chore(deps): update ghcr.io/openclaw/openclaw docker tag to v2026.4.29 #26

Merged
notarock-s-renovate[bot] merged 1 commit from renovate/docker-images into main 2026-05-01 03:28:26 +00:00
notarock-s-renovate[bot] commented 2026-04-29 23:03:28 +00:00 (Migrated from github.com)

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change
ghcr.io/openclaw/openclaw (source) final patch 2026.4.262026.4.29

Release Notes

openclaw/openclaw (ghcr.io/openclaw/openclaw)

v2026.4.29

Compare Source

Highlights
Changes
  • Security/tools: configured tool sections (tools.exec, tools.fs) no longer implicitly widen restrictive profiles (messaging, minimal). Users who need those tools under a restricted profile must add explicit alsoAllow entries; a startup warning identifies affected configs. Fixes #​47487. Thanks @​amknight.
  • Gateway/SDK: add SDK-facing artifact list/get/download RPCs and App SDK helpers with transcript provenance and download-source guardrails. Refs #​74706. Thanks @​tmimmanuel.
  • Agents/commitments: add opt-in inferred follow-up commitments with hidden batched extraction, per-agent/per-channel scoping, heartbeat delivery, CLI management, a simple commitments.enabled/commitments.maxPerDay config, and heartbeat-interval due-time clamping so magical check-ins do not echo immediately. (#​74189) Thanks @​vignesh07.
  • Messages/queue: make steer drain all pending Pi steering messages at the next model boundary, keep legacy one-at-a-time steering as queue, and add a dedicated steering queue docs page. Thanks @​vincentkoc.
  • Messages/queue: default active-run queueing to steer with a 500ms followup fallback debounce, and document the queue modes, precedence, and drop policies on the command queue page. Thanks @​vincentkoc.
  • Messages: add global messages.visibleReplies so operators can require visible output to go through message(action=send) for any source chat, while messages.groupChat.visibleReplies stays available as the group/channel override. Thanks @​scoootscooob.
  • Gateway/events: surface spawnedBy on subagent chat and agent broadcast payloads so clients can route child session events without an extra session lookup. (#​63244) Thanks @​samzong.
  • Memory/wiki: add agent-facing people wiki metadata, canonical aliases, person cards, relationship graphs, privacy/provenance reports, evidence-kind drilldown, and search modes for person lookup, question routing, source evidence, and raw claims. Thanks @​vincentkoc.
  • Active Memory: add optional per-conversation allowedChatIds and deniedChatIds filters so operators can enable recall only for selected direct, group, or channel conversations while keeping broad sessions skipped. (#​67977) Thanks @​quengh.
  • Active Memory: return bounded partial recall summaries when the hidden memory sub-agent times out, including the default temporary-transcript path, so useful recovered context is not discarded. (#​73219) Thanks @​joeykrug.
  • Gateway/memory: add a read-only doctor.memory.remHarness RPC so operator clients can preview bounded REM dreaming output without running mutation paths. (#​66673) Thanks @​samzong.
  • Providers/NVIDIA: add the NVIDIA provider with API-key onboarding, setup docs, static catalog metadata, and literal model-ref picker support so NVIDIA hosted models can be selected with their provider prefix intact. (#​71204) Thanks @​eleqtrizit.
  • Models: suppress explicitly configured openai-codex/gpt-5.4-mini inline entries so a stale models config written by openclaw doctor --fix cannot bypass the manifest capability block and cause repeated assistant-turn failures when the runtime switches to that model on ChatGPT-backed Codex accounts. Conditional suppressions (e.g. qwen Coding Plan endpoint guards) remain bypassable by explicit user configuration. (#​74451) Thanks @​0xCyda, @​hclsys, and @​Marvae.
  • Added SQLite-backed plugin state store (api.runtime.state.openKeyedStore) for restart-safe keyed registries with TTL, eviction, and automatic plugin isolation. Thanks @​amknight.
  • Plugin SDK: mark remaining legacy alias exports and diffs tool/config aliases with deprecation metadata, and add a guard so future legacy alias comments require @deprecated tags. Thanks @​vincentkoc.
  • CLI/QR/dependencies: internalize small terminal progress and QR wrapper helpers while keeping the real QR encoder dependency direct, reducing the default runtime dependency graph without changing QR output behavior. Thanks @​vincentkoc.
  • Dependencies: refresh workspace runtime, plugin, and tooling packages, including ACP, Pi, AWS SDK, TypeBox, pnpm, oxlint, oxfmt, jsdom, pdfjs, ciao, and tokenjuice, while keeping patched ACP behavior and lint gates current. Thanks @​mariozechner.
  • Gateway/dev: run pnpm gateway:watch through a named tmux session by default, with gateway:watch:raw and OPENCLAW_GATEWAY_WATCH_TMUX=0 for foreground mode, so repeated starts respawn an inspectable watcher without trapping the invoking agent shell. Thanks @​vincentkoc.
  • Gateway/diagnostics: emit an opt-in startup diagnostics timeline that records gateway lifecycle and plugin-load phases behind a config flag, so slow-start diagnosis no longer requires bespoke instrumentation. Thanks @​shakkernerd.
  • Control UI/i18n: extend the locale registry with new Persian (fa), Dutch (nl), Vietnamese (vi), Italian (it), Arabic (ar), and Thai (th) entries and ship fa, nl, vi, and zh-TW docs glossaries, so the docs translation pipeline and the Control UI language picker stay aligned across surfaces. Thanks @​vincentkoc.
  • Channels: add Yuanbao channel docs entrance so the Tencent Yuanbao bot appears in the channel listing and sidebar navigation. (#​73443) Thanks @​loongfay.
  • Channels/Yuanbao: update plugin GitHub location to YuanbaoTeam/yuanbao-openclaw-plugin and add "yuanbao" alias to channel catalog. (#​74253) Thanks @​loongfay.
  • Docker setup: add OPENCLAW_SKIP_ONBOARDING so automated Docker installs can skip the interactive onboarding step while still applying gateway defaults. (#​55518) Thanks @​jinjimz.
  • Security policy: classify media/base64 decode and format-conversion overhead after configured acceptance limits as performance-only for GHSA triage unless a report demonstrates a limit bypass, crash, exhaustion, data exposure, or another boundary bypass. (#​74311)
  • Security/OpenGrep: add a precise OpenGrep rulepack, source-rule compiler, provenance metadata check, and PR/full scan workflows that validate first-party code and rulepack-only changes while uploading SARIF to GitHub Code Scanning. (#​69483) Thanks @​jesse-merhi.
Fixes
  • Security/outbound: strip re-formed HTML tags during plain-text sanitization so nested tag fragments cannot leave a CodeQL-detected <script> sequence behind. Thanks @​vincentkoc.
  • Security/secrets: compare credential bytes with padded timing-safe buffers instead of hashing candidate passwords before equality checks. Thanks @​vincentkoc.
  • Security/QQBot: sanitize debug log arguments before writing to console.*, so gateway payload fields cannot forge extra log lines when debug logging is enabled. Thanks @​vincentkoc.
  • QQBot: unify slash command auth and c2cOnly gating in the command registry, pass allowQQBotDataDownloads when sending slash command file attachments, align clear-storage with actual downloads directory, and add /bot-me to display sender user ID. (#​73616) Thanks @​cxyhhhhh.
  • CLI/agents/status: keep openclaw agents, text agents list, and plain text status on read-only metadata paths so human output no longer preloads plugin runtimes or live channel scans before printing. Fixes #​74195. Thanks @​NianJiuZst.
  • Agents/local models: derive context-window guard thresholds from the effective model window with 4k/8k safety floors, so small local models are no longer rejected by fixed 16k/32k preflight cutoffs. Fixes #​42999. Thanks @​chengjialu8888.
  • PDF extraction: resolve PDF.js standard fonts from the installed package root and pass a filesystem path to the Node fallback extractor, so built-in font PDFs render without file:// URL lookup failures. Fixes #​51455; carries forward #​70936, #​54447, and #​62175. Thanks @​anyech, @​JuanRdBO, and @​solomonneas.
  • Media: treat legacy Word/OLE attachments with application/msword or application/x-cfb MIME as binary so printable-looking .doc files are not embedded into prompts as text. Fixes #​54176; carries forward #​54380. Thanks @​andyliu.
  • Config: accept documented browser.tabCleanup keys in strict root config validation, so configured tab cleanup no longer fails before runtime reads it. Fixes #​74577. Thanks @​lonexreb and @​ezdlp.
  • Cron: validate disabled job schedule edits before persisting updates, so invalid cron changes no longer partially mutate stored jobs. Fixes #​74459. Thanks @​yfge.
  • CLI/cron: warn when openclaw cron add --message omits a nonblank --agent, including blank agent values and session-key jobs, so scheduled agent-turn jobs make default-agent fallback explicit while system events stay quiet. Fixes #​42196; carries forward #​42245. Thanks @​ethanclaw.
  • Channels/status: keep Telegram, Slack, and Google Chat read-only allowlist/default-target accessors on config-only paths, so status and channel summaries do not resolve SecretRef-backed runtime credentials. Thanks @​eusine.
  • Active Memory: clarify the deprecated modelFallbackPolicy warning and config help so modelFallback is described as a chain-resolution last resort, not runtime failover. (#​74602) Thanks @​jeffrey701.
  • Channels/Discord: keep read-only allowlist/default-target accessors from resolving SecretRef-backed bot tokens, so status and channel summaries no longer fail when tokens are only available in gateway runtime. (#​74737) Thanks @​eusine.
  • Gateway/sessions: align session abort wait semantics across chat, agent, and sessions server methods so abort RPCs return after the targeted sessions actually halt instead of resolving early while runs are still draining. (#​74751) Thanks @​BunsDev.
  • Agents/output: drop copied inbound metadata-only assistant replay turns before provider replay instead of synthesizing a placeholder, so Telegram and other channels cannot receive [assistant copied inbound metadata omitted] as model output. Fixes #​74745. Thanks @​adamwdear and @​Marvae.
  • Doctor/memory: suppress skipped embedding-readiness warnings for key-optional providers such as Ollama and LM Studio while preserving timeout and not-ready diagnostics. Fixes #​74608 and #​73882. Thanks @​hclsys.
  • Channels/groups: preserve observe-only turn suppression for prepared dispatch paths and restore deprecated channel turn runtime aliases, so passive observer/group flows stay silent while older plugins keep compiling. Thanks @​vincentkoc.
  • Feishu: skip empty-text messages (e.g. {"text":""}) that carry no media, so no blank user turn is written to the session and downstream LLM providers cannot reject the request with "messages must not be empty". (#​74634) Thanks @​xdengli and @​hclsys.
  • Feishu/Bitable: clean up newly created placeholder rows whose fields contain only default empty values while preserving meaningful link, attachment, user, number, boolean, and location values during create-app cleanup. (#​73920) Carries forward #​40602. Thanks @​boat2moon.
  • macOS app: keep attach-only mode and the Debug Settings launchd toggle marker-only, so launching with --attach-only/--no-launchd no longer uninstalls the Gateway LaunchAgent or drops active sessions. (#​72174) Thanks @​DolencLuka.
  • macOS Canvas: stop auto-reloading the current A2UI host during push/eval/snapshot flows, so pushed A2UI content remains visible instead of returning to the empty Canvas shell. Fixes #​73337. Thanks @​Gr4via.
  • Plugin SDK: restore the deprecated plugin-sdk/zalouser command-auth facade so published Lark/Zalo plugins that import it load on current hosts. Fixes #​74702. Thanks @​Goron01.
  • Plugins/runtime-deps: include bundled provider plugins when models.providers, auth profiles, agent defaults, or subagent model refs configure that provider, while keeping inactive default-enabled provider plugins out of doctor repair. Refs #​74307. Thanks @​Skeptomenos.
  • Plugins/runtime: resolve relative plugin api.resolvePath inputs against the plugin root instead of the host working directory, while keeping absolute and home paths user-resolved. Fixes #​74718. Thanks @​jimdawdy-hub.
  • Plugins/runtime-deps: refresh mirrored root chunks through a temporary file before replacing the active copy, so failed refreshes do not delete chunks that running plugin imports still need. Thanks @​shakkernerd.
  • Plugins/runtime-deps: prefer require conditional exports when building staged dependency aliases, so CommonJS-only plugin runtime deps such as ws do not resolve to ESM wrappers under Jiti. Fixes #​74547. Thanks @​aderius.
  • Bonjour/Gateway: cap flapping advertiser restarts in a sliding window, so mDNS probing/name-conflict loops disable discovery instead of churning indefinitely on constrained hosts. Refs #​74209 and #​74242. Thanks @​ndj888 and @​Sanjays2402.
  • Plugins/runtime-deps: verify staged package entry files before reusing mirrored runtime roots, so browser-control repairs incomplete ajv/MCP SDK installs after update instead of failing after restart on a missing ajv/dist/ajv.js. Refs #​74630. Thanks @​spickeringlr.
  • Heartbeat: resolve responsePrefix template variables with the selected provider, model, and thinking context before delivering alerts or suppressing prefixed HEARTBEAT_OK replies. Fixes #​43064; repairs #​43065; supersedes #​46858. Thanks @​yweiii and @​JunJD.
  • Memory/LanceDB: show full memory UUIDs in the memory_forget candidate list so agents can pass the displayed ID back to targeted deletion without hitting the full-UUID validator. (#​66913) Thanks @​amittell.
  • File-transfer plugin: require canonical read-path preflight authorization for file.fetch, fail closed when dir.fetch preflight entries are missing, absolute, or traversing, and recheck returned archive entries before handing archive bytes to callers. Carries forward #​74134. Thanks @​omarshahine.
  • Channels/Feishu: retry file-typed iOS video resource downloads as media after a Feishu/Lark HTTP 502 and preserve the original 502 when the fallback also fails. Fixes #​49855; carries forward #​50164 and #​73986. Thanks @​alex-xuweilong.
  • Providers/Amazon Bedrock: expose the full Claude Opus 4.7 thinking profile (xhigh, adaptive, and max) for Bedrock model refs, while keeping Opus/Sonnet 4.6 on adaptive-by-default, so /think menus and validation match the Anthropic transport behavior. Fixes #​74701. Thanks @​prasad-yashdeep, @​sparkleHazard, @​Sanjays2402, and @​hclsys.
  • Plugins/tokenjuice: compile the bundled plugin against tokenjuice 0.7.0's published OpenClaw host types instead of a local compatibility shim, so package contract drift fails in OpenClaw validation before release. Thanks @​vincentkoc.
  • OAuth/secrets: ignore root-level Google OAuth client_secret_*.json downloads so local client-secret files do not appear as commit candidates. (#​74689) Thanks @​jeongdulee.
  • Memory: mirror sqlite-vec into packaged bundled-plugin runtime deps for the default memory plugin, so builtin vector search does not lose its SQLite extension after upgrading to 2026.4.27. Fixes #​74692. Thanks @​mozi1924.
  • Gateway/startup: bound local discovery advertisement during startup, so a stuck discovery plugin can no longer keep the Gateway from reaching ready. Fixes #​73865; refs #​74630 and #​74633. Thanks @​lpendeavors, @​moltar-bot, and @​Saboor711.
  • Gateway/models: serve the last successful model catalog while stale reloads refresh in the background, so Gateway control-plane and OpenAI-compatible requests no longer block behind model-provider rediscovery after model config changes. Refs #​74135, #​74630, and #​74633. Thanks @​DerFlash, @​moltar-bot, and @​Saboor711.
  • CLI/status: resolve read-only channel setup runtime fallback from the packaged OpenClaw dist root, so status --all, status --deep, channel, and doctor paths do not crash when an external channel plugin needs setup metadata. Fixes #​74693. Thanks @​giangthb.
  • SDK/events: keep per-run SDK event streams from surfacing duplicate raw chat projection frames, while normalizing chat-only projection frames and preserving raw access through rawEvents. Refs #​74704. Thanks @​BunsDev.
  • SDK: report Gateway terminal agent.wait timeout snapshots with lifecycle metadata as timed_out while keeping bare wait deadlines non-terminal. Thanks @​clawsweeper.
  • Google Meet: block managed Chrome intro/test speech until browser health proves the participant is in-call, and expose speechReady diagnostics so login, admission, permission, and audio-bridge blockers no longer look like successful speech. Refs #​72478. Thanks @​DougButdorf.
  • Slack/commands: keep native command argument menus on select controls for encoded choice values up to Slack's option limit and truncate fallback button labels to Slack's button-text limit, so long valid choices no longer render invalid Slack blocks. Thanks @​slackapi.
  • Agents/Codex: flush accepted debounced steering messages before normal app-server turn cleanup, so inbound follow-ups acknowledged as queued are not dropped when the turn completes before the debounce fires. Thanks @​vincentkoc.
  • Slack/interactive replies: keep rendered buttons and selects within Slack Block Kit value and count limits, and align command argument select values with Slack's option limit, so overlong agent-authored choices no longer make Slack reject the whole block payload. Thanks @​slackapi.
  • Slack/interactive replies: drop overlong Block Kit button URLs while preserving valid callback values, so malformed link buttons no longer make Slack reject the whole interactive reply. Thanks @​slackapi.
  • Slack/commands: truncate native command argument-menu confirmation text to Slack's dialog limit, so long plugin arg names no longer make fallback buttons render invalid Block Kit payloads. Thanks @​slackapi.
  • Slack/exec approvals: cap native approval metadata context to Slack's element and text limits, so large approval details no longer make Slack reject the approval card. Thanks @​slackapi.
  • Slack/exec approvals: cap native approval update fallback text to Slack's message limit while preserving the rendered approval blocks, so long commands no longer make resolved or expired approval cards stay stale after chat.update rejects msg_too_long. Thanks @​slackapi.
  • Slack/commands: cap native command argument-menu fallback rows to Slack's message block limit, so large plugin choice lists no longer make Slack reject the generated menu. Thanks @​slackapi.
  • Slack/commands: drop fallback command argument buttons whose encoded values exceed Slack's button-value limit, so one oversized plugin choice no longer makes Slack reject the whole menu. Thanks @​slackapi.
  • Slack/messages: merge message-tool presentation and interactive blocks on Slack sends, so buttons and selects are no longer dropped when a structured message body is also present. Thanks @​slackapi.
  • Slack/messages: cap Block Kit fallback text to Slack's send limit while preserving the rendered blocks, so long context fallbacks no longer make rich Slack messages fail with msg_too_long. Thanks @​slackapi.
  • Slack/messages: cap Block Kit fallback text on message edits while preserving the rendered blocks, so long context fallbacks no longer make Slack reject chat.update calls with msg_too_long. Thanks @​slackapi.
  • Channels/WhatsApp: require Baileys outbound message ids before marking auto-replies delivered, so transcript text and ack reactions no longer make failed group replies look sent. Fixes #​49225. Thanks @​TinyTb.
  • CLI/update: scope packaged Node compile caches by OpenClaw version and install metadata, so global installs no longer reuse stale compiled chunks after package updates. Thanks @​pashpashpash.
  • Channels/Voice call: keep pre-auth webhook in-flight limiting active when socket remote address metadata is missing, so slow-body requests from stripped-IP proxy paths still share the fallback bucket. (#​74453) Thanks @​davidangularme.
  • Plugin SDK/testing: lazy-load TypeScript from the plugin test-contract runtime and add release checks for critical SDK contract entrypoint imports and bundle size, so published packages fail preflight before shipping ESM-incompatible or oversized contract helpers. Thanks @​vincentkoc.
  • Channels/Microsoft Teams: treat configured 19:...@&#8203;thread.tacv2 and legacy 19:...@&#8203;thread.skype team/channel IDs as already resolved during startup, avoiding false channels unresolved warnings while preserving Graph name lookup for display-name entries. Fixes #​74683. Thanks @​dseravalli.
  • CLI/browser: preserve parent flags while lazy-loading browser subcommands, so openclaw browser --json open and openclaw browser --json tabs keep machine-readable output after reparsing. Fixes #​74574. Thanks @​devintegeritsm.
  • Exec/elevated: preserve turnSourceChannel as messageProvider on approval-followup runs so tools.elevated.allowFrom.<provider> checks no longer fail with provider=null after the user approves an async elevated command. Fixes #​74646. Thanks @​xhd2015.
  • Plugins/runtime-deps: add openclaw plugins deps inspection and repair with script-free package-manager defaults shared across plugin installers, so operators can repair missing bundled runtime deps without corrupting JSON output or blocking unrelated conflict-free deps. Thanks @​vincentkoc.
  • Agents/output: strip internal [tool calls omitted] replay placeholders from user-facing replies while preserving visible reply whitespace. Fixes #​74573. Thanks @​blaspat.
  • Providers/Google Vertex: route authorized_user ADC credentials through OpenClaw's REST transport so Docker installs using gcloud application-default credentials no longer crash in the Google SDK before requests are sent. Fixes #​74628. Thanks @​frankhal2001-design.
  • ACP/resolver: fall through to thread-bound session resolution when an explicit --session token cannot be resolved while preserving the bad-token diagnostic when no thread binding exists, so Discord slash commands that auto-fill the current thread ID as the positional ACP target no longer return "Unable to resolve session target" errors. Fixes #​66299. Thanks @​hclsys, @​kindomLee, and @​martingarramon.
  • Agents/sessions: emit a terminal lifecycle backstop when embedded timeout/error turns return without agent_end, so Gateway sessions no longer stay stuck in running after failover surfaces a timeout. Fixes #​74607. Thanks @​millerc79.
  • Gateway/diagnostics: include stuck-session reason hints and recovery skip causes in warnings, so operators can tell whether a lane is waiting on active work, queued work, or stale bookkeeping. Thanks @​vincentkoc.
  • Providers/DeepSeek: expose native DeepSeek V4 xhigh and max thinking levels through the provider resolveThinkingProfile hook so /think xhigh|max applies the intended effort instead of falling back to base levels. (#​73008) Thanks @​ai-hpc.
  • Agents/Codex: bound embedded-run cleanup, trajectory flushing, and command-lane task timeouts after runtime failures, so Discord and other chat sessions return to idle instead of staying stuck in processing. Thanks @​vincentkoc.
  • Heartbeat/exec: consume successful metadata-only async exec completions silently so Telegram and other chat surfaces no longer ask users for missing command logs after No session found. Fixes #​74595. Thanks @​gkoch02.
  • Web fetch: add a documented tools.web.fetch.ssrfPolicy.allowIpv6UniqueLocalRange opt-in and thread it through cache keys and DNS/IP checks so trusted fake-IP proxy stacks using fc00::/7 can work without broad private-network access. Fixes #​74351. Thanks @​jeffrey701.
  • OpenAI Codex: restore /verbose full persistence and app-server tool-output forwarding, and retry Gateway E2E temp-home cleanup so debug runs do not regress on stale validation or cleanup flakes. Thanks @​vincentkoc.
  • Anthropic/Meridian: preserve text and thinking content seeded on content_block_start in anthropic-messages streams, so [thinking, text] replies no longer persist as empty turns or trigger empty-response fallbacks. Fixes #​74410. Thanks @​vyctorbrzezowski.
  • Channels/Matrix: complete the cross-signing handshake on openclaw matrix verify confirm-sas so the operator's other Matrix device clears its Verifying… loop instead of staying stuck after the agent confirms. (#​74542) Thanks @​nklock.
  • CLI/status: honor channel-specific model context-window overrides when reporting effective context, so channel-scoped sessions reflect the active window in openclaw status. Thanks @​HemantSudarshan.
  • Sandbox/Docker: tolerate Docker daemon unavailability when sandbox mode is off, so doctor and preflight checks no longer fail on installs that do not run the Docker daemon. Fixes #​73671. Thanks @​kaseonedge.
  • Control UI/mobile: persist mobile chat settings through Lit-managed state and route mobile navigation through the same view-state path so chat panel toggles survive transitions on small viewports. Thanks @​BunsDev.
  • Control UI/exports: align sidebar trigger affordances across the resizable divider, mobile layout, and exported-HTML transcript template so the sidebar toggle and exported transcript sidebar render with consistent hit areas and styling. Thanks @​BunsDev.
  • Control UI/chat: disable the page refresh affordance while a chat run is active so accidental refreshes do not abort an in-flight reply. Thanks @​Angfr95 and @​BunsDev.
  • Memory/LanceDB: return real memory records from openclaw ltm list (with optional --limit and createdAt ordering) instead of an empty placeholder, so the CLI surface matches the documented LTM listing contract. (#​67952) Thanks @​zhangyue19921010.
  • Media: include redacted per-attempt resize failures and resolved model input capabilities in vision-pipeline errors so ARM64 image failures are diagnosable without closing the remaining routing investigation. Refs #​74552. Thanks @​1yihui.
  • Control UI/i18n: route zh-CN agent, debug, channel-refresh, and exec-approval copy through the locale source while preserving the English Cron Jobs agent tab label and the security-audit command styling. Carries forward #​39692 repair context. Thanks @​hepeng154833488 and @​vincentkoc.
  • Auto-reply: honor explicit silentReply.direct: "allow" for clean empty or reasoning-only direct chat turns while keeping the default direct-chat empty-response guard conservative. Fixes #​74409. Thanks @​jesuskannolis.
  • OpenAI Codex: send a non-empty Responses input item when a Codex turn only has systemPrompt-backed instructions, avoiding ChatGPT backend 400s from input: []. Fixes #​73820. Thanks @​woodhouse-bot.
  • Ollama: normalize provider-prefixed tool-call names at the native stream boundary so Kimi/Ollama calls such as functions.exec dispatch as exec instead of missing configured tools. Fixes #​74487. Thanks @​afurm and @​carreipeia.
  • Security/audit: resolve configured model aliases before model-tier and small-parameter checks, so alias-based GPT-5/Codex configs no longer report false weak-model warnings. Fixes #​74455. Thanks @​blaspat.
  • CLI/agent: isolate Gateway-timeout embedded fallback runs under explicit gateway-fallback-* sessions so accepted Gateway runs cannot race transcript locks or replace the routed conversation session. Fixes #​62981. Thanks @​HemantSudarshan.
  • CLI/QR/device-pair: reject malformed public setup URLs before issuing mobile pairing bootstrap tokens, while keeping valid bare host:port setup URLs supported. Thanks @​Lucenx9.
  • Models/UI: hide unauthenticated providers from the default Web chat, /models, and model setup pickers while keeping explicit full-catalog browse paths through view: "all", /models <provider> all, and models list --all. Fixes #​74423. Thanks @​guarismo and @​SymbolStar.
  • Ollama: keep explicit local model runs on target-provider runtime hooks when PI discovery is skipped, so one-shot Ollama calls no longer cold-load unrelated provider runtimes before streaming. Fixes #​74078. Thanks @​sakalaboator.
  • Slack/prompts: rely on Slack interactiveReplies guidance instead of generic inlineButtons config hints so enabled Slack button directives are not contradicted. Fixes #​46647. Thanks @​jeremykoerber.
  • Slack/reactions: treat duplicate already_reacted responses as idempotent success so repeated agent reaction adds no longer surface as tool failures. Fixes #​69005. Thanks @​shipitsteven and @​martingarramon.
  • Channels/Discord: cool down Cloudflare/Error 1015 HTML 429 REST failures during startup application lookup and gateway metadata fetches, add channels.discord.applicationId as an app-id lookup bypass, sanitize HTML bodies before logging, and honor Retry-After before falling back to a conservative cooldown. Fixes #​38853. (#​74489) Thanks @​djgeorg3 and @​Garyko0730.
  • Slack/tools: expose fileId in the shared message tool schema so download-file can receive Slack attachment IDs from inbound placeholders. Fixes #​45574. Thanks @​chadvegas.
  • Exec: reject invalid per-call host values instead of silently falling back to the default target, so hostname-like values fail before commands run. Fixes #​74426. Thanks @​scr00ge-00 and @​vyctorbrzezowski.
  • Google/Gemini: send non-empty placeholder content when a Gemini run is triggered with empty or filtered user content, avoiding contents is not specified API errors. Thanks @​CaoYuhaoCarl.
  • Heartbeat: preserve non-task HEARTBEAT.md context around tasks: blocks and apply agents.defaults.heartbeat to all agents unless per-agent heartbeat entries restrict scope. Thanks @​Sekhar03.
  • Markdown: preserve paragraph breaks inside loose list items in shared outbound formatting while keeping tight list spacing stable. Thanks @​Lucenx9.
  • Build/Gateway: route restart, shutdown, respawn, diagnostics, command-queue cleanup, and runtime cleanup through one stable gateway lifecycle runtime entry so rebuilt packages do not strand long-running gateways on stale hashed chunks. Carries forward #​73964. Thanks @​pashpashpash.
  • Memory/wiki: keep broad shared-source and generated related-link blocks from turning every page into a search hit, cap noisy backlinks, support all-term searches such as people-routing queries, and prefer readable page body snippets over generated metadata. Thanks @​vincentkoc.
  • Cron/Gateway: abort and bounded-clean up timed-out isolated agent turns before recording the timeout, so stale cron sessions cannot leave Discord or other chat lanes stuck in processing after a timeout. Thanks @​vincentkoc.
  • Agents/errors: suppress malformed streaming tool-call JSON fragments before they reach chat surfaces while preserving provider request-validation diagnostics. Fixes #​59076; keeps #​59080 as duplicate coverage. (#​59118) Thanks @​singleGanghood.
  • CLI/models: restore provider-filtered models list --all --provider <id> rows for providers without manifest/static catalog coverage, including Anthropic and Amazon Bedrock, while keeping the compatibility fallback off expensive availability and resolver paths. Thanks @​shakkernerd.
  • CLI/models: keep manifest auth-evidence credentials visible across models status, auth probes, and PI model discovery so workspace-scoped provider auth does not disagree between listing, probing, and execution. Thanks @​shakkernerd.
  • CLI/models: move local credential evidence such as Google Vertex ADC into generic plugin manifest setup metadata so the model-list auth index stays declarative without provider-specific runtime branches. Thanks @​shakkernerd.
  • CLI/models: compute the models list Auth column through one command-local provider auth index so row rendering no longer repeats auth profile, env, configured-provider, AWS, or synthetic-auth checks per model row. Thanks @​shakkernerd.
  • CLI/models: move the OpenAI listable catalog into the plugin manifest so models list --all --provider openai uses the manifest fast path instead of loading provider runtime normalization hooks. Thanks @​shakkernerd.
  • CLI/tools: keep the Gateway tools.* RPC namespace out of plugin command discovery and managed proxy startup, so stray commands like openclaw tools effective fail quickly instead of cold-loading plugin metadata. Refs #​73477. Thanks @​oromeis.
  • CLI/status: keep default text openclaw status --usage on metadata-only channel scans unless --deep or --all is set, and send stray openclaw tools --help through the precomputed root-help fast path so latency-triage commands avoid plugin/runtime cold loads before printing. Refs #​73477 and #​74220. Thanks @​oromeis and @​NianJiuZst.
  • Agents/diagnostics: trace embedded-run startup and preparation stage timings before model I/O, and warn only on severe slow stages, so Docker/VPS latency reports can identify whether plugin loading, auth/model resolution, tool inventory, bootstrap, MCP/LSP, resource loading, or stream setup is dominating pre-run latency without noisy normal logs. Refs #​73428. Thanks @​Dimaoggg, @​quangtran88, and @​Heyvhuang.
  • Agents/subagents: cache persisted subagent run registry reads by file signature while preserving fresh-parse isolation, so busy gateways stop reparsing unchanged subagents/runs.json on controller/list/status hot paths. Refs #​72338. Thanks @​argus-as.
  • Gateway/clients: wait for the event loop to become responsive before opening Gateway WebSocket RPC/probe/client connections while charging that readiness wait to caller timeouts, so Windows deferred module-evaluation stalls no longer turn healthy loopback gateways into false handshake timeouts across status, TUI, ACP, MCP, node-host, and plugin client paths. Refs #​74279 and #​48270. Thanks @​wongcode and @​joost-heijden.
  • Gateway/Windows: read listener command lines via PowerShell before falling back to wmic, so restart health can recognize OpenClaw listeners on modern Windows installs and avoid long anonymous-port waits. Refs #​74280. Thanks @​zym951223.
  • Plugins/runtime-deps: record process start-time in bundled dependency install locks and expire recycled-PID locks, so Docker gateway restarts recover from stale .openclaw-runtime-deps.lock directories without waiting through repeated five-minute timeouts. Fixes #​74346. (#​74361) Thanks @​jhsmith409.
  • Plugins/runtime-deps: memoize packaged bundled runtime dist-mirror preparation after the first successful pass while keeping source-checkout mirrors refreshable, so constrained Docker/VPS installs avoid repeated root scans before chat turns. Refs #​73428, #​73421, #​73532, and #​73477. Thanks @​Dimaoggg, @​oromeis, @​oadiazp, @​jmfraga, @​bstanbury, @​antoniusfelix, and @​jkobject.
  • Channels/Discord: treat bare numeric outbound targets that match the effective Discord DM allowlist as user DMs while preserving account-specific legacy dm.allowFrom precedence over inherited root allowFrom. (#​74303) Thanks @​Squirbie.
  • Channels/Discord/Slack: share one DM policy/allowlist resolver across runtime, setup, allowlist editing, and doctor repair, so legacy dm.policy / dm.allowFrom compatibility migrates to canonical dmPolicy / allowFrom without divergent access checks. Thanks @​Squirbie.
  • Control UI: make the chat sidebar split divider focusable, keyboard-resizable, ARIA-described, and pointer-event based so sidebar resizing works without a mouse. Thanks @​BunsDev.
  • Control UI/chat: wire the slash-command autocomplete menu to the composer with stable ARIA relationships so screen readers announce the active command or argument option. Thanks @​BunsDev.
  • Agents/usage: keep PI embedded-run telemetry attributed to the resolved model provider instead of the PI harness label, so OpenRouter and other provider-backed turns report the right provider in session usage and traces. Thanks @​vincentkoc.
  • Agents/attribution: send OpenClaw attribution headers on native OpenAI and Codex traffic, including SDK transports, realtime voice and TTS, device-code auth, WHAM usage, and remote embeddings, so PI-origin defaults no longer leak into provider requests. Thanks @​vincentkoc.
  • Agents/auth: keep OAuth auth profiles inherited from the main agent read-through instead of copying refresh tokens into secondary agents, and refresh Codex app-server tokens against the owning store so multi-agent swarms avoid reused refresh-token failures. Fixes #​74055. Thanks @​ClarityInvest.
  • Channels/Telegram: honor ALL_PROXY / all_proxy and service-level OPENCLAW_PROXY_URL when constructing the HTTP/1-only Telegram Bot API transport, so Windows and service installs that rely on those proxy settings no longer fall back to direct egress. Fixes #​74014; refs #​74086. Thanks @​SymbolStar.
  • Channels/Telegram: keep raw host/network-unreachable Bot API connect failures non-fatal and route tagged polling uncaught exceptions through the Telegram restart path, so transient reachability failures no longer kill the Gateway or leave long polling stuck. Fixes #​60515; refs [#​74540](https://redirect.github.com

Configuration

📅 Schedule: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

> ℹ️ **Note** > > This PR body was truncated due to platform limits. This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ghcr.io/openclaw/openclaw](https://openclaw.ai) ([source](https://redirect.github.com/openclaw/openclaw)) | final | patch | `2026.4.26` → `2026.4.29` | --- ### Release Notes <details> <summary>openclaw/openclaw (ghcr.io/openclaw/openclaw)</summary> ### [`v2026.4.29`](https://redirect.github.com/openclaw/openclaw/blob/HEAD/CHANGELOG.md#2026429) [Compare Source](https://redirect.github.com/openclaw/openclaw/compare/v2026.4.27...v2026.4.29) ##### Highlights - Messaging and automation get active-run steering by default, visible-reply enforcement, spawned subagent routing metadata, and opt-in follow-up commitments for heartbeat-delivered reminders. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc), [@&#8203;scoootscooob](https://redirect.github.com/scoootscooob), [@&#8203;samzong](https://redirect.github.com/samzong), and [@&#8203;vignesh07](https://redirect.github.com/vignesh07). - Memory grows into a people-aware wiki with provenance views, per-conversation Active Memory filters, partial recall on timeout, and bounded REM preview diagnostics. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc), [@&#8203;quengh](https://redirect.github.com/quengh), [@&#8203;joeykrug](https://redirect.github.com/joeykrug), and [@&#8203;samzong](https://redirect.github.com/samzong). - Provider/model coverage expands with NVIDIA onboarding/catalogs plus faster manifest-backed model/auth paths, Bedrock Opus 4.7 thinking parity, and safer Codex/OpenAI-compatible replay and streaming behavior. Thanks [@&#8203;eleqtrizit](https://redirect.github.com/eleqtrizit), [@&#8203;shakkernerd](https://redirect.github.com/shakkernerd), [@&#8203;prasad-yashdeep](https://redirect.github.com/prasad-yashdeep), [@&#8203;woodhouse-bot](https://redirect.github.com/woodhouse-bot), and [@&#8203;LyHug](https://redirect.github.com/LyHug). - Gateway and packaged-plugin reliability focuses on slow-host startup, reusable model catalogs, event-loop readiness diagnostics, runtime-dependency repair, stale-session recovery, and version-scoped update caches. Thanks [@&#8203;lpendeavors](https://redirect.github.com/lpendeavors), [@&#8203;DerFlash](https://redirect.github.com/DerFlash), [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc), [@&#8203;pashpashpash](https://redirect.github.com/pashpashpash), and [@&#8203;jhsmith409](https://redirect.github.com/jhsmith409). - Channel fixes cluster around Slack Block Kit limits, Telegram proxy/webhook/polling/send resilience, Discord startup/rate-limit handling, WhatsApp delivery/liveness, and Microsoft Teams/Matrix/Feishu edge cases. Thanks [@&#8203;slackapi](https://redirect.github.com/slackapi), [@&#8203;SymbolStar](https://redirect.github.com/SymbolStar), [@&#8203;djgeorg3](https://redirect.github.com/djgeorg3), [@&#8203;TinyTb](https://redirect.github.com/TinyTb), [@&#8203;dseravalli](https://redirect.github.com/dseravalli), [@&#8203;nklock](https://redirect.github.com/nklock), and [@&#8203;alex-xuweilong](https://redirect.github.com/alex-xuweilong). - Security and operations add OpenGrep scanning, sharper GHSA triage policy, safer exec/pairing/owner-scope handling, Docker/onboarding automation, and web-fetch IPv6 ULA opt-in for trusted proxy stacks. Thanks [@&#8203;jesse-merhi](https://redirect.github.com/jesse-merhi), [@&#8203;pgondhi987](https://redirect.github.com/pgondhi987), [@&#8203;mmaps](https://redirect.github.com/mmaps), [@&#8203;jinjimz](https://redirect.github.com/jinjimz), and [@&#8203;jeffrey701](https://redirect.github.com/jeffrey701). ##### Changes - Security/tools: configured tool sections (`tools.exec`, `tools.fs`) no longer implicitly widen restrictive profiles (`messaging`, `minimal`). Users who need those tools under a restricted profile must add explicit `alsoAllow` entries; a startup warning identifies affected configs. Fixes [#&#8203;47487](https://redirect.github.com/openclaw/openclaw/issues/47487). Thanks [@&#8203;amknight](https://redirect.github.com/amknight). - Gateway/SDK: add SDK-facing artifact list/get/download RPCs and App SDK helpers with transcript provenance and download-source guardrails. Refs [#&#8203;74706](https://redirect.github.com/openclaw/openclaw/issues/74706). Thanks [@&#8203;tmimmanuel](https://redirect.github.com/tmimmanuel). - Agents/commitments: add opt-in inferred follow-up commitments with hidden batched extraction, per-agent/per-channel scoping, heartbeat delivery, CLI management, a simple `commitments.enabled`/`commitments.maxPerDay` config, and heartbeat-interval due-time clamping so magical check-ins do not echo immediately. ([#&#8203;74189](https://redirect.github.com/openclaw/openclaw/issues/74189)) Thanks [@&#8203;vignesh07](https://redirect.github.com/vignesh07). - Messages/queue: make `steer` drain all pending Pi steering messages at the next model boundary, keep legacy one-at-a-time steering as `queue`, and add a dedicated steering queue docs page. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Messages/queue: default active-run queueing to `steer` with a 500ms followup fallback debounce, and document the queue modes, precedence, and drop policies on the command queue page. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Messages: add global `messages.visibleReplies` so operators can require visible output to go through `message(action=send)` for any source chat, while `messages.groupChat.visibleReplies` stays available as the group/channel override. Thanks [@&#8203;scoootscooob](https://redirect.github.com/scoootscooob). - Gateway/events: surface `spawnedBy` on subagent chat and agent broadcast payloads so clients can route child session events without an extra session lookup. ([#&#8203;63244](https://redirect.github.com/openclaw/openclaw/issues/63244)) Thanks [@&#8203;samzong](https://redirect.github.com/samzong). - Memory/wiki: add agent-facing people wiki metadata, canonical aliases, person cards, relationship graphs, privacy/provenance reports, evidence-kind drilldown, and search modes for person lookup, question routing, source evidence, and raw claims. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Active Memory: add optional per-conversation `allowedChatIds` and `deniedChatIds` filters so operators can enable recall only for selected direct, group, or channel conversations while keeping broad sessions skipped. ([#&#8203;67977](https://redirect.github.com/openclaw/openclaw/issues/67977)) Thanks [@&#8203;quengh](https://redirect.github.com/quengh). - Active Memory: return bounded partial recall summaries when the hidden memory sub-agent times out, including the default temporary-transcript path, so useful recovered context is not discarded. ([#&#8203;73219](https://redirect.github.com/openclaw/openclaw/issues/73219)) Thanks [@&#8203;joeykrug](https://redirect.github.com/joeykrug). - Gateway/memory: add a read-only `doctor.memory.remHarness` RPC so operator clients can preview bounded REM dreaming output without running mutation paths. ([#&#8203;66673](https://redirect.github.com/openclaw/openclaw/issues/66673)) Thanks [@&#8203;samzong](https://redirect.github.com/samzong). - Providers/NVIDIA: add the NVIDIA provider with API-key onboarding, setup docs, static catalog metadata, and literal model-ref picker support so NVIDIA hosted models can be selected with their provider prefix intact. ([#&#8203;71204](https://redirect.github.com/openclaw/openclaw/issues/71204)) Thanks [@&#8203;eleqtrizit](https://redirect.github.com/eleqtrizit). - Models: suppress explicitly configured openai-codex/gpt-5.4-mini inline entries so a stale models config written by `openclaw doctor --fix` cannot bypass the manifest capability block and cause repeated assistant-turn failures when the runtime switches to that model on ChatGPT-backed Codex accounts. Conditional suppressions (e.g. qwen Coding Plan endpoint guards) remain bypassable by explicit user configuration. ([#&#8203;74451](https://redirect.github.com/openclaw/openclaw/issues/74451)) Thanks [@&#8203;0xCyda](https://redirect.github.com/0xCyda), [@&#8203;hclsys](https://redirect.github.com/hclsys), and [@&#8203;Marvae](https://redirect.github.com/Marvae). - Added SQLite-backed plugin state store (`api.runtime.state.openKeyedStore`) for restart-safe keyed registries with TTL, eviction, and automatic plugin isolation. Thanks [@&#8203;amknight](https://redirect.github.com/amknight). - Plugin SDK: mark remaining legacy alias exports and diffs tool/config aliases with deprecation metadata, and add a guard so future legacy alias comments require `@deprecated` tags. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - CLI/QR/dependencies: internalize small terminal progress and QR wrapper helpers while keeping the real QR encoder dependency direct, reducing the default runtime dependency graph without changing QR output behavior. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Dependencies: refresh workspace runtime, plugin, and tooling packages, including ACP, Pi, AWS SDK, TypeBox, pnpm, oxlint, oxfmt, jsdom, pdfjs, ciao, and tokenjuice, while keeping patched ACP behavior and lint gates current. Thanks [@&#8203;mariozechner](https://redirect.github.com/mariozechner). - Gateway/dev: run `pnpm gateway:watch` through a named tmux session by default, with `gateway:watch:raw` and `OPENCLAW_GATEWAY_WATCH_TMUX=0` for foreground mode, so repeated starts respawn an inspectable watcher without trapping the invoking agent shell. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Gateway/diagnostics: emit an opt-in startup diagnostics timeline that records gateway lifecycle and plugin-load phases behind a config flag, so slow-start diagnosis no longer requires bespoke instrumentation. Thanks [@&#8203;shakkernerd](https://redirect.github.com/shakkernerd). - Control UI/i18n: extend the locale registry with new Persian (fa), Dutch (nl), Vietnamese (vi), Italian (it), Arabic (ar), and Thai (th) entries and ship `fa`, `nl`, `vi`, and `zh-TW` docs glossaries, so the docs translation pipeline and the Control UI language picker stay aligned across surfaces. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Channels: add Yuanbao channel docs entrance so the Tencent Yuanbao bot appears in the channel listing and sidebar navigation. ([#&#8203;73443](https://redirect.github.com/openclaw/openclaw/issues/73443)) Thanks [@&#8203;loongfay](https://redirect.github.com/loongfay). - Channels/Yuanbao: update plugin GitHub location to YuanbaoTeam/yuanbao-openclaw-plugin and add "yuanbao" alias to channel catalog. ([#&#8203;74253](https://redirect.github.com/openclaw/openclaw/issues/74253)) Thanks [@&#8203;loongfay](https://redirect.github.com/loongfay). - Docker setup: add `OPENCLAW_SKIP_ONBOARDING` so automated Docker installs can skip the interactive onboarding step while still applying gateway defaults. ([#&#8203;55518](https://redirect.github.com/openclaw/openclaw/issues/55518)) Thanks [@&#8203;jinjimz](https://redirect.github.com/jinjimz). - Security policy: classify media/base64 decode and format-conversion overhead after configured acceptance limits as performance-only for GHSA triage unless a report demonstrates a limit bypass, crash, exhaustion, data exposure, or another boundary bypass. ([#&#8203;74311](https://redirect.github.com/openclaw/openclaw/issues/74311)) - Security/OpenGrep: add a precise OpenGrep rulepack, source-rule compiler, provenance metadata check, and PR/full scan workflows that validate first-party code and rulepack-only changes while uploading SARIF to GitHub Code Scanning. ([#&#8203;69483](https://redirect.github.com/openclaw/openclaw/issues/69483)) Thanks [@&#8203;jesse-merhi](https://redirect.github.com/jesse-merhi). ##### Fixes - Security/outbound: strip re-formed HTML tags during plain-text sanitization so nested tag fragments cannot leave a CodeQL-detected `<script>` sequence behind. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Security/secrets: compare credential bytes with padded timing-safe buffers instead of hashing candidate passwords before equality checks. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Security/QQBot: sanitize debug log arguments before writing to `console.*`, so gateway payload fields cannot forge extra log lines when debug logging is enabled. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - QQBot: unify slash command auth and c2cOnly gating in the command registry, pass `allowQQBotDataDownloads` when sending slash command file attachments, align clear-storage with actual downloads directory, and add `/bot-me` to display sender user ID. ([#&#8203;73616](https://redirect.github.com/openclaw/openclaw/issues/73616)) Thanks [@&#8203;cxyhhhhh](https://redirect.github.com/cxyhhhhh). - CLI/agents/status: keep `openclaw agents`, text `agents list`, and plain text `status` on read-only metadata paths so human output no longer preloads plugin runtimes or live channel scans before printing. Fixes [#&#8203;74195](https://redirect.github.com/openclaw/openclaw/issues/74195). Thanks [@&#8203;NianJiuZst](https://redirect.github.com/NianJiuZst). - Agents/local models: derive context-window guard thresholds from the effective model window with 4k/8k safety floors, so small local models are no longer rejected by fixed 16k/32k preflight cutoffs. Fixes [#&#8203;42999](https://redirect.github.com/openclaw/openclaw/issues/42999). Thanks [@&#8203;chengjialu8888](https://redirect.github.com/chengjialu8888). - PDF extraction: resolve PDF.js standard fonts from the installed package root and pass a filesystem path to the Node fallback extractor, so built-in font PDFs render without `file://` URL lookup failures. Fixes [#&#8203;51455](https://redirect.github.com/openclaw/openclaw/issues/51455); carries forward [#&#8203;70936](https://redirect.github.com/openclaw/openclaw/issues/70936), [#&#8203;54447](https://redirect.github.com/openclaw/openclaw/issues/54447), and [#&#8203;62175](https://redirect.github.com/openclaw/openclaw/issues/62175). Thanks [@&#8203;anyech](https://redirect.github.com/anyech), [@&#8203;JuanRdBO](https://redirect.github.com/JuanRdBO), and [@&#8203;solomonneas](https://redirect.github.com/solomonneas). - Media: treat legacy Word/OLE attachments with `application/msword` or `application/x-cfb` MIME as binary so printable-looking `.doc` files are not embedded into prompts as text. Fixes [#&#8203;54176](https://redirect.github.com/openclaw/openclaw/issues/54176); carries forward [#&#8203;54380](https://redirect.github.com/openclaw/openclaw/issues/54380). Thanks [@&#8203;andyliu](https://redirect.github.com/andyliu). - Config: accept documented `browser.tabCleanup` keys in strict root config validation, so configured tab cleanup no longer fails before runtime reads it. Fixes [#&#8203;74577](https://redirect.github.com/openclaw/openclaw/issues/74577). Thanks [@&#8203;lonexreb](https://redirect.github.com/lonexreb) and [@&#8203;ezdlp](https://redirect.github.com/ezdlp). - Cron: validate disabled job schedule edits before persisting updates, so invalid cron changes no longer partially mutate stored jobs. Fixes [#&#8203;74459](https://redirect.github.com/openclaw/openclaw/issues/74459). Thanks [@&#8203;yfge](https://redirect.github.com/yfge). - CLI/cron: warn when `openclaw cron add --message` omits a nonblank `--agent`, including blank agent values and session-key jobs, so scheduled agent-turn jobs make default-agent fallback explicit while system events stay quiet. Fixes [#&#8203;42196](https://redirect.github.com/openclaw/openclaw/issues/42196); carries forward [#&#8203;42245](https://redirect.github.com/openclaw/openclaw/issues/42245). Thanks [@&#8203;ethanclaw](https://redirect.github.com/ethanclaw). - Channels/status: keep Telegram, Slack, and Google Chat read-only allowlist/default-target accessors on config-only paths, so status and channel summaries do not resolve SecretRef-backed runtime credentials. Thanks [@&#8203;eusine](https://redirect.github.com/eusine). - Active Memory: clarify the deprecated `modelFallbackPolicy` warning and config help so `modelFallback` is described as a chain-resolution last resort, not runtime failover. ([#&#8203;74602](https://redirect.github.com/openclaw/openclaw/issues/74602)) Thanks [@&#8203;jeffrey701](https://redirect.github.com/jeffrey701). - Channels/Discord: keep read-only allowlist/default-target accessors from resolving SecretRef-backed bot tokens, so status and channel summaries no longer fail when tokens are only available in gateway runtime. ([#&#8203;74737](https://redirect.github.com/openclaw/openclaw/issues/74737)) Thanks [@&#8203;eusine](https://redirect.github.com/eusine). - Gateway/sessions: align session abort wait semantics across `chat`, `agent`, and `sessions` server methods so abort RPCs return after the targeted sessions actually halt instead of resolving early while runs are still draining. ([#&#8203;74751](https://redirect.github.com/openclaw/openclaw/issues/74751)) Thanks [@&#8203;BunsDev](https://redirect.github.com/BunsDev). - Agents/output: drop copied inbound metadata-only assistant replay turns before provider replay instead of synthesizing a placeholder, so Telegram and other channels cannot receive `[assistant copied inbound metadata omitted]` as model output. Fixes [#&#8203;74745](https://redirect.github.com/openclaw/openclaw/issues/74745). Thanks [@&#8203;adamwdear](https://redirect.github.com/adamwdear) and [@&#8203;Marvae](https://redirect.github.com/Marvae). - Doctor/memory: suppress skipped embedding-readiness warnings for key-optional providers such as Ollama and LM Studio while preserving timeout and not-ready diagnostics. Fixes [#&#8203;74608](https://redirect.github.com/openclaw/openclaw/issues/74608) and [#&#8203;73882](https://redirect.github.com/openclaw/openclaw/issues/73882). Thanks [@&#8203;hclsys](https://redirect.github.com/hclsys). - Channels/groups: preserve observe-only turn suppression for prepared dispatch paths and restore deprecated channel turn runtime aliases, so passive observer/group flows stay silent while older plugins keep compiling. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Feishu: skip empty-text messages (e.g. `{"text":""}`) that carry no media, so no blank user turn is written to the session and downstream LLM providers cannot reject the request with "messages must not be empty". ([#&#8203;74634](https://redirect.github.com/openclaw/openclaw/issues/74634)) Thanks [@&#8203;xdengli](https://redirect.github.com/xdengli) and [@&#8203;hclsys](https://redirect.github.com/hclsys). - Feishu/Bitable: clean up newly created placeholder rows whose fields contain only default empty values while preserving meaningful link, attachment, user, number, boolean, and location values during create-app cleanup. ([#&#8203;73920](https://redirect.github.com/openclaw/openclaw/issues/73920)) Carries forward [#&#8203;40602](https://redirect.github.com/openclaw/openclaw/issues/40602). Thanks [@&#8203;boat2moon](https://redirect.github.com/boat2moon). - macOS app: keep attach-only mode and the Debug Settings launchd toggle marker-only, so launching with `--attach-only`/`--no-launchd` no longer uninstalls the Gateway LaunchAgent or drops active sessions. ([#&#8203;72174](https://redirect.github.com/openclaw/openclaw/issues/72174)) Thanks [@&#8203;DolencLuka](https://redirect.github.com/DolencLuka). - macOS Canvas: stop auto-reloading the current A2UI host during push/eval/snapshot flows, so pushed A2UI content remains visible instead of returning to the empty Canvas shell. Fixes [#&#8203;73337](https://redirect.github.com/openclaw/openclaw/issues/73337). Thanks [@&#8203;Gr4via](https://redirect.github.com/Gr4via). - Plugin SDK: restore the deprecated `plugin-sdk/zalouser` command-auth facade so published Lark/Zalo plugins that import it load on current hosts. Fixes [#&#8203;74702](https://redirect.github.com/openclaw/openclaw/issues/74702). Thanks [@&#8203;Goron01](https://redirect.github.com/Goron01). - Plugins/runtime-deps: include bundled provider plugins when `models.providers`, auth profiles, agent defaults, or subagent model refs configure that provider, while keeping inactive default-enabled provider plugins out of doctor repair. Refs [#&#8203;74307](https://redirect.github.com/openclaw/openclaw/issues/74307). Thanks [@&#8203;Skeptomenos](https://redirect.github.com/Skeptomenos). - Plugins/runtime: resolve relative plugin `api.resolvePath` inputs against the plugin root instead of the host working directory, while keeping absolute and home paths user-resolved. Fixes [#&#8203;74718](https://redirect.github.com/openclaw/openclaw/issues/74718). Thanks [@&#8203;jimdawdy-hub](https://redirect.github.com/jimdawdy-hub). - Plugins/runtime-deps: refresh mirrored root chunks through a temporary file before replacing the active copy, so failed refreshes do not delete chunks that running plugin imports still need. Thanks [@&#8203;shakkernerd](https://redirect.github.com/shakkernerd). - Plugins/runtime-deps: prefer `require` conditional exports when building staged dependency aliases, so CommonJS-only plugin runtime deps such as `ws` do not resolve to ESM wrappers under Jiti. Fixes [#&#8203;74547](https://redirect.github.com/openclaw/openclaw/issues/74547). Thanks [@&#8203;aderius](https://redirect.github.com/aderius). - Bonjour/Gateway: cap flapping advertiser restarts in a sliding window, so mDNS probing/name-conflict loops disable discovery instead of churning indefinitely on constrained hosts. Refs [#&#8203;74209](https://redirect.github.com/openclaw/openclaw/issues/74209) and [#&#8203;74242](https://redirect.github.com/openclaw/openclaw/issues/74242). Thanks [@&#8203;ndj888](https://redirect.github.com/ndj888) and [@&#8203;Sanjays2402](https://redirect.github.com/Sanjays2402). - Plugins/runtime-deps: verify staged package entry files before reusing mirrored runtime roots, so browser-control repairs incomplete `ajv`/MCP SDK installs after update instead of failing after restart on a missing `ajv/dist/ajv.js`. Refs [#&#8203;74630](https://redirect.github.com/openclaw/openclaw/issues/74630). Thanks [@&#8203;spickeringlr](https://redirect.github.com/spickeringlr). - Heartbeat: resolve `responsePrefix` template variables with the selected provider, model, and thinking context before delivering alerts or suppressing prefixed `HEARTBEAT_OK` replies. Fixes [#&#8203;43064](https://redirect.github.com/openclaw/openclaw/issues/43064); repairs [#&#8203;43065](https://redirect.github.com/openclaw/openclaw/issues/43065); supersedes [#&#8203;46858](https://redirect.github.com/openclaw/openclaw/issues/46858). Thanks [@&#8203;yweiii](https://redirect.github.com/yweiii) and [@&#8203;JunJD](https://redirect.github.com/JunJD). - Memory/LanceDB: show full memory UUIDs in the `memory_forget` candidate list so agents can pass the displayed ID back to targeted deletion without hitting the full-UUID validator. ([#&#8203;66913](https://redirect.github.com/openclaw/openclaw/issues/66913)) Thanks [@&#8203;amittell](https://redirect.github.com/amittell). - File-transfer plugin: require canonical read-path preflight authorization for `file.fetch`, fail closed when `dir.fetch` preflight entries are missing, absolute, or traversing, and recheck returned archive entries before handing archive bytes to callers. Carries forward [#&#8203;74134](https://redirect.github.com/openclaw/openclaw/issues/74134). Thanks [@&#8203;omarshahine](https://redirect.github.com/omarshahine). - Channels/Feishu: retry file-typed iOS video resource downloads as `media` after a Feishu/Lark HTTP 502 and preserve the original 502 when the fallback also fails. Fixes [#&#8203;49855](https://redirect.github.com/openclaw/openclaw/issues/49855); carries forward [#&#8203;50164](https://redirect.github.com/openclaw/openclaw/issues/50164) and [#&#8203;73986](https://redirect.github.com/openclaw/openclaw/issues/73986). Thanks [@&#8203;alex-xuweilong](https://redirect.github.com/alex-xuweilong). - Providers/Amazon Bedrock: expose the full Claude Opus 4.7 thinking profile (`xhigh`, `adaptive`, and `max`) for Bedrock model refs, while keeping Opus/Sonnet 4.6 on adaptive-by-default, so `/think` menus and validation match the Anthropic transport behavior. Fixes [#&#8203;74701](https://redirect.github.com/openclaw/openclaw/issues/74701). Thanks [@&#8203;prasad-yashdeep](https://redirect.github.com/prasad-yashdeep), [@&#8203;sparkleHazard](https://redirect.github.com/sparkleHazard), [@&#8203;Sanjays2402](https://redirect.github.com/Sanjays2402), and [@&#8203;hclsys](https://redirect.github.com/hclsys). - Plugins/tokenjuice: compile the bundled plugin against tokenjuice 0.7.0's published OpenClaw host types instead of a local compatibility shim, so package contract drift fails in OpenClaw validation before release. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - OAuth/secrets: ignore root-level Google OAuth `client_secret_*.json` downloads so local client-secret files do not appear as commit candidates. ([#&#8203;74689](https://redirect.github.com/openclaw/openclaw/issues/74689)) Thanks [@&#8203;jeongdulee](https://redirect.github.com/jeongdulee). - Memory: mirror `sqlite-vec` into packaged bundled-plugin runtime deps for the default memory plugin, so builtin vector search does not lose its SQLite extension after upgrading to 2026.4.27. Fixes [#&#8203;74692](https://redirect.github.com/openclaw/openclaw/issues/74692). Thanks [@&#8203;mozi1924](https://redirect.github.com/mozi1924). - Gateway/startup: bound local discovery advertisement during startup, so a stuck discovery plugin can no longer keep the Gateway from reaching ready. Fixes [#&#8203;73865](https://redirect.github.com/openclaw/openclaw/issues/73865); refs [#&#8203;74630](https://redirect.github.com/openclaw/openclaw/issues/74630) and [#&#8203;74633](https://redirect.github.com/openclaw/openclaw/issues/74633). Thanks [@&#8203;lpendeavors](https://redirect.github.com/lpendeavors), [@&#8203;moltar-bot](https://redirect.github.com/moltar-bot), and [@&#8203;Saboor711](https://redirect.github.com/Saboor711). - Gateway/models: serve the last successful model catalog while stale reloads refresh in the background, so Gateway control-plane and OpenAI-compatible requests no longer block behind model-provider rediscovery after model config changes. Refs [#&#8203;74135](https://redirect.github.com/openclaw/openclaw/issues/74135), [#&#8203;74630](https://redirect.github.com/openclaw/openclaw/issues/74630), and [#&#8203;74633](https://redirect.github.com/openclaw/openclaw/issues/74633). Thanks [@&#8203;DerFlash](https://redirect.github.com/DerFlash), [@&#8203;moltar-bot](https://redirect.github.com/moltar-bot), and [@&#8203;Saboor711](https://redirect.github.com/Saboor711). - CLI/status: resolve read-only channel setup runtime fallback from the packaged OpenClaw dist root, so `status --all`, `status --deep`, channel, and doctor paths do not crash when an external channel plugin needs setup metadata. Fixes [#&#8203;74693](https://redirect.github.com/openclaw/openclaw/issues/74693). Thanks [@&#8203;giangthb](https://redirect.github.com/giangthb). - SDK/events: keep per-run SDK event streams from surfacing duplicate raw chat projection frames, while normalizing chat-only projection frames and preserving raw access through `rawEvents`. Refs [#&#8203;74704](https://redirect.github.com/openclaw/openclaw/issues/74704). Thanks [@&#8203;BunsDev](https://redirect.github.com/BunsDev). - SDK: report Gateway terminal `agent.wait` timeout snapshots with lifecycle metadata as `timed_out` while keeping bare wait deadlines non-terminal. Thanks [@&#8203;clawsweeper](https://redirect.github.com/clawsweeper). - Google Meet: block managed Chrome intro/test speech until browser health proves the participant is in-call, and expose `speechReady` diagnostics so login, admission, permission, and audio-bridge blockers no longer look like successful speech. Refs [#&#8203;72478](https://redirect.github.com/openclaw/openclaw/issues/72478). Thanks [@&#8203;DougButdorf](https://redirect.github.com/DougButdorf). - Slack/commands: keep native command argument menus on select controls for encoded choice values up to Slack's option limit and truncate fallback button labels to Slack's button-text limit, so long valid choices no longer render invalid Slack blocks. Thanks [@&#8203;slackapi](https://redirect.github.com/slackapi). - Agents/Codex: flush accepted debounced steering messages before normal app-server turn cleanup, so inbound follow-ups acknowledged as queued are not dropped when the turn completes before the debounce fires. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Slack/interactive replies: keep rendered buttons and selects within Slack Block Kit value and count limits, and align command argument select values with Slack's option limit, so overlong agent-authored choices no longer make Slack reject the whole block payload. Thanks [@&#8203;slackapi](https://redirect.github.com/slackapi). - Slack/interactive replies: drop overlong Block Kit button URLs while preserving valid callback values, so malformed link buttons no longer make Slack reject the whole interactive reply. Thanks [@&#8203;slackapi](https://redirect.github.com/slackapi). - Slack/commands: truncate native command argument-menu confirmation text to Slack's dialog limit, so long plugin arg names no longer make fallback buttons render invalid Block Kit payloads. Thanks [@&#8203;slackapi](https://redirect.github.com/slackapi). - Slack/exec approvals: cap native approval metadata context to Slack's element and text limits, so large approval details no longer make Slack reject the approval card. Thanks [@&#8203;slackapi](https://redirect.github.com/slackapi). - Slack/exec approvals: cap native approval update fallback text to Slack's message limit while preserving the rendered approval blocks, so long commands no longer make resolved or expired approval cards stay stale after `chat.update` rejects `msg_too_long`. Thanks [@&#8203;slackapi](https://redirect.github.com/slackapi). - Slack/commands: cap native command argument-menu fallback rows to Slack's message block limit, so large plugin choice lists no longer make Slack reject the generated menu. Thanks [@&#8203;slackapi](https://redirect.github.com/slackapi). - Slack/commands: drop fallback command argument buttons whose encoded values exceed Slack's button-value limit, so one oversized plugin choice no longer makes Slack reject the whole menu. Thanks [@&#8203;slackapi](https://redirect.github.com/slackapi). - Slack/messages: merge message-tool presentation and interactive blocks on Slack sends, so buttons and selects are no longer dropped when a structured message body is also present. Thanks [@&#8203;slackapi](https://redirect.github.com/slackapi). - Slack/messages: cap Block Kit fallback text to Slack's send limit while preserving the rendered blocks, so long context fallbacks no longer make rich Slack messages fail with `msg_too_long`. Thanks [@&#8203;slackapi](https://redirect.github.com/slackapi). - Slack/messages: cap Block Kit fallback text on message edits while preserving the rendered blocks, so long context fallbacks no longer make Slack reject `chat.update` calls with `msg_too_long`. Thanks [@&#8203;slackapi](https://redirect.github.com/slackapi). - Channels/WhatsApp: require Baileys outbound message ids before marking auto-replies delivered, so transcript text and ack reactions no longer make failed group replies look sent. Fixes [#&#8203;49225](https://redirect.github.com/openclaw/openclaw/issues/49225). Thanks [@&#8203;TinyTb](https://redirect.github.com/TinyTb). - CLI/update: scope packaged Node compile caches by OpenClaw version and install metadata, so global installs no longer reuse stale compiled chunks after package updates. Thanks [@&#8203;pashpashpash](https://redirect.github.com/pashpashpash). - Channels/Voice call: keep pre-auth webhook in-flight limiting active when socket remote address metadata is missing, so slow-body requests from stripped-IP proxy paths still share the fallback bucket. ([#&#8203;74453](https://redirect.github.com/openclaw/openclaw/issues/74453)) Thanks [@&#8203;davidangularme](https://redirect.github.com/davidangularme). - Plugin SDK/testing: lazy-load TypeScript from the plugin test-contract runtime and add release checks for critical SDK contract entrypoint imports and bundle size, so published packages fail preflight before shipping ESM-incompatible or oversized contract helpers. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Channels/Microsoft Teams: treat configured `19:...@&#8203;thread.tacv2` and legacy `19:...@&#8203;thread.skype` team/channel IDs as already resolved during startup, avoiding false `channels unresolved` warnings while preserving Graph name lookup for display-name entries. Fixes [#&#8203;74683](https://redirect.github.com/openclaw/openclaw/issues/74683). Thanks [@&#8203;dseravalli](https://redirect.github.com/dseravalli). - CLI/browser: preserve parent flags while lazy-loading browser subcommands, so `openclaw browser --json open` and `openclaw browser --json tabs` keep machine-readable output after reparsing. Fixes [#&#8203;74574](https://redirect.github.com/openclaw/openclaw/issues/74574). Thanks [@&#8203;devintegeritsm](https://redirect.github.com/devintegeritsm). - Exec/elevated: preserve `turnSourceChannel` as `messageProvider` on approval-followup runs so `tools.elevated.allowFrom.<provider>` checks no longer fail with `provider=null` after the user approves an async elevated command. Fixes [#&#8203;74646](https://redirect.github.com/openclaw/openclaw/issues/74646). Thanks [@&#8203;xhd2015](https://redirect.github.com/xhd2015). - Plugins/runtime-deps: add `openclaw plugins deps` inspection and repair with script-free package-manager defaults shared across plugin installers, so operators can repair missing bundled runtime deps without corrupting JSON output or blocking unrelated conflict-free deps. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Agents/output: strip internal `[tool calls omitted]` replay placeholders from user-facing replies while preserving visible reply whitespace. Fixes [#&#8203;74573](https://redirect.github.com/openclaw/openclaw/issues/74573). Thanks [@&#8203;blaspat](https://redirect.github.com/blaspat). - Providers/Google Vertex: route authorized\_user ADC credentials through OpenClaw's REST transport so Docker installs using gcloud application-default credentials no longer crash in the Google SDK before requests are sent. Fixes [#&#8203;74628](https://redirect.github.com/openclaw/openclaw/issues/74628). Thanks [@&#8203;frankhal2001-design](https://redirect.github.com/frankhal2001-design). - ACP/resolver: fall through to thread-bound session resolution when an explicit `--session` token cannot be resolved while preserving the bad-token diagnostic when no thread binding exists, so Discord slash commands that auto-fill the current thread ID as the positional ACP target no longer return "Unable to resolve session target" errors. Fixes [#&#8203;66299](https://redirect.github.com/openclaw/openclaw/issues/66299). Thanks [@&#8203;hclsys](https://redirect.github.com/hclsys), [@&#8203;kindomLee](https://redirect.github.com/kindomLee), and [@&#8203;martingarramon](https://redirect.github.com/martingarramon). - Agents/sessions: emit a terminal lifecycle backstop when embedded timeout/error turns return without `agent_end`, so Gateway sessions no longer stay stuck in `running` after failover surfaces a timeout. Fixes [#&#8203;74607](https://redirect.github.com/openclaw/openclaw/issues/74607). Thanks [@&#8203;millerc79](https://redirect.github.com/millerc79). - Gateway/diagnostics: include stuck-session reason hints and recovery skip causes in warnings, so operators can tell whether a lane is waiting on active work, queued work, or stale bookkeeping. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Providers/DeepSeek: expose native DeepSeek V4 `xhigh` and `max` thinking levels through the provider `resolveThinkingProfile` hook so `/think xhigh|max` applies the intended effort instead of falling back to base levels. ([#&#8203;73008](https://redirect.github.com/openclaw/openclaw/issues/73008)) Thanks [@&#8203;ai-hpc](https://redirect.github.com/ai-hpc). - Agents/Codex: bound embedded-run cleanup, trajectory flushing, and command-lane task timeouts after runtime failures, so Discord and other chat sessions return to idle instead of staying stuck in processing. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Heartbeat/exec: consume successful metadata-only async exec completions silently so Telegram and other chat surfaces no longer ask users for missing command logs after `No session found`. Fixes [#&#8203;74595](https://redirect.github.com/openclaw/openclaw/issues/74595). Thanks [@&#8203;gkoch02](https://redirect.github.com/gkoch02). - Web fetch: add a documented `tools.web.fetch.ssrfPolicy.allowIpv6UniqueLocalRange` opt-in and thread it through cache keys and DNS/IP checks so trusted fake-IP proxy stacks using `fc00::/7` can work without broad private-network access. Fixes [#&#8203;74351](https://redirect.github.com/openclaw/openclaw/issues/74351). Thanks [@&#8203;jeffrey701](https://redirect.github.com/jeffrey701). - OpenAI Codex: restore `/verbose full` persistence and app-server tool-output forwarding, and retry Gateway E2E temp-home cleanup so debug runs do not regress on stale validation or cleanup flakes. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Anthropic/Meridian: preserve text and thinking content seeded on `content_block_start` in anthropic-messages streams, so `[thinking, text]` replies no longer persist as empty turns or trigger empty-response fallbacks. Fixes [#&#8203;74410](https://redirect.github.com/openclaw/openclaw/issues/74410). Thanks [@&#8203;vyctorbrzezowski](https://redirect.github.com/vyctorbrzezowski). - Channels/Matrix: complete the cross-signing handshake on `openclaw matrix verify confirm-sas` so the operator's other Matrix device clears its `Verifying…` loop instead of staying stuck after the agent confirms. ([#&#8203;74542](https://redirect.github.com/openclaw/openclaw/issues/74542)) Thanks [@&#8203;nklock](https://redirect.github.com/nklock). - CLI/status: honor channel-specific model context-window overrides when reporting effective context, so channel-scoped sessions reflect the active window in `openclaw status`. Thanks [@&#8203;HemantSudarshan](https://redirect.github.com/HemantSudarshan). - Sandbox/Docker: tolerate Docker daemon unavailability when sandbox mode is off, so doctor and preflight checks no longer fail on installs that do not run the Docker daemon. Fixes [#&#8203;73671](https://redirect.github.com/openclaw/openclaw/issues/73671). Thanks [@&#8203;kaseonedge](https://redirect.github.com/kaseonedge). - Control UI/mobile: persist mobile chat settings through Lit-managed state and route mobile navigation through the same view-state path so chat panel toggles survive transitions on small viewports. Thanks [@&#8203;BunsDev](https://redirect.github.com/BunsDev). - Control UI/exports: align sidebar trigger affordances across the resizable divider, mobile layout, and exported-HTML transcript template so the sidebar toggle and exported transcript sidebar render with consistent hit areas and styling. Thanks [@&#8203;BunsDev](https://redirect.github.com/BunsDev). - Control UI/chat: disable the page refresh affordance while a chat run is active so accidental refreshes do not abort an in-flight reply. Thanks [@&#8203;Angfr95](https://redirect.github.com/Angfr95) and [@&#8203;BunsDev](https://redirect.github.com/BunsDev). - Memory/LanceDB: return real memory records from `openclaw ltm list` (with optional `--limit` and createdAt ordering) instead of an empty placeholder, so the CLI surface matches the documented LTM listing contract. ([#&#8203;67952](https://redirect.github.com/openclaw/openclaw/issues/67952)) Thanks [@&#8203;zhangyue19921010](https://redirect.github.com/zhangyue19921010). - Media: include redacted per-attempt resize failures and resolved model input capabilities in vision-pipeline errors so ARM64 image failures are diagnosable without closing the remaining routing investigation. Refs [#&#8203;74552](https://redirect.github.com/openclaw/openclaw/issues/74552). Thanks [@&#8203;1yihui](https://redirect.github.com/1yihui). - Control UI/i18n: route zh-CN agent, debug, channel-refresh, and exec-approval copy through the locale source while preserving the English `Cron Jobs` agent tab label and the security-audit command styling. Carries forward [#&#8203;39692](https://redirect.github.com/openclaw/openclaw/issues/39692) repair context. Thanks [@&#8203;hepeng154833488](https://redirect.github.com/hepeng154833488) and [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Auto-reply: honor explicit `silentReply.direct: "allow"` for clean empty or reasoning-only direct chat turns while keeping the default direct-chat empty-response guard conservative. Fixes [#&#8203;74409](https://redirect.github.com/openclaw/openclaw/issues/74409). Thanks [@&#8203;jesuskannolis](https://redirect.github.com/jesuskannolis). - OpenAI Codex: send a non-empty Responses input item when a Codex turn only has systemPrompt-backed instructions, avoiding ChatGPT backend 400s from `input: []`. Fixes [#&#8203;73820](https://redirect.github.com/openclaw/openclaw/issues/73820). Thanks [@&#8203;woodhouse-bot](https://redirect.github.com/woodhouse-bot). - Ollama: normalize provider-prefixed tool-call names at the native stream boundary so Kimi/Ollama calls such as `functions.exec` dispatch as `exec` instead of missing configured tools. Fixes [#&#8203;74487](https://redirect.github.com/openclaw/openclaw/issues/74487). Thanks [@&#8203;afurm](https://redirect.github.com/afurm) and [@&#8203;carreipeia](https://redirect.github.com/carreipeia). - Security/audit: resolve configured model aliases before model-tier and small-parameter checks, so alias-based GPT-5/Codex configs no longer report false weak-model warnings. Fixes [#&#8203;74455](https://redirect.github.com/openclaw/openclaw/issues/74455). Thanks [@&#8203;blaspat](https://redirect.github.com/blaspat). - CLI/agent: isolate Gateway-timeout embedded fallback runs under explicit `gateway-fallback-*` sessions so accepted Gateway runs cannot race transcript locks or replace the routed conversation session. Fixes [#&#8203;62981](https://redirect.github.com/openclaw/openclaw/issues/62981). Thanks [@&#8203;HemantSudarshan](https://redirect.github.com/HemantSudarshan). - CLI/QR/device-pair: reject malformed public setup URLs before issuing mobile pairing bootstrap tokens, while keeping valid bare host:port setup URLs supported. Thanks [@&#8203;Lucenx9](https://redirect.github.com/Lucenx9). - Models/UI: hide unauthenticated providers from the default Web chat, `/models`, and model setup pickers while keeping explicit full-catalog browse paths through `view: "all"`, `/models <provider> all`, and `models list --all`. Fixes [#&#8203;74423](https://redirect.github.com/openclaw/openclaw/issues/74423). Thanks [@&#8203;guarismo](https://redirect.github.com/guarismo) and [@&#8203;SymbolStar](https://redirect.github.com/SymbolStar). - Ollama: keep explicit local model runs on target-provider runtime hooks when PI discovery is skipped, so one-shot Ollama calls no longer cold-load unrelated provider runtimes before streaming. Fixes [#&#8203;74078](https://redirect.github.com/openclaw/openclaw/issues/74078). Thanks [@&#8203;sakalaboator](https://redirect.github.com/sakalaboator). - Slack/prompts: rely on Slack `interactiveReplies` guidance instead of generic `inlineButtons` config hints so enabled Slack button directives are not contradicted. Fixes [#&#8203;46647](https://redirect.github.com/openclaw/openclaw/issues/46647). Thanks [@&#8203;jeremykoerber](https://redirect.github.com/jeremykoerber). - Slack/reactions: treat duplicate `already_reacted` responses as idempotent success so repeated agent reaction adds no longer surface as tool failures. Fixes [#&#8203;69005](https://redirect.github.com/openclaw/openclaw/issues/69005). Thanks [@&#8203;shipitsteven](https://redirect.github.com/shipitsteven) and [@&#8203;martingarramon](https://redirect.github.com/martingarramon). - Channels/Discord: cool down Cloudflare/Error 1015 HTML 429 REST failures during startup application lookup and gateway metadata fetches, add `channels.discord.applicationId` as an app-id lookup bypass, sanitize HTML bodies before logging, and honor Retry-After before falling back to a conservative cooldown. Fixes [#&#8203;38853](https://redirect.github.com/openclaw/openclaw/issues/38853). ([#&#8203;74489](https://redirect.github.com/openclaw/openclaw/issues/74489)) Thanks [@&#8203;djgeorg3](https://redirect.github.com/djgeorg3) and [@&#8203;Garyko0730](https://redirect.github.com/Garyko0730). - Slack/tools: expose `fileId` in the shared message tool schema so `download-file` can receive Slack attachment IDs from inbound placeholders. Fixes [#&#8203;45574](https://redirect.github.com/openclaw/openclaw/issues/45574). Thanks [@&#8203;chadvegas](https://redirect.github.com/chadvegas). - Exec: reject invalid per-call `host` values instead of silently falling back to the default target, so hostname-like values fail before commands run. Fixes [#&#8203;74426](https://redirect.github.com/openclaw/openclaw/issues/74426). Thanks [@&#8203;scr00ge-00](https://redirect.github.com/scr00ge-00) and [@&#8203;vyctorbrzezowski](https://redirect.github.com/vyctorbrzezowski). - Google/Gemini: send non-empty placeholder content when a Gemini run is triggered with empty or filtered user content, avoiding `contents is not specified` API errors. Thanks [@&#8203;CaoYuhaoCarl](https://redirect.github.com/CaoYuhaoCarl). - Heartbeat: preserve non-task `HEARTBEAT.md` context around `tasks:` blocks and apply `agents.defaults.heartbeat` to all agents unless per-agent heartbeat entries restrict scope. Thanks [@&#8203;Sekhar03](https://redirect.github.com/Sekhar03). - Markdown: preserve paragraph breaks inside loose list items in shared outbound formatting while keeping tight list spacing stable. Thanks [@&#8203;Lucenx9](https://redirect.github.com/Lucenx9). - Build/Gateway: route restart, shutdown, respawn, diagnostics, command-queue cleanup, and runtime cleanup through one stable gateway lifecycle runtime entry so rebuilt packages do not strand long-running gateways on stale hashed chunks. Carries forward [#&#8203;73964](https://redirect.github.com/openclaw/openclaw/issues/73964). Thanks [@&#8203;pashpashpash](https://redirect.github.com/pashpashpash). - Memory/wiki: keep broad shared-source and generated related-link blocks from turning every page into a search hit, cap noisy backlinks, support all-term searches such as people-routing queries, and prefer readable page body snippets over generated metadata. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Cron/Gateway: abort and bounded-clean up timed-out isolated agent turns before recording the timeout, so stale cron sessions cannot leave Discord or other chat lanes stuck in `processing` after a timeout. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Agents/errors: suppress malformed streaming tool-call JSON fragments before they reach chat surfaces while preserving provider request-validation diagnostics. Fixes [#&#8203;59076](https://redirect.github.com/openclaw/openclaw/issues/59076); keeps [#&#8203;59080](https://redirect.github.com/openclaw/openclaw/issues/59080) as duplicate coverage. ([#&#8203;59118](https://redirect.github.com/openclaw/openclaw/issues/59118)) Thanks [@&#8203;singleGanghood](https://redirect.github.com/singleGanghood). - CLI/models: restore provider-filtered `models list --all --provider <id>` rows for providers without manifest/static catalog coverage, including Anthropic and Amazon Bedrock, while keeping the compatibility fallback off expensive availability and resolver paths. Thanks [@&#8203;shakkernerd](https://redirect.github.com/shakkernerd). - CLI/models: keep manifest auth-evidence credentials visible across `models status`, auth probes, and PI model discovery so workspace-scoped provider auth does not disagree between listing, probing, and execution. Thanks [@&#8203;shakkernerd](https://redirect.github.com/shakkernerd). - CLI/models: move local credential evidence such as Google Vertex ADC into generic plugin manifest setup metadata so the model-list auth index stays declarative without provider-specific runtime branches. Thanks [@&#8203;shakkernerd](https://redirect.github.com/shakkernerd). - CLI/models: compute the `models list` Auth column through one command-local provider auth index so row rendering no longer repeats auth profile, env, configured-provider, AWS, or synthetic-auth checks per model row. Thanks [@&#8203;shakkernerd](https://redirect.github.com/shakkernerd). - CLI/models: move the OpenAI listable catalog into the plugin manifest so `models list --all --provider openai` uses the manifest fast path instead of loading provider runtime normalization hooks. Thanks [@&#8203;shakkernerd](https://redirect.github.com/shakkernerd). - CLI/tools: keep the Gateway `tools.*` RPC namespace out of plugin command discovery and managed proxy startup, so stray commands like `openclaw tools effective` fail quickly instead of cold-loading plugin metadata. Refs [#&#8203;73477](https://redirect.github.com/openclaw/openclaw/issues/73477). Thanks [@&#8203;oromeis](https://redirect.github.com/oromeis). - CLI/status: keep default text `openclaw status --usage` on metadata-only channel scans unless `--deep` or `--all` is set, and send stray `openclaw tools --help` through the precomputed root-help fast path so latency-triage commands avoid plugin/runtime cold loads before printing. Refs [#&#8203;73477](https://redirect.github.com/openclaw/openclaw/issues/73477) and [#&#8203;74220](https://redirect.github.com/openclaw/openclaw/issues/74220). Thanks [@&#8203;oromeis](https://redirect.github.com/oromeis) and [@&#8203;NianJiuZst](https://redirect.github.com/NianJiuZst). - Agents/diagnostics: trace embedded-run startup and preparation stage timings before model I/O, and warn only on severe slow stages, so Docker/VPS latency reports can identify whether plugin loading, auth/model resolution, tool inventory, bootstrap, MCP/LSP, resource loading, or stream setup is dominating pre-run latency without noisy normal logs. Refs [#&#8203;73428](https://redirect.github.com/openclaw/openclaw/issues/73428). Thanks [@&#8203;Dimaoggg](https://redirect.github.com/Dimaoggg), [@&#8203;quangtran88](https://redirect.github.com/quangtran88), and [@&#8203;Heyvhuang](https://redirect.github.com/Heyvhuang). - Agents/subagents: cache persisted subagent run registry reads by file signature while preserving fresh-parse isolation, so busy gateways stop reparsing unchanged `subagents/runs.json` on controller/list/status hot paths. Refs [#&#8203;72338](https://redirect.github.com/openclaw/openclaw/issues/72338). Thanks [@&#8203;argus-as](https://redirect.github.com/argus-as). - Gateway/clients: wait for the event loop to become responsive before opening Gateway WebSocket RPC/probe/client connections while charging that readiness wait to caller timeouts, so Windows deferred module-evaluation stalls no longer turn healthy loopback gateways into false handshake timeouts across status, TUI, ACP, MCP, node-host, and plugin client paths. Refs [#&#8203;74279](https://redirect.github.com/openclaw/openclaw/issues/74279) and [#&#8203;48270](https://redirect.github.com/openclaw/openclaw/issues/48270). Thanks [@&#8203;wongcode](https://redirect.github.com/wongcode) and [@&#8203;joost-heijden](https://redirect.github.com/joost-heijden). - Gateway/Windows: read listener command lines via PowerShell before falling back to `wmic`, so restart health can recognize OpenClaw listeners on modern Windows installs and avoid long anonymous-port waits. Refs [#&#8203;74280](https://redirect.github.com/openclaw/openclaw/issues/74280). Thanks [@&#8203;zym951223](https://redirect.github.com/zym951223). - Plugins/runtime-deps: record process start-time in bundled dependency install locks and expire recycled-PID locks, so Docker gateway restarts recover from stale `.openclaw-runtime-deps.lock` directories without waiting through repeated five-minute timeouts. Fixes [#&#8203;74346](https://redirect.github.com/openclaw/openclaw/issues/74346). ([#&#8203;74361](https://redirect.github.com/openclaw/openclaw/issues/74361)) Thanks [@&#8203;jhsmith409](https://redirect.github.com/jhsmith409). - Plugins/runtime-deps: memoize packaged bundled runtime dist-mirror preparation after the first successful pass while keeping source-checkout mirrors refreshable, so constrained Docker/VPS installs avoid repeated root scans before chat turns. Refs [#&#8203;73428](https://redirect.github.com/openclaw/openclaw/issues/73428), [#&#8203;73421](https://redirect.github.com/openclaw/openclaw/issues/73421), [#&#8203;73532](https://redirect.github.com/openclaw/openclaw/issues/73532), and [#&#8203;73477](https://redirect.github.com/openclaw/openclaw/issues/73477). Thanks [@&#8203;Dimaoggg](https://redirect.github.com/Dimaoggg), [@&#8203;oromeis](https://redirect.github.com/oromeis), [@&#8203;oadiazp](https://redirect.github.com/oadiazp), [@&#8203;jmfraga](https://redirect.github.com/jmfraga), [@&#8203;bstanbury](https://redirect.github.com/bstanbury), [@&#8203;antoniusfelix](https://redirect.github.com/antoniusfelix), and [@&#8203;jkobject](https://redirect.github.com/jkobject). - Channels/Discord: treat bare numeric outbound targets that match the effective Discord DM allowlist as user DMs while preserving account-specific legacy `dm.allowFrom` precedence over inherited root `allowFrom`. ([#&#8203;74303](https://redirect.github.com/openclaw/openclaw/issues/74303)) Thanks [@&#8203;Squirbie](https://redirect.github.com/Squirbie). - Channels/Discord/Slack: share one DM policy/allowlist resolver across runtime, setup, allowlist editing, and doctor repair, so legacy `dm.policy` / `dm.allowFrom` compatibility migrates to canonical `dmPolicy` / `allowFrom` without divergent access checks. Thanks [@&#8203;Squirbie](https://redirect.github.com/Squirbie). - Control UI: make the chat sidebar split divider focusable, keyboard-resizable, ARIA-described, and pointer-event based so sidebar resizing works without a mouse. Thanks [@&#8203;BunsDev](https://redirect.github.com/BunsDev). - Control UI/chat: wire the slash-command autocomplete menu to the composer with stable ARIA relationships so screen readers announce the active command or argument option. Thanks [@&#8203;BunsDev](https://redirect.github.com/BunsDev). - Agents/usage: keep PI embedded-run telemetry attributed to the resolved model provider instead of the PI harness label, so OpenRouter and other provider-backed turns report the right provider in session usage and traces. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Agents/attribution: send OpenClaw attribution headers on native OpenAI and Codex traffic, including SDK transports, realtime voice and TTS, device-code auth, WHAM usage, and remote embeddings, so PI-origin defaults no longer leak into provider requests. Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Agents/auth: keep OAuth auth profiles inherited from the main agent read-through instead of copying refresh tokens into secondary agents, and refresh Codex app-server tokens against the owning store so multi-agent swarms avoid reused refresh-token failures. Fixes [#&#8203;74055](https://redirect.github.com/openclaw/openclaw/issues/74055). Thanks [@&#8203;ClarityInvest](https://redirect.github.com/ClarityInvest). - Channels/Telegram: honor `ALL_PROXY` / `all_proxy` and service-level `OPENCLAW_PROXY_URL` when constructing the HTTP/1-only Telegram Bot API transport, so Windows and service installs that rely on those proxy settings no longer fall back to direct egress. Fixes [#&#8203;74014](https://redirect.github.com/openclaw/openclaw/issues/74014); refs [#&#8203;74086](https://redirect.github.com/openclaw/openclaw/issues/74086). Thanks [@&#8203;SymbolStar](https://redirect.github.com/SymbolStar). - Channels/Telegram: keep raw host/network-unreachable Bot API connect failures non-fatal and route tagged polling uncaught exceptions through the Telegram restart path, so transient reachability failures no longer kill the Gateway or leave long polling stuck. Fixes [#&#8203;60515](https://redirect.github.com/openclaw/openclaw/issues/60515); refs [#&#8203;74540](https://redirect.github.com </details> --- ### Configuration 📅 **Schedule**: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My43Ni4yIiwidXBkYXRlZEluVmVyIjoiNDMuNzYuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
les_clankeurs/openclaw-image-2!26
No description provided.