npm openclaw 2026.3.22-beta.1
openclaw 2026.3.22-beta.1
on Node.js NPM

latest release: 2026.3.22
8 hours ago

Pre-release for npm beta tag v2026.3.22-beta.1.

No new macOS app build is attached to this beta. macOS assets remain on stable app version 2026.3.22, and appcast.xml is intentionally unchanged in this pre-release.

Breaking

  • Plugins/install: bare openclaw plugins install <package> now prefers ClawHub before npm for npm-safe names, and only falls back to npm when ClawHub does not have that package or version. Docs: https://docs.openclaw.ai/tools/clawhub
  • Browser/Chrome MCP: remove the legacy Chrome extension relay path, bundled extension assets, driver: "extension", and browser.relayBindHost. Run openclaw doctor --fix to migrate host-local browser config to existing-session / user; Docker, headless, sandbox, and remote browser flows still use raw CDP. Docs: https://docs.openclaw.ai/gateway/doctor and https://docs.openclaw.ai/tools/browser (#47893) Thanks @vincentkoc.
  • Tools/image generation: standardize the stock image create/edit path on the core image_generate tool. The old nano-banana-pro docs/examples are gone; if you previously copied that sample-skill config, switch to agents.defaults.imageGenerationModel for built-in image generation or install a separate third-party skill explicitly.
  • Skills/image generation: remove the bundled nano-banana-pro skill wrapper. Use agents.defaults.imageGenerationModel.primary: "google/gemini-3-pro-image-preview" for the native Nano Banana-style path instead.
  • Plugins/SDK: the new public plugin SDK surface is openclaw/plugin-sdk/*; openclaw/extension-api is removed with no compatibility shim. Bundled plugins must use injected runtime for host-side operations (for example api.runtime.agent.runEmbeddedPiAgent) and any remaining direct imports must come from narrow openclaw/plugin-sdk/* subpaths instead of the monolithic SDK root. Docs: https://docs.openclaw.ai/plugins/sdk-migration and https://docs.openclaw.ai/plugins/sdk-overview
  • Plugins/message discovery: require ChannelMessageActionAdapter.describeMessageTool(...) for shared message tool discovery. The legacy listActions, getCapabilities, and getToolSchema adapter methods are removed. Plugin authors should migrate message discovery to describeMessageTool(...) and keep channel-specific action runtime code inside the owning plugin package. Thanks @gumadeiras.
  • Plugins/Matrix: add a new Matrix plugin backed by the official matrix-js-sdk. If you are upgrading from the previous public Matrix plugin, follow the migration guide: https://docs.openclaw.ai/install/migrating-matrix Thanks @gumadeiras.
  • Config/env: remove legacy CLAWDBOT_* and MOLTBOT_* compatibility env names across runtime, installers, and test tooling. Use the matching OPENCLAW_* env names instead.
  • Config/state: remove legacy .moltbot state-dir and moltbot.json auto-detection/migration fallback. If you still keep state under ~/.moltbot, move it to ~/.openclaw or set OPENCLAW_STATE_DIR / OPENCLAW_CONFIG_PATH explicitly. Docs: https://docs.openclaw.ai/install/migrating and https://docs.openclaw.ai/start/getting-started
  • Exec/env sandbox: block build-tool JVM injection (MAVEN_OPTS, SBT_OPTS, GRADLE_OPTS, ANT_OPTS), glibc tunable exploitation (GLIBC_TUNABLES), and .NET dependency resolution hijack (DOTNET_ADDITIONAL_DEPS) from the host exec environment, and restrict Gradle init script redirect (GRADLE_USER_HOME) as an override-only block so user-configured Gradle homes still propagate. (#49702)
  • Discord/commands: switch native command deployment to Carbon reconcile by default so Discord restarts stop churning slash commands through OpenClaw’s local deploy path. (#46597) Thanks @huntharo and @thewilloftheshadow.
  • Security/exec approvals: treat time as a transparent dispatch wrapper during allowlist evaluation and allow-always persistence so approved time ... commands bind the inner executable instead of the wrapper path. Thanks @YLChen-007 for reporting.
  • Voice-call/webhooks: reject missing provider signature headers before body reads, drop the pre-auth body budget to 64 KB / 5s, and cap concurrent pre-auth requests per source IP so unauthenticated callers cannot force the old 1 MB / 30s buffering path. Thanks @SEORY0 for reporting.
  • Plugins/Matrix: stop mention-gated or otherwise dropped room chatter from refreshing focused thread bindings before the message is actually routed, so idle ACP and session bindings can still expire normally in mention-required rooms. Thanks @vincentkoc, @dinakars777 and @mvanhorn.
  • Plugins/Matrix: durably dedupe inbound room events across gateway restarts so previously handled Matrix messages are not replayed as new, while preserving clean-restart backlog delivery for unseen events. (#50922) thanks @gumadeiras
  • Agents/media replies: migrate the remaining browser, canvas, and nodes snapshot outputs onto details.media so generated media keeps attaching to assistant replies after the collect-then-attach refactor. (#51731) Thanks @christianklotz.
  • Android/contacts search: escape literal % and _ in contact-name queries so searches like 100% or _id no longer match unrelated contacts through SQL LIKE wildcards. (#41891) Thanks @Kaneki-x.
  • Gateway/usage: include reset and deleted archived session transcripts in usage totals, session discovery, and archived-only session detail fallback so the Usage view no longer undercounts rotated sessions. (#43215) Thanks @rcrick.

Changes

  • ClawHub/install: add native openclaw skills search|install|update flows plus openclaw plugins install clawhub:<package> with tracked update metadata, gateway skill-install/update support for ClawHub-backed requests, and regression coverage/docs for the new source path.
  • Plugins/marketplaces: add Claude marketplace registry resolution, plugin@marketplace installs, marketplace listing, and update support, plus Docker E2E coverage for local and official marketplace flows. (#48058) Thanks @vincentkoc.
  • Commands/plugins: add owner-gated /plugins and /plugin chat commands for plugin list/show and enable/disable flows, alongside explicit commands.plugins config gating. Thanks @vincentkoc.
  • Install/update: allow package-manager installs from GitHub main via openclaw update --tag main, installer --version main, or direct npm/pnpm git specs. (#47630) Thanks @vincentkoc.
  • Plugins/bundles: add compatible Codex, Claude, and Cursor bundle discovery/install support, map bundle skills into OpenClaw skills, and apply Claude bundle settings.json defaults to embedded Pi with shell overrides sanitized.
  • CLI/hooks: route hook-pack install and update through openclaw plugins, keep openclaw hooks focused on hook visibility and per-hook controls, and show plugin-managed hook details in CLI output.
  • Models/OpenAI: switch the default OpenAI setup model to openai/gpt-5.4, keep Codex on openai-codex/gpt-5.4, and centralize OpenAI chat, image, TTS, transcription, and embedding defaults in one shared module so future default-model updates stay low-churn. Thanks @vincentkoc.
  • Agents: add per-agent thinking/reasoning/fast defaults and auto-revert disallowed model overrides to the agent's default selection. Thanks @xuanmingguo and @vincentkoc.
  • Commands/btw: add /btw side questions for quick tool-less answers about the current session without changing future session context, with dismissible in-session TUI answers and explicit BTW replies on external channels. (#45444) Thanks @ngutman.
  • Sandbox/runtime: add pluggable sandbox backends, ship an OpenShell backend with mirror and remote workspace modes, and make sandbox list/recreate/prune backend-aware instead of Docker-only.
  • Sandbox/SSH: add a core SSH sandbox backend with secret-backed key, certificate, and known_hosts inputs, move shared remote exec/filesystem tooling into core, and keep OpenShell focused on sandbox lifecycle plus optional mirror mode.
  • Browser/existing-session: support browser.profiles.<name>.userDataDir so Chrome DevTools MCP can attach to Brave, Edge, and other Chromium-based browsers through their own user data directories. (#48170) Thanks @velvet-shark.
  • Plugins/bundles: make enabled bundle MCP servers expose runnable tools in embedded Pi, and default relative bundle MCP launches to the bundle root so marketplace bundles like Context7 work through Pi instead of stopping at config import.
  • Plugins/providers: move OpenRouter, GitHub Copilot, and OpenAI Codex provider/runtime logic into bundled plugins, including dynamic model fallback, runtime auth exchange, stream wrappers, capability hints, and cache-TTL policy.
  • Models/Anthropic Vertex: add core anthropic-vertex provider support for Claude via Google Vertex AI, including GCP auth/discovery and main run-path routing. (#43356) Thanks @sallyom and @yossiovadia.
  • Plugins/Chutes: add a bundled Chutes provider with plugin-owned OAuth/API-key auth, dynamic model discovery, and default-on extension wiring. (#41416) Thanks @Veightor.
  • Web tools/Exa: add Exa as a bundled web-search plugin with Exa-native date filters, search-mode selection, and optional content extraction under plugins.entries.exa.config.webSearch.*. Thanks @V-Gutierrez and @vincentkoc.
  • Web tools/Tavily: add Tavily as a bundled web-search provider with dedicated tavily_search and tavily_extract tools, using canonical plugin-owned config under plugins.entries.tavily.config.webSearch.*. (#49200) thanks @lakshyaag-tavily.
  • Web tools/Firecrawl: add Firecrawl as an onboard/configure search provider via a bundled plugin, expose explicit firecrawl_search and firecrawl_scrape tools, and align core web_fetch fallback behavior with Firecrawl base-URL/env fallback plus guarded endpoint fetches.
  • Models/OpenAI: add native forward-compat support for gpt-5.4-mini and gpt-5.4-nano in the OpenAI provider catalog, runtime resolution, and reasoning capability gates. Thanks @vincentkoc.
  • Control UI/chat: add an expand-to-canvas button on assistant chat bubbles and in-app session navigation from Sessions and Cron views. Thanks @BunsDev.
  • Control UI/appearance: unify theme border radii across Claw, Knot, and Dash, and add a Roundness slider to the Appearance settings so users can adjust corner radius from sharp to fully rounded. Thanks @BunsDev.
  • Control UI/usage: improve usage overview styling, localization, and responsive chat/context-notice presentation, including safer theme color handling and unclipped usage-header menus. (#51951) Thanks @BunsDev.
  • Control UI/usage: drop the empty session-detail placeholder card so the usage view stays single-column until a real session detail panel is selected. (#52013) Thanks @BunsDev.
  • Android/mobile: add a system-aware dark theme across onboarding and post-onboarding screens so the app follows the device theme through setup, chat, and voice flows. (#46249) Thanks @sibbl.
  • Android/Talk: move Talk speech synthesis behind gateway talk.speak, keep Talk secrets on the gateway, and switch Android playback to final-response audio instead of device-local ElevenLabs streaming. (#50849)
  • Android/nodes: add callLog.search plus shared Call Log permission wiring so Android nodes can search recent call history through the gateway. (#44073) Thanks @lixuankai.
  • Android/nodes: add sms.search plus shared SMS permission wiring so Android nodes can search device text messages through the gateway. (#48299) Thanks @lixuankai.
  • Telegram/apiRoot: add per-account custom Bot API endpoint support across send, probe, setup, doctor repair, and inbound media download paths so proxied or self-hosted Telegram deployments work end to end. (#48842) Thanks @Cypherm.
  • Telegram/topics: auto-rename DM forum topics on first message with LLM-generated labels, with per-account and per-DM autoTopicLabel overrides. (#51502) Thanks @Lukavyi.
  • Telegram/actions: add topic-edit for forum-topic renames and icon updates while sharing the same Telegram topic-edit transport used by the plugin runtime. (#47798) Thanks @obviyus.
  • Telegram/error replies: add a default-off channels.telegram.silentErrorReplies setting so bot error replies can be delivered silently across regular replies, native commands, and fallback sends. (#19776) Thanks @ImLukeF.
  • Feishu/cards: add structured interactive approval and quick-action launcher cards, preserve callback user and conversation context through routing, and keep legacy card-action fallback behavior so common actions can run without typing raw commands. (#47873) Thanks @Takhoffman.
  • Feishu/ACP: add current-conversation ACP and subagent session binding for supported DMs and topic conversations, including completion delivery back to the originating Feishu conversation. (#46819) Thanks @Takhoffman.
  • Feishu/streaming: add onReasoningStream and onReasoningEnd support to streaming cards, so /reasoning stream renders thinking tokens as markdown blockquotes in the same card — matching the Telegram channel's reasoning lane behavior. (#46029) Thanks @day253.
  • Feishu/cards: add identity-aware structured card headers and note footers for Feishu replies and direct sends, while keeping that presentation wired through the shared outbound identity path. (#29938) Thanks @nszhsl.
  • Plugins/Matrix: add allowBots room policy so configured Matrix bot accounts can talk to each other, with optional mention-only gating. Thanks @gumadeiras.
  • Plugins/Matrix: add per-account allowPrivateNetwork opt-in for private/internal homeservers, while keeping public cleartext homeservers blocked. Thanks @gumadeiras.
  • Plugins/MiniMax: add MiniMax-M2.7 and MiniMax-M2.7-highspeed models and update the default model from M2.5 to M2.7. (#49691) Thanks @liyuan97.
  • MiniMax/fast mode: map shared /fast and params.fastMode to MiniMax -highspeed models for M2.1, M2.5, and M2.7 API-key and OAuth runs. Thanks @vincentkoc.
  • Models/MiniMax defaults: raise bundled MiniMax M2.5/M2.7 context-window, max-token, and pricing metadata to the higher defaults shipped by the current upstream Pi SDK. Thanks @vincentkoc.
  • Models/MiniMax: add bundled MiniMax-M2, MiniMax-M2.1, and MiniMax-M2.1-highspeed catalog entries so OpenClaw's provider metadata and OAuth aliases stay aligned with the current upstream Pi SDK. Thanks @vincentkoc.
  • Plugins/MiniMax: merge the bundled MiniMax API and MiniMax OAuth plugin surfaces into a single default-on minimax plugin, while keeping legacy minimax-portal-auth config ids aliased for compatibility.
  • Agents/Pi compatibility: align OpenClaw's bundled MiniMax runtime behavior with the current upstream Pi 0.61.1 release so embedded runs stay in sync with the latest published Pi SDK semantics. Thanks @vincentkoc.
  • Models/GitHub Copilot: allow forward-compat dynamic model ids without code updates, while preserving configured provider and per-model overrides for those synthetic models. (#51325) Thanks @fuller-stack-dev.
  • xAI/models: sync the bundled Grok catalog to current Pi-backed IDs, limits, and pricing metadata, while keeping older Grok fast and 4.20 aliases resolving cleanly at runtime. Thanks @vincentkoc.
  • xAI/fast mode: map shared /fast and params.fastMode to the current xAI Grok fast model family so direct Grok runs can opt into the faster Pi-backed variants. Thanks @vincentkoc.
  • CLI/config: expand config set with SecretRef and provider builder modes, JSON/batch assignment support, and --dry-run validation with structured JSON output. (#49296) Thanks @joshavant.
  • Z.AI/models: sync the bundled GLM catalog to current Pi metadata, including newer 4.5/4.6 model families, updated multimodal entries, and current pricing and token limits. Thanks @vincentkoc.
  • Mistral/models: sync the bundled default Mistral metadata to current Pi pricing so the built-in default no longer advertises zero-cost usage. Thanks @vincentkoc.
  • Plugins/Xiaomi: switch the bundled Xiaomi provider to the /v1 OpenAI-compatible endpoint and add MiMo V2 Pro plus MiMo V2 Omni to the built-in catalog. (#49214) thanks @DJjjjhao.
  • Agents/compaction: notify users when followup auto-compaction starts and finishes, keeping those notices out of TTS and preserving reply threading for the real assistant reply. (#38805) Thanks @zidongdesign.
  • Memory/plugins: let the active memory plugin register its own system-prompt section while preserving cache-clear and snapshot-load prompt isolation. (#40126) Thanks @jarimustonen.
  • Gateway/health monitor: add configurable stale-event thresholds and restart limits, plus per-channel and per-account healthMonitor.enabled overrides, while keeping the existing global disable path on gateway.channelHealthCheckMinutes=0. (#42107) Thanks @rstar327.
  • Plugins/agent integrations: broaden the plugin surface for app-server integrations with channel-aware commands, interactive callbacks, inbound claims, and Discord/Telegram conversation binding support. (#45318) Thanks @huntharo and @vincentkoc.
  • Plugins/binding: add onConversationBindingResolved(...) so plugins can react immediately after bind approvals or denies without blocking channel interaction acknowledgements. (#48678) Thanks @huntharo.
  • Plugins/context engines: expose delegateCompactionToRuntime(...) on the public plugin SDK, refactor the legacy engine to use the shared helper, and clarify ownsCompaction delegation semantics for non-owning engines. (#49061) Thanks @jalehman.
  • Plugins/context engines: pass the embedded runner modelId into context-engine assemble() so plugins can adapt context formatting per model. (#47437) thanks @jscianna.
  • Plugins/context engines: add transcript maintenance rewrites for context engines, preserve active-branch transcript metadata during rewrites, and harden overflow-recovery truncation to rewrite sessions under the normal session write lock. (#51191) Thanks @jalehman.
  • Skills/prompt budget: preserve all registered skills via a compact catalog fallback before dropping entries when the full prompt format exceeds maxSkillsPromptChars. (#47553) Thanks @snese.
  • Hooks/workspace: keep repo-local <workspace>/hooks disabled until explicitly enabled, block workspace hook name collisions from shadowing bundled/managed/plugin hooks, and treat hooks.internal.load.extraDirs as trusted managed hook sources.
  • Security/plugins: reject remote marketplace manifest entries that expand installation outside the cloned marketplace repo, including external git/GitHub sources, HTTP archives, and absolute paths.
  • Gateway/docs: clarify that empty URL input allowlists are treated as unset, document allowUrl: false as the deny-all switch, and add regression coverage for the normalization path.
  • secrets: harden read-only SecretRef command paths and diagnostics. (#47794) Thanks @joshavant.
  • Scope message SecretRef resolution and harden doctor/status paths. (#48728) Thanks @joshavant.
  • Build/memory tools: emit dist/cli/memory-cli.js as a stable core entry so runtime memory_search loading no longer depends on hashed memory-cli-* bundle names. (#51759) Thanks @oliviareid-svg.
  • Plugins/testing: add a public openclaw/plugin-sdk/testing surface for plugin-author test helpers, and move bundled-extension-only test bridges out of extensions/ into private repo test helpers.
  • Agents/steering docs: update embedded Pi steering docs and runner comments for the current upstream behavior, where queued steering is injected after the active assistant turn finishes its tool calls instead of skipping the remaining tools mid-turn. Thanks @vincentkoc.
  • Doctor/refactor: start splitting doctor provider checks into src/commands/doctor/providers/* by extracting Telegram first-run and group allowlist warnings into a provider-specific module, keeping the current setup guidance and warning behavior intact. Thanks @vincentkoc.
  • Refactor/channels: remove the legacy channel shim directories and point channel-specific imports directly at the extension-owned implementations. (#45967) Thanks @scoootscooob.
  • Docs/Zalo: clarify the Marketplace-bot support matrix and config guidance so the Zalo channel docs match current Bot Creator behavior more closely. (#47552) Thanks @No898.
  • Docs/plugins: add the community DingTalk plugin listing to the docs catalog. (#29913) Thanks @sliverp.
  • Docs/plugins: add the community QQbot plugin listing to the docs catalog. (#29898) Thanks @sliverp.
  • Docs/plugins: add the community wecom plugin listing to the docs catalog. (#29905) Thanks @sliverp.

Fixes

  • Web tools/search provider lists: keep onboarding, configure, and docs provider lists alphabetical while preserving the separate runtime auto-detect precedence used for credential-based provider selection.
  • Media/Windows security: block remote-host file:// media URLs and UNC/network paths before local filesystem resolution in core media loading and adjacent prompt/sandbox attachment seams, so the next release no longer allows structured local-media inputs to trigger outbound SMB credential handshakes on Windows. Thanks @RacerZ-fighting for reporting.
  • Gateway/discovery: fail closed on unresolved Bonjour and DNS-SD service endpoints in CLI discovery, onboarding, and gateway status so TXT-only hints can no longer steer routing or SSH auto-target selection. Thanks @nexrin for reporting.
  • Security/pairing: bind iOS setup codes to the intended node profile and reject first-use bootstrap redemption that asks for broader roles or scopes. Thanks @tdjackey.
  • Memory/core tools: register memory_search and memory_get independently so one unavailable memory tool no longer suppresses the other in new sessions. (#50198) Thanks @artwalker.
  • Web tools/Exa: align the bundled Exa plugin with the current Exa API by supporting newer search types and richer contents options, while fixing the result-count cap to honor Exa's higher limit. Thanks @vincentkoc.
  • Plugins/Matrix: move bundled plugin KeyedAsyncQueue imports onto the stable plugin-sdk/core surface so Matrix Docker/runtime builds do not depend on the brittle keyed-async-queue subpath. Thanks @ecohash-co and @vincentkoc.
  • Nostr/security: enforce inbound DM policy before decrypt, route Nostr DMs through the standard reply pipeline, and add pre-crypto rate and size guards so unknown senders cannot bypass pairing or force unbounded crypto work. Thanks @kuranikaran.
  • Synology Chat/security: keep reply delivery bound to stable numeric user_id by default, and gate mutable username/nickname recipient lookup behind dangerouslyAllowNameMatching with new regression coverage. Thanks @nexrin.
  • Agents/default timeout: raise the shared default agent timeout from 600s to 48h so long-running ACP and agent sessions do not fail unless you configure a shorter limit.
  • Gateway/startup: load bundled channel plugins from compiled dist/extensions entries in built installs, so gateway boot no longer recompiles bundled extension TypeScript on every startup and WhatsApp-class cold starts drop back to seconds instead of tens of seconds or worse. (#47560) Thanks @ngutman.
  • Gateway/startup: prewarm the configured primary model before channel startup and retry one transient provider-runtime miss so the first Telegram or Discord message after boot no longer fails with Unknown model: openai-codex/gpt-5.4. Thanks @vincentkoc.
  • CLI/startup: lazy-load channel add and root help startup paths to trim avoidable RSS and help latency on constrained hosts. (#46784) Thanks @vincentkoc.
  • Configure/startup: move outbound send-deps resolution into a lightweight helper so openclaw configure no longer stalls after the banner while eagerly loading channel plugins. (#46301) Thanks @scoootscooob.
  • CLI/auth choice: lazy-load plugin/provider fallback resolution so mapped auth choices stay on the static path and only unknown choices pay the heavy provider load. (#47495) Thanks @vincentkoc.
  • Gateway/Discord startup: load only configured channel plugins during gateway boot, and lazy-load Discord provider/session runtime setup so startup stops importing unrelated providers and trims cold-start delay. Thanks @vincentkoc.
  • Agents/inbound: lazy-load media and link understanding for plain-text turns and cache synced auth stores by auth-file state so ordinary inbound replies avoid unnecessary startup churn. Thanks @vincentkoc.
  • Agents/openai-compatible tool calls: deduplicate repeated tool call ids across live assistant messages and replayed history so OpenAI-compatible backends no longer reject duplicate tool_call_id values with HTTP 400. (#40996) Thanks @xaeon2026.
  • Agents/openai-responses: strip prompt_cache_key and prompt_cache_retention for non-OpenAI-compatible Responses endpoints while keeping them on direct OpenAI and Azure OpenAI paths, so third-party OpenAI-compatible providers no longer reject those requests with HTTP 400. (#49877) Thanks @ShaunTsai.
  • Models/openai-completions: default non-native OpenAI-compatible providers to omit tool-definition strict fields unless users explicitly opt back in, so tool calling keeps working on providers that reject that option. (#45497) Thanks @sahancava.
  • Models/OpenRouter runtime capabilities: fetch uncatalogued OpenRouter model metadata on first use so newly added vision models keep image input instead of silently degrading to text-only, with top-level capability field fallbacks for /api/v1/models. (#45824) Thanks @DJjjjhao.
  • Control UI/session routing: preserve established external delivery routes when webchat views or sends in externally originated sessions, so subagent completions still return to the original channel instead of the dashboard. (#47797) Thanks @brokemac79.
  • Telegram/replies: set allow_sending_without_reply on reply-targeted sends and media-error notices so deleted parent messages no longer drop otherwise valid replies. (#52524) Thanks @moltbot886.
  • Telegram/polling: hard-timeout stuck getUpdates requests so wedged network paths fail over sooner instead of waiting for the polling stall watchdog. Thanks @vincentkoc.
  • Android/location: make current-location requests drop late callbacks after timeout instead of crashing with Already resumed. (#52318) Thanks @Kaneki-x.
  • Android/pairing: resolve portless secure setup URLs to 443 while preserving direct cleartext gateway defaults and explicit :80 manual endpoints in onboarding. (#43540) Thanks @fmercurio.
  • Android/canvas: ignore bridge messages from pages outside the bundled scaffold and trusted A2UI surfaces. Thanks @vincentkoc.
  • CLI/status: keep status --json stdout clean by skipping plugin compatibility scans that were not rendered in the JSON payload. (#52449) Thanks @cgdusek.
  • WhatsApp/reconnect: restore the append recency filter in the extension inbox monitor and handle protobuf Long timestamps correctly, so fresh post-reconnect append messages are processed while stale history sync stays suppressed. (#42588) Thanks @MonkeyLeeT.
  • WhatsApp/login: wait for pending creds writes before reopening after Baileys 515 pairing restarts in both QR login and channels login flows, and keep the restart coverage pinned to the real wrapped error shape plus per-account creds queues. (#27910) Thanks @asyncjason.
  • Android/canvas: serialize A2UI action-status event strings before evaluating WebView JS, so action ids and multiline errors do not break the callback dispatch. (#43784) Thanks @Kaneki-x.
  • Android/camera: recycle intermediate and final snap bitmaps in camera.snap so repeated captures do not leak native image memory. (#41902) Thanks @Kaneki-x.
  • Control UI/logging: make browser-safe logger imports avoid eager temp-dir resolution so the bundled Control UI no longer crashes to a blank screen when logging reaches tmp-openclaw-dir. (#48469) Fixes #48062. Thanks @7inspire.
  • Control UI/chat sessions: show human-readable labels in the grouped session dropdown again, keep unique scoped fallbacks when metadata is missing, and disambiguate duplicate labels only when needed. (#45130) Thanks @luzhidong.
  • Telegram/replies: ignore malformed non-string reply text and caption fields when describing reply context, so unexpected Telegram reply payloads no longer break inbound context assembly. (#50500) Thanks @p3nchan.
  • Control UI/dashboard: preserve structured gateway shutdown reasons across restart disconnects so config-triggered restarts no longer fall back to disconnected (1006): no reason. (#46580) Fixes #46532. Thanks @vincentkoc.
  • Android/chat: theme the thinking dropdown and TLS trust dialogs explicitly so popup surfaces match the active app theme instead of falling back to mismatched Material defaults.
  • Node/startup: remove leftover debug console.log("node host PATH: ...") that printed the resolved PATH on every openclaw node run invocation. (#46515) Fixes #46411. Thanks @ademczuk.
  • Slack/startup: harden @slack/bolt import interop across current bundled runtime shapes so Slack monitors no longer crash with App is not a constructor after plugin-sdk bundling changes. (#45953) Thanks @merc1305.
  • Control UI/model switching: preserve the selected provider prefix when switching models from the chat dropdown, so multi-provider setups no longer send anthropic/gpt-5.2-style mismatches when the user picked openai/gpt-5.2. (#47581) Thanks @chrishham.
  • Control UI/storage: scope persisted settings keys by gateway base path, with migration from the legacy shared key, so multiple gateways under one domain stop overwriting each other's dashboard preferences. (#47932) Thanks @bobBot-claw.
  • Control UI/overview: keep the language dropdown aligned with the persisted locale during dashboard startup so refreshing the page does not fall back to English before locale hydration completes. (#48019) Thanks @git-jxj.
  • macOS/node service startup: use openclaw node start/stop --json from the Mac app instead of the removed openclaw service node ... command shape, so current CLI installs expose the full node exec surface again. (#46843) Fixes #43171. Thanks @Br1an67.
  • ACP/gateway startup: use direct Telegram and Discord startup/status helpers instead of routing probes through the plugin runtime, and prepend the selected daemon Node bin dir to service PATH so plugin-local installs can still find npm and pnpm.
  • WhatsApp/active-listener: pin the active listener registry to a globalThis singleton so split WhatsApp bundle chunks share one listener map and outbound sends stop missing the registered session. (#47433) Thanks @clawdia67.
  • Gateway/probe: honor caller --timeout for active local loopback probes in gateway status, keep inactive remote-mode loopback probes fast, and clamp probe timers to JS-safe bounds so slow local/container gateways stop reporting false timeouts. (#47533) Thanks @MonkeyLeeT.
  • Config/startup: keep bundled web-search allowlist compatibility on a lightweight manifest path so config validation no longer pulls bundled web-search registry imports into startup, while still avoiding accidental auto-allow of config-loaded override plugins. (#51574) Thanks @RichardCao.
  • Gateway/chat.send: persist uploaded image references across reloads and compaction without delaying first-turn dispatch or double-submitting the same image to vision models. (#51324) Thanks @fuller-stack-dev.
  • Android/canvas: recycle captured and scaled snapshot bitmaps so repeated canvas snapshots do not leak native image memory. (#41889) Thanks @Kaneki-x.
  • Android/theme: switch status bar icon contrast with the active system theme so Android light mode no longer leaves unreadable light icons over the app header. (#51098) Thanks @goweii.
  • Gateway/openresponses: preserve assistant commentary and session continuity across hosted-tool /v1/responses turns, and emit streamed tool-call payloads before finalization so client tool loops stay resumable. (#52171) Thanks @CharZhou.
  • Android/Talk: serialize TalkModeManager player teardown so rapid interrupt/restart cycles stop double-releasing or overlapping TTS playback. (#52310) Thanks @Kaneki-x.
  • WhatsApp/reconnect: preserve the last inbound timestamp across reconnect attempts so the watchdog can still recycle linked-but-dead listeners after a restart instead of leaving them stuck connected forever.
  • Gateway/network discovery: guard LAN, tailnet, and pairing interface enumeration so WSL2 and restricted hosts degrade to missing-address fallbacks instead of crashing on uv_interface_addresses errors. (#44180, #47590)
  • Gateway/bonjour: suppress the non-fatal @homebridge/ciao IPv4-loss assertion during interface churn so WiFi/VPN/sleep-wake changes no longer take down the gateway. (#38628, #47159, #52431)
  • Browser/launch: stop forcing an extra blank tab on browser launch so managed browser startup no longer opens an unwanted empty page. (#52451) Thanks @rogerdigital.
  • CLI/onboarding: import static provider definitions directly for onboarding model/config helpers so those paths no longer pull provider discovery just for built-in defaults. (#47467) Thanks @vincentkoc.
  • Agents/exec: return plain-text failed tool output for timeouts and other non-success exec outcomes so models no longer parrot raw JSON error payloads back to users. (#52508) Thanks @martingarramon.
  • CLI/config: make config set --strict-json enforce real JSON, prefer JSON.parse with JSON5 fallback for machine-written cron/subagent stores, and relabel raw config surfaces as JSON/JSON5 to match actual compatibility. Related: #48415, #43127, #14529, #21332. Thanks @adhitShet and @vincentkoc.
  • CLI/Ollama onboarding: keep the interactive model picker for explicit openclaw onboard --auth-choice ollama runs so setup still selects a default model without reintroducing pre-picker auto-pulls. (#49249) Thanks @BruceMacD.
  • CLI/configure: clarify fresh-setup memory-search warnings so they say semantic recall needs at least one embedding provider, and scope the initial model allowlist picker to the provider selected in configure. Thanks @vincentkoc.
  • Mattermost/threading: honor replyToMode: "off" for already-threaded inbound posts so threaded follow-ups can fall back to top-level replies when configured. (#52543) Thanks @RichardCao.
  • Onboarding/custom providers: store Azure OpenAI and Azure AI Foundry custom endpoints with the Responses API config shape, normalized /openai/v1 base URLs, and Azure-safe defaults so TUI and agent runs work after setup. (#49543) Thanks @kunalk16.
  • CLI/completion: reduce recursive completion-script string churn and fix nested PowerShell command-path matching so generated nested completions resolve on PowerShell too. (#45537) Thanks @yiShanXin and @vincentkoc.
  • macOS/launch at login: stop emitting KeepAlive for the desktop app launch agent so OpenClaw no longer relaunches immediately after a manual quit while launch at login remains enabled. (#40213) Thanks @stablegenius49.
  • Mattermost/DM send: retry transient direct-channel creation failures for DM deliveries, with configurable backoff and per-request timeout. (#42398) Thanks @JonathanJing.
  • Secrets/exec refs: require explicit --allow-exec for secrets apply write plans that contain exec SecretRefs/providers, and align audit/configure/apply dry-run behavior to skip exec checks unless opted in to prevent unexpected command side effects. (#49417) Thanks @restriction and @joshavant.
  • Signal/runtime API: re-export SignalAccountConfig so Signal account resolution type-checks again. (#49470) Thanks @scoootscooob.
  • Google Chat/runtime API: thin the private runtime barrel onto the curated public SDK surface while keeping public Google Chat exports intact. (#49504) Thanks @scoootscooob.
  • Onboarding/custom providers: keep Azure AI Foundry *.services.ai.azure.com custom endpoints on the selected compatibility path instead of forcing Responses, so chat-completions Foundry models still work after setup. Fixes #50528. (#50535) Thanks @obviyus.
  • make openclaw update status explicitly say up to date when the local version already matches npm latest, while keeping the availability logic unchanged. (#51409) Thanks @dongzhenye.
  • Agents/embedded transport errors: distinguish common network failures like connection refused, DNS lookup failure, and interrupted sockets from true timeouts in embedded-run user messaging and lifecycle diagnostics. (#51419) Thanks @scoootscooob.
  • Security/pairing: bind iOS setup codes to the intended node profile and reject first-use bootstrap redemption that asks for broader roles or scopes. Thanks @tdjackey.
  • Nostr/security: enforce inbound DM policy before decrypt, route Nostr DMs through the standard reply pipeline, and add pre-crypto rate and size guards so unknown senders cannot bypass pairing or force unbounded crypto work. Thanks @kuranikaran.
  • Synology Chat/security: keep reply delivery bound to stable numeric user_id by default, and gate mutable username/nickname recipient lookup behind dangerouslyAllowNameMatching with new regression coverage. Thanks @nexrin.
  • Browser/node proxy: enforce nodeHost.browserProxy.allowProfiles across query.profile and body.profile, block proxy-side profile create/delete when the allowlist is set, and keep the default full proxy surface when the allowlist is empty.
  • Security/device pairing: harden device.token.rotate deny handling by keeping public failures generic while logging internal deny reasons and preserving approved-baseline enforcement. (GHSA-7jrw-x62h-64p8)
  • Security/exec safe bins: remove jq from the default safe-bin allowlist and fail closed on the jq env builtin when operators explicitly opt jq back in, so jq -n env cannot dump host secrets without an explicit trust path. Thanks @gladiator9797 for reporting.
  • Security/exec approvals: escape blank Hangul filler code points in approval prompts across gateway/chat and the macOS native approval UI so visually empty Unicode padding cannot hide reviewed command text.
  • Security/exec approvals: unify transparent dispatch-wrapper handling across resolution and allow-always persistence so wrapper metadata cannot silently drift and broaden approvals.
  • Security/exec: harden macOS allowlist resolution against wrapper and env spoofing, require fresh approval for inline interpreter eval with tools.exec.strictInlineEval, wrap Discord guild message bodies as untrusted external content, and add audit findings for risky exec approval and open-channel combinations.
  • Security/network: harden explicit-proxy SSRF pinning by translating target-hop transport hints onto HTTPS proxy tunnels and failing closed for plain HTTP guarded fetches that cannot preserve pinned DNS.
  • Security/Synology Chat: require explicit per-account webhook paths for multi-account setups by default, reject duplicate exact webhook paths fail-closed, and keep inherited-path behavior behind an explicit dangerous opt-in so shared routes can no longer collapse DM policy contexts across accounts. Thanks @tdjackey for reporting.
  • Browser/remote CDP: honor strict browser SSRF policy during remote CDP reachability and /json/version discovery checks, redact sensitive cdpUrl tokens from status output, and warn when remote CDP targets private/internal hosts.
  • Media/security: bound remote-media error-body snippets with the same streaming caps and idle timeouts as successful downloads, so malicious HTTP error responses cannot force unbounded buffering before OpenClaw throws.
  • Gateway/auth: ignore spoofed loopback hops in trusted forwarding chains and block device approvals that request scopes above the caller session. (#46800) Thanks @vincentkoc.
  • Gateway/auth: clear self-declared scopes for device-less trusted-proxy Control UI sessions so proxy-authenticated connects cannot claim admin or secrets scopes without a bound device identity.
  • Hardening: refresh stale device pairing requests and pending metadata (#50695) Thanks @smaeljaish771 and @joshavant.
  • Gateway/auth: add regression coverage that keeps device-less trusted-proxy Control UI sessions off privileged pairing approval RPCs. Thanks @vincentkoc.
  • Media/Windows security: block remote-host file:// media URLs and UNC/network paths before local filesystem resolution in core media loading and adjacent prompt/sandbox attachment seams, so the next release no longer allows structured local-media inputs to trigger outbound SMB credential handshakes on Windows. Thanks @RacerZ-fighting for reporting.
  • Web tools/Exa: align the bundled Exa plugin with the current Exa API by supporting newer search types and richer contents options, while fixing the result-count cap to honor Exa's higher limit. Thanks @vincentkoc.
  • Agents/default timeout: raise the shared default agent timeout from 600s to 48h so long-running ACP and agent sessions do not fail unless you configure a shorter limit.
  • CLI: avoid loading provider discovery during startup model normalization. (#46522) Thanks @ItsAditya-xyz and @vincentkoc.
  • Agents/Telegram: avoid rebuilding the full model catalog on ordinary inbound replies so Telegram message handling no longer pays multi-second core startup latency before reply generation. Thanks @vincentkoc.
  • Agents/models: cache models.json readiness by config and auth-file state so embedded runner turns stop paying repeated model-catalog startup work before replies. Thanks @vincentkoc.
  • Gateway/status: tolerate network interface discovery failures in status, onboarding control-UI links, and self-presence display paths so those surfaces fall back cleanly instead of crashing. (#52195) Thanks @meng-clb.
  • Gateway/Linux: auto-detect nvm-managed Node TLS CA bundle needs before CLI startup and refresh installed services that are missing NODE_EXTRA_CA_CERTS. (#51146) Thanks @GodsBoy.
  • Google auth/Node 25: patch gaxios to use native fetch without injecting globalThis.window, while translating proxy and mTLS transport settings so Google Vertex and Google Chat auth keep working on Node 25. (#47914) Thanks @pdd-cli.
  • Gateway/status: resolve env-backed gateway.auth.* SecretRefs before read-only probe auth checks so status no longer reports false probe failures when auth is configured through SecretRef. (#52513) Thanks @CodeForgeNet.
  • Gateway/plugins: pin runtime webhook routes to the gateway startup registry so channel webhooks keep working across plugin-registry churn, and make plugin auth + dispatch resolve routes from the same live HTTP-route registry. (#47902) Fixes #46924 and #47041. Thanks @steipete.
  • Gateway/restart: defer externally signaled unmanaged restarts through the in-process idle drain, and preserve the restored subagent run as remap fallback during orphan recovery so resumed sessions do not duplicate work. (#47719) Thanks @joeykrug.
  • Telegram/setup: seed fresh setups with channels.telegram.groups["*"].requireMention=true so new bots stay mention-gated in groups unless you explicitly open them up. Thanks @vincentkoc.
  • Inbound policy hardening: tighten callback and webhook sender checks across Mattermost and Google Chat, match Nextcloud Talk rooms by stable room token, and treat explicit empty Twitch allowlists as deny-all. (#46787) Thanks @zpbrent, @ijxpwastaken and @vincentkoc.
  • Webhooks/runtime: move auth earlier and tighten pre-auth body limits and timeouts across bundled webhook handlers, including slow-body handling for Mattermost slash commands. (#46802) Thanks @vincentkoc.
  • Email/webhook wrapping: sanitize sender and subject metadata before external-content wrapping so metadata fields cannot break the wrapper structure. (#46816) Thanks @vincentkoc.
  • Gateway/chat: only reap orphaned stale chat buffers after the abort controller is gone, and clear abort-time streaming metadata so long-running sessions do not lose buffered output while stale maps still get reclaimed. (#52428) Thanks @karanuppal.
  • Tools/apply-patch: revalidate workspace-only delete and directory targets immediately before mutating host paths. (#46803) Thanks @vincentkoc.
  • Gateway/config views: strip embedded credentials from URL-based endpoint fields before returning read-only account and config snapshots. (#46799) Thanks @vincentkoc.
  • ACP/approvals: use canonical tool identity for prompting decisions and fail closed when conflicting tool identity hints are present. (#46817) Thanks @zpbrent and @vincentkoc.
  • ACP: require admin scope for mutating internal actions. (#46789) Thanks @tdjackey and @vincentkoc.
  • Subagents/follow-ups: require the same controller ownership checks for /subagents send as other control actions, so leaf sessions cannot message nested child runs they do not control. (#46801) Thanks @vincentkoc.
  • Web search/onboarding: clarify provider labels, key prompts, and missing-key notes so setup/configure more clearly names the required provider credential for Gemini, Kimi, Grok, Brave Search, Firecrawl, Perplexity, and Tavily. Thanks @vincentkoc.
  • macOS/canvas actions: keep unattended local agent actions on trusted in-app canvas surfaces only, and stop exposing the deep-link fallback key to arbitrary page scripts. (#46790) Thanks @vincentkoc.
  • Agents/compaction: extend the enclosing run deadline once while compaction is actively in flight, and abort the underlying SDK compaction on timeout/cancel so large-session compactions stop freezing mid-run. (#46889) Thanks @asyncjason.
  • Gateway/Telegram shutdown: abort stalled Telegram polling fetches on shutdown, clean up per-cycle abort listeners, and keep the in-process watchdog ahead of supervisor stop timeouts so SIGTERM no longer leaves zombie gateways behind. (#51242) Thanks @juliabush.
  • Telegram/setup: warn when setup leaves DMs on pairing without an allowlist, and show valid account-scoped remediation commands. (#50710) Thanks @ernestodeoliveira.
  • Doctor/Telegram: replace the fresh-install empty group-allowlist false positive with first-run guidance that explains DM pairing approval and the next group setup steps, so new Telegram installs get actionable setup help instead of a broken-config warning. Thanks @vincentkoc.
  • Doctor/extensions: keep Matrix DM allowFrom repairs on the canonical dm.allowFrom path and stop treating Zalouser group sender gating as if it fell back to allowFrom, so doctor warnings and --fix stay aligned with runtime access control. Thanks @vincentkoc.
  • Doctor/refactor: centralize built-in channel doctor semantics in one static capability registry with conservative fallback behavior for unknown/external channels, so future extension changes stop depending on scattered shared string checks. Thanks @vincentkoc.
  • Channels/plugins: keep shared interactive payloads merge-ready by fixing Slack custom callback routing and repeat-click dedupe, allowing interactive-only sends, and preserving ordered Discord shared text blocks. (#47715) Thanks @vincentkoc.
  • Slack/interactive replies: preserve channelData.slack.blocks through live DM delivery and preview-finalized edits so Block Kit button and select directives render instead of falling back to raw text. (#45890) Thanks @vincentkoc.
  • Feishu/actions: expand the runtime action surface with message read/edit, explicit thread replies, pinning, and operator-facing chat/member inspection so Feishu can operate more of the workspace directly. (#47968) Thanks @Takhoffman.
  • Feishu/topic threads: fetch full thread context, including prior bot replies, when starting a topic-thread session so follow-up turns in Feishu topics keep the right conversation state. (#45254) Thanks @Coobiw.
  • Feishu/media: keep native image, file, audio, and video/media handling aligned across outbound sends, inbound downloads, thread replies, directory/action aliases, and capability docs so unsupported areas are explicit instead of implied. (#47968) Thanks @Takhoffman.
  • Feishu/webhooks: harden signed webhook verification to use constant-time signature comparison and keep malformed short signatures fail-closed in webhook E2E coverage.
  • Telegram/message send: forward --force-document through the sendPayload path as well as sendMedia, so Telegram payload sends with channelData keep uploading images as documents instead of silently falling back to compressed photo sends. (#47119) Thanks @thepagent.
  • Telegram/message chunking: preserve spaces, paragraph separators, and word boundaries when HTML overflow rechunking splits formatted replies. (#47274) Thanks @obviyus.
  • Z.AI/onboarding: detect a working default model even for explicit zai-coding-* endpoint choices, so Coding Plan setup can keep the selected endpoint while defaulting to glm-5 when available or glm-4.7 as fallback. (#45969) Thanks @obviyus.
  • CI/onboarding smoke: surface ensure-base-commit fetch failures as workflow warnings and fail the onboarding Docker smoke when expected setup prompts drift instead of continuing silently. Thanks @Takhoffman.
  • Z.AI/onboarding: add glm-5-turbo to the default Z.AI provider catalog so onboarding-generated configs expose the new model alongside the existing GLM defaults. (#46670) Thanks @tomsun28.
  • Zalo Personal/group gating: stop reapplying dmPolicy.allowFrom as a sender gate for already-allowlisted groups when groupAllowFrom is unset, so any member of an allowed group can trigger replies while DMs stay restricted. (#46663) Fixes #40146. Thanks @Takhoffman.
  • Zalo/plugin runtime: export resolveClientIp from openclaw/plugin-sdk/zalo so installed builds no longer crash on startup when the webhook monitor loads from the packaged extension instead of the monorepo source tree. (#46549) Thanks @No898.
  • Docker/live tests: mount external CLI auth homes into writable container copies, derive Codex OAuth expiry from JWT exp, refresh synced CLI creds instead of trusting stale cached expiry, and make gateway live probes wait on transcript output so pnpm test:docker:all stays green in Linux.
  • Gateway/watch mode: restart on bundled-plugin package and manifest metadata changes, rebuild dist for extension source and tsdown.config.ts changes, and still ignore extension docs. (#47571) Thanks @gumadeiras.
  • Gateway/watch mode: recreate bundled plugin runtime metadata after clean or stale dist states, so pnpm gateway:watch no longer fails on missing dist/extensions/*/openclaw.plugin.json manifests after a rebuild. Thanks @gumadeiras.
  • Control UI: scope persisted session selection per gateway, prevent stale session bleed across tokenized gateway opens, and cap stored gateway session history. (#47453) Thanks @sallyom.
  • Models/OpenAI Codex OAuth: start the remote manual-input race for Codex login and keep the pasted-input prompt aligned with the actual accepted values, so remote/VPS auth no longer stalls waiting on an unreachable localhost callback. (#51631) Thanks @cash-echo-bot.
  • Group mention gating: reject invalid and unsafe nested-repetition mentionPatterns, reuse the shared safe config-regex compiler across mention stripping and detection, and cache strip-time regex compilation so noisy groups avoid repeated recompiles.
  • Browser/profiles: drop the auto-created chrome-relay browser profile; users who need the Chrome extension relay must now create their own profile via openclaw browser create-profile. (#46596) Fixes #45777. Thanks @odysseus0.
  • CI/channel test routing: move the built-in channel suites into test:channels and keep them out of test:extensions, so extension CI no longer fails after the channel migration while targeted test routing still sends Slack, Signal, and iMessage suites to the right lane. (#46066) Thanks @scoootscooob.
  • Gateway/config validation: stop treating the implicit default memory slot as a required explicit plugin config, so startup no longer fails with plugins.slots.memory: plugin not found: memory-core when memory-core was only inferred. (#47494) Thanks @ngutman.
  • Tlon: honor explicit empty allowlists and defer cite expansion. (#46788) Thanks @zpbrent and @vincentkoc.
  • Tlon/DM auth: defer cited-message expansion until after DM authorization and owner command handling, so unauthorized DMs and owner approval/admin commands no longer trigger cross-channel cite fetches before the deny or command path.
  • Gateway/agent events: stop broadcasting false end-of-run seq gap errors to clients, and isolate node-driven ingress turns with per-turn run IDs so stale tail events cannot leak into later session runs. (#43751) Thanks @caesargattuso.
  • Nodes/pending actions: re-check queued foreground actions against the current node command policy before returning them to the node. (#46815) Thanks @zpbrent and @vincentkoc.
  • Windows/gateway status: accept schtasks Last Result output as an alias for Last Run Result, so running scheduled-task installs no longer show Runtime: unknown. (#47844) Thanks @MoerAI.
  • ACP/acpx: resolve the bundled plugin root from the actual plugin directory so plugin-local installs stay under dist/extensions/acpx instead of escaping to dist/extensions and failing runtime setup. (#47601) Thanks @ngutman.
  • Gateway/WS handshake: raise the default pre-auth handshake timeout to 10 seconds and add OPENCLAW_HANDSHAKE_TIMEOUT_MS as a runtime override so busy local gateways stop dropping healthy CLI connections at 3 seconds. (#49262) Thanks @fuller-stack-dev.
  • Gateway/websocket pairing bypass for disabled auth: skip device-pairing enforcement for Control UI operator sessions when gateway.auth.mode=none, so reverse-proxied dashboards no longer get stuck on pairing required despite auth being explicitly disabled. (#47148) Thanks @ademczuk.
  • Agents/usage tracking: stop forcing supportsUsageInStreaming: false on non-native OpenAI-completions providers so compatible backends report token usage and cost again instead of showing all zeros. (#46500) Fixes #46142. Thanks @ademczuk.
  • ACP/acpx: keep plugin-local backend installs under extensions/acpx in live repo checkouts so rebuilds no longer delete the runtime binary, and avoid package-lock churn during runtime repair.
  • Agents/compaction: rerun transcript repair after session.compact() so orphaned tool_result blocks cannot survive compaction and break later Anthropic requests. (#16095) thanks @claw-sylphx.
  • Agents/compaction: trigger overflow recovery from the tool-result guard once post-compaction context still exceeds the safe threshold, so long tool loops compact before the next model call hard-fails. (#29371) thanks @keshav55.
  • macOS/exec approvals: harden exec-host request HMAC verification to use a timing-safe compare and keep malformed or truncated signatures fail-closed in focused IPC auth coverage.
  • Gateway/exec approvals: surface requested env override keys in gateway-host approval prompts so operators can review surviving env context without inheriting noisy base host env.
  • Telegram/network: preserve sticky IPv4 fallback state across polling restarts so hosts with unstable IPv6 to api.telegram.org stop re-triggering repeated Telegram timeouts after each restart. (#48282) Thanks @yassinebkr.
  • Agents/compaction: write minimal boundary summaries for empty preparations while keeping split-turn prefixes on the normal path, so no-summarizable-message sessions stop retriggering the safeguard loop. (#42215) thanks @lml2468.
  • Models/chat commands: keep /model ...@YYYYMMDD version suffixes intact by default, but still honor matching stored numeric auth-profile overrides for the same provider. (#48896) Thanks @Alix-007.
  • Gateway/channels: serialize per-account channel startup so overlapping starts do not boot the same provider twice, preventing MS Teams EADDRINUSE crash loops during startup and restart. (#49583) Thanks @sudie-codes.
  • Discord: enforce strict DM component allowlist auth (#49997) Thanks @joshavant.
  • Stabilize plugin loader and Docker extension smoke (#50058) Thanks @joshavant.
  • Telegram: stabilize pairing/session/forum routing and reply formatting tests (#50155) Thanks @joshavant.
  • Gateway: harden OpenResponses file-context escaping (#50782) Thanks @YLChen-007 and @joshavant.
  • LINE: harden Express webhook parsing to verified raw body (#51202) Thanks @gladiator9797 and @joshavant.
  • Exec: harden host env override handling across gateway and node (#51207) Thanks @gladiator9797 and @joshavant.
  • Voice Call: enforce spoken-output contract and fix stream TTS silence regression (#51500) Thanks @joshavant.
  • xAI/models: rename the bundled Grok 4.20 catalog entries to the GA IDs and normalize saved deprecated beta IDs at runtime so existing configs and sessions keep resolving. (#50772) thanks @Jaaneek
  • Agents/bootstrap warnings: move bootstrap truncation warnings out of the system prompt and into the per-turn prompt body so prompt-cache reuse stays stable when truncation warnings appear or disappear. (#48753) Thanks @scoootscooob and @obviyus.
  • Telegram/DM topic session keys: route named-account DM topics through the same per-account base session key across inbound messages, native commands, and session-state lookups so /status and thread recovery stop creating phantom agent:main:main:thread:... sessions. (#48204) Thanks @vincentkoc.
  • ACP/configured bindings: reinitialize configured ACP sessions that are stuck in error state instead of reusing the failed runtime.
  • Telegram/network: unify API and media fetches under the same sticky IPv4 and pinned-IP fallback chain, and re-validate pinned override addresses against SSRF policy. (#49148) Thanks @obviyus.
  • Agents/prompt composition: append bootstrap truncation warnings to the current-turn prompt and add regression coverage for stable system-prompt cache invariants. (#49237) Thanks @scoootscooob.
  • Synology Chat/multi-account: scope direct-message sessions by account and sender so identical webhook user_id values on different Synology accounts no longer share transcript or delivery state.
  • Telegram/security: add regression coverage proving pinned fallback host overrides stay bound to Telegram and delegate non-matching hostnames back to the original lookup path. Thanks @vincentkoc.
  • Tools/image generation: add bundled fal image generation support so image_generate can target fal/* models with FAL_KEY, including single-image edit flows via FLUX image-to-image. Thanks @vincentkoc.
  • Gateway/hooks: preserve immutable hook ingress provenance across async isolated-agent dispatch so normalized hook session routes keep external wrapping, Gmail-specific policy, and Gmail model selection intact.
  • Messages/polls: treat zero-valued poll params on message.send as unset defaults while keeping non-zero poll params on the poll validation path. (#52150) Fixes #52118. Thanks @Bartok9.
  • xAI/web search: add missing Grok credential metadata so the bundled provider registration type-checks again. (#49472) thanks @scoootscooob.
  • Agents/session cache: opportunistically sweep expired embedded-runner session cache entries during later cache activity, so one-shot session files do not accumulate forever. (#52427) Thanks @karanuppal.
  • WhatsApp: stabilize inbound monitor and setup tests (#50007) Thanks @joshavant.
  • Matrix: make onboarding status runtime-safe (#49995) Thanks @joshavant.
  • Channels: stabilize lane harness and monitor tests (#50167) Thanks @joshavant.
  • Agents/compaction: add an opt-in post-compaction session JSONL truncation step that drops summarized transcript entries while preserving the retained branch tail and live session metadata. (#41021) thanks @thirumaleshp.
  • Telegram/routing: fail loud when message send targets an unknown non-default Telegram accountId, instead of silently falling back to the channel-level bot token and sending through the wrong bot. (#50853) Thanks @hclsys.
  • Web search: align onboarding, configure, and finalize with plugin-owned provider contracts, including disabled-provider recovery, config-aware credential hooks, and runtime-visible summaries. (#50935) Thanks @gumadeiras.
  • Agents/replay: sanitize malformed assistant tool-call replay blocks before provider replay so follow-up Anthropic requests do not inherit the downstream replace crash. (#50005) Thanks @jalehman.
  • Discord/startup logging: report client initialization while the gateway is still connecting instead of claiming Discord is logged in before readiness is reached. (#51425) Thanks @scoootscoob.
  • Agents/compaction safeguard: preserve split-turn context and preserved recent turns when capped retry fallback reuses the last successful summary. (#27727) thanks @Pandadadadazxf.
  • Agents/memory flush: keep transcript-hash dedup active across memory-flush fallback retries so a write-then-throw flush attempt cannot append duplicate MEMORY.md entries before the fallback cycle completes. (#34222) Thanks @lml2468.
  • Discord/ACP: forward worker abort signals into ACP turns so timed-out Discord jobs cancel the running turn instead of silently leaving the bound ACP session working in the background.
  • ACP/Codex session replay: preserve hidden assistant thinking when loading or rebinding existing ACP sessions so stored thought chunks do not replay into visible assistant text. Thanks @vincentkoc.
  • Gateway/commands: keep internal chat.send slash-command UX while requiring operator.admin before internal callers can persist /exec defaults or mutate phone-control node policy through /phone arm|disarm.
  • Plugins/Matrix: move bundled plugin KeyedAsyncQueue imports onto the stable plugin-sdk/core surface so Matrix Docker/runtime builds do not depend on the brittle keyed-async-queue subpath. Thanks @ecohash-co and @vincentkoc.
  • Plugins/context engines: enforce owner-aware context-engine registration on both loader and public SDK paths so plugins cannot spoof privileged ownership, claim the core legacy engine id, or overwrite an existing engine id through direct SDK imports. (#47595) Thanks @vincentkoc.
  • Plugins/bundler TDZ: fix RESERVED_COMMANDS temporal dead zone error that prevented device-pair, phone-control, and talk-voice plugins from registering when the bundler placed the commands module after call sites in the same output chunk. Thanks @BunsDev.
  • Plugins/imports: fix stale googlechat runtime-api import paths and signal SDK circular re-exports broken by recent plugin-sdk refactors. Thanks @BunsDev.
  • Plugins/install precedence: keep bundled plugins ahead of auto-discovered globals by default, but let an explicitly installed plugin record win its own duplicate-id tie so installed channel plugins load from ~/.openclaw/extensions after openclaw plugins install. (#46722) Thanks @Takhoffman.
  • Plugins/scoped ids: preserve scoped plugin ids during install and config keying, and keep bundled plugins ahead of discovered duplicate ids by default so @scope/name plugins no longer collide with unscoped installs. (#47413) Thanks @vincentkoc.
  • Docs/Mintlify: fix MDX marker syntax on Perplexity, Model Providers, Moonshot, and exec approvals pages so local docs preview no longer breaks rendering or leaves stale pages unpublished. (#46695) Thanks @velvet-shark.
  • Plugins/runtime barrels: route bundled extension runtime imports through public openclaw/plugin-sdk/* subpaths and block relative cross-package escapes so packaged extensions stop depending on monorepo-only relative paths. (#51939) Thanks @vincentkoc.
  • Docs/security audit: spell out that gateway.controlUi.allowedOrigins: ["*"] is an explicit allow-all browser-origin policy and should be avoided outside tightly controlled local testing.
  • Plugins/subagents: preserve gateway-owned plugin subagent access across runtime, tool, and embedded-runner load paths so gateway plugin tools and context engines can still spawn and manage subagents after the loader cache split. (#46648) Thanks @jalehman.
  • Plugins/subagents: forward per-run provider and model overrides through gateway plugin subagent dispatch so plugin-launched agent delegations honor explicit model selection again. (#48277) Thanks @jalehman.
  • Tests/OpenAI Codex auth: align login expectations with the default gpt-5.4 model so CI coverage stays consistent with the current OpenAI Codex default. (#44367) Thanks @jrrcdev.
  • Plugins/Matrix TTS: send auto-TTS replies as native Matrix voice bubbles instead of generic audio attachments. (#37080) thanks @Matthew19990919.
  • Plugins/discovery: distinguish missing package entry files from package-path escape violations so startup skips absent plugin entry paths without raising false security diagnostics. (#52491) Thanks @hclsys.
  • Plugins/Matrix: accept shared send-tool media aliases (mediaUrl, filePath, path) and preserve asVoice / audioAsVoice through Matrix action dispatch so media-only sends and voice-message intents reach the plugin send layer correctly. Thanks @psacc and @vincentkoc.
  • Plugins/runtime-api: pin extension runtime-api export surfaces with explicit guardrail coverage so future surface creep becomes a deliberate diff. Thanks @vincentkoc.
  • Plugins/WhatsApp: share split-load singleton state for plugin command registration and active WhatsApp listeners so duplicate module graphs no longer lose native plugin commands or outbound listener state. (#50418) Thanks @huntharo.
  • Plugins/update: let openclaw plugins update <npm-spec> target tracked npm installs by dist-tag or exact version, and preserve the recorded npm spec for later id-based updates. (#49998) Thanks @huntharo.
  • Tests/CLI: reduce command-secret gateway test import pressure while keeping the real protocol payload validator in place, so the isolated lane no longer carries the heavier runtime-web and message-channel graphs. (#50663) Thanks @huntharo.
  • Gateway/plugins: share plugin interactive callback routing and plugin bind approval state across duplicate module graphs so Telegram Codex picker buttons and plugin bind approvals no longer fall through to normal inbound message routing. (#50722) Thanks @huntharo.
  • Plugins/context engines: retry strict legacy assemble() calls without the new prompt field when older engines reject it, preserving prompt-aware retrieval compatibility for pre-prompt plugins. (#50848) thanks @danhdoan.
  • Plugins/runtime state: share plugin-facing infra singleton state across duplicate module graphs and keep session-binding adapter ownership stable until the active owner unregisters. (#50725) thanks @huntharo.
  • Discord/pickers: keep /codex_resume --browse-projects picker callbacks alive in Discord by sharing component callback state across duplicate module graphs, preserving callback fallbacks, and acknowledging matched plugin interactions before dispatch. (#51260) Thanks @huntharo.
  • Memory/core tools: register memory_search and memory_get independently so one unavailable memory tool no longer suppresses the other in new sessions. (#50198) Thanks @artwalker.
  • Telegram/Mattermost message tool: keep plugin button schemas optional in isolated and cron sessions so plain sends do not fail validation when no current channel is active. (#52589) Thanks @tylerliu612.
Check out latest releases or
releases around openclaw 2026.3.22-beta.1

Don't miss a new openclaw release

NewReleases is sending notifications on new releases.

Get notifications