OpenClaw Update: Enhancing Codex Integration, Gateway Performance, and iOS Experience

Merged PRs

• [AI-assisted] fix(plugins): discover setup provider env vars [Original PR]
• fix(auth): backport Codex OAuth refresh spam fix [Original PR]
• fix(auth): stop Codex OAuth refresh spam [Original PR]
• [Fix] Throttle agent event fanout [Original PR]
• fix(migrate): hide per-item hints in Codex skill/plugin selection prompts [Original PR]
• fix(auth): accept oauthRef profiles for runtime auth [Original PR]
• fix(plugin-sdk): restore memory core alias [Original PR]
• fix(ios): restore privacy permission prompts [Original PR]
• fix(agents): suppress aborted assistant output [Original PR]
• docs: align Slack docs for socket mode, troubleshooting, and threading [Original PR]
• fix(migrate): humanize conflict-status messaging across migrate UI [Original PR]
• Fix/sessions list resolver cache [Original PR]
• fix(control-ui): prevent iOS input zoom [Original PR]
• fix(codex): backport app-server auth refresh failures [Original PR]
• fix(agents): make trajectory cleanup timeout configurable [Original PR]
• Fix stale Control UI run status cleanup [Original PR]
• fix(codex): preserve MCP servers in app-server harness [Original PR]
• fix: route plugin LLM completions through Codex runtime [Original PR]
• fix(codex): classify app-server auth refresh failures [Original PR]
• fix(onboard): carry codex migration config through wizard [Original PR]
• feat(ui): add WebChat auto-scroll mode selector [Original PR]
• Route Codex message tool replies back to WebChat and TUI [Original PR]
• fix: preserve pending subagent sessions during maintenance [Original PR]
• Backport Codex internal UI message replies to release 2026.5.12 [Original PR]
• fix: prevent config data loss during version upgrade [Original PR]
• fix(chat/ios): downscale image attachments before send [Original PR]
• fix: use managed codex binary for source migration [Original PR]
• fix(macos): harden direct gateway TLS pinning [Original PR]
• fix(sessions): report ACP-runtime metadata for ACP-keyed sessions [Original PR]
• Load Codex for selectable OpenAI agent models [Original PR]

Key Changes

Codex Runtime & Auth Hardening

Significant effort was directed toward stabilizing the Codex harness and its authentication flow. Key improvements include:

• OAuth Stability: Fixed a critical issue where oauthRef profiles were rejected as missing credentials at runtime. Additionally, a fix was implemented to stop "refresh spam"—repeated raw refresh errors—by classifying high-confidence OAuth invalidations as terminal failures, prompting the user to re-authenticate rather than looping through failovers.
• MCP Tool Preservation: Codex app-server harness sessions now reliably receive plugin-bundled MCP servers. Furthermore, user-configured MCP servers are now re-sent during thread/resume, ensuring tools survive gateway or app-server restarts.
• Plugin LLM Routing: Plugin LLM completions (used in context-engine summarization) now correctly route through the Codex runtime when configured, removing the need for a separate OPENAI_API_KEY for users already authenticated via Codex OAuth.

Gateway Performance & Reliability

• Session List Optimization: A major CPU bottleneck in the Control UI's sessions.list polling was resolved. By introducing a SessionListRowResolverCache, the Gateway now memoizes deterministic resolvers (like model cost and thinking profiles) per call. In production tests with over 1,200 sessions, this reduced CPU time from ~89 seconds to under 200ms.
• Event Throttling: Added stream-specific throttling for Gateway agent events to prevent high-volume bursts from overwhelming clients, while ensuring that buffered text deltas are flushed before post-window updates to prevent data loss.
• Subagent Persistence: Fixed a race condition where session.maintenance could evict a subagent child session before its completion result was announced to the parent, which previously resulted in empty output reports.

iOS & macOS App Improvements

• iOS Image Processing: To prevent memory spikes and payload rejections, the iOS app now downscales image attachments client-side. Images are capped at a 1600px long edge and compressed to a 3.5MB budget, with EXIF/GPS metadata stripped for privacy.
• macOS Security: Hardened direct Gateway TLS pinning by requiring macOS system trust to pass before a first-use certificate is saved, mitigating a critical vulnerability where rogue gateways could potentially execute remote code via system.run.
• iOS UX: Restored missing privacy permission prompts for Contacts, Calendar, and Reminders, and added a "Privacy & Access" section in Settings to allow users to recover from denied permissions.

Control UI & UX Polish

• Auto-Scroll Control: Users can now choose between Always, Near bottom (default), and Off for chat auto-scrolling, solving a long-standing pain point where long streaming responses would "yank" the viewport.
• Run Status Cleanup: Centralized the cleanup of chat run states to fix bugs where the "Stop" button or "Compacting context..." badge would remain stuck after a run had actually completed.
• iOS Input Zoom: Fixed a common iOS Safari behavior where the page would auto-zoom upon focusing text inputs by ensuring font sizes meet the 16px threshold.

Impact

These changes collectively move OpenClaw toward a more professional and stable production state. The Gateway optimizations drastically reduce the resource footprint for power users with thousands of sessions, while the Codex fixes ensure that the seamless OAuth experience is not interrupted by credential mismatches or tool loss.

From a security perspective, the macOS TLS hardening closes a critical gap in the trust model for direct node connections. For mobile users, the iOS image processing and permission restorations make the app feel native and reliable, ensuring that high-resolution photos no longer crash the chat experience and that essential system integrations are transparently requested.