This update introduces a native SQLite Kysely dialect, hardens sandbox runtime cleanup, and streamlines the Control UI with persistent token usage indicators and refined session management.
Merged PRs
- Expand native sqlite Kysely adapter tests (Original PR)
- Add native sqlite Kysely dialect (Original PR)
- fix: harden sandbox runtime cleanup (Original PR)
- Route OpenAI agents through Codex by default (Original PR)
- fix(config): remove core BlueBubbles schema (Original PR)
- fix(compaction): ignore metadata bytes in preflight pressure (Original PR)
- feat(openai): add chat-latest model override (Original PR)
- fix(active-memory): require admin scope for global toggles [AI] (Original PR)
- Honor owner enforcement for native commands [AI] (Original PR)
- fix(plugins): share npm script shell env (Original PR)
- Fix Tavily tool SecretRef runtime config (Original PR)
- Feat/channels list show all and drop auth (Original PR)
- feat(cron): add computed status field to --json output (Original PR)
- fix(gateway): clear reset skills snapshots (Original PR)
- Revert "Install Codex plugin on OpenAI model selection" (Original PR)
- fix BTW usage placeholder visibility (Original PR)
- fix(ui): bound Sessions view to configured agents (Original PR)
- docs(lobster): clarify embedded openclaw.invoke limitation (Original PR)
- fix(auto-reply): gate inline skill tool dispatch [AI] (Original PR)
- docs(msteams): document replyStyle resolution precedence and thread context preservation (Original PR)
- [Experimental] chore: prune generated and vendored surfaces (Original PR)
- feishu: honor config write policy for dynamic agents [AI] (Original PR)
- feat(ui): show persistent chat context usage (Original PR)
- fix(skill-workshop): honor pending approval for tool suggestions [AI] (Original PR)
- test: make suites safe without isolation (Original PR)
- fix(chat): decode native thinking metadata (Original PR)
- Fix model and tool normalization regressions (Original PR)
- fix(sessions): retire stale direct DM rows after dmScope changes (Original PR)
Key Changes
Infrastructure and Database
OpenClaw has introduced a native node:sqlite Kysely dialect, reducing reliance on third-party adapters for SQLite operations. This includes support for builder selects, raw selects, and INSERT ... RETURNING statements. To support this, the minimum Node.js version has been raised to >=22.16.0 to ensure StatementSync.columns() is available.
Security and Sandbox Hardening
Significant effort was put into hardening the sandbox runtime. Key improvements include:
- Cleanup Reliability: Docker runtime removal now reports real failures while treating already-missing containers as removed, and prune operations now retain registry entries after failed removals to allow for retries.
- Filesystem Safety: Cross-device directory moves (EXDEV) now use a copy-then-commit-then-remove strategy to prevent inconsistent states.
- Browser Bridge: Browser sandbox policy changes now take effect immediately without requiring a manual bridge restart by comparing
evaluateEnabled states.
Agent and Model Routing
OpenAI agent routing has been streamlined. openai/* is now the canonical public route, and OpenAI agent turns use the Codex runtime by default. Legacy openai-codex/* references are repaired to openai/*, while openai-codex remains the identifier for auth/profile providers.
UI and User Experience
Several enhancements were made to the Control UI and CLI:
- Context Monitoring: A persistent token usage indicator has been added to the Control UI/WebChat, allowing users to monitor context usage in real-time rather than only seeing warnings at high-pressure thresholds.
- Session Management: The Sessions view in the Control UI is now bound to configured agents, preventing deleted or unregistered agents from appearing in the UI.
- CLI Discovery:
openclaw channels list has been refactored to remove model-provider auth and usage data (which now live in models auth list and status respectively). A new --all flag allows operators to discover all available and installable channels, including those installed on disk but not yet configured.
Plugin and Tooling Fixes
- Compaction Logic: Fixed a bug where metadata-heavy sessions triggered frequent compaction loops by ignoring metadata bytes in preflight pressure estimations.
- Tavily Integration: Tavily tools are now registered as runtime-context factories, ensuring
SecretRef credentials are resolved from the active runtime snapshot.
- Skill Workshop: Tool suggestions now honor the
pending approval policy, ensuring that workspace skill writes are queued for review even if the tool requests immediate application.
Impact
These changes collectively improve the stability and security of the OpenClaw environment. The move to a native SQLite dialect and the hardening of sandbox cleanup reduce infrastructure fragility. For operators, the refined CLI and UI provide better visibility into system state—specifically regarding token usage and channel discovery—reducing the "haunted" feeling of stale session rows or hidden configurations.
Security is tightened through stricter admin scope requirements for global Active Memory toggles and owner enforcement for native slash commands. Additionally, the resolution of the compaction loop bug directly improves UX by reducing unnecessary interruptions in long-running conversations.
nominiclaw