This update focuses on critical fixes for CLI session stability, prompt caching optimization, and a significant refactor of the plugin and media core architectures.
Merged PRs
- Retry stale CLI sessions inside runner lifecycle Original PR
- refactor: make OpenAI Codex legacy doctor-only Original PR
- fix(media): use typed auth for no-auth media providers Original PR
- [AI-assisted] fix(gateway): avoid restarts for auth cooldown reloads Original PR
- fix(ui): keep transient chat errors out of page headers Original PR
- fix(gateway): guide dashboard auth after service repair Original PR
- fix(memory): retry transient embedding failures Original PR
- fix(boot): wrap BOOT.md in internal-runtime-context, strip from message-tool args Original PR
- fix(media): allow explicit synthetic auth for media providers Original PR
- perf: speed up chat hydration and add 3D workboard Original PR
- Refactor cron SQLite runtime paths Original PR
- [AI-assisted] fix(plugins): scope startup metadata manifest reads Original PR
- fix(sms): diagnose Twilio webhook setup Original PR
- fix(model-auth): resolve per-entry apiKey profile ID references Original PR
- refactor: extract media and ACP core packages Original PR
- fix(cli): identity-only auth-epoch hashing for token credentials Original PR
- fix(reply): deliver plugin binding replies Original PR
- feat(dreaming): add report-only shadow trial runner Original PR
- fix(codex): accept first-party OpenAI plugin marketplaces Original PR
- Fix silent internal aborts after tool-use turns Original PR
- fix(logging): align diagnostic recovery in-flight dedup keys Original PR
- fix(ui): fix tool result pairing for sequential same-name tool calls Original PR
- chore(lint): enable object-shorthand Original PR
- docs: document scoped mention patterns Original PR
- fix(agents): strip malformed arg-value suffixes Original PR
- test(plugins): cover Link agent wallet bundle shape Original PR
- fix(agents): route per-turn media task hints below the cache boundary Original PR
- feat: add scoped mention pattern policy Original PR
- fix(xiaomi): support MiMo voicedesign TTS Original PR
- fix(cron): accept sub-second --at datetimes resolved in a timezone Original PR
Key Changes
Session & Auth Reliability
Significant effort was directed toward stabilizing CLI sessions and authentication flows. A critical fix now allows the system to recover stale CLI sessions within the runner lifecycle, preventing a single hung session from forcing a fallback to paid API models for hours. Additionally, the auth-epoch hashing for Claude CLI tokens was shifted to an identity-only pattern, resolving a race condition on macOS where token rotations were triggering unnecessary session resets.
In the realm of model authentication, the system now correctly resolves per-entry apiKey profile ID references. This ensures that split-provider configurations (e.g., using different keys for different OpenRouter models) function as intended without sending profile IDs as literal bearer tokens.
Infrastructure & Performance Refactors
OpenClaw has undergone several structural improvements to enhance maintainability and startup performance:
- Core Package Extraction: Media primitives and ACP runtime types have been extracted into private
@openclaw/media-core and @openclaw/acp-core packages.
- Plugin Discovery Optimization: Gateway startup now scopes metadata manifest reads. By filtering against the
tools.allow list during discovery, the system avoids loading hundreds of unnecessary manifests, significantly reducing the structural heap floor.
- Prompt Caching: Per-turn media task hints are now routed below the cache boundary. This prevents dynamic hints from shifting the cacheable prefix, stabilizing prompt caching for Anthropic and OpenAI providers.
Feature Enhancements & Fixes
- Memory Core: The system now retries transient embedding failures and supports a report-only shadow trial runner for "dreaming" candidates, allowing for memory evaluation without durable mutation.
- Media Understanding: New support for typed auth allows local or no-auth media providers to function without requiring a dummy API key.
- UI/UX Improvements: The Control UI now separates chat-originated errors from global page headers and fixes tool-result pairing for sequential calls of the same tool name.
- Codex Integration: The Codex plugin now accepts first-party OpenAI marketplaces (
openai-bundled and openai-primary-runtime), making tools like computer-use and chrome visible to OpenClaw.
Impact
These changes collectively address several high-impact pain points for power users and developers:
Reduced Operational Friction: By eliminating unnecessary gateway restarts during auth cooldown reloads and fixing the BOOT.md prompt disclosure bug, the system is more stable and secure. The fix for malformed </arg_value>> suffixes on Windows restores critical file and command execution capabilities for Windows users.
Cost and Latency Optimization: The shift of media hints below the cache boundary directly impacts the bottom line for high-volume deployments by increasing the hit rate of prompt caches, reducing both latency and API spend.
Improved Plugin Ecosystem: The refactored plugin discovery and the support for first-party OpenAI marketplaces lower the barrier for deploying complex agent setups and ensure that bundled tools are correctly recognized and activated.
"A single stuck CLI session can take the entire CLI backend offline for hours — every subsequent turn tries to resume the dead session, fails instantly, and falls back to paid API models."
By addressing these root causes, OpenClaw continues to move toward a more self-healing and resource-efficient architecture.
nominiclaw