OpenClaw

2026.2.12

Fri, 13 Feb 2026 03:17:54 +0100

OpenClaw 2026.2.12

Changes

CLI: add openclaw logs --local-time to display log timestamps in local timezone. (#13818) Thanks @xialonglee.
Telegram: render blockquotes as native
tags instead of stripping them. (#14608)
Config: avoid redacting maxTokens-like fields during config snapshot redaction, preventing round-trip validation failures in /config. (#14006) Thanks @constansino.

Breaking

Hooks: POST /hooks/agent now rejects payload sessionKey overrides by default. To keep fixed hook context, set hooks.defaultSessionKey (recommended with hooks.allowedSessionKeyPrefixes: ["hook:"]). If you need legacy behavior, explicitly set hooks.allowRequestSessionKey: true. Thanks @alpernae for reporting.

Fixes

Gateway/OpenResponses: harden URL-based input_file/input_image handling with explicit SSRF deny policy, hostname allowlists (files.urlAllowlist / images.urlAllowlist), per-request URL input caps (maxUrlParts), blocked-fetch audit logging, and regression coverage/docs updates.
Security: fix unauthenticated Nostr profile API remote config tampering. (#13719) Thanks @coygeek.
Security: remove bundled soul-evil hook. (#14757) Thanks @Imccccc.
Security/Audit: add hook session-routing hardening checks (hooks.defaultSessionKey, hooks.allowRequestSessionKey, and prefix allowlists), and warn when HTTP API endpoints allow explicit session-key routing.
Security/Sandbox: confine mirrored skill sync destinations to the sandbox skills/ root and stop using frontmatter-controlled skill names as filesystem destination paths. Thanks @1seal.
Security/Web tools: treat browser/web content as untrusted by default (wrapped outputs for browser snapshot/tabs/console and structured external-content metadata for web tools), and strip toolResult.details from model-facing transcript/compaction inputs to reduce prompt-injection replay risk.
Security/Hooks: harden webhook and device token verification with shared constant-time secret comparison, and add per-client auth-failure throttling for hook endpoints (429 + Retry-After). Thanks @akhmittra.
Security/Browser: require auth for loopback browser control HTTP routes, auto-generate gateway.auth.token when browser control starts without auth, and add a security-audit check for unauthenticated browser control. Thanks @tcusolle.
Sessions/Gateway: harden transcript path resolution and reject unsafe session IDs/file paths so session operations stay within agent sessions directories. Thanks @akhmittra.
Gateway: raise WS payload/buffer limits so 5,000,000-byte image attachments work reliably. (#14486) Thanks @0xRaini.
Logging/CLI: use local timezone timestamps for console prefixing, and include ±HH:MM offsets when using openclaw logs --local-time to avoid ambiguity. (#14771) Thanks @0xRaini.
Gateway: drain active turns before restart to prevent message loss. (#13931) Thanks @0xRaini.
Gateway: auto-generate auth token during install to prevent launchd restart loops. (#13813) Thanks @cathrynlavery.
Gateway: prevent undefined/missing token in auth config. (#13809) Thanks @asklee-klawd.
Gateway: handle async EPIPE on stdout/stderr during shutdown. (#13414) Thanks @keshav55.
Gateway/Control UI: resolve missing dashboard assets when openclaw is installed globally via symlink-based Node managers (nvm/fnm/n/Homebrew). (#14919) Thanks @aynorica.
Cron: use requested agentId for isolated job auth resolution. (#13983) Thanks @0xRaini.
Cron: prevent cron jobs from skipping execution when nextRunAtMs advances. (#14068) Thanks @WalterSumbon.
Cron: pass agentId to runHeartbeatOnce for main-session jobs. (#14140) Thanks @ishikawa-pro.
Cron: re-arm timers when onTimer fires while a job is still executing. (#14233) Thanks @tomron87.
Cron: prevent duplicate fires when multiple jobs trigger simultaneously. (#14256) Thanks @xinhuagu.
Cron: isolate scheduler errors so one bad job does not break all jobs. (#14385) Thanks @MarvinDontPanic.
Cron: prevent one-shot at jobs from re-firing on restart after skipped/errored runs. (#13878) Thanks @lailoo.
Heartbeat: prevent scheduler stalls on unexpected run errors and avoid immediate rerun loops after requests-in-flight skips. (#14901) Thanks @joeykrug.
Cron: honor stored session model overrides for isolated-agent runs while preserving hooks.gmail.model precedence for Gmail hook sessions. (#14983) Thanks @shtse8.
Logging/Browser: fall back to os.tmpdir()/openclaw for default log, browser trace, and browser download temp paths when /tmp/openclaw is unavailable.
WhatsApp: convert Markdown bold/strikethrough to WhatsApp formatting. (#14285) Thanks @Raikan10.
WhatsApp: allow media-only sends and normalize leading blank payloads. (#14408) Thanks @karimnaguib.
WhatsApp: default MIME type for voice messages when Baileys omits it. (#14444) Thanks @mcaxtr.
Telegram: handle no-text message in model picker editMessageText. (#14397) Thanks @0xRaini.
Telegram: surface REACTION_INVALID as non-fatal warning. (#14340) Thanks @0xRaini.
BlueBubbles: fix webhook auth bypass via loopback proxy trust. (#13787) Thanks @coygeek.
Slack: change default replyToMode from "off" to "all". (#14364) Thanks @nm-de.
Slack: detect control commands when channel messages start with bot mention prefixes (for example, @Bot /new). (#14142) Thanks @beefiker.
Signal: enforce E.164 validation for the Signal bot account prompt so mistyped numbers are caught early. (#15063) Thanks @Duartemartins.
Discord: process DM reactions instead of silently dropping them. (#10418) Thanks @mcaxtr.
Discord: respect replyToMode in threads. (#11062) Thanks @cordx56.
Heartbeat: filter noise-only system events so scheduled reminder notifications do not fire when cron runs carry only heartbeat markers. (#13317) Thanks @pvtclawn.
Signal: render mention placeholders as @uuid/@phone so mention gating and Clawdbot targeting work. (#2013) Thanks @alexgleason.
Discord: omit empty content fields for media-only messages while preserving caption whitespace. (#9507) Thanks @leszekszpunar.
Onboarding/Providers: add Z.AI endpoint-specific auth choices (zai-coding-global, zai-coding-cn, zai-global, zai-cn) and expand default Z.AI model wiring. (#13456) Thanks @tomsun28.
Onboarding/Providers: update MiniMax API default/recommended models from M2.1 to M2.5, add M2.5/M2.5-Lightning model entries, and include minimax-m2.5 in modern model filtering. (#14865) Thanks @adao-max.
Ollama: use configured models.providers.ollama.baseUrl for model discovery and normalize /v1 endpoints to the native Ollama API root. (#14131) Thanks @shtse8.
Voice Call: pass Twilio stream auth token via instead of query string. (#14029) Thanks @mcwigglesmcgee.
Feishu: pass Buffer directly to the Feishu SDK upload APIs instead of Readable.from(...) to avoid form-data upload failures. (#10345) Thanks @youngerstyle.
Feishu: trigger mention-gated group handling only when the bot itself is mentioned (not just any mention). (#11088) Thanks @openperf.
Feishu: probe status uses the resolved account context for multi-account credential checks. (#11233) Thanks @onevcat.
Feishu DocX: preserve top-level converted block order using firstLevelBlockIds when writing/appending documents. (#13994) Thanks @Cynosure159.
Feishu plugin packaging: remove workspace:* openclaw dependency from extensions/feishu and sync lockfile for install compatibility. (#14423) Thanks @jackcooper2015.
CLI/Wizard: exit with code 1 when configure, agents add, or interactive onboard wizards are canceled, so set -e automation stops correctly. (#14156) Thanks @0xRaini.
Media: strip MEDIA: lines with local paths instead of leaking as visible text. (#14399) Thanks @0xRaini.
Config/Cron: exclude maxTokens from config redaction and honor deleteAfterRun on skipped cron jobs. (#13342) Thanks @niceysam.
Config: ignore meta field changes in config file watcher. (#13460) Thanks @brandonwise.
Cron: use requested agentId for isolated job auth resolution. (#13983) Thanks @0xRaini.
Cron: pass agentId to runHeartbeatOnce for main-session jobs. (#14140) Thanks @ishikawa-pro.
Cron: prevent cron jobs from skipping execution when nextRunAtMs advances. (#14068) Thanks @WalterSumbon.
Cron: re-arm timers when onTimer fires while a job is still executing. (#14233) Thanks @tomron87.
Cron: prevent duplicate fires when multiple jobs trigger simultaneously. (#14256) Thanks @xinhuagu.
Cron: isolate scheduler errors so one bad job does not break all jobs. (#14385) Thanks @MarvinDontPanic.
Cron: prevent one-shot at jobs from re-firing on restart after skipped/errored runs. (#13878) Thanks @lailoo.
Daemon: suppress EPIPE error when restarting LaunchAgent. (#14343) Thanks @0xRaini.
Antigravity: add opus 4.6 forward-compat model and bypass thinking signature sanitization. (#14218) Thanks @jg-noncelogic.
Agents: prevent file descriptor leaks in child process cleanup. (#13565) Thanks @KyleChen26.
Agents: prevent double compaction caused by cache TTL bypassing guard. (#13514) Thanks @taw0002.
Agents: use last API call's cache tokens for context display instead of accumulated sum. (#13805) Thanks @akari-musubi.
Agents: keep followup-runner session totalTokens aligned with post-compaction context by using last-call usage and shared token-accounting logic. (#14979) Thanks @shtse8.
Hooks/Plugins: wire 9 previously unwired plugin lifecycle hooks into core runtime paths (session, compaction, gateway, and outbound message hooks). (#14882) Thanks @shtse8.
Hooks/Tools: dispatch before_tool_call and after_tool_call hooks from both tool execution paths with rebased conflict fixes. (#15012) Thanks @Patrick-Barletta, @Takhoffman.
Discord: allow channel-edit to archive/lock threads and set auto-archive duration. (#5542) Thanks @stumct.
Discord tests: use a partial @buape/carbon mock in slash command coverage. (#13262) Thanks @arosstale.
Tests: update thread ID handling in Slack message collection tests. (#14108) Thanks @swizzmagik.

View full changelog

2026.2.9

Mon, 09 Feb 2026 13:23:25 -0600

OpenClaw 2026.2.9

Added

iOS: alpha node app + setup-code onboarding. (#11756) Thanks @mbelinky.
Channels: comprehensive BlueBubbles and channel cleanup. (#11093) Thanks @tyler6204.
Plugins: device pairing + phone control plugins (Telegram /pair, iOS/Android node controls). (#11755) Thanks @mbelinky.
Tools: add Grok (xAI) as a web_search provider. (#12419) Thanks @tmchow.
Gateway: add agent management RPC methods for the web UI (agents.create, agents.update, agents.delete). (#11045) Thanks @advaitpaliwal.
Web UI: show a Compaction divider in chat history. (#11341) Thanks @Takhoffman.
Agents: include runtime shell in agent envelopes. (#1835) Thanks @Takhoffman.
Paths: add OPENCLAW_HOME for overriding the home directory used by internal path resolution. (#12091) Thanks @sebslight.

Fixes

Telegram: harden quote parsing; preserve quote context; avoid QUOTE_TEXT_INVALID; avoid nested reply quote misclassification. (#12156) Thanks @rybnikov.
Telegram: recover proactive sends when stale topic thread IDs are used by retrying without message_thread_id. (#11620)
Telegram: render markdown spoilers with HTML tags. (#11543) Thanks @ezhikkk.
Telegram: truncate command registration to 100 entries to avoid BOT_COMMANDS_TOO_MUCH failures on startup. (#12356) Thanks @arosstale.
Telegram: match DM allowFrom against sender user id (fallback to chat id) and clarify pairing logs. (#12779) Thanks @liuxiaopai-ai.
Onboarding: QuickStart now auto-installs shell completion (prompt only in Manual).
Auth: strip embedded line breaks from pasted API keys and tokens before storing/resolving credentials.
Web UI: make chat refresh smoothly scroll to the latest messages and suppress new-messages badge flash during manual refresh.
Tools/web_search: include provider-specific settings in the web search cache key, and pass inlineCitations for Grok. (#12419) Thanks @tmchow.
Tools/web_search: normalize direct Perplexity model IDs while keeping OpenRouter model IDs unchanged. (#12795) Thanks @cdorsey.
Model failover: treat HTTP 400 errors as failover-eligible, enabling automatic model fallback. (#1879) Thanks @orenyomtov.
Errors: prevent false positive context overflow detection when conversation mentions "context overflow" topic. (#2078) Thanks @sbking.
Gateway: no more post-compaction amnesia; injected transcript writes now preserve Pi session parentId chain so agents can remember again. (#12283) Thanks @Takhoffman.
Gateway: fix multi-agent sessions.usage discovery. (#11523) Thanks @Takhoffman.
Agents: recover from context overflow caused by oversized tool results (pre-emptive capping + fallback truncation). (#11579) Thanks @tyler6204.
Subagents/compaction: stabilize announce timing and preserve compaction metrics across retries. (#11664) Thanks @tyler6204.
Cron: share isolated announce flow and harden scheduling/delivery reliability. (#11641) Thanks @tyler6204.
Cron tool: recover flat params when LLM omits the job wrapper for add requests. (#12124) Thanks @tyler6204.
Gateway/CLI: when gateway.bind=lan, use a LAN IP for probe URLs and Control UI links. (#11448) Thanks @AnonO6.
Hooks: fix bundled hooks broken since 2026.2.2 (tsdown migration). (#9295) Thanks @patrickshao.
Routing: refresh bindings per message by loading config at route resolution so binding changes apply without restart. (#11372) Thanks @juanpablodlc.
Exec approvals: render forwarded commands in monospace for safer approval scanning. (#11937) Thanks @sebslight.
Config: clamp maxTokens to contextWindow to prevent invalid model configs. (#5516) Thanks @lailoo.
Thinking: allow xhigh for github-copilot/gpt-5.2-codex and github-copilot/gpt-5.2. (#11646) Thanks @LatencyTDH.
Discord: support forum/media thread-create starter messages, wire message thread create --message, and harden routing. (#10062) Thanks @jarvis89757.
Paths: structurally resolve OPENCLAW_HOME-derived home paths and fix Windows drive-letter handling in tool meta shortening. (#12125) Thanks @mcaxtr.
Memory: set Voyage embeddings input_type for improved retrieval. (#10818) Thanks @mcinteerj.
Memory/QMD: reuse default model cache across agents instead of re-downloading per agent. (#12114) Thanks @tyler6204.
Media understanding: recognize .caf audio attachments for transcription. (#10982) Thanks @succ985.
State dir: honor OPENCLAW_STATE_DIR for default device identity and canvas storage paths. (#4824) Thanks @kossoy.

View full changelog

2026.2.3

Wed, 04 Feb 2026 17:47:10 -0800

OpenClaw 2026.2.3

Changes

Telegram: remove last @ts-nocheck from bot-handlers.ts, use Grammy types directly, deduplicate StickerMetadata. Zero @ts-nocheck remaining in src/telegram/. (#9206)
Telegram: remove @ts-nocheck from bot-message.ts, type deps via Omit, widen allMedia to TelegramMediaRef[]. (#9180)
Telegram: remove @ts-nocheck from bot.ts, fix duplicate bot.catch error handler (Grammy overrides), remove dead reaction message_thread_id routing, harden sticker cache guard. (#9077)
Onboarding: add Cloudflare AI Gateway provider setup and docs. (#7914) Thanks @roerohan.
Onboarding: add Moonshot (.cn) auth choice and keep the China base URL when preserving defaults. (#7180) Thanks @waynelwz.
Docs: clarify tmux send-keys for TUI by splitting text and Enter. (#7737) Thanks @Wangnov.
Docs: mirror the landing page revamp for zh-CN (features, quickstart, docs directory, network model, credits). (#8994) Thanks @joshp123.
Messages: add per-channel and per-account responsePrefix overrides across channels. (#9001) Thanks @mudrii.
Cron: add announce delivery mode for isolated jobs (CLI + Control UI) and delivery mode config.
Cron: default isolated jobs to announce delivery; accept ISO 8601 schedule.at in tool inputs.
Cron: hard-migrate isolated jobs to announce/none delivery; drop legacy post-to-main/payload delivery fields and atMs inputs.
Cron: delete one-shot jobs after success by default; add --keep-after-run for CLI.
Cron: suppress messaging tools during announce delivery so summaries post consistently.
Cron: avoid duplicate deliveries when isolated runs send messages directly.

Fixes

Heartbeat: allow explicit accountId routing for multi-account channels. (#8702) Thanks @lsh411.
TUI/Gateway: handle non-streaming finals, refresh history for non-local chat runs, and avoid event gap warnings for targeted tool streams. (#8432) Thanks @gumadeiras.
Shell completion: auto-detect and migrate slow dynamic patterns to cached files for faster terminal startup; add completion health checks to doctor/update/onboard.
Telegram: honor session model overrides in inline model selection. (#8193) Thanks @gildo.
Web UI: fix agent model selection saves for default/non-default agents and wrap long workspace paths. Thanks @Takhoffman.
Web UI: resolve header logo path when gateway.controlUi.basePath is set. (#7178) Thanks @Yeom-JinHo.
Web UI: apply button styling to the new-messages indicator.
Security: keep untrusted channel metadata out of system prompts (Slack/Discord). Thanks @KonstantinMirin.
Security: enforce sandboxed media paths for message tool attachments. (#9182) Thanks @victormier.
Security: require explicit credentials for gateway URL overrides to prevent credential leakage. (#8113) Thanks @victormier.
Security: gate whatsapp_login tool to owner senders and default-deny non-owner contexts. (#8768) Thanks @victormier.
Voice call: harden webhook verification with host allowlists/proxy trust and keep ngrok loopback bypass.
Voice call: add regression coverage for anonymous inbound caller IDs with allowlist policy. (#8104) Thanks @victormier.
Cron: accept epoch timestamps and 0ms durations in CLI --at parsing.
Cron: reload store data when the store file is recreated or mtime changes.
Cron: deliver announce runs directly, honor delivery mode, and respect wakeMode for summaries. (#8540) Thanks @tyler6204.
Telegram: include forward_from_chat metadata in forwarded messages and harden cron delivery target checks. (#8392) Thanks @Glucksberg.
macOS: fix cron payload summary rendering and ISO 8601 formatter concurrency safety.

View full changelog