OpenClaw Digest: Hardening Session Recovery, Security Boundaries, and UI Polish

Merged PRs

• fix(ci): authenticate proof verdict markers Original PR
• feat(browser): add evaluate timeout CLI option Original PR
• fix(ui): prevent reading indicator from sticking after assistant response Original PR
• feat(cli): support installing skills to shared global directory via --global Original PR
• fix(skill-creator): reject empty name and description in skill validation Original PR
• docs(gateway): troubleshoot group @mention silent suppression Original PR
• fix: stop swallowing mkdir errors in memory ensureDir Original PR
• fix(skills): resolve skills info name mismatches Original PR
• ui: highlight WebChat code blocks Original PR
• [codex] Add gated Telegram native DM tool-progress drafts Original PR
• fix(ci): honor exact-head proof verdicts Original PR
• fix(memory-wiki): make wiki_lint tool output path-safe Original PR
• feat(nvidia): tag NIM requests with app origin Original PR
• ci(proof): skip real-behavior-proof gate for private maintainers Original PR
• fix(image-generate): allow distinct active image requests Original PR
• fix(lmstudio): resolve env-template API keys Original PR
• fix(transcript): skip trailing custom entries in tail assistant reader Original PR
• fix(cron): link isolated task runs to cron session Original PR
• fix(telegram): avoid mirroring progress into active transcripts Original PR
• Fix sidebar tree collapse not hiding child items Original PR
• fix: Admin HTTP RPC can execute against another live gateway instance Original PR
• fix(doctor): preserve legacy Claude CLI runtime intent Original PR
• fix(followup): stop model-fallback retries duplicating queued user messages and assistant error stubs Original PR
• fix(codex): complete dynamic tool diagnostics Original PR
• fix(slack): persist inbound delivery dedupe Original PR
• chore(lint): remove underscore-dangle allow list Original PR
• /reset preserves claude-cli --resume binding, causing context to silently rebound on the next turn Original PR
• Expose reload kind in config schema lookup Original PR
• fix(agents): skip model fallback for embedded session takeover and session write-lock errors Original PR
• fix(gateway): recover failed lanes with missing transcripts Original PR

Key Changes

Session State & Recovery Hardening

Several critical fixes address "death spirals" and hangs caused by session state corruption:

• Transcript Deduplication: Fixed a high-severity issue where the CLI delivery path appended duplicate assistant turns to the session transcript, leading to verbatim self-repetition in long conversations (#83635).
• Model Fallback Logic: Improved runWithModelFallback to immediately abort the fallback chain when encountering local runtime coordination errors (like session takeover or write-lock timeouts) rather than treating them as model failures (#83550). Additionally, follow-up user messages are now persisted idempotently during failover retries to prevent consecutive same-role entries that trigger provider rejections (#83417).
• Lane Recovery: The gateway now correctly rotates session IDs for failed per-channel lanes if the persisted transcript file is missing, preventing 180-second hangs in channels like Discord (#83553).
• CLI Session Reset: Fixed a bug where /reset preserved claude-cli resume bindings, causing the context to silently rebound to pre-reset levels on the next turn (#83448).

Security & Infrastructure

• Cross-Gateway Isolation: Resolved a critical security vulnerability where Admin HTTP RPC requests could execute against the wrong gateway instance when multiple servers shared a single Node process (#83487).
• CI/CD Proofing: Hardened the proof-gate automation by authenticating proof verdict markers to prevent forged contributor comments from bypassing gates (#83692) and ensuring exact-head proof verdicts are honored (#83688).
• NVIDIA NIM Integration: Added X-BILLING-INVOKE-ORIGIN: OpenClaw tagging for verified NVIDIA NIM routes to improve request attribution (#81524).

User Experience & UI/DX

• WebChat Enhancements: Integrated highlight.js to provide syntax highlighting for code blocks in WebChat (#83569) and fixed a sidebar bug where collapsing groups did not hide child items (#42223).
• CLI Tooling: Added support for installing skills to a shared global directory via --global (#83705) and improved skills info to resolve names using case-insensitive and separator-normalized matching (#38713).
• Config Transparency: The config.schema.lookup API now exposes reloadKind (restart, hot, or none), allowing users and agents to know if a config change requires a gateway restart before applying it (#81612).

Integration Fixes

• Telegram: Introduced gated native DM tool-progress drafts for a cleaner live status experience (#83622) and stopped mirroring non-final progress updates into active transcripts to prevent session takeover errors (#83631).
• Slack: Implemented a durable inbound delivery ledger to prevent duplicate agent turns during Slack retries or replays (#83634).

Impact

These changes significantly improve the reliability of long-running agent sessions and the security of multi-tenant gateway deployments. By eliminating transcript duplication and refining the model fallback chain, the system reduces token waste and prevents the "self-poisoning" effect where models repeat their own history.

For developers and operators, the addition of reloadKind to the config schema and the hardening of the Admin RPC boundary provide better predictability and safety when managing complex configurations. The UI updates to WebChat bring the platform closer to industry standards for code collaboration, making it easier to read and debug agent-generated code snippets.