OpenClaw Update: Enhancing Approval Workflows and Configuration Stability

This update covers a series of merged pull requests for the OpenClaw repository between May 20, 2026, and May 21, 2026. The primary focus of these changes is the stabilization of approval mechanisms across different integrations, the hardening of infrastructure security regarding secret files, and the refinement of CLI tools to ensure smoother user upgrades.

Merged PRs

• fix(approval): route /approve through approval resolver (Original PR)
• test(secret-file): cover NickServ + account-level symlinks, narrow inspect catch (Original PR)
• fix(infra): restore symlink rejection in tryReadSecretFileSync (Original PR)
• fix(doctor): migrate invalid thinking formats (Original PR)
• fix(slack): normalize approval user ids (Original PR)
• fix(codex): bridge computer use elicitations (Original PR)
• fix(cli): gate exported subcli descriptors (Original PR)
• fix(browser): honor image sanitization config for screenshots (Original PR)
• [codex] Fix macOS app copyright year (Original PR)

Key Changes

Approval Workflow Refinements

Several PRs targeted the reliability of manual and automated approvals. A critical fix was implemented to route the /approve command through the resolveApprovalOverGateway helper rather than a generic gateway call. This ensures that approvals requiring a trusted approval-runtime client context are no longer flagged as unknown or expired.

Additionally, for Slack users, approval user IDs are now normalized. This prevents a common pain point where approvals were denied because configured approver IDs used lowercase characters while Slack events delivered uppercase IDs.

Infrastructure and Security Hardening

OpenClaw has tightened how it handles secret files to prevent security risks associated with symlinks. The tryReadSecretFileSync function now restores symlink rejection, ensuring that credential loaders for Telegram, LINE, Zalo, IRC, and Nextcloud Talk fail closed when a symlink is detected. This aligns the system with the fs-safe contract and ensures that operators are explicitly notified of the configuration error rather than the channel silently failing to load.

Configuration and CLI Stability

To improve the upgrade experience, the openclaw doctor --fix command has been updated to automatically migrate invalid thinkingFormat values in model provider configurations. This addresses a specific issue where stale config values (such as those from Bailian) would block validation and cause the --fix process to fail entirely.

Other CLI improvements include gating the SUB_CLI_DESCRIPTORS list to ensure that private QA commands are not exposed to general users unless the OPENCLAW_ENABLE_PRIVATE_QA_CLI flag is enabled.

Extension and Tooling Fixes

• Codex: Computer Use MCP app-approval elicitations are now correctly bridged to the app-server approval bridge, preventing them from being silently ignored.
• Browser: The browser screenshot tool now honors the global agents.defaults.imageMaxDimensionPx configuration, ensuring image sanitization limits are consistent across the platform.

Impact

These changes collectively reduce the friction for operators managing OpenClaw. By fixing the approval routing and ID normalization, the system becomes more reliable for high-stakes execution and plugin management. The security hardening of secret files ensures that credentials are handled according to strict safety standards, reducing the risk of unauthorized access via symlink attacks.

Finally, the migration improvements in the doctor tool mean that users upgrading from older versions will face fewer validation errors, making the maintenance of the system significantly more seamless.