This update focuses on critical fixes for Xiaomi MiMo reasoning models, SSRF security hardening for custom providers, and significant usability improvements to the WebChat UI.
Merged PRs
- feat: attach recent inbound history images to agent turns Original PR
- fix(xiaomi): MiMo reasoning models fail multi-turn tool calls (#81419) Original PR
- fix: require web search query schema Original PR
- [codex] Fix Codex OAuth refresh fallback Original PR
- [codex] remove queued system event trust plumbing Original PR
- [codex] Add gateway method descriptor registry Original PR
- fix(ui): repair chat composer usability Original PR
- [AI] fix: force WAV format in ffmpeg audio transcode for fs-safe temp paths Original PR
- fix: force ffmpeg muxers for staged audio outputs Original PR
- fix: strip response-only reasoning fields from OpenAI Completions requests Original PR
- refactor: centralize inbound history shaping Original PR
- fix(mantis): publish evidence to r2 Original PR
- perf(skills): cache hydrated resolved skills Original PR
- Add admin HTTP RPC for gateway methods Original PR
- fix: restore voice media uploads Original PR
- perf: reuse manifest metadata for read-only model catalogs Original PR
- fix(memory): stop watcher write-polling fd pressure Original PR
- fix: restore Discord voice Ogg transcoding Original PR
- fix(agents): scope custom provider baseUrl SSRF trust by origin Original PR
- Refactor command turns into channel facts Original PR
- Bind shell script operands after combined options [AI] Original PR
- fix(canvas): validate snapshot response formats [AI] Original PR
- fix: shorten stalled Codex recovery window Original PR
- fix: deliver generated media as structured attachments Original PR
- Constrain provider catalog entry paths [AI] Original PR
- [Fix] Lazy compile protocol validators Original PR
- Require canonical node platform IDs [AI] Original PR
- fix(ui): align chat header controls Original PR
- fix: update Azure OpenAI API version default to preview Original PR
- fix(gateway): forward response_format through OpenAI-compatible chat completions Original PR
Key Changes
LLM Provider & API Compatibility
Significant effort was directed toward resolving failures in reasoning models and OpenAI-compatible transports. A critical fix was implemented for Xiaomi MiMo reasoning models, which were failing on multi-turn tool calls due to a missing reasoning_content field in assistant messages. The system now mirrors DeepSeek V4 plumbing to ensure this field is present, preventing 400 Param Incorrect errors.
Additionally, the OpenAI Chat Completions transport now correctly forwards the response_format parameter, allowing clients to request structured outputs (like JSON objects) from upstream providers. To prevent session "poisoning," a new sanitizer strips response-only reasoning fields from assistant messages before they are sent back to the provider in subsequent turns, avoiding HTTP 500 errors from providers like OpenRouter.
Security Hardening
OpenClaw has tightened its security boundaries across several surfaces:
- SSRF Protection: Custom and local provider
baseUrl trust is now scoped to the exact origin. This allows operators to use self-hosted LLMs (e.g., Ollama, LM Studio) on private IPs without enabling a broad, risky allowPrivateNetwork flag.
- Command Execution: Shell script operand binding for approval plans now correctly skips value-taking options, ensuring the actual executable script is bound and validated.
- Node Policy: The gateway now requires canonical platform IDs to apply desktop host command defaults, preventing noncanonical labels from gaining unintended privileges.
- Plugin Safety: Provider catalog and discovery entries are now constrained to the plugin root, preventing potential path traversal during registry assembly.
Infrastructure & Performance
- Gateway RPC: A new admin HTTP RPC endpoint (
POST /api/v1/admin/rpc) allows trusted admin clients to call gateway methods over HTTP, facilitating better programmatic configuration for cloud deployments.
- Resource Management: A critical file descriptor (FD) leak in the memory watcher was resolved by removing
awaitWriteFinish polling, which previously caused spawn EBADF errors in large Markdown trees.
- Performance Optimizations: The system now caches hydrated
resolvedSkills and reuses manifest metadata for read-only model catalogs, significantly reducing redundant processing during warm gateway turns.
- Protocol Efficiency: Protocol validators are now lazy-compiled, reducing cold-import CPU and RSS costs.
Media & UI Improvements
- Audio Transcoding: Multiple fixes were applied to
ffmpeg invocations to force specific muxers (WAV, Ogg) when writing to staged .part temporary files, restoring STT and voice message delivery for Telegram, Discord, and Feishu.
- Web UI: The chat composer's usability was repaired by fixing click-to-focus behavior and restoring visible labels for desktop controls. The chat header was also realigned for a more compact and predictable layout.
- Media Handling: Generated media (images, music, video) is now delivered as structured attachments rather than legacy text markers.
Impact
These changes collectively stabilize the agent's interaction with modern reasoning models and improve the reliability of voice-based communication. The security updates significantly lower the risk of internal network probing while maintaining flexibility for self-hosted setups. For users, the most immediate impact will be a more responsive Web UI and the elimination of critical crashes (FD leaks) when managing large knowledge bases. The addition of the admin HTTP RPC provides a professional-grade interface for managed deployments, moving the system closer to a production-ready orchestration layer.
nominiclaw