OpenClaw v2026.4.29-beta.3: Enhanced Messaging, Memory, and Core Reliability

OpenClaw v2026.4.29-beta.3 has been released, bringing a robust set of improvements and new features across the platform. This beta release focuses on refining agent interactions, bolstering memory systems, expanding model provider coverage, and enhancing overall system stability and security. Users will find more intelligent messaging, a richer memory experience, and a more dependable and secure operational environment.

Key Changes

This release introduces several pivotal changes that enhance OpenClaw's capabilities:

• Advanced Messaging and Automation: Messaging and automation now feature active-run steering by default, visible-reply enforcement, and spawned subagent routing metadata. A new opt-in system for inferred follow-up commitments allows for heartbeat-delivered reminders, making agent interactions more proactive and context-aware. This includes a new steer mode for draining pending steering messages at model boundaries, replacing the legacy queue mode, and the introduction of a global messages.visibleReplies setting for stricter output control.
• People-Aware Memory System: The memory system evolves into a sophisticated, people-aware wiki. This includes provenance views, per-conversation Active Memory filters, partial recall on timeout, and bounded REM preview diagnostics. Agent-facing people wiki metadata, canonical aliases, person cards, relationship graphs, privacy reports, and enhanced search modes significantly improve how agents manage and recall information about individuals.
• Expanded Provider and Model Coverage: OpenClaw now officially supports NVIDIA providers, complete with API-key onboarding and static catalog metadata. This release also brings Bedrock Opus 4.7 thinking parity and safer replay and streaming behaviors for Codex and OpenAI-compatible models. Notably, explicitly configured openai-codex/gpt-5.4-mini inline entries are now suppressed to prevent stale configurations from bypassing manifest capability blocks.
• Enhanced Gateway and Plugin Reliability: Significant effort has been directed towards improving the reliability of the gateway and packaged plugins. This includes fixes for slow-host startup, reusable model catalogs, event-loop readiness diagnostics, runtime-dependency repair, stale-session recovery, and version-scoped update caches. A new SQLite-backed plugin state store (api.runtime.state.openKeyedStore) enables restart-safe keyed registries with TTL, eviction, and automatic plugin isolation.
• Comprehensive Channel Fixes: Numerous fixes address specific issues across various communication channels. This includes handling Slack Block Kit limits, improving Telegram proxy, webhook, polling, and send resilience, refining Discord startup and rate-limit handling, enhancing WhatsApp delivery and liveness, and resolving edge cases in Microsoft Teams, Matrix, and Feishu.
• Strengthened Security and Operations: Security has been a major focus, with the addition of OpenGrep scanning, sharper GHSA triage policies, and safer handling of exec, pairing, and owner-scope operations. Docker and onboarding automation have been improved, and web-fetch now includes IPv6 ULA opt-in for trusted proxy stacks.

Impact

This release addresses numerous issues, significantly improving the stability, security, and user experience of OpenClaw:

• Improved Stability and Performance: Several fixes target core stability. The gateway now exits gracefully with specific codes for supervised lock and EADDRINUSE conflicts, preventing Restart=always loops. Blank user prompts no longer leak raw empty-input provider errors in Telegram/group sessions. Browser control runtime is now shared across the HTTP control server and browser.request, ensuring consistent configuration. Startup diagnostics are now opt-in, providing better insights into slow starts without bespoke instrumentation. Runtime dependency issues, such as those causing crash-loops on cross-version container upgrades or npm crashes with empty install plans, have been resolved. Gateway startup is more robust, with bounded local discovery advertisement and serving of the last successful model catalog during background refreshes.
• Enhanced Security Posture: Critical security vulnerabilities have been patched. Configured tool sections like tools.exec and tools.fs no longer implicitly widen restrictive profiles, requiring explicit alsoAllow entries for enhanced control. Outbound security now strips re-formed HTML tags during plain-text sanitization to prevent <script> sequence injections. Credential comparisons use padded timing-safe buffers for equality checks, and debug log arguments are sanitized to prevent log forging. The file.fetch tool now requires canonical read-path preflight authorization, failing closed on missing, absolute, or traversing dir.fetch entries.
• Reliable Channel Integrations: Channel-specific issues have been thoroughly addressed. Slack Block Kit limits are now respected, preventing malformed interactive replies. Telegram polling stability is enhanced, with low long-polling client timeouts clamped and durable message edits used for streaming previews to prevent flickering. Discord startup and rate-limit handling are more robust, cooling down Cloudflare 429 responses and deriving application IDs from parseable tokens. WhatsApp delivery is more reliable, requiring Baileys outbound message IDs before marking auto-replies delivered.
• Better Developer and Operator Experience: CLI commands like openclaw agents and openclaw status are now faster and more reliable, avoiding hangs caused by unnecessary plugin runtime preloads. The Control UI is more responsive, with fixes for mobile chat settings persistence, sidebar trigger affordances, and preventing accidental refreshes during active chat runs. PDF extraction now correctly resolves standard fonts, preventing file:// URL lookup failures. Cron job schedule edits are validated before persisting, and cron add --message now warns when --agent is omitted. The infer CLI is more reliable, isolating local model runs to their own session keys and allowing web search to fall through on structured provider errors.
• Memory System Refinements: The memory_forget candidate list now shows full UUIDs for unambiguous deletion. ltm list now returns actual memory entries as JSON, with --limit and --order-by-created-at options. Active Memory's timeoutMs is now scoped to the embedded recall/model run, with a plugin-level setup grace window, preventing premature timeouts due to initialization overhead. The hidden recall sub-agent now supports memory_recall, memory_search, and memory_get to ensure compatibility with various bundled memory backends.

Upgrade Guide

This release includes several changes that may require user action or configuration updates. Please review the following guidance carefully:

1. Tool Section Permissions: If you are using restrictive profiles (e.g., messaging, minimal) and rely on tools like tools.exec or tools.fs, you must now explicitly add these tools to the alsoAllow entries in your configuration. A startup warning will identify affected configurations. This is a security hardening measure to prevent implicit widening of tool access.

2. Active Memory ActiveRecallResult Type: Developers building against the ActiveRecallResult type in Active Memory should be aware of a new timeout_partial discriminant. If your code exhaustively switches on result.status, you will need to update your handling to include this new status to avoid TypeScript errors. This is intentional to surface useful partial recall summaries on timeout.

3. Telegram Exec Approvals Configuration: Configurations that previously relied on general Telegram chat allowlists (allowFrom, defaultTo) for exec tool approvals will no longer function as expected. You must now explicitly configure execApprovals.approvers within your Telegram channel settings or ensure the owner identity is defined via commands.ownerAllowFrom. This aligns Telegram's approval mechanism with other channels for enhanced security.

4. DM Policy Hardening: The `dmPolicy=