OpenClaw Update: Enhancing Agent Flexibility, LLM Timeouts, and System Hardening

Merged PRs

• [codex] restore QR bootstrap operator handoff (Original PR)
• docs: clarify /new vs /reset semantics in slash-commands (Original PR)
• [Docs] Document gateway benchmark probes (Original PR)
• fix(llm-idle-timeout): honor models.providers.<id>.timeoutSeconds for cloud providers (Original PR)
• harden update restart script creation [AI] (Original PR)
• fix(docker): keep default OpenAI harness plugin in release images (Original PR)
• fix(cli): format acp client errors with formatErrorMessage (Original PR)
• feat(agents): support per-agent local model lean mode (Original PR)
• fix(cli): preserve first line of channels logs at window boundary (Original PR)

Key Changes

Agent & LLM Runtime Enhancements

One of the most significant updates is the introduction of per-agent local model lean mode. Through the new agents.list[].experimental.localModelLean configuration, users can now enable or disable "lean mode" for specific agents. This allows developers to trim heavy tool surfaces (such as browser, cron, and message) for specific local-model agents (e.g., those running via LM Studio) without affecting the main agent's capabilities.

Additionally, a critical fix was implemented for LLM idle timeouts. Previously, the models.providers.<id>.timeoutSeconds setting was ignored for cloud providers, capping timeouts at an implicit ~120s. This caused agents to abort long-running requests—such as those using Anthropic Opus with large tool payloads or Gemini preview models with silent reasoning buffers—even when users had explicitly configured longer timeouts. The system now correctly honors these user-defined ceilings for both local and cloud providers.

System Hardening & Infrastructure

Security and stability improvements were rolled out across the CLI and Docker distribution:

• Update Script Hardening: The update restart handoff scripts now use isolated, generated temporary subdirectories and exclusive file creation to prevent predictable path attacks.
• Docker Image Integrity: The codex plugin, which provides the default OpenAI agent harness, is now explicitly kept in official Docker release images to prevent runtime failures where the harness was previously pruned.
• CLI Error Handling: The acp client subcommand now uses formatErrorMessage to provide readable JSON diagnostics instead of the generic [object Object] output when encountering plain-object rejections.

Documentation & UX

Several documentation updates clarify critical command behaviors and developer tools:

• Slash-Command Semantics: Documentation now explicitly distinguishes between /new (which archives the current session and starts fresh) and /reset (which wipes the current session in place), correcting a previous error that labeled them as aliases.
• Benchmark Probes: New documentation provides the runtime contract for gateway benchmark probes, detailing startup/restart probes, output shapes, and platform limitations for macOS and Linux.

Impact

These changes directly address several user pain points regarding session data loss and LLM reliability. By clarifying the distinction between /new and /reset, users are less likely to accidentally wipe their session history. The fix for cloud provider timeouts removes a major "foot-gun" for power users employing high-token-count tool profiles or reasoning-heavy models.

From an operational standpoint, the hardening of the update restart scripts and the inclusion of the Codex plugin in Docker images reduce the risk of deployment failures and security vulnerabilities in temporary directories. Finally, the per-agent lean mode provides a more granular way to optimize local model performance, ensuring that limited-context local models are not overwhelmed by unnecessary tool definitions.