OpenClaw

2026.4.2

Thu, 02 Apr 2026 18:57:54 +0000

OpenClaw 2026.4.2

Breaking

Plugins/xAI: move x_search settings from the legacy core tools.web.x_search.* path to the plugin-owned plugins.entries.xai.config.xSearch.* path, standardize x_search auth on plugins.entries.xai.config.webSearch.apiKey / XAI_API_KEY, and migrate legacy config with openclaw doctor --fix. (#59674) Thanks @vincentkoc.
Plugins/web fetch: move Firecrawl web_fetch config from the legacy core tools.web.fetch.firecrawl.* path to the plugin-owned plugins.entries.firecrawl.config.webFetch.* path, route web_fetch fallback through the new fetch-provider boundary instead of a Firecrawl-only core branch, and migrate legacy config with openclaw doctor --fix. (#59465) Thanks @vincentkoc.

Changes

Tasks/Task Flow: restore the core Task Flow substrate with managed-vs-mirrored sync modes, durable flow state/revision tracking, and openclaw flows inspection/recovery primitives so background orchestration can persist and be operated separately from plugin authoring layers. (#58930) Thanks @mbelinky.
Tasks/Task Flow: add managed child task spawning plus sticky cancel intent, so external orchestrators can stop scheduling immediately and let parent Task Flows settle to cancelled once active child tasks finish. (#59610) Thanks @mbelinky.
Plugins/Task Flow: add a bound api.runtime.taskFlow seam so plugins and trusted authoring layers can create and drive managed Task Flows from host-resolved OpenClaw context without passing owner identifiers on each call. (#59622) Thanks @mbelinky.
Android/assistant: add assistant-role entrypoints plus Google Assistant App Actions metadata so Android can launch OpenClaw from the assistant trigger and hand prompts into the chat composer. (#59596) Thanks @obviyus.
Exec defaults: make gateway/node host exec default to YOLO mode by requesting security=full with ask=off, and align host approval-file fallbacks plus docs/doctor reporting with that no-prompt default.
Providers/runtime: add provider-owned replay hook surfaces for transcript policy, replay cleanup, and reasoning-mode dispatch. (#59143) Thanks @jalehman.
Plugins/hooks: add before_agent_reply so plugins can short-circuit the LLM with synthetic replies after inline actions. (#20067) Thanks @JoshuaLelon.
Channels/session routing: move provider-specific session conversation grammar into plugin-owned session-key surfaces, preserving Telegram topic routing and Feishu scoped inheritance across bootstrap, model override, restart, and tool-policy paths.
Feishu/comments: add a dedicated Drive comment-event flow with comment-thread context resolution, in-thread replies, and feishu_drive comment actions for document collaboration workflows. (#58497) Thanks @wittam-01.
Matrix/plugin: emit spec-compliant m.mentions metadata across text sends, media captions, edits, poll fallback text, and action-driven edits so Matrix mentions notify reliably in clients like Element. (#59323) Thanks @gumadeiras.
Diffs: add plugin-owned viewerBaseUrl so viewer links can use a stable proxy/public origin without passing baseUrl on every tool call. (#59341) Related #59227. Thanks @gumadeiras.
Agents/compaction: resolve agents.defaults.compaction.model consistently for manual /compact and other context-engine compaction paths, so engine-owned compaction uses the configured override model across runtime entrypoints. (#56710) Thanks @oliviareid-svg.
Agents/compaction: add agents.defaults.compaction.notifyUser so the 🧹 Compacting context... start notice is opt-in instead of always being shown. (#54251) Thanks @oguricap0327.
WhatsApp/reactions: add reactionLevel guidance for agent reactions. Thanks @mcaxtr.
Exec approvals/channels: auto-enable DM-first native chat approvals when supported channels can infer approvers from existing owner config, while keeping channel fanout explicit and clarifying forwarding versus native approval client config.

Fixes

Providers/transport policy: centralize request auth, proxy, TLS, and header shaping across shared HTTP, stream, and websocket paths, block insecure TLS/runtime transport overrides, and keep proxy-hop TLS separate from target mTLS settings. (#59682) Thanks @vincentkoc.
Providers/Copilot: classify native GitHub Copilot API hosts in the shared provider endpoint resolver and harden token-derived proxy endpoint parsing so Copilot base URL routing stays centralized and fails closed on malformed hints. (#59644) Thanks @vincentkoc.
Providers/streaming headers: centralize default and attribution header merging across OpenAI websocket, embedded-runner, and proxy stream paths so provider-specific headers stay consistent and caller overrides only win where intended. (#59542) Thanks @vincentkoc.
Providers/media HTTP: centralize base URL normalization, default auth/header injection, and explicit header override handling across shared OpenAI-compatible audio, Deepgram audio, Gemini media/image, and Moonshot video request paths. (#59469) Thanks @vincentkoc.
Providers/OpenAI-compatible routing: centralize native-vs-proxy request policy so hidden attribution and related OpenAI-family defaults only apply on verified native endpoints across stream, websocket, and shared audio HTTP paths. (#59433) Thanks @vincentkoc.
Providers/Anthropic routing: centralize native-vs-proxy endpoint classification for direct Anthropic service_tier handling so spoofed or proxied hosts do not inherit native Anthropic defaults. (#59608) Thanks @vincentkoc.
Gateway/exec loopback: restore legacy-role fallback for empty paired-device token maps and allow silent local role upgrades so local exec and node clients stop failing with pairing-required errors after 2026.3.31. (#59092) Thanks @openperf.
Agents/subagents: pin admin-only subagent gateway calls to operator.admin while keeping agent at least privilege, so sessions_spawn no longer dies on loopback scope-upgrade pairing with close(1008) "pairing required". (#59555) Thanks @openperf.
Exec approvals/config: strip invalid security, ask, and askFallback values from ~/.openclaw/exec-approvals.json during normalization so malformed policy enums fall back cleanly to the documented defaults instead of corrupting runtime policy resolution. (#59112) Thanks @openperf.
Exec approvals/doctor: report host policy sources from the real approvals file path and ignore malformed host override values when attributing effective policy conflicts. (#59367) Thanks @gumadeiras.
Exec/runtime: treat tools.exec.host=auto as routing-only, keep implicit no-config exec on sandbox when available or gateway otherwise, and reject per-call host overrides that would bypass the configured sandbox or host target. (#58897) Thanks @vincentkoc.
Slack/mrkdwn formatting: add built-in Slack mrkdwn guidance in inbound context so Slack replies stop falling back to generic Markdown patterns that render poorly in Slack. (#59100) Thanks @jadewon.
WhatsApp/presence: send unavailable presence on connect in self-chat mode so personal-phone users stop losing all push notifications while the gateway is running. (#59410) Thanks @mcaxtr.
WhatsApp/media: add HTML, XML, and CSS to the MIME map and fall back gracefully for unknown media types instead of dropping the attachment. (#51562) Thanks @bobbyt74.
Matrix/onboarding: restore guided setup in openclaw channels add and openclaw configure --section channels, while keeping custom plugin wizards on the shared setupWizard seam. (#59462) Thanks @gumadeiras.
Matrix/streaming: keep live partial previews for the current assistant block while preserving completed block updates as separate messages when channels.matrix.blockStreaming is enabled. (#59384) Thanks @gumadeiras.
Feishu/comment threads: harden document comment-thread delivery so whole-document comments fall back to add_comment, delayed reply lookups retry more reliably, and user-visible replies avoid reasoning/planning spillover. (#59129) Thanks @wittam-01.
MS Teams/streaming: strip already-streamed text from fallback block delivery when replies exceed the 4000-character streaming limit so long responses stop duplicating content. (#59297) Thanks @bradgroux.
Slack/thread context: filter thread starter and history by the effective conversation allowlist without dropping valid open-room, DM, or group DM context. (#58380) Thanks @jacobtomlinson.
Mattermost/probes: route status probes through the SSRF guard and honor allowPrivateNetwork so connectivity checks stay safe for self-hosted Mattermost deployments. (#58529) Thanks @mappel-nv.
Zalo/webhook replay: scope replay dedupe key by chat and sender so reused message IDs across different chats or senders no longer collide, and harden metadata reads for partially missing payloads. (#58444)
QQBot/structured payloads: restrict local file paths to QQ Bot-owned media storage, block traversal outside that root, reduce path leakage in logs, and keep inline image data URLs working. (#58453) Thanks @jacobtomlinson.
Image generation/providers: route OpenAI, MiniMax, and fal image requests through the shared provider HTTP transport path so custom base URLs, guarded private-network routing, and provider request defaults stay aligned with the rest of provider HTTP. Thanks @vincentkoc.
Image generation/providers: stop inferring private-network access from configured OpenAI, MiniMax, and fal image base URLs, and cap shared HTTP error-body reads so hostile or misconfigured endpoints fail closed without relaxing SSRF policy or buffering unbounded error payloads. Thanks @vincentkoc.
Browser/host inspection: keep static Chrome inspection helpers out of the activated browser runtime so openclaw doctor browser and related checks do not eagerly load the bundled browser plugin. (#59471) Thanks @vincentkoc.
Browser/CDP: normalize trailing-dot localhost absolute-form hosts before loopback checks so remote CDP websocket URLs like ws://localhost.:... rewrite back to the configured remote host. (#59236) Thanks @mappel-nv.
Agents/output sanitization: strip namespaced antml:thinking blocks from user-visible text so Anthropic-style internal monologue tags do not leak into replies. (#59550) Thanks @obviyus.
Kimi Coding/tools: normalize Anthropic tool payloads into the OpenAI-compatible function shape Kimi Coding expects so tool calls stop losing required arguments. (#59440) Thanks @obviyus.
Image tool/paths: resolve relative local media paths against the agent workspaceDir instead of process.cwd() so inputs like inbox/receipt.png pass the local-path allowlist reliably. (#57222) Thanks Priyansh Gupta.
Podman/launch: remove noisy container output from scripts/run-openclaw-podman.sh and align the Podman install guidance with the quieter startup flow. (#59368) Thanks @sallyom.
Plugins/runtime: keep LINE reply directives and browser-backed cleanup/reset flows working even when those plugins are disabled while tightening bundled plugin activation guards. (#59412) Thanks @vincentkoc.
ACP/gateway reconnects: keep ACP prompts alive across transient websocket drops while still failing boundedly when reconnect recovery does not complete. (#59473) Thanks @obviyus.
ACP/gateway reconnects: reject stale pre-ack ACP prompts after reconnect grace expiry so callers fail cleanly instead of hanging indefinitely when the gateway never confirms the run.
Gateway/session kill: enforce HTTP operator scopes on session kill requests and gate authorization before session lookup so unauthenticated callers cannot probe session existence. (#59128) Thanks @jacobtomlinson.
MS Teams/logging: format non-Error failures with the shared unknown-error helper so logs stop collapsing caught SDK or Axios objects into [object Object]. (#59321) Thanks @bradgroux.
Channels/setup: ignore untrusted workspace channel plugins during setup resolution so a shadowing workspace plugin cannot override built-in channel setup/login flows unless explicitly trusted in config. (#59158) Thanks @mappel-nv.
Exec/Windows: restore allowlist enforcement with quote-aware argPattern matching across gateway and node exec, and surface accurate dynamic pre-approved executable hints in the exec tool description. (#56285) Thanks @kpngr.
Gateway: prune empty node-pending-work state entries after explicit acknowledgments and natural expiry so the per-node state map no longer grows indefinitely. (#58179) Thanks @gavyngong.
Webhooks/secret comparison: replace ad-hoc timing-safe secret comparisons across BlueBubbles, Feishu, Mattermost, Telegram, Twilio, and Zalo webhook handlers with the shared safeEqualSecret helper and reject empty auth tokens in BlueBubbles. (#58432) Thanks @eleqtrizit.
OpenShell/mirror: constrain remoteWorkspaceDir and remoteAgentWorkspaceDir to the managed /sandbox and /agent roots, and keep mirror sync from overwriting or removing user-added shell roots during config synchronization. (#58515) Thanks @eleqtrizit.
Plugins/activation: preserve explicit, auto-enabled, and default activation provenance plus reason metadata across CLI, gateway bootstrap, and status surfaces so plugin enablement state stays accurate after auto-enable resolution. (#59641) Thanks @vincentkoc.
Exec/env: block additional host environment override pivots for package roots, language runtimes, compiler include paths, and credential/config locations so request-scoped exec cannot redirect trusted toolchains or config lookups. (#59233) Thanks @drobison00.
Dotenv/workspace overrides: block workspace .env files from overriding OPENCLAW_PINNED_PYTHON and OPENCLAW_PINNED_WRITE_PYTHON so trusted helper interpreters cannot be redirected by repo-local env injection. (#58473) Thanks @eleqtrizit.
Plugins/install: accept JSON5 syntax in openclaw.plugin.json and bundle plugin.json manifests during install/validation, so third-party plugins with trailing commas, comments, or unquoted keys no longer fail to install. (#59084) Thanks @singleGanghood.
Telegram/exec approvals: rewrite shared /approve … allow-always callback payloads to /approve … always before Telegram button rendering so plugin approval IDs still fit Telegram's callback_data limit and keep the Allow Always action visible. (#59217) Thanks @jameslcowan.
Cron/exec timeouts: surface timed-out exec and bash failures in isolated cron runs even when verbose: off, including custom session-target cron jobs, so scheduled runs stop failing silently. (#58247) Thanks @skainguyen1412.
Telegram/exec approvals: fall back to the origin session key for async approval followups and keep resume-failure status delivery sanitized so Telegram followups still land without leaking raw exec metadata. (#59351) Thanks @seonang.
Node-host/exec approvals: bind pnpm dlx invocations through the approval planner's mutable-script path so the effective runtime command is resolved for approval instead of being left unbound. (#58374)
Exec/node hosts: stop forwarding the gateway workspace cwd to remote node exec when no workdir was explicitly requested, so cross-platform node approvals fall back to the node default cwd instead of failing with SYSTEM_RUN_DENIED. (#58977) Thanks @Starhappysh.
Exec approvals/channels: decouple initiating-surface approval availability from native delivery enablement so Telegram, Slack, and Discord still expose approvals when approvers exist and native target routing is configured separately. (#59776) Thanks @joelnishanth.

Changes

macOS/Voice Wake: add the Voice Wake option to trigger Talk Mode. (#58490) Thanks @SmoothExec.
Tasks/chat: add /tasks as a chat-native background task board for the current session, with recent task details and agent-local fallback counts when no linked tasks are visible. Related #54226. Thanks @vincentkoc.
Web search/SearXNG: add the bundled SearXNG provider plugin for web_search with configurable host support. (#57317) Thanks @cgdusek.
Telegram/errors: add configurable errorPolicy and errorCooldownMs controls so Telegram can suppress repeated delivery errors per account, chat, and topic without muting distinct failures. (#51914) Thanks @chinar-amrutkar
Gateway/webchat: make chat.history text truncation configurable with gateway.webchat.chatHistoryMaxChars and per-request maxChars, while preserving silent-reply filtering and existing default payload limits. (#58900)
Amazon Bedrock/Guardrails: add Bedrock Guardrails support to the bundled provider. (#58588) Thanks @MikeORed.
ZAI/models: add glm-5.1 and glm-5v-turbo to the bundled Z.AI provider catalog. (#58793) Thanks @tomsun28
Agents/default params: add agents.defaults.params for global default provider parameters. (#58548) Thanks @lpender.
Agents/failover: cap prompt-side and assistant-side same-provider auth-profile retries for rate-limit failures before cross-provider model fallback, add the auth.cooldowns.rateLimitedProfileRotations knob, and document the new fallback behavior. (#58707) Thanks @Forgely3D
Agents/compaction: resolve agents.defaults.compaction.model consistently for manual /compact and other context-engine compaction paths, so engine-owned compaction uses the configured override model across runtime entrypoints. (#56710) Thanks @oliviareid-svg
Cron/tools allowlist: add openclaw cron --tools for per-job tool allowlists. (#58504) Thanks @andyk-ms.

Fixes

Chat/error replies: stop leaking raw provider/runtime failures into external chat channels, return a friendly retry message instead, and add a specific /new hint for Bedrock toolResult/toolUse session mismatches. (#58831) Thanks @ImLukeF.
Sessions/model switching: keep /model changes queued behind busy runs instead of interrupting the active turn, and retarget queued followups so later work picks up the new model as soon as the current turn finishes.
Web UI/OpenResponses: preserve rewritten stream snapshots in webchat and keep OpenResponses final streamed text aligned when models rewind earlier output. (#58641) Thanks @neeravmakwana
Discord/inbound media: pass Discord attachment and sticker downloads through the shared idle-timeout and worker-abort path so slow or stuck inbound media fetches stop hanging message processing. (#58593) Thanks @aquaright1
Telegram/retries: keep non-idempotent sends on the strict safe-send path, retry wrapped pre-connect failures, and preserve 429 / retry_after backoff for safe delivery retries. (#51895) Thanks @chinar-amrutkar
Telegram/exec approvals: route topic-aware exec approval followups through Telegram-owned threading and approval-target parsing, so forum-topic approvals stay in the originating topic instead of falling back to the root chat. (#58783)
Telegram/local Bot API: preserve media MIME types for absolute-path downloads so local audio files still trigger transcription and other MIME-based handling. (#54603) Thanks @jzakirov
Channels/WhatsApp: pass inbound message timestamp to model context so the AI can see when WhatsApp messages were sent. (#58590) Thanks @Maninae
QQBot/voice: lazy-load silk-wasm in audio-convert.ts so qqbot still starts when the optional voice dependency is missing, while voice encode/decode degrades gracefully instead of crashing at module load time. (#58829) Thanks @WideLee.

View full changelog

2026.4.1

Wed, 01 Apr 2026 17:14:12 +0000

2026.3.28

Sun, 29 Mar 2026 02:10:40 +0000

OpenClaw 2026.3.28

Breaking

Providers/Qwen: remove the deprecated qwen-portal-auth OAuth integration for portal.qwen.ai; migrate to Model Studio with openclaw onboard --auth-choice modelstudio-api-key. (#52709) Thanks @pomelo-nwu.
Config/Doctor: drop automatic config migrations older than two months; very old legacy keys now fail validation instead of being rewritten on load or by openclaw doctor.

Changes

xAI/tools: move the bundled xAI provider to the Responses API, add first-class x_search, and auto-enable the xAI plugin from owned web-search and tool config so bundled Grok auth/configured search flows work without manual plugin toggles. (#56048) Thanks @huntharo.
xAI/onboarding: let the bundled Grok web-search plugin offer optional x_search setup during openclaw onboard and openclaw configure --section web, including an x_search model picker with the shared xAI key.
MiniMax: add image generation provider for image-01 model, supporting generate and image-to-image editing with aspect ratio control. (#54487) Thanks @liyuan97.
Plugins/hooks: add async requireApproval to before_tool_call hooks, letting plugins pause tool execution and prompt the user for approval via the exec approval overlay, Telegram buttons, Discord interactions, or the /approve command on any channel. The /approve command now handles both exec and plugin approvals with automatic fallback. (#55339) Thanks @vaclavbelak and @joshavant.
ACP/channels: add current-conversation ACP binds for Discord, BlueBubbles, and iMessage so /acp spawn codex --bind here can turn the current chat into a Codex-backed workspace without creating a child thread, and document the distinction between chat surface, ACP session, and runtime workspace.
OpenAI/apply_patch: enable apply_patch by default for OpenAI and OpenAI Codex models, and align its sandbox policy access with write permissions.
Plugins/CLI backends: move bundled Claude CLI, Codex CLI, and Gemini CLI inference defaults onto the plugin surface, add bundled Gemini CLI backend support, and replace gateway run --claude-cli-logs with generic --cli-backend-logs while keeping the old flag as a compatibility alias.
Plugins/startup: auto-load bundled provider and CLI-backend plugins from explicit config refs, so bundled Claude CLI, Codex CLI, and Gemini CLI message-provider setups no longer need manual plugins.allow entries.
Podman: simplify the container setup around the current rootless user, install the launch helper under ~/.local/bin, and document the host-CLI openclaw --container ... workflow instead of a dedicated openclaw service user.
Slack/tool actions: add an explicit upload-file Slack action that routes file uploads through the existing Slack upload transport, with optional filename/title/comment overrides for channels and DMs.
Message actions/files: start unifying file-first sends on the canonical upload-file action by adding explicit support for Microsoft Teams and Google Chat, and by exposing BlueBubbles file sends through upload-file while keeping the legacy sendAttachment alias.
Plugins/Matrix TTS: send auto-TTS replies as native Matrix voice bubbles instead of generic audio attachments. (#37080) thanks @Matthew19990919.
CLI: add openclaw config schema to print the generated JSON schema for openclaw.json. (#54523) Thanks @kvokka.
Config/TTS: auto-migrate legacy speech config on normal reads and secret resolution, keep legacy diagnostics for Doctor, and remove regular-mode runtime fallback for old bundled tts. API-key shapes.
Memory/plugins: move the pre-compaction memory flush plan behind the active memory plugin contract so memory-core owns flush prompts and target-path policy instead of hardcoded core logic.
MiniMax: trim model catalog to M2.7 only, removing legacy M2, M2.1, M2.5, and VL-01 models. (#54487) Thanks @liyuan97.
Plugins/runtime: expose runHeartbeatOnce in the plugin runtime system namespace so plugins can trigger a single heartbeat cycle with an explicit delivery target override (e.g. heartbeat: { target: "last" }). (#40299) Thanks @loveyana.
Agents/compaction: preserve the post-compaction AGENTS refresh on stale-usage preflight compaction for both immediate replies and queued followups. (#49479) Thanks @jared596.
Agents/compaction: surface safeguard-specific cancel reasons and relabel benign manual /compact no-op cases as skipped instead of failed. (#51072) Thanks @afurm.
Docs: add pnpm docs:check-links:anchors for Mintlify anchor validation while keeping scripts/docs-link-audit.mjs as the stable link-audit entrypoint. (#55912) Thanks @velvet-shark.
Tavily: mark outbound API requests with X-Client-Source: openclaw so Tavily can attribute OpenClaw-originated traffic. (#55335) Thanks @lakshyaag-tavily.

Fixes

Agents/Anthropic: recover unhandled provider stop reasons (e.g. sensitive) as structured assistant errors instead of crashing the agent run. (#56639)
Google/models: resolve Gemini 3.1 pro, flash, and flash-lite for all Google provider aliases by passing the actual runtime provider ID and adding a template-provider fallback; fix flash-lite prefix ordering. (#56567)
OpenAI Codex/image tools: register Codex for media understanding and route image prompts through Codex instructions so image analysis no longer fails on missing provider registration or missing instructions. (#54829) Thanks @neeravmakwana.
Agents/image tool: restore the generic image-runtime fallback when no provider-specific media-understanding provider is registered, so image analysis works again for providers like openrouter and minimax-portal. (#54858) Thanks @MonkeyLeeT.
WhatsApp: fix infinite echo loop in self-chat DM mode where the bot's own outbound replies were re-processed as new inbound user messages. (#54570) Thanks @joelnishanth
Telegram/splitting: replace proportional text estimate with verified HTML-length search so long messages split at word boundaries instead of mid-word; gracefully degrade when tag overhead exceeds the limit. (#56595)
Telegram/delivery: skip whitespace-only and hook-blanked text replies in bot delivery to prevent GrammyError 400 empty-text crashes. (#56620)
Telegram/send: validate replyToMessageId at all four API sinks with a shared normalizer that rejects non-numeric, NaN, and mixed-content strings. (#56587)
Mistral: normalize OpenAI-compatible request flags so official Mistral API runs no longer fail with remaining 422 status code (no body) chat errors.
Control UI/config: keep sensitive raw config hidden by default, replace the blank blocked editor with an explicit reveal-to-edit state, and restore raw JSON editing without auto-exposing secrets. Fixes #55322.
CLI/zsh: defer compdef registration until compinit is available so zsh completion loads cleanly with plugin managers and manual setups. (#56555)
BlueBubbles/debounce: guard debounce flush against null message text by sanitizing at the enqueue boundary and adding an independent combiner guard. (#56573)
Auto-reply: suppress JSON-wrapped {"action":"NO_REPLY"} control envelopes before channel delivery with a strict single-key detector; preserves media when text is only a silent envelope. (#56612)
ACP/ACPX agent registry: align OpenClaw's ACPX built-in agent mirror with the latest openclaw/acpx command defaults and built-in aliases, pin versioned npx built-ins to exact versions, and stop unknown ACP agent ids from falling through to raw --agent command execution on the MCP-proxy path. (#28321) Thanks @m0nkmaster and @vincentkoc.
Security/audit: extend web search key audit to recognize Gemini, Grok/xAI, Kimi, Moonshot, and OpenRouter credentials via a boundary-safe bundled-web-search registry shim. (#56540)
Docs/FAQ: remove broken Xfinity SSL troubleshooting cross-links from English and zh-CN FAQ entries — both sections already contain the full workaround inline. (#56500)
Telegram: deliver verbose tool summaries inside forum topic sessions again, so threaded topic chats now match DM verbose behavior. (#43236) Thanks @frankbuild.
BlueBubbles/CLI agents: restore inbound prompt image refs for CLI routed turns, reapply embedded runner image size guardrails, and cover both CLI image transport paths with regression tests. (#51373)
BlueBubbles/groups: optionally enrich unnamed participant lists with local macOS Contacts names after group gating passes, so group member context can show names instead of only raw phone numbers.
Discord/reconnect: drain stale gateway sockets, clear cached resume state before forced fresh reconnects, and fail closed when old sockets refuse to die so Discord recovery stops looping on poisoned resume state. (#54697) Thanks @ngutman.
iMessage: stop leaking inline [[reply_to:...]] tags into delivered text by sending reply_to as RPC metadata and stripping stray directive tags from outbound messages. (#39512) Thanks @mvanhorn.
CLI/plugins: make routed commands use the same auto-enabled bundled-channel snapshot as gateway startup, so configured bundled channels like Slack load without requiring a prior config rewrite. (#54809) Thanks @neeravmakwana.
CLI/message send: write manual openclaw message send deliveries into the resolved agent session transcript again by always threading the default CLI agent through outbound mirroring. (#54187) Thanks @KevInTheCloud5617.
CLI/onboarding: show the Kimi Code API key option again in the Moonshot setup menu so the interactive picker includes all Kimi setup paths together. Fixes #54412 Thanks @sparkyrider
Agents/status: use provider-aware context window lookup for fresh Anthropic 4.6 model overrides so /status shows the correct 1.0m window instead of an underreported shared-cache minimum. (#54796) Thanks @neeravmakwana.
OpenAI/WebSocket: preserve reasoning replay metadata and tool-call item ids on WebSocket tool turns, and start a fresh response chain when full-context resend is required. (#53856) Thanks @xujingchen1996.
OpenAI/WS: restore reasoning blocks for Responses WebSocket runs and keep reasoning/tool-call replay metadata intact so resumed sessions do not lose or break follow-up reasoning-capable turns. (#53856) Thanks @xujingchen1996.
Agents/errors: surface provider quota/reset details when available, but keep HTML/Cloudflare rate-limit pages on the generic fallback so raw error pages are not shown to users. (#54512) Thanks @bugkill3r.
Claude CLI: switch the bundled Claude CLI backend to stream-json output so watchdogs see progress on long runs, and keep session/usage metadata even when Claude finishes with an empty result line. (#49698) Thanks @felear2022.
Claude CLI/MCP: always pass a strict generated --mcp-config overlay for background Claude CLI runs, including the empty-server case, so Claude does not inherit ambient user/global MCP servers. (#54961) Thanks @markojak.
Agents/embedded replies: surface mid-turn 429 and overload failures when embedded runs end without a user-visible reply, while preserving successful media-only replies that still use legacy mediaUrl. (#50930) Thanks @infichen.
Chat/UI: move the chat send button onto the shared ghost-button theme styling, while keeping the stop button icon readable on the danger state. (#55075) Thanks @bottenbenny.
WhatsApp/allowFrom: show a specific allowFrom policy error for valid blocked targets instead of the misleading format hint. Thanks @mcaxtr.
Agents/cooldowns: scope rate-limit cooldowns per model so one 429 no longer blocks every model on the same auth profile, replace the exponential 1 min -> 1 h escalation with a stepped 30 s / 1 min / 5 min ladder, and surface a user-facing countdown message when all models are rate-limited. (#49834) Thanks @kiranvk-2011.
Agents/embedded transport errors: distinguish common network failures like connection refused, DNS lookup failure, and interrupted sockets from true timeouts in embedded-run user messaging and lifecycle diagnostics. (#51419) Thanks @scoootscooob.
Telegram/pairing: ignore self-authored DM message updates so bot-pinned status cards and similar service updates do not trigger bogus pairing requests or re-enter inbound dispatch. (#54530) thanks @huntharo
Mattermost/replies: keep pairing replies, slash-command fallback replies, and model-picker messages on the resolved config path so exec: SecretRef bot tokens work across all outbound reply branches. (#48347) thanks @mathiasnagler.
Microsoft Teams/config: accept the existing welcomeCard, groupWelcomeCard, promptStarters, and feedback/reflection keys in strict config validation so already-supported Teams runtime settings stop failing schema checks. (#54679) Thanks @gumclaw.
MCP/channels: add a Gateway-backed channel MCP bridge with Codex/Claude-facing conversation tools, Claude channel notifications, and safer stdio bridge lifecycle handling for reconnects and routed session discovery.
Plugins/SDK: thread moduleUrl through plugin-sdk alias resolution so user-installed plugins outside the openclaw directory correctly resolve openclaw/plugin-sdk/* subpath imports, and gate plugin-sdk:check-exports in release:check. (#54283) Thanks @xieyongliang.
Config/web fetch: allow the documented tools.web.fetch.maxResponseBytes setting in runtime schema validation so valid configs no longer fail with unrecognized-key errors. (#53401) Thanks @erhhung.
Message tool/buttons: keep the shared buttons schema optional in merged tool definitions so plain action=send calls stop failing validation when no buttons are provided. (#54418) Thanks @adzendo.
Agents/openai-compatible tool calls: deduplicate repeated tool call ids across live assistant messages and replayed history so OpenAI-compatible backends no longer reject duplicate tool_call_id values with HTTP 400. (#40996) Thanks @xaeon2026.
Models/openai-completions: default non-native OpenAI-compatible providers to omit tool-definition strict fields unless users explicitly opt back in, so tool calling keeps working on providers that reject that option. (#45497) Thanks @sahancava.
Plugins/context engines: retry strict legacy assemble() calls without the new prompt field when older engines reject it, preserving prompt-aware retrieval compatibility for pre-prompt plugins. (#50848) thanks @danhdoan.
CLI/update status: explicitly say up to date when the local version already matches npm latest, while keeping the availability logic unchanged. (#51409) Thanks @dongzhenye.
Daemon/Linux: stop flagging non-gateway systemd services as duplicate gateways just because their unit files mention OpenClaw, reducing false-positive doctor/log noise. (#45328) Thanks @gregretkowski.
Feishu: close WebSocket connections on monitor stop/abort so ghost connections no longer persist, preventing duplicate event processing and resource leaks across restart cycles. (#52844) Thanks @schumilin.
Feishu: use the original message create_time instead of Date.now() for inbound timestamps so offline-retried messages carry the correct authoring time, preventing mis-targeted agent actions on stale instructions. (#52809) Thanks @schumilin.
Control UI/Skills: open skill detail dialogs with the browser modal lifecycle so clicking a skill row keeps the panel centered instead of rendering it off-screen at the bottom of the page.
Matrix/replies: include quoted poll question/options in inbound reply context so the agent sees the original poll content when users reply to Matrix poll messages. (#55056) Thanks @alberthild.
Matrix/plugins: keep plugin bootstrap from crashing when built runtime mixes bare and deep matrix-js-sdk entrypoints, so unrelated channels do not get taken down during plugin load. (#56273) Thanks @aquaright1.
Agents/sandbox: honor tools.sandbox.tools.alsoAllow, let explicit sandbox re-allows remove matching built-in default-deny tools, and keep sandbox explain/error guidance aligned with the effective sandbox tool policy. (#54492) Thanks @ngutman.
Agents/sandbox: make blocked-tool guidance glob-aware again, redact/sanitize session-specific explain hints for safer copy-paste, and avoid leaking control-character session keys in those hints. (#54684) Thanks @ngutman.
Agents/compaction: trigger timeout recovery compaction before retrying high-context LLM timeouts so embedded runs stop repeating oversized requests. (#46417) thanks @joeykrug.
Agents/compaction: reconcile sessions.json.compactionCount after a late embedded auto-compaction success so persisted session counts catch up once the handler reports completion. (#45493) Thanks @jackal092927.
Agents/failover: classify Codex accountId token extraction failures as auth errors so model fallback continues to the next configured candidate. (#55206) Thanks @cosmicnet.
Plugins/runtime: reuse only compatible active plugin registries across tools, providers, web search, and channel bootstrap, align /tools/invoke plugin loading with the session workspace, and retry outbound channel recovery when the pinned channel surface changes so plugin tools and channels stop disappearing or re-registering from mismatched runtime loads. Thanks @gumadeiras.
Talk/macOS: stop direct system-voice failures from replaying system speech, use app-locale fallback for shared watchdog timing, and add regression coverage for the macOS fallback route and language-aware timeout policy. (#53511) thanks @hongsw.
Discord/gateway cleanup: keep late Carbon reconnect-exhausted errors suppressed through startup/dispose cleanup so Discord monitor shutdown no longer crashes on late gateway close events. (#55373) Thanks @Takhoffman.
Discord/gateway shutdown: treat expected reconnect-exhausted events during intentional lifecycle stop as clean shutdowns so startup-abort cleanup no longer surfaces false gateway failures. (#55324) Thanks @joelnishanth.
Discord/gateway shutdown: suppress reconnect-exhausted events that were already buffered before teardown flips lifecycleStopping, so stale-socket Discord restarts no longer crash the whole gateway. Fixes #55403 and #55421. Thanks @lml2468 and @vincentkoc.
GitHub Copilot/auth refresh: treat large expires_at values as seconds epochs and clamp far-future runtime auth refresh timers so Copilot token refresh cannot fall into a setTimeout overflow hot loop. (#55360) Thanks @michael-abdo.
Agents/status: use the persisted runtime session model in session_status when no explicit override exists, and honor per-agent thinkingDefault in both session_status and /status. (#55425) Thanks @scoootscooob, @xaeon2026, and @ysfbsf.
Heartbeat/runner: guarantee the interval timer is re-armed after heartbeat runs and unexpected runner errors so scheduled heartbeats do not silently stop after an interrupted cycle. (#52270) Thanks @MiloStack.
Config/Doctor: rewrite stale bundled plugin load paths from legacy bundled-plugin locations to the packaged bundled path, including directory-name mismatches and slash-suffixed config entries. (#55054) Thanks @SnowSky1.
WhatsApp/mentions: stop treating mentions embedded in quoted messages as direct mentions so replying to a message that @mentioned the bot no longer falsely triggers mention gating. (#52711) Thanks @lurebat.
Matrix: keep separate 2-person rooms out of DM routing after m.direct seeds successfully, while still honoring explicit is_direct state and startup fallback recovery. (#54890) thanks @private-peter
Agents/ollama fallback: surface non-2xx Ollama HTTP errors with a leading status code so HTTP 503 responses trigger model fallback again. (#55214) Thanks @bugkill3r.
Feishu/tools: stop synthetic agent ids like agent-spawner from being treated as Feishu account ids during tool execution, so tools fall back to the configured/default Feishu account unless the contextual id is a real enabled Feishu account. (#55627) Thanks @MonkeyLeeT.
Google/tools: strip empty required: [] arrays from Gemini tool schemas so optional-only tool parameters no longer trigger Google validator 400s. (#52106) Thanks @oliviareid-svg.
Onboarding/TUI/local gateways: show the resolved gateway port in setup output, clarify no-daemon local health/dashboard messaging, and preserve loopback Control UI auth on reruns and explicit local gateway URLs so local quickstart flows recover cleanly. (#55730) Thanks @shakkernerd.
TUI/chat log: keep system messages as single logical entries and prune overflow at whole-message boundaries so wrapped system spacing stays intact. (#55732) Thanks @shakkernerd.
TUI/activation: validate /activation arguments in the TUI and reject invalid values instead of silently coercing them to mention. (#55733) Thanks @shakkernerd.
Agents/model switching: apply /model changes to active embedded runs at the next safe retry boundary, so overloaded or retrying turns switch to the newly selected model instead of staying pinned to the old provider.
Agents/Codex fallback: classify Codex server_error payloads as failoverable, sanitize Codex error: payloads before they reach chat, preserve context-overflow guidance for prefixed invalid_request_error payloads, and omit provider request_id values from user-facing UI copy. (#42892) Thanks @xaeon2026.
Memory/search: share memory embedding provider registrations across split plugin runtimes so memory search no longer fails with unknown provider errors after memory-core registers built-in adapters. (#55945) Thanks @glitch418x.
Discord/Carbon beta: update @buape/carbon to the latest beta and pass the new RateLimitError request argument so Discord stays compatible with the upstream beta constructor change. (#55980) Thanks @ngutman.
Plugins/inbound claims: pass full inbound attachment arrays through inbound_claim hook metadata while keeping the legacy singular media attachment fields for compatibility. (#55452) Thanks @huntharo.
Plugins/Matrix: preserve sender filenames for inbound media by forwarding originalFilename to saveMediaBuffer. (#55692) thanks @esrehmki.
Matrix/mentions: recognize matrix.to mentions whose visible label uses the bot's room display name, so requireMention: true rooms respond correctly in modern Matrix clients. (#55393) thanks @nickludlam.
Ollama/thinking off: route thinkingLevel=off through the live Ollama extension request path so thinking-capable Ollama models now receive top-level think: false instead of silently generating hidden reasoning tokens. (#53200) Thanks @BruceMacD.
Plugins/diffs: stage bundled @pierre/diffs runtime dependencies during packaged updates so the bundled diff viewer keeps loading after global installs and updates. (#56077) Thanks @gumadeiras.
Plugins/diffs: load bundled Pierre themes without JSON module imports so diff rendering keeps working on newer Node builds. (#45869) thanks @NickHood1984.
Plugins/uninstall: remove owned channels. config when uninstalling channel plugins, and keep the uninstall preview aligned with explicit channel ownership so built-in channels and shared keys stay intact. (#35915) Thanks @wbxl2000.
Plugins/Matrix: prefer explicit DM signals when choosing outbound direct rooms and routing unmapped verification summaries, so strict 2-person fallback rooms do not outrank the real DM. (#56076) thanks @gumadeiras
Plugins/Matrix: resolve env-backed accessToken and password SecretRefs against the active Matrix config env path during startup, and officially accept SecretRef accessToken config values. (#54980) thanks @kakahu2015.
Microsoft Teams/proactive DMs: prefer the freshest personal conversation reference for user: sends when multiple stored references exist, so replies stop targeting stale DM threads. (#54702) Thanks @gumclaw.
Gateway/plugins: reuse the session workspace when building HTTP /tools/invoke tool lists and harden tool construction to infer the session agent workspace by default, so workspace plugins do not re-register on repeated HTTP tool calls. (#56101) thanks @neeravmakwana
Brave/web search: normalize unsupported Brave country filters to ALL before request and cache-key generation so locale-derived values like VN stop failing with upstream 422 validation errors. (#55695) Thanks @chen-zhang-cs-code.
Discord/replies: preserve leading indentation when stripping inline reply tags so reply-tagged plain text and fenced code blocks keep their formatting. (#55960) Thanks @Nanako0129.
Daemon/status: surface immediate gateway close reasons from lightweight probes and prefer those concrete auth or pairing failures over generic timeouts in openclaw daemon status. (#56282) Thanks @mbelinky.
Agents/failover: classify HTTP 410 errors as retryable timeouts by default while still preserving explicit session-expired, billing, and auth signals from the payload. (#55201) thanks @nikus-pan.
Agents/subagents: restore completion announce delivery for extension channels like BlueBubbles. (#56348)
Plugins/Matrix: load bundled @matrix-org/matrix-sdk-crypto-nodejs through createRequire(...) so E2EE media send and receive keep the package-local native binding lookup working in packaged ESM builds. (#54566) thanks @joelnishanth.
Plugins/Matrix: encrypt E2EE image thumbnails with thumbnail_file while keeping unencrypted-room previews on thumbnail_url, so encrypted Matrix image events keep thumbnail metadata without leaking plaintext previews. (#54711) thanks @frischeDaten.
Telegram/forum topics: keep native /new and /reset routed to the active topic by preserving the topic target on forum-thread command context. (#35963)

View full changelog