2026.4.8

Wed, 08 Apr 2026 06:12:50 +0000

OpenClaw 2026.4.8

Fixes

Telegram/setup: load setup and secret contracts through packaged top-level sidecars so installed npm builds no longer try to import missing dist/extensions/telegram/src/* files during gateway startup.
Bundled channels/setup: load shared secret contracts through packaged top-level sidecars across BlueBubbles, Feishu, Google Chat, IRC, Matrix, Mattermost, Microsoft Teams, Nextcloud Talk, Slack, and Zalo so installed npm builds no longer rely on missing dist/extensions/*/src/* files during gateway startup.
Bundled plugins: align packaged plugin compatibility metadata with the release version so bundled channels and providers load on OpenClaw 2026.4.8.
Agents/progress: keep update_plan available for OpenAI-family runs while returning compact success payloads and allowing tools.experimental.planTool=false to opt out.
Agents/exec: keep /exec current-default reporting aligned with real runtime behavior so host=auto sessions surface the correct host-aware fallback policy (full/off on gateway or node, deny/off on sandbox) instead of stale stricter defaults.
Slack: honor ambient HTTP(S) proxy settings for Socket Mode WebSocket connections, including NO_PROXY exclusions, so proxy-only deployments can connect without a monkey patch. (#62878) Thanks @mjamiv.
Slack/actions: pass the already resolved read token into downloadFile so SecretRef-backed bot tokens no longer fail after a raw config re-read. (#62097) Thanks @martingarramon.
Network/fetch guard: skip target DNS pinning when trusted env-proxy mode is active so proxy-only sandboxes can let the trusted proxy resolve outbound hosts. (#59007) Thanks @cluster2600.

View full changelog

2026.4.2

Thu, 02 Apr 2026 18:57:54 +0000

OpenClaw 2026.4.2

Breaking

Plugins/xAI: move x_search settings from the legacy core tools.web.x_search.* path to the plugin-owned plugins.entries.xai.config.xSearch.* path, standardize x_search auth on plugins.entries.xai.config.webSearch.apiKey / XAI_API_KEY, and migrate legacy config with openclaw doctor --fix. (#59674) Thanks @vincentkoc.
Plugins/web fetch: move Firecrawl web_fetch config from the legacy core tools.web.fetch.firecrawl.* path to the plugin-owned plugins.entries.firecrawl.config.webFetch.* path, route web_fetch fallback through the new fetch-provider boundary instead of a Firecrawl-only core branch, and migrate legacy config with openclaw doctor --fix. (#59465) Thanks @vincentkoc.

Changes

Tasks/Task Flow: restore the core Task Flow substrate with managed-vs-mirrored sync modes, durable flow state/revision tracking, and openclaw flows inspection/recovery primitives so background orchestration can persist and be operated separately from plugin authoring layers. (#58930) Thanks @mbelinky.
Tasks/Task Flow: add managed child task spawning plus sticky cancel intent, so external orchestrators can stop scheduling immediately and let parent Task Flows settle to cancelled once active child tasks finish. (#59610) Thanks @mbelinky.
Plugins/Task Flow: add a bound api.runtime.taskFlow seam so plugins and trusted authoring layers can create and drive managed Task Flows from host-resolved OpenClaw context without passing owner identifiers on each call. (#59622) Thanks @mbelinky.
Android/assistant: add assistant-role entrypoints plus Google Assistant App Actions metadata so Android can launch OpenClaw from the assistant trigger and hand prompts into the chat composer. (#59596) Thanks @obviyus.
Exec defaults: make gateway/node host exec default to YOLO mode by requesting security=full with ask=off, and align host approval-file fallbacks plus docs/doctor reporting with that no-prompt default.
Providers/runtime: add provider-owned replay hook surfaces for transcript policy, replay cleanup, and reasoning-mode dispatch. (#59143) Thanks @jalehman.
Plugins/hooks: add before_agent_reply so plugins can short-circuit the LLM with synthetic replies after inline actions. (#20067) Thanks @JoshuaLelon.
Channels/session routing: move provider-specific session conversation grammar into plugin-owned session-key surfaces, preserving Telegram topic routing and Feishu scoped inheritance across bootstrap, model override, restart, and tool-policy paths.
Feishu/comments: add a dedicated Drive comment-event flow with comment-thread context resolution, in-thread replies, and feishu_drive comment actions for document collaboration workflows. (#58497) Thanks @wittam-01.
Matrix/plugin: emit spec-compliant m.mentions metadata across text sends, media captions, edits, poll fallback text, and action-driven edits so Matrix mentions notify reliably in clients like Element. (#59323) Thanks @gumadeiras.
Diffs: add plugin-owned viewerBaseUrl so viewer links can use a stable proxy/public origin without passing baseUrl on every tool call. (#59341) Related #59227. Thanks @gumadeiras.
Agents/compaction: resolve agents.defaults.compaction.model consistently for manual /compact and other context-engine compaction paths, so engine-owned compaction uses the configured override model across runtime entrypoints. (#56710) Thanks @oliviareid-svg.
Agents/compaction: add agents.defaults.compaction.notifyUser so the 🧹 Compacting context... start notice is opt-in instead of always being shown. (#54251) Thanks @oguricap0327.
WhatsApp/reactions: add reactionLevel guidance for agent reactions. Thanks @mcaxtr.
Exec approvals/channels: auto-enable DM-first native chat approvals when supported channels can infer approvers from existing owner config, while keeping channel fanout explicit and clarifying forwarding versus native approval client config.

Fixes

Providers/transport policy: centralize request auth, proxy, TLS, and header shaping across shared HTTP, stream, and websocket paths, block insecure TLS/runtime transport overrides, and keep proxy-hop TLS separate from target mTLS settings. (#59682) Thanks @vincentkoc.
Providers/Copilot: classify native GitHub Copilot API hosts in the shared provider endpoint resolver and harden token-derived proxy endpoint parsing so Copilot base URL routing stays centralized and fails closed on malformed hints. (#59644) Thanks @vincentkoc.
Providers/streaming headers: centralize default and attribution header merging across OpenAI websocket, embedded-runner, and proxy stream paths so provider-specific headers stay consistent and caller overrides only win where intended. (#59542) Thanks @vincentkoc.
Providers/media HTTP: centralize base URL normalization, default auth/header injection, and explicit header override handling across shared OpenAI-compatible audio, Deepgram audio, Gemini media/image, and Moonshot video request paths. (#59469) Thanks @vincentkoc.
Providers/OpenAI-compatible routing: centralize native-vs-proxy request policy so hidden attribution and related OpenAI-family defaults only apply on verified native endpoints across stream, websocket, and shared audio HTTP paths. (#59433) Thanks @vincentkoc.
Providers/Anthropic routing: centralize native-vs-proxy endpoint classification for direct Anthropic service_tier handling so spoofed or proxied hosts do not inherit native Anthropic defaults. (#59608) Thanks @vincentkoc.
Gateway/exec loopback: restore legacy-role fallback for empty paired-device token maps and allow silent local role upgrades so local exec and node clients stop failing with pairing-required errors after 2026.3.31. (#59092) Thanks @openperf.
Agents/subagents: pin admin-only subagent gateway calls to operator.admin while keeping agent at least privilege, so sessions_spawn no longer dies on loopback scope-upgrade pairing with close(1008) "pairing required". (#59555) Thanks @openperf.
Exec approvals/config: strip invalid security, ask, and askFallback values from ~/.openclaw/exec-approvals.json during normalization so malformed policy enums fall back cleanly to the documented defaults instead of corrupting runtime policy resolution. (#59112) Thanks @openperf.
Exec approvals/doctor: report host policy sources from the real approvals file path and ignore malformed host override values when attributing effective policy conflicts. (#59367) Thanks @gumadeiras.
Exec/runtime: treat tools.exec.host=auto as routing-only, keep implicit no-config exec on sandbox when available or gateway otherwise, and reject per-call host overrides that would bypass the configured sandbox or host target. (#58897) Thanks @vincentkoc.
Slack/mrkdwn formatting: add built-in Slack mrkdwn guidance in inbound context so Slack replies stop falling back to generic Markdown patterns that render poorly in Slack. (#59100) Thanks @jadewon.
WhatsApp/presence: send unavailable presence on connect in self-chat mode so personal-phone users stop losing all push notifications while the gateway is running. (#59410) Thanks @mcaxtr.
WhatsApp/media: add HTML, XML, and CSS to the MIME map and fall back gracefully for unknown media types instead of dropping the attachment. (#51562) Thanks @bobbyt74.
Matrix/onboarding: restore guided setup in openclaw channels add and openclaw configure --section channels, while keeping custom plugin wizards on the shared setupWizard seam. (#59462) Thanks @gumadeiras.
Matrix/streaming: keep live partial previews for the current assistant block while preserving completed block updates as separate messages when channels.matrix.blockStreaming is enabled. (#59384) Thanks @gumadeiras.
Feishu/comment threads: harden document comment-thread delivery so whole-document comments fall back to add_comment, delayed reply lookups retry more reliably, and user-visible replies avoid reasoning/planning spillover. (#59129) Thanks @wittam-01.
MS Teams/streaming: strip already-streamed text from fallback block delivery when replies exceed the 4000-character streaming limit so long responses stop duplicating content. (#59297) Thanks @bradgroux.
Slack/thread context: filter thread starter and history by the effective conversation allowlist without dropping valid open-room, DM, or group DM context. (#58380) Thanks @jacobtomlinson.
Mattermost/probes: route status probes through the SSRF guard and honor allowPrivateNetwork so connectivity checks stay safe for self-hosted Mattermost deployments. (#58529) Thanks @mappel-nv.
Zalo/webhook replay: scope replay dedupe key by chat and sender so reused message IDs across different chats or senders no longer collide, and harden metadata reads for partially missing payloads. (#58444)
QQBot/structured payloads: restrict local file paths to QQ Bot-owned media storage, block traversal outside that root, reduce path leakage in logs, and keep inline image data URLs working. (#58453) Thanks @jacobtomlinson.
Image generation/providers: route OpenAI, MiniMax, and fal image requests through the shared provider HTTP transport path so custom base URLs, guarded private-network routing, and provider request defaults stay aligned with the rest of provider HTTP. Thanks @vincentkoc.
Image generation/providers: stop inferring private-network access from configured OpenAI, MiniMax, and fal image base URLs, and cap shared HTTP error-body reads so hostile or misconfigured endpoints fail closed without relaxing SSRF policy or buffering unbounded error payloads. Thanks @vincentkoc.
Browser/host inspection: keep static Chrome inspection helpers out of the activated browser runtime so openclaw doctor browser and related checks do not eagerly load the bundled browser plugin. (#59471) Thanks @vincentkoc.
Browser/CDP: normalize trailing-dot localhost absolute-form hosts before loopback checks so remote CDP websocket URLs like ws://localhost.:... rewrite back to the configured remote host. (#59236) Thanks @mappel-nv.
Agents/output sanitization: strip namespaced antml:thinking blocks from user-visible text so Anthropic-style internal monologue tags do not leak into replies. (#59550) Thanks @obviyus.
Kimi Coding/tools: normalize Anthropic tool payloads into the OpenAI-compatible function shape Kimi Coding expects so tool calls stop losing required arguments. (#59440) Thanks @obviyus.
Image tool/paths: resolve relative local media paths against the agent workspaceDir instead of process.cwd() so inputs like inbox/receipt.png pass the local-path allowlist reliably. (#57222) Thanks Priyansh Gupta.
Podman/launch: remove noisy container output from scripts/run-openclaw-podman.sh and align the Podman install guidance with the quieter startup flow. (#59368) Thanks @sallyom.
Plugins/runtime: keep LINE reply directives and browser-backed cleanup/reset flows working even when those plugins are disabled while tightening bundled plugin activation guards. (#59412) Thanks @vincentkoc.
ACP/gateway reconnects: keep ACP prompts alive across transient websocket drops while still failing boundedly when reconnect recovery does not complete. (#59473) Thanks @obviyus.
ACP/gateway reconnects: reject stale pre-ack ACP prompts after reconnect grace expiry so callers fail cleanly instead of hanging indefinitely when the gateway never confirms the run.
Gateway/session kill: enforce HTTP operator scopes on session kill requests and gate authorization before session lookup so unauthenticated callers cannot probe session existence. (#59128) Thanks @jacobtomlinson.
MS Teams/logging: format non-Error failures with the shared unknown-error helper so logs stop collapsing caught SDK or Axios objects into [object Object]. (#59321) Thanks @bradgroux.
Channels/setup: ignore untrusted workspace channel plugins during setup resolution so a shadowing workspace plugin cannot override built-in channel setup/login flows unless explicitly trusted in config. (#59158) Thanks @mappel-nv.
Exec/Windows: restore allowlist enforcement with quote-aware argPattern matching across gateway and node exec, and surface accurate dynamic pre-approved executable hints in the exec tool description. (#56285) Thanks @kpngr.
Gateway: prune empty node-pending-work state entries after explicit acknowledgments and natural expiry so the per-node state map no longer grows indefinitely. (#58179) Thanks @gavyngong.
Webhooks/secret comparison: replace ad-hoc timing-safe secret comparisons across BlueBubbles, Feishu, Mattermost, Telegram, Twilio, and Zalo webhook handlers with the shared safeEqualSecret helper and reject empty auth tokens in BlueBubbles. (#58432) Thanks @eleqtrizit.
OpenShell/mirror: constrain remoteWorkspaceDir and remoteAgentWorkspaceDir to the managed /sandbox and /agent roots, and keep mirror sync from overwriting or removing user-added shell roots during config synchronization. (#58515) Thanks @eleqtrizit.
Plugins/activation: preserve explicit, auto-enabled, and default activation provenance plus reason metadata across CLI, gateway bootstrap, and status surfaces so plugin enablement state stays accurate after auto-enable resolution. (#59641) Thanks @vincentkoc.
Exec/env: block additional host environment override pivots for package roots, language runtimes, compiler include paths, and credential/config locations so request-scoped exec cannot redirect trusted toolchains or config lookups. (#59233) Thanks @drobison00.
Dotenv/workspace overrides: block workspace .env files from overriding OPENCLAW_PINNED_PYTHON and OPENCLAW_PINNED_WRITE_PYTHON so trusted helper interpreters cannot be redirected by repo-local env injection. (#58473) Thanks @eleqtrizit.
Plugins/install: accept JSON5 syntax in openclaw.plugin.json and bundle plugin.json manifests during install/validation, so third-party plugins with trailing commas, comments, or unquoted keys no longer fail to install. (#59084) Thanks @singleGanghood.
Telegram/exec approvals: rewrite shared /approve … allow-always callback payloads to /approve … always before Telegram button rendering so plugin approval IDs still fit Telegram's callback_data limit and keep the Allow Always action visible. (#59217) Thanks @jameslcowan.
Cron/exec timeouts: surface timed-out exec and bash failures in isolated cron runs even when verbose: off, including custom session-target cron jobs, so scheduled runs stop failing silently. (#58247) Thanks @skainguyen1412.
Telegram/exec approvals: fall back to the origin session key for async approval followups and keep resume-failure status delivery sanitized so Telegram followups still land without leaking raw exec metadata. (#59351) Thanks @seonang.
Node-host/exec approvals: bind pnpm dlx invocations through the approval planner's mutable-script path so the effective runtime command is resolved for approval instead of being left unbound. (#58374)
Exec/node hosts: stop forwarding the gateway workspace cwd to remote node exec when no workdir was explicitly requested, so cross-platform node approvals fall back to the node default cwd instead of failing with SYSTEM_RUN_DENIED. (#58977) Thanks @Starhappysh.
Exec approvals/channels: decouple initiating-surface approval availability from native delivery enablement so Telegram, Slack, and Discord still expose approvals when approvers exist and native target routing is configured separately. (#59776) Thanks @joelnishanth.

Changes

macOS/Voice Wake: add the Voice Wake option to trigger Talk Mode. (#58490) Thanks @SmoothExec.
Tasks/chat: add /tasks as a chat-native background task board for the current session, with recent task details and agent-local fallback counts when no linked tasks are visible. Related #54226. Thanks @vincentkoc.
Web search/SearXNG: add the bundled SearXNG provider plugin for web_search with configurable host support. (#57317) Thanks @cgdusek.
Telegram/errors: add configurable errorPolicy and errorCooldownMs controls so Telegram can suppress repeated delivery errors per account, chat, and topic without muting distinct failures. (#51914) Thanks @chinar-amrutkar
Gateway/webchat: make chat.history text truncation configurable with gateway.webchat.chatHistoryMaxChars and per-request maxChars, while preserving silent-reply filtering and existing default payload limits. (#58900)
Amazon Bedrock/Guardrails: add Bedrock Guardrails support to the bundled provider. (#58588) Thanks @MikeORed.
ZAI/models: add glm-5.1 and glm-5v-turbo to the bundled Z.AI provider catalog. (#58793) Thanks @tomsun28
Agents/default params: add agents.defaults.params for global default provider parameters. (#58548) Thanks @lpender.
Agents/failover: cap prompt-side and assistant-side same-provider auth-profile retries for rate-limit failures before cross-provider model fallback, add the auth.cooldowns.rateLimitedProfileRotations knob, and document the new fallback behavior. (#58707) Thanks @Forgely3D
Agents/compaction: resolve agents.defaults.compaction.model consistently for manual /compact and other context-engine compaction paths, so engine-owned compaction uses the configured override model across runtime entrypoints. (#56710) Thanks @oliviareid-svg
Cron/tools allowlist: add openclaw cron --tools for per-job tool allowlists. (#58504) Thanks @andyk-ms.

Fixes

Chat/error replies: stop leaking raw provider/runtime failures into external chat channels, return a friendly retry message instead, and add a specific /new hint for Bedrock toolResult/toolUse session mismatches. (#58831) Thanks @ImLukeF.
Sessions/model switching: keep /model changes queued behind busy runs instead of interrupting the active turn, and retarget queued followups so later work picks up the new model as soon as the current turn finishes.
Web UI/OpenResponses: preserve rewritten stream snapshots in webchat and keep OpenResponses final streamed text aligned when models rewind earlier output. (#58641) Thanks @neeravmakwana
Discord/inbound media: pass Discord attachment and sticker downloads through the shared idle-timeout and worker-abort path so slow or stuck inbound media fetches stop hanging message processing. (#58593) Thanks @aquaright1
Telegram/retries: keep non-idempotent sends on the strict safe-send path, retry wrapped pre-connect failures, and preserve 429 / retry_after backoff for safe delivery retries. (#51895) Thanks @chinar-amrutkar
Telegram/exec approvals: route topic-aware exec approval followups through Telegram-owned threading and approval-target parsing, so forum-topic approvals stay in the originating topic instead of falling back to the root chat. (#58783)
Telegram/local Bot API: preserve media MIME types for absolute-path downloads so local audio files still trigger transcription and other MIME-based handling. (#54603) Thanks @jzakirov
Channels/WhatsApp: pass inbound message timestamp to model context so the AI can see when WhatsApp messages were sent. (#58590) Thanks @Maninae
QQBot/voice: lazy-load silk-wasm in audio-convert.ts so qqbot still starts when the optional voice dependency is missing, while voice encode/decode degrades gracefully instead of crashing at module load time. (#58829) Thanks @WideLee.

View full changelog

OpenClaw

2026.4.8

OpenClaw 2026.4.8

Fixes

2026.4.7

2026.4.2

OpenClaw 2026.4.2

Breaking

Changes

Fixes

Changes

Fixes