OpenClaw Development Digest: Security, Performance, and UX Enhancements

The OpenClaw project recently saw a flurry of activity, with numerous pull requests merged in a concentrated 6-hour window. This digest provides an overview of these updates, highlighting key changes across security, performance, user experience, and core functionality. These improvements address various user pain points and enhance the platform's stability and reliability.

Merged PRs

• PR #76501 · fix(plugins): require provenance for official npm trust
• PR #76392 · fix(build): externalize @larksuiteoapi/node-sdk so Feishu plugin loads under ESM
• PR #76483 · fix(config): bound clobber recovery snapshots
• PR #76484 · fix(agents): keep delayed sessions_send replies alive
• PR #75004 · Add shell command explainer
• PR #76428 · fix(openai-codex): honor providerConfig.baseUrl in dynamic-model synthesis fallback
• PR #76406 · fix(gateway): read-only persisted fast path for models.list catalog
• PR #76447 · fix (plugins): Resolve official plugin install aliases
• PR #73961 · feat(whatsapp): support native outbound mentions
• PR #76449 · fix(secretrefs): resolve external channel contracts
• PR #76338 · Stop heartbeat tool turns from asking for HEARTBEAT_OK
• PR #76437 · fix(ui): surface compaction checkpoints in chat history
• PR #75967 · fix: keep ClawHub publish dry-run preflight
• PR #76408 · fix(feishu): repair media-aware message dedupe
• PR #76420 · Preserve delivered assistant replies in session repair
• PR #76327 · fix(discord): surface stalled transport health
• PR #73554 · fix(cli): reject missing plugin ids before config writes
• PR #75819 · fix(cli): block gateway-owned package updates
• PR #76311 · fix(memory): retry reindex on socket errors
• PR #76394 · fix(gateway): bound async session list transcript reads
• PR #76318 · fix(ui): clean up delete confirm popover listener
• PR #76380 · fix(memory): preserve active recall tool agent context
• PR #76330 · fix(slack): enable preview streaming in flat DMs (replyToMode: off)
• PR #76317 · fix(gateway,agent): only enforce session sendPolicy=deny when delivering
• PR #76351 · fix(gateway): preserve err.stack when chat.send/agent attachment parsing fails
• PR #76287 · test(e2e): fix kitchen sink crabbox coverage
• PR #76312 · fix(cli): avoid model warmup for message actions
• PR #76319 · fix(cron): route CLI-runtime cron models through compatible backend

Key Changes

Security Hardening & Trust

• Plugin Provenance for npm Trust: PR #76501 tightened security by ensuring that official npm packages are trusted only when installed via OpenClaw-owned provenance paths (e.g., catalog, onboarding), preventing direct npm install from bypassing launch-code scanning.
• External Channel SecretRef Resolution: PR #76449 addressed a critical regression in external channel plugins (Discord, BlueBubbles, Telegram) by ensuring SecretRef values are correctly resolved at runtime, preventing crashes and stale configurations. This involved a generic channel secret-contract loader for external plugin sidecars.
• Shell Command Explainer: PR #75004 introduced an internal shell command explainer, a foundational step for future security features like approval UI integration by identifying command shapes and risk markers.

Performance & Efficiency

• Faster Model Catalog Refresh: PR #76406 significantly improved the models.list catalog refresh performance in the Gateway UI by introducing a read-only persisted fast path, reducing blocking times from 60-70 seconds to milliseconds.
• Bounded Session List Reads: PR #76394 bounded async sessions.list transcript reads to head/tail, preventing full transcript index builds and improving UI responsiveness.
• Optimized CLI Message Commands: PR #76312 optimized CLI message commands by skipping eager model context-window warmup, reducing execution times by 60-75% for Discord and Telegram message actions.
• Robust Memory Reindex Retries: PR #76311 broadened the embedding reindex retry classifier in memory-core to handle transient socket errors as retryable, improving the robustness of memory reindexing.

User Experience & Stability

• Compaction Checkpoints in Chat History: PR #76437 enhanced the Control UI/WebChat history by explicitly surfacing compaction boundaries as "Compacted history" dividers, providing context and an action to view checkpoints, addressing user confusion about "lost" messages.
• Preserved Assistant Replies in Session Repair: PR #76420 fixed a bug where session repair would trim delivered trailing assistant replies from durable transcripts, ensuring complete conversation history is preserved.
• Improved Discord Transport Health: PR #76327 improved Discord channel health reporting by propagating Gateway event-loop health and surfacing stalled transport issues in status summaries and logs, aiding in diagnostics.
• Bounded Clobber Recovery Snapshots: PR #76483 introduced bounded clobber recovery snapshots for config files, replacing duplicate writers with a shared helper and preventing an explosion of identical snapshot files during doctor --fix operations.
• UI Delete Confirm Listener Cleanup: PR #76318 cleaned up a memory leak in the UI's delete-confirm popover listener, improving long-term UI stability.
• CLI Plugin ID Validation: PR #73554 prevented openclaw plugins enable/disable from writing stale config entries for nonexistent plugin IDs, improving CLI robustness and user feedback.
• Gateway-Owned Package Update Guard: PR #75819 added a crucial guard to openclaw update, preventing it from running inside the active gateway process tree and ensuring restarts apply correctly.

Channel & Integration Enhancements

• Feishu ESM Plugin Loading: PR #76392 fixed the Feishu plugin's failure to load under ESM by externalizing @larksuiteoapi/node-sdk, resolving a __dirname is not defined error.
• Official Plugin Install Alias Resolution: PR #76447 ensured that bare official plugin IDs (e.g., brave) correctly resolve to their official catalog npm packages (@openclaw/brave-plugin) during installation, preventing misdirection to unrelated packages.
• WhatsApp Outbound Mentions: PR #73961 added native WhatsApp outbound @mention support for group messages, improving notification functionality.
• OpenAI Codex baseUrl Honor: PR #76428 ensured the openai-codex provider honors custom baseUrl configurations in dynamic-model synthesis fallbacks, preventing silent routing to default OpenAI endpoints.
• Slack Preview Streaming in DMs: PR #76330 enabled preview streaming in flat Slack DMs, enhancing the real-time interaction experience.
• Feishu Media-Aware Dedupe Repair: PR #76408 repaired media-aware message deduplication in the Feishu channel, improving message handling reliability.

Agent & Tooling Refinements

• Delayed sessions_send Replies Alive: PR #76484 addressed a bug in cross-agent communication (sessions_send) where delayed replies were not kept alive, ensuring agents correctly receive responses from other agents even after soft timeouts.
• Heartbeat Tool Turn Simplification: PR #76338 refined heartbeat tool turns, removing the HEARTBEAT_OK text requirement for Codex runtime/message-tool turns, simplifying agent prompting.
• Active Memory Agent Context Preservation: PR #76380 fixed Active Memory's embedded recall by ensuring memory tools are available in the embedded runtime, correctly preserving the active recall tool agent context.
• session.sendPolicy=deny Enforcement: PR #76317 clarified session.sendPolicy=deny enforcement in the gateway and agent, ensuring it only applies during explicit message delivery requests.
• Attachment Parsing Stack Preservation: PR #76351 improved diagnostics by preserving err.stack when chat.send/agent attachment parsing fails, aiding in debugging image-send issues.
• Cron CLI-Runtime Model Routing: PR #76319 ensured CLI-runtime cron models are routed through compatible backends (e.g., claude-cli for Anthropic models), improving cron job reliability.

Impact

The merged pull requests collectively address a range of critical user needs and pain points, significantly enhancing the OpenClaw platform's security, stability, performance, and developer experience.

Enhanced Security and Trust: Users faced risks where direct npm installs could bypass security scans (PR #76501) and external channel plugins failed due to unresolved secret references (PR #76449). These fixes prevent potential vulnerabilities and ensure that sensitive credentials are handled correctly, building greater trust in the platform's integrity. The new shell command explainer (PR #75004) lays groundwork for future proactive security measures.

Improved Performance and Responsiveness: Slow UI interactions, particularly for models.list (PR #76406) and sessions.list (PR #76394), were a source of frustration. CLI message commands also suffered from unnecessary startup overhead (PR #76312). These performance optimizations lead to a snappier and more efficient user experience, reducing waiting times and improving overall productivity. Robust retry mechanisms for memory reindexing (PR #76311) prevent spurious failures on unreliable networks.

Clearer User Experience and Debuggability: Users were confused by chat history appearing to "lose" messages after compaction (PR #76437) and by session repair silently deleting assistant responses (PR #76420). Unclear channel status (PR #76327) and an abundance of identical config snapshot files (PR #76483) further hampered debugging. The UI and logging enhancements provide clearer feedback, better audit trails, and more actionable diagnostic information, making the system easier to understand and troubleshoot. CLI commands are now more robust against typos (PR #73554) and prevent silent failures during updates (PR #75819), reducing configuration clutter and unexpected behavior.

Reliable Channel and Agent Interactions: Several issues directly impacted the reliability of communication channels and agent interactions. The Feishu plugin failing to load (PR #76392), incorrect resolution of official plugin IDs during install (PR #76447), and openai-codex ignoring custom base URLs (PR #76428) all led to broken or misdirected functionality. The addition of native WhatsApp mentions (PR #73961) and Slack preview streaming (PR #76330) directly address user requests for richer communication features. Fixes to cross-agent communication (PR #76484) and Active Memory's embedded recall (PR #76380) ensure agents can reliably communicate and leverage memory, which is crucial for complex workflows. The refinements to heartbeat prompts (PR #76338) and session.sendPolicy enforcement (PR #76317) streamline agent development and behavior. Diagnostic improvements for attachment parsing (PR #76351) will help pinpoint issues with multimedia messages. Finally, ensuring cron jobs use compatible model backends (PR #76319) improves the reliability of automated tasks.