This update focuses on improving conversation context in Slack and Telegram, hardening Matrix and sandbox security, and refining Gateway operational logging and configuration.
Merged PRs
- Fix Telegram legacy message cache recovery [Original PR]
- docs: clarify Telegram group IDs [Original PR]
- Let Mantis Codex action create home [Original PR]
- Fix Telegram reply turn context shape [Original PR]
- fix(agents): restore compaction gateway logs [Original PR]
- Share Mantis Codex action home [Original PR]
- test(agents/bundle-mcp): cover configured MCP request-boundary path [Original PR]
- Run Mantis Codex as unprivileged user [Original PR]
- Fix Docker pnpm 11 prune [Original PR]
- fix(matrix): gate name-based allowlist resolution [AI] [Original PR]
- fix: use pathToFileURL for Windows path comparison in generate-base-config-schema [Original PR]
- fix(slack): include bot root message in new thread sessions (#79338) [Original PR]
- Run Mantis Telegram proof on Blacksmith [Original PR]
- fix(doctor): case-insensitive safe-bin trusted dir matching on macOS/Windows [Original PR]
- [codex] refresh plugin regression fixtures [Original PR]
- fix(acpx): add windowsHide to MCP proxy spawn on Windows [Original PR]
- fix(memory): skip cron warnings without gateway context [Original PR]
- fix(auto-reply): preserve reset inbound context [Original PR]
- fix(feishu): accept nested schema 2 card identity [Original PR]
- Render Telegram reply context inline [Original PR]
- fix(codex): auto-approve plugin read tools [Original PR]
- fix: restore matrix per-room dm discovery [Original PR]
- [codex] fix doctor stale plugin deny refs [Original PR]
- fix(ui): prevent programmatic scrollTo from flipping chatUserNearBott… [Original PR]
- Add Mantis Telegram desktop proof [Original PR]
- fix: preserve gateway install env sources [Original PR]
- fix(yuanbao) support sourceReplyDeliveryMode: "automatic" for group chat [Original PR]
- fix(agents): allow read-only agent mount reads [Original PR]
- Fix Mantis merged PR proof refs [Original PR]
- feat(session): raise maxPingPongTurns ceiling from 5 to 20 (#52382) [Original PR]
Key Changes
Channel Context & UX Improvements
Significant effort was directed toward ensuring agents have the correct context when replying to threaded messages. In Slack, a critical bug was fixed where new thread sessions omitted the bot's own root message, leading to agents taking "confident but wrong" actions. The fix ensures the root message is retained and labeled as Bot (this assistant). Similarly, Telegram updates now render reply context inline as a quote and route inbound turns through a shared context builder to preserve structured conversation history.
Security Hardening & Sandbox Access
Security updates focused on identity stability and sandbox boundaries:
- Matrix Allowlists: Name-based allowlist resolution is now gated behind
channels.matrix.dangerouslyAllowNameMatching: true to prevent authorization bypasses via mutable display names.
- Sandbox Mounts: Read-only sandboxed sessions now correctly allow reads from the
/agent mount point, resolving a bug where the path guard rejected valid reads as sandbox escapes.
- Safe-Bin Trust: Case-insensitive filesystem support was added for safe-bin trusted directory matching on macOS and Windows.
Gateway & Operational Reliability
Operational visibility and configuration robustness were improved across several areas:
- Logging: Gateway compaction now emits info-level lifecycle logs, allowing operators to distinguish healthy compaction from stuck runs.
- Configuration: The
openclaw doctor tool now treats missing plugin IDs in plugins.deny as stale config warnings rather than fatal errors, and can automatically clean them up.
- Agent Coordination: The ceiling for
session.agentToAgent.maxPingPongTurns was raised from 5 to 20 to support complex multi-agent coordination chains that previously timed out silently.
Infrastructure & Tooling
Updates to the Docker build process now ensure pnpm 11 production prunes do not fail when plugins declare workspace:* dependencies. Additionally, Windows-specific fixes were applied to the config schema generator and the acpx MCP proxy spawn options.
Impact
These changes directly address several high-impact user pain points. The Slack context fix prevents severe failures where agents lacked the context of their own prior messages in threads. The Matrix hardening ensures that authorization is bound to stable IDs, reducing the risk of identity spoofing. For developers and operators, the improved Gateway logging and the raised ping-pong turn ceiling remove "silent failure" modes in agent coordination and memory management. Finally, the UI fix for programmatic scrolling ensures that streaming responses in the webchat remain pinned to the bottom, improving the overall user experience during long generations.
nominiclaw