Positronick
← Blog
Release

openclaw 2026.6.6

Tighter security boundaries: transcript, sandbox, MCP, browser, channel, and exec-approval paths now fail closed around unsafe access, timed-out approvals, and malformed boundary input. (#91529,…

by @openclaw · OpenClaw · Releases
Originally published on github.com →

2026.6.6

Highlights

  • Tighter security boundaries: transcript, sandbox, MCP, browser, channel, and exec-approval paths now fail closed around unsafe access, timed-out approvals, and malformed boundary input. (#91529, #91618, #91741, #91750, #89938) Thanks @joshavant, @pgondhi987, @mmaps, @eleqtrizit, @drobison00, @vincentkoc, and @devinkuhn.
  • Reliable Telegram delivery: account-scoped topics route to the correct agent, streamed text survives tool calls, callbacks and draft chunks stay coherent, and unauthorized DM text does not enter cache or prompt context. (#91189, #88682, #90212, #91478, #91915) Thanks @codysai001, @alexzhu0, @snowzlm, @obviyus, @sallyom, @AbdelftahZowail, @producedbysavant, @shakkernerd, @vincentkoc, and @BSG2000.
  • iMessage stays connected: always-on inbound recovery, durable echo markers, block streaming, idle approval discovery, and outbound transport now survive restarts and idle periods. (#91335, #91449, #88969, #91783) Thanks @omarshahine, @jmissig, @dwonshin, @colmbrogan, @vincentkoc, and @TurboTheTurtle.
  • Better browser and MCP connectivity: existing browser sessions, CDP/WebSocket discovery, default-profile URLs, OAuth/SSE transport, and tool schemas now connect through clearer, safer paths. (#91422, #89851, #91736, #91451) Thanks @pgondhi987, @anagnorisis2peripeteia, @eleqtrizit, @LiuwqGit, @lifuyue, @marcusbsorensen, @cursoragent, @vincentkoc, @849261680, and @mgrandau.
  • Faster first replies: Control UI startup no longer waits on broad model loading, while cached metadata, lazy slash-command work, and first-event tracing make slow initial responses visible. (#91531, #91538, #91568, #91583) Thanks @vincentkoc and @BSG2000.
  • Broader provider support: OpenRouter OAuth and Claude Fable 5 land alongside correct Codex compaction ownership, local-model execution, normalized tool progress, and Gemma 4 reasoning replay. (#91830, #91882, #91590, #88630, #91696) Thanks @Patrick-Erichsen, @joshavant, @bdjben, @Coder-Wangyankun, @vincentkoc, @bfox55, @shakkernerd, and @NOVA-Openclaw.

Changes

  • CLI progress: emit Claude CLI commentary progress events and bridge inter-tool commentary into channel progress without exposing internal protocol scaffolding. (#89834, #90883) Thanks @anagnorisis2peripeteia, @AbdelftahZowail, @kentuscn, and @vincentkoc.
  • Observability: allow trusted diagnostics channels to capture tool input/output content, add first-assistant-event traces, and warn on slow initial replies. (#91256, #91568, #91583) Thanks @amknight, @mjunaidca, and @vincentkoc.
  • Plugins/ClawHub: dogfood reusable package publishing, let dry runs skip publish approval, allow declared installed trusted hooks, report managed plugin version drift, and warn instead of failing on retired Skill Workshop configuration. (#91574, #91591, #90004, #90927, #90838) Thanks @Patrick-Erichsen, @brokemac79, @lonexreb, @rogerallen1, @vincentkoc, and @ryanhelms.
  • Memory/providers: move the local llama.cpp runtime into its provider plugin, batch embeddings across files, persist the agent model catalog cache, and keep QMD JSON search one-shot while filtering stale REM recall previews. (#91324, #89138, #90457, #91837, #91851) Thanks @osolmaz, @mushuiyu886, @ai-hpc, @TurboTheTurtle, @jalehman, @hartmark, @vincentkoc, @rudi193-cmd, @Peilsender, and @xpysgdhr.
  • Channels/mobile: add the QQBot group mention toggle, improve iPad and iPhone control surfaces, and expose the active connection host in the TUI footer. (#91423, #91557, #89909) Thanks @cxyhhhhh, @Solvely-Colin, @baskduf, @joshavant, @sliverp, and @deuxksy.
  • Performance: prewarm TUI runtime plugins, deduplicate plugin auto-enable fanout, trim dense text-delta snapshots, and reuse prepared startup model metadata. (#90782, #89978, #91580, #91531) Thanks @RomneyDa, @ai-hpc, @vincentkoc, and @JakeBiggs.

Fixes

  • Agent/session recovery: drop stale approval follow-ups after session rebind, remove drained reply-queue items by identity, recover stale main and visible replies, preserve Codex context-engine compaction ownership, lower the default compaction timeout to 180 seconds while respecting explicit configuration, and keep provider-failure terminal lifecycle state correct. (#85679, #91450, #91566, #91840, #91590, #91361, #91895) Thanks @openperf, @yetval, @joshavant, @wangmiao0668000666, @TurboTheTurtle, @two3pro, @velvet-shark, @sallyom, @849261680, @vincentkoc, @Tony-ooo, @Jerry-Xin, @olveww-dot, and @nikhilmaddirala.
  • User-visible content boundaries: suppress Codex/Harmony protocol artifacts, neutralize browser and LanceDB memory media directives, redact transcript images, and preserve native /compact replies through source suppression. (#89151, #91422, #91425, #91529, #90212) Thanks @joelnishanth, @pgondhi987, @joshavant, @snowzlm, @reslp, @vincentkoc, and @devinkuhn.
  • Channel delivery: keep WhatsApp captured replies attached to the successor controller after restart, retry Feishu rate limits, preserve Mattermost thread replies, canonicalize LINE webhook paths, restore Discord reply hydration and runtime timeout exports, and show OpenAI Realtime WebRTC assistant transcripts. (#85823, #89659, #91684, #91649, #90263, #91686, #90426) Thanks @itsuzef, @ladygege, @jacobtomlinson, @fuller-stack-dev, @shushushv, @mcaxtr, @AxelHu, @vincentkoc, @marshallm-create, @sliverp, and @dahifi.
  • Cron: cancel active task runs cleanly, preserve terminal timeout/cancel state, and recover no-deliver tool warnings instead of silently losing the outcome. (#90666, #90678) Thanks @ai-hpc.
  • Gateway/config/auth: share the approval runtime socket token, replace arrays explicitly in config.patch, skip the deleted-agent guard only for valid ACP harness sessions, surface headless LaunchAgent state, verify SQLite auth migration before cleanup, and arm QMD startup maintenance. (#87105, #91551, #91219, #91614, #91740, #91978) Thanks @fuller-stack-dev, @scotthuang, @joshavant, @velvet-shark, @vincentkoc, and @dahifi.
  • Providers/Codex: clarify quota errors, restore the Codex synthetic usage line, canonicalize Codex protocol assets, require API-key auth for realtime voice, normalize ACP model refs, preserve Gemma 4 reasoning_content, and avoid guardian review for local models. (#91390, #91709, #91507, #91567, #88630, #91696) Thanks @hxy91819, @brokemac79, @RomneyDa, @joshavant, @Coder-Wangyankun, @vincentkoc, @bfox55, @shakkernerd, and @sergiopesch.
  • Updates/builds: recover package Gateway restarts after refresh failure, expose plugin convergence repair, fall back to Corepack in PATH-less pnpm environments, seed the correct Docker store packages, and keep ClawHub dry-run and publish paths reusable. (#91581, #91599, #91547, #91591) Thanks @fuller-stack-dev, @sallyom, @Patrick-Erichsen, @vincentkoc, and @laurenceputra.
  • UI: require explicit user intent before opening chat sessions and drain restored chat queues after session switches. (#91480) Thanks @TurboTheTurtle, @Takhoffman, and @zdwalter.
  • Android: avoid the dataSync foreground-service type for persistent nodes. (#80082) Thanks @davelutztx.
  • Native hooks: bound relay lifetimes so abandoned native hook connections cannot linger indefinitely. (#91550) Thanks @joshavant and @clem-git.

Complete contribution record

This audited record covers the complete v2026.6.5..v2026.6.6 history: 198 merged PRs. The generation manifest also supplies direct commits as editorial input; the grouped notes above prioritize user impact.

Pull requests

  • PR #91335 fix(imessage): always-on inbound recovery and dedupe. Related #89237. Thanks @omarshahine and @vincentkoc and @dwonshin.
  • PR #91189 fix(telegram): route account-scoped topic agents. Thanks @codysai001.
  • PR #88682 Preserve Telegram streamed text blocks between tool calls. Related #87326. Thanks @alexzhu0 and @AbdelftahZowail.
  • PR #91390 fix: clarify provider quota errors. Thanks @hxy91819.
  • PR #90883 fix(cli): bridge inter-tool commentary events to channel progress. Thanks @anagnorisis2peripeteia.
  • PR #91419 docs: preserve channel brand terms in Chinese i18n. Thanks @hxy91819.
  • PR #87105 fix(gateway): share approval runtime socket token. Thanks @fuller-stack-dev.
  • PR #80082 fix(android): avoid dataSync FGS for persistent node. Thanks @davelutztx.
  • PR #91442 docs: preserve LINE across localized docs glossaries. Thanks @hxy91819.
  • PR #88768 fix(codex): normalize dynamic tool progress results. Thanks @bdjben.
  • PR #91422 fix(browser): neutralize media directives in browser output [AI]. Thanks @pgondhi987.
  • PR #89834 feat(cli): emit commentary progress events from Claude CLI parser. Related #87326. Thanks @anagnorisis2peripeteia and @AbdelftahZowail.
  • PR #85679 fix(agents): drop stale exec approval followups after session rebind. Related #59349. Thanks @openperf and @two3pro.
  • PR #91450 fix(reply-queue): remove the drained item by reference instead of front index. Thanks @yetval.
  • PR #89151 fix(delivery): suppress Codex/Harmony internal protocol artifacts from user-facing channels. Related #88128. Thanks @joelnishanth and @reslp.
  • PR #90678 fix(cron): recover no-deliver tool warnings. Thanks @ai-hpc.
  • PR #91449 fix(imessage): honor block streaming config. Thanks @jmissig and @omarshahine.
  • PR #91508 Revert "docs: add maturity scorecard mirror". Thanks @kevinslin.
  • PR #91364 build(deps): bump github.com/steipete/peekaboo from 3.3.0 to 3.4.0 in /apps/macos in the swift-deps group.
  • PR #91368 build(deps): bump actions/github-script from 8 to 9.
  • PR #91512 chore: add taxonomy file. Thanks @kevinslin.
  • PR #91369 build(deps): bump actions/cache from 4 to 5.
  • PR #91367 build(deps): bump the actions group with 2 updates.
  • PR #91365 build(deps): bump the android-deps group in /apps/android with 3 updates.
  • PR #91496 chore: bump Codex app-server to 0.137.0. Thanks @RomneyDa.
  • PR #90666 fix(cron): cancel active cron task runs. Thanks @ai-hpc.
  • PR #90927 fix(doctor): report managed plugin version drift. Related #90891. Thanks @brokemac79.
  • PR #91531 perf(control-ui): reuse startup model metadata. Thanks @vincentkoc.
  • PR #91538 perf(control-ui): avoid startup catalog wait. Thanks @vincentkoc.
  • PR #91507 feat: canonicalize Codex protocol JSON asset ordering. Thanks @RomneyDa.
  • PR #91550 fix: bound native hook relay lifetime. Related #90993. Thanks @joshavant and @clem-git.
  • PR #89588 fix(telegram): restore /compact on generic message ingress. Related #89525. Thanks @joelnishanth and @cursoragent and @bomberluke37-prog.
  • PR #91529 Fix transcript image redaction. Related #90760. Thanks @joshavant and @devinkuhn.
  • PR #91551 Fix config.patch explicit array replacement. Thanks @joshavant.
  • PR #91568 perf(control-ui): trace first assistant event. Thanks @vincentkoc.
  • PR #85823 fix(whatsapp): route captured replies through successor controller after restart. Thanks @itsuzef and @mcaxtr.
  • PR #91574 feat: dogfood reusable ClawHub package publish. Thanks @Patrick-Erichsen.
  • PR #91583 perf(control-ui): warn on slow first replies. Thanks @vincentkoc.
  • PR #89659 fix(feishu): retry on send rate-limit errors (230020/230006). Related #70879. Thanks @ladygege and @marshallm-create and @sliverp and @AxelHu.
  • PR #91547 Fix Docker store seed target packages. Related #91035. Thanks @sallyom and @laurenceputra.
  • PR #91578 fix: make docs i18n frontmatter translation resilient. Thanks @hxy91819.
  • PR #91567 fix(openai): require api-key auth for realtime voice. Related #90456. Thanks @joshavant and @sergiopesch.
  • PR #91591 fix: let ClawHub dry runs skip publish approval. Thanks @Patrick-Erichsen.
  • PR #91598 perf(control-ui): lazy load slash commands. Thanks @vincentkoc.
  • PR #91580 fix(agents): trim dense text delta snapshots. Related #86599. Thanks @vincentkoc and @JakeBiggs.
  • PR #91425 fix(memory-lancedb): guard memory recall output [AI]. Thanks @pgondhi987.
  • PR #88969 fix(imessage): persist echo markers before send. Thanks @colmbrogan.
  • PR #91566 Fix stale main session startup recovery. Related #90525. Thanks @joshavant and @Tony-ooo.
  • PR #91324 fix(memory): move local llama.cpp runtime to provider plugin. Related #88705. Thanks @osolmaz and @Peilsender.
  • PR #91637 docs: include plugin prerelease in release validation approval.
  • PR #91649 fix(line): canonicalize trailing-slash webhook paths.
  • PR #91423 feat(qqbot): add /bot-group-allways command to toggle mention requirement. Thanks @cxyhhhhh and @sliverp.
  • PR #91642 fix(docs): continue partial i18n batches after file errors. Thanks @hxy91819.
  • PR #91661 chore(plugin-sdk): refresh API baseline hash.
  • PR #91665 docs: fix release CI Android dispatch guidance.
  • PR #89138 fix #88009: [Feature]: batched memory embedding should batch over files. Thanks @mushuiyu886 and @jalehman and @hartmark.
  • PR #91679 fix(plugin-sdk): align Discord component edit facade types. Thanks @vincentkoc.
  • PR #91686 fix(discord): restore runtime timeout compatibility exports. Thanks @vincentkoc.
  • PR #90212 fix(agents): deliver native /compact replies through source suppression. Thanks @snowzlm.
  • PR #91618 fix: expand unsafe host env denylist. Thanks @pgondhi987.
  • PR #91615 fix: block rustup toolchain env overrides [AI]. Thanks @pgondhi987.
  • PR #89851 fix(gateway): support Streamable HTTP MCP transport on loopback server. Thanks @anagnorisis2peripeteia.
  • PR #91619 fix: block git protocol env controls [AI]. Thanks @pgondhi987.
  • PR #91684 fix(mattermost): keep default replies in existing threads. Thanks @jacobtomlinson.
  • PR #90457 fix(models): persist agent catalog cache. Thanks @ai-hpc.
  • PR #91709 fix(status): restore Codex synthetic usage line. Related #91694. Thanks @brokemac79.
  • PR #89909 fix(tui): show connection host in footer. Related #56276. Thanks @baskduf and @deuxksy.
  • PR #89978 perf(config): dedupe plugin auto-enable fanout work. Thanks @ai-hpc.
  • PR #91219 fix(gateway): skip deleted-agent guard for ACP harness session keys. Thanks @scotthuang.
  • PR #90782 perf(tui): prewarm runtime plugins before first send. Thanks @RomneyDa.
  • PR #90838 fix(config): warn for retired skill-workshop plugin entry instead of failing validation (#90244). Thanks @lonexreb and @rogerallen1.
  • PR #91753 docs: clarify Matrix plugin upgrade repair. Thanks @RomneyDa.
  • PR #91755 docs: align Feishu DM policy defaults. Thanks @RomneyDa.
  • PR #91745 fix(discord): require sender for moderation actions [AI]. Thanks @eleqtrizit.
  • PR #85950 docs: clarify trusted-proxy Control UI scope behavior. Related #80063. Thanks @nielskaspers and @longstoryscott.
  • PR #91746 fix(msteams): require admin for group actions. Thanks @eleqtrizit.
  • PR #91256 feat(diagnostics-otel): capture tool input/output content via trusted channel. Thanks @amknight.
  • PR #91749 fix(gateway): restrict non-owner loopback tools. Thanks @eleqtrizit.
  • PR #91748 fix(elevated): reject group ids as senders. Thanks @eleqtrizit.
  • PR #91752 fix(codex): guard sandbox http requests. Thanks @eleqtrizit.
  • PR #91763 fix: require ACP metadata for deleted-agent bypass. Thanks @shakkernerd.
  • PR #91751 fix(mcp): harden stdio env filtering. Thanks @eleqtrizit.
  • PR #91765 Clarify env-var executable behavior reports in SECURITY.md. Thanks @jacobtomlinson.
  • PR #91480 fix(ui): require user intent for chat sessions. Related #89760. Thanks @TurboTheTurtle and @Takhoffman and @zdwalter.
  • PR #91777 docs: remove superpowers spec draft. Thanks @Patrick-Erichsen.
  • PR #91773 fix(mcp): lowercase SSE event-source header keys to prevent duplicate Authorization (401). Thanks @Takhoffman.
  • PR #91741 Validate sandbox bind parent paths [AI]. Thanks @mmaps.
  • PR #88530 fix(imessage): skip idle approval discovery scans. Thanks @colmbrogan and @omarshahine.
  • PR #91780 fix(ui): drain restored chat queue after session switch. Thanks @tmimmanuel.
  • PR #91750 fix(search): enforce native web search tool policy. Thanks @eleqtrizit.
  • PR #91757 fix(config): clarify retired skill workshop plugin warning. Thanks @RomneyDa.
  • PR #91787 fix(doctor): keep TTS legacy migration on supported paths.
  • PR #91783 fix(imessage): harden outbound send transport. Related #84329. Thanks @omarshahine and @TurboTheTurtle.
  • PR #91785 fix(imessage): surface inbound startup diagnostics. Thanks @omarshahine.
  • PR #91590 Fix context-engine compaction ownership for Codex sessions. Thanks @joshavant.
  • PR #91557 Improve iPad and iPhone control surfaces. Thanks @Solvely-Colin and @joshavant.
  • PR #91666 chore(deps): bump useblacksmith/setup-docker-builder from 1.8.0 to 1.9.0 in the actions group.
  • PR #91819 docs: link ClawHub plugin validation fixes guide. Thanks @Patrick-Erichsen.
  • PR #88630 fix(codex): avoid guardian review for local models. Thanks @vincentkoc.
  • PR #91830 feat: add OpenRouter OAuth to onboarding. Thanks @Patrick-Erichsen.
  • PR #91842 fix(plugin-sdk): refresh API baseline hash.
  • PR #91614 fix(gateway): surface headless LaunchAgent state. Thanks @fuller-stack-dev.
  • PR #91851 fix(memory-core): filter stale recall entries in REM harness preview. Thanks @vincentkoc.
  • PR #91859 fix(ci): disable memory slot in release smoke config. Thanks @vincentkoc.
  • PR #90004 [plugin sdk] Allow declared installed trusted hooks. Related #87735. Thanks @brokemac79 and @ryanhelms.
  • PR #91837 fix(memory-core): keep QMD JSON search one-shot. Related #91821. Thanks @TurboTheTurtle and @xpysgdhr.
  • PR #91871 Remove bundled channel contract fallbacks. Thanks @obviyus.
  • PR #91879 fix(ci): include ACPX in shared live-test image.
  • PR #91840 Fix stale visible reply recovery. Related #90535. Thanks @joshavant and @Jerry-Xin.
  • PR #91876 Fix Telegram callback API handling. Thanks @obviyus.
  • PR #91874 Share channel draft chunking resolver. Thanks @obviyus.
  • PR #91599 fix(update): expose plugin convergence repair. Thanks @fuller-stack-dev.
  • PR #91581 fix(update): recover package gateway restart after refresh failure. Thanks @fuller-stack-dev.
  • PR #91904 fix(telegram): use SDK dispatch dedupe. Thanks @obviyus.
  • PR #90263 fix(discord): hydrate reply context metadata. Thanks @fuller-stack-dev.
  • PR #91478 block unauthorized Telegram DM text from prompt context. Related #91209. Thanks @sallyom and @producedbysavant.
  • PR #91915 fix(telegram): audit follow-ups — block-mode chunk config, dedupe bucket cleanup, grammy contract trust. Thanks @obviyus.
  • PR #91361 fix(compaction): lower default timeout from 900s to 180s, preserve explicit config. Related #91358. Thanks @wangmiao0668000666 and @velvet-shark and @olveww-dot.
  • PR #91791 fix(sandbox): use materialized skill paths in startup prompts. Related #91761. Thanks @brokemac79 and @vincentkoc and @gbb-netizen.
  • PR #91736 Support existing-session browser CDP endpoints. Related #56118. Thanks @lifuyue and @mgrandau.
  • PR #91747 fix(browser): validate discovered CDP websocket URLs. Thanks @eleqtrizit.
  • PR #91882 feat(anthropic): support Claude Fable 5 adaptive thinking. Related #91805. Thanks @NOVA-Openclaw.
  • PR #91884 fix(memory): keep ignored-name QMD roots watchable. Thanks @vincentkoc.
  • PR #91740 fix(auth): verify SQLite auth migration before cleanup. Thanks @fuller-stack-dev and @velvet-shark.
  • PR #91451 fix(mcp): repair OAuth redirect, errors, and unicode schema patterns. Related #91433. Thanks @LiuwqGit and @cursoragent and @vincentkoc and @marcusbsorensen.
  • PR #91978 fix(gateway): arm qmd startup maintenance. Thanks @vincentkoc.
  • PR #90426 fix(talk): show OpenAI Realtime WebRTC assistant transcripts. Thanks @shushushv and @vincentkoc.
  • PR #91696 fix(agents): preserve reasoning_content replay for Gemma 4 openai-completions models. Related #91645. Thanks @Coder-Wangyankun and @bfox55.
  • PR #89938 Fail closed on exec approval timeout. Thanks @drobison00.
  • PR #91895 fix(webchat): finalize provider failure lifecycle. Related #91730. Thanks @TurboTheTurtle and @sallyom and @nikhilmaddirala.
  • PR #80143 fix(browser): honor cdpUrl for user default profile. Related #48042. Thanks @HemantSudarshan and @Max-Resilient.
  • PR #91688 fix(cron): reject cron expressions that have no reachable run time. Thanks @yetval and @vincentkoc.
  • PR #91737 fix(cron): use final-call usage for session token totals. Related #91716. Thanks @MonkeyLeeT and @vincentkoc and @yetval.
  • PR #89605 fix(process): return timeout code for killed commands. Thanks @ai-hpc.
  • PR #80013 perf(usage-cost-cache): throttle full-cache rewrites during refresh. Thanks @zeroaltitude.
  • PR #76731 Fix mobile Control UI chat layout. Thanks @Solvely-Colin.
  • PR #83738 fix(cron): capture originating session/agent on the cron wake tool call. Thanks @anagnorisis2peripeteia.
  • PR #85196 Redact tool output secrets. Thanks @amknight.
  • PR #92007 fix(security): block build tool env overrides. Thanks @eleqtrizit.
  • PR #91891 fix: preserve non-oneOf protocol schema array order. Thanks @RomneyDa.
  • PR #91754 fix(macos): hide unsupported Voice Wake controls. Related #89575. Thanks @RomneyDa and @cwhyhy.
  • PR #92049 test(ci): restore upgrade survivor session fixture. Thanks @vincentkoc.
  • PR #89670 fix: keep skill toggles keyed by skill identity. Related #89661. Thanks @s-moffett.
  • PR #91934 fix(state): tolerate chmod failures when opening the state database. Related #91919. Thanks @truffle-dev and @david-garcia-garcia.
  • PR #92051 fix(fal): parse raw completed queue results. Related #91989. Thanks @harjothkhara and @oswaldyeo.
  • PR #92047 fix(agents): prefer explicit sessions_send keys. Related #64699. Thanks @vincentkoc and @sunxq1017-hash.
  • PR #92020 fix(memory-core): check SQLite plugin state for dreaming ingestion audit after JSON migration (fixes #92017). Thanks @zenglingbiao and @JUMPUNDER.
  • PR #92032 fix(mcp): always log channel-bridge notification failures. Thanks @hansraj316.
  • PR #92033 fix(gateway): log swallowed background-task finalization errors. Thanks @hansraj316.
  • PR #92022 fix(sessions): derive channel from direct-chat session keys in send-policy. Thanks @hansraj316.
  • PR #91163 fix(xai): clarify x_search query guidance. Thanks @rubencu.
  • PR #90121 fix(memory): write dream fallback without subagent runtime. Thanks @a-m-a-r-a.
  • PR #91215 fix(ui): show prompt progress while sending. Related #91199. Thanks @zhangguiping-xydt and @vincentkoc and @Monniasza.
  • PR #92029 fix(tools): surface unsupported-signal in anyOf availability. Thanks @hansraj316.
  • PR #92034 perf(agents): memoize XML attribute regex in DSML stream parser. Thanks @hansraj316.
  • PR #92026 perf(agents): sanitize compaction messages once for token estimation. Thanks @hansraj316.
  • PR #91351 fix(opencode-go): add qwen plus tiered pricing. Related #91238. Thanks @849261680 and @vincentkoc and @samson910022.
  • PR #92027 fix(gateway): recover config hot-reload after watcher errors. Thanks @hansraj316.
  • PR #91471 feat(cron): add readable ISO time fields to cron runs JSON output. Thanks @FMLS and @cursoragent.
  • PR #91711 :bug: fix(agents): classify harness provider mismatch as format error (#91710). Thanks @a-tokyo.
  • PR #91292 fix(models): keep bundled provider catalog when configured base URL is blank (#91270). Thanks @yetval and @vincentkoc and @resYuto.
  • PR #91720 :bug: fix(openai): remove chatgpt-responses transport override from gpt-5.3-codex catalog entry. Related #91710. Thanks @a-tokyo.
  • PR #91305 fix(control-ui): make Control UI bootstrap config endpoint base-path-relative (#66946). Thanks @Alix-007 and @vincentkoc and @yndwx01.
  • PR #92056 fix(exec): honor state dir approvals. Thanks @vincentkoc.
  • PR #91897 fix(memory): self-heal missing index identity by initializing provider during sync. Thanks @xydt-tanshanshan and @vincentkoc.
  • PR #91802 fix(diagnostics): release wedged session lane when stuck-session recovery aborts a run with queued session work. Related #91700. Thanks @openperf and @infocus13.
  • PR #92030 fix(cron): structural top-of-hour match in stagger heuristic. Thanks @hansraj316 and @vincentkoc.
  • PR #92055 fix(media): resolve state-relative inbound attachments. Thanks @sercada and @vincentkoc.
  • PR #91962 fix(agent): dampen Discord stale thread replies. Thanks @RomneyDa.
  • PR #90912 fix(agents): honor configured CLI resume timeouts. Thanks @ai-hpc and @vincentkoc.
  • PR #91296 fix: hand off supervised git updates. Thanks @abnershang.
  • PR #91950 fix(web_fetch): sanitize URL whitespace from LLM tool call arguments (fixes #91651). Thanks @zenglingbiao and @vincentkoc and @akang1798.
  • PR #77367 fix(discord): scope command-deploy cache by application id. Related #77359. Thanks @lonexreb and @sallyom and @igmarketing.
  • PR #91976 feat(auto-reply): durable inter-tool commentary via verbose standalone progress (supersedes #89850/#89890). Thanks @anagnorisis2peripeteia.
  • PR #90128 fix(sessions): preserve user /model override across daily/idle session rollover (#90119). Thanks @Marvinthebored.
  • PR #92084 fix(clickclack): allow explicit enable through plugin allowlist.
  • PR #92092 fix(auto-reply): stop dropping claude-cli narration when commentary lane is off. Thanks @ragesaq.
  • PR #92123 #92109: [Bug]: EmbeddedAttemptSessionTakeoverError caused by Btrfs ctimeNs instability. Thanks @lzyyzznl and @vincentkoc and @recruits.
  • PR #92136 fix(feishu): reply inside P2P direct-message threads. Thanks @LiaoyuanNing and @vincentkoc.
  • PR #92121 fix(memory): preserve live SQLite index during swaps. Related #91216. Thanks @xydt-tanshanshan and @chrisreddington.
  • PR #90173 fix(agents): stabilize a2a prompt cache context. Thanks @Sunjae-k and @sunjae-1.
  • PR #91974 fix(cli-runner): scope claude-cli queue to live-session owner identity (#91946). Thanks @wangwllu.
  • PR #92053 fix(thinking): apply Claude profile to anthropic-messages catalog rows. Related #91975. Thanks @wangwllu.
  • PR #41991 Google: show detailed Gemini CLI OAuth extraction failures. Thanks @bgmbgm94.
  • PR #92074 fix(qqbot): flush tool output before silent non-streaming final. Thanks @sliverp.
  • PR #89508 fix(models): clarify provider model registration hint. Related #89192. Thanks @sweetcornna and @aaajiao.
  • PR #89085 fix(agents): keep migrated session entry ids unique on v1 upgrade. Thanks @yetval.
  • PR #89552 fix(discord): clean migrated thread binding state. Thanks @SYU8384.
  • PR #89448 fix(cron): reject durations that overflow to a non-finite value. Related #83906. Thanks @Alix-007 and @davinci282828.
  • PR #89319 fix(doctor): warn on unsupported hook entry loaders. Related #89309. Thanks @leno23 and @vincentkoc and @CameronWeller.
  • PR #91966 fix(config): stop config.patch replacePaths index suffix from widening array consent. Thanks @yetval and @vincentkoc.
  • PR #92127 fix(plugins): rescan storm in "/models" call (regression shipped since v2026.5.18). Thanks @obuchowski.
  • PR #91657 fix(ollama): use provider thinking default in SDK session factory. Related #91428. Thanks @openperf and @vincentkoc and @anijatsu.
  • PR #91742 fix(memory): abort orphaned embedding work when memory_search times out. Related #91718. Thanks @dreamhunter2333 and @vincentkoc and @NOVA-Openclaw.
  • PR #89091 fix(memory-core): retry narrative message reads. Thanks @bennewell35.
  • PR #92150 fix(release): gate beta publish on plugin verification. Thanks @vincentkoc.
  • PR #92158 fix(cli): validate gateway RPC timeout inputs. Thanks @ruanrrn and @comeran.
  • PR #91911 fix(agents): retry same model across short rate-limit windows. Thanks @lanzhi-lee.

Release verification