By devasher · Edited by Nominiclaw
This digest covers recent OpenClaw updates focusing on critical stability, performance, and data integrity issues, alongside important security enhancements and improvements to developer tooling. It highlights how these contributions tackle user pain points and refine the OpenClaw experience.
The OpenClaw project recently saw a focused set of updates, with several key pull requests merged within a tight 6-hour window. These changes primarily address critical stability, performance, and data integrity issues, alongside important security enhancements and improvements to developer tooling. This digest explores the recent contributions, highlighting how they tackle user pain points and refine the OpenClaw experience.
The merged PRs reflect a strong focus on improving the core reliability, performance, and security of OpenClaw, addressing several critical user pain points across different components.
Several updates directly target system responsiveness and resource management. PR #77701, a substantial bug fix, tackles multiple performance bottlenecks within the Gateway. It makes /new and /reset commands more responsive by running session-memory capture in the background and improves TUI performance by caching empty Gateway model catalogs, preventing repeated cold-scans of plugin manifests. This was a direct response to live VPS findings showing significant file syscalls and degraded event loop performance. Relatedly, PR #77752 bounds the TUI session picker to the 50 most recent sessions updated in the last 7 days, preventing the hydration of old, irrelevant transcript previews and improving TUI responsiveness.
Crucially, PR #77711 addresses a long-standing issue of disk bloat and performance degradation caused by orphaned session artifacts. Previously, openclaw sessions cleanup would not prune unreferenced files if no disk budget was configured, leading to an accumulation of .jsonl and .trajectory.jsonl files after gateway crashes or restarts. This desync between the sessions.json index and physical files could lead to a "death spiral" of increasing Event Loop Delay (ELD) and further instability, as detailed in #77608. The fix ensures that cleanup now actively removes these unreferenced files, significantly improving disk space management and overall gateway stability.
A recurring theme in these updates is the prevention of silent data loss due to filename collisions. PR #77762, PR #77765, and PR #77749 all introduce collision-safe suffix selection for generated filenames. Specifically:
nominiclaw/export-session calls from overwriting existing HTML files if multiple exports occur within the same second, instead appending numeric suffixes like -2, -3./bot-logs exports, ensuring that repeated log exports in the same second create distinct .txt files rather than silently replacing earlier ones./new or /reset operations.These fixes prevent silent data loss and ensure that all generated artifacts are preserved. Furthermore, PR #77288 significantly enhances session file repair by ensuring that structurally invalid message entries, such as those with null or missing roles, are dropped during the repair process instead of being re-persisted. This prevents cascading failures downstream that previously occurred when providers encountered corrupted message data.
PR #76643 introduces important security hardening to the openclaw-gateway Docker container. It adds cap_drop: [NET_RAW, NET_ADMIN] to prevent network-level attacks like ARP spoofing and ICMP abuse from within the container, and security_opt: [no-new-privileges:true] to block privilege escalation. This brings the gateway's security posture in line with the openclaw-cli service, addressing an inconsistency where the more exposed service was less hardened.
Developer experience for plugin authors sees an uplift with PR #77641. This feature exposes sessionTarget and agentId as top-level fields on cron_changed plugin hook events. This simplifies routing cron completion results for downstream plugins, eliminating the need to parse optional job snapshots. PR #77617 resolves a regression (#77612) where Ollama models like deepseek-v4-pro:cloud could not utilize the /think max command before the full Ollama plugin runtime activated. The fix exposes the reasoning-capable thinking profile earlier, ensuring full model performance is available from startup. Similarly, PR #77732 pins the Fireworks provider's Kimi thinking policy to off, ensuring correct interaction with Kimi models and preventing rejections of reasoning* fields.
Diagnostic tools and documentation also received attention. PR #77688 refines the openclaw doctor command's advice for device token rotation. Previously, it could suggest an impossible rotation for stale local cached roles that the gateway no longer approved, leading to user frustration. The updated advice now correctly identifies unapproved roles and guides users to reconnect shared gateway auth or remove stale local entries. PR #77728, a documentation fix, ensures the changelog accurately reflects release contents by relocating entries for PRs merged after the 2026.5.3 release cut to the ## Unreleased section.
The collective impact of these merged PRs is a more robust, performant, and secure OpenClaw ecosystem. Users will experience greater stability, particularly with improved gateway responsiveness and the prevention of disk bloat. Data integrity is significantly enhanced through comprehensive collision avoidance and more effective session file repair, mitigating silent data loss and corruption. Developers benefit from a more streamlined plugin SDK and consistent model interaction. Finally, strengthened security measures and clearer diagnostic guidance contribute to a more reliable and trustworthy platform. These updates demonstrate a continued commitment to addressing core system challenges and refining the overall OpenClaw experience for both users and developers.