chore(deps): update ghcr.io/openclaw/openclaw docker tag to v2026.4.24 #24
No reviewers
Labels
No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
les_clankeurs/openclaw-image-2!24
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "renovate/docker-images"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
2026.4.21→2026.4.24Release Notes
openclaw/openclaw (ghcr.io/openclaw/openclaw)
v2026.4.24Compare Source
Highlights
Breaking
api.registerEmbeddedExtensionFactory(...)compatibility path. Bundled tool-result rewrites must useapi.registerAgentToolResultMiddleware(...)withcontracts.agentToolResultMiddlewaredeclaring the targeted harnesses, so transforms run consistently across Pi and Codex app-server dynamic tools. Thanks @vincentkoc.Changes
openclaw_agent_consulthandoff to the full OpenClaw agent.chrome-nodesupport for Parallels-style Chrome/BlackHole/SoX hosts, and full-agent consults inside live voice sessions. (#70765)--all-conference-recordshistory scans.googlemeet doctor --oauthandrecover_current_tab/recover-tabso agents can inspect already-open Meet tabs without opening duplicates.openclaw_agent_consultrealtime tool so live phone calls can ask the full OpenClaw agent for deeper/tool-backed answers.voicecall setupand a dry-run-by-defaultvoicecall smokecommand so Twilio/provider readiness can be checked before placing a live test call.audioProfileandspeakerNameprompt text for reusable speech style control. Thanks @tdack.openclaw browser click-coordsfor CLI use. (#54452) Thanks @dluttz.browser.actionTimeoutMsand use a 60s default action budget so healthy long browser waits do not fail at the client transport boundary. (#62589) Thanks @andyylin.browser.profiles.<name>.headlessoverrides for locally launched browser profiles, so one profile can run headless without forcing all browser profiles headless. Thanks @nakamotoliu.openclaw matrix verify selfso operators can establish that trust from the CLI. (#70401) Thanks @gumadeiras.vectorScoreandtextScorealongside the combinedscoreon hybrid memory search results, so callers can inspect vector-versus-text retrieval contribution before temporal decay or MMR reordering. Fixes #68166. (#68286) Thanks @ajfonthemove.node-llama-cppby default; local embeddings now load it only when operators install the optional runtime package. Thanks @vincentkoc.0.70.2, use Pi's upstreamgpt-5.5and DeepSeek V4 catalog metadata, and keep only localgpt-5.5-proforward-compat handling. Thanks @lsdsjy.openclaw models list. (#70632, #70883, #70867) Thanks @shakkernerd./models addso chat attempts now return a deprecation message instead of writing model configuration, and remove the add action from/modelsprovider menus. (#71175) Thanks @Takhoffman.src/model-catalognormalization for provider index, cache, onboarding, and listing consumers without loading provider runtime. (#71368, #71360) Thanks @shakkernerd.gateway.nodes.pairing.autoApproveCidrsfor first-time node pairing from explicit trusted CIDRs, while keeping operator/browser pairing and all upgrade flows manual. Fixes #60800. Thanks @sahilsatralkar.agents.defaults.contextInjection: "never"to disable workspace bootstrap file injection for agents that fully own their prompt lifecycle. (#65006) Thanks @xDarkicex.modelCatalogcontract for provider-owned model rows, aliases, suppression rules, and discovery mode metadata without loading plugin runtime. (#71342) Thanks @shakkernerd.setup.requiresRuntime: falseas a descriptor-only setup contract while keeping omitted values on the legacy setup-api fallback path. Thanks @vincentkoc.setup.providersorsetup.cliBackends, without rejecting legacy setup plugins. Thanks @vincentkoc.setup.providers[].envVarsin generic provider auth/env lookups and warn non-bundled plugins that still rely on deprecatedproviderAuthEnvVarscompatibility metadata. Thanks @vincentkoc.setup.providers[].authMethodsbefore falling back to setup runtime. Thanks @vincentkoc.setup.requiresRuntime: falsesemantics explicit without breaking existing metadata. Thanks @vincentkoc.channelConfigsfor read-only external channel discovery when no setup entry is available or setup descriptors declare runtime unnecessary. Thanks @vincentkoc.document-extractplugin so core no longer ownspdfjs-distor PDF image-rendering dependencies. Thanks @vincentkoc.openclaw.install.defaultChoiceis invalid or points at a missing source, keeping catalog diagnostics explicit without breaking existing plugins. Thanks @vincentkoc.openclaw.install.expectedIntegrityis present without a valid npm source, keeping orphaned integrity metadata visible without rejecting existing plugins. Thanks @vincentkoc.openclaw.install.npmSpec, keeping diagnostics visible without rejecting compatible external catalogs. Thanks @vincentkoc.@homebridge/ciaodependency, so users can disable Bonjour without cutting wide-area discovery. Thanks @vincentkoc.cli-highlightusage from the OpenClaw TUI code-block renderer, keeping themed code coloring without the extra root dependency. Thanks @vincentkoc.diagnostics.otel.captureContentcontrols for future model/tool content span attributes while keeping raw content export disabled by default. Thanks @vincentkoc.openclaw.execspans without exposing command text, working directories, or container identifiers. (#70424) Thanks @jlapenna.OPENCLAW_OTEL_PRELOADED=1so the plugin can reuse an already-registered OpenTelemetry SDK while keeping OpenClaw diagnostic listeners wired. (#70424) Thanks @jlapenna.gateway statusstart faster by skipping plugin loading on the read-only status path. (#71364) Thanks @andyylin.Fixes
distmodules.everyvalues over Node's timeout cap from becoming a 1 ms crash loop. Fixes #71414. (#71478) Thanks @hclsys.HEARTBEAT_OKacknowledgments. Fixes #69079. (#69278) Thanks @stainlu.mcp.sessionIdleTtlMsidle eviction for leaked session runtimes. Fixes #71106, #71110, #70389, and #70808.{ type: "text" }blocks created by void or undefined tool handler results, serializing non-string text payloads for size accounting so they cannot bypass trimming as zero-sized. Fixes #34979. (#51267) Thanks @cgdusek.NIX_PROFILESright-to-left precedence and falling back to~/.nix-profile/binwhen unset. Fixes #44402. (#59935) Thanks @jerome-benoit.thread_idso starter messages and replies with differentroot_idformats stay in the samegroup_topicconversation. Fixes #71438. Thanks @1335848090.signal-clivoice notes withoutcontentTypestill enter audio transcription. Fixes #48614. Thanks @mindfury.contextTokensbeside nativecontextWindowinopenclaw models list, and alignopenai-codex/gpt-5.5with Codex's 272K runtime cap plus 400K native window. Fixes #71403.logs.tail. (#70029) Thanks @Ziy1-Tan.node:fsconstants are stubbed. (#48930) Thanks @Valentinws.gateway restarthas to re-register launchd. Thanks @maybegeeker.message_sendingandmessage_senthooks without rendering the transcript as a media caption. Thanks @zqchris.audioAsVoicethrough shared media payload sends and the WhatsApp outbound adapter, so[[audio_as_voice]]reply payloads keep their voice-note intent when routed throughsendPayload. Fixes #66053. Thanks @masatohoshino.HEARTBEAT_OKacknowledgments, and internal-only runtime context turns from visible chat history while leaving the underlying transcript intact. Fixes #71381. Thanks @gerald1950ggg-ai.childSessions, while keeping live descendants and recently-ended children visible. Fixes #57920.POST /tools/invoketo reach plugin-backed catalog tools such asbrowserwhen no core implementation exists, while still preferring built-in tools for real core names. Thanks @chat2way.operator.adminfor thebrowser.requestgateway method, matching the host/browser-node control authority exposed by that route. Thanks @RichardCao.browser.executablePath, so different profiles can launch different Chromium-based browsers. Thanks @nobrainer-tech.abortedoutputs for OpenAI Responses history, and drop partial aborted/error transport turns before retries.PortInUseError. (#61772) Thanks @sukhdeepjohar.Singleton*profile locks after crashes or host moves by clearing dead/foreign locks and retrying launch once. Thanks @seanc-dev.delivery.mode="none"while keeping webhook and announce runs observable. (#71391) Thanks @goldmar.media/outboundandmedia/tool-*attachments without treating them as sandbox escapes, while keeping alias-escape checks on the managed media root. Fixes #71138. Thanks @mayor686, @truffle-dev, and @neeravmakwana.openclaw agent --jsonstdout reserved for the JSON response by routing gateway, plugin, and embedded-fallback diagnostics to stderr before execution starts. Fixes #71319.reasoning_contentplaceholders for replayed assistant tool-call turns when DeepSeek V4 thinking is enabled, so switching an existing session todeepseek-v4-flashordeepseek-v4-prono longer trips the provider's 400 replay check. Fixes #71372. Thanks @yangyang1719../toolor absolute path-selected binaries. Fixes #71315. Thanks @chen-zhang-cs-code and @dengluozhang.plugins.entries.*, preserving unrelated user settings during plugin schema or host-version skew. Fixes #71289. Thanks @jalehman.ttstool, so tool-triggered speech uses configured providers and voices instead of falling back to a fresh config load.MEDIA:attachments from final replies when the same media already went out through block streaming, preventing duplicate Telegram voice notes and files. Fixes #65468. Thanks @aurora-openclaw.NO_REPLYsentinel, stripping the sentinel text instead of dropping the audio payload. Fixes #66092.agents.defaults.compaction.keepRecentTokensfor manual/compact, re-distill safeguard summaries instead of snowballing previous summaries, and enable safeguard summary quality checks by default. Fixes #71357. Thanks @WhiteGiverMa.session.maintenancesettings during load-time maintenance instead of falling back to default entry caps. Fixes #71356. Thanks @comolago.browser.ssrfPolicyinto sandbox browser bridges and refresh cached bridges when the effective policy changes, so sandboxed browser navigation honors private-network opt-ins. Fixes #45153 and #57055. Thanks @jzakirov, @zuoanCo, and @kybrcore.HTTP_PROXYandHTTPS_PROXYno longer block ordinary browser navigation. Fixes #71358. Thanks @Sanjays2402.cmd.exeparsing or PATH-basedrundll32lookup, and reject non-HTTP browser-open inputs. Fixes #71098. Thanks @Sanjays2402.secretref-env:<ENV_VAR>marker strings on SecretRef credential paths and migrate valid markers to structured env SecretRefs withopenclaw doctor --fix. Fixes #51794. Thanks @halointellicore.prompt_cache_keyon Completions requests only for providers that opt in withcompat.supportsPromptCacheKey, keeping default proxy payloads unchanged. Fixes #69272.finish_reason: "tool_call"as tool use instead of a provider error. Fixes #61499.openclaw doctor --fix, not accepted by strict runtime schema on load. Fixes #56220.opencode-go/kimi-k2.6. Thanks @masrlinu.Acceptheader for PCM telephony synthesis, so Voice Call requests forpcm_22050no longer receive MP3 audio. Fixes #67340. Thanks @marcchabot.messages.tts.providers.edgevoice settings after normalizing Edge TTS to the Microsoft provider. Fixes #64153./audio/speechendpoint andOPENROUTER_API_KEY. Fixes #71268.talk.speakbefore falling back to the system voice, so configured ElevenLabs voices still play when streaming playback fails. Fixes #65662.queueTts()do not hang. Thanks @kevinWangSheng.metadata.clawdbotrequirements and installer hints whenmetadata.openclawis absent, so older skills no longer appear ready when required binaries are missing. Fixes #71323. Thanks @chen-zhang-cs-code.~inbrowser.executablePathbefore Chromium launch, so home-relative custom browser paths no longer fail withENOENT. Fixes #67264. Thanks @Quratulain-bilal.streaming.preview.toolProgress: falsefor disabling only those status lines, and prevent preview progress text from triggering Telegram Markdown links, Discord mentions, or Slack mrkdwn mentions. Fixes #71320. Thanks @neeravmakwana.sessions.jsonto a rotation backup before the atomic rewrite instead of renaming the live store away, so a crash during rotation keeps the existing session-to-transcript mapping authoritative. Fixes #68229. Thanks @jjjojoj.storefrom proxy payloads and allowextra_body/extraBodypassthrough params for provider-specific request fields. Fixes #61826 and #69717.FormData, so Discord media sends work through configured REST proxies. (#71383) Thanks @TC500.EADDRINUSEwhen agent tools or CLI commands run while the Gateway already owns the voice webhook port. Fixes #58115. Thanks @sfbrian.call.initiated, so webhooks that reach OpenClaw no longer leave the caller ringing until hangup. Fixes #58231 and #40131. Thanks @KonsultDigital.listen()bind when overlapping startup paths race. Thanks @education-01.responseModelbefore embedded agent runs, avoiding live-session model switch failures when the global default model differs. Fixes #60118. Thanks @xinbenlv.agentIdfor voice response generation, so phone calls can use a dedicated agent workspace instead of always routing throughmain. Fixes #42155. Thanks @TheOpie.mainvoice sessions respectagents.defaults.sandbox.mode: "off"even when other agents define sandboxed Docker binds. Fixes #56367. Thanks @crpol.googlemeet recover-tabinspect paired browser nodes from the terminal.status: "running"sessions without broad post-boot transcript scans. Fixes #70555. Thanks @bitloi.availableDecisions, including deny/cancel fallbacks for prompts that do not offerdecline. (#71338) Thanks @Lucenx9.turnIdorturn.idafter a bound turn starts, preventing unscoped events from mutating or completing the active reply. (#71317) Thanks @Lucenx9.ownsCompactionengines, so large transcripts can compact before prompt submission instead of waiting for provider overflow. Fixes #71325.~across Codex permission prompts and exec approval metadata without repeating them as a separate high-risk warning, while preserving filesystem root and wildcard host warnings.openclaw update.--jsonoutput machine-readable and retain workspaces that overlap another agent's workspace instead of moving shared state to Trash. Fixes #70889 and #70890. (#70897) Thanks @kaseonedge.timeoutMsthrough host and node screenshot requests, bound raw CDP screenshot commands, and avoid beyond-viewport CDP capture for ordinary viewport screenshots, so Windows Chrome captures no longer hang past the requested deadline. Fixes #68330. Thanks @Woodylai24./models <provider>output. Fixes #70560. (#71016) Thanks @iskim77.memory_searchcan fall back to lexical search instead of failing on the first embed call. Fixes #71143 via #71245. Thanks @bitloi.mcp.serversin the strict Claude CLI MCP bundle config, matching Pi runs while preserving the OpenClaw loopback override. Fixes #70909. Thanks @keishingu.--format airemains a real AI snapshot path. Fixes #62550. Thanks @ly85206559.${VAR}env refs are restored on disk, avoiding false full gateway restarts for unchanged gateway/plugin secrets. Fixes #71208. Thanks @robbiethompson18./approve ...as plain agent text, preserving retry buttons if Gateway resolution fails. Fixes #71023. (#71025) Thanks @marusan03.openclaw doctorbrowser readiness notes for managed Chromium launch prerequisites. (#62948, #62936) Thanks @seanc-dev.download-fileresults as local file paths instead of image payloads, and include Slack file IDs in inbound file placeholders so agents can calldownload-file. Fixes #71212. Thanks @teamrazo.Configuration
📅 Schedule: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.