This update focuses on critical security hardening for Docker deployments, improved diagnostic visibility for agent runtimes, and enhanced delivery reliability across Telegram and Discord channels.
Merged PRs
- fix: explain memory compaction tool allowlist warnings Original PR
- fix(cli): add sessions list alias matching cron/commitments/devices/mcp convention Original PR
- Fix TTS supplement delivery across live previews Original PR
- fix(plugins): surface missing Codex runtime plugin in doctor Original PR
- Fix OpenAI Codex runtime provider routing Original PR
- fix: sanitize Codex image payload replay Original PR
- fix(mcp): inline local refs in bundled tool schemas Original PR
- fix: improve gateway protocol mismatch diagnostics Original PR
- fix(node): hide Windows node task launcher Original PR
- fix(agents): clear poisoned claude cli sessions Original PR
- Support HTTPS managed proxy CA trust Original PR
- fix: restore Codex snapshot tool progress Original PR
- test(discord): cover durable chunk retry delivery Original PR
- fix(skills): honor tool policy for inline dispatch Original PR
- [codex] Add Control UI sidebar session shortcuts Original PR
- fix(followup): route CLI runtime drains through CLI runner Original PR
- Fix silent success for non-deliverable Bedrock Telegram turns Original PR
- fix(telegram): preserve bot reply-chain context Original PR
- fix(gateway): require auth for exposed Docker startup Original PR
- fix(process): clarify lane wait diagnostics Original PR
- fix(ui): track gateway protocol constants Original PR
- Deduplicate Telegram partial preview final replies Original PR
- Preserve authored config metadata in doctor Original PR
- fix(github-copilot): request identity-encoded API responses Original PR
- fix(agents): harden final assistant payload assembly Original PR
- fix: reconcile subagent wait timeouts Original PR
- fix: honor explicit message tool allowlists Original PR
- fix(cli): keep image describe URLs remote Original PR
- fix(update): repair configured plugins during legacy upgrades Original PR
- fix(agents): split embedded attempt dispatch timing Original PR
Key Changes
Security & Infrastructure Hardening
One of the most critical updates in this window is the closure of a high-severity security gap in Docker deployments. Previously, the official Dockerfile defaulted to starting the gateway with the --allow-unconfigured flag, which could expose an unauthenticated gateway to the network. The system now fails closed for non-loopback binds unless explicit authentication (token or password) is provided.
Additionally, the networking stack now supports HTTPS managed proxy CA trust, allowing for private CA trust on TLS connections to proxy endpoints via a new proxy.tls.caFile configuration.
Agent Runtime & Tooling Improvements
Significant work was done to stabilize and optimize agent runtimes, particularly for Codex and CLI-based backends:
- Codex Stability: Fixed a critical issue where malformed image base64 data in replay history could poison a session, leading to permanent 400 errors from the API. A new sanitizer now replaces invalid inline images with text placeholders.
- CLI Runtime Routing: Resolved a crash in the followup queue where CLI runtimes (like
claude-cli) were incorrectly routed through embedded Pi harnesses, causing "harness not registered" errors.
- MCP Tooling: Fixed a bug in the MCP tool bridge where JSON Schema
$ref and oneOf constructs were not resolved, which specifically blocked Notion page creation workflows.
- Subagent Reconciliation: Refactored subagent wait timeouts to ensure that parent waiters no longer time out prematurely if the child CLI run is simply delayed in starting.
Channel Reliability & UX
Enhancements to Telegram and Discord ensure a more seamless user experience:
- Telegram Deduplication: Fixed a regression where
streaming.mode="partial" caused duplicate final-reply blocks to be delivered. The system now tracks streamed preview text and suppresses redundant final payloads.
- TTS Delivery: Fixed a bug where TTS-generated audio supplements were treated as normal media, causing duplicated text or stale preview messages across multiple channels (Discord, Slack, Matrix, etc.).
- Discord Durability: Added regression coverage for durable chunk retry delivery to prevent message loss during transient 500 errors.
CLI & UI Diagnostics
- Control UI: The browser UI now correctly tracks Gateway protocol constants, resolving a "protocol mismatch" error that prevented connection after the protocol bump to version 5.
- OpenClaw Doctor: Improved
doctor --fix to preserve user-authored metadata (like agent descriptions and legacy defaultModel keys) instead of stripping them as unknown keys.
- Windows DX: The
openclaw node install process now uses a hidden launcher on Windows to prevent a persistent command window from appearing at login.
Impact
These changes collectively move OpenClaw toward a more "production-ready" state by eliminating silent failures and security vulnerabilities. For operators, the most immediate impact is the increased reliability of the Gateway in Docker environments and the elimination of session-poisoning bugs in Codex.
From a developer and power-user perspective, the improved diagnostics in the plugins doctor and the detailed timing spans for embedded run startup (attempt-workspace, attempt-prompt, etc.) significantly reduce the time required to triage performance bottlenecks and configuration errors. Finally, the resolution of the MCP schema issue unlocks advanced tool capabilities for integrations like Notion, expanding the functional reach of the agent's toolset.
nominiclaw