OpenClaw

2026.1.29

Fri, 30 Jan 2026 06:24:15 +0100

OpenClaw 2026.1.29

Status: stable.

Changes

Rebrand: rename the npm package/CLI to openclaw, add a openclaw compatibility shim, and move extensions to the @openclaw/* scope.
Onboarding: strengthen security warning copy for beta + access control expectations.
Onboarding: add Venice API key to non-interactive flow. (#1893) Thanks @jonisjongithub.
Config: auto-migrate legacy state/config paths and keep config resolution consistent across legacy filenames.
Gateway: warn on hook tokens via query params; document header auth preference. (#2200) Thanks @YuriNachos.
Gateway: add dangerous Control UI device auth bypass flag + audit warnings. (#2248)
Doctor: warn on gateway exposure without auth. (#2016) Thanks @Alex-Alaniz.
Web UI: keep sub-agent announce replies visible in WebChat. (#1977) Thanks @andrescardonas7.
Browser: route browser control via gateway/node; remove standalone browser control command and control URL config.
Browser: route browser.request via node proxies when available; honor proxy timeouts; derive browser ports from gateway.port.
Browser: fall back to URL matching for extension relay target resolution. (#1999) Thanks @jonit-dev.
Telegram: allow caption param for media sends. (#1888) Thanks @mguellsegarra.
Telegram: support plugin sendPayload channelData (media/buttons) and validate plugin commands. (#1917) Thanks @JoshuaLelon.
Telegram: avoid block replies when streaming is disabled. (#1885) Thanks @ivancasco.
Telegram: add optional silent send flag (disable notifications). (#2382) Thanks @Suksham-sharma.
Telegram: support editing sent messages via message(action="edit"). (#2394) Thanks @marcelomar21.
Telegram: support quote replies for message tool and inbound context. (#2900) Thanks @aduk059.
Telegram: add sticker receive/send with vision caching. (#2629) Thanks @longjos.
Telegram: send sticker pixels to vision models. (#2650)
Telegram: keep topic IDs in restart sentinel notifications. (#1807) Thanks @hsrvc.
Discord: add configurable privileged gateway intents for presences/members. (#2266) Thanks @kentaro.
Slack: clear ack reaction after streamed replies. (#2044) Thanks @fancyboi999.
Matrix: switch plugin SDK to @vector-im/matrix-bot-sdk.
Tlon: format thread reply IDs as @ud. (#1837) Thanks @wca4a.
Tools: add per-sender group tool policies and fix precedence. (#1757) Thanks @adam91holt.
Agents: summarize dropped messages during compaction safeguard pruning. (#2509) Thanks @jogi47.
Agents: expand cron tool description with full schema docs. (#1988) Thanks @tomascupr.
Agents: honor tools.exec.safeBins in exec allowlist checks. (#2281)
Memory Search: allow extra paths for memory indexing (ignores symlinks). (#3600) Thanks @kira-ariaki.
Skills: add multi-image input support to Nano Banana Pro skill. (#1958) Thanks @tyler6204.
Skills: add missing dependency metadata for GitHub, Notion, Slack, Discord. (#1995) Thanks @jackheuberger.
Commands: group /help and /commands output with Telegram paging. (#2504) Thanks @hougangdev.
Routing: add per-account DM session scope and document multi-account isolation. (#3095) Thanks @jarvis-sam.
Routing: precompile session key regexes. (#1697) Thanks @Ray0907.
CLI: use Node's module compile cache for faster startup. (#2808) Thanks @pi0.
Auth: show copyable Google auth URL after ASCII prompt. (#1787) Thanks @robbyczgw-cla.
TUI: avoid width overflow when rendering selection lists. (#1686) Thanks @mossein.
macOS: finish OpenClaw app rename for macOS sources, bundle identifiers, and shared kit paths. (#2844) Thanks @fal3.
Branding: update launchd labels, mobile bundle IDs, and logging subsystems to bot.molt (legacy bundle ID migrations). Thanks @thewilloftheshadow.
macOS: limit project-local node_modules/.bin PATH preference to debug builds (reduce PATH hijacking risk).
macOS: keep custom SSH usernames in remote target. (#2046) Thanks @algal.
macOS: avoid crash when rendering code blocks by bumping Textual to 0.3.1. (#2033) Thanks @garricn.
Update: ignore dist/control-ui for dirty checks and restore after ui builds. (#1976) Thanks @Glucksberg.
Build: bundle A2UI assets during build and stop tracking generated bundles. (#2455) Thanks @0oAstro.
CI: increase Node heap size for macOS checks. (#1890) Thanks @realZachi.
Config: apply config.env before ${VAR} substitution. (#1813) Thanks @spanishflu-est1918.
Gateway: prefer newest session metadata when combining stores. (#1823) Thanks @emanuelst.
Docs: tighten Fly private deployment steps. (#2289) Thanks @dguido.
Docs: add migration guide for moving to a new machine. (#2381)
Docs: add Northflank one-click deployment guide. (#2167) Thanks @AdeboyeDN.
Docs: add Vercel AI Gateway to providers sidebar. (#1901) Thanks @jerilynzheng.
Docs: add Render deployment guide. (#1975) Thanks @anurag.
Docs: add Claude Max API Proxy guide. (#1875) Thanks @atalovesyou.
Docs: add DigitalOcean deployment guide. (#1870) Thanks @0xJonHoldsCrypto.
Docs: add Oracle Cloud (OCI) platform guide + cross-links. (#2333) Thanks @hirefrank.
Docs: add Raspberry Pi install guide. (#1871) Thanks @0xJonHoldsCrypto.
Docs: add GCP Compute Engine deployment guide. (#1848) Thanks @hougangdev.
Docs: add LINE channel guide. Thanks @thewilloftheshadow.
Docs: credit both contributors for Control UI refresh. (#1852) Thanks @EnzeD.
Docs: keep docs header sticky so navbar stays visible while scrolling. (#2445) Thanks @chenyuan99.
Docs: update exe.dev install instructions. (#https://github.com/openclaw/openclaw/pull/3047) Thanks @zackerthescar.

Breaking

BREAKING: Gateway auth mode "none" is removed; gateway now requires token/password (Tailscale Serve identity still allowed).

Fixes

Telegram: avoid silent empty replies by tracking normalization skips before fallback. (#3796)
Mentions: honor mentionPatterns even when explicit mentions are present. (#3303) Thanks @HirokiKobayashi-R.
Discord: restore username directory lookup in target resolution. (#3131) Thanks @bonald.
Agents: align MiniMax base URL test expectation with default provider config. (#3131) Thanks @bonald.
Agents: prevent retries on oversized image errors and surface size limits. (#2871) Thanks @Suksham-sharma.
Agents: inherit provider baseUrl/api for inline models. (#2740) Thanks @lploc94.
Memory Search: keep auto provider model defaults and only include remote when configured. (#2576) Thanks @papago2355.
Telegram: include AccountId in native command context for multi-agent routing. (#2942) Thanks @Chloe-VP.
Telegram: handle video note attachments in media extraction. (#2905) Thanks @mylukin.
TTS: read OPENAI_TTS_BASE_URL at runtime instead of module load to honor config.env. (#3341) Thanks @hclsys.
macOS: auto-scroll to bottom when sending a new message while scrolled up. (#2471) Thanks @kennyklee.
Web UI: auto-expand the chat compose textarea while typing (with sensible max height). (#2950) Thanks @shivamraut101.
Gateway: prevent crashes on transient network errors (fetch failures, timeouts, DNS). Added fatal error detection to only exit on truly critical errors. Fixes #2895, #2879, #2873. (#2980) Thanks @elliotsecops.
Agents: guard channel tool listActions to avoid plugin crashes. (#2859) Thanks @mbelinky.
Discord: stop resolveDiscordTarget from passing directory params into messaging target parsers. Fixes #3167. Thanks @thewilloftheshadow.
Discord: avoid resolving bare channel names to user DMs when a username matches. Thanks @thewilloftheshadow.
Discord: fix directory config type import for target resolution. Thanks @thewilloftheshadow.
Providers: update MiniMax API endpoint and compatibility mode. (#3064) Thanks @hlbbbbbbb.
Telegram: treat more network errors as recoverable in polling. (#3013) Thanks @ryancontent.
Discord: resolve usernames to user IDs for outbound messages. (#2649) Thanks @nonggialiang.
Providers: update Moonshot Kimi model references to kimi-k2.5. (#2762) Thanks @MarvinCui.
Gateway: suppress AbortError and transient network errors in unhandled rejections. (#2451) Thanks @Glucksberg.
TTS: keep /tts status replies on text-only commands and avoid duplicate block-stream audio. (#2451) Thanks @Glucksberg.
Security: pin npm overrides to keep tar@7.5.4 for install toolchains.
Security: properly test Windows ACL audit for config includes. (#2403) Thanks @dominicnunez.
CLI: recognize versioned Node executables when parsing argv. (#2490) Thanks @David-Marsh-Photo.
CLI: avoid prompting for gateway runtime under the spinner. (#2874)
BlueBubbles: coalesce inbound URL link preview messages. (#1981) Thanks @tyler6204.
Cron: allow payloads containing "heartbeat" in event filter. (#2219) Thanks @dwfinkelstein.
CLI: avoid loading config for global help/version while registering plugin commands. (#2212) Thanks @dial481.
Agents: include memory.md when bootstrapping memory context. (#2318) Thanks @czekaj.
Agents: release session locks on process termination and cover more signals. (#2483) Thanks @janeexai.
Agents: skip cooldowned providers during model failover. (#2143) Thanks @YiWang24.
Telegram: harden polling + retry behavior for transient network errors and Node 22 transport issues. (#2420) Thanks @techboss.
Telegram: ignore non-forum group message_thread_id while preserving DM thread sessions. (#2731) Thanks @dylanneve1.
Telegram: wrap reasoning italics per line to avoid raw underscores. (#2181) Thanks @YuriNachos.
Telegram: centralize API error logging for delivery and bot calls. (#2492) Thanks @altryne.
Voice Call: enforce Twilio webhook signature verification for ngrok URLs; disable ngrok free tier bypass by default.
Security: harden Tailscale Serve auth by validating identity via local tailscaled before trusting headers.
Media: fix text attachment MIME misclassification with CSV/TSV inference and UTF-16 detection; add XML attribute escaping for file output. (#3628) Thanks @frankekn.
Build: align memory-core peer dependency with lockfile.
Security: add mDNS discovery mode with minimal default to reduce information disclosure. (#1882) Thanks @orlyjamie.
Security: harden URL fetches with DNS pinning to reduce rebinding risk. Thanks Chris Zheng.
Web UI: improve WebChat image paste previews and allow image-only sends. (#1925) Thanks @smartprogrammer93.
Security: wrap external hook content by default with a per-hook opt-out. (#1827) Thanks @mertcicekci0.
Gateway: default auth now fail-closed (token/password required; Tailscale Serve identity remains allowed).
Gateway: treat loopback + non-local Host connections as remote unless trusted proxy headers are present.
Onboarding: remove unsupported gateway auth "off" choice from onboarding/configure flows and CLI flags.

View full changelog

2026.1.24-1

Sun, 25 Jan 2026 14:05:25 +0000

OpenClaw 2026.1.24-1

Fixes

Packaging: include dist/shared output in npm tarball (fixes missing reasoning-tags import on install).

View full changelog

2026.1.24

Sun, 25 Jan 2026 13:31:05 +0000

OpenClaw 2026.1.24

Highlights

Providers: Ollama discovery + docs; Venice guide upgrades + cross-links. (#1606) Thanks @abhaymundhara. https://docs.openclaw.ai/providers/ollama https://docs.openclaw.ai/providers/venice
Channels: LINE plugin (Messaging API) with rich replies + quick replies. (#1630) Thanks @plum-dawg.
TTS: Edge fallback (keyless) + /tts auto modes. (#1668, #1667) Thanks @steipete, @sebslight. https://docs.openclaw.ai/tts
Exec approvals: approve in-chat via /approve across all channels (including plugins). (#1621) Thanks @czekaj. https://docs.openclaw.ai/tools/exec-approvals https://docs.openclaw.ai/tools/slash-commands
Telegram: DM topics as separate sessions + outbound link preview toggle. (#1597, #1700) Thanks @rohannagpal, @zerone0x. https://docs.openclaw.ai/channels/telegram

Changes

Channels: add LINE plugin (Messaging API) with rich replies, quick replies, and plugin HTTP registry. (#1630) Thanks @plum-dawg.
TTS: add Edge TTS provider fallback, defaulting to keyless Edge with MP3 retry on format failures. (#1668) Thanks @steipete. https://docs.openclaw.ai/tts
TTS: add auto mode enum (off/always/inbound/tagged) with per-session /tts override. (#1667) Thanks @sebslight. https://docs.openclaw.ai/tts
Telegram: treat DM topics as separate sessions and keep DM history limits stable with thread suffixes. (#1597) Thanks @rohannagpal.
Telegram: add channels.telegram.linkPreview to toggle outbound link previews. (#1700) Thanks @zerone0x. https://docs.openclaw.ai/channels/telegram
Web search: add Brave freshness filter parameter for time-scoped results. (#1688) Thanks @JonUleis. https://docs.openclaw.ai/tools/web
UI: refresh Control UI dashboard design system (typography, colors, spacing). (#1786) Thanks @mousberg.
Exec approvals: forward approval prompts to chat with /approve for all channels (including plugins). (#1621) Thanks @czekaj. https://docs.openclaw.ai/tools/exec-approvals https://docs.openclaw.ai/tools/slash-commands
Gateway: expose config.patch in the gateway tool with safe partial updates + restart sentinel. (#1653) Thanks @Glucksberg.
Diagnostics: add diagnostic flags for targeted debug logs (config + env override). https://docs.openclaw.ai/diagnostics/flags
Docs: expand FAQ (migration, scheduling, concurrency, model recommendations, OpenAI subscription auth, Pi sizing, hackable install, docs SSL workaround).
Docs: add verbose installer troubleshooting guidance.
Docs: add macOS VM guide with local/hosted options + VPS/nodes guidance. (#1693) Thanks @f-trycua.
Docs: add Bedrock EC2 instance role setup + IAM steps. (#1625) Thanks @sergical. https://docs.openclaw.ai/bedrock
Docs: update Fly.io guide notes.
Dev: add prek pre-commit hooks + dependabot config for weekly updates. (#1720) Thanks @dguido.

Fixes

Web UI: fix config/debug layout overflow, scrolling, and code block sizing. (#1715) Thanks @saipreetham589.
Web UI: show Stop button during active runs, swap back to New session when idle. (#1664) Thanks @ndbroadbent.
Web UI: clear stale disconnect banners on reconnect; allow form saves with unsupported schema paths but block missing schema. (#1707) Thanks @Glucksberg.
Web UI: hide internal message_id hints in chat bubbles.
Gateway: allow Control UI token-only auth to skip device pairing even when device identity is present (gateway.controlUi.allowInsecureAuth). (#1679) Thanks @steipete.
Matrix: decrypt E2EE media attachments with preflight size guard. (#1744) Thanks @araa47.
BlueBubbles: route phone-number targets to DMs, avoid leaking routing IDs, and auto-create missing DMs (Private API required). (#1751) Thanks @tyler6204. https://docs.openclaw.ai/channels/bluebubbles
BlueBubbles: keep part-index GUIDs in reply tags when short IDs are missing.
Signal: repair reaction sends (group/UUID targets + CLI author flags). (#1651) Thanks @vilkasdev.
Signal: add configurable signal-cli startup timeout + external daemon mode docs. (#1677) https://docs.openclaw.ai/channels/signal
Telegram: set fetch duplex="half" for uploads on Node 22 to avoid sendPhoto failures. (#1684) Thanks @commdata2338.
Telegram: use wrapped fetch for long-polling on Node to normalize AbortSignal handling. (#1639)
Telegram: honor per-account proxy for outbound API calls. (#1774) Thanks @radek-paclt.
Telegram: fall back to text when voice notes are blocked by privacy settings. (#1725) Thanks @foeken.
Voice Call: return stream TwiML for outbound conversation calls on initial Twilio webhook. (#1634)
Voice Call: serialize Twilio TTS playback and cancel on barge-in to prevent overlap. (#1713) Thanks @dguido.
Google Chat: tighten email allowlist matching, typing cleanup, media caps, and onboarding/docs/tests. (#1635) Thanks @iHildy.
Google Chat: normalize space targets without double spaces/ prefix.
Agents: auto-compact on context overflow prompt errors before failing. (#1627) Thanks @rodrigouroz.
Agents: use the active auth profile for auto-compaction recovery.
Media understanding: skip image understanding when the primary model already supports vision. (#1747) Thanks @tyler6204.
Models: default missing custom provider fields so minimal configs are accepted.
Messaging: keep newline chunking safe for fenced markdown blocks across channels.
TUI: reload history after gateway reconnect to restore session state. (#1663)
Heartbeat: normalize target identifiers for consistent routing.
Exec: keep approvals for elevated ask unless full mode. (#1616) Thanks @ivancasco.
Exec: treat Windows platform labels as Windows for node shell selection. (#1760) Thanks @ymat19.
Gateway: include inline config env vars in service install environments. (#1735) Thanks @Seredeep.
Gateway: skip Tailscale DNS probing when tailscale.mode is off. (#1671)
Gateway: reduce log noise for late invokes + remote node probes; debounce skills refresh. (#1607) Thanks @petter-b.
Gateway: clarify Control UI/WebChat auth error hints for missing tokens. (#1690)
Gateway: listen on IPv6 loopback when bound to 127.0.0.1 so localhost webhooks work.
Gateway: store lock files in the temp directory to avoid stale locks on persistent volumes. (#1676)
macOS: default direct-transport ws:// URLs to port 18789; document gateway.remote.transport. (#1603) Thanks @ngutman.
Tests: cap Vitest workers on CI macOS to reduce timeouts. (#1597) Thanks @rohannagpal.
Tests: avoid fake-timer dependency in embedded runner stream mock to reduce CI flakes. (#1597) Thanks @rohannagpal.
Tests: increase embedded runner ordering test timeout to reduce CI flakes. (#1597) Thanks @rohannagpal.

View full changelog