OpenClaw 2026.2.9 Mon, 09 Feb 2026 13:23:25 -0600 https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml 9194 2026.2.9 15.0 OpenClaw 2026.2.9

Added

  • iOS: alpha node app + setup-code onboarding. (#11756) Thanks @mbelinky.
  • Channels: comprehensive BlueBubbles and channel cleanup. (#11093) Thanks @tyler6204.
  • Plugins: device pairing + phone control plugins (Telegram /pair, iOS/Android node controls). (#11755) Thanks @mbelinky.
  • Tools: add Grok (xAI) as a web_search provider. (#12419) Thanks @tmchow.
  • Gateway: add agent management RPC methods for the web UI (agents.create, agents.update, agents.delete). (#11045) Thanks @advaitpaliwal.
  • Web UI: show a Compaction divider in chat history. (#11341) Thanks @Takhoffman.
  • Agents: include runtime shell in agent envelopes. (#1835) Thanks @Takhoffman.
  • Paths: add OPENCLAW_HOME for overriding the home directory used by internal path resolution. (#12091) Thanks @sebslight.

Fixes

  • Telegram: harden quote parsing; preserve quote context; avoid QUOTE_TEXT_INVALID; avoid nested reply quote misclassification. (#12156) Thanks @rybnikov.
  • Telegram: recover proactive sends when stale topic thread IDs are used by retrying without message_thread_id. (#11620)
  • Telegram: render markdown spoilers with HTML tags. (#11543) Thanks @ezhikkk.
  • Telegram: truncate command registration to 100 entries to avoid BOT_COMMANDS_TOO_MUCH failures on startup. (#12356) Thanks @arosstale.
  • Telegram: match DM allowFrom against sender user id (fallback to chat id) and clarify pairing logs. (#12779) Thanks @liuxiaopai-ai.
  • Onboarding: QuickStart now auto-installs shell completion (prompt only in Manual).
  • Auth: strip embedded line breaks from pasted API keys and tokens before storing/resolving credentials.
  • Web UI: make chat refresh smoothly scroll to the latest messages and suppress new-messages badge flash during manual refresh.
  • Tools/web_search: include provider-specific settings in the web search cache key, and pass inlineCitations for Grok. (#12419) Thanks @tmchow.
  • Tools/web_search: normalize direct Perplexity model IDs while keeping OpenRouter model IDs unchanged. (#12795) Thanks @cdorsey.
  • Model failover: treat HTTP 400 errors as failover-eligible, enabling automatic model fallback. (#1879) Thanks @orenyomtov.
  • Errors: prevent false positive context overflow detection when conversation mentions "context overflow" topic. (#2078) Thanks @sbking.
  • Gateway: no more post-compaction amnesia; injected transcript writes now preserve Pi session parentId chain so agents can remember again. (#12283) Thanks @Takhoffman.
  • Gateway: fix multi-agent sessions.usage discovery. (#11523) Thanks @Takhoffman.
  • Agents: recover from context overflow caused by oversized tool results (pre-emptive capping + fallback truncation). (#11579) Thanks @tyler6204.
  • Subagents/compaction: stabilize announce timing and preserve compaction metrics across retries. (#11664) Thanks @tyler6204.
  • Cron: share isolated announce flow and harden scheduling/delivery reliability. (#11641) Thanks @tyler6204.
  • Cron tool: recover flat params when LLM omits the job wrapper for add requests. (#12124) Thanks @tyler6204.
  • Gateway/CLI: when gateway.bind=lan, use a LAN IP for probe URLs and Control UI links. (#11448) Thanks @AnonO6.
  • Hooks: fix bundled hooks broken since 2026.2.2 (tsdown migration). (#9295) Thanks @patrickshao.
  • Routing: refresh bindings per message by loading config at route resolution so binding changes apply without restart. (#11372) Thanks @juanpablodlc.
  • Exec approvals: render forwarded commands in monospace for safer approval scanning. (#11937) Thanks @sebslight.
  • Config: clamp maxTokens to contextWindow to prevent invalid model configs. (#5516) Thanks @lailoo.
  • Thinking: allow xhigh for github-copilot/gpt-5.2-codex and github-copilot/gpt-5.2. (#11646) Thanks @LatencyTDH.
  • Discord: support forum/media thread-create starter messages, wire message thread create --message, and harden routing. (#10062) Thanks @jarvis89757.
  • Paths: structurally resolve OPENCLAW_HOME-derived home paths and fix Windows drive-letter handling in tool meta shortening. (#12125) Thanks @mcaxtr.
  • Memory: set Voyage embeddings input_type for improved retrieval. (#10818) Thanks @mcinteerj.
  • Memory/QMD: reuse default model cache across agents instead of re-downloading per agent. (#12114) Thanks @tyler6204.
  • Media understanding: recognize .caf audio attachments for transcription. (#10982) Thanks @succ985.
  • State dir: honor OPENCLAW_STATE_DIR for default device identity and canvas storage paths. (#4824) Thanks @kossoy.

View full changelog

]]> 2026.2.3 Wed, 04 Feb 2026 17:47:10 -0800 https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml 8900 2026.2.3 15.0 OpenClaw 2026.2.3

Changes

  • Telegram: remove last @ts-nocheck from bot-handlers.ts, use Grammy types directly, deduplicate StickerMetadata. Zero @ts-nocheck remaining in src/telegram/. (#9206)
  • Telegram: remove @ts-nocheck from bot-message.ts, type deps via Omit, widen allMedia to TelegramMediaRef[]. (#9180)
  • Telegram: remove @ts-nocheck from bot.ts, fix duplicate bot.catch error handler (Grammy overrides), remove dead reaction message_thread_id routing, harden sticker cache guard. (#9077)
  • Onboarding: add Cloudflare AI Gateway provider setup and docs. (#7914) Thanks @roerohan.
  • Onboarding: add Moonshot (.cn) auth choice and keep the China base URL when preserving defaults. (#7180) Thanks @waynelwz.
  • Docs: clarify tmux send-keys for TUI by splitting text and Enter. (#7737) Thanks @Wangnov.
  • Docs: mirror the landing page revamp for zh-CN (features, quickstart, docs directory, network model, credits). (#8994) Thanks @joshp123.
  • Messages: add per-channel and per-account responsePrefix overrides across channels. (#9001) Thanks @mudrii.
  • Cron: add announce delivery mode for isolated jobs (CLI + Control UI) and delivery mode config.
  • Cron: default isolated jobs to announce delivery; accept ISO 8601 schedule.at in tool inputs.
  • Cron: hard-migrate isolated jobs to announce/none delivery; drop legacy post-to-main/payload delivery fields and atMs inputs.
  • Cron: delete one-shot jobs after success by default; add --keep-after-run for CLI.
  • Cron: suppress messaging tools during announce delivery so summaries post consistently.
  • Cron: avoid duplicate deliveries when isolated runs send messages directly.

Fixes

  • Heartbeat: allow explicit accountId routing for multi-account channels. (#8702) Thanks @lsh411.
  • TUI/Gateway: handle non-streaming finals, refresh history for non-local chat runs, and avoid event gap warnings for targeted tool streams. (#8432) Thanks @gumadeiras.
  • Shell completion: auto-detect and migrate slow dynamic patterns to cached files for faster terminal startup; add completion health checks to doctor/update/onboard.
  • Telegram: honor session model overrides in inline model selection. (#8193) Thanks @gildo.
  • Web UI: fix agent model selection saves for default/non-default agents and wrap long workspace paths. Thanks @Takhoffman.
  • Web UI: resolve header logo path when gateway.controlUi.basePath is set. (#7178) Thanks @Yeom-JinHo.
  • Web UI: apply button styling to the new-messages indicator.
  • Security: keep untrusted channel metadata out of system prompts (Slack/Discord). Thanks @KonstantinMirin.
  • Security: enforce sandboxed media paths for message tool attachments. (#9182) Thanks @victormier.
  • Security: require explicit credentials for gateway URL overrides to prevent credential leakage. (#8113) Thanks @victormier.
  • Security: gate whatsapp_login tool to owner senders and default-deny non-owner contexts. (#8768) Thanks @victormier.
  • Voice call: harden webhook verification with host allowlists/proxy trust and keep ngrok loopback bypass.
  • Voice call: add regression coverage for anonymous inbound caller IDs with allowlist policy. (#8104) Thanks @victormier.
  • Cron: accept epoch timestamps and 0ms durations in CLI --at parsing.
  • Cron: reload store data when the store file is recreated or mtime changes.
  • Cron: deliver announce runs directly, honor delivery mode, and respect wakeMode for summaries. (#8540) Thanks @tyler6204.
  • Telegram: include forward_from_chat metadata in forwarded messages and harden cron delivery target checks. (#8392) Thanks @Glucksberg.
  • macOS: fix cron payload summary rendering and ISO 8601 formatter concurrency safety.

View full changelog

]]> 2026.2.2 Tue, 03 Feb 2026 17:04:17 -0800 https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml 8809 2026.2.2 15.0 OpenClaw 2026.2.2

Changes

  • Feishu: add Feishu/Lark plugin support + docs. (#7313) Thanks @jiulingyun (openclaw-cn).
  • Web UI: add Agents dashboard for managing agent files, tools, skills, models, channels, and cron jobs.
  • Memory: implement the opt-in QMD backend for workspace memory. (#3160) Thanks @vignesh07.
  • Security: add healthcheck skill and bootstrap audit guidance. (#7641) Thanks @Takhoffman.
  • Config: allow setting a default subagent thinking level via agents.defaults.subagents.thinking (and per-agent agents.list[].subagents.thinking). (#7372) Thanks @tyler6204.
  • Docs: zh-CN translations seed + polish, pipeline guidance, nav/landing updates, and typo fixes. (#8202, #6995, #6619, #7242, #7303, #7415) Thanks @AaronWander, @taiyi747, @Explorer1092, @rendaoyuan, @joshp123, @lailoo.

Fixes

  • Security: require operator.approvals for gateway /approve commands. (#1) Thanks @mitsuhiko, @yueyueL.
  • Security: Matrix allowlists now require full MXIDs; ambiguous name resolution no longer grants access. Thanks @MegaManSec.
  • Security: enforce access-group gating for Slack slash commands when channel type lookup fails.
  • Security: require validated shared-secret auth before skipping device identity on gateway connect.
  • Security: guard skill installer downloads with SSRF checks (block private/localhost URLs).
  • Security: harden Windows exec allowlist; block cmd.exe bypass via single &. Thanks @simecek.
  • fix(voice-call): harden inbound allowlist; reject anonymous callers; require Telnyx publicKey for allowlist; token-gate Twilio media streams; cap webhook body size (thanks @simecek)
  • Media understanding: apply SSRF guardrails to provider fetches; allow private baseUrl overrides explicitly.
  • fix(webchat): respect user scroll position during streaming and refresh (#7226) (thanks @marcomarandiz)
  • Telegram: recover from grammY long-poll timed out errors. (#7466) Thanks @macmimi23.
  • Agents: repair malformed tool calls and session transcripts. (#7473) Thanks @justinhuangcode.
  • fix(agents): validate AbortSignal instances before calling AbortSignal.any() (#7277) (thanks @Elarwei001)
  • Media understanding: skip binary media from file text extraction. (#7475) Thanks @AlexZhangji.
  • Onboarding: keep TUI flow exclusive (skip completion prompt + background Web UI seed); completion prompt now handled by install/update.
  • TUI: block onboarding output while TUI is active and restore terminal state on exit.
  • CLI/Zsh completion: cache scripts in state dir and escape option descriptions to avoid invalid option errors.
  • fix(ui): resolve Control UI asset path correctly.
  • fix(ui): refresh agent files after external edits.
  • Docs: finish renaming the QMD memory docs to reference the OpenClaw state dir.
  • Tests: stub SSRF DNS pinning in web auto-reply + Gemini video coverage. (#6619) Thanks @joshp123.

View full changelog

]]>