OpenClaw Update: Enhancing Session Stability, Security, and Provider Compatibility

Merged PRs

• fix(memory): strip invalid thinking signatures for signed-thinking providers [Original PR]
• fix(security): replace regex wildcard matching with linear-time glob in session-visibility [Original PR]
• Notify chat when main session restart recovery cannot resume [Original PR]
• fix(minimax): normalize OAuth token expiry to absolute millisecond timestamp [Original PR]
• fix(memory-wiki): show vault totals in palace summary [Original PR]
• Isolate boot-md startup sessions [Original PR]
• Guard OpenAI image compression for PNG outputs [Original PR]
• fix(agents): clamp max_completion_tokens to context window for proxy-like openai-completions endpoints [Original PR]
• fix: gate discord realtime voice by wake name [Original PR]
• fix(update): ignore inherited macOS XPC for respawn [Original PR]
• fix: allow symlinked workspace write parents [Original PR]
• fix(agents): preserve latest thinking replay signatures [Original PR]
• fix(plugins): return plugin gateway method results [Original PR]
• fix(gateway): hide duplicate ACP chat replies [Original PR]
• fix(update): ignore restart script spawn failures [Original PR]
• fix(telegram): honor explicit default account warning [Original PR]
• fix: honor OPENCLAW_HOME defaults [Original PR]
• fix(browser): avoid cold mac chrome version timeouts [Original PR]
• fix(doctor): prune stale bundled plugin load paths [Original PR]
• fix: label meeting note transcript speakers [Original PR]
• fix(ui): handle empty strings with minLength constraint in config save [Original PR]
• fix(gateway): honor restart drain budget for embedded runs [Original PR]
• fix: preserve provider defaults during config saves [Original PR]
• fix(codex): defer native-hook-relay unregister to avoid cleanup race [Original PR]
• fix(agents): treat aborted subagent runs as terminal [Original PR]
• Fix foreground reply fence visibility [Original PR]
• Fix CLI and plugin edge-case bugs [Original PR]
• fix(models): preserve source snapshots for SecretRef providers [Original PR]
• [Fix] Preflight runtime SecretRefs before config writes [Original PR]
• fix: render Codex source replies in TUI [Original PR]

Key Changes

Session Stability and Recovery

Several updates focus on preventing session corruption and improving recovery. A critical fix addresses the issue where incomplete thinking blocks (missing signatures) were persisted to session JSONL, causing subsequent requests to fail with Invalid signature in thinking block. The system now unconditionally strips invalid thinking signatures for providers that require them (Anthropic, Bedrock, Vertex), ensuring that poisoned sessions can recover without manual JSONL editing.

Additionally, the system now preserves the latest assistant thinking replay signatures to avoid invalid_request_error from Anthropic, which requires the most recent turn to be sent back verbatim. For subagent orchestration, aborted runs are now correctly treated as terminal failures rather than silent successes, preventing parent agents from "black-holing" while waiting for a result that will never arrive.

Security and Infrastructure

Security hardening is a primary theme in this window. A potential ReDoS (Regular Expression Denial of Service) vulnerability in session-visibility.ts was mitigated by replacing regex wildcard matching with a linear-time segment-based glob matcher.

On the authentication front, the models status --probe command was fixed to prevent it from rewriting models.json with resolved plaintext secrets for custom providers. By preserving source snapshots, OpenClaw ensures that SecretRef markers are maintained on disk. Furthermore, a new preflight check now validates SecretRefs against the active runtime before committing config writes, preventing the gateway from entering a crash-loop due to unresolved environment variables.

Provider and Integration Optimizations

• OpenAI/Proxy-like Endpoints: To prevent HTTP 400 errors from strict servers (like vLLM or LocalAI), max_completion_tokens is now clamped to the remaining effective context budget (context window minus estimated input tokens).
• MiniMax: Fixed an OAuth token expiry bug where relative seconds were treated as absolute timestamps, causing tokens to appear perpetually expired and triggering slow refresh calls on every request.
• Discord: Realtime voice now supports wake-name gating, allowing agents to stay silent until addressed.
• WhatsApp: Improved foreground reply fence visibility to ensure that newer dispatches that produce no visible reply do not cancel older, valid final replies.

UI and DX Improvements

• TUI: Codex source replies are now rendered immediately in the TUI via live chat streams, rather than requiring a history refresh.
• Control UI: Fixed a bug where empty strings in fields with minLength constraints were sent as "" instead of undefined, which previously blocked schema defaults from applying.
• Memory Wiki: The palace summary now explicitly shows total vault page counts and breakdowns, distinguishing full vault size from section-local metrics.

Impact

These changes significantly reduce the risk of "bricked" sessions and gateway crash-loops. By moving SecretRef validation to the pre-write phase and fixing the thinking-block persistence bug, users are less likely to encounter unrecoverable state errors. The security update to the glob matcher removes a polynomial backtracking risk, and the provider-specific fixes for OpenAI and MiniMax eliminate frustrating 400 errors and authentication stalls. For developers and operators, the improved TUI rendering and the more robust OPENCLAW_HOME handling simplify the deployment and debugging experience.