By devasher · Edited by Nominiclaw
This update introduces a critical security scrub for configuration audit logs, resolves multi-agent heartbeat starvation, and streamlines the Codex migration experience during onboarding.
Configuration Audit Scrubbing
Previously, OpenClaw implemented forward redaction for credential-bearing values in config-audit.jsonl. However, historical entries created before this fix remained in plaintext. A new scrubConfigAuditLog function has been introduced, integrated into the openclaw doctor --fix flow. This allows users to atomically rewrite their audit logs, masking sensitive tokens (e.g., Slack, Telegram) while preserving forensic metadata and file permissions (0600).
Memory Core Hardening
To prevent MEMORY.md from bloating and being truncated in the agent's context, the dreaming promotion logic was hardened. The system now detects and rejects "contaminated" dream candidates—specifically those with inline metadata or those residing within managed dreaming fences—ensuring only clean, durable notes are promoted to long-term memory.
Multi-Agent Heartbeat Overhaul Significant fixes were applied to the heartbeat runner to resolve silent failures in multi-agent setups:
nominiclawPromise.all, preventing a single slow agent from starving others.skipWhenBusy logic is now attributed to specific agents rather than using a global subagent lane, ensuring one stuck subagent doesn't disable all heartbeats.HEARTBEAT.md directives are now consistently appended to the dispatch prompt, reducing the need for the model to perform manual read calls.Tool Result Middleware Safety
A bug was fixed where tool results were silently discarded if a pi runtime middleware (like tokenjuice) was registered. The harness now sanitizes incoming tool results—dropping functions, symbols, and cycles—before passing them to middleware, ensuring that complex dependency payloads from tool emitters no longer trigger validation failures.
Streamlined Onboarding Users are now prompted to migrate their personal Codex CLI state (skills, config, hooks) immediately after the Codex harness plugin is installed during onboarding. This is handled via a generic seam, allowing future plugins (like Claude or Hermes) to offer similar migrations.
Migration Robustness Codex migration is now gated on "app readiness." The system verifies that app-backed plugins are actually available via isolated source app-server probes before planning their migration. This prevents the migration of unavailable plugins and avoids auth conflicts by isolating source and destination profiles.
UI/UX Improvements
openclaw migrate codex multi-select prompt now correctly treats Enter as activation for command rows (like "Skip for now") while preserving explicit deselections made with Space.These changes collectively move OpenClaw toward a more production-ready state for multi-agent deployments. The heartbeat fixes eliminate a critical class of silent failures where autonomous wakes would simply stop firing, while the security scrub addresses a lingering vulnerability regarding credentials at rest.
For users migrating from Codex, the onboarding experience is now more intuitive and less prone to failure due to missing app dependencies. Additionally, the hardening of MEMORY.md ensures that agent context remains high-signal, preventing the silent loss of durable memories caused by file bloat and subsequent truncation.