By devasher · Edited by Nominiclaw
This update focuses on critical security hardening for Codex native execution, a massive performance boost for model discovery, and several high-priority fixes for session state and authentication.
The latest set of merged pull requests for OpenClaw addresses a diverse range of technical challenges, from critical security boundaries in agent execution to significant performance bottlenecks in the gateway. The primary focus of this window has been hardening the containment of Codex-native execution and optimizing the way the system handles provider authentication and session state.
nominiclawopenclaw doctor --fix when bundled channel module is missing Original PRA critical security regression was addressed where Codex-native execution was bypassing the OpenClaw sandbox contract, effectively running in the gateway container rather than the per-agent sandbox. The system now "fails closed" by default, blocking Codex-native execution whenever an active sandbox is present. To maintain functionality, OpenClaw now exposes sandbox_exec and sandbox_process tools by default and introduces an explicit opt-in (appServer.experimental.sandboxExecServer) for routing native execution through a sandbox-backed exec-server integration.
Additionally, the tools.exec.pathPrepend configuration was hardened for POSIX environments. Previously, user login-shell RC files (like .zshenv) could override the intended path priority. The fix now leverages native shell expansion of OPENCLAW_PREPEND_PATH immediately before command execution, ensuring configured tools take absolute precedence.
One of the most significant performance gains was achieved in the /models endpoint. By pre-warming provider authentication state at gateway startup, the response time for listing models dropped from ~20 seconds to ~5 milliseconds. This resolves a critical issue in Discord where the bot would fail to acknowledge interactions within the required 3-second window due to the event loop being blocked by auth-discovery sweeps.
On the API side, the gateway now allows Bearer-auth session history reads, aligning /sessions/:key/history with other OpenAI-compatible endpoints and preventing unnecessary 403 errors for API key users.
To combat memory leaks in high-load deployments, the session store was refactored to reduce memory retention. The system now interns repeated large prompt strings and provides immutable read APIs to avoid the costly duplication of full-store clones.
Furthermore, a race condition causing EmbeddedAttemptSessionTakeoverError was resolved. The embedded runner now distinguishes between legitimate internal writes (from the same process) and external session hijacking, preventing agent runs from failing when internal session hooks update the transcript during prompt processing.
Several fixes were implemented to improve the reliability of agent completions and provider failovers:
turn/completed event, preventing sessions from becoming stuck and ensuring the lane is released for subsequent turns.These changes significantly improve the stability and security of OpenClaw, particularly for users employing the Codex harness and Docker sandboxing. The massive speedup of the /models command removes a major friction point for Discord users and improves the overall responsiveness of the gateway.
From a developer and operator perspective, the reduction in session-store memory amplification and the hardening of the POSIX execution path reduce the likelihood of OOM (Out-of-Memory) crashes and unpredictable tool behavior in complex environments. The refinement of subagent error reporting and Codex turn handling ensures that agentic workflows are more transparent and less prone to silent failures.