2026.7.2
Highlights
- Remote coding sessions: run Control UI sessions on cloud workers, open Codex and Claude catalog sessions in terminals on their owning hosts, and resume OpenCode and Pi sessions directly in a terminal. (#107670, #107086, #107200)
- Native automation and nodes: bring Automations parity to mobile, add foreground Voice Wake on Android, and expose camera, location, and notification capabilities from headless Linux nodes. (#106355, #107081, #107193)
- Safer channel operation: prevent Telegram durable-ingress loss after restarts, keep Signal stop and approval controls responsive during active turns, and stop channel allowlists from granting owner access. (#107288, #107422, #107403) Thanks @obviyus, @arduano, and @yetval.
- Guided Control UI setup: configure model providers from Settings, onboard channels through a guided setup page, and choose images and models while creating sessions. (#106490, #106469, #107358) Thanks @alexandre-leng and @fuller-stack-dev.
- Gateway and session recovery: prevent restart admission from wedging the Gateway, recover reply sessions after finalization stalls, and keep one-shot cron jobs enabled through lifecycle claim races. (#107339, #106792, #107236) Thanks @obviyus, @joshavant, @charliemeyer2000, and @SL4N.
- Install and packaging: add Linux deb and AppImage bundles with Gateway guidance, publish them from stable main-based releases, and let Windows installs continue immediately after winget adds Node.js. (#106533, #106891, #106862)
Changes
- External gateway supervision: add
OPENCLAW_SUPERVISOR_MODE=externalfor lifecycle owners such as OCM, preserving verified restart and deferral behavior without exposing native service authority, blocking native service mutation and self-update, and providing a versioned atomic restart-handoff consume contract. Thanks @shakkernerd. - ClickClack guided setup: configure ClickClack from
openclaw onboardoropenclaw channels add clickclackwith URL, token, and workspace prompts, default-account env fallback, nonfatal live connection validation, and gateway-aware next steps that connect automatically when OpenClaw is already running. Thanks @shakkernerd. - ClickClack command menus: publish each bot's native OpenClaw commands to ClickClack composer autocomplete at gateway startup, with per-account opt-out and nonfatal compatibility handling for older tokens and servers. Thanks @shakkernerd and @vincentkoc.
- Skill Workshop approvals: run agent-initiated apply, reject, and quarantine actions without an additional approval prompt by default while preserving
skills.workshop.approvalPolicy: "pending"as an opt-in approval gate. Thanks @shakkernerd. - TUI fuzzy selectors: delegate list matching to pi-tui, adding slash-token and alpha-number matching while removing the local matcher fork.
- macOS paired-node terminals: advertise duplex Codex and Claude terminal resume commands from the embedded node host and forward interactive input and cancellation through the native app bridge. (#107335)
- Control UI catalog terminals: open eligible Codex and Claude Code sessions in the native CLI on their Gateway or paired-node host, with viewer-versus-terminal preferences, validated resume commands, and an interactive PTY relay. (#107086) Thanks @vincentkoc.
- Skill Workshop history review: add a manual, newest-first session scan that progressively searches older substantial work for conservative skill ideas, stores only SQLite cursor metadata, and leaves up to three results as pending proposals even when autonomous self-learning is disabled. (#106182)
- OpenAI GPT-5.6 defaults: use
openai/gpt-5.6(Sol alias) for fresh API-key setup and exactopenai/gpt-5.6-solfor fresh Codex/OAuth setup, default Sol to medium reasoning across both runtimes, and preserve existing primaries, fallbacks, aliases, and explicit GPT-5.5 selections. (#103234) - iOS offline chat: pre-paint recent sessions and canonical transcripts from a protected, bounded per-gateway cache, keep sending disabled offline, and purge cached conversation text when pairing is reset. (#100194)
- Slack progress indicators: use Slack's native assistant thread status and rotating loading messages by default while keeping acknowledgement reactions static; lifecycle reaction updates now require
messages.statusReactions.enabled: true. - Control UI Talk controls: keep voice, model, sensitivity, and other realtime defaults in Settings → Communications → Talk, and use the composer microphone caret to select any browser audio input. (#101046)
- Control UI session workspace shortcut: expand or collapse the active Chat pane's session workspace rail with ⇧⌘B without changing the main app sidebar or the separate detail and Canvas preview panel. Thanks @shakkernerd.
- Control UI Settings shortcut: open Settings with ⇧⌘, while leaving the browser-owned ⌘, shortcut unchanged. Thanks @shakkernerd.
- Control UI chat layout: center the transcript on the composer axis, keep assistant and tool output left and user bubbles right within the same readable frame, and preserve custom message-width overrides. (#104474) Thanks @shakkernerd, @vincentkoc, and @zw-xysk.
- Control UI composer footer: center the chat settings chip and model controls between the divider and the card edge instead of pinning them to the divider. (#105866)
- Control UI assistant actions: keep assistant name and time first while placing hover actions beside them on the left instead of at the far edge. Thanks @shakkernerd.
- Control UI message context: reveal per-message token, context, and model details from the timestamp on hover or activation instead of showing a separate Context button.
- Control UI session titles: reveal truncated recent-session names with a reduced-motion-safe hover animation.
- Control UI sidebar usage: remove the provider usage quota row from the expanded sidebar while keeping usage details available in the chat composer and Usage page. Thanks @shakkernerd and @vincentkoc.
- Workboard dispatch cap: add a request-scoped
--max-startsoverride while preserving the default cap, sequential starts, and one-card-per-owner guard. (#100174) Thanks @souvikDevloper, @Souvikalp, and @jwest75674. - Plugin install provenance warnings: require explicit
--forceacknowledgement for arbitrary executable plugin sources in CLI and chat installs, keep trusted ClawHub, bundled, official-catalog, and tracked-update flows frictionless, and restrict Crestodian installs to trusted sources. (#102197) Thanks @jesse-merhi. - Cloud workers: add session placement, dispatch, and worker-turn routing for remote session execution. (#106332)
- Paired-node coding agents: discover OpenCode and Pi sessions and continue Codex and Claude catalog sessions through streaming CLI agent runs. (#106941, #106927, #105833)
- Catalog sessions: create eligible catalog sessions directly from the Control UI sidebar. (#105810) Thanks @fuller-stack-dev.
- Managed worktrees: configure cleanup limits by count and total size from Settings. (#106224)
- Cron history: serve scheduled-run history from the task ledger. (#106392)
- Coding-agent memory: import Codex and Claude Code memory into the Control UI. (#106406)
- MCP isolation: scope MCP server connections to their requesting session. (#106359) Thanks @obviyus.
- Discord voice: notify agents when voice-channel participants change. (#107004)
- Codex usage: show the signed-in account email alongside app-server usage windows. (#106500)
- Skill Workshop: scan prior session history for conservative, reviewable skill ideas. (#106766)
- Task previews: show the latest tasks from the running-tasks status row. (#107297)
- Session changes: show the active branch and local changed-file state in Control UI sessions. (#106835)
- Channel progress: reserve progress drafts for long-running work and use the model's own preamble as the status headline. (#106026)
- Codex CLI: bump the bundled plugin to Codex CLI 0.144.4.
Fixes
- External supervisor restart health: accept device-identity policy closes only when the replacement gateway lock and listener PID agree, preventing OCM-managed restarts from timing out after a successful handoff. Thanks @shakkernerd.
- ACPX cleanup process inspection: bound host process-table reads so stalled
pscalls cannot hang gateway startup or session cleanup while retaining fail-closed ownership checks. Thanks @Alix-007. - Cron lifecycle conflict retries: preserve execution-phase retry decisions across scheduled, manual, and startup-recovered runs so post-execution claim conflicts cannot replay completed messages or tools. Fixes #108428. Thanks @yetval.
- Discord gateway metadata deadline: carry the existing lookup deadline through DNS and proxy preflight, request headers, and response bodies so stalled gateway startup aborts cleanly. (#104580) Thanks @hugenshen.
- Control UI cloud session thinking: expose reasoning level in the New Session model picker and persist the selected level before cloud dispatch.
- iOS fresh-install setup: atomically redact spent setup credentials before Keychain cleanup so a deferred item deletion no longer disconnects a successfully paired device. Fixes #107591 Thanks @dagmarjeeves-lab and @vincentkoc.
- Tlon SSE connect cleanup: disarm opening deadlines after failed HTTP responses and rejected stream opens so reconnect attempts cannot leave stale timers behind. (#104585) Thanks @hugenshen.
- LINE reply-token media kinds: honor video and audio metadata on inbound replies, share the canonical media builder with proactive sends, and fail visibly instead of recording empty media-only deliveries. (#106515) Thanks @edenfunf.
- Mattermost websocket connection deadlines: bound opening handshakes so stalled TCP peers cannot hang channel startup indefinitely and reconnect control resumes after timeout. (#105553) Thanks @hugenshen.
- Queued TTS retries: copy local outbound media into queue-owned storage before enqueueing so voice replies survive producer temp cleanup and restart recovery, retain referenced artifacts through retry backoff, and prune unreferenced spool files after one day. Fixes #108501. (#108502) Thanks @masatohoshino.
- Feishu app registration deadlines: bound OAuth device-registration requests to 10 seconds through the guarded fetch boundary so setup cannot hang indefinitely on stalled response headers. (#105549) Thanks @hugenshen.
- LINE control-command mentions: detect authorized slash commands before mention stripping so inline group and direct-message controls preserve the original ingress metadata. (#107230) Thanks @edenfunf.
- Feishu document image reads: bound remote document-image headers and stalled bodies with the selected account timeout, parse document Markdown through the plugin's MDAST pipeline, preserve image/block alignment, and reject failed upload input before creating empty image blocks. Thanks @Alix-007.
- ClawHub registry reads: retry bounded HTTP 500 responses alongside other transient gateway failures so multi-package release scans survive isolated registry errors.
- Slack Socket Mode health: report connected Socket Mode transports as degraded when
auth.testfails or the configured bot token resolves to a user withoutbot_id, while preserving healthy enterprise-org installs. Thanks @zw-xysk. - Synology Chat response limits: bound user-list response reads, stop oversized streams immediately, and retain stale cached identities when a NAS exceeds the supported envelope. Thanks @zw-xysk.
- Usage date ranges: exclude legacy transcript rows without timestamps from finite session ranges while preserving them in all-time totals, and rebuild older usage caches before serving the new semantics. Fixes #89709. Thanks @TurboTheTurtle.
- LINE group history races: retain ambient group messages received during an active mention turn for the next turn while consuming the pre-turn snapshot exactly once. (#107367) Thanks @edenfunf.
- Mattermost progress command details: accept the documented
streaming.preview.commandTextandstreaming.progress.commandTextmodes in channel config validation and bundled metadata. Thanks @shakkernerd. - 1Password authorization handoff: persist nonce-bound pending approvals in shared plugin state so hook and tool execution across broker instances remain single-use and fail closed.
- Control UI chat transcripts: preserve loaded history across session and pane returns, bound automatic backscroll loading, virtualize long transcripts, retain hidden native run boundaries, and keep prepends, streaming, and responsive layouts from flickering or jumping. Thanks @shakkernerd.
- Codex dynamic tool outcomes: use the shared tool-result failure contract for arbitrary lifecycle metadata, preventing successful Skill Workshop results from being displayed and persisted as failed calls. Fixes #107684. Thanks @shakkernerd.
- Codex
/statuscontext freshness: consume exact per-response usage from Codex app servers that emitrawResponse/completed; when exact usage is unavailable or omitted, keep context unknown instead of reusing cumulative lifetime totals. (#107813) Thanks @wuqxuan. - Nested resource ignores: honor slash-free patterns and escaped literal exclamation marks in nested ignore files during skill and resource discovery. Thanks @moguangyu5-design.
- Proxy bypass precedence: honor blank lower-case
no_proxyvalues shadowing upper-caseNO_PROXYconsistently with Undici, and reuse the canonical matcher for Telegram fallback selection. - Tokenjuice exec compaction: avoid retaining raw command output inside compacted middleware metadata, preventing large successful compactions from failing the middleware details-size guard.
- Agent git package identities: strip refs before hosted-repository parsing and reject traversal segments so GitLab branch refs resolve to the canonical managed install path. Thanks @vincentkoc.
- Tlon custom S3 uploads: pass storage endpoints through the AWS SDK's native parser so custom S3-compatible uploads no longer fail before presigning.
- Signal active-run controls: keep authorized stop, status, approval, and queue-read controls responsive during active turns while preserving ordinary and stateful turns in canonical session admission, and cancel every pending group sender lane on stop. (#107422) Thanks @arduano.
- Agent auth storage locks: surface normal release failures while avoiding redundant release attempts after
proper-lockfilereports a compromised lock. - Paired-node session catalogs: authorize bundled Anthropic and Codex catalog requests to invoke their read-only node commands from Control UI read flows, restoring remote Claude/Codex rows and terminal resume availability. Fixes #107406 Thanks @vincentkoc.
- Sandbox recreate confirmation: treat Clack cancellation as a decline so Ctrl-C cannot proceed with container removal.
- Microsoft Teams HTML text: decode HTML5 entities consistently in quoted and Graph-fetched messages while preserving literal escaped entity text.
- ClawHub plugin API ranges: delegate each supported comparator to
semverso tilde, partial-wildcard, and prerelease caret bounds are correct while preserving OpenClaw version normalization and the existing restricted range grammar. (#106877) - Web Readability relative links: seed parsed documents with the request URL so article links resolve correctly while removing the plugin's duplicate lazy-loader facade. (#106860)
- Browser auto-routing: fall back to the Gateway host when an implicitly selected browser node reports that its control host is unreachable, while preserving explicit node pins and ambiguous action failures.
- Discord voice participant context: maintain the live Gateway voice-state roster and include current channel participants in authorized voice agent turns so agents can answer who is present. Thanks @vincentkoc.
- OC Path JSONC insertion: patch object and array insertions through
jsonc-parserso comments, trailing commas, and CRLF formatting survive. (#106847) - Windows winget installs: continue in the current PowerShell session when winget installs Node.js before the machine PATH update becomes visible, avoiding a false
Node.js not foundfailure. (#106862) - Control UI realtime Talk feedback: request browser echo cancellation, noise suppression, and automatic gain control for every microphone transport, and keep PCM capture processors connected through zero-gain sinks so microphone input cannot play locally.
- Agent source-reply recovery: preserve current-chat delivery evidence for message sends executed through Code Mode, preventing successful replies from triggering a redundant retry and misleading delivery-failure diagnostic. Thanks @vincentkoc.
- Gateway in-process restarts: clear stale SIGUSR1 restart state and resume prepared host suspensions before rebuilding runtime admission, preventing restart cooldowns or paused scheduling from leaking into the next lifecycle. Thanks @vincentkoc.
- ClickClack durable media delivery: route media replies through required delivery, reuse owner-scoped upload and message nonces across retries, repair persisted attachment state without rereading source media, fail closed when an older ClickClack server cannot prove an unknown send, and use the selected provider and model's runtime output budget instead of a channel-level token cap. Thanks @jjjhenriksen and @shakkernerd.
- Deepgram realtime custom endpoints: validate Voice Call streaming base URLs with secret-safe errors, preserve explicit
ws://andwss://endpoints, and map HTTP schemes to their matching WebSocket transport for dedicated and self-hosted deployments. (#105334) Thanks @dwc1997, @vincentkoc, and @zw-xysk. - Control UI New Session reconnects: rediscover agents, nodes, repository branches, and folder-browser state, refresh derived workspaces, gate unvalidated devices, and block ambiguous retries after Gateway client replacement while preserving the typed task and explicit choices. Fixes #106372 Thanks @vincentkoc.
- macOS remote node readiness: take the main-session key from the node hello snapshot instead of opening an operator connection during node admission, preventing remote tunnel recovery from leaving Computer Use and node exec stuck in lifecycle transition.
- Claude CLI context budgets: honor Anthropic model and per-agent
contextTokenslimits by passing the effective limit to Claude Code's native auto-compactor and persisting the same prepared budget in OpenClaw session state. Fixes #80933. (#93198) Thanks @mushuiyu886 and @gorkem2020. - Transcript read failures: propagate permission and I/O failures from streaming JSONL session reads instead of treating unreadable transcripts as empty. (#106412) Thanks @zenglingbiao.
- Restart sentinel diagnostics: report SQLite read/write and legacy-file cleanup failures while preserving best-effort restart recovery behavior. (#106385) Thanks @zenglingbiao and @wendy-chsy.
- Native app connection and relay reliability: keep Android disconnects stopped across Activity recreation, fail remote camera commands without opening permission prompts, refresh mobile node registration after capability changes, surface iOS onboarding connection failures, cancel stale Talk owners on session switches, reject invalid Watch acknowledgments, preserve Watch events received during startup, and prevent older agent overview requests from replacing newer gateway state. Thanks @vincentkoc.
- Gateway source watch: hand the configured port off from the installed service before starting the tmux watcher, preserve failed panes for attach/capture, and keep explicit alternate-port watches side by side with the managed Gateway. Thanks @vincentkoc.
- Claude CLI max-turn diagnostics: preserve terminal max-turn results with OpenClaw and Claude session context, warn when tool actions may already have run, and stop unsafe auth-profile or model replay for potentially side-effecting turns. (#94130) Thanks @zhangguiping-xydt and @tdrose01.
- Provider network retries: align provider read/poll/download and agent-wait recovery for transient connection errors, retry bounded provider
ENOTFOUNDfailures while leaving gatewayENOTFOUNDand non-idempotent create operations fail-fast. (#101496) Thanks @xialonglee. - Session retry classification: stop permanent provider errors whose identifiers or payload details merely contain 429/5xx digit sequences from re-sending full context, and share bounded rate-limit-window parsing across retry paths. (#105258) Thanks @destire-mio and @yetval.
- LINE directive templates: suppress confirms and buttons with blank required fields or unlabeled actions while preserving valid titleless buttons and surrounding reply text. (#105520) Thanks @edenfunf.
- SQLite maintenance schema validation: reject current-version global and agent databases with missing or drifted canonical tables, constraints, indexes, triggers, or table options before compaction, while accepting supported additive-migration layouts.
- Matrix bootstrap diagnostics: preserve complete UTF-8 code points in bounded stdout and stderr tails so crypto dependency failures do not show replacement characters at retention boundaries. (#105475) Thanks @qingminlong.
- iOS Watch relay commands: allow paired iPhone nodes to advertise and invoke
watch.statusandwatch.notifythrough the default Gateway policy while preserving the direct watchOS node's fixed minimal command surface. Thanks @vincentkoc. - Swabble status config: honor the global
--configpath when reading service status instead of silently using the default configuration. - ClawHub retry timing: reject fractional delay-seconds and calendar-normalized invalid Retry-After dates so runtime and release reads stay on their bounded fallback schedule. (#105479) Thanks @qingminlong.
- Discord thread archive defaults: inherit each parent channel's configured auto-archive duration for binding-created threads instead of forcing 60 minutes, while preserving explicit overrides. (#103413) Thanks @wings1029.
- Installed plugin loading: make native-module fallback use jiti's transform path instead of retrying the same synchronous ESM load, preventing Node 24 startup races when official plugins import SDK contract modules. Thanks @vincentkoc.
- QA profile channel execution: partition mixed Crabline channel scenarios into one aggregate host suite so taxonomy-backed profile commands and evidence workflows no longer abort before execution.
- Plugin SDK API baseline: cover every public entrypoint, preserve complete declaration shapes without source-line churn, and run baseline and export-surface guards from changed-file validation. Thanks @vincentkoc and @zw-xysk.
- SQLite terminal session recovery: track physical transcript mutation time in the agent database so killed or timed-out main sessions rotate when transcript writes outlive the registry update, while preserving legacy transcript mtimes during doctor import. Thanks @vincentkoc.
- Gateway chat typecheck: import chat event types from their owning protocol schema after the retired aggregate type module was removed, restoring full project typechecks. Thanks @vincentkoc.
- Packaged Crabbox commands: include the lease-freshness helper imported by the published wrapper so
crabbox:*commands do not fail withERR_MODULE_NOT_FOUNDin npm installs. Thanks @vincentkoc. - Plugin session catalogs: reject unknown catalog filters, report catalogs as plugin capabilities, and preserve them in SDK registration captures instead of silently returning empty results or classifying catalog-only plugins as capability-free. Thanks @vincentkoc.
- Gateway service audit: treat POSIX shell
-cwrappers as opaque for the gateway-subcommand check, avoiding false missing-command warnings for shell-wrapped macOS LaunchAgents without parsing inner commands or ports. Fixes #81751. (#81778) Thanks @liaoandi. - Outbound channel bootstrap: suppress repeated failed plugin activation for the same channel, config, and registry generation while retrying after config or registry reloads. (#100377) Thanks @xialonglee.
- OpenAI Realtime client-secret deadlines: bound voice and transcription secret acquisition to 30 seconds through the guarded fetch boundary while preserving authentication and bounded response parsing. (#102860) Thanks @Alix-007 and @Leon-SK668.
- Gateway client watchdog: keep transport-stall detection active for unbounded and mixed pending requests so dead sockets reject pending requests, reconnect, and never replay rejected requests. (#103407) Thanks @NianJiuZst.
- iOS Share Extension drafts: preserve legitimate shared text beginning with scaffold-like prefixes, remove only exact legacy scaffold lines, avoid treating scheme-like prose as a URL, and deduplicate host-mirrored content. (#103453) Thanks @lin-hongkuan and @harjothkhara.
- Telegram reasoning previews: reposition split reasoning previews through deferred deletion so prior preview messages do not remain stale while preserving client scroll position. (#97828) Thanks @ly-wang19 and @kyle20026.
- Feishu native-card threading: normalize whitespace reply targets once and reuse the shared reply mode for card and media parts so native-card topic replies stay in their thread. (#102804) Thanks @sunlit-deng.
- QQBot token requests: bound token acquisition with the shared 30-second guarded-fetch deadline so stalled singleflight callers fail together, clean up, and can retry. (#102897) Thanks @maweibin.
- Canvas A2UI validation: reject malformed or unsupported JSONL at CLI, agent-tool, and final node-invoke boundaries while preserving native v0.8 dispatch. (#103713) Thanks @qingminglong.
- Twilio RCS inbound routing: normalize RCS consumer addresses only after signed webhook validation so sender matching and sessions work without changing outbound RCS semantics. (#102373) Thanks @clawSean.
- ClickClack output sanitization: strip internal tool and XML scaffolding at the sender boundary, suppress scaffold-only sends, and preserve optional modern delivery IDs. (#103142) Thanks @masatohoshino, @vincentkoc, and @zw-xysk.
- Agent-core truncation: avoid empty-output crashes when head truncation receives negative line or byte ceilings. (#103425) Thanks @qingminglong.
- Windows Node resolution: preserve the current executable when resolving bare case-insensitive
node.exeentries under hostilePATHvalues. (#103907) Thanks @soldforaloss and @vincentkoc. - Codex runtime switching: accept the bundled Codex runtime for both
codex/*andopenai/*model routes while keeping unsupported provider/runtime pairs rejected. (#103762) - Agent abort cleanup: serialize prompt lock reacquisition with terminal cleanup so canceled embedded runs do not self-contend on session locks for up to 60 seconds.
- Chutes OAuth deadlines: bound token exchange, profile lookup, and refresh requests, and keep issued tokens when optional userinfo enrichment stalls. (#102026) Thanks @Alix-007.
- Control UI workspace avatars: inline validated agent avatar files in bootstrap and identity responses so Personal card images render without unauthenticated avatar-route requests, while preserving configured emoji precedence. (#102892, #97602) Thanks @LZY3538 and @mtuwei.
- Exec safe-bin flags: auto-approve curated read-only boolean flags for default stdin-only filters while keeping unknown flags, tail follow/retry modes, file operands, and custom profiles fail-closed. (#88953) Thanks @yetval.
- iOS session mutations: scope rename, archive, pin, delete, and fork requests to the selected agent, preserving the parent agent for forked sessions so multi-agent chat actions cannot mutate or create sessions under the wrong agent. (#103366, #103415) Thanks @lin-hongkuan and @harjothkhara.
- Swift protocol initializers: default every schema-optional generated initializer parameter to
nilso additive protocol fields no longer break SDK construction call sites. - OpenCode Go MiMo catalog: stop exposing the deprecated
mimo-v2-omniandmimo-v2-proaliases that reject agent requests, and keep release validation on the active MiMo V2.5 routes. (#103311, #103329) Thanks @krissding. - Audit time filters: reject impossible calendar dates for
openclaw audit --afterand--beforeinstead of rolling them into unintended intervals, while preserving timezone-less timestamp semantics. (#103433) Thanks @qingminglong. - OpenAI-compatible streamed tool calls: execute complete native tool calls from streams that end with SSE
data: [DONE]but omitfinish_reason, while keeping transport EOF and visible-text cases fail-closed. (#98124, #97994) Thanks @SunnyShu0925 and @wszhhx. - xAI provider aliases: preserve Grok 4.3 and Grok 4.5 thinking profiles, fast-model routing, and encrypted reasoning replay when models use the shipped
x-aiprovider alias instead of clamping valid thinking requests tominimal. (#103315) - Doctor state isolation: prevent automated update and Gateway watch repair from importing and archiving default-home exec or plugin-binding approvals when
OPENCLAW_STATE_DIRpoints elsewhere, keep implicit CLI preflight notice-only, and reserve cross-state imports for direct operator doctor runs. (#103247, #103317) Thanks @vincentkoc. - Doctor clean-state guidance: stop suggesting
openclaw doctor --fixafter a clean run with no config changes while preserving targeted repair hints. (#103233) Thanks @kewang-pika and @nonplace. - Google music generation: retry one unblocked Lyria response that omits its contractually required audio while keeping prompt blocks and terminal generation stops non-retryable. (#103318)
- OpenCode Zen model catalog: refresh the provider-owned static seed for Claude Sonnet 5, Grok 4.5, Hy3 Free, Kimi K2.7 Code, and MiniMax M3 with verified routing, pricing, limits, and input capabilities, remove retired free-tier rows, and expose the same catalog through unauthenticated model listing. (#103184)
- Managed browser launch: surface asynchronous Chrome bootstrap and runtime spawn failures as browser errors while keeping Gateway alive, and retain process error handling through later lifecycle failures. Thanks @vincentkoc.
- Browser node-proxy downloads: transfer every action-produced download to the Gateway media store, align a 10 MiB per-file and 16 MiB aggregate transport budget, and rewrite plural download paths to Gateway-local files without traversing page-controlled result data.
- Gateway startup migrations: release the shared migration lease before exiting when the selected config changes during startup, allowing immediate retries instead of blocking readiness until the five-minute lease expires. (#103145)
- Apple timeout recovery: return promptly from shared operation deadlines and caller cancellation even when platform work ignores cancellation, while isolating late Gateway handshakes and cleaning up location and permission waiters. (#103066) Thanks @NianJiuZst.
- Claude CLI warm sessions: preserve managed stdio continuity when Claude writes no native transcript, fall back to bounded OpenClaw history only when the exact live child disappears or changes, and keep stateless runs from persisting CLI bindings. (#96841) Thanks @bradreaves.
- CLI plugin listing: skip state-migration runtime loading when no legacy inputs exist, reducing packaged cold-start memory while preserving migrations for legacy plugin indexes and configured session stores.
- Unicode-safe bounded text: preserve complete UTF-16 surrogate pairs when shortening previews, prompts, diagnostics, labels, session keys, link metadata, and identity values across Control UI, CLI, Gateway, plugins, QA, memory, and Android surfaces. (#102625, #102626, #102627, #102816, #102823, #102833, #102877, #102949, #102963, #102969, #102988, #103010, #103034, #103210, #103341, #103487, #103543, #103580, #103646) Thanks @zhangguiping-xydt, @wings1029, @wangyan2026, @Pandah97, @MoerAI, @SunnyShu0925, @zhangqueping, @zw-xysk, @cxbAsDev, @lzyyzznl, @coder-master-0915, @LeonidasLux, @mushuiyu886, @ly85206559, @Simon-XYDT, @lsr911, @vincentkoc, @chengzhichao-xydt, and @wangmiao0668000666.
- Cron list table: sanitize and size bounded cells by terminal display width so CJK, emoji, combining marks, and terminal-control input cannot corrupt alignment or output. (#103616) Thanks @mushuiyu886.
- CLI model tables: sanitize, truncate, and pad model-list cells by rendered terminal width so emoji, CJK, and other wide graphemes keep columns aligned. (#102819) Thanks @Kevin23-design and @vincentkoc.
- Skills prompt compaction: preserve every included skill identity before using the remaining prompt budget for shortened, UTF-16-safe descriptions, retaining trigger guidance without exceeding the hard limit. (#88426) Thanks @abel-zer0, @vincentkoc, @chengzhichao-xydt, @wangmiao0668000666, and @Pandah97.
- Channel Markdown code tables: size columns by rendered display width so CJK, emoji, and mixed-width cells stay aligned across shared Telegram and Discord output. (#55596, #55512) Thanks @sparkyrider and @zjy282.
- QQ Bot approval previews: wrap long sanitized commands and metadata at grapheme boundaries with visible continuation markers and safe fences, keeping desktop QQ reviews readable without changing command content. (#102119, #101979) Thanks @Bartok9 and @xuzhi5858.
- Codex computer control: publish fixed-length coordinate pairs as homogeneous array schemas so Codex app-server can start threads with the
computertool instead of rejecting tuple-valueditems. - Google Chat request deadlines: bound control calls to 30 seconds while giving media transfers size-aware total budgets and a separate 30-second stalled-body guard, preventing hung Chat API requests without breaking large attachment uploads. (#102227) Thanks @hugenshen.
- Google Gemini prefixed model IDs: recognize
google/gemini-*andmodels/gemini-*when selecting multimodal function-response behavior, preserving the Gemini 2 image fallback without regressing Gemini 3 inline image responses. (#102382) Thanks @LiLan0125 and @yetval. - Generated provider model catalogs: keep MiniMax and NVIDIA catalog rows when they advertise audio or video metadata while projecting runtime model inputs to text/image, preventing configured multimodal primaries from being dropped and falling back. (#97858, #97048) Thanks @ly-wang19 and @zackchiutw.
- DeepSeek catalog metadata: align V4 Flash and Pro pricing with DeepSeek's current cache-hit, cache-miss, and output rates; refresh exact catalog metadata written by older onboarding flows; and document the July 24 retirement of the legacy
deepseek-chatanddeepseek-reasonercompatibility names. (#103192) - CLI audio transcript files: treat inferred Whisper and Parakeet text files as authoritative so empty or missing output cannot expose progress/status stdout as user speech. (#87393, #87384) Thanks @kesslerio.
- Browser actions on Node 24: keep browser request cancellation bound to the client and response lifetime instead of Node 24.16+'s prematurely aborted body-stream signal, preventing valid POST actions from failing after JSON parsing. Thanks @obviyus and @vincentkoc.
- Android hardware keyboard chat: send with unmodified Enter on physical keyboards while preserving Shift+Enter and other modified Enter combinations for multiline input. (#101239) Thanks @3ninyt3nin-creator.
- Codex yielded native subagents: keep the parent app-server subscription and shared client alive until yielded native subagent completion delivery settles, preventing lost wakeups and leaked one-shot cleanup.
- Control UI session creation: keep newly created sessions at the front of the stable sidebar order after selecting another session. Thanks @shakkernerd.
- FTS-only memory startup: skip plugin capability discovery when
memorySearch.provideris explicitlynone, avoiding an unnecessary cold-start scan. - iOS embedded terminal: open the terminal-only Control surface directly while native Gateway authentication connects instead of exposing the Web UI login screen.
- Source build portability: keep tsdown configuration self-contained so builds do not depend on resolving the tsdown package from unrun's temporary module directory. Thanks @vincentkoc.
- Browser tab adoption: preserve the prior implicit tab and stable aliases when new MCP, Playwright, or CDP targets fail final safety validation, abort after creation, or cannot be rediscovered; validate labels before creating tabs and limit managed cleanup to adopted targets. (#105301) Thanks @hugenshen.
- Mattermost block streaming: preserve complete, non-duplicated text and tool blocks in draft preview mode, and honor normal block streaming when preview streaming is disabled. (#87449) Thanks @yetval and @Senseonics-AI.
- iOS development app identity: keep the development app labeled OpenClaw while using its distinct debug icon to differentiate it from release builds.
- Android chat recovery: preserve optimistic user messages and locally owned runs while reconnect and sequence-gap history snapshots catch up, preventing sent messages from disappearing or stale runs from taking ownership. (#100197)
- iOS Voice Wake cleanup: avoid initializing the microphone audio pipeline while disabling inactive Voice Wake, preventing simulator launch aborts and unnecessary audio setup.
- Agent stop recovery: prevent late-aborting prompts from reacquiring orphaned session locks after teardown, so
/stopleaves the conversation ready for the next turn. - Local Gateway CLI auth: keep loopback CLI token/password calls off durable device scopes so read probes cannot block later write/admin commands behind a stale pairing baseline. (#95997) Thanks @vincentkoc.
- MCP schema diagnostics: attribute draft-2020-12 compiler failures to the external MCP schema so malformed patterns produce actionable setup errors. Thanks @vincentkoc.
- Amazon Bedrock control-plane deadlines: bound model discovery and application inference-profile lookups, preserve caller cancellation, and close short-lived SDK clients after each request path. Thanks @Alix-007 and @vincentkoc.
- Reply pre-delivery recovery: bound each pre-delivery callback with an owner-overridable deadline, release serialized reply lanes after hung plugin work, and preserve durable final-delivery retry state only when transport never started. (#104256) Thanks @NianJiuZst and @BenjaminBrossi.
- Signal native quote replies: preserve the active inbound message as a native quote across agent, explicit, durable, and chunked sends while keeping reply-mode policy inside the Signal plugin. (#105347) Thanks @jesse-merhi and @vincentkoc.
- Media-store remote downloads: bound response-header waits and stalled bodies, close abandoned redirect and error responses, and remove partial temp files so hung sources cannot pin callers. (#104624) Thanks @hugenshen.
- Cron llama.cpp tool schemas: keep the model-facing cron declaration schema compatible with llama.cpp while retaining gateway and runtime nonblank validation. Fixes #107449. (#108360) Thanks @lee-xydt and @Patt92.
- Terminal sessions: preserve early keystrokes, enable paired-node terminal actions, authorize paired-node catalog reads, recover after stale Control UI connections, and keep slow clients attached under heavy output. (#107214, #107361, #107410, #107419, #107348) Thanks @vincentkoc and @zw-xysk.
- Control UI configuration: auto-save validated edits, restore autosave gates, show unapplied-restart state, and keep normal content scrolling and selection behavior. (#107458, #107477, #107577, #107349)
- Signal recovery: reconnect after stalled container handshakes, prevent overlapping daemons during restart, and preserve username targets during phone normalization. (#107386, #107409, #107365) Thanks @hugenshen, @ZHOUKAILIAN, @UberKitten, and @ly-wang19.
- Authorization boundaries: require operator-admin authority for paired-node directory browsing and block prototype pollution in migration config merges. (#106004, #106116) Thanks @yangxiansheng, @joshavant, @yetval, and @ruel225.
- Conversation identity: retain speaker attribution across group turns and reduce malformed Discord guild reply tool calls. (#107025, #107474) Thanks @lonexreb.
- Provider setup: show OpenRouter OAuth denial errors, find credentials stored under auth aliases, and keep unresolved API-key providers visible for repair. (#105448, #106736, #106754) Thanks @VectorPeak and @altaywtf.
- Claude and Codex sessions: keep Claude turns open for native background work, avoid Codex shutdown warnings after live updates, complete Codex onboarding login handoff, and retire completed hook relays. (#106347, #106418, #107174, #106899) Thanks @obviyus, @fuller-stack-dev, and @bek91.
- Apple apps: connect iPhone and Watch clients to protocol-v3 Gateways, reject incomplete attachment shares, and honor the pinned Swift toolchain in iOS release archives. (#106294, #106513, #107188) Thanks @jincheng-xydt, @harjothkhara, and @joshavant.
- Memory reliability: preserve UTF-8 across split QMD output, keep canonical cache rows during legacy migration, and accept leading-zero JSON content lengths. (#107263, #107243, #105916) Thanks @wahaha1223, @felirami, @Tony-ooo, @qingminlong, @vincentkoc, and @zw-xysk.
- Skills and Workshop: keep globally installed ClawHub skills tracked, clean orphaned usage rows, surface verification errors, and default Workshop approvals to automatic handling. (#106479, #107144, #107143, #107690) Thanks @ml12580, @mnowrot, @SunnyShu0925, and @shakkernerd.
- Bounded network calls: time out Google Chat authentication, Slack directory and read-mode calls, and Twitch user lookups instead of hanging. (#106178, #106643, #107103, #105883, #107360) Thanks @QiuYuang, @Monkey-wusky, @maweibin, @zw-xysk, and @Alix-007.
- Channel delivery: warn when scalar streaming falls back and make ClickClack media delivery durable while using the selected model's runtime budget. (#106796, #105775) Thanks @jjjhenriksen.
- Plugin management: honor standard ClawHub API comparators and let Control UI administrators enable installed plugins. (#106889, #106318)
- Runtime configuration: preserve resolved cache-retention values, apply explicit environment-variable removals, and keep dispatched Workboard cards from sticking in running state. (#106069, #107258, #107271) Thanks @krissding, @jalfaro2876, and @pgondhi987.
- Input and output safety: redact sensitive migration terminal output, normalize managed git-package identities, and avoid retaining raw command output in compacted Tokenjuice metadata. (#106806, #107637, #107705) Thanks @yetval.
- Network and resource matching: share canonical NO_PROXY behavior and honor nested ignore patterns plus escaped literal exclamation marks. (#107711, #106258) Thanks @moguangyu5-design.
- Markdown frontmatter: preserve coerced fallback values when YAML nodes cannot be represented directly.
Complete contribution record
The full contribution record is available in the tag-pinned CHANGELOG.md.
Release verification
- npm package: https://www.npmjs.com/package/openclaw/v/2026.7.2-beta.2
- registry tarball: https://registry.npmjs.org/openclaw/-/openclaw-2026.7.2-beta.2.tgz
- integrity:
sha512-Pjp6VcPQtGF2Q2d6faFOJ75IGpTt3Xucuxclz//n4eP89Wds5wMhZzGf0Oiqd1uSncm5LgCcZzm31Igp6lOR0w== - release SHA:
54d98a47251d3216443f9446830dec1a0aaddc43 - full release CI report: https://github.com/openclaw/releases/blob/main/evidence/2026.7.2-beta.2/release-evidence.md
- release publish: https://github.com/openclaw/openclaw/actions/runs/29566151276
- npm preflight: https://github.com/openclaw/openclaw/actions/runs/29548071521
- full release validation: https://github.com/openclaw/openclaw/actions/runs/29546250316
- plugin npm publish: https://github.com/openclaw/openclaw/actions/runs/29566735890
- plugin ClawHub publish: dispatched separately, not awaited by this proof: https://github.com/openclaw/openclaw/actions/runs/29566738448
- plugin ClawHub bootstrap: dispatched separately, not awaited by this proof: https://github.com/openclaw/openclaw/actions/runs/29566741033
- npm Telegram beta E2E: https://github.com/openclaw/openclaw/actions/runs/29553869058