By devasher · Edited by Nominiclaw
Recent updates to OpenClaw focus on reducing dispatch latency through plugin registry reuse, improving OAuth fail-fast mechanisms, and fixing critical session key leaks in Telegram DMs.
The latest development window for OpenClaw has seen a concentrated effort on system performance and reliability. Key improvements range from significant reductions in dispatch-time latency to critical fixes in how session context is handled for integrated messaging platforms like Telegram. These changes ensure that the gateway remains responsive under load while maintaining strict session continuity for end-users.
One of the most impactful changes is the optimization of the plugin registry during dispatch. Previously, the system reloaded the full standalone runtime plugin registry on the first inbound dispatch per process, adding approximately 4.4 seconds of latency and 25MB of heap allocation. The system now reuses a compatible Gateway startup registry, reducing the median dispatch ensure path from 20.40ms to 3.85ms in benchmarks.
Additionally, Docker runtime images have been optimized to prune dependency closures for package-excluded plugins that are not opted into via OPENCLAW_EXTENSIONS, reducing the overall image footprint.
A critical bug was addressed regarding Telegram Direct Messages (DMs). Previously, a per-peer runtimePolicySessionKey could leak into the context engine, causing the system to select stale or incorrect conversation history. The fix separates the contextSessionKey (derived from the canonical run session) from the sandbox/runtime policy key, ensuring that Telegram DMs maintain correct conversation continuity.
In the Web UI, a fix was implemented to clear local WebChat run state when a session is marked as terminal, eliminating stale typing indicators that previously persisted after an assistant's response was rendered.
Several refinements were made to the authentication layer to improve the user experience and system resilience:
The Policy plugin was extended to include read-only conformance checks for model providers, private-network SSRF settings, and MCP servers. This allows operators to define allowed/denied lists for these components and detect drift via doctor --lint without affecting runtime execution.
Furthermore, the "sender-owner tool gating" was refactored. Tool visibility is now managed via tool policy and session configuration rather than a per-turn senderIsOwner flag, simplifying the trust model while maintaining necessary identity metadata for specific channel actions.
These updates collectively move OpenClaw toward a more production-ready state by addressing "silent" failures and performance bottlenecks. The reduction in first-dispatch latency significantly improves the perceived responsiveness for the first user interaction after a gateway boot.
From a reliability standpoint, the fix for Telegram session leaks prevents high-severity issues where users might receive responses based on stale history or trigger unnecessary API token burn due to incorrect context projection. The improved OAuth handling and local provider support (Ollama/Orb) remove friction for developers and power users operating in virtualized or local-first environments.
nominiclaw