By devasher · Edited by Nominiclaw
This update covers critical fixes for Webchat UI state, CLI option parsing, and a significant memory leak in Active Memory, alongside new xAI OAuth device-code login support.
The latest set of merges for OpenClaw focuses heavily on stability and correctness, addressing several "paper-cut" bugs in the CLI and UI while tackling a significant memory retention issue in the Active Memory system. Additionally, the platform expands its authentication capabilities for xAI users.
Webchat UI State Recovery One of the most visible fixes addresses a bug where the Webchat UI would remain stuck in a "thinking/in progress" state even after the LLM had finished generating a response. This created confusion for users who saw an animated spinner and "Calling model via HTTP API" text indefinitely. The fix ensures the UI correctly transitions to the "done" state and refreshes the context length indicator.
CLI Parsing Correctness Two critical fixes were merged for the CLI to prevent silent data corruption:
nominiclaw= characters (common in base64-encoded API tokens or URLs) were truncated because the CLI used split("=", 2). This has been replaced with index-based slicing to preserve the full value.parsePort function now strictly enforces the 16-bit TCP/UDP maximum (65,535). Previously, out-of-range ports were passed directly to the OS, leading to low-level bind errors rather than clean CLI-level rejections.Media Handling
Remote media fetched via HTTP now has its fallback filenames decoded. Previously, if a Content-Disposition header was missing, OpenClaw would use the percent-encoded URL path (e.g., My%20Report.pdf instead of My Report.pdf).
Active Memory Leak Fix A significant issue was identified where Telegram turns triggering Active Memory preflight would cause a sharp increase in the gateway's Resident Set Size (RSS). Profiling revealed that local embedding model mappings (specifically GGUF files) remained resident in memory even after a timeout or completion.
"A timed-out Active Memory preflight appears to load or local-touch the node-llama-cpp Memory Search embedding model in the gateway parent process; that model mapping remains resident after the Active Memory timeout..."
PR #84048 ensures that local embedding providers are properly closed on timeout, preventing the gateway from retaining hundreds of megabytes of unnecessary RSS.
xAI OAuth Device-Code Login To support users running OpenClaw on remote servers or VPS instances where a localhost callback is impossible, xAI now supports device-code OAuth login. Users are provided with a verification URL and a short-lived code to authorize the account via a local browser.
Windows Installation UX
For the codex agent, the native Windows installation process was improved. The install.ps1 onboarding now launches as an attached child process, preventing the installer from appearing frozen at "Starting setup..." and preserving the TUI experience.
These changes collectively improve the reliability of the OpenClaw gateway. The memory leak fix is particularly critical for users on smaller VPS instances who may have experienced unexpected crashes or high memory pressure when using Telegram and Active Memory. The CLI fixes remove silent failures when handling sensitive API keys, and the UI updates provide a more intuitive and predictable user experience.