npm openclaw 2026.4.1
openclaw 2026.4.1
on Node.js NPM

6 hours ago

2026.4.1

Changes

  • Tasks/chat: add /tasks as a chat-native background task board for the current session, with recent task details and agent-local fallback counts when no linked tasks are visible. Related #54226. Thanks @vincentkoc.
  • Web search/SearXNG: add the bundled SearXNG provider plugin for web_search with configurable host support. (#57317) Thanks @cgdusek.
  • Amazon Bedrock/Guardrails: add Bedrock Guardrails support to the bundled provider. (#58588) Thanks @MikeORed.
  • macOS/Voice Wake: add the Voice Wake option to trigger Talk Mode. (#58490) Thanks @SmoothExec.
  • Feishu/comments: add a dedicated Drive comment-event flow with comment-thread context resolution, in-thread replies, and feishu_drive comment actions for document collaboration workflows. (#58497) Thanks @wittam-01.
  • Gateway/webchat: make chat.history text truncation configurable with gateway.webchat.chatHistoryMaxChars and per-request maxChars, while preserving silent-reply filtering and existing default payload limits. (#58900)
  • Agents/default params: add agents.defaults.params for global default provider parameters. (#58548) Thanks @lpender.
  • Agents/failover: cap prompt-side and assistant-side same-provider auth-profile retries for rate-limit failures before cross-provider model fallback, add the auth.cooldowns.rateLimitedProfileRotations knob, and document the new fallback behavior. (#58707) Thanks @Forgely3D
  • Cron/tools allowlist: add openclaw cron --tools for per-job tool allowlists. (#58504) Thanks @andyk-ms.
  • Channels/session routing: move provider-specific session conversation grammar into plugin-owned session-key surfaces, preserving Telegram topic routing and Feishu scoped inheritance across bootstrap, model override, restart, and tool-policy paths.
  • WhatsApp/reactions: add reactionLevel guidance for agent reactions. Thanks @mcaxtr.
  • Telegram/errors: add configurable errorPolicy and errorCooldownMs controls so Telegram can suppress repeated delivery errors per account, chat, and topic without muting distinct failures. (#51914) Thanks @chinar-amrutkar
  • ZAI/models: add glm-5.1 and glm-5v-turbo to the bundled Z.AI provider catalog. (#58793) Thanks @tomsun28
  • Agents/compaction: resolve agents.defaults.compaction.model consistently for manual /compact and other context-engine compaction paths, so engine-owned compaction uses the configured override model across runtime entrypoints. (#56710) Thanks @oliviareid-svg

Fixes

  • Chat/error replies: stop leaking raw provider/runtime failures into external chat channels, return a friendly retry message instead, and add a specific /new hint for Bedrock toolResult/toolUse session mismatches. (#58831) Thanks @ImLukeF.
  • Gateway/reload: ignore startup config writes by persisted hash in the config reloader so generated auth tokens and seeded Control UI origins do not trigger a restart loop, while real gateway.auth.* edits still require restart. (#58678) Thanks @yelog
  • Tasks/gateway: keep the task registry maintenance sweep from stalling the gateway event loop under synchronous SQLite pressure, so upgraded gateways stop hanging about a minute after startup. (#58670) Thanks @openperf
  • Tasks/status: hide stale completed background tasks from /status and session_status, prefer live task context, and show recent failures only when no active work remains. (#58661) Thanks @vincentkoc
  • Tasks/gateway: re-check the current task record before maintenance marks runs lost or prunes them, so a task heartbeat or cleanup update that lands during a sweep no longer gets overwritten by stale snapshot state.
  • Exec/approvals: honor exec-approvals.json security defaults when inline or configured tool policy is unset, and keep Slack and Discord native approval handling aligned with inferred approvers and real channel enablement so remote exec stops falling into false approval timeouts and disabled states. Thanks @scoootscooob and @vincentkoc.
  • Exec/approvals: make allow-always persist as durable user-approved trust instead of behaving like allow-once, reuse exact-command trust on shell-wrapper paths that cannot safely persist an executable allowlist entry, keep static allowlist entries from silently bypassing ask:"always", and require explicit approval when Windows cannot build an allowlist execution plan instead of hard-dead-ending remote exec. Thanks @scoootscooob and @vincentkoc.
  • Exec/cron: resolve isolated cron no-route approval dead-ends from the effective host fallback policy when trusted automation is allowed, and make openclaw doctor warn when tools.exec is broader than ~/.openclaw/exec-approvals.json so stricter host-policy conflicts are explicit. Thanks @scoootscooob and @vincentkoc.
  • Sessions/model switching: keep /model changes queued behind busy runs instead of interrupting the active turn, and retarget queued followups so later work picks up the new model as soon as the current turn finishes.
  • Gateway/HTTP: skip failing HTTP request stages so one broken facade no longer forces every HTTP endpoint to return 500. (#58746) Thanks @yelog
  • Gateway/nodes: stop pinning live node commands to the approved node-pair record. Node pairing remains a trust/token flow, while per-node system.run policy stays in that node's exec approvals config. Fixes #58824.
  • WebChat/exec approvals: use native approval UI guidance in agent system prompts instead of telling agents to paste manual /approve commands in webchat sessions. Thanks @vincentkoc.
  • Web UI/OpenResponses: preserve rewritten stream snapshots in webchat and keep OpenResponses final streamed text aligned when models rewind earlier output. (#58641) Thanks @neeravmakwana
  • Discord/inbound media: pass Discord attachment and sticker downloads through the shared idle-timeout and worker-abort path so slow or stuck inbound media fetches stop hanging message processing. (#58593) Thanks @aquaright1
  • Telegram/retries: keep non-idempotent sends on the strict safe-send path, retry wrapped pre-connect failures, and preserve 429 / retry_after backoff for safe delivery retries. (#51895) Thanks @chinar-amrutkar
  • Telegram/exec approvals: route topic-aware exec approval followups through Telegram-owned threading and approval-target parsing, so forum-topic approvals stay in the originating topic instead of falling back to the root chat. (#58783)
  • Telegram/local Bot API: preserve media MIME types for absolute-path downloads so local audio files still trigger transcription and other MIME-based handling. (#54603) Thanks @jzakirov
  • Channels/WhatsApp: pass inbound message timestamp to model context so the AI can see when WhatsApp messages were sent. (#58590) Thanks @Maninae
  • Channels/QQ Bot: keep /bot-logs export gated behind a truly explicit QQBot allowlist, rejecting wildcard and mixed wildcard entries while preserving the real framework command path. Thanks @vincentkoc.
  • Channels/plugins: keep bundled channel plugins loadable from legacy channels.<id> config even under restrictive plugin allowlists, and make openclaw doctor warn only on real plugin blockers instead of misleading setup guidance. (#58873) Thanks @obviyus
  • Plugins/bundled runtimes: restore externalized bundled plugin runtime dependency staging across packed installs, Docker builds, and local runtime staging so bundled plugins keep their declared runtime deps after the 2026.3.31 externalization change. (#58782)
  • LINE/runtime: resolve the packaged runtime contract from the built dist/plugins/runtime layout so LINE channels start correctly again after global npm installs on 2026.3.31. (#58799) Thanks @vincentkoc.
  • MiniMax/plugins: auto-enable the bundled MiniMax plugin for API-key auth/config so MiniMax image generation and other plugin-owned capabilities load without manual plugin allowlisting. (#57127) Thanks @tars90percent.
  • Ollama/model picker: show only Ollama models after provider selection in the CLI picker. (#55290) Thanks @Luckymingxuan.
  • CDP/profiles: prefer cdpPort over stale WebSocket URLs so browser automation reconnects cleanly. (#58499) Thanks @Mlightsnow.
  • Media/paths: resolve relative MEDIA paths against the agent workspace so local attachment references keep working. (#58624) Thanks @aquaright1.
  • Memory/session indexing: keep full reindexes from skipping session transcripts when sync is triggered by session-start or watch, so restart-driven reindexes preserve session memory. (#39732) Thanks @upupc
  • Memory/QMD: prefer --mask over --glob when creating QMD collections so default memory collections keep their intended patterns and stop colliding on restart. (#58643) Thanks @GitZhangChi.
  • Subagents/tasks: keep subagent completion and cleanup from crashing when task-registry writes fail, so a corrupt or missing task row no longer takes down the gateway during lifecycle finalization. Thanks @vincentkoc.
  • Sandbox/browser: compare browser runtime inspection against agents.defaults.sandbox.browser.image so openclaw sandbox list --browser stops reporting healthy browser containers as image mismatches. (#58759) Thanks @sandpile.
  • Plugins/install: forward --dangerously-force-unsafe-install through archive and npm-spec plugin installs so the documented override reaches the security scanner on those install paths. (#58879) Thanks @ryanlee-gemini.
  • Auto-reply/commands: strip inbound metadata before slash command detection so wrapped /model, /new, and /status commands are recognized. (#58725) Thanks @Mlightsnow.
  • Agents/Anthropic: preserve thinking blocks and signatures across replay, cache-control patching, and context pruning so compacted Anthropic sessions continue working instead of failing on later turns. (#58916) Thanks @obviyus
  • Agents/failover: unify structured and raw provider error classification so provider-specific 400/422 payloads no longer get forced into generic format failures before retry, billing, or compaction logic can inspect them. (#58856) Thanks @aaron-he-zhu.
  • Auth profiles/store: coerce misplaced SecretRef objects out of plaintext key and token fields during store load so agents without ACP runtime stop crashing on .trim() after upgrade. (#58923) Thanks @openperf.
  • ACPX/runtime: repair queue owner unavailable session recovery by replacing dead named sessions and resuming the backend session when ACPX exposes a stable session id, so the first ACP prompt no longer inherits a dead handle. (#58669) Thanks @neeravmakwana
  • ACPX/runtime: retry dead-session queue-owner repair without --resume-session when the reported ACPX session id is stale, so recovery still creates a fresh named session instead of failing session init. Thanks @obviyus.
  • Auth/OpenAI Codex: persist plugin-refreshed OAuth credentials to auth-profiles.json before returning them, so rotated Codex refresh tokens survive restart and stop falling into refresh_token_reused loops. (#53082)
  • Discord/gateway: hand reconnect ownership back to Carbon, keep runtime status aligned with close/reconnect state, and force-stop sockets that open without reaching READY so Discord monitors recover promptly instead of waiting on stale health timeouts. (#59019) Thanks @obviyus
Check out latest releases or
releases around openclaw 2026.4.1

Don't miss a new openclaw release

NewReleases is sending notifications on new releases.

Get notifications