OpenViking v0.3.10 Release Notes / 发布说明
Release date / 发布日期: 2026-04-22
Full Changelog / 完整变更记录: v0.3.9...v0.3.10
中文
版本概览
v0.3.10 重点增强了 VLM provider、OpenClaw 插件生态、VikingDB 数据面接入,以及文件写入、QueueFS、Bot/CLI 的稳定性。本次发布包含 46 个提交,覆盖新功能、兼容性修复、安全修复和测试补强。
主要更新
- 新增 Codex、Kimi、GLM VLM provider,并支持
vlm.timeout配置。 - 新增 VikingDB
volcengine.api_key数据面模式,可通过 API Key 访问已创建好的云上 VikingDB collection/index。 write()新增mode="create",支持创建新的文本类 resource 文件,并自动触发语义与向量刷新。- OpenClaw 插件新增 ClawHub 发布、交互式 setup 向导和
OPENCLAW_STATE_DIR支持。 - QueueFS 新增 SQLite backend,支持持久化队列、ack 和 stale processing 消息恢复。
- Locomo / VikingBot 评测链路新增 preflight 检查和结果校验。
新功能用法
使用新的 VLM provider
Codex OAuth 推荐通过初始化向导配置:
openviking-server init
openviking-server doctor手动配置时,openai-codex 在 Codex OAuth 可用时不需要 api_key:
{
"vlm": {
"provider": "openai-codex",
"model": "gpt-5.3-codex",
"api_base": "https://chatgpt.com/backend-api/codex",
"timeout": 120
}
}Kimi 和 GLM 使用 OpenAI-compatible 请求格式:
{
"vlm": {
"provider": "kimi",
"model": "kimi-code",
"api_key": "your-kimi-subscription-api-key",
"api_base": "https://api.kimi.com/coding"
}
}{
"vlm": {
"provider": "glm",
"model": "glm-4.6v",
"api_key": "your-zai-api-key",
"api_base": "https://api.z.ai/api/coding/paas/v4"
}
}创建新的 resource 文件
openviking write viking://resources/notes/release-v0.3.10.md \
--mode create \
--content "# v0.3.10\n\nRelease notes." \
--waitcreate 模式只用于新文件;目标已存在时会返回 409 Conflict。支持的扩展名包括 .md、.txt、.json、.yaml、.yml、.toml、.py、.js、.ts。
使用 VikingDB API Key 数据面模式
该模式适合连接已提前创建 collection/index/schema 的 VikingDB。OpenViking 会执行数据写入、查询、删除和聚合,不会创建或删除 collection/index。
{
"storage": {
"vectordb": {
"backend": "volcengine",
"name": "context",
"project": "default",
"index_name": "default",
"volcengine": {
"api_key": "your-vikingdb-data-api-key",
"region": "cn-beijing",
"host": "api-vikingdb.vikingdb.cn-beijing.volces.com"
}
}
}
}安装和配置 OpenClaw 插件
openclaw plugins install clawhub:@openclaw/openviking
openclaw openviking setup连接已有远端 OpenViking 服务时:
openclaw config set plugins.entries.openviking.config.mode remote
openclaw config set plugins.entries.openviking.config.baseUrl http://your-server:1933
openclaw config set plugins.entries.openviking.config.apiKey your-api-key
openclaw config set plugins.entries.openviking.config.agentId your-agent-idQueueFS SQLite backend
服务端语义/向量任务队列默认可使用持久化 QueueFS。直接挂载 queuefs 插件时,可配置 SQLite 参数:
{
"backend": "sqlite",
"db_path": "./data/queue.db",
"recover_stale_sec": 300,
"busy_timeout_ms": 5000
}体验与兼容性改进
- 调整
recallTokenBudget和recallMaxContentChars默认值,降低 OpenClaw 自动召回注入过长上下文的风险。 ov add-memory在异步 commit 场景下返回OK,避免误判后台任务仍在执行时的状态。ov chat会从ovcli.conf读取鉴权配置并自动发送必要请求头。- OpenClaw 插件默认远端连接行为、鉴权、namespace 和
role_id处理更贴合服务端多租户模型。
修复
- 修复 Bot API channel 鉴权检查、启动前端口检查和已安装版本上报。
- 修复 OpenClaw 工具调用消息格式不兼容导致的孤儿
toolResult。 - 修复 console
add_resourcetarget 字段、repo target URI、filesystemmkdir、reindex maintenance route 等问题。 - 修复 Windows
.bat环境读写、shell escaping、ov.conf校验和硬编码路径问题。 - 修复 Gemini + tools 场景下 LiteLLM
cache_control导致的 400 错误,并支持 OpenAI reasoning model family。 - 修复 S3FS 目录 mtime 稳定性、Rust native build 环境污染、SQLite 数据库扩展名解析等问题。
文档、测试与安全
- 补充 VLM provider、Codex OAuth、Kimi/GLM、
write(mode=create)、tools.mcp_servers、ov_tools_enable、Feishu thread 和 VLM timeout 文档。 - 新增资源构建、Context Engine、OpenClaw 插件、内容写入、VLM provider、setup wizard、server bootstrap 和安全相关测试。
- 新增
SECURITY.md并更新 README、多语言文档和社群二维码。 - 修复多项 code scanning 和 runtime 安全告警。
- 增强 Bot gateway、OpenAPI auth、werewolf demo、配置校验和本地命令执行相关安全测试。
English
Overview
v0.3.10 focuses on VLM providers, the OpenClaw plugin ecosystem, VikingDB data-plane access, and stability improvements across content write, QueueFS, Bot, and CLI workflows. This release includes 46 commits covering new capabilities, compatibility fixes, security fixes, and expanded tests.
Highlights
- Added Codex, Kimi, and GLM VLM providers, plus
vlm.timeoutfor per-request HTTP timeouts. - Added VikingDB
volcengine.api_keydata-plane mode for accessing pre-created cloud VikingDB collections and indexes with an API key. - Added
write(mode="create")for creating new text resource files and automatically refreshing related semantics and vectors. - Added ClawHub publishing, an interactive setup wizard, and
OPENCLAW_STATE_DIRsupport for the OpenClaw plugin. - Added a SQLite backend for QueueFS with persisted queues, ack support, and stale processing message recovery.
- Added Locomo / VikingBot evaluation preflight checks and result validation.
New Feature Usage
Use the new VLM providers
For Codex OAuth, prefer the setup wizard:
openviking-server init
openviking-server doctorWhen configuring manually, openai-codex does not require api_key if Codex OAuth is available:
{
"vlm": {
"provider": "openai-codex",
"model": "gpt-5.3-codex",
"api_base": "https://chatgpt.com/backend-api/codex",
"timeout": 120
}
}Kimi and GLM use OpenAI-compatible request formats:
{
"vlm": {
"provider": "kimi",
"model": "kimi-code",
"api_key": "your-kimi-subscription-api-key",
"api_base": "https://api.kimi.com/coding"
}
}{
"vlm": {
"provider": "glm",
"model": "glm-4.6v",
"api_key": "your-zai-api-key",
"api_base": "https://api.z.ai/api/coding/paas/v4"
}
}Create a new resource file
openviking write viking://resources/notes/release-v0.3.10.md \
--mode create \
--content "# v0.3.10\n\nRelease notes." \
--waitcreate mode only targets new files; an existing path returns 409 Conflict. Supported extensions include .md, .txt, .json, .yaml, .yml, .toml, .py, .js, and .ts.
Use VikingDB API-key data-plane mode
This mode is intended for VikingDB collections, indexes, and schemas that were created out of band. OpenViking can write, search, delete, and aggregate data, but it does not create or delete collections and indexes in this mode.
{
"storage": {
"vectordb": {
"backend": "volcengine",
"name": "context",
"project": "default",
"index_name": "default",
"volcengine": {
"api_key": "your-vikingdb-data-api-key",
"region": "cn-beijing",
"host": "api-vikingdb.vikingdb.cn-beijing.volces.com"
}
}
}
}Install and configure the OpenClaw plugin
openclaw plugins install clawhub:@openclaw/openviking
openclaw openviking setupTo connect to an existing remote OpenViking server:
openclaw config set plugins.entries.openviking.config.mode remote
openclaw config set plugins.entries.openviking.config.baseUrl http://your-server:1933
openclaw config set plugins.entries.openviking.config.apiKey your-api-key
openclaw config set plugins.entries.openviking.config.agentId your-agent-idQueueFS SQLite backend
The server semantic/vector task queues can use persistent QueueFS. When mounting the queuefs plugin directly, configure SQLite parameters like this:
{
"backend": "sqlite",
"db_path": "./data/queue.db",
"recover_stale_sec": 300,
"busy_timeout_ms": 5000
}Improvements
- Adjusted the default
recallTokenBudgetandrecallMaxContentCharsto reduce the risk of overlong OpenClaw auto-recall context injection. ov add-memorynow returnsOKfor asynchronous commit workflows instead of implying the background task has already finished.ov chatnow reads authentication fromovcli.confand sends the required request headers.- The OpenClaw plugin now aligns remote connection behavior, auth, namespace, and
role_idhandling with the server multi-tenant model.
Fixes
- Fixed Bot API channel auth checks, startup port preflight checks, and installed-version reporting.
- Fixed orphan
toolResulterrors caused by incompatible OpenClaw tool-call message formats. - Fixed console
add_resourcetarget fields, repo target URIs, filesystemmkdir, and the reindex maintenance route. - Fixed Windows
.batenvironment read/write, shell escaping,ov.confvalidation, and hardcoded paths. - Fixed LiteLLM
cache_control400 errors for Gemini + tools and added support for OpenAI reasoning model families. - Fixed S3FS directory mtime stability, Rust native build environment pollution, and SQLite database extension parsing.
Docs, Tests, and Security
- Documented VLM providers, Codex OAuth, Kimi/GLM,
write(mode=create),tools.mcp_servers,ov_tools_enable, Feishu thread settings, and VLM timeout. - Added tests for resource builds, Context Engine, the OpenClaw plugin, content write, VLM providers, setup wizard, server bootstrap, and security behavior.
- Added
SECURITY.mdand updated the README files, multilingual docs, and community QR code. - Addressed multiple code scanning and runtime security findings.
- Expanded security coverage for Bot gateway, OpenAPI auth, the werewolf demo, config validation, and local command execution.
What's Changed
- docs(channel): document ov_tools_enable config introduced in #1352 by @r266-tech in #1571
- docs(bot): document tools.mcp_servers config (#1392) by @r266-tech in #1567
- fix(bot): 端口冲突预检 + /health 上报真实版本 by @ZaynJarvis in #1566
- docs(en): list dashscope in embedding provider table (#1535) by @r266-tech in #1584
- feat(vlm): expose timeout as a config field and thread it through by @0xble in #1580
- fix(cli): ov chat auth from config with required headers by @tolatolatop in #1575
- docs(feishu): document threadRequireMention + botName post #1534 by @r266-tech in #1573
- fix(vlm): strip cache_control for Gemini + tools to avoid LiteLLM CachedContent 400 by @0xble in #1569
- fix(vlm): support OpenAI reasoning-model families (gpt-5, o1, o3, o4) by @0xble in #1568
- fix(oc2ov-test): add Context Engine test case and main branch add cron by @kaisongli in #1586
- feat(queuefs): Add SQLite backend with ack/recover and unified control-file/config specs by @sponge225 in #1500
- fix(reindex): repair maintenance route and keep content compatibility by @0xble in #1583
- feat(demo):werewolf readme by @yeshion23333 in #1590
- fix(security): address targeted code scanning alerts by @qin-ctx in #1591
- docs(vlm): document timeout config field (#1580) by @r266-tech in #1593
- fix: allow --sudo for ov admin commands by @MaojiaSheng in #1589
- WeChat QR code 更新 by @Lumos088 in #1597
- fix(session): drop user registry check for message role_id by @qin-ctx in #1601
- fix(security): clean up code scanning and runtime findings by @qin-ctx in #1596
- fix(eval): Fix commit emb token calculate, add time cost by @yeshion23333 in #1609
- fix(ragfs): stabilize s3fs directory mod times by @zhoujh01 in #1603
- Create SECURITY.md by @oss-bd in #1611
- feat: add ClawHub publishing by @LinQiang391 in #1587
- fix(build): sanitize Rust native build env by @myysy in #1610
- fix(parse): ignore sqlite database extensions by @euyua9 in #1598
- fix(cli): return OK for add-memory since commit is async by @ZaynJarvis in #1613
- feat(openclaw-plugin): align auth, namespace, and role id handling by @jcp0578 in #1606
- feat(content-write): 支持 mode=create 创建新文件 by @A0nameless0man in #1608
- Revert "fix: fall back to prefix filters for volcengine path scope" by @qin-ctx in #1619
- fix: Windows .bat env read/write, shell escaping, ov.conf validation,… by @LinQiang391 in #1620
- fix(fs): fix mkdir by @zhoujh01 in #1622
- feat(vlm): add Codex, Kimi, and GLM VLM support by @ehz0ah in #1444
- [feat] Test/add resource ci validation and fix session api case 400 error by @kaisongli in #1599
- feat(eval): Locomo bot eval add check by @yeshion23333 in #1629
- docs(skill): sync ov add-memory output example after #1613 by @r266-tech in #1627
- docs(filesystem): document write() mode=create (#1608) by @r266-tech in #1623
- adjust default value for recallTokenBudget and recallMaxContentChars. by @huangxun375-stack in #1617
- feat(vectordb): add volcengine_api_key data-plane backend for VikingDB by @fengluodb in #1588
- fix: correct repo target uri by @MaojiaSheng in #1633
- fix: handle Wikipedia 403 in CI environment for TC-P05 by @kaisongli in #1630
- fix: change openclaw mode into remote by @qin-ctx in #1634
- fix(console): use correct add_resource target field by @qin-ctx in #1637
- fix(plugin): 修复 OpenClaw 工具调用消息格式不兼容导致的 toolResult 孤儿错误 by @824156793 in #1632
- Align context-engine assemble test with toolCall output by @wlff123 in #1641
- fix(bot):Fix bot api-channel auth check by @yeshion23333 in #1640
- fix(session): allow explicit role_id passthrough by @qin-ctx in #1643
New Contributors
- @tolatolatop made their first contribution in #1575
- @Lumos088 made their first contribution in #1597
- @oss-bd made their first contribution in #1611
- @euyua9 made their first contribution in #1598
- @824156793 made their first contribution in #1632
Full Changelog: v0.3.9...v0.3.10