chore(deps): update ghcr.io/openclaw/openclaw docker tag to v2026.4.24 #24

Merged
notarock-s-renovate[bot] merged 1 commit from renovate/docker-images into main 2026-04-26 01:40:50 +00:00
notarock-s-renovate[bot] commented 2026-04-23 14:15:32 +00:00 (Migrated from github.com)

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change
ghcr.io/openclaw/openclaw (source) final patch 2026.4.212026.4.24

Release Notes

openclaw/openclaw (ghcr.io/openclaw/openclaw)

v2026.4.24

Compare Source

Highlights
  • Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs.
  • DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns.
  • Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers.
  • Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery.
  • Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs.
Breaking
  • Plugin SDK/tool-result transforms: remove the Pi-only api.registerEmbeddedExtensionFactory(...) compatibility path. Bundled tool-result rewrites must use api.registerAgentToolResultMiddleware(...) with contracts.agentToolResultMiddleware declaring the targeted harnesses, so transforms run consistently across Pi and Codex app-server dynamic tools. Thanks @​vincentkoc.
Changes
  • Control UI/Talk: add browser WebRTC realtime voice sessions backed by OpenAI Realtime, with Gateway-minted ephemeral client secrets and openclaw_agent_consult handoff to the full OpenClaw agent.
  • Plugins/Google Meet: add a bundled participant plugin with personal Google auth, explicit meeting URL joins, Chrome and Twilio realtime transports, paired-node chrome-node support for Parallels-style Chrome/BlackHole/SoX hosts, and full-agent consults inside live voice sessions. (#​70765)
  • Plugins/Google Meet: add artifact and attendance workflows for conference records, recordings, transcripts, smart notes, and participant sessions, including markdown/file output, latest-record lookup, and --all-conference-records history scans.
  • Plugins/Google Meet: add OAuth and browser-state doctor/recovery flows, including googlemeet doctor --oauth and recover_current_tab/recover-tab so agents can inspect already-open Meet tabs without opening duplicates.
  • Plugins/Voice Call: expose the shared openclaw_agent_consult realtime tool so live phone calls can ask the full OpenClaw agent for deeper/tool-backed answers.
  • Plugins/Voice Call: add voicecall setup and a dry-run-by-default voicecall smoke command so Twilio/provider readiness can be checked before placing a live test call.
  • Providers/Google: add a Gemini Live realtime voice provider for backend Voice Call and Google Meet audio bridges, with bidirectional audio and function-call support.
  • Providers/Google: let Gemini TTS prepend configured audioProfile and speakerName prompt text for reusable speech style control. Thanks @​tdack.
  • Gateway/VoiceClaw: add a realtime brain WebSocket endpoint backed by Gemini Live, with owner-auth gating and async OpenClaw tool handoff. (#​70938) Thanks @​yagudaev.
  • Control UI: refine the agent Tool Access panel with compact live-tool chips, collapsible tool groups, direct per-tool toggles, and clearer runtime/source provenance. (#​71405) Thanks @​BunsDev.
  • Control UI/chat: add a Steer action on queued messages so a browser follow-up can be injected into the active run without retyping it.
  • Browser: add viewport coordinate clicks for managed and existing-session automation, plus openclaw browser click-coords for CLI use. (#​54452) Thanks @​dluttz.
  • Browser: add browser.actionTimeoutMs and use a 60s default action budget so healthy long browser waits do not fail at the client transport boundary. (#​62589) Thanks @​andyylin.
  • Browser/config: support per-profile browser.profiles.<name>.headless overrides for locally launched browser profiles, so one profile can run headless without forcing all browser profiles headless. Thanks @​nakamotoliu.
  • Matrix: require full cross-signing identity trust for self-device verification and add openclaw matrix verify self so operators can establish that trust from the CLI. (#​70401) Thanks @​gumadeiras.
  • Gradium: add a bundled text-to-speech provider with voice-note and telephony output support. (#​64958) Thanks @​LaurentMazare.
  • Memory-core/hybrid search: expose raw vectorScore and textScore alongside the combined score on hybrid memory search results, so callers can inspect vector-versus-text retrieval contribution before temporal decay or MMR reordering. Fixes #​68166. (#​68286) Thanks @​ajfonthemove.
  • Dependencies/memory: stop installing node-llama-cpp by default; local embeddings now load it only when operators install the optional runtime package. Thanks @​vincentkoc.
  • Providers/DeepSeek: add DeepSeek V4 Flash and V4 Pro to the bundled catalog and make V4 Flash the onboarding default. Thanks @​lsdsjy.
  • Dependencies/Pi: update bundled Pi packages to 0.70.2, use Pi's upstream gpt-5.5 and DeepSeek V4 catalog metadata, and keep only local gpt-5.5-pro forward-compat handling. Thanks @​lsdsjy.
  • Models/CLI: speed up model listing with safe static catalogs for bundled providers, narrower row-source orchestration, and less broad registry enumeration for default openclaw models list. (#​70632, #​70883, #​70867) Thanks @​shakkernerd.
  • Models/commands: deprecate /models add so chat attempts now return a deprecation message instead of writing model configuration, and remove the add action from /models provider menus. (#​71175) Thanks @​Takhoffman.
  • Models/catalog: add manifest-sourced model rows, duplicate provider/model conflict reporting, and shared src/model-catalog normalization for provider index, cache, onboarding, and listing consumers without loading provider runtime. (#​71368, #​71360) Thanks @​shakkernerd.
  • Codex harness/context-engine: run context-engine bootstrap, assembly, post-turn maintenance, and engine-owned compaction in Codex app-server sessions while keeping native Codex thread state and compaction auditable. (#​70809) Thanks @​jalehman.
  • Codex runtime plan: consolidate contract-first Pi/Codex parity coverage and accept legacy Codex auth-provider aliases in app-server profile login and refresh paths. (#​71096) Thanks @​100yenadmin.
  • Codex harness: bridge Codex-native tool hooks into OpenClaw plugin hooks and approvals, with bounded relay payloads and approval spam protection. (#​71008) Thanks @​pashpashpash.
  • Plugin SDK/Codex harness: add provider-owned transport/auth/follow-up seams and harness result classification so Codex-style runtimes can participate in fallback policy without core special-casing. (#​70772) Thanks @​100yenadmin.
  • Gateway/nodes: add disabled-by-default gateway.nodes.pairing.autoApproveCidrs for first-time node pairing from explicit trusted CIDRs, while keeping operator/browser pairing and all upgrade flows manual. Fixes #​60800. Thanks @​sahilsatralkar.
  • WebChat/sessions: keep runtime-only prompt context out of visible transcript history and scrub legacy wrappers from session history surfaces. Thanks @​91wan.
  • Agents/bootstrap: add agents.defaults.contextInjection: "never" to disable workspace bootstrap file injection for agents that fully own their prompt lifecycle. (#​65006) Thanks @​xDarkicex.
  • Plugins/manifest: add a modelCatalog contract for provider-owned model rows, aliases, suppression rules, and discovery mode metadata without loading plugin runtime. (#​71342) Thanks @​shakkernerd.
  • Plugins/setup: honor explicit setup.requiresRuntime: false as a descriptor-only setup contract while keeping omitted values on the legacy setup-api fallback path. Thanks @​vincentkoc.
  • Plugins/setup: report descriptor/runtime drift when setup-api registrations disagree with setup.providers or setup.cliBackends, without rejecting legacy setup plugins. Thanks @​vincentkoc.
  • Plugins/setup: include setup.providers[].envVars in generic provider auth/env lookups and warn non-bundled plugins that still rely on deprecated providerAuthEnvVars compatibility metadata. Thanks @​vincentkoc.
  • Plugins/setup: derive generic provider setup choices from descriptor-safe setup.providers[].authMethods before falling back to setup runtime. Thanks @​vincentkoc.
  • Plugins/setup: surface manifest provider auth choices directly in provider setup flow before falling back to setup runtime or install-catalog choices. Thanks @​vincentkoc.
  • Plugins/setup: warn when descriptor-only setup plugins still ship ignored setup runtime entries, keeping setup.requiresRuntime: false semantics explicit without breaking existing metadata. Thanks @​vincentkoc.
  • Plugins/channels: use manifest channelConfigs for read-only external channel discovery when no setup entry is available or setup descriptors declare runtime unnecessary. Thanks @​vincentkoc.
  • Plugin hooks: expose first-class run, message, sender, session, and trace correlation fields on message hook contexts and run lifecycle events. Thanks @​vincentkoc.
  • Plugins/PDF: move local PDF extraction into a bundled document-extract plugin so core no longer owns pdfjs-dist or PDF image-rendering dependencies. Thanks @​vincentkoc.
  • Providers/Anthropic Vertex: move the Vertex SDK runtime behind the bundled provider plugin so core no longer owns that provider-specific dependency. Thanks @​vincentkoc.
  • Plugins/activation: expose activation plan reasons and a richer plan API so callers can inspect why a plugin was selected while preserving existing id-list activation behavior. (#​70943) Thanks @​vincentkoc.
  • Plugins/source metadata: expose normalized install-source facts on provider and channel catalogs so onboarding can explain npm pinning, integrity state, and local availability before runtime loads. (#​70951) Thanks @​vincentkoc.
  • Plugins/catalog: pin the official external WeCom channel source to an exact npm release plus dist integrity, with a guard that official external sources stay integrity-pinned. (#​70997) Thanks @​vincentkoc.
  • Plugins/source metadata: warn when openclaw.install.defaultChoice is invalid or points at a missing source, keeping catalog diagnostics explicit without breaking existing plugins. Thanks @​vincentkoc.
  • Plugins/source metadata: warn when openclaw.install.expectedIntegrity is present without a valid npm source, keeping orphaned integrity metadata visible without rejecting existing plugins. Thanks @​vincentkoc.
  • Plugins/source metadata: warn when provider or channel catalog package identity drifts from openclaw.install.npmSpec, keeping diagnostics visible without rejecting compatible external catalogs. Thanks @​vincentkoc.
  • Plugins/Bonjour: move LAN Gateway discovery advertising into a default-enabled bundled plugin with its own @homebridge/ciao dependency, so users can disable Bonjour without cutting wide-area discovery. Thanks @​vincentkoc.
  • Plugins/compatibility: add a central plugin compatibility registry and docs for SDK/config/setup/runtime deprecation records, including dated migration metadata for legacy harness naming and other plugin-facing aliases. Thanks @​vincentkoc.
  • TUI/dependencies: remove direct cli-highlight usage from the OpenClaw TUI code-block renderer, keeping themed code coloring without the extra root dependency. Thanks @​vincentkoc.
  • Dependencies/SBOM: add an ownership-backed dependency risk report for root closure size, native/build-risk packages, and missing owner records. Thanks @​vincentkoc.
  • Diagnostics/OTEL: export run, model-call, and tool-execution diagnostic lifecycle events as OTEL spans without retaining live span state. Thanks @​vincentkoc.
  • Diagnostics/OTEL: accept opt-in diagnostics.otel.captureContent controls for future model/tool content span attributes while keeping raw content export disabled by default. Thanks @​vincentkoc.
  • Diagnostics/OTEL: add a lightweight diagnostic trace-context carrier for future span correlation without adding OTEL SDK state to core. Thanks @​vincentkoc.
  • Diagnostics/OTEL: attach diagnostic trace context to exported OTEL logs so log records can correlate with future spans without adding retained process state. Thanks @​vincentkoc.
  • Diagnostics/OTEL: pass immutable per-run diagnostic trace context through agent and tool hook contexts, and parent exported diagnostic spans from validated context without retaining global trace state. Thanks @​vincentkoc.
  • Diagnostics/OTEL: make exporter startup restart-safe so config reloads do not retain stale SDKs, log transports, or diagnostic event listeners. Thanks @​vincentkoc.
  • Diagnostics/OTEL: emit bounded exec-process diagnostics and export them as openclaw.exec spans without exposing command text, working directories, or container identifiers. (#​70424) Thanks @​jlapenna.
  • Diagnostics/OTEL: support OPENCLAW_OTEL_PRELOADED=1 so the plugin can reuse an already-registered OpenTelemetry SDK while keeping OpenClaw diagnostic listeners wired. (#​70424) Thanks @​jlapenna.
  • Diagnostics: emit structured tool execution diagnostic events with trace context, timing, and redacted error metadata. Thanks @​vincentkoc.
  • Diagnostics: emit structured run and model-call diagnostic events with trace context, duration, and non-message error metadata. Thanks @​vincentkoc.
  • CLI/Gateway: make gateway status start faster by skipping plugin loading on the read-only status path. (#​71364) Thanks @​andyylin.
Fixes
  • Packaged installs: preserve package-root runtime dependencies and their exported subpaths when bundled plugin runtime mirrors fall back to copying shared chunks, fixing Windows npm updates that could fail to load copied dist modules.
  • Heartbeat: clamp oversized scheduler delays through the shared safe timer helper, preventing every values over Node's timeout cap from becoming a 1 ms crash loop. Fixes #​71414. (#​71478) Thanks @​hclsys.
  • Agents/heartbeat: stop injecting the heartbeat system prompt into non-heartbeat runs, preventing ordinary user replies from being suppressed as HEARTBEAT_OK acknowledgments. Fixes #​69079. (#​69278) Thanks @​stainlu.
  • MCP: retire one-shot embedded bundled MCP runtimes at run end, skip bundle-MCP startup when a runtime tool allowlist cannot reach bundle-MCP tools, and add mcp.sessionIdleTtlMs idle eviction for leaked session runtimes. Fixes #​71106, #​71110, #​70389, and #​70808.
  • Gateway/restart continuation: durably hand restart continuations to a session-delivery queue before deleting the restart sentinel, recover queued continuation work after crashy restarts, and fall back to a session-only wake when no channel route survives reboot. (#​70780) Thanks @​fuller-stack-dev.
  • Agents/tool-result pruning: harden the tool-result character estimator and context-pruning loops against malformed { type: "text" } blocks created by void or undefined tool handler results, serializing non-string text payloads for size accounting so they cannot bypass trimming as zero-sized. Fixes #​34979. (#​51267) Thanks @​cgdusek.
  • Daemon/service-env: add Nix Home Manager profile bin directories to generated gateway service PATHs on macOS and Linux, honoring NIX_PROFILES right-to-left precedence and falling back to ~/.nix-profile/bin when unset. Fixes #​44402. (#​59935) Thanks @​jerome-benoit.
  • Feishu: back off streaming-card creation after HTTP 400 startup failures, so unsupported card setups fall back without delaying every message. Fixes #​56981. Thanks @​JinnanDuan.
  • Feishu/topic groups: key native Feishu/Lark topic-group sessions by thread_id so starter messages and replies with different root_id formats stay in the same group_topic conversation. Fixes #​71438. Thanks @​1335848090.
  • Feishu: suppress duplicate final card delivery when idle closes a streaming card before the final payload arrives. (#​68491) Thanks @​MoerAI.
  • Signal: preserve sender attachment filenames and resolve missing MIME types from those filenames, so Linux signal-cli voice notes without contentType still enter audio transcription. Fixes #​48614. Thanks @​mindfury.
  • Telegram/agents: suppress the phantom "Agent couldn't generate a response" fallback after a reply was already committed through the messaging tool. (#​70623) Thanks @​chinar-amrutkar.
  • Models/CLI: show provider runtime contextTokens beside native contextWindow in openclaw models list, and align openai-codex/gpt-5.5 with Codex's 272K runtime cap plus 400K native window. Fixes #​71403.
  • Dashboard/security: avoid writing tokenized Control UI URLs or SSH hints to runtime logs, keeping gateway bearer fragments out of console-captured logs readable through logs.tail. (#​70029) Thanks @​Ziy1-Tan.
  • Providers/OpenRouter: treat DeepSeek refs as cache-TTL eligible without injecting Anthropic cache-control markers, aligning context pruning with OpenRouter-managed prompt caching. (#​51983) Thanks @​QuinnH496.
  • Control UI/browser: defer temp-dir access-mode constants until Node-only temp-dir resolution runs, preventing browser bundles from crashing when node:fs constants are stubbed. (#​48930) Thanks @​Valentinws.
  • Discord/cron: deliver text-only isolated cron and heartbeat announce output from the canonical final assistant text once, avoiding duplicate Discord posts when streamed block payloads and the final answer contain the same content. Fixes #​71406. Thanks @​alexgross21.
  • macOS Gateway: wait for launchd to reload the exited Gateway LaunchAgent before bootstrapping repair fallback, preventing config-triggered restarts from leaving the service not loaded. Fixes #​45178. Thanks @​vincentkoc.
  • macOS Gateway: tolerate launchctl bootstrap's already-loaded exit during restart fallback and use non-killing kickstart after bootstrap, avoiding a second race that can unload the LaunchAgent. Fixes #​41934. Thanks @​zerone0x.
  • macOS Gateway: rewrite stale LaunchAgent plists before restart fallback bootstrap, matching install repair behavior when gateway restart has to re-register launchd. Thanks @​maybegeeker.
  • TTS/hooks: preserve audio-only TTS transcripts for message_sending and message_sent hooks without rendering the transcript as a media caption. Thanks @​zqchris.
  • WhatsApp/TTS: preserve audioAsVoice through shared media payload sends and the WhatsApp outbound adapter, so [[audio_as_voice]] reply payloads keep their voice-note intent when routed through sendPayload. Fixes #​66053. Thanks @​masatohoshino.
  • Control UI/WebChat: hide heartbeat prompts, HEARTBEAT_OK acknowledgments, and internal-only runtime context turns from visible chat history while leaving the underlying transcript intact. Fixes #​71381. Thanks @​gerald1950ggg-ai.
  • Control UI/chat: keep optimistic user and assistant tail messages visible when a final history refresh briefly returns an older snapshot, preventing message cards from flash-disappearing until the next refresh. Fixes #​71371. Thanks @​WolvenRA.
  • Talk/TTS: resolve configured extension speech providers from the active runtime registry before provider-list discovery, so Talk mode no longer rejects valid plugin speech providers as unsupported.
  • Sessions/subagents: stop stale ended runs and old store-only child reverse links from reappearing in childSessions, while keeping live descendants and recently-ended children visible. Fixes #​57920.
  • Subagents: recover child sessions after recoverable wait transport failures without exposing an extra wait state, and keep terminal lifecycle timer ordering deterministic. (#​71423) Thanks @​ZiPengWei.
  • Subagents: stop stale unended runs from counting as active or pending forever, while preserving restart-aborted recovery for recoverable child sessions. Fixes #​71252. Thanks @​hclsys.
  • Gateway/tools: allow POST /tools/invoke to reach plugin-backed catalog tools such as browser when no core implementation exists, while still preferring built-in tools for real core names. Thanks @​chat2way.
  • Browser/security: require operator.admin for the browser.request gateway method, matching the host/browser-node control authority exposed by that route. Thanks @​RichardCao.
  • Browser/profiles: allow local managed profiles to override browser.executablePath, so different profiles can launch different Chromium-based browsers. Thanks @​nobrainer-tech.
  • Agents/replay: repair displaced or missing tool results before strict provider replay, use Codex-compatible aborted outputs for OpenAI Responses history, and drop partial aborted/error transport turns before retries.
  • Browser/startup: deduplicate concurrent lazy-start calls per profile so simultaneous browser tool requests no longer race into duplicate Chrome launches and PortInUseError. (#​61772) Thanks @​sukhdeepjohar.
  • Browser/profiles: recover from stale Chromium Singleton* profile locks after crashes or host moves by clearing dead/foreign locks and retrying launch once. Thanks @​seanc-dev.
  • Browser/existing-session: keep Chrome MCP status probes transport-only and ephemeral, and retry stale cached Playwright attaches once so idle profile checks no longer poison the next real attach. (#​57245) Thanks @​josephbergvinson.
  • Cron/exec: suppress automatic background exec completion wakes only for silent cron jobs with delivery.mode="none" while keeping webhook and announce runs observable. (#​71391) Thanks @​goldmar.
  • Reply media: allow sandboxed replies to deliver OpenClaw-managed media/outbound and media/tool-* attachments without treating them as sandbox escapes, while keeping alias-escape checks on the managed media root. Fixes #​71138. Thanks @​mayor686, @​truffle-dev, and @​neeravmakwana.
  • CLI/agent: keep openclaw agent --json stdout reserved for the JSON response by routing gateway, plugin, and embedded-fallback diagnostics to stderr before execution starts. Fixes #​71319.
  • Agents/Gemini: retry reasoning-only, empty, and planning-only Gemini turns instead of letting sessions silently stall. Fixes #​71074. (#​71362) Thanks @​neeravmakwana.
  • Providers/DeepSeek: add missing reasoning_content placeholders for replayed assistant tool-call turns when DeepSeek V4 thinking is enabled, so switching an existing session to deepseek-v4-flash or deepseek-v4-pro no longer trips the provider's 400 replay check. Fixes #​71372. Thanks @​yangyang1719.
  • Exec approvals: allow bare command-name allowlist patterns to match PATH-resolved executable basenames without trusting ./tool or absolute path-selected binaries. Fixes #​71315. Thanks @​chen-zhang-cs-code and @​dengluozhang.
  • Config/recovery: skip whole-file last-known-good rollback when invalidity is scoped to plugins.entries.*, preserving unrelated user settings during plugin schema or host-version skew. Fixes #​71289. Thanks @​jalehman.
  • Agents/tools: keep resolved reply-run configs from being overwritten by stale runtime snapshots, and let empty web runtime metadata fall back to configured provider auto-detection so standard and queued turns expose the same tool set. Fixes #​71355. Thanks @​c-g14.
  • Agents/TTS: pass the resolved shared config into the tts tool, so tool-triggered speech uses configured providers and voices instead of falling back to a fresh config load.
  • Reply media: strip MEDIA: attachments from final replies when the same media already went out through block streaming, preventing duplicate Telegram voice notes and files. Fixes #​65468. Thanks @​aurora-openclaw.
  • Agents/TTS: preserve voice media when a tool-generated reply is paired with an exact NO_REPLY sentinel, stripping the sentinel text instead of dropping the audio payload. Fixes #​66092.
  • Compaction: honor explicit agents.defaults.compaction.keepRecentTokens for manual /compact, re-distill safeguard summaries instead of snowballing previous summaries, and enable safeguard summary quality checks by default. Fixes #​71357. Thanks @​WhiteGiverMa.
  • Sessions: honor configured session.maintenance settings during load-time maintenance instead of falling back to default entry caps. Fixes #​71356. Thanks @​comolago.
  • Browser/sandbox: pass the resolved browser.ssrfPolicy into sandbox browser bridges and refresh cached bridges when the effective policy changes, so sandboxed browser navigation honors private-network opt-ins. Fixes #​45153 and #​57055. Thanks @​jzakirov, @​zuoanCo, and @​kybrcore.
  • Browser/proxy: keep Gateway/provider proxy environment variables from proxying the OpenClaw-managed browser, so HTTP_PROXY and HTTPS_PROXY no longer block ordinary browser navigation. Fixes #​71358. Thanks @​Sanjays2402.
  • Agents/MCP: validate draft-2020-12 MCP tool output schemas with a draft-aware bundle-MCP client validator, so external MCP servers no longer fail catalog/tool execution with missing schema refs. Fixes #​68772 and #​70196. Thanks @​mwiesen.
  • Dashboard/Windows: open Control UI and OAuth URLs through the system URL handler without cmd.exe parsing or PATH-based rundll32 lookup, and reject non-HTTP browser-open inputs. Fixes #​71098. Thanks @​Sanjays2402.
  • Config/doctor: reject legacy secretref-env:<ENV_VAR> marker strings on SecretRef credential paths and migrate valid markers to structured env SecretRefs with openclaw doctor --fix. Fixes #​51794. Thanks @​halointellicore.
  • Plugin SDK/browser: export the resolved browser tab-cleanup config type through the browser profile facade, keeping SDK subpath contracts aligned.
  • Providers/OpenAI: separate API-key and Codex sign-in onboarding groups, and avoid replaying stale OpenAI Responses reasoning blocks after a model route switch.
  • Providers/OpenAI-compatible: forward prompt_cache_key on Completions requests only for providers that opt in with compat.supportsPromptCacheKey, keeping default proxy payloads unchanged. Fixes #​69272.
  • Providers/OpenAI-compatible: skip null or non-object streaming chunks from custom providers instead of failing the turn after partial output. Fixes #​51112.
  • Providers/OpenAI-compatible: treat singular MLX-style finish_reason: "tool_call" as tool use instead of a provider error. Fixes #​61499.
  • Docs/TTS: clarify that legacy flat TTS provider config blocks are repaired by openclaw doctor --fix, not accepted by strict runtime schema on load. Fixes #​56220.
  • Plugins/OpenCode: strip unsupported disabled Responses reasoning payloads for OpenCode image understanding. Fixes #​70252.
  • Plugins/OpenCode/OpenCode Go: register image understanding metadata so the image tool is available for OpenCode catalog models with vision support. Fixes #​70482 and #​61789.
  • Plugins/OpenCode Go: update the default Go catalog model to opencode-go/kimi-k2.6. Thanks @​masrlinu.
  • Providers/ElevenLabs: omit the MP3-only Accept header for PCM telephony synthesis, so Voice Call requests for pcm_22050 no longer receive MP3 audio. Fixes #​67340. Thanks @​marcchabot.
  • Providers/MiniMax TTS: truncate fractional pitch overrides before sending T2A requests, matching MiniMax's integer pitch contract while preserving fractional speed and volume. Fixes #​62144.
  • Providers/MiniMax TTS: transcode voice-note targets to Opus so Feishu/Telegram receive native voice messages instead of MP3 file attachments. Fixes #​63540, #​64134, and #​70445.
  • Providers/Microsoft TTS: keep allowlisted bundled speech providers discoverable even when another speech plugin has already registered, so Edge/Microsoft TTS is available alongside OpenAI. Fixes #​62117 and #​66850.
  • Providers/Microsoft TTS: honor legacy messages.tts.providers.edge voice settings after normalizing Edge TTS to the Microsoft provider. Fixes #​64153.
  • Providers/OpenRouter: add an OpenRouter TTS provider using the OpenAI-compatible /audio/speech endpoint and OPENROUTER_API_KEY. Fixes #​71268.
  • macOS Talk Mode: retry failed local ElevenLabs stream playback through gateway talk.speak before falling back to the system voice, so configured ElevenLabs voices still play when streaming playback fails. Fixes #​65662.
  • Plugins/Voice Call: reap stale pre-answer calls by default, honor configured TTS timeouts for Twilio media-stream playback, and fail empty telephony audio instead of completing as silence. Fixes #​42071; supersedes #​60957. Thanks @​Ryce and @​sliekens.
  • Plugins/Voice Call: fail fast when Twilio, Telnyx, or Plivo would fall back to a loopback/private webhook URL, so calls do not start with an unreachable callback endpoint. Thanks @​artemgetmann.
  • Plugins/Voice Call: resolve queued-but-not-yet-playing Twilio TTS entries when barge-in or stream teardown clears the playback queue, so callers awaiting queueTts() do not hang. Thanks @​kevinWangSheng.
  • Plugins/Voice Call: terminate expired restored call sessions with the provider and restart restored max-duration timers with only the remaining duration, preventing stale outbound retry loops after Gateway restarts. Fixes #​48739. Thanks @​mira-solari.
  • Plugins/Voice Call: start provider STT after Telnyx outbound conversation greetings and pass configured Telnyx voice IDs through to the speak action. Fixes #​56091. Thanks @​Roshan.
  • Skills: honor legacy metadata.clawdbot requirements and installer hints when metadata.openclaw is absent, so older skills no longer appear ready when required binaries are missing. Fixes #​71323. Thanks @​chen-zhang-cs-code.
  • Browser/config: expand ~ in browser.executablePath before Chromium launch, so home-relative custom browser paths no longer fail with ENOENT. Fixes #​67264. Thanks @​Quratulain-bilal.
  • Channels/streaming: keep Telegram tool-progress preview updates enabled by default to match released behavior, document streaming.preview.toolProgress: false for disabling only those status lines, and prevent preview progress text from triggering Telegram Markdown links, Discord mentions, or Slack mrkdwn mentions. Fixes #​71320. Thanks @​neeravmakwana.
  • Gateway/sessions: copy the oversized sessions.json to a rotation backup before the atomic rewrite instead of renaming the live store away, so a crash during rotation keeps the existing session-to-transcript mapping authoritative. Fixes #​68229. Thanks @​jjjojoj.
  • Providers/OpenAI-compatible: strip OpenAI-only Completions store from proxy payloads and allow extra_body/extraBody passthrough params for provider-specific request fields. Fixes #​61826 and #​69717.
  • Discord/subagents: preserve thread-bound completion delivery by keeping the requester-agent announce path primary and falling back to direct thread sends only when the announce produces no visible output. (#​71064) Thanks @​DolencLuka.
  • Discord/proxy: serialize proxied multipart attachment uploads with undici FormData, so Discord media sends work through configured REST proxies. (#​71383) Thanks @​TC500.
  • Browser/tool: give Chrome MCP existing-session manage calls a longer default timeout, pass explicit tool timeouts through tab management, and recover stale selected-page MCP sessions instead of forcing a manual reset.
  • Browser/sandbox: clean up idle tracked tabs opened by primary-agent browser sessions, while preserving active tab reuse and lifecycle cleanup for subagents, cron, and ACP sessions. Fixes #​71165. Thanks @​dwbutler.
  • Plugins/Voice Call: reuse the webhook runtime across in-process plugin contexts, avoiding EADDRINUSE when agent tools or CLI commands run while the Gateway already owns the voice webhook port. Fixes #​58115. Thanks @​sfbrian.
  • Plugins/Voice Call: answer accepted Telnyx inbound Call Control legs on call.initiated, so webhooks that reach OpenClaw no longer leave the caller ringing until hangup. Fixes #​58231 and #​40131. Thanks @​KonsultDigital.
  • Plugins/Voice Call: coalesce concurrent webhook server starts on the same runtime instance, avoiding a second listen() bind when overlapping startup paths race. Thanks @​education-01.
  • Plugins/Voice Call: pin voice response sessions to responseModel before embedded agent runs, avoiding live-session model switch failures when the global default model differs. Fixes #​60118. Thanks @​xinbenlv.
  • Plugins/Voice Call: add agentId for voice response generation, so phone calls can use a dedicated agent workspace instead of always routing through main. Fixes #​42155. Thanks @​TheOpie.
  • Plugins/Voice Call: scope embedded voice response sandbox resolution to the selected voice agent, so implicit main voice sessions respect agents.defaults.sandbox.mode: "off" even when other agents define sandboxed Docker binds. Fixes #​56367. Thanks @​crpol.
  • Media tools: honor the configured web-fetch SSRF policy for media understanding, image/music/video generation references, and PDF inputs, so explicit RFC2544 opt-ins cover WebChat OSS uploads without weakening defaults. Fixes #​71300. (#​71321) Thanks @​neeravmakwana.
  • Agents/TTS: suppress successful spoken transcripts from verbose chat tool output when structured voice media is already queued, while preserving text output for non-builtin tool-name collisions. Fixes #​71282. Thanks @​neeravmakwana.
  • Plugins/Google Meet: reuse active Meet tabs across harmless URL query differences, recover already-open tabs after browser timeouts, surface manual-action details for login or permission blockers, and let googlemeet recover-tab inspect paired browser nodes from the terminal.
  • Cron/isolated sessions: clear stale runtime, lifecycle, auth, model, exec, heartbeat, usage, privilege, routing, and delivery artifacts when creating a fresh isolated run, and persist per-run session rows as snapshots so old base-session state no longer leaks into new cron executions. Thanks @​vincentkoc.
  • Gateway/sessions: recover main-agent turns interrupted by a gateway restart from stale transcript-lock evidence, avoiding stuck status: "running" sessions without broad post-boot transcript scans. Fixes #​70555. Thanks @​bitloi.
  • Codex approvals: sanitize MCP elicitation approval titles, descriptions, and display parameters before forwarding them to OpenClaw approval prompts. (#​71343) Thanks @​Lucenx9.
  • Codex approvals: keep command approval responses within Codex app-server availableDecisions, including deny/cancel fallbacks for prompts that do not offer decline. (#​71338) Thanks @​Lucenx9.
  • Codex harness: reject same-thread app-server notifications without turnId or turn.id after a bound turn starts, preventing unscoped events from mutating or completing the active reply. (#​71317) Thanks @​Lucenx9.
  • Plugins/Google Meet: include live Chrome-node readiness and Parallels recovery checks in setup, so stale node tokens or disconnected VM browsers are visible before an agent opens a meeting.
  • Context engine: keep safeguard compaction checks active after context-engine windowing and for ownsCompaction engines, so large transcripts can compact before prompt submission instead of waiting for provider overflow. Fixes #​71325.
  • Approvals: compact structured home-directory paths to ~ across Codex permission prompts and exec approval metadata without repeating them as a separate high-risk warning, while preserving filesystem root and wildcard host warnings.
  • Plugins/runtime deps: isolate the internal npm cache used for bundled plugin runtime-dependency repair and let package updates refresh/verify already-current installs, so failed update or sudo doctor runs can be repaired by rerunning openclaw update.
  • Agents/delete: keep --json output machine-readable and retain workspaces that overlap another agent's workspace instead of moving shared state to Trash. Fixes #​70889 and #​70890. (#​70897) Thanks @​kaseonedge.
  • Browser/screenshot: honor timeoutMs through host and node screenshot requests, bound raw CDP screenshot commands, and avoid beyond-viewport CDP capture for ordinary viewport screenshots, so Windows Chrome captures no longer hang past the requested deadline. Fixes #​68330. Thanks @​Woodylai24.
  • Telegram/model picker: show configured model display names when browsing models through provider buttons, matching typed /models <provider> output. Fixes #​70560. (#​71016) Thanks @​iskim77.
  • Plugins/runtime deps: stage bundled plugin runtime dependencies for packaged/global installs in an external runtime root and retain already staged deps across repairs, avoiding package-tree update races and npm pruning after upgrades.
  • Plugins/runtime deps: log bundled plugin runtime-dependency staging before synchronous npm installs start and include elapsed timing afterward, so first boot after upgrades no longer looks hung while dependencies are being repaired.
  • Memory/Bedrock: skip Bedrock during automatic memory embedding selection when AWS credentials are unavailable, so memory_search can fall back to lexical search instead of failing on the first embed call. Fixes #​71143 via #​71245. Thanks @​bitloi.
  • Agents/failover: forward embedded run abort signals into provider-owned model streams, cap implicit LLM idle watchdogs below long run timeouts, and mark 429 responses without usable retry timing as non-retryable so GitHub Copilot rate limits fail over or surface promptly instead of hanging until run timeout. Fixes #​71120.
  • Plugins/Google Meet: make meeting creation join by default, with an explicit URL-only opt-out, so agents that create a Meet also enter it.
  • Telegram/polling: persist accepted update offsets before long-running handlers complete so poller restarts do not replay already-ingested updates, while keeping same-process retries for handler failures.
  • Telegram/config: include generated Telegram channel config schema metadata in packaged plugin manifests so forum-topic/group config is accepted before runtime loads.
  • CLI/Claude: include user-configured mcp.servers in the strict Claude CLI MCP bundle config, matching Pi runs while preserving the OpenClaw loopback override. Fixes #​70909. Thanks @​keishingu.
  • Browser/tool: keep explicit AI snapshots from inheriting the efficient role-snapshot default and preserve numeric Playwright AI refs, so --format ai remains a real AI snapshot path. Fixes #​62550. Thanks @​ly85206559.
  • Gateway/config: keep in-process config patch reload comparisons on the resolved source snapshot when ${VAR} env refs are restored on disk, avoiding false full gateway restarts for unchanged gateway/plugin secrets. Fixes #​71208. Thanks @​robbiethompson18.
  • Slack/messages: serialize write-client requests and whole outbound sends per target so rapid multi-message Slack replies preserve send order. Fixes #​69101. (#​69105) Thanks @​nightq and @​ztexydt-cqh.
  • Slack/messages: keep Slack bot tokens out of internal message-ordering and DM cache keys.
  • Slack/exec approvals: resolve native approval button clicks over the Gateway instead of delivering /approve ... as plain agent text, preserving retry buttons if Gateway resolution fails. Fixes #​71023. (#​71025) Thanks @​marusan03.
  • Browser/tool: expose browser doctor diagnostics to agents and extend openclaw doctor browser readiness notes for managed Chromium launch prerequisites. (#​62948, #​62936) Thanks @​seanc-dev.
  • Slack/files: return non-image download-file results as local file paths instead of image payloads, and include Slack file IDs in inbound file placeholders so agents can call download-file. Fixes #​71212. Thanks @​teamrazo.
  • Browser control: scope standalone loopback auth to the resolved active gateway credential and fail closed when password mode lacks a resolved password, so inactive tokens or passwords no longer authorize browser routes. Fixes #​65626. (#​65639) Thanks @​coygeek.
  • Control UI/Codex harness: emit native Codex app-server assistant and lifecycle completion events so live webchat runs stop spinning without needing a transcript reload fallback. (#​70815) Thanks [@​lesaai](https://redirect.github.com/lesaa

Configuration

📅 Schedule: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

> ℹ️ **Note** > > This PR body was truncated due to platform limits. This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ghcr.io/openclaw/openclaw](https://openclaw.ai) ([source](https://redirect.github.com/openclaw/openclaw)) | final | patch | `2026.4.21` → `2026.4.24` | --- ### Release Notes <details> <summary>openclaw/openclaw (ghcr.io/openclaw/openclaw)</summary> ### [`v2026.4.24`](https://redirect.github.com/openclaw/openclaw/blob/HEAD/CHANGELOG.md#2026424) [Compare Source](https://redirect.github.com/openclaw/openclaw/compare/v2026.4.23...v2026.4.24) ##### Highlights - Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs. - DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns. - Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers. - Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery. - Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs. ##### Breaking - Plugin SDK/tool-result transforms: remove the Pi-only `api.registerEmbeddedExtensionFactory(...)` compatibility path. Bundled tool-result rewrites must use `api.registerAgentToolResultMiddleware(...)` with `contracts.agentToolResultMiddleware` declaring the targeted harnesses, so transforms run consistently across Pi and Codex app-server dynamic tools. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). ##### Changes - Control UI/Talk: add browser WebRTC realtime voice sessions backed by OpenAI Realtime, with Gateway-minted ephemeral client secrets and `openclaw_agent_consult` handoff to the full OpenClaw agent. - Plugins/Google Meet: add a bundled participant plugin with personal Google auth, explicit meeting URL joins, Chrome and Twilio realtime transports, paired-node `chrome-node` support for Parallels-style Chrome/BlackHole/SoX hosts, and full-agent consults inside live voice sessions. ([#&#8203;70765](https://redirect.github.com/openclaw/openclaw/issues/70765)) - Plugins/Google Meet: add artifact and attendance workflows for conference records, recordings, transcripts, smart notes, and participant sessions, including markdown/file output, latest-record lookup, and `--all-conference-records` history scans. - Plugins/Google Meet: add OAuth and browser-state doctor/recovery flows, including `googlemeet doctor --oauth` and `recover_current_tab`/`recover-tab` so agents can inspect already-open Meet tabs without opening duplicates. - Plugins/Voice Call: expose the shared `openclaw_agent_consult` realtime tool so live phone calls can ask the full OpenClaw agent for deeper/tool-backed answers. - Plugins/Voice Call: add `voicecall setup` and a dry-run-by-default `voicecall smoke` command so Twilio/provider readiness can be checked before placing a live test call. - Providers/Google: add a Gemini Live realtime voice provider for backend Voice Call and Google Meet audio bridges, with bidirectional audio and function-call support. - Providers/Google: let Gemini TTS prepend configured `audioProfile` and `speakerName` prompt text for reusable speech style control. Thanks [@&#8203;tdack](https://redirect.github.com/tdack). - Gateway/VoiceClaw: add a realtime brain WebSocket endpoint backed by Gemini Live, with owner-auth gating and async OpenClaw tool handoff. ([#&#8203;70938](https://redirect.github.com/openclaw/openclaw/issues/70938)) Thanks [@&#8203;yagudaev](https://redirect.github.com/yagudaev). - Control UI: refine the agent Tool Access panel with compact live-tool chips, collapsible tool groups, direct per-tool toggles, and clearer runtime/source provenance. ([#&#8203;71405](https://redirect.github.com/openclaw/openclaw/issues/71405)) Thanks [@&#8203;BunsDev](https://redirect.github.com/BunsDev). - Control UI/chat: add a Steer action on queued messages so a browser follow-up can be injected into the active run without retyping it. - Browser: add viewport coordinate clicks for managed and existing-session automation, plus `openclaw browser click-coords` for CLI use. ([#&#8203;54452](https://redirect.github.com/openclaw/openclaw/issues/54452)) Thanks [@&#8203;dluttz](https://redirect.github.com/dluttz). - Browser: add `browser.actionTimeoutMs` and use a 60s default action budget so healthy long browser waits do not fail at the client transport boundary. ([#&#8203;62589](https://redirect.github.com/openclaw/openclaw/issues/62589)) Thanks [@&#8203;andyylin](https://redirect.github.com/andyylin). - Browser/config: support per-profile `browser.profiles.<name>.headless` overrides for locally launched browser profiles, so one profile can run headless without forcing all browser profiles headless. Thanks [@&#8203;nakamotoliu](https://redirect.github.com/nakamotoliu). - Matrix: require full cross-signing identity trust for self-device verification and add `openclaw matrix verify self` so operators can establish that trust from the CLI. ([#&#8203;70401](https://redirect.github.com/openclaw/openclaw/issues/70401)) Thanks [@&#8203;gumadeiras](https://redirect.github.com/gumadeiras). - Gradium: add a bundled text-to-speech provider with voice-note and telephony output support. ([#&#8203;64958](https://redirect.github.com/openclaw/openclaw/issues/64958)) Thanks [@&#8203;LaurentMazare](https://redirect.github.com/LaurentMazare). - Memory-core/hybrid search: expose raw `vectorScore` and `textScore` alongside the combined `score` on hybrid memory search results, so callers can inspect vector-versus-text retrieval contribution before temporal decay or MMR reordering. Fixes [#&#8203;68166](https://redirect.github.com/openclaw/openclaw/issues/68166). ([#&#8203;68286](https://redirect.github.com/openclaw/openclaw/issues/68286)) Thanks [@&#8203;ajfonthemove](https://redirect.github.com/ajfonthemove). - Dependencies/memory: stop installing `node-llama-cpp` by default; local embeddings now load it only when operators install the optional runtime package. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Providers/DeepSeek: add DeepSeek V4 Flash and V4 Pro to the bundled catalog and make V4 Flash the onboarding default. Thanks [@&#8203;lsdsjy](https://redirect.github.com/lsdsjy). - Dependencies/Pi: update bundled Pi packages to `0.70.2`, use Pi's upstream `gpt-5.5` and DeepSeek V4 catalog metadata, and keep only local `gpt-5.5-pro` forward-compat handling. Thanks [@&#8203;lsdsjy](https://redirect.github.com/lsdsjy). - Models/CLI: speed up model listing with safe static catalogs for bundled providers, narrower row-source orchestration, and less broad registry enumeration for default `openclaw models list`. ([#&#8203;70632](https://redirect.github.com/openclaw/openclaw/issues/70632), [#&#8203;70883](https://redirect.github.com/openclaw/openclaw/issues/70883), [#&#8203;70867](https://redirect.github.com/openclaw/openclaw/issues/70867)) Thanks [@&#8203;shakkernerd](https://redirect.github.com/shakkernerd). - Models/commands: deprecate `/models add` so chat attempts now return a deprecation message instead of writing model configuration, and remove the add action from `/models` provider menus. ([#&#8203;71175](https://redirect.github.com/openclaw/openclaw/issues/71175)) Thanks [@&#8203;Takhoffman](https://redirect.github.com/Takhoffman). - Models/catalog: add manifest-sourced model rows, duplicate provider/model conflict reporting, and shared `src/model-catalog` normalization for provider index, cache, onboarding, and listing consumers without loading provider runtime. ([#&#8203;71368](https://redirect.github.com/openclaw/openclaw/issues/71368), [#&#8203;71360](https://redirect.github.com/openclaw/openclaw/issues/71360)) Thanks [@&#8203;shakkernerd](https://redirect.github.com/shakkernerd). - Codex harness/context-engine: run context-engine bootstrap, assembly, post-turn maintenance, and engine-owned compaction in Codex app-server sessions while keeping native Codex thread state and compaction auditable. ([#&#8203;70809](https://redirect.github.com/openclaw/openclaw/issues/70809)) Thanks [@&#8203;jalehman](https://redirect.github.com/jalehman). - Codex runtime plan: consolidate contract-first Pi/Codex parity coverage and accept legacy Codex auth-provider aliases in app-server profile login and refresh paths. ([#&#8203;71096](https://redirect.github.com/openclaw/openclaw/issues/71096)) Thanks [@&#8203;100yenadmin](https://redirect.github.com/100yenadmin). - Codex harness: bridge Codex-native tool hooks into OpenClaw plugin hooks and approvals, with bounded relay payloads and approval spam protection. ([#&#8203;71008](https://redirect.github.com/openclaw/openclaw/issues/71008)) Thanks [@&#8203;pashpashpash](https://redirect.github.com/pashpashpash). - Plugin SDK/Codex harness: add provider-owned transport/auth/follow-up seams and harness result classification so Codex-style runtimes can participate in fallback policy without core special-casing. ([#&#8203;70772](https://redirect.github.com/openclaw/openclaw/issues/70772)) Thanks [@&#8203;100yenadmin](https://redirect.github.com/100yenadmin). - Gateway/nodes: add disabled-by-default `gateway.nodes.pairing.autoApproveCidrs` for first-time node pairing from explicit trusted CIDRs, while keeping operator/browser pairing and all upgrade flows manual. Fixes [#&#8203;60800](https://redirect.github.com/openclaw/openclaw/issues/60800). Thanks [@&#8203;sahilsatralkar](https://redirect.github.com/sahilsatralkar). - WebChat/sessions: keep runtime-only prompt context out of visible transcript history and scrub legacy wrappers from session history surfaces. Thanks [@&#8203;91wan](https://redirect.github.com/91wan). - Agents/bootstrap: add `agents.defaults.contextInjection: "never"` to disable workspace bootstrap file injection for agents that fully own their prompt lifecycle. ([#&#8203;65006](https://redirect.github.com/openclaw/openclaw/issues/65006)) Thanks [@&#8203;xDarkicex](https://redirect.github.com/xDarkicex). - Plugins/manifest: add a `modelCatalog` contract for provider-owned model rows, aliases, suppression rules, and discovery mode metadata without loading plugin runtime. ([#&#8203;71342](https://redirect.github.com/openclaw/openclaw/issues/71342)) Thanks [@&#8203;shakkernerd](https://redirect.github.com/shakkernerd). - Plugins/setup: honor explicit `setup.requiresRuntime: false` as a descriptor-only setup contract while keeping omitted values on the legacy setup-api fallback path. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/setup: report descriptor/runtime drift when setup-api registrations disagree with `setup.providers` or `setup.cliBackends`, without rejecting legacy setup plugins. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/setup: include `setup.providers[].envVars` in generic provider auth/env lookups and warn non-bundled plugins that still rely on deprecated `providerAuthEnvVars` compatibility metadata. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/setup: derive generic provider setup choices from descriptor-safe `setup.providers[].authMethods` before falling back to setup runtime. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/setup: surface manifest provider auth choices directly in provider setup flow before falling back to setup runtime or install-catalog choices. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/setup: warn when descriptor-only setup plugins still ship ignored setup runtime entries, keeping `setup.requiresRuntime: false` semantics explicit without breaking existing metadata. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/channels: use manifest `channelConfigs` for read-only external channel discovery when no setup entry is available or setup descriptors declare runtime unnecessary. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugin hooks: expose first-class run, message, sender, session, and trace correlation fields on message hook contexts and run lifecycle events. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/PDF: move local PDF extraction into a bundled `document-extract` plugin so core no longer owns `pdfjs-dist` or PDF image-rendering dependencies. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Providers/Anthropic Vertex: move the Vertex SDK runtime behind the bundled provider plugin so core no longer owns that provider-specific dependency. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/activation: expose activation plan reasons and a richer plan API so callers can inspect why a plugin was selected while preserving existing id-list activation behavior. ([#&#8203;70943](https://redirect.github.com/openclaw/openclaw/issues/70943)) Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/source metadata: expose normalized install-source facts on provider and channel catalogs so onboarding can explain npm pinning, integrity state, and local availability before runtime loads. ([#&#8203;70951](https://redirect.github.com/openclaw/openclaw/issues/70951)) Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/catalog: pin the official external WeCom channel source to an exact npm release plus dist integrity, with a guard that official external sources stay integrity-pinned. ([#&#8203;70997](https://redirect.github.com/openclaw/openclaw/issues/70997)) Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/source metadata: warn when `openclaw.install.defaultChoice` is invalid or points at a missing source, keeping catalog diagnostics explicit without breaking existing plugins. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/source metadata: warn when `openclaw.install.expectedIntegrity` is present without a valid npm source, keeping orphaned integrity metadata visible without rejecting existing plugins. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/source metadata: warn when provider or channel catalog package identity drifts from `openclaw.install.npmSpec`, keeping diagnostics visible without rejecting compatible external catalogs. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/Bonjour: move LAN Gateway discovery advertising into a default-enabled bundled plugin with its own `@homebridge/ciao` dependency, so users can disable Bonjour without cutting wide-area discovery. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Plugins/compatibility: add a central plugin compatibility registry and docs for SDK/config/setup/runtime deprecation records, including dated migration metadata for legacy harness naming and other plugin-facing aliases. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - TUI/dependencies: remove direct `cli-highlight` usage from the OpenClaw TUI code-block renderer, keeping themed code coloring without the extra root dependency. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Dependencies/SBOM: add an ownership-backed dependency risk report for root closure size, native/build-risk packages, and missing owner records. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Diagnostics/OTEL: export run, model-call, and tool-execution diagnostic lifecycle events as OTEL spans without retaining live span state. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Diagnostics/OTEL: accept opt-in `diagnostics.otel.captureContent` controls for future model/tool content span attributes while keeping raw content export disabled by default. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Diagnostics/OTEL: add a lightweight diagnostic trace-context carrier for future span correlation without adding OTEL SDK state to core. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Diagnostics/OTEL: attach diagnostic trace context to exported OTEL logs so log records can correlate with future spans without adding retained process state. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Diagnostics/OTEL: pass immutable per-run diagnostic trace context through agent and tool hook contexts, and parent exported diagnostic spans from validated context without retaining global trace state. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Diagnostics/OTEL: make exporter startup restart-safe so config reloads do not retain stale SDKs, log transports, or diagnostic event listeners. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Diagnostics/OTEL: emit bounded exec-process diagnostics and export them as `openclaw.exec` spans without exposing command text, working directories, or container identifiers. ([#&#8203;70424](https://redirect.github.com/openclaw/openclaw/issues/70424)) Thanks [@&#8203;jlapenna](https://redirect.github.com/jlapenna). - Diagnostics/OTEL: support `OPENCLAW_OTEL_PRELOADED=1` so the plugin can reuse an already-registered OpenTelemetry SDK while keeping OpenClaw diagnostic listeners wired. ([#&#8203;70424](https://redirect.github.com/openclaw/openclaw/issues/70424)) Thanks [@&#8203;jlapenna](https://redirect.github.com/jlapenna). - Diagnostics: emit structured tool execution diagnostic events with trace context, timing, and redacted error metadata. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Diagnostics: emit structured run and model-call diagnostic events with trace context, duration, and non-message error metadata. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - CLI/Gateway: make `gateway status` start faster by skipping plugin loading on the read-only status path. ([#&#8203;71364](https://redirect.github.com/openclaw/openclaw/issues/71364)) Thanks [@&#8203;andyylin](https://redirect.github.com/andyylin). ##### Fixes - Packaged installs: preserve package-root runtime dependencies and their exported subpaths when bundled plugin runtime mirrors fall back to copying shared chunks, fixing Windows npm updates that could fail to load copied `dist` modules. - Heartbeat: clamp oversized scheduler delays through the shared safe timer helper, preventing `every` values over Node's timeout cap from becoming a 1 ms crash loop. Fixes [#&#8203;71414](https://redirect.github.com/openclaw/openclaw/issues/71414). ([#&#8203;71478](https://redirect.github.com/openclaw/openclaw/issues/71478)) Thanks [@&#8203;hclsys](https://redirect.github.com/hclsys). - Agents/heartbeat: stop injecting the heartbeat system prompt into non-heartbeat runs, preventing ordinary user replies from being suppressed as `HEARTBEAT_OK` acknowledgments. Fixes [#&#8203;69079](https://redirect.github.com/openclaw/openclaw/issues/69079). ([#&#8203;69278](https://redirect.github.com/openclaw/openclaw/issues/69278)) Thanks [@&#8203;stainlu](https://redirect.github.com/stainlu). - MCP: retire one-shot embedded bundled MCP runtimes at run end, skip bundle-MCP startup when a runtime tool allowlist cannot reach bundle-MCP tools, and add `mcp.sessionIdleTtlMs` idle eviction for leaked session runtimes. Fixes [#&#8203;71106](https://redirect.github.com/openclaw/openclaw/issues/71106), [#&#8203;71110](https://redirect.github.com/openclaw/openclaw/issues/71110), [#&#8203;70389](https://redirect.github.com/openclaw/openclaw/issues/70389), and [#&#8203;70808](https://redirect.github.com/openclaw/openclaw/issues/70808). - Gateway/restart continuation: durably hand restart continuations to a session-delivery queue before deleting the restart sentinel, recover queued continuation work after crashy restarts, and fall back to a session-only wake when no channel route survives reboot. ([#&#8203;70780](https://redirect.github.com/openclaw/openclaw/issues/70780)) Thanks [@&#8203;fuller-stack-dev](https://redirect.github.com/fuller-stack-dev). - Agents/tool-result pruning: harden the tool-result character estimator and context-pruning loops against malformed `{ type: "text" }` blocks created by void or undefined tool handler results, serializing non-string text payloads for size accounting so they cannot bypass trimming as zero-sized. Fixes [#&#8203;34979](https://redirect.github.com/openclaw/openclaw/issues/34979). ([#&#8203;51267](https://redirect.github.com/openclaw/openclaw/issues/51267)) Thanks [@&#8203;cgdusek](https://redirect.github.com/cgdusek). - Daemon/service-env: add Nix Home Manager profile bin directories to generated gateway service PATHs on macOS and Linux, honoring `NIX_PROFILES` right-to-left precedence and falling back to `~/.nix-profile/bin` when unset. Fixes [#&#8203;44402](https://redirect.github.com/openclaw/openclaw/issues/44402). ([#&#8203;59935](https://redirect.github.com/openclaw/openclaw/issues/59935)) Thanks [@&#8203;jerome-benoit](https://redirect.github.com/jerome-benoit). - Feishu: back off streaming-card creation after HTTP 400 startup failures, so unsupported card setups fall back without delaying every message. Fixes [#&#8203;56981](https://redirect.github.com/openclaw/openclaw/issues/56981). Thanks [@&#8203;JinnanDuan](https://redirect.github.com/JinnanDuan). - Feishu/topic groups: key native Feishu/Lark topic-group sessions by `thread_id` so starter messages and replies with different `root_id` formats stay in the same `group_topic` conversation. Fixes [#&#8203;71438](https://redirect.github.com/openclaw/openclaw/issues/71438). Thanks [@&#8203;1335848090](https://redirect.github.com/1335848090). - Feishu: suppress duplicate final card delivery when idle closes a streaming card before the final payload arrives. ([#&#8203;68491](https://redirect.github.com/openclaw/openclaw/issues/68491)) Thanks [@&#8203;MoerAI](https://redirect.github.com/MoerAI). - Signal: preserve sender attachment filenames and resolve missing MIME types from those filenames, so Linux `signal-cli` voice notes without `contentType` still enter audio transcription. Fixes [#&#8203;48614](https://redirect.github.com/openclaw/openclaw/issues/48614). Thanks [@&#8203;mindfury](https://redirect.github.com/mindfury). - Telegram/agents: suppress the phantom "Agent couldn't generate a response" fallback after a reply was already committed through the messaging tool. ([#&#8203;70623](https://redirect.github.com/openclaw/openclaw/issues/70623)) Thanks [@&#8203;chinar-amrutkar](https://redirect.github.com/chinar-amrutkar). - Models/CLI: show provider runtime `contextTokens` beside native `contextWindow` in `openclaw models list`, and align `openai-codex/gpt-5.5` with Codex's 272K runtime cap plus 400K native window. Fixes [#&#8203;71403](https://redirect.github.com/openclaw/openclaw/issues/71403). - Dashboard/security: avoid writing tokenized Control UI URLs or SSH hints to runtime logs, keeping gateway bearer fragments out of console-captured logs readable through `logs.tail`. ([#&#8203;70029](https://redirect.github.com/openclaw/openclaw/issues/70029)) Thanks [@&#8203;Ziy1-Tan](https://redirect.github.com/Ziy1-Tan). - Providers/OpenRouter: treat DeepSeek refs as cache-TTL eligible without injecting Anthropic cache-control markers, aligning context pruning with OpenRouter-managed prompt caching. ([#&#8203;51983](https://redirect.github.com/openclaw/openclaw/issues/51983)) Thanks [@&#8203;QuinnH496](https://redirect.github.com/QuinnH496). - Control UI/browser: defer temp-dir access-mode constants until Node-only temp-dir resolution runs, preventing browser bundles from crashing when `node:fs` constants are stubbed. ([#&#8203;48930](https://redirect.github.com/openclaw/openclaw/issues/48930)) Thanks [@&#8203;Valentinws](https://redirect.github.com/Valentinws). - Discord/cron: deliver text-only isolated cron and heartbeat announce output from the canonical final assistant text once, avoiding duplicate Discord posts when streamed block payloads and the final answer contain the same content. Fixes [#&#8203;71406](https://redirect.github.com/openclaw/openclaw/issues/71406). Thanks [@&#8203;alexgross21](https://redirect.github.com/alexgross21). - macOS Gateway: wait for launchd to reload the exited Gateway LaunchAgent before bootstrapping repair fallback, preventing config-triggered restarts from leaving the service not loaded. Fixes [#&#8203;45178](https://redirect.github.com/openclaw/openclaw/issues/45178). Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - macOS Gateway: tolerate launchctl bootstrap's already-loaded exit during restart fallback and use non-killing kickstart after bootstrap, avoiding a second race that can unload the LaunchAgent. Fixes [#&#8203;41934](https://redirect.github.com/openclaw/openclaw/issues/41934). Thanks [@&#8203;zerone0x](https://redirect.github.com/zerone0x). - macOS Gateway: rewrite stale LaunchAgent plists before restart fallback bootstrap, matching install repair behavior when `gateway restart` has to re-register launchd. Thanks [@&#8203;maybegeeker](https://redirect.github.com/maybegeeker). - TTS/hooks: preserve audio-only TTS transcripts for `message_sending` and `message_sent` hooks without rendering the transcript as a media caption. Thanks [@&#8203;zqchris](https://redirect.github.com/zqchris). - WhatsApp/TTS: preserve `audioAsVoice` through shared media payload sends and the WhatsApp outbound adapter, so `[[audio_as_voice]]` reply payloads keep their voice-note intent when routed through `sendPayload`. Fixes [#&#8203;66053](https://redirect.github.com/openclaw/openclaw/issues/66053). Thanks [@&#8203;masatohoshino](https://redirect.github.com/masatohoshino). - Control UI/WebChat: hide heartbeat prompts, `HEARTBEAT_OK` acknowledgments, and internal-only runtime context turns from visible chat history while leaving the underlying transcript intact. Fixes [#&#8203;71381](https://redirect.github.com/openclaw/openclaw/issues/71381). Thanks [@&#8203;gerald1950ggg-ai](https://redirect.github.com/gerald1950ggg-ai). - Control UI/chat: keep optimistic user and assistant tail messages visible when a final history refresh briefly returns an older snapshot, preventing message cards from flash-disappearing until the next refresh. Fixes [#&#8203;71371](https://redirect.github.com/openclaw/openclaw/issues/71371). Thanks [@&#8203;WolvenRA](https://redirect.github.com/WolvenRA). - Talk/TTS: resolve configured extension speech providers from the active runtime registry before provider-list discovery, so Talk mode no longer rejects valid plugin speech providers as unsupported. - Sessions/subagents: stop stale ended runs and old store-only child reverse links from reappearing in `childSessions`, while keeping live descendants and recently-ended children visible. Fixes [#&#8203;57920](https://redirect.github.com/openclaw/openclaw/issues/57920). - Subagents: recover child sessions after recoverable wait transport failures without exposing an extra wait state, and keep terminal lifecycle timer ordering deterministic. ([#&#8203;71423](https://redirect.github.com/openclaw/openclaw/issues/71423)) Thanks [@&#8203;ZiPengWei](https://redirect.github.com/ZiPengWei). - Subagents: stop stale unended runs from counting as active or pending forever, while preserving restart-aborted recovery for recoverable child sessions. Fixes [#&#8203;71252](https://redirect.github.com/openclaw/openclaw/issues/71252). Thanks [@&#8203;hclsys](https://redirect.github.com/hclsys). - Gateway/tools: allow `POST /tools/invoke` to reach plugin-backed catalog tools such as `browser` when no core implementation exists, while still preferring built-in tools for real core names. Thanks [@&#8203;chat2way](https://redirect.github.com/chat2way). - Browser/security: require `operator.admin` for the `browser.request` gateway method, matching the host/browser-node control authority exposed by that route. Thanks [@&#8203;RichardCao](https://redirect.github.com/RichardCao). - Browser/profiles: allow local managed profiles to override `browser.executablePath`, so different profiles can launch different Chromium-based browsers. Thanks [@&#8203;nobrainer-tech](https://redirect.github.com/nobrainer-tech). - Agents/replay: repair displaced or missing tool results before strict provider replay, use Codex-compatible `aborted` outputs for OpenAI Responses history, and drop partial aborted/error transport turns before retries. - Browser/startup: deduplicate concurrent lazy-start calls per profile so simultaneous browser tool requests no longer race into duplicate Chrome launches and `PortInUseError`. ([#&#8203;61772](https://redirect.github.com/openclaw/openclaw/issues/61772)) Thanks [@&#8203;sukhdeepjohar](https://redirect.github.com/sukhdeepjohar). - Browser/profiles: recover from stale Chromium `Singleton*` profile locks after crashes or host moves by clearing dead/foreign locks and retrying launch once. Thanks [@&#8203;seanc-dev](https://redirect.github.com/seanc-dev). - Browser/existing-session: keep Chrome MCP status probes transport-only and ephemeral, and retry stale cached Playwright attaches once so idle profile checks no longer poison the next real attach. ([#&#8203;57245](https://redirect.github.com/openclaw/openclaw/issues/57245)) Thanks [@&#8203;josephbergvinson](https://redirect.github.com/josephbergvinson). - Cron/exec: suppress automatic background exec completion wakes only for silent cron jobs with `delivery.mode="none"` while keeping webhook and announce runs observable. ([#&#8203;71391](https://redirect.github.com/openclaw/openclaw/issues/71391)) Thanks [@&#8203;goldmar](https://redirect.github.com/goldmar). - Reply media: allow sandboxed replies to deliver OpenClaw-managed `media/outbound` and `media/tool-*` attachments without treating them as sandbox escapes, while keeping alias-escape checks on the managed media root. Fixes [#&#8203;71138](https://redirect.github.com/openclaw/openclaw/issues/71138). Thanks [@&#8203;mayor686](https://redirect.github.com/mayor686), [@&#8203;truffle-dev](https://redirect.github.com/truffle-dev), and [@&#8203;neeravmakwana](https://redirect.github.com/neeravmakwana). - CLI/agent: keep `openclaw agent --json` stdout reserved for the JSON response by routing gateway, plugin, and embedded-fallback diagnostics to stderr before execution starts. Fixes [#&#8203;71319](https://redirect.github.com/openclaw/openclaw/issues/71319). - Agents/Gemini: retry reasoning-only, empty, and planning-only Gemini turns instead of letting sessions silently stall. Fixes [#&#8203;71074](https://redirect.github.com/openclaw/openclaw/issues/71074). ([#&#8203;71362](https://redirect.github.com/openclaw/openclaw/issues/71362)) Thanks [@&#8203;neeravmakwana](https://redirect.github.com/neeravmakwana). - Providers/DeepSeek: add missing `reasoning_content` placeholders for replayed assistant tool-call turns when DeepSeek V4 thinking is enabled, so switching an existing session to `deepseek-v4-flash` or `deepseek-v4-pro` no longer trips the provider's 400 replay check. Fixes [#&#8203;71372](https://redirect.github.com/openclaw/openclaw/issues/71372). Thanks [@&#8203;yangyang1719](https://redirect.github.com/yangyang1719). - Exec approvals: allow bare command-name allowlist patterns to match PATH-resolved executable basenames without trusting `./tool` or absolute path-selected binaries. Fixes [#&#8203;71315](https://redirect.github.com/openclaw/openclaw/issues/71315). Thanks [@&#8203;chen-zhang-cs-code](https://redirect.github.com/chen-zhang-cs-code) and [@&#8203;dengluozhang](https://redirect.github.com/dengluozhang). - Config/recovery: skip whole-file last-known-good rollback when invalidity is scoped to `plugins.entries.*`, preserving unrelated user settings during plugin schema or host-version skew. Fixes [#&#8203;71289](https://redirect.github.com/openclaw/openclaw/issues/71289). Thanks [@&#8203;jalehman](https://redirect.github.com/jalehman). - Agents/tools: keep resolved reply-run configs from being overwritten by stale runtime snapshots, and let empty web runtime metadata fall back to configured provider auto-detection so standard and queued turns expose the same tool set. Fixes [#&#8203;71355](https://redirect.github.com/openclaw/openclaw/issues/71355). Thanks [@&#8203;c-g14](https://redirect.github.com/c-g14). - Agents/TTS: pass the resolved shared config into the `tts` tool, so tool-triggered speech uses configured providers and voices instead of falling back to a fresh config load. - Reply media: strip `MEDIA:` attachments from final replies when the same media already went out through block streaming, preventing duplicate Telegram voice notes and files. Fixes [#&#8203;65468](https://redirect.github.com/openclaw/openclaw/issues/65468). Thanks [@&#8203;aurora-openclaw](https://redirect.github.com/aurora-openclaw). - Agents/TTS: preserve voice media when a tool-generated reply is paired with an exact `NO_REPLY` sentinel, stripping the sentinel text instead of dropping the audio payload. Fixes [#&#8203;66092](https://redirect.github.com/openclaw/openclaw/issues/66092). - Compaction: honor explicit `agents.defaults.compaction.keepRecentTokens` for manual `/compact`, re-distill safeguard summaries instead of snowballing previous summaries, and enable safeguard summary quality checks by default. Fixes [#&#8203;71357](https://redirect.github.com/openclaw/openclaw/issues/71357). Thanks [@&#8203;WhiteGiverMa](https://redirect.github.com/WhiteGiverMa). - Sessions: honor configured `session.maintenance` settings during load-time maintenance instead of falling back to default entry caps. Fixes [#&#8203;71356](https://redirect.github.com/openclaw/openclaw/issues/71356). Thanks [@&#8203;comolago](https://redirect.github.com/comolago). - Browser/sandbox: pass the resolved `browser.ssrfPolicy` into sandbox browser bridges and refresh cached bridges when the effective policy changes, so sandboxed browser navigation honors private-network opt-ins. Fixes [#&#8203;45153](https://redirect.github.com/openclaw/openclaw/issues/45153) and [#&#8203;57055](https://redirect.github.com/openclaw/openclaw/issues/57055). Thanks [@&#8203;jzakirov](https://redirect.github.com/jzakirov), [@&#8203;zuoanCo](https://redirect.github.com/zuoanCo), and [@&#8203;kybrcore](https://redirect.github.com/kybrcore). - Browser/proxy: keep Gateway/provider proxy environment variables from proxying the OpenClaw-managed browser, so `HTTP_PROXY` and `HTTPS_PROXY` no longer block ordinary browser navigation. Fixes [#&#8203;71358](https://redirect.github.com/openclaw/openclaw/issues/71358). Thanks [@&#8203;Sanjays2402](https://redirect.github.com/Sanjays2402). - Agents/MCP: validate draft-2020-12 MCP tool output schemas with a draft-aware bundle-MCP client validator, so external MCP servers no longer fail catalog/tool execution with missing schema refs. Fixes [#&#8203;68772](https://redirect.github.com/openclaw/openclaw/issues/68772) and [#&#8203;70196](https://redirect.github.com/openclaw/openclaw/issues/70196). Thanks [@&#8203;mwiesen](https://redirect.github.com/mwiesen). - Dashboard/Windows: open Control UI and OAuth URLs through the system URL handler without `cmd.exe` parsing or PATH-based `rundll32` lookup, and reject non-HTTP browser-open inputs. Fixes [#&#8203;71098](https://redirect.github.com/openclaw/openclaw/issues/71098). Thanks [@&#8203;Sanjays2402](https://redirect.github.com/Sanjays2402). - Config/doctor: reject legacy `secretref-env:<ENV_VAR>` marker strings on SecretRef credential paths and migrate valid markers to structured env SecretRefs with `openclaw doctor --fix`. Fixes [#&#8203;51794](https://redirect.github.com/openclaw/openclaw/issues/51794). Thanks [@&#8203;halointellicore](https://redirect.github.com/halointellicore). - Plugin SDK/browser: export the resolved browser tab-cleanup config type through the browser profile facade, keeping SDK subpath contracts aligned. - Providers/OpenAI: separate API-key and Codex sign-in onboarding groups, and avoid replaying stale OpenAI Responses reasoning blocks after a model route switch. - Providers/OpenAI-compatible: forward `prompt_cache_key` on Completions requests only for providers that opt in with `compat.supportsPromptCacheKey`, keeping default proxy payloads unchanged. Fixes [#&#8203;69272](https://redirect.github.com/openclaw/openclaw/issues/69272). - Providers/OpenAI-compatible: skip null or non-object streaming chunks from custom providers instead of failing the turn after partial output. Fixes [#&#8203;51112](https://redirect.github.com/openclaw/openclaw/issues/51112). - Providers/OpenAI-compatible: treat singular MLX-style `finish_reason: "tool_call"` as tool use instead of a provider error. Fixes [#&#8203;61499](https://redirect.github.com/openclaw/openclaw/issues/61499). - Docs/TTS: clarify that legacy flat TTS provider config blocks are repaired by `openclaw doctor --fix`, not accepted by strict runtime schema on load. Fixes [#&#8203;56220](https://redirect.github.com/openclaw/openclaw/issues/56220). - Plugins/OpenCode: strip unsupported disabled Responses reasoning payloads for OpenCode image understanding. Fixes [#&#8203;70252](https://redirect.github.com/openclaw/openclaw/issues/70252). - Plugins/OpenCode/OpenCode Go: register image understanding metadata so the image tool is available for OpenCode catalog models with vision support. Fixes [#&#8203;70482](https://redirect.github.com/openclaw/openclaw/issues/70482) and [#&#8203;61789](https://redirect.github.com/openclaw/openclaw/issues/61789). - Plugins/OpenCode Go: update the default Go catalog model to `opencode-go/kimi-k2.6`. Thanks [@&#8203;masrlinu](https://redirect.github.com/masrlinu). - Providers/ElevenLabs: omit the MP3-only `Accept` header for PCM telephony synthesis, so Voice Call requests for `pcm_22050` no longer receive MP3 audio. Fixes [#&#8203;67340](https://redirect.github.com/openclaw/openclaw/issues/67340). Thanks [@&#8203;marcchabot](https://redirect.github.com/marcchabot). - Providers/MiniMax TTS: truncate fractional pitch overrides before sending T2A requests, matching MiniMax's integer pitch contract while preserving fractional speed and volume. Fixes [#&#8203;62144](https://redirect.github.com/openclaw/openclaw/issues/62144). - Providers/MiniMax TTS: transcode voice-note targets to Opus so Feishu/Telegram receive native voice messages instead of MP3 file attachments. Fixes [#&#8203;63540](https://redirect.github.com/openclaw/openclaw/issues/63540), [#&#8203;64134](https://redirect.github.com/openclaw/openclaw/issues/64134), and [#&#8203;70445](https://redirect.github.com/openclaw/openclaw/issues/70445). - Providers/Microsoft TTS: keep allowlisted bundled speech providers discoverable even when another speech plugin has already registered, so Edge/Microsoft TTS is available alongside OpenAI. Fixes [#&#8203;62117](https://redirect.github.com/openclaw/openclaw/issues/62117) and [#&#8203;66850](https://redirect.github.com/openclaw/openclaw/issues/66850). - Providers/Microsoft TTS: honor legacy `messages.tts.providers.edge` voice settings after normalizing Edge TTS to the Microsoft provider. Fixes [#&#8203;64153](https://redirect.github.com/openclaw/openclaw/issues/64153). - Providers/OpenRouter: add an OpenRouter TTS provider using the OpenAI-compatible `/audio/speech` endpoint and `OPENROUTER_API_KEY`. Fixes [#&#8203;71268](https://redirect.github.com/openclaw/openclaw/issues/71268). - macOS Talk Mode: retry failed local ElevenLabs stream playback through gateway `talk.speak` before falling back to the system voice, so configured ElevenLabs voices still play when streaming playback fails. Fixes [#&#8203;65662](https://redirect.github.com/openclaw/openclaw/issues/65662). - Plugins/Voice Call: reap stale pre-answer calls by default, honor configured TTS timeouts for Twilio media-stream playback, and fail empty telephony audio instead of completing as silence. Fixes [#&#8203;42071](https://redirect.github.com/openclaw/openclaw/issues/42071); supersedes [#&#8203;60957](https://redirect.github.com/openclaw/openclaw/issues/60957). Thanks [@&#8203;Ryce](https://redirect.github.com/Ryce) and [@&#8203;sliekens](https://redirect.github.com/sliekens). - Plugins/Voice Call: fail fast when Twilio, Telnyx, or Plivo would fall back to a loopback/private webhook URL, so calls do not start with an unreachable callback endpoint. Thanks [@&#8203;artemgetmann](https://redirect.github.com/artemgetmann). - Plugins/Voice Call: resolve queued-but-not-yet-playing Twilio TTS entries when barge-in or stream teardown clears the playback queue, so callers awaiting `queueTts()` do not hang. Thanks [@&#8203;kevinWangSheng](https://redirect.github.com/kevinWangSheng). - Plugins/Voice Call: terminate expired restored call sessions with the provider and restart restored max-duration timers with only the remaining duration, preventing stale outbound retry loops after Gateway restarts. Fixes [#&#8203;48739](https://redirect.github.com/openclaw/openclaw/issues/48739). Thanks [@&#8203;mira-solari](https://redirect.github.com/mira-solari). - Plugins/Voice Call: start provider STT after Telnyx outbound conversation greetings and pass configured Telnyx voice IDs through to the speak action. Fixes [#&#8203;56091](https://redirect.github.com/openclaw/openclaw/issues/56091). Thanks [@&#8203;Roshan](https://redirect.github.com/Roshan). - Skills: honor legacy `metadata.clawdbot` requirements and installer hints when `metadata.openclaw` is absent, so older skills no longer appear ready when required binaries are missing. Fixes [#&#8203;71323](https://redirect.github.com/openclaw/openclaw/issues/71323). Thanks [@&#8203;chen-zhang-cs-code](https://redirect.github.com/chen-zhang-cs-code). - Browser/config: expand `~` in `browser.executablePath` before Chromium launch, so home-relative custom browser paths no longer fail with `ENOENT`. Fixes [#&#8203;67264](https://redirect.github.com/openclaw/openclaw/issues/67264). Thanks [@&#8203;Quratulain-bilal](https://redirect.github.com/Quratulain-bilal). - Channels/streaming: keep Telegram tool-progress preview updates enabled by default to match released behavior, document `streaming.preview.toolProgress: false` for disabling only those status lines, and prevent preview progress text from triggering Telegram Markdown links, Discord mentions, or Slack mrkdwn mentions. Fixes [#&#8203;71320](https://redirect.github.com/openclaw/openclaw/issues/71320). Thanks [@&#8203;neeravmakwana](https://redirect.github.com/neeravmakwana). - Gateway/sessions: copy the oversized `sessions.json` to a rotation backup before the atomic rewrite instead of renaming the live store away, so a crash during rotation keeps the existing session-to-transcript mapping authoritative. Fixes [#&#8203;68229](https://redirect.github.com/openclaw/openclaw/issues/68229). Thanks [@&#8203;jjjojoj](https://redirect.github.com/jjjojoj). - Providers/OpenAI-compatible: strip OpenAI-only Completions `store` from proxy payloads and allow `extra_body`/`extraBody` passthrough params for provider-specific request fields. Fixes [#&#8203;61826](https://redirect.github.com/openclaw/openclaw/issues/61826) and [#&#8203;69717](https://redirect.github.com/openclaw/openclaw/issues/69717). - Discord/subagents: preserve thread-bound completion delivery by keeping the requester-agent announce path primary and falling back to direct thread sends only when the announce produces no visible output. ([#&#8203;71064](https://redirect.github.com/openclaw/openclaw/issues/71064)) Thanks [@&#8203;DolencLuka](https://redirect.github.com/DolencLuka). - Discord/proxy: serialize proxied multipart attachment uploads with undici `FormData`, so Discord media sends work through configured REST proxies. ([#&#8203;71383](https://redirect.github.com/openclaw/openclaw/issues/71383)) Thanks [@&#8203;TC500](https://redirect.github.com/TC500). - Browser/tool: give Chrome MCP existing-session manage calls a longer default timeout, pass explicit tool timeouts through tab management, and recover stale selected-page MCP sessions instead of forcing a manual reset. - Browser/sandbox: clean up idle tracked tabs opened by primary-agent browser sessions, while preserving active tab reuse and lifecycle cleanup for subagents, cron, and ACP sessions. Fixes [#&#8203;71165](https://redirect.github.com/openclaw/openclaw/issues/71165). Thanks [@&#8203;dwbutler](https://redirect.github.com/dwbutler). - Plugins/Voice Call: reuse the webhook runtime across in-process plugin contexts, avoiding `EADDRINUSE` when agent tools or CLI commands run while the Gateway already owns the voice webhook port. Fixes [#&#8203;58115](https://redirect.github.com/openclaw/openclaw/issues/58115). Thanks [@&#8203;sfbrian](https://redirect.github.com/sfbrian). - Plugins/Voice Call: answer accepted Telnyx inbound Call Control legs on `call.initiated`, so webhooks that reach OpenClaw no longer leave the caller ringing until hangup. Fixes [#&#8203;58231](https://redirect.github.com/openclaw/openclaw/issues/58231) and [#&#8203;40131](https://redirect.github.com/openclaw/openclaw/issues/40131). Thanks [@&#8203;KonsultDigital](https://redirect.github.com/KonsultDigital). - Plugins/Voice Call: coalesce concurrent webhook server starts on the same runtime instance, avoiding a second `listen()` bind when overlapping startup paths race. Thanks [@&#8203;education-01](https://redirect.github.com/education-01). - Plugins/Voice Call: pin voice response sessions to `responseModel` before embedded agent runs, avoiding live-session model switch failures when the global default model differs. Fixes [#&#8203;60118](https://redirect.github.com/openclaw/openclaw/issues/60118). Thanks [@&#8203;xinbenlv](https://redirect.github.com/xinbenlv). - Plugins/Voice Call: add `agentId` for voice response generation, so phone calls can use a dedicated agent workspace instead of always routing through `main`. Fixes [#&#8203;42155](https://redirect.github.com/openclaw/openclaw/issues/42155). Thanks [@&#8203;TheOpie](https://redirect.github.com/TheOpie). - Plugins/Voice Call: scope embedded voice response sandbox resolution to the selected voice agent, so implicit `main` voice sessions respect `agents.defaults.sandbox.mode: "off"` even when other agents define sandboxed Docker binds. Fixes [#&#8203;56367](https://redirect.github.com/openclaw/openclaw/issues/56367). Thanks [@&#8203;crpol](https://redirect.github.com/crpol). - Media tools: honor the configured web-fetch SSRF policy for media understanding, image/music/video generation references, and PDF inputs, so explicit RFC2544 opt-ins cover WebChat OSS uploads without weakening defaults. Fixes [#&#8203;71300](https://redirect.github.com/openclaw/openclaw/issues/71300). ([#&#8203;71321](https://redirect.github.com/openclaw/openclaw/issues/71321)) Thanks [@&#8203;neeravmakwana](https://redirect.github.com/neeravmakwana). - Agents/TTS: suppress successful spoken transcripts from verbose chat tool output when structured voice media is already queued, while preserving text output for non-builtin tool-name collisions. Fixes [#&#8203;71282](https://redirect.github.com/openclaw/openclaw/issues/71282). Thanks [@&#8203;neeravmakwana](https://redirect.github.com/neeravmakwana). - Plugins/Google Meet: reuse active Meet tabs across harmless URL query differences, recover already-open tabs after browser timeouts, surface manual-action details for login or permission blockers, and let `googlemeet recover-tab` inspect paired browser nodes from the terminal. - Cron/isolated sessions: clear stale runtime, lifecycle, auth, model, exec, heartbeat, usage, privilege, routing, and delivery artifacts when creating a fresh isolated run, and persist per-run session rows as snapshots so old base-session state no longer leaks into new cron executions. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Gateway/sessions: recover main-agent turns interrupted by a gateway restart from stale transcript-lock evidence, avoiding stuck `status: "running"` sessions without broad post-boot transcript scans. Fixes [#&#8203;70555](https://redirect.github.com/openclaw/openclaw/issues/70555). Thanks [@&#8203;bitloi](https://redirect.github.com/bitloi). - Codex approvals: sanitize MCP elicitation approval titles, descriptions, and display parameters before forwarding them to OpenClaw approval prompts. ([#&#8203;71343](https://redirect.github.com/openclaw/openclaw/issues/71343)) Thanks [@&#8203;Lucenx9](https://redirect.github.com/Lucenx9). - Codex approvals: keep command approval responses within Codex app-server `availableDecisions`, including deny/cancel fallbacks for prompts that do not offer `decline`. ([#&#8203;71338](https://redirect.github.com/openclaw/openclaw/issues/71338)) Thanks [@&#8203;Lucenx9](https://redirect.github.com/Lucenx9). - Codex harness: reject same-thread app-server notifications without `turnId` or `turn.id` after a bound turn starts, preventing unscoped events from mutating or completing the active reply. ([#&#8203;71317](https://redirect.github.com/openclaw/openclaw/issues/71317)) Thanks [@&#8203;Lucenx9](https://redirect.github.com/Lucenx9). - Plugins/Google Meet: include live Chrome-node readiness and Parallels recovery checks in setup, so stale node tokens or disconnected VM browsers are visible before an agent opens a meeting. - Context engine: keep safeguard compaction checks active after context-engine windowing and for `ownsCompaction` engines, so large transcripts can compact before prompt submission instead of waiting for provider overflow. Fixes [#&#8203;71325](https://redirect.github.com/openclaw/openclaw/issues/71325). - Approvals: compact structured home-directory paths to `~` across Codex permission prompts and exec approval metadata without repeating them as a separate high-risk warning, while preserving filesystem root and wildcard host warnings. - Plugins/runtime deps: isolate the internal npm cache used for bundled plugin runtime-dependency repair and let package updates refresh/verify already-current installs, so failed update or sudo doctor runs can be repaired by rerunning `openclaw update`. - Agents/delete: keep `--json` output machine-readable and retain workspaces that overlap another agent's workspace instead of moving shared state to Trash. Fixes [#&#8203;70889](https://redirect.github.com/openclaw/openclaw/issues/70889) and [#&#8203;70890](https://redirect.github.com/openclaw/openclaw/issues/70890). ([#&#8203;70897](https://redirect.github.com/openclaw/openclaw/issues/70897)) Thanks [@&#8203;kaseonedge](https://redirect.github.com/kaseonedge). - Browser/screenshot: honor `timeoutMs` through host and node screenshot requests, bound raw CDP screenshot commands, and avoid beyond-viewport CDP capture for ordinary viewport screenshots, so Windows Chrome captures no longer hang past the requested deadline. Fixes [#&#8203;68330](https://redirect.github.com/openclaw/openclaw/issues/68330). Thanks [@&#8203;Woodylai24](https://redirect.github.com/Woodylai24). - Telegram/model picker: show configured model display names when browsing models through provider buttons, matching typed `/models <provider>` output. Fixes [#&#8203;70560](https://redirect.github.com/openclaw/openclaw/issues/70560). ([#&#8203;71016](https://redirect.github.com/openclaw/openclaw/issues/71016)) Thanks [@&#8203;iskim77](https://redirect.github.com/iskim77). - Plugins/runtime deps: stage bundled plugin runtime dependencies for packaged/global installs in an external runtime root and retain already staged deps across repairs, avoiding package-tree update races and npm pruning after upgrades. - Plugins/runtime deps: log bundled plugin runtime-dependency staging before synchronous npm installs start and include elapsed timing afterward, so first boot after upgrades no longer looks hung while dependencies are being repaired. - Memory/Bedrock: skip Bedrock during automatic memory embedding selection when AWS credentials are unavailable, so `memory_search` can fall back to lexical search instead of failing on the first embed call. Fixes [#&#8203;71143](https://redirect.github.com/openclaw/openclaw/issues/71143) via [#&#8203;71245](https://redirect.github.com/openclaw/openclaw/issues/71245). Thanks [@&#8203;bitloi](https://redirect.github.com/bitloi). - Agents/failover: forward embedded run abort signals into provider-owned model streams, cap implicit LLM idle watchdogs below long run timeouts, and mark 429 responses without usable retry timing as non-retryable so GitHub Copilot rate limits fail over or surface promptly instead of hanging until run timeout. Fixes [#&#8203;71120](https://redirect.github.com/openclaw/openclaw/issues/71120). - Plugins/Google Meet: make meeting creation join by default, with an explicit URL-only opt-out, so agents that create a Meet also enter it. - Telegram/polling: persist accepted update offsets before long-running handlers complete so poller restarts do not replay already-ingested updates, while keeping same-process retries for handler failures. - Telegram/config: include generated Telegram channel config schema metadata in packaged plugin manifests so forum-topic/group config is accepted before runtime loads. - CLI/Claude: include user-configured `mcp.servers` in the strict Claude CLI MCP bundle config, matching Pi runs while preserving the OpenClaw loopback override. Fixes [#&#8203;70909](https://redirect.github.com/openclaw/openclaw/issues/70909). Thanks [@&#8203;keishingu](https://redirect.github.com/keishingu). - Browser/tool: keep explicit AI snapshots from inheriting the efficient role-snapshot default and preserve numeric Playwright AI refs, so `--format ai` remains a real AI snapshot path. Fixes [#&#8203;62550](https://redirect.github.com/openclaw/openclaw/issues/62550). Thanks [@&#8203;ly85206559](https://redirect.github.com/ly85206559). - Gateway/config: keep in-process config patch reload comparisons on the resolved source snapshot when `${VAR}` env refs are restored on disk, avoiding false full gateway restarts for unchanged gateway/plugin secrets. Fixes [#&#8203;71208](https://redirect.github.com/openclaw/openclaw/issues/71208). Thanks [@&#8203;robbiethompson18](https://redirect.github.com/robbiethompson18). - Slack/messages: serialize write-client requests and whole outbound sends per target so rapid multi-message Slack replies preserve send order. Fixes [#&#8203;69101](https://redirect.github.com/openclaw/openclaw/issues/69101). ([#&#8203;69105](https://redirect.github.com/openclaw/openclaw/issues/69105)) Thanks [@&#8203;nightq](https://redirect.github.com/nightq) and [@&#8203;ztexydt-cqh](https://redirect.github.com/ztexydt-cqh). - Slack/messages: keep Slack bot tokens out of internal message-ordering and DM cache keys. - Slack/exec approvals: resolve native approval button clicks over the Gateway instead of delivering `/approve ...` as plain agent text, preserving retry buttons if Gateway resolution fails. Fixes [#&#8203;71023](https://redirect.github.com/openclaw/openclaw/issues/71023). ([#&#8203;71025](https://redirect.github.com/openclaw/openclaw/issues/71025)) Thanks [@&#8203;marusan03](https://redirect.github.com/marusan03). - Browser/tool: expose browser doctor diagnostics to agents and extend `openclaw doctor` browser readiness notes for managed Chromium launch prerequisites. ([#&#8203;62948](https://redirect.github.com/openclaw/openclaw/issues/62948), [#&#8203;62936](https://redirect.github.com/openclaw/openclaw/issues/62936)) Thanks [@&#8203;seanc-dev](https://redirect.github.com/seanc-dev). - Slack/files: return non-image `download-file` results as local file paths instead of image payloads, and include Slack file IDs in inbound file placeholders so agents can call `download-file`. Fixes [#&#8203;71212](https://redirect.github.com/openclaw/openclaw/issues/71212). Thanks [@&#8203;teamrazo](https://redirect.github.com/teamrazo). - Browser control: scope standalone loopback auth to the resolved active gateway credential and fail closed when password mode lacks a resolved password, so inactive tokens or passwords no longer authorize browser routes. Fixes [#&#8203;65626](https://redirect.github.com/openclaw/openclaw/issues/65626). ([#&#8203;65639](https://redirect.github.com/openclaw/openclaw/issues/65639)) Thanks [@&#8203;coygeek](https://redirect.github.com/coygeek). - Control UI/Codex harness: emit native Codex app-server assistant and lifecycle completion events so live webchat runs stop spinning without needing a transcript reload fallback. ([#&#8203;70815](https://redirect.github.com/openclaw/openclaw/issues/70815)) Thanks [@&#8203;lesaai](https://redirect.github.com/lesaa </details> --- ### Configuration 📅 **Schedule**: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My43Ni4yIiwidXBkYXRlZEluVmVyIjoiNDMuNzYuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
les_clankeurs/openclaw-image-2!24
No description provided.