Releases · openclaw/openclaw

@leonchui

2026.4.25

Highlights

Voice replies get a full TTS upgrade: /tts latest, chat-scoped auto-TTS controls, personas, per-agent/per-account overrides, and new Azure Speech, Xiaomi, Local CLI, Inworld, Volcengine, and ElevenLabs v3 provider coverage. Thanks @leonchui, @zoujiejun, @solar2ain, @cshape, @xuruiray, @itsuzef, and @barronlroth.
Plugin startup and install paths move to the cold persisted registry, cutting broad manifest scans while making plugin update, repair, provider discovery, and install metadata more deterministic. Thanks @vincentkoc and @shakkernerd.
OpenTelemetry coverage expands across model calls, token usage, tool loops, harness runs, exec processes, outbound delivery, context assembly, and memory pressure with bounded low-cardinality attributes. Thanks @vincentkoc, @jlapenna, @Lidang-Jiang, and @oc-factus.
Browser automation gets safer tab URLs, iframe-aware role snapshots, CDP readiness tuning, headless one-shot launch, and deeper browser doctor probes for slow hosts. Thanks @beat843796 and @BenediktSchackenberg.
Control UI and setup flows add PWA/Web Push support, Crestodian first-run repair, TUI setup, context mode selection, and a shorter startup greeting. Thanks @eduardocruz, @SebTardif, and @kevinlin-openai.
Install/update hardening covers Windows, macOS, Linux, Docker, bundled plugin runtime deps, Node service restarts, LaunchAgent token rotation, and mixed-version gateway verification. Thanks @Kobevictor, @igormf, @abhinas90, @jsompis, @Solvely-Colin, and @gucasbrg.

Changes

TTS/WhatsApp: add /tts latest read-aloud support with duplicate suppression and /tts chat on|off|default session-scoped auto-TTS overrides, completing the on-demand voice-note UX for current-chat replies. Fixes #66032.
TTS/channels: resolve channel and account TTS overrides generically, enabling Feishu and QQBot accounts to deep-merge channels.<channel>.accounts.<id>.tts over global and per-agent TTS config. Thanks @sahilsatralkar.
TTS/agents: allow agents.list[].tts to override global messages.tts for per-agent voices, and make /tts audio, /tts status, and the tts agent tool honor the active voice/provider override while keeping shared provider credentials and preferences in the existing TTS config surface.
Providers/Azure Speech: add Azure Speech as a bundled TTS provider with Speech-resource auth, voice listing, SSML escaping, native Ogg/Opus voice-note output, and telephony output. (#51776) Thanks @leonchui.
Google Meet: add calendar-backed attendance export workflows, export manifests, dry-run previews, and tool parity for meeting records.
Control UI: add PWA install support and Web Push notifications for Gateway chat. (#44590) Thanks @eduardocruz.
Browser automation: add safe tab URLs in agent responses plus a CDP-native role snapshot fallback with iframe-aware refs, cursor-clickable detection, target attach preparation, and openclaw browser doctor --deep live snapshot probing.
CLI/image generation: expose generic --background on openclaw infer image generate and openclaw infer image edit, keep --openai-background as an OpenAI alias, and let fal image generation honor --output-format png|jpeg.
Browser/config: allow local managed Chrome launch discovery and post-launch CDP readiness timeouts to be raised for slower hosts such as Raspberry Pi. Fixes #66803. Thanks @beat843796.
Discord: allow channels.discord.voice.model to override the LLM used for voice channel responses while keeping STT and TTS on their existing media settings. (#64368) Thanks @mrdavey.
Browser/CLI: add openclaw browser start --headless as a one-shot local managed browser launch override without rewriting persisted browser config. Thanks @BenediktSchackenberg.
CLI/Crestodian/TUI: add the first-run setup helper, local planner fallback, full-TUI interactive Crestodian, startup progress indicators, context mode selector, and a shorter startup greeting. (#71720, #71760) Thanks @SebTardif and @kevinlin-openai.
Plugins: migrate the local plugin registry automatically during package install/update, keeping install metadata in the plugin index while indexing existing plugin manifests for the new cold registry path. Thanks @vincentkoc and @shakkernerd.
Plugins/doctor: make openclaw doctor --fix refresh the plugin index and cold registry index when needed without treating plugin install records as authored config. Thanks @vincentkoc and @shakkernerd.
Plugins/hooks: add before-agent-finalize hooks, cron jobId hook context, bounded native permission fingerprints, and Codex MCP hook relay support. (#71765, #71758, #71707) Thanks @vincentkoc and @pashpashpash.
Plugins/tokenjuice: bump the bundled tokenjuice runtime to 0.6.3. Thanks @vincentkoc.
Diagnostics/OTEL: align model-call GenAI span attributes with OpenTelemetry stability opt-in semantics, keeping legacy gen_ai.system by default while emitting gen_ai.provider.name under OTEL_SEMCONV_STABILITY_OPT_IN=gen_ai_latest_experimental. Thanks @vincentkoc.
Diagnostics/OTEL: support signal-specific OTLP endpoint overrides for traces, metrics, and logs via config or standard OTEL environment variables. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded telemetry exporter health diagnostics for startup and log-export failures without exporting raw error text. Thanks @vincentkoc.
Diagnostics/OTEL: export agent harness lifecycle telemetry as bounded openclaw.harness.run spans and openclaw.harness.duration_ms metrics so QA-lab, Codex, and future harnesses share one trace shape. Thanks @vincentkoc.
Diagnostics/trace: propagate W3C traceparent headers from trusted model-call trace context to provider transports while replacing caller-supplied traceparent values. Thanks @vincentkoc.
Diagnostics/Prometheus: add a bundled diagnostics-prometheus plugin with a protected gateway scrape route for low-cardinality diagnostics metrics. Thanks @vincentkoc.
Plugins/CLI: add openclaw plugins registry for explicit persisted-registry inspection and --refresh repair without making normal startup rescan plugin locations. Thanks @vincentkoc.
Plugins/CLI: make openclaw plugins list read the cold persisted registry snapshot by default, leaving module-aware diagnostics to plugins doctor and plugins inspect. Thanks @vincentkoc.
Plugins/startup: move gateway startup plugin planning onto the versioned cold registry index, with postinstall repair for older registry files that predate startup metadata. Thanks @vincentkoc.
Plugins/startup: normalize startup and provider plugin enablement through registry aliases so boot paths do not need the legacy manifest alias scan. Thanks @vincentkoc.
Providers/plugins: resolve provider ownership, provider discovery scopes, and catalog-hook provider ids from the cold plugin registry instead of rescanning manifests on those paths. Thanks @vincentkoc.
Plugins/registry: keep installed plugin index records focused on install/state/load paths and resolve plugin capabilities from manifests scoped to indexed plugins. Thanks @shakkernerd.
Plugins/registry: route cold manifest and capability lookups through the installed plugin index so setup, channels, config, secrets, doctor, and provider metadata paths avoid broad plugin-root scans before runtime execution. Thanks @shakkernerd.
CLI/models: speed up models list --all --provider <id> for static manifest-backed providers by loading catalog rows through the installed plugin index instead of broad manifest scans or runtime suppression hooks. Thanks @shakkernerd.
CLI/models: use OpenClaw Provider Index preview rows as the final cold fallback for installable providers, while keeping user config, installed manifests, and refreshed cache rows above provider-index metadata. Thanks @vincentkoc.
Providers/plugins: keep onboarding and auth-choice setup lists on cold manifest/install metadata and add Provider Index install metadata for not-yet-installed provider plugins. Thanks @vincentkoc.
Providers/plugins: keep provider setup guidance and configure auth imports on cold manifest metadata, with a regression guard against static provider-runtime imports on setup/configure list paths. Thanks @vincentkoc.
CLI/capabilities: keep capability command registration from importing the models auth runtime until model auth login actually runs. Thanks @vincentkoc.
CLI/configure: keep web-search configure prompts on cold plugin registry metadata until the user chooses managed search setup. Thanks @vincentkoc.
Plugins/chat commands: refresh the persisted plugin registry after /plugins enable and /plugins disable, matching the CLI mutation path. Thanks @vincentkoc.
Plugins/compat: mark OPENCLAW_DISABLE_PERSISTED_PLUGIN_REGISTRY as a deprecated break-glass switch and point operators at registry repair instead. Thanks @vincentkoc.
Plugins/compat: expand the central compatibility registry with dated owners, replacements, and maximum three-month removal targets for legacy SDK, manifest, setup, registry-migration, and agent-runtime surfaces. Thanks @vincentkoc.
Plugins/registry: ignore stale persisted registry reads when plugin policy no longer matches current config, and stamp generated registry files with a do-not-edit warning. Thanks @vincentkoc.
Config/plugins: keep plugin command-alias validation on cold manifest metadata instead of importing the runtime alias resolver. Thanks @vincentkoc.
Security/plugins: keep web-search credential presence checks on cold config, env, and manifest metadata instead of importing web-search provider runtime. Thanks @vincentkoc.
Diagnostics/OTEL: surface provider request identifiers as bounded hashes on model-call diagnostics and span events, without exporting raw request IDs or metric labels. Thanks @Lidang-Jiang and @vincentkoc.
Plugins/diagnostics: add metadata-only model_call_started and model_call_ended hooks for provider/model call telemetry without exposing prompt...

@leonchui

2026.4.25

Highlights

Voice replies get a full TTS upgrade: /tts latest, chat-scoped auto-TTS controls, personas, per-agent/per-account overrides, and new Azure Speech, Xiaomi, Local CLI, Inworld, Volcengine, and ElevenLabs v3 provider coverage. Thanks @leonchui, @zoujiejun, @solar2ain, @cshape, @xuruiray, @itsuzef, and @barronlroth.
Plugin startup and install paths move to the cold persisted registry, cutting broad manifest scans while making plugin update, repair, provider discovery, and install metadata more deterministic. Thanks @vincentkoc and @shakkernerd.
OpenTelemetry coverage expands across model calls, token usage, tool loops, harness runs, exec processes, outbound delivery, context assembly, and memory pressure with bounded low-cardinality attributes. Thanks @vincentkoc, @jlapenna, @Lidang-Jiang, and @oc-factus.
Browser automation gets safer tab URLs, iframe-aware role snapshots, CDP readiness tuning, headless one-shot launch, and deeper browser doctor probes for slow hosts. Thanks @beat843796 and @BenediktSchackenberg.
Control UI and setup flows add PWA/Web Push support, Crestodian first-run repair, TUI setup, context mode selection, and a shorter startup greeting. Thanks @eduardocruz, @SebTardif, and @kevinlin-openai.
Install/update hardening covers Windows, macOS, Linux, Docker, bundled plugin runtime deps, Node service restarts, LaunchAgent token rotation, and mixed-version gateway verification. Thanks @Kobevictor, @igormf, @abhinas90, @jsompis, @Solvely-Colin, and @gucasbrg.

Changes

TTS/WhatsApp: add /tts latest read-aloud support with duplicate suppression and /tts chat on|off|default session-scoped auto-TTS overrides, completing the on-demand voice-note UX for current-chat replies. Fixes #66032.
TTS/channels: resolve channel and account TTS overrides generically, enabling Feishu and QQBot accounts to deep-merge channels.<channel>.accounts.<id>.tts over global and per-agent TTS config. Thanks @sahilsatralkar.
TTS/agents: allow agents.list[].tts to override global messages.tts for per-agent voices, and make /tts audio, /tts status, and the tts agent tool honor the active voice/provider override while keeping shared provider credentials and preferences in the existing TTS config surface.
Providers/Azure Speech: add Azure Speech as a bundled TTS provider with Speech-resource auth, voice listing, SSML escaping, native Ogg/Opus voice-note output, and telephony output. (#51776) Thanks @leonchui.
Google Meet: add calendar-backed attendance export workflows, export manifests, dry-run previews, and tool parity for meeting records.
Control UI: add PWA install support and Web Push notifications for Gateway chat. (#44590) Thanks @eduardocruz.
Browser automation: add safe tab URLs in agent responses plus a CDP-native role snapshot fallback with iframe-aware refs, cursor-clickable detection, target attach preparation, and openclaw browser doctor --deep live snapshot probing.
CLI/image generation: expose generic --background on openclaw infer image generate and openclaw infer image edit, keep --openai-background as an OpenAI alias, and let fal image generation honor --output-format png|jpeg.
Browser/config: allow local managed Chrome launch discovery and post-launch CDP readiness timeouts to be raised for slower hosts such as Raspberry Pi. Fixes #66803. Thanks @beat843796.
Discord: allow channels.discord.voice.model to override the LLM used for voice channel responses while keeping STT and TTS on their existing media settings. (#64368) Thanks @mrdavey.
Browser/CLI: add openclaw browser start --headless as a one-shot local managed browser launch override without rewriting persisted browser config. Thanks @BenediktSchackenberg.
CLI/Crestodian/TUI: add the first-run setup helper, local planner fallback, full-TUI interactive Crestodian, startup progress indicators, context mode selector, and a shorter startup greeting. (#71720, #71760) Thanks @SebTardif and @kevinlin-openai.
Plugins: migrate the local plugin registry automatically during package install/update, keeping install metadata in the plugin index while indexing existing plugin manifests for the new cold registry path. Thanks @vincentkoc and @shakkernerd.
Plugins/doctor: make openclaw doctor --fix refresh the plugin index and cold registry index when needed without treating plugin install records as authored config. Thanks @vincentkoc and @shakkernerd.
Plugins/hooks: add before-agent-finalize hooks, cron jobId hook context, bounded native permission fingerprints, and Codex MCP hook relay support. (#71765, #71758, #71707) Thanks @vincentkoc and @pashpashpash.
Plugins/tokenjuice: bump the bundled tokenjuice runtime to 0.6.3. Thanks @vincentkoc.
Diagnostics/OTEL: align model-call GenAI span attributes with OpenTelemetry stability opt-in semantics, keeping legacy gen_ai.system by default while emitting gen_ai.provider.name under OTEL_SEMCONV_STABILITY_OPT_IN=gen_ai_latest_experimental. Thanks @vincentkoc.
Diagnostics/OTEL: support signal-specific OTLP endpoint overrides for traces, metrics, and logs via config or standard OTEL environment variables. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded telemetry exporter health diagnostics for startup and log-export failures without exporting raw error text. Thanks @vincentkoc.
Diagnostics/OTEL: export agent harness lifecycle telemetry as bounded openclaw.harness.run spans and openclaw.harness.duration_ms metrics so QA-lab, Codex, and future harnesses share one trace shape. Thanks @vincentkoc.
Diagnostics/trace: propagate W3C traceparent headers from trusted model-call trace context to provider transports while replacing caller-supplied traceparent values. Thanks @vincentkoc.
Diagnostics/Prometheus: add a bundled diagnostics-prometheus plugin with a protected gateway scrape route for low-cardinality diagnostics metrics. Thanks @vincentkoc.
Plugins/CLI: add openclaw plugins registry for explicit persisted-registry inspection and --refresh repair without making normal startup rescan plugin locations. Thanks @vincentkoc.
Plugins/CLI: make openclaw plugins list read the cold persisted registry snapshot by default, leaving module-aware diagnostics to plugins doctor and plugins inspect. Thanks @vincentkoc.
Plugins/startup: move gateway startup plugin planning onto the versioned cold registry index, with postinstall repair for older registry files that predate startup metadata. Thanks @vincentkoc.
Plugins/startup: normalize startup and provider plugin enablement through registry aliases so boot paths do not need the legacy manifest alias scan. Thanks @vincentkoc.
Providers/plugins: resolve provider ownership, provider discovery scopes, and catalog-hook provider ids from the cold plugin registry instead of rescanning manifests on those paths. Thanks @vincentkoc.
Plugins/registry: keep installed plugin index records focused on install/state/load paths and resolve plugin capabilities from manifests scoped to indexed plugins. Thanks @shakkernerd.
Plugins/registry: route cold manifest and capability lookups through the installed plugin index so setup, channels, config, secrets, doctor, and provider metadata paths avoid broad plugin-root scans before runtime execution. Thanks @shakkernerd.
CLI/models: speed up models list --all --provider <id> for static manifest-backed providers by loading catalog rows through the installed plugin index instead of broad manifest scans or runtime suppression hooks. Thanks @shakkernerd.
CLI/models: use OpenClaw Provider Index preview rows as the final cold fallback for installable providers, while keeping user config, installed manifests, and refreshed cache rows above provider-index metadata. Thanks @vincentkoc.
Providers/plugins: keep onboarding and auth-choice setup lists on cold manifest/install metadata and add Provider Index install metadata for not-yet-installed provider plugins. Thanks @vincentkoc.
Providers/plugins: keep provider setup guidance and configure auth imports on cold manifest metadata, with a regression guard against static provider-runtime imports on setup/configure list paths. Thanks @vincentkoc.
CLI/capabilities: keep capability command registration from importing the models auth runtime until model auth login actually runs. Thanks @vincentkoc.
CLI/configure: keep web-search configure prompts on cold plugin registry metadata until the user chooses managed search setup. Thanks @vincentkoc.
Plugins/chat commands: refresh the persisted plugin registry after /plugins enable and /plugins disable, matching the CLI mutation path. Thanks @vincentkoc.
Plugins/compat: mark OPENCLAW_DISABLE_PERSISTED_PLUGIN_REGISTRY as a deprecated break-glass switch and point operators at registry repair instead. Thanks @vincentkoc.
Plugins/compat: expand the central compatibility registry with dated owners, replacements, and maximum three-month removal targets for legacy SDK, manifest, setup, registry-migration, and agent-runtime surfaces. Thanks @vincentkoc.
Plugins/registry: ignore stale persisted registry reads when plugin policy no longer matches current config, and stamp generated registry files with a do-not-edit warning. Thanks @vincentkoc.
Config/plugins: keep plugin command-alias validation on cold manifest metadata instead of importing the runtime alias resolver. Thanks @vincentkoc.
Security/plugins: keep web-search credential presence checks on cold config, env, and manifest metadata instead of importing web-search provider runtime. Thanks @vincentkoc.
Diagnostics/OTEL: surface provider request identifiers as bounded hashes on model-call diagnostics and span events, without exporting raw request IDs or metric labels. Thanks @Lidang-Jiang and @vincentkoc.
Plugins/diagnostics: add metadata-only model_call_started and model_call_ended hooks for provider/model call telemetry without exposing prompt...

@leonchui

2026.4.25

Highlights

Voice replies get a full TTS upgrade: /tts latest, chat-scoped auto-TTS controls, personas, per-agent/per-account overrides, and new Azure Speech, Xiaomi, Local CLI, Inworld, Volcengine, and ElevenLabs v3 provider coverage. Thanks @leonchui, @zoujiejun, @solar2ain, @cshape, @xuruiray, @itsuzef, and @barronlroth.
Plugin startup and install paths move to the cold persisted registry, cutting broad manifest scans while making plugin update, repair, provider discovery, and install metadata more deterministic. Thanks @vincentkoc and @shakkernerd.
OpenTelemetry coverage expands across model calls, token usage, tool loops, harness runs, exec processes, outbound delivery, context assembly, and memory pressure with bounded low-cardinality attributes. Thanks @vincentkoc, @jlapenna, @Lidang-Jiang, and @oc-factus.
Browser automation gets safer tab URLs, iframe-aware role snapshots, CDP readiness tuning, headless one-shot launch, and deeper browser doctor probes for slow hosts. Thanks @beat843796 and @BenediktSchackenberg.
Control UI and setup flows add PWA/Web Push support, Crestodian first-run repair, TUI setup, context mode selection, and a shorter startup greeting. Thanks @eduardocruz, @SebTardif, and @kevinlin-openai.
Install/update hardening covers Windows, macOS, Linux, Docker, bundled plugin runtime deps, Node service restarts, LaunchAgent token rotation, and mixed-version gateway verification. Thanks @Kobevictor, @igormf, @abhinas90, @jsompis, @Solvely-Colin, and @gucasbrg.

Changes

TTS/WhatsApp: add /tts latest read-aloud support with duplicate suppression and /tts chat on|off|default session-scoped auto-TTS overrides, completing the on-demand voice-note UX for current-chat replies. Fixes #66032.
TTS/channels: resolve channel and account TTS overrides generically, enabling Feishu and QQBot accounts to deep-merge channels.<channel>.accounts.<id>.tts over global and per-agent TTS config. Thanks @sahilsatralkar.
TTS/agents: allow agents.list[].tts to override global messages.tts for per-agent voices, and make /tts audio, /tts status, and the tts agent tool honor the active voice/provider override while keeping shared provider credentials and preferences in the existing TTS config surface.
Providers/Azure Speech: add Azure Speech as a bundled TTS provider with Speech-resource auth, voice listing, SSML escaping, native Ogg/Opus voice-note output, and telephony output. (#51776) Thanks @leonchui.
Google Meet: add calendar-backed attendance export workflows, export manifests, dry-run previews, and tool parity for meeting records.
Control UI: add PWA install support and Web Push notifications for Gateway chat. (#44590) Thanks @eduardocruz.
Browser automation: add safe tab URLs in agent responses plus a CDP-native role snapshot fallback with iframe-aware refs, cursor-clickable detection, target attach preparation, and openclaw browser doctor --deep live snapshot probing.
CLI/image generation: expose generic --background on openclaw infer image generate and openclaw infer image edit, keep --openai-background as an OpenAI alias, and let fal image generation honor --output-format png|jpeg.
Browser/config: allow local managed Chrome launch discovery and post-launch CDP readiness timeouts to be raised for slower hosts such as Raspberry Pi. Fixes #66803. Thanks @beat843796.
Discord: allow channels.discord.voice.model to override the LLM used for voice channel responses while keeping STT and TTS on their existing media settings. (#64368) Thanks @mrdavey.
Browser/CLI: add openclaw browser start --headless as a one-shot local managed browser launch override without rewriting persisted browser config. Thanks @BenediktSchackenberg.
CLI/Crestodian/TUI: add the first-run setup helper, local planner fallback, full-TUI interactive Crestodian, startup progress indicators, context mode selector, and a shorter startup greeting. (#71720, #71760) Thanks @SebTardif and @kevinlin-openai.
Plugins: migrate the local plugin registry automatically during package install/update, keeping install metadata in the plugin index while indexing existing plugin manifests for the new cold registry path. Thanks @vincentkoc and @shakkernerd.
Plugins/doctor: make openclaw doctor --fix refresh the plugin index and cold registry index when needed without treating plugin install records as authored config. Thanks @vincentkoc and @shakkernerd.
Plugins/hooks: add before-agent-finalize hooks, cron jobId hook context, bounded native permission fingerprints, and Codex MCP hook relay support. (#71765, #71758, #71707) Thanks @vincentkoc and @pashpashpash.
Plugins/tokenjuice: bump the bundled tokenjuice runtime to 0.6.3. Thanks @vincentkoc.
Diagnostics/OTEL: align model-call GenAI span attributes with OpenTelemetry stability opt-in semantics, keeping legacy gen_ai.system by default while emitting gen_ai.provider.name under OTEL_SEMCONV_STABILITY_OPT_IN=gen_ai_latest_experimental. Thanks @vincentkoc.
Diagnostics/OTEL: support signal-specific OTLP endpoint overrides for traces, metrics, and logs via config or standard OTEL environment variables. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded telemetry exporter health diagnostics for startup and log-export failures without exporting raw error text. Thanks @vincentkoc.
Diagnostics/OTEL: export agent harness lifecycle telemetry as bounded openclaw.harness.run spans and openclaw.harness.duration_ms metrics so QA-lab, Codex, and future harnesses share one trace shape. Thanks @vincentkoc.
Diagnostics/trace: propagate W3C traceparent headers from trusted model-call trace context to provider transports while replacing caller-supplied traceparent values. Thanks @vincentkoc.
Diagnostics/Prometheus: add a bundled diagnostics-prometheus plugin with a protected gateway scrape route for low-cardinality diagnostics metrics. Thanks @vincentkoc.
Plugins/CLI: add openclaw plugins registry for explicit persisted-registry inspection and --refresh repair without making normal startup rescan plugin locations. Thanks @vincentkoc.
Plugins/CLI: make openclaw plugins list read the cold persisted registry snapshot by default, leaving module-aware diagnostics to plugins doctor and plugins inspect. Thanks @vincentkoc.
Plugins/startup: move gateway startup plugin planning onto the versioned cold registry index, with postinstall repair for older registry files that predate startup metadata. Thanks @vincentkoc.
Plugins/startup: normalize startup and provider plugin enablement through registry aliases so boot paths do not need the legacy manifest alias scan. Thanks @vincentkoc.
Providers/plugins: resolve provider ownership, provider discovery scopes, and catalog-hook provider ids from the cold plugin registry instead of rescanning manifests on those paths. Thanks @vincentkoc.
Plugins/registry: keep installed plugin index records focused on install/state/load paths and resolve plugin capabilities from manifests scoped to indexed plugins. Thanks @shakkernerd.
Plugins/registry: route cold manifest and capability lookups through the installed plugin index so setup, channels, config, secrets, doctor, and provider metadata paths avoid broad plugin-root scans before runtime execution. Thanks @shakkernerd.
CLI/models: speed up models list --all --provider <id> for static manifest-backed providers by loading catalog rows through the installed plugin index instead of broad manifest scans or runtime suppression hooks. Thanks @shakkernerd.
CLI/models: use OpenClaw Provider Index preview rows as the final cold fallback for installable providers, while keeping user config, installed manifests, and refreshed cache rows above provider-index metadata. Thanks @vincentkoc.
Providers/plugins: keep onboarding and auth-choice setup lists on cold manifest/install metadata and add Provider Index install metadata for not-yet-installed provider plugins. Thanks @vincentkoc.
Providers/plugins: keep provider setup guidance and configure auth imports on cold manifest metadata, with a regression guard against static provider-runtime imports on setup/configure list paths. Thanks @vincentkoc.
CLI/capabilities: keep capability command registration from importing the models auth runtime until model auth login actually runs. Thanks @vincentkoc.
CLI/configure: keep web-search configure prompts on cold plugin registry metadata until the user chooses managed search setup. Thanks @vincentkoc.
Plugins/chat commands: refresh the persisted plugin registry after /plugins enable and /plugins disable, matching the CLI mutation path. Thanks @vincentkoc.
Plugins/compat: mark OPENCLAW_DISABLE_PERSISTED_PLUGIN_REGISTRY as a deprecated break-glass switch and point operators at registry repair instead. Thanks @vincentkoc.
Plugins/compat: expand the central compatibility registry with dated owners, replacements, and maximum three-month removal targets for legacy SDK, manifest, setup, registry-migration, and agent-runtime surfaces. Thanks @vincentkoc.
Plugins/registry: ignore stale persisted registry reads when plugin policy no longer matches current config, and stamp generated registry files with a do-not-edit warning. Thanks @vincentkoc.
Config/plugins: keep plugin command-alias validation on cold manifest metadata instead of importing the runtime alias resolver. Thanks @vincentkoc.
Security/plugins: keep web-search credential presence checks on cold config, env, and manifest metadata instead of importing web-search provider runtime. Thanks @vincentkoc.
Diagnostics/OTEL: surface provider request identifiers as bounded hashes on model-call diagnostics and span events, without exporting raw request IDs or metric labels. Thanks @Lidang-Jiang and @vincentkoc.
Plugins/diagnostics: add metadata-only model_call_started and model_call_ended hooks for provider/model call telemetry without exposing prompt...

@leonchui

2026.4.25

Highlights

Voice replies get a full TTS upgrade: /tts latest, chat-scoped auto-TTS controls, personas, per-agent/per-account overrides, and new Azure Speech, Xiaomi, Local CLI, Inworld, Volcengine, and ElevenLabs v3 provider coverage. Thanks @leonchui, @zoujiejun, @solar2ain, @cshape, @xuruiray, @itsuzef, and @barronlroth.
Plugin startup and install paths move to the cold persisted registry, cutting broad manifest scans while making plugin update, repair, provider discovery, and install metadata more deterministic. Thanks @vincentkoc and @shakkernerd.
OpenTelemetry coverage expands across model calls, token usage, tool loops, harness runs, exec processes, outbound delivery, context assembly, and memory pressure with bounded low-cardinality attributes. Thanks @vincentkoc, @jlapenna, @Lidang-Jiang, and @oc-factus.
Browser automation gets safer tab URLs, iframe-aware role snapshots, CDP readiness tuning, headless one-shot launch, and deeper browser doctor probes for slow hosts. Thanks @beat843796 and @BenediktSchackenberg.
Control UI and setup flows add PWA/Web Push support, Crestodian first-run repair, TUI setup, context mode selection, and a shorter startup greeting. Thanks @eduardocruz, @SebTardif, and @kevinlin-openai.
Install/update hardening covers Windows, macOS, Linux, Docker, bundled plugin runtime deps, Node service restarts, LaunchAgent token rotation, and mixed-version gateway verification. Thanks @Kobevictor, @igormf, @abhinas90, @jsompis, @Solvely-Colin, and @gucasbrg.

Changes

TTS/WhatsApp: add /tts latest read-aloud support with duplicate suppression and /tts chat on|off|default session-scoped auto-TTS overrides, completing the on-demand voice-note UX for current-chat replies. Fixes #66032.
TTS/channels: resolve channel and account TTS overrides generically, enabling Feishu and QQBot accounts to deep-merge channels.<channel>.accounts.<id>.tts over global and per-agent TTS config. Thanks @sahilsatralkar.
TTS/agents: allow agents.list[].tts to override global messages.tts for per-agent voices, and make /tts audio, /tts status, and the tts agent tool honor the active voice/provider override while keeping shared provider credentials and preferences in the existing TTS config surface.
Providers/Azure Speech: add Azure Speech as a bundled TTS provider with Speech-resource auth, voice listing, SSML escaping, native Ogg/Opus voice-note output, and telephony output. (#51776) Thanks @leonchui.
Google Meet: add calendar-backed attendance export workflows, export manifests, dry-run previews, and tool parity for meeting records.
Control UI: add PWA install support and Web Push notifications for Gateway chat. (#44590) Thanks @eduardocruz.
Browser automation: add safe tab URLs in agent responses plus a CDP-native role snapshot fallback with iframe-aware refs, cursor-clickable detection, target attach preparation, and openclaw browser doctor --deep live snapshot probing.
CLI/image generation: expose generic --background on openclaw infer image generate and openclaw infer image edit, keep --openai-background as an OpenAI alias, and let fal image generation honor --output-format png|jpeg.
Browser/config: allow local managed Chrome launch discovery and post-launch CDP readiness timeouts to be raised for slower hosts such as Raspberry Pi. Fixes #66803. Thanks @beat843796.
Discord: allow channels.discord.voice.model to override the LLM used for voice channel responses while keeping STT and TTS on their existing media settings. (#64368) Thanks @mrdavey.
Browser/CLI: add openclaw browser start --headless as a one-shot local managed browser launch override without rewriting persisted browser config. Thanks @BenediktSchackenberg.
CLI/Crestodian/TUI: add the first-run setup helper, local planner fallback, full-TUI interactive Crestodian, startup progress indicators, context mode selector, and a shorter startup greeting. (#71720, #71760) Thanks @SebTardif and @kevinlin-openai.
Plugins: migrate the local plugin registry automatically during package install/update, keeping install metadata in the plugin index while indexing existing plugin manifests for the new cold registry path. Thanks @vincentkoc and @shakkernerd.
Plugins/doctor: make openclaw doctor --fix refresh the plugin index and cold registry index when needed without treating plugin install records as authored config. Thanks @vincentkoc and @shakkernerd.
Plugins/hooks: add before-agent-finalize hooks, cron jobId hook context, bounded native permission fingerprints, and Codex MCP hook relay support. (#71765, #71758, #71707) Thanks @vincentkoc and @pashpashpash.
Plugins/tokenjuice: bump the bundled tokenjuice runtime to 0.6.3. Thanks @vincentkoc.
Diagnostics/OTEL: align model-call GenAI span attributes with OpenTelemetry stability opt-in semantics, keeping legacy gen_ai.system by default while emitting gen_ai.provider.name under OTEL_SEMCONV_STABILITY_OPT_IN=gen_ai_latest_experimental. Thanks @vincentkoc.
Diagnostics/OTEL: support signal-specific OTLP endpoint overrides for traces, metrics, and logs via config or standard OTEL environment variables. Thanks @vincentkoc.
Diagnostics/OTEL: emit bounded telemetry exporter health diagnostics for startup and log-export failures without exporting raw error text. Thanks @vincentkoc.
Diagnostics/OTEL: export agent harness lifecycle telemetry as bounded openclaw.harness.run spans and openclaw.harness.duration_ms metrics so QA-lab, Codex, and future harnesses share one trace shape. Thanks @vincentkoc.
Diagnostics/trace: propagate W3C traceparent headers from trusted model-call trace context to provider transports while replacing caller-supplied traceparent values. Thanks @vincentkoc.
Diagnostics/Prometheus: add a bundled diagnostics-prometheus plugin with a protected gateway scrape route for low-cardinality diagnostics metrics. Thanks @vincentkoc.
Plugins/CLI: add openclaw plugins registry for explicit persisted-registry inspection and --refresh repair without making normal startup rescan plugin locations. Thanks @vincentkoc.
Plugins/CLI: make openclaw plugins list read the cold persisted registry snapshot by default, leaving module-aware diagnostics to plugins doctor and plugins inspect. Thanks @vincentkoc.
Plugins/startup: move gateway startup plugin planning onto the versioned cold registry index, with postinstall repair for older registry files that predate startup metadata. Thanks @vincentkoc.
Plugins/startup: normalize startup and provider plugin enablement through registry aliases so boot paths do not need the legacy manifest alias scan. Thanks @vincentkoc.
Providers/plugins: resolve provider ownership, provider discovery scopes, and catalog-hook provider ids from the cold plugin registry instead of rescanning manifests on those paths. Thanks @vincentkoc.
Plugins/registry: keep installed plugin index records focused on install/state/load paths and resolve plugin capabilities from manifests scoped to indexed plugins. Thanks @shakkernerd.
Plugins/registry: route cold manifest and capability lookups through the installed plugin index so setup, channels, config, secrets, doctor, and provider metadata paths avoid broad plugin-root scans before runtime execution. Thanks @shakkernerd.
CLI/models: speed up models list --all --provider <id> for static manifest-backed providers by loading catalog rows through the installed plugin index instead of broad manifest scans or runtime suppression hooks. Thanks @shakkernerd.
CLI/models: use OpenClaw Provider Index preview rows as the final cold fallback for installable providers, while keeping user config, installed manifests, and refreshed cache rows above provider-index metadata. Thanks @vincentkoc.
Providers/plugins: keep onboarding and auth-choice setup lists on cold manifest/install metadata and add Provider Index install metadata for not-yet-installed provider plugins. Thanks @vincentkoc.
Providers/plugins: keep provider setup guidance and configure auth imports on cold manifest metadata, with a regression guard against static provider-runtime imports on setup/configure list paths. Thanks @vincentkoc.
CLI/capabilities: keep capability command registration from importing the models auth runtime until model auth login actually runs. Thanks @vincentkoc.
CLI/configure: keep web-search configure prompts on cold plugin registry metadata until the user chooses managed search setup. Thanks @vincentkoc.
Plugins/chat commands: refresh the persisted plugin registry after /plugins enable and /plugins disable, matching the CLI mutation path. Thanks @vincentkoc.
Plugins/compat: mark OPENCLAW_DISABLE_PERSISTED_PLUGIN_REGISTRY as a deprecated break-glass switch and point operators at registry repair instead. Thanks @vincentkoc.
Plugins/compat: expand the central compatibility registry with dated owners, replacements, and maximum three-month removal targets for legacy SDK, manifest, setup, registry-migration, and agent-runtime surfaces. Thanks @vincentkoc.
Plugins/registry: ignore stale persisted registry reads when plugin policy no longer matches current config, and stamp generated registry files with a do-not-edit warning. Thanks @vincentkoc.
Config/plugins: keep plugin command-alias validation on cold manifest metadata instead of importing the runtime alias resolver. Thanks @vincentkoc.
Security/plugins: keep web-search credential presence checks on cold config, env, and manifest metadata instead of importing web-search provider runtime. Thanks @vincentkoc.
Diagnostics/OTEL: surface provider request identifiers as bounded hashes on model-call diagnostics and span events, without exporting raw request IDs or metric labels. Thanks @Lidang-Jiang and @vincentkoc.
Plugins/diagnostics: add metadata-only model_call_started and model_call_ended hooks for provider/model call telemetry without exposing prompt...

@vincentkoc

2026.4.24

Highlights

Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs.
DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns.
Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers.
Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery.
Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs.

Breaking

Plugin SDK/tool-result transforms: remove the Pi-only api.registerEmbeddedExtensionFactory(...) compatibility path. Bundled tool-result rewrites must use api.registerAgentToolResultMiddleware(...) with contracts.agentToolResultMiddleware declaring the targeted harnesses, so transforms run consistently across Pi and Codex app-server dynamic tools. Thanks @vincentkoc.

Changes

Control UI/Talk: add browser WebRTC realtime voice sessions backed by OpenAI Realtime, with Gateway-minted ephemeral client secrets and openclaw_agent_consult handoff to the full OpenClaw agent.
Plugins/Google Meet: add a bundled participant plugin with personal Google auth, explicit meeting URL joins, Chrome and Twilio realtime transports, paired-node chrome-node support for Parallels-style Chrome/BlackHole/SoX hosts, and full-agent consults inside live voice sessions. (#70765)
Plugins/Google Meet: add artifact and attendance workflows for conference records, recordings, transcripts, smart notes, and participant sessions, including markdown/file output, latest-record lookup, and --all-conference-records history scans.
Plugins/Google Meet: add OAuth and browser-state doctor/recovery flows, including googlemeet doctor --oauth and recover_current_tab/recover-tab so agents can inspect already-open Meet tabs without opening duplicates.
Plugins/Voice Call: expose the shared openclaw_agent_consult realtime tool so live phone calls can ask the full OpenClaw agent for deeper/tool-backed answers.
Plugins/Voice Call: add voicecall setup and a dry-run-by-default voicecall smoke command so Twilio/provider readiness can be checked before placing a live test call.
Providers/Google: add a Gemini Live realtime voice provider for backend Voice Call and Google Meet audio bridges, with bidirectional audio and function-call support.
Providers/Google: let Gemini TTS prepend configured audioProfile and speakerName prompt text for reusable speech style control. Thanks @tdack.
Gateway/VoiceClaw: add a realtime brain WebSocket endpoint backed by Gemini Live, with owner-auth gating and async OpenClaw tool handoff. (#70938) Thanks @yagudaev.
Control UI: refine the agent Tool Access panel with compact live-tool chips, collapsible tool groups, direct per-tool toggles, and clearer runtime/source provenance. (#71405) Thanks @BunsDev.
Control UI/chat: add a Steer action on queued messages so a browser follow-up can be injected into the active run without retyping it.
Browser: add viewport coordinate clicks for managed and existing-session automation, plus openclaw browser click-coords for CLI use. (#54452) Thanks @dluttz.
Browser: add browser.actionTimeoutMs and use a 60s default action budget so healthy long browser waits do not fail at the client transport boundary. (#62589) Thanks @andyylin.
Browser/config: support per-profile browser.profiles.<name>.headless overrides for locally launched browser profiles, so one profile can run headless without forcing all browser profiles headless. Thanks @nakamotoliu.
Matrix: require full cross-signing identity trust for self-device verification and add openclaw matrix verify self so operators can establish that trust from the CLI. (#70401) Thanks @gumadeiras.
Gradium: add a bundled text-to-speech provider with voice-note and telephony output support. (#64958) Thanks @LaurentMazare.
Memory-core/hybrid search: expose raw vectorScore and textScore alongside the combined score on hybrid memory search results, so callers can inspect vector-versus-text retrieval contribution before temporal decay or MMR reordering. Fixes #68166. (#68286) Thanks @ajfonthemove.
Dependencies/memory: stop installing node-llama-cpp by default; local embeddings now load it only when operators install the optional runtime package. Thanks @vincentkoc.
Providers/DeepSeek: add DeepSeek V4 Flash and V4 Pro to the bundled catalog and make V4 Flash the onboarding default. Thanks @lsdsjy.
Dependencies/Pi: update bundled Pi packages to 0.70.2, use Pi's upstream gpt-5.5 and DeepSeek V4 catalog metadata, and keep only local gpt-5.5-pro forward-compat handling. Thanks @lsdsjy.
Models/CLI: speed up model listing with safe static catalogs for bundled providers, narrower row-source orchestration, and less broad registry enumeration for default openclaw models list. (#70632, #70883, #70867) Thanks @shakkernerd.
Models/commands: deprecate /models add so chat attempts now return a deprecation message instead of writing model configuration, and remove the add action from /models provider menus. (#71175) Thanks @Takhoffman.
Models/catalog: add manifest-sourced model rows, duplicate provider/model conflict reporting, and shared src/model-catalog normalization for provider index, cache, onboarding, and listing consumers without loading provider runtime. (#71368, #71360) Thanks @shakkernerd.
Codex harness/context-engine: run context-engine bootstrap, assembly, post-turn maintenance, and engine-owned compaction in Codex app-server sessions while keeping native Codex thread state and compaction auditable. (#70809) Thanks @jalehman.
Codex runtime plan: consolidate contract-first Pi/Codex parity coverage and accept legacy Codex auth-provider aliases in app-server profile login and refresh paths. (#71096) Thanks @100yenadmin.
Codex harness: bridge Codex-native tool hooks into OpenClaw plugin hooks and approvals, with bounded relay payloads and approval spam protection. (#71008) Thanks @pashpashpash.
Plugin SDK/Codex harness: add provider-owned transport/auth/follow-up seams and harness result classification so Codex-style runtimes can participate in fallback policy without core special-casing. (#70772) Thanks @100yenadmin.
Gateway/nodes: add disabled-by-default gateway.nodes.pairing.autoApproveCidrs for first-time node pairing from explicit trusted CIDRs, while keeping operator/browser pairing and all upgrade flows manual. Fixes #60800. Thanks @sahilsatralkar.
WebChat/sessions: keep runtime-only prompt context out of visible transcript history and scrub legacy wrappers from session history surfaces. Thanks @91wan.
Agents/bootstrap: add agents.defaults.contextInjection: "never" to disable workspace bootstrap file injection for agents that fully own their prompt lifecycle. (#65006) Thanks @xDarkicex.
Plugins/manifest: add a modelCatalog contract for provider-owned model rows, aliases, suppression rules, and discovery mode metadata without loading plugin runtime. (#71342) Thanks @shakkernerd.
Plugins/setup: honor explicit setup.requiresRuntime: false as a descriptor-only setup contract while keeping omitted values on the legacy setup-api fallback path. Thanks @vincentkoc.
Plugins/setup: report descriptor/runtime drift when setup-api registrations disagree with setup.providers or setup.cliBackends, without rejecting legacy setup plugins. Thanks @vincentkoc.
Plugins/setup: include setup.providers[].envVars in generic provider auth/env lookups and warn non-bundled plugins that still rely on deprecated providerAuthEnvVars compatibility metadata. Thanks @vincentkoc.
Plugins/setup: derive generic provider setup choices from descriptor-safe setup.providers[].authMethods before falling back to setup runtime. Thanks @vincentkoc.
Plugins/setup: surface manifest provider auth choices directly in provider setup flow before falling back to setup runtime or install-catalog choices. Thanks @vincentkoc.
Plugins/setup: warn when descriptor-only setup plugins still ship ignored setup runtime entries, keeping setup.requiresRuntime: false semantics explicit without breaking existing metadata. Thanks @vincentkoc.
Plugins/channels: use manifest channelConfigs for read-only external channel discovery when no setup entry is available or setup descriptors declare runtime unnecessary. Thanks @vincentkoc.
Plugin hooks: expose first-class run, message, sender, session, and trace correlation fields on message hook contexts and run lifecycle events. Thanks @vincentkoc.
Plugins/PDF: move local PDF extraction into a bundled document-extract plugin so core no longer owns pdfjs-dist or PDF image-rendering dependencies. Thanks @vincentkoc.
Providers/Anthropic Vertex: move the Vertex SDK runtime behind the bundled provider plugin so core no longer owns that provider-specific dependency. Thanks @vincentkoc.
Plugins/activation: expose activation plan reasons and a richer plan API so callers can inspect why a plugin was selected while preserving existing id-list activation behavior. (#70943) Thanks @vincentkoc.
Plugins/source metadata: expose normalized install-source facts on provider and channel catalogs so onboarding can explain npm pinning, integrity state, and local availability before runtime loads. (#70951) Thanks @vincentkoc.
Plugins/catalog: pin the official external WeCom channel source to an exact npm release plus dist integrity, with a guard that official external sources stay integrity-pinned. (#70997) Thanks @vincentkoc.
Plugins/s...

@hclsys

2026.4.24

Highlights

Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs.
DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns.
Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers.
Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery.
Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs.

Fixes

Packaged installs: preserve package-root runtime dependencies and their exported subpaths when bundled plugin runtime mirrors fall back to copying shared chunks, fixing Windows npm updates that could fail to load copied dist modules.
Heartbeat: clamp oversized scheduler delays through the shared safe timer helper, preventing every values over Node's timeout cap from becoming a 1 ms crash loop. Fixes #71414. (#71478) Thanks @hclsys.
Telegram: remove the startup persisted-offset getUpdates preflight so polling restarts do not self-conflict before the runner starts. Fixes #69304. (#69779) Thanks @chinar-amrutkar.
Browser/Playwright: ignore benign already-handled route races during guarded navigation so browser-page tasks no longer fail when Playwright tears down a route mid-flight. (#68708) Thanks @Steady-ai.
Browser/aria snapshots: bind format=aria axN refs to live DOM nodes through backend DOM ids when Playwright is available, so follow-up browser actions can use those refs without timing out. (#62434) Thanks @MrKipler.
Telegram: prevent duplicate in-process long pollers for the same bot token and add clearer getUpdates conflict diagnostics for external duplicate pollers. Fixes #56230.
Browser/Linux: detect Chromium-based installs under /opt/google, /opt/brave.com, /usr/lib/chromium, and /usr/lib/chromium-browser before asking users to set browser.executablePath. (#48563) Thanks @lupuletic.
Sessions/browser: close tracked browser tabs when idle, daily, /new, or /reset session rollover archives the previous transcript, preventing tabs from leaking past the old session. Thanks @jakozloski.
Sessions/forking: fall back to transcript-estimated parent token counts when cached totals are stale or missing, so oversized thread forks start fresh instead of cloning the full parent transcript. Thanks @jalehman.
OpenAI/Codex: send Codex Responses system prompts through top-level
instructions while preserving the existing native Codex payload controls.
MCP/CLI: retire bundled MCP runtimes at the end of one-shot openclaw agent and openclaw infer model run gateway/local executions, so repeated scripted runs do not accumulate stdio MCP child processes. Fixes #71457.
OpenAI/Codex image generation: canonicalize legacy openai-codex.baseUrl values such as https://chatgpt.com/backend-api to the Codex Responses backend before calling gpt-image-2, matching the chat transport. Fixes #71460.
Control UI: make /usage use the fresh context snapshot for context percentage, and include cache-write tokens in the Usage overview cache-hit denominator. Fixes #47885. Thanks @imwyvern and @Ante042.
GitHub Copilot: preserve encrypted Responses reasoning item IDs during replay so Copilot can validate encrypted reasoning payloads across requests. (#71448) Thanks @a410979729-sys.
Agents/replies: recover final-answer text when streamed assistant chunks contain only whitespace, preventing completed turns from surfacing as empty-payload errors. Fixes #71454. (#71467) Thanks @Sanjays2402.
Feishu/TTS: transcode voice-intent MP3 and other audio replies to Ogg/Opus before sending native Feishu audio bubbles, while keeping ordinary MP3 attachments as files. Fixes #61249 and #37868.
Telegram/webhook: acknowledge validated webhook updates before running bot middleware, keeping slow agent turns from tripping Telegram delivery retries while preserving per-chat processing lanes. Fixes #71392. Thanks @joelforsberg46-source.
MCP: retire one-shot embedded bundled MCP runtimes at run end, skip bundle-MCP startup when a runtime tool allowlist cannot reach bundle-MCP tools, and add mcp.sessionIdleTtlMs idle eviction for leaked session runtimes. Fixes #71106, #71110, #70389, and #70808.
MCP/config reload: hot-apply mcp.* changes by disposing cached session MCP runtimes, and dispose bundled MCP runtimes during gateway shutdown so removed mcp.servers entries reap child processes promptly. Fixes #60656.
Gateway/restart continuation: durably hand restart continuations to a session-delivery queue before deleting the restart sentinel, recover queued continuation work after crashy restarts, and fall back to a session-only wake when no channel route survives reboot. (#70780) Thanks @fuller-stack-dev.
Agents/tool-result pruning: harden the tool-result character estimator and context-pruning loops against malformed { type: "text" } blocks created by void or undefined tool handler results, serializing non-string text payloads for size accounting so they cannot bypass trimming as zero-sized. Fixes #34979. (#51267) Thanks @cgdusek, @alvinttang, and @coffeexcoin.
Daemon/service-env: add Nix Home Manager profile bin directories to generated gateway service PATHs on macOS and Linux, honoring NIX_PROFILES right-to-left precedence and falling back to ~/.nix-profile/bin when unset. Fixes #44402. (#59935) Thanks @jerome-benoit.

@hclsys

2026.4.24

Highlights

Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs.
DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns.
Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers.
Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery.
Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs.

Fixes

Packaged installs: preserve package-root runtime dependencies and their exported subpaths when bundled plugin runtime mirrors fall back to copying shared chunks, fixing Windows npm updates that could fail to load copied dist modules.
Heartbeat: clamp oversized scheduler delays through the shared safe timer helper, preventing every values over Node's timeout cap from becoming a 1 ms crash loop. Fixes #71414. (#71478) Thanks @hclsys.
Telegram: remove the startup persisted-offset getUpdates preflight so polling restarts do not self-conflict before the runner starts. Fixes #69304. (#69779) Thanks @chinar-amrutkar.
Browser/Playwright: ignore benign already-handled route races during guarded navigation so browser-page tasks no longer fail when Playwright tears down a route mid-flight. (#68708) Thanks @Steady-ai.
Browser/aria snapshots: bind format=aria axN refs to live DOM nodes through backend DOM ids when Playwright is available, so follow-up browser actions can use those refs without timing out. (#62434) Thanks @MrKipler.
Telegram: prevent duplicate in-process long pollers for the same bot token and add clearer getUpdates conflict diagnostics for external duplicate pollers. Fixes #56230.
Browser/Linux: detect Chromium-based installs under /opt/google, /opt/brave.com, /usr/lib/chromium, and /usr/lib/chromium-browser before asking users to set browser.executablePath. (#48563) Thanks @lupuletic.
Sessions/browser: close tracked browser tabs when idle, daily, /new, or /reset session rollover archives the previous transcript, preventing tabs from leaking past the old session. Thanks @jakozloski.
Sessions/forking: fall back to transcript-estimated parent token counts when cached totals are stale or missing, so oversized thread forks start fresh instead of cloning the full parent transcript. Thanks @jalehman.
OpenAI/Codex: send Codex Responses system prompts through top-level
instructions while preserving the existing native Codex payload controls.
MCP/CLI: retire bundled MCP runtimes at the end of one-shot openclaw agent and openclaw infer model run gateway/local executions, so repeated scripted runs do not accumulate stdio MCP child processes. Fixes #71457.
OpenAI/Codex image generation: canonicalize legacy openai-codex.baseUrl values such as https://chatgpt.com/backend-api to the Codex Responses backend before calling gpt-image-2, matching the chat transport. Fixes #71460.
Control UI: make /usage use the fresh context snapshot for context percentage, and include cache-write tokens in the Usage overview cache-hit denominator. Fixes #47885. Thanks @imwyvern and @Ante042.
GitHub Copilot: preserve encrypted Responses reasoning item IDs during replay so Copilot can validate encrypted reasoning payloads across requests. (#71448) Thanks @a410979729-sys.
Agents/replies: recover final-answer text when streamed assistant chunks contain only whitespace, preventing completed turns from surfacing as empty-payload errors. Fixes #71454. (#71467) Thanks @Sanjays2402.
Feishu/TTS: transcode voice-intent MP3 and other audio replies to Ogg/Opus before sending native Feishu audio bubbles, while keeping ordinary MP3 attachments as files. Fixes #61249 and #37868.
Telegram/webhook: acknowledge validated webhook updates before running bot middleware, keeping slow agent turns from tripping Telegram delivery retries while preserving per-chat processing lanes. Fixes #71392. Thanks @joelforsberg46-source.
MCP: retire one-shot embedded bundled MCP runtimes at run end, skip bundle-MCP startup when a runtime tool allowlist cannot reach bundle-MCP tools, and add mcp.sessionIdleTtlMs idle eviction for leaked session runtimes. Fixes #71106, #71110, #70389, and #70808.
MCP/config reload: hot-apply mcp.* changes by disposing cached session MCP runtimes, and dispose bundled MCP runtimes during gateway shutdown so removed mcp.servers entries reap child processes promptly. Fixes #60656.
Gateway/restart continuation: durably hand restart continuations to a session-delivery queue before deleting the restart sentinel, recover queued continuation work after crashy restarts, and fall back to a session-only wake when no channel route survives reboot. (#70780) Thanks @fuller-stack-dev.
Agents/tool-result pruning: harden the tool-result character estimator and context-pruning loops against malformed { type: "text" } blocks created by void or undefined tool handler results, serializing non-string text payloads for size accounting so they cannot bypass trimming as zero-sized. Fixes #34979. (#51267) Thanks @cgdusek, @alvinttang, and @coffeexcoin.
Daemon/service-env: add Nix Home Manager profile bin directories to generated gateway service PATHs on macOS and Linux, honoring NIX_PROFILES right-to-left precedence and falling back to ~/.nix-profile/bin when unset. Fixes #44402. (#59935) Thanks @jerome-benoit.

@hclsys

2026.4.24

Highlights

Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs.
DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns.
Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers.
Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery.
Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs.

Fixes

Packaged installs: preserve package-root runtime dependencies when bundled plugin runtime mirrors fall back to copying shared chunks, fixing Windows npm updates that could fail to load copied dist modules.
Heartbeat: clamp oversized scheduler delays through the shared safe timer helper, preventing every values over Node's timeout cap from becoming a 1 ms crash loop. Fixes #71414. (#71478) Thanks @hclsys.
Telegram: remove the startup persisted-offset getUpdates preflight so polling restarts do not self-conflict before the runner starts. Fixes #69304. (#69779) Thanks @chinar-amrutkar.
Browser/Playwright: ignore benign already-handled route races during guarded navigation so browser-page tasks no longer fail when Playwright tears down a route mid-flight. (#68708) Thanks @Steady-ai.
Browser/aria snapshots: bind format=aria axN refs to live DOM nodes through backend DOM ids when Playwright is available, so follow-up browser actions can use those refs without timing out. (#62434) Thanks @MrKipler.
Telegram: prevent duplicate in-process long pollers for the same bot token and add clearer getUpdates conflict diagnostics for external duplicate pollers. Fixes #56230.
Browser/Linux: detect Chromium-based installs under /opt/google, /opt/brave.com, /usr/lib/chromium, and /usr/lib/chromium-browser before asking users to set browser.executablePath. (#48563) Thanks @lupuletic.
Sessions/browser: close tracked browser tabs when idle, daily, /new, or /reset session rollover archives the previous transcript, preventing tabs from leaking past the old session. Thanks @jakozloski.
Sessions/forking: fall back to transcript-estimated parent token counts when cached totals are stale or missing, so oversized thread forks start fresh instead of cloning the full parent transcript. Thanks @jalehman.
OpenAI/Codex: send Codex Responses system prompts through top-level
instructions while preserving the existing native Codex payload controls.
MCP/CLI: retire bundled MCP runtimes at the end of one-shot openclaw agent and openclaw infer model run gateway/local executions, so repeated scripted runs do not accumulate stdio MCP child processes. Fixes #71457.
OpenAI/Codex image generation: canonicalize legacy openai-codex.baseUrl values such as https://chatgpt.com/backend-api to the Codex Responses backend before calling gpt-image-2, matching the chat transport. Fixes #71460.
Control UI: make /usage use the fresh context snapshot for context percentage, and include cache-write tokens in the Usage overview cache-hit denominator. Fixes #47885. Thanks @imwyvern and @Ante042.
GitHub Copilot: preserve encrypted Responses reasoning item IDs during replay so Copilot can validate encrypted reasoning payloads across requests. (#71448) Thanks @a410979729-sys.
Agents/replies: recover final-answer text when streamed assistant chunks contain only whitespace, preventing completed turns from surfacing as empty-payload errors. Fixes #71454. (#71467) Thanks @Sanjays2402.
Feishu/TTS: transcode voice-intent MP3 and other audio replies to Ogg/Opus before sending native Feishu audio bubbles, while keeping ordinary MP3 attachments as files. Fixes #61249 and #37868.
Telegram/webhook: acknowledge validated webhook updates before running bot middleware, keeping slow agent turns from tripping Telegram delivery retries while preserving per-chat processing lanes. Fixes #71392. Thanks @joelforsberg46-source.
MCP: retire one-shot embedded bundled MCP runtimes at run end, skip bundle-MCP startup when a runtime tool allowlist cannot reach bundle-MCP tools, and add mcp.sessionIdleTtlMs idle eviction for leaked session runtimes. Fixes #71106, #71110, #70389, and #70808.
MCP/config reload: hot-apply mcp.* changes by disposing cached session MCP runtimes, and dispose bundled MCP runtimes during gateway shutdown so removed mcp.servers entries reap child processes promptly. Fixes #60656.
Gateway/restart continuation: durably hand restart continuations to a session-delivery queue before deleting the restart sentinel, recover queued continuation work after crashy restarts, and fall back to a session-only wake when no channel route survives reboot. (#70780) Thanks @fuller-stack-dev.
Agents/tool-result pruning: harden the tool-result character estimator and context-pruning loops against malformed { type: "text" } blocks created by void or undefined tool handler results, serializing non-string text payloads for size accounting so they cannot bypass trimming as zero-sized. Fixes #34979. (#51267) Thanks @cgdusek, @alvinttang, and @coffeexcoin.
Daemon/service-env: add Nix Home Manager profile bin directories to generated gateway service PATHs on macOS and Linux, honoring NIX_PROFILES right-to-left precedence and falling back to ~/.nix-profile/bin when unset. Fixes #44402. (#59935) Thanks @jerome-benoit.

Beta 2 fixes packaged bundled-plugin runtime mirrors on Windows and other copied-runtime installs so shared package-root dependencies remain resolvable during npm updates.

It also keeps future bundled plugins disabled while older hosts perform the updater step from 2026.4.23, avoiding compatibility failures before the update target is installed.

@vincentkoc

2026.4.24

Highlights

Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs.
DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns.
Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers.
Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery.
Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs.

Breaking

Plugin SDK/tool-result transforms: remove the Pi-only api.registerEmbeddedExtensionFactory(...) compatibility path. Bundled tool-result rewrites must use api.registerAgentToolResultMiddleware(...) with contracts.agentToolResultMiddleware declaring the targeted harnesses, so transforms run consistently across Pi and Codex app-server dynamic tools. Thanks @vincentkoc.

Changes

Control UI/Talk: add browser WebRTC realtime voice sessions backed by OpenAI Realtime, with Gateway-minted ephemeral client secrets and openclaw_agent_consult handoff to the full OpenClaw agent.
Plugins/Google Meet: add a bundled participant plugin with personal Google auth, explicit meeting URL joins, Chrome and Twilio realtime transports, paired-node chrome-node support for Parallels-style Chrome/BlackHole/SoX hosts, and full-agent consults inside live voice sessions. (#70765)
Plugins/Google Meet: add artifact and attendance workflows for conference records, recordings, transcripts, smart notes, and participant sessions, including markdown/file output, latest-record lookup, and --all-conference-records history scans.
Plugins/Google Meet: add OAuth and browser-state doctor/recovery flows, including googlemeet doctor --oauth and recover_current_tab/recover-tab so agents can inspect already-open Meet tabs without opening duplicates.
Plugins/Voice Call: expose the shared openclaw_agent_consult realtime tool so live phone calls can ask the full OpenClaw agent for deeper/tool-backed answers.
Plugins/Voice Call: add voicecall setup and a dry-run-by-default voicecall smoke command so Twilio/provider readiness can be checked before placing a live test call.
Providers/Google: add a Gemini Live realtime voice provider for backend Voice Call and Google Meet audio bridges, with bidirectional audio and function-call support.
Providers/Google: let Gemini TTS prepend configured audioProfile and speakerName prompt text for reusable speech style control. Thanks @tdack.
Gateway/VoiceClaw: add a realtime brain WebSocket endpoint backed by Gemini Live, with owner-auth gating and async OpenClaw tool handoff. (#70938) Thanks @yagudaev.
Control UI: refine the agent Tool Access panel with compact live-tool chips, collapsible tool groups, direct per-tool toggles, and clearer runtime/source provenance. (#71405) Thanks @BunsDev.
Control UI/chat: add a Steer action on queued messages so a browser follow-up can be injected into the active run without retyping it.
Browser: add viewport coordinate clicks for managed and existing-session automation, plus openclaw browser click-coords for CLI use. (#54452) Thanks @dluttz.
Browser: add browser.actionTimeoutMs and use a 60s default action budget so healthy long browser waits do not fail at the client transport boundary. (#62589) Thanks @andyylin.
Browser/config: support per-profile browser.profiles.<name>.headless overrides for locally launched browser profiles, so one profile can run headless without forcing all browser profiles headless. Thanks @nakamotoliu.
Matrix: require full cross-signing identity trust for self-device verification and add openclaw matrix verify self so operators can establish that trust from the CLI. (#70401) Thanks @gumadeiras.
Gradium: add a bundled text-to-speech provider with voice-note and telephony output support. (#64958) Thanks @LaurentMazare.
Memory-core/hybrid search: expose raw vectorScore and textScore alongside the combined score on hybrid memory search results, so callers can inspect vector-versus-text retrieval contribution before temporal decay or MMR reordering. Fixes #68166. (#68286) Thanks @ajfonthemove.
Dependencies/memory: stop installing node-llama-cpp by default; local embeddings now load it only when operators install the optional runtime package. Thanks @vincentkoc.
Providers/DeepSeek: add DeepSeek V4 Flash and V4 Pro to the bundled catalog and make V4 Flash the onboarding default. Thanks @lsdsjy.
Dependencies/Pi: update bundled Pi packages to 0.70.2, use Pi's upstream gpt-5.5 and DeepSeek V4 catalog metadata, and keep only local gpt-5.5-pro forward-compat handling. Thanks @lsdsjy.
Models/CLI: speed up model listing with safe static catalogs for bundled providers, narrower row-source orchestration, and less broad registry enumeration for default openclaw models list. (#70632, #70883, #70867) Thanks @shakkernerd.
Models/commands: deprecate /models add so chat attempts now return a deprecation message instead of writing model configuration, and remove the add action from /models provider menus. (#71175) Thanks @Takhoffman.
Models/catalog: add manifest-sourced model rows, duplicate provider/model conflict reporting, and shared src/model-catalog normalization for provider index, cache, onboarding, and listing consumers without loading provider runtime. (#71368, #71360) Thanks @shakkernerd.
Codex harness/context-engine: run context-engine bootstrap, assembly, post-turn maintenance, and engine-owned compaction in Codex app-server sessions while keeping native Codex thread state and compaction auditable. (#70809) Thanks @jalehman.
Codex runtime plan: consolidate contract-first Pi/Codex parity coverage and accept legacy Codex auth-provider aliases in app-server profile login and refresh paths. (#71096) Thanks @100yenadmin.
Codex harness: bridge Codex-native tool hooks into OpenClaw plugin hooks and approvals, with bounded relay payloads and approval spam protection. (#71008) Thanks @pashpashpash.
Plugin SDK/Codex harness: add provider-owned transport/auth/follow-up seams and harness result classification so Codex-style runtimes can participate in fallback policy without core special-casing. (#70772) Thanks @100yenadmin.
Gateway/nodes: add disabled-by-default gateway.nodes.pairing.autoApproveCidrs for first-time node pairing from explicit trusted CIDRs, while keeping operator/browser pairing and all upgrade flows manual. Fixes #60800. Thanks @sahilsatralkar.
WebChat/sessions: keep runtime-only prompt context out of visible transcript history and scrub legacy wrappers from session history surfaces. Thanks @91wan.
Agents/bootstrap: add agents.defaults.contextInjection: "never" to disable workspace bootstrap file injection for agents that fully own their prompt lifecycle. (#65006) Thanks @xDarkicex.
Plugins/manifest: add a modelCatalog contract for provider-owned model rows, aliases, suppression rules, and discovery mode metadata without loading plugin runtime. (#71342) Thanks @shakkernerd.
Plugins/setup: honor explicit setup.requiresRuntime: false as a descriptor-only setup contract while keeping omitted values on the legacy setup-api fallback path. Thanks @vincentkoc.
Plugins/setup: report descriptor/runtime drift when setup-api registrations disagree with setup.providers or setup.cliBackends, without rejecting legacy setup plugins. Thanks @vincentkoc.
Plugins/setup: include setup.providers[].envVars in generic provider auth/env lookups and warn non-bundled plugins that still rely on deprecated providerAuthEnvVars compatibility metadata. Thanks @vincentkoc.
Plugins/setup: derive generic provider setup choices from descriptor-safe setup.providers[].authMethods before falling back to setup runtime. Thanks @vincentkoc.
Plugins/setup: surface manifest provider auth choices directly in provider setup flow before falling back to setup runtime or install-catalog choices. Thanks @vincentkoc.
Plugins/setup: warn when descriptor-only setup plugins still ship ignored setup runtime entries, keeping setup.requiresRuntime: false semantics explicit without breaking existing metadata. Thanks @vincentkoc.
Plugins/channels: use manifest channelConfigs for read-only external channel discovery when no setup entry is available or setup descriptors declare runtime unnecessary. Thanks @vincentkoc.
Plugin hooks: expose first-class run, message, sender, session, and trace correlation fields on message hook contexts and run lifecycle events. Thanks @vincentkoc.
Plugins/PDF: move local PDF extraction into a bundled document-extract plugin so core no longer owns pdfjs-dist or PDF image-rendering dependencies. Thanks @vincentkoc.
Providers/Anthropic Vertex: move the Vertex SDK runtime behind the bundled provider plugin so core no longer owns that provider-specific dependency. Thanks @vincentkoc.
Plugins/activation: expose activation plan reasons and a richer plan API so callers can inspect why a plugin was selected while preserving existing id-list activation behavior. (#70943) Thanks @vincentkoc.
Plugins/source metadata: expose normalized install-source facts on provider and channel catalogs so onboarding can explain npm pinning, integrity state, and local availability before runtime loads. (#70951) Thanks @vincentkoc.
Plugins/catalog: pin the official external WeCom channel source to an exact npm release plus dist integrity, with a guard that official external sources stay integrity-pinned. (#70997) Thanks @vincentkoc.
Plugins/s...

Uh oh!

Releases: openclaw/openclaw

openclaw 2026.4.25-beta.4

2026.4.25

Highlights

Changes

Contributors

Uh oh!

openclaw 2026.4.25-beta.3

2026.4.25

Highlights

Changes

Contributors

Uh oh!

openclaw 2026.4.25-beta.2

2026.4.25

Highlights

Changes

Contributors

Uh oh!

openclaw 2026.4.25-beta.1

2026.4.25

Highlights

Changes

Contributors

Uh oh!

openclaw 2026.4.24

2026.4.24

Highlights

Breaking

Changes

Contributors

Uh oh!

openclaw 2026.4.24-beta.5

2026.4.24

Highlights

Fixes

Contributors

Uh oh!

openclaw 2026.4.24-beta.4

2026.4.24

Highlights

Fixes

Contributors

Uh oh!

openclaw 2026.4.24-beta.3

2026.4.24

Highlights

Fixes

Contributors

Uh oh!

OpenClaw 2026.4.24 beta 2

Uh oh!

openclaw 2026.4.24-beta.1

2026.4.24

Highlights

Breaking

Changes

Contributors

Uh oh!