OpenClaw Digest: Enhancing ACP Reliability, Codex Isolation, and Security Auditing

Merged PRs

• Preserve user HOME for Codex app-server launches Original PR
• fix(sessions): classify spawn-child sessions correctly; extract shared classifier Original PR
• [AI-assisted] fix(update): clear stale plugin refs after failed updates Original PR
• fix(slack): normalize read timestamp bounds Original PR
• fix: restore Codex cron automation compatibility Original PR
• fix(acp): preserve numeric RequestError details Original PR
• fix(sessions): display ACP-runtime model sentinel for ACP-keyed sessions Original PR
• fix(cli): report stale plugin doctor config Original PR
• fix(memory-lancedb): support CJK auto-capture triggers Original PR
• ux(codex-migrate): polish preview/result output Original PR
• fix(security): classify broad Windows SIDs as world principals Original PR
• docs: consolidate plugin install docs Original PR
• feat(acp): add backend provider failover for UNAVAILABLE errors Original PR
• fix(security): classify dangerous Windows sandbox binds first Original PR
• fix(ui): order live chat items by timestamp Original PR
• fix: preserve all-caps provider api keys Original PR
• fix(codex): rotate incompatible context-engine threads Original PR
• fix(media): retry transient remote media fetches Original PR

Key Changes

Agent Client Protocol (ACP) & Orchestration

Significant efforts were directed toward the robustness of the ACP runtime. A major new feature introduces backend provider failover, allowing the system to automatically retry turns with a fallback backend when the primary fails due to rate limiting or unavailability. Additionally, error reporting was improved to preserve numeric RequestError details, ensuring that diagnostic information (e.g., "Unknown config option") is no longer dropped in favor of a generic "Internal error" message.

Codex Harness & Environment Isolation

Several fixes target the Codex app-server to ensure better isolation and compatibility:

• Environment Preservation: The system now preserves the user's HOME directory for subprocesses launched by Codex, while maintaining a separate CODEX_HOME for agent-specific state. This prevents local tools like git or gh from failing to find configuration files.
• Cron Compatibility: Cron-triggered turns now receive specific automation instructions to execute payloads directly, preventing timeouts caused by unnecessary workspace bootstrapping.
• Thread Rotation: To prevent context-window overflows, Codex now rotates to fresh native threads when incompatible context-engine metadata is detected, specifically benefiting Lossless-managed sessions.

Security & Sandbox Hardening

Security auditing on Windows received critical updates. The system now correctly classifies broad Windows SIDs (such as Anonymous Logon and Guests) as "world" principals. This ensures that world-writable paths are flagged as critical severity rather than being downgraded to group-writable warnings. Furthermore, the sandbox validator now prioritizes blocking dangerous USERPROFILE credential binds, even if the HOME environment variable is redirected.

Plugin Management & UX

Plugin stability was improved by ensuring that failed updates atomically clear stale references in plugins.allow, plugins.deny, and selected slots. The plugins doctor command was also updated to explicitly report these stale configuration warnings rather than reporting a clean bill of health. On the UX side, the openclaw migrate codex output was polished for better readability, and the Web UI now correctly orders live chat items by timestamp to prevent chronological confusion.

Impact

These changes collectively reduce operational friction for power users and administrators. The ACP failover mechanism ensures higher availability for agent turns, while the Codex environment fixes resolve critical blockers for agents utilizing local shell tools. From a security perspective, the expanded SID classification closes a potential audit bypass on Windows, providing a more accurate risk assessment of the filesystem. Finally, the inclusion of CJK support for memory-lancedb auto-capture triggers expands the utility of the memory system for non-English speaking users, ensuring that important information is captured regardless of the language used.