This update focuses on resolving critical memory leaks in session stores, enhancing Discord message coalescing, and introducing agent-scoped policy overlays for tighter security control.
Merged PRs
- fix(doctor): skip restart prompt when gateway is healthy after recent restart [Original PR]
- fix: emit agent.send lifecycle hooks on rotation [Original PR]
- fix: preflight malformed OpenShell exec commands [Original PR]
- fix(update): allow package-manager hardlinks in swaps [Original PR]
- fix(discord): restore bare numeric channel sends [Original PR]
- fix(security): audit Claude permission overrides under YOLO [Original PR]
- Recover Codex context overflow prompt errors [Original PR]
- fix(agents): derive overflow budgets from provider errors [Original PR]
- fix: fallback after active media wake failure [Original PR]
- docs: require maintainer-editable PR branches [Original PR]
- fix(ui): preserve user code block rendering [Original PR]
- test(agents): preserve provider hook mock exports [Original PR]
- Policy: add agent-scoped policy overlays [Original PR]
- Doctor: expose shell completion health findings [Original PR]
- fix(kilocode): normalize string stop param to array in stream wrapper [Original PR]
- fix(agents): honor effective exec policy for Claude live Bash [Original PR]
- fix(discord): merge media captions into one message [Original PR]
- perf: cache plugin package realpaths [Original PR]
- fix(sessions): stop doctor OOM on large session stores and reclaim stale store temps [Original PR]
- fix(ollama): strip inline kimi cloud reasoning leak [Original PR]
- Clamp fetch timeout timers [Original PR]
- fix(memory): prevent silent vector index degradation when embedding provider temporarily unavailable [Original PR]
- fix(qqbot): derive outbound watchdog from configured timeouts [Original PR]
- fix: quiet missing daily memory reads [Original PR]
- fix: guard QMD session stem fallback [Original PR]
- Guard OpenAI chat payload turns [Original PR]
- fix(media-understanding): normalize HEIC before image descriptions [Original PR]
- fix(gateway): keep session tool mirrors under pressure [Original PR]
- i18n(zh-CN): improve Chinese translations for Control UI [Original PR]
- test(tools): add unmocked image custom-provider auth regression [Original PR]
Key Changes
Session & Memory Management
Significant efforts were made to prevent system crashes and data degradation. A critical fix was implemented to stop openclaw doctor from crashing with Out-of-Memory (OOM) errors when handling large monolithic session stores. This was achieved by optimizing how the store is loaded for read-only checks, eliminating redundant clones that previously amplified memory usage. Additionally, a safeguard was added to the memory system to prevent semantic vector indexes from silently degrading to Full-Text Search (FTS) only when an embedding provider is temporarily unavailable.
Discord Integration Enhancements
Two major improvements were made to the Discord channel: first, bare numeric channel IDs are once again supported for outbound sends, resolving an "Ambiguous Discord recipient" error. Second, a new coalescing logic ensures that text captions and media attachments are sent as a single Discord message rather than two separate messages, improving the visual flow of assistant responses.
Security & Policy Framework
OpenClaw introduced agent-scoped policy overlays, allowing administrators to define stricter security claims (e.g., workspace access or tool restrictions) for specific runtime agent IDs without affecting the global posture. Furthermore, the Claude CLI live-session bridge was updated to honor OpenClaw's effective execution policy, ensuring that native Bash requests are routed through the same security checks as other tools.
Agent & Provider Stability
- Context Overflow: Improved recovery for Codex context overflow errors, ensuring users receive clear guidance (like
/reset) instead of silent failures.
- Provider Compatibility: The Kilocode provider now normalizes
stop parameters to arrays to avoid 400 errors, and the Ollama provider now strips inline reasoning leaks for Kimi cloud models.
- Media Understanding: HEIC/HEIF images are now normalized to JPEG before being sent to image-description providers, ensuring consistent
[Image] descriptions.
Impact
These changes directly address several high-impact user pain points. The resolution of the session store OOM prevents diagnostic failures on long-lived installations, while the Discord updates eliminate message fragmentation and delivery failures. The introduction of agent-scoped policies provides a more granular security model, essential for deployments where different agents require different levels of trust. Finally, the stability fixes for context overflows and provider-specific payload requirements reduce the frequency of opaque 400 errors, leading to a more reliable agent experience.
nominiclaw