/completed timeouts instead of blindly replaying active shared-server turns. Thanks @VACInc.
• Codex app-server: reject command overrides that embed Node or package-manager arguments and point users to appServer.args, so Windows startup avoids shell parsing failures. (#84417) Thanks @TurboTheTurtle.
• Agents/Copilot: drop unsafe GitHub Copilot Responses reasoning replay items before send so Telegram direct sessions no longer fail on overlong replay IDs. Fixes #85197. (#85198) Thanks @galiniliev.
• UI: add accessible tooltips to the topbar color-mode buttons so System, Light, and Dark choices are labeled on hover and focus. (#85227) Thanks @amknight.
• fix: constrain Windows task script names [AI]. (#85064) Thanks @pgondhi987.
• Control UI: keep the chat session picker from hiding older or cross-agent configured conversations while preserving the bounded configured-agent refresh. (#85211) Thanks @amknight.
• Agents/Anthropic: preserve unsafe integer tool-call input values in streamed Anthropic tool-use JSON, preventing Discord-style IDs from being rounded before dispatch. Fixes #47229. (#83063) Thanks @leno23.
• Agents/Codex: estimate tool-heavy prompt pressure at the LLM boundary before provider submission, so persistent sessions compact before overflowing context windows. (#85541) Thanks @fuller-stack-dev and @joshavant.
• Agents/hooks: wait for local one-shot CLI and Codex agent_end plugin hooks before process cleanup so terminal observability flushes reliably. (#85007)
• Providers/Google: preserve Gemini 3 cron thinkingDefault: "low" when stale catalog metadata says reasoning:false, so scheduled runs keep provider-supported thinking instead of downgrading to off. (#85185) Thanks @neeravmakwana.
• CLI/agents: allow openclaw agent --session-key to target explicit session keys, including agent-scoped legacy keys. (#85121) Thanks @Kaspre.
• Auto-reply/ACP: wait for same-channel block reply delivery before starting tool work, while still honoring ACP dispatch aborts so stopped turns do not wait on slow channel sends. (#83722) Thanks @IWhatsskill.
• Codex/ACP: mark required child-run completions that only report progress, omit a final deliverable, or fail requester delivery as blocked while preserving real final reports. (#85110) Thanks @IWhatsskill.
• Channels: treat bare abort messages such as stop, abort, and wait as immediate control commands in inbound debounce paths so stop requests are not delayed behind pending message coalescing. (#83348) Thanks @IWhatsskill.
• Channels/message tool: resolve configured external channel plugins during in-agent channel selection, so openclaw agent --local message-tool sends no longer report an available channel as unavailable. (#85022) Thanks @Kaspre.
• Agents/heartbeat: honor group/channel message_tool visible-reply policy and model-specific Codex runtime config for scheduled heartbeat runs, so failed internal tool output stays private. Fixes #85310. (#85357) Thanks @neeravmakwana.
• Gateway/ACP: close child ACP sessions spawned via sessions_spawn when their parent session is reset or deleted, instead of leaving orphaned claude-agent-acp processes that accumulate and exhaust memory. Fixes #68916. (#85190) Thanks @openperf.
• Codex app-server: block native execution paths when OpenClaw exec resolves to a node host while preserving the first-party CLI node binding path. Fixes #85012. (#85534) Thanks @joshavant.
• Diagnostics: bound cleanup timeout detail logs, emit drop summaries when async diagnostic bursts exceed the queue cap, and surface async queue drops through diagnostic telemetry.
• Agents/subagents: surface blocked child-run completions as errors instead of successful subagent finishes. (#80886) Thanks @TurboTheTurtle.
• Context engines: fail closed with a descriptive error when the selected agent runtime cannot satisfy declared context-engine host requirements.
• Agents/Pi: treat accepted embedded sessions_spawn child-session handoffs as terminal progress so parent turns no longer report false non-deliverable failures. (#85054) Thanks @samzong.
• CLI/models: resolve openclaw models set aliases from the runtime config while keeping authored aliases ahead of runtime-only defaults. (#83262) Thanks @IWhatsskill.
• Doctor: show personal Codex CLI asset notices as info instead of warnings. Fixes #84859.
• WhatsApp: update Baileys to 7.0.0-rc13 and drop the obsolete logger type patch.
• CLI/update: pre-pack GitHub/git package update targets before the staged npm install, restoring openclaw update --tag main for one-off package updates. (#81296) Thanks @fuller-stack-dev.
• Gateway: mirror successful same-source message-tool sends into session transcripts so delivered replies stay in later history/context. (#84837) Thanks @iFiras-Max1.
• Media generation: keep image, music, and video completion delivery from duplicating or losing task ownership when generated media finishes through active session replies. (#84006) Thanks @fuller-stack-dev.
• CLI/doctor: remove stale bundled plugin load paths from old versioned OpenClaw package roots after pnpm/npm upgrades. Fixes #58626. Thanks @solink7.
• Infra/json: retry transient File changed during read races while loading JSON state so config and state reads recover instead of failing the turn. (#84285)
• Plugins/providers: fail closed for workspace provider plugins during setup-mode discovery unless explicitly trusted, preventing untrusted workspace plugin code from running during provider setup. (#81069) Thanks @mmaps.
• Providers/Ollama: resolve configured Ollama Cloud OLLAMA_API_KEY markers to the real discovery key so cloud provider entries keep authenticated model catalog access. (#85037)
• Discord: keep persistent component registry fallback warnings actionable by forwarding structured error and cause metadata through the runtime logger. Fixes #84185. (#84190) Thanks @100menotu001.
• Gateway/sessions: preserve compatible session auth profile overrides when switching models within the same provider, including provider-auth aliases. Fixes #81837. (#81886) Thanks @TurboTheTurtle.
• Gateway/status: surface inbound delivery telemetry counters and transport-liveness warnings in openclaw status --all. Fixes #49577. (#72724)
• Docker: prune package-excluded plugin source workspaces and dependency closures so runtime images do not keep packages for plugins that were not opted in.
• Providers/Ollama: treat Docker/OrbStack host aliases as local Ollama endpoints so ollama-local marker auth works when OpenClaw runs inside a VM/container and Ollama runs on the host. Fixes #84875.
• QA-Lab: keep explicitly searchable/deferred OpenClaw dynamic tool rows report-only by default so tool-coverage gates do not treat mock discovery gaps as hard product failures. (#80319) Thanks @100yenadmin.
• Agents/config: keep non-Google provider model refs from being rewritten by Google Gemini preview-id normalization. (#84762) Thanks @zhangguiping-xydt.
• Installer: require a real controlling terminal before launching onboarding so headless curl | bash installs finish cleanly after installing the CLI.
• Agents/Codex: promote a completed final assistant response when a prompt timeout races Codex app-server completion instead of returning an empty timeout envelope. Refs #84516.
• Codex app-server: keep interrupted turn statuses from being treated as OpenClaw aborts by themselves, so tool-only turns remain eligible for no-visible-answer recovery. Fixes #84492.
• Agents: cap heartbeat model bleed context hints by the stored session window when runtime model metadata is unavailable, so overflow recovery advice does not suggest a larger window than the active session actually has.
• Control UI/Web Push: use https://openclaw.ai as the generated default VAPID subject instead of the old localhost mailbox so iOS PWA push setup uses an Apple-acceptable subject when OPENCLAW_VAPID_SUBJECT is unset. Fixes #83134. (#83317) Thanks @IWhatsskill.
• Control UI: distinguish inherited thinking-off settings from explicit Off selections so the thinking selector no longer shows two identical Off rows. (#85223) Thanks @amknight.
• Agents/Pi: keep embedded session transcript writes from tripping false takeover detection after packaged npm onboarding agent turns.
• Codex/TUI: surface Codex-native post-turn compaction failures instead of continuing uncompacted, and keep successful native compaction serialized before local idle/next-turn handling. Fixes #84305. (#85160) Thanks @joshavant.
• Memory/search: stop recall tracking from writing dreaming side-effect artifacts when dreaming.enabled=false, while preserving normal search results. Fixes #84436. (#84444) Thanks @NianJiuZst.
• Diffs: render viewer toolbar icons from a closed icon-name map instead of HTML strings, removing the toolbar icon XSS sink. (#83955) Thanks @tanshanshan.
• QA: keep pnpm qa:e2e self-check runs inside the private QA runtime envelope even when inherited shell env disables bundled plugins.
• fix(config): validate browser sandbox bind sources [AI]. (#84799) Thanks @pgondhi987.
• doctor: constrain legacy plugin cleanup paths [AI]. (#84801) Thanks @pgondhi987.
• Update/doctor: prune stale local bundled plugin install records that point at old compiled bundled output so current bundled plugin schemas win after upgrade. (#84863) Thanks @fuller-stack-dev.
• Providers/Ollama: preserve native Ollama tool-call IDs across assistant replay so Gemini over Ollama Cloud can keep its hidden function-call thought-signature handle.
• Discord: keep session recovery and /stop abort ownership on the source dispatch lane while bound ACP turns continue routing to their target session, so stalled pre-run work and late replies are cleared instead of leaking after stop. Fixes #84477. (#85100) Thanks @joshavant.
• Discord/voice-call: keep forced realtime voice consult diagnostics in debug logs instead of agent prompts, so callers do not hear OpenClaw policy text when the provider misses openclaw_agent_consult. (#84411) Thanks @fuller-stack-dev.
• Codex app-server: mark missing turn completion after observed execution as replay-unsafe and release the session so follow-up turns can run. Fixes #84076. (#85107) Thanks @joshavant.
• Codex app-server: give visible message dynamic tool sends a longer timeout budget so slow channel delivery can return its own result or error instead of hitting the 30-second Codex wrapper. (#85216) Thanks @amknight.
• Codex app-server: add a dedicated post-tool raw assistant completion idle timeout config so trusted heavy turns can wait longer after tool handoff without weakening final assistant release.
• Matrix: keep explicitly configured two-person rooms on the room route before stale m.direct or strict two-member DM fallback can bypass mention gating. Fixes #85017. (#85137) Thanks @joshavant.
• Agents/subagents: require explicit subagent allowlist targets to be configured agents so stale deleted-agent ids are omitted from agents_list and rejected by sessions_spawn. Fixes #84811. (#85154) Thanks @joshavant.
• PDF tool: time out idle remote PDF body reads after 120 seconds so stalled remote documents return an error instead of wedging the session. Fixes #68649. (#84768) Thanks @luoyanglang.
• Diagnostics/OpenTelemetry plugin: suppress handled OTLP exporter promise rejections so collector shutdowns no longer crash the Gateway. (#81085) Thanks @luoyanglang.
• Agents/exec: omit raw command text and env values from denied exec failure logs while keeping safe correlation metadata. Fixes #85049. (#85140) Thanks @joshavant.
• Media-understanding: restore the 4096-token default for image descriptions so reasoning-capable vision models no longer truncate before returning text, while preserving smaller model caps. (#84932) Thanks @scotthuang.
• Media/audio: skip empty structured sherpa-onnx transcripts instead of treating the raw JSON payload as spoken text. (#84667) Thanks @TurboTheTurtle.
• Agents/exec: preserve inherited XDG base-directory environment values for subprocesses while still rejecting agent-supplied XDG overrides. Fixes #84854. (#85139) Thanks @joshavant.
• Node/Linux: keep OPENCLAW_GATEWAY_TOKEN out of generated systemd unit files by writing node service token values to a node-specific env file. (#84408)
• Memory-core/dreaming: reuse stable narrative subagent session keys per workspace and phase while keeping per-run idempotency and bounded cleanup, so stale dreaming-narrative-* sessions do not accumulate. Fixes #68252, #69187, and #70402. (#70464) Thanks @chiyouYCH.
• Trajectory/support: tolerate partial skill snapshot entries when building support metadata so rejected skill path scans no longer abort trajectory capture. (#71185) Thanks @lukeboyett.
• TUI: coalesce repeated idle Esc abort notices into a single no active run xN system row instead of appending duplicate rows.
• Telegram: honor channels.telegram.pollingStallThresholdMs in the default isolated polling path, restarting silent workers instead of leaving inbound updates wedged. Fixes #83950. (#84861) Thanks @joshavant.
• Telegram: dedupe replayed message dispatches by Telegram chat/message identity so isolated-ingress replays do not trigger duplicate model dispatches. Fixes #84886. (#85208) Thanks @joshavant.
• Slack: suppress reasoning payloads before reply delivery and dispatch accounting, so Slack monitor, slash-command, fallback, and direct reply paths do not leak model reasoning. Fixes #84319. (#84322) Thanks @ffluk3 and @joshavant.
• Slack: deliver native plugin approval prompts and updates when Slack native approvals are enabled, while keeping plugin approval authorization separate from exec approvers.
• Slack: keep native plugin approval prompts in the originating app conversation thread when the live Slack turn source is a D... conversation.
• Agents/Pi: disable the embedded pi-coding-agent runtime auto-retry so OpenClaw's own retry and failover loop does not replay failed tool calls through a nested SDK retry. Fixes #73781. (#74434) Thanks @yelog.
• CLI/perf: keep setup --help, onboard --help, and configure --help out of the full wizard runtime while preserving the existing help output. (#84488) Thanks @frankekn.
• CLI/perf: keep agents --help out of agents action/runtime imports so help, completion, and command discovery paths avoid loading the full agents runtime. (#84483) Thanks @frankekn.
• CLI/perf: keep secrets --help and nodes --help on the precomputed help path so parent help avoids loading action-heavy command runtime modules. (#84818) Thanks @frankekn.
• CLI/perf: serve doctor, gateway, models, and plugins parent help from startup metadata so common subcommand help avoids full CLI program construction. (#84786) Thanks @frankekn.
• Codex/Lossless: keep context-engine history on the canonical run session when Telegram DMs use per-peer runtime policy keys. Fixes #84936. (#84954) Thanks @neeravmakwana.
• Codex: keep heartbeat response tool schemas durable without exposing dynamic tools disabled by turn policy, so heartbeat wakeups can reuse threads while scoped tool allowlists stay enforced. (#84681) Thanks @jalehman.
• Auth/OAuth: skip the refresh adapter when a stored OAuth credential has no refresh token so agent turns fail fast on missing-key instead of waiting on the 120s refresh timeout. Thanks @romneyda.
• Auth/Codex: load legacy OAuth sidecar credentials in the embedded runner's secrets-runtime auth loaders so Telegram replies, cron-triggered turns, and other isolated sub-agent lanes can reach the existing #83312 refresh-and-rewrite migration instead of failing with No API key found for provider "openai-codex" until the user runs openclaw doctor. Thanks @Totalsolutionsync and @romneyda.
• Codex/failover: classify deactivated_workspace as a permanent auth failure so configured fallback models can advance when a Codex workspace is deactivated. (#55893) Thanks @litang9.
• Exec: keep configured tools.exec.pathPrepend entries ahead of user shell startup PATH changes on POSIX gateway runs. (#81403) Thanks @medns.
• Gateway/sessions: allow shared-secret bearer callers to read and stream session history without an explicit scope header. (#81815) Thanks @medns.
• Agents/embedded runner: classify HTML auth provider responses as auth_html and return a re-authentication hint instead of the CDN-blocked copy that upstream_html returns. Cloudflare Access login pages, nginx basic-auth challenges, and gateway login walls all produce HTML auth bodies that were previously misdiagnosed as transient CDN blocks. (#79900) Thanks @martingarramon.
• TUI/streaming watchdog: dismiss the This response is taking longer than expected notice as soon as a chat event for the same run arrives, so the message no longer sits next to the recovered response when the run was only briefly silent. Refs #67052, #69081 (closed), prior attempt #69026. Thanks @jpruit20 and @romneyda.
• Agents/Pi: tolerate OpenClaw-owned transcript writes while embedded prompts are released for model I/O, keeping long-running Feishu, Slack, Telegram, and cron turns from failing with false session-takeover errors. Fixes #84059. (#84250) Thanks @tianxiaochannel-oss88.

Release verification

• npm package: https://www.npmjs.com/package/openclaw/v/2026.5.24-beta.1
• registry tarball: https://registry.npmjs.org/openclaw/-/openclaw-2026.5.24-beta.1.tgz
• integrity: sha512-dGiCraGkifa+Zps/FHYCdnSUE2CJ28I3uSl5SVWHpEUZLGmkXoCC69ollYf+jMrRElhO7J9Hqy2Qt7p+PvBclA==
• full release CI report: https://github.com/openclaw/releases-private/blob/main/evidence/2026.5.24-beta.1/release-evidence.md
• release publish: https://github.com/openclaw/openclaw/actions/runs/26364043947
• npm preflight: https://github.com/openclaw/openclaw/actions/runs/26362633423
• full release validation: https://github.com/openclaw/openclaw/actions/runs/26362633403
• plugin npm publish: https://github.com/openclaw/openclaw/actions/runs/26364110488
• plugin ClawHub publish: dispatched separately, not awaited by this proof: https://github.com/openclaw/openclaw/actions/runs/26364111683
• OpenClaw npm publish: https://github.com/openclaw/openclaw/actions/runs/26364159610
• npm Telegram beta E2E: https://github.com/openclaw/openclaw/actions/runs/26364277200