OpenClaw Digest: Strengthening Security, Enhancing Workspace Addressing, and Refining Channel Integrations

The latest set of merged pull requests for OpenClaw focuses on three primary pillars: expanding the developer experience through a new universal workspace addressing scheme, tightening security boundaries on macOS and within the Gateway, and refining the stability of third-party channel integrations. These changes collectively move the platform toward a more surgical approach to configuration management and a more resilient execution environment.

Merged PRs

• Harden browser download output writes Original PR
• fix(pairing): preserve narrowed token scopes on upgrade Original PR
• fix: speed up status json channel detection Original PR
• fix(gateway): ignore malformed node catalog capabilities Original PR
• fix(gateway): include auth mode "none" in backend self-pairing skip Original PR
• fix(ui): read exec security from tools config Original PR
• fix(doctor): avoid duplicate gateway runtime warnings Original PR
• fix(gateway): require owner auth for managed image media Original PR
• feat(workspace): oc-path addressing substrate + openclaw path CLI Original PR
• fix(agents): route PI default streams through transport Original PR
• fix(auto-reply): resolve scp from path for media staging Original PR
• fix(discord): gate user allowlist name resolution Original PR
• fix(msteams): gate startup user allowlist resolution Original PR
• fix: clarify gateway version mismatch warnings Original PR
• fix(control-ui): clarify login failure guidance Original PR
• Harden macOS shell wrapper allowlist parsing Original PR
• fix(gateway): persist macOS stop disable after bootout Original PR
• feat(imessage): add native imsg message actions Original PR
• [Fix] Preserve node reconnect state Original PR
• fix: respect Codex requirements for app-server defaults Original PR
• fix: add root guard to prevent CLI execution as root Original PR
• fix(whatsapp): ignore outbound echoes for inbound activity Original PR
• fix(ui): read exec policy from tools config Original PR
• Add ACP session load event ledger Original PR
• fix(telegram): recover sticky fetch fallback after transient failures Original PR
• fix(usage): roll up session lineage history Original PR
• docs: clarify Slack thread sessions Original PR
• Add Maurice Niu as maintainer Original PR
• fix(slack): seed thread routing for implicit-conversation channels Original PR
• Hide retired Google Gemini chat models from Control UI Original PR

Key Changes

Workspace Addressing and Developer Experience

One of the most significant additions is the oc:// addressing substrate. This provides a universal scheme (oc://FILE/SECTION/ITEM/FIELD) for workspace files across multiple formats (Markdown, JSONC, JSONL, YAML). This allows editor extensions and shell tooling to surgically inspect and edit specific leaves of a configuration without requiring full SDK scripting. A new openclaw path CLI accompanies this substrate to support resolve, find, set, validate, and emit operations.

Security Hardening and System Integrity

Several PRs focus on preventing privilege escalation and unauthorized access:

• Root Guard: The CLI now includes a root guard to prevent execution as root, which previously caused state corruption and race conditions on DigitalOcean droplets.
• macOS Exec Guard: The macOS shell wrapper allowlist parsing was hardened to recognize combined POSIX -c forms (e.g., bash -xc), ensuring that the actual payload is evaluated against the allowlist rather than just the shell executable.
• Auth & Tokens: Token scope resolution now preserves narrowed scopes during upgrades, preventing tokens from silently regaining old permissions. Additionally, managed image media now requires authenticated owner/admin context, removing reliance on untrustworthy requester-session headers.

Channel Integration Refinements

• Slack: Fixed a session-splitting bug in requireMention: false channels. Root turns and their subsequent thread replies now share the same session key, maintaining conversation continuity.
• WhatsApp: Outbound self-sends no longer trigger "inbound activity" timestamps, ensuring that channels status --probe accurately reflects real incoming messages.
• Telegram: The fetch stack now includes a recovery path. After transient failures trigger a sticky fallback to IPv4 or pinned-IP transports, the system will now probe the primary transport and restore it once healthy, eliminating the need for a gateway restart.
• iMessage: Added native imsg message actions, allowing agents to react, edit, unsend, and manage groups via the private-API bridge.

Gateway and UI Improvements

• Session Lineage: Usage history now supports "Historical lineage" rollups. This prevents the perceived loss of usage data after an openclaw update by aggregating usage across logical session families via transcript-backed data.
• ACP Event Ledger: Introduced an ACP event ledger with in-memory and file-backed storage to allow complete history replay during session loads.
• UI Clarity: The Control UI now provides structured guidance for login failures and clarifies gateway version mismatch warnings.

Impact

These updates significantly reduce the operational overhead for self-hosters and maintainers. The introduction of oc-path transforms the workspace from a collection of files into a queryable database of configuration. Security-conscious users benefit from the root guard and hardened macOS execution paths, which directly address critical vulnerabilities in how commands were validated and executed.

For end-users, the refinements to Slack and WhatsApp integrations mean more stable and intuitive bot behavior. The fix for Telegram's sticky fallback is particularly impactful for users in network-constrained environments (such as those behind the GFW), where transient blips previously caused permanent degradation of the channel until a manual restart. Finally, the session lineage rollups ensure that long-term usage metrics remain continuous and trustworthy, regardless of how many times the gateway is updated or restarted.