OpenClaw Digest: Enhancing Browser Diagnostics, Session Streaming, and Security Hardening

Merged PRs

• fix(browser): add pageReady to Chrome MCP existing-session status [Original PR]
• fix(sessions): stream JSONL transcript scans instead of buffering whole files [Original PR]
• fix(doctor): warn when per-agent model omits fallbacks key and defaults chain is non-empty [Original PR]
• Use native Codex side threads and OpenAI auth fallback [Original PR]
• [Fix] Block memory extra path symlink traversal [Original PR]
• fix(heartbeat): remap cron-run exec events to session keys [Original PR]
• fix(codex): release interrupted app-server turns [Original PR]
• fix(msteams): make resolveMSTeamsRouteSessionKey idempotent against pre-suffixed bases [Original PR]
• fix(windows): prevent restart race from duplicate schtasks /Run [Original PR]
• Add browser and tool profile quick settings [Original PR]
• chore(pnpm): align pnpm 11 follow-up surfaces [Original PR]
• fix(microsoft-foundry): replace unsafe non-null assertion in subscription lookup [Original PR]
• fix(browser): read Chrome MCP screenshot extension [Original PR]
• fix(infra): keep retryAsync delays above server-supplied Retry-After [Original PR]
• Fix Telegram edited-message context cache [Original PR]
• fix(fal): route GPT Image 2/NB2 to /edit, support multi-image edit [Original PR]
• Redact persisted secret-shaped payloads [AI] [Original PR]
• fix(skills): normalize backslashes in compacted skill paths on Windows [Original PR]

Key Changes

Browser and Tooling Improvements

Significant updates were made to the browser control surface to improve reliability and visibility. A new pageReady field was added to BrowserStatus for Chrome MCP existing-session profiles. This allows operators to distinguish between a successful transport handshake and actual page-tool usability, preventing situations where tools would hang for 60 seconds despite a "green" status signal. Additionally, a fix was implemented to correctly read Chrome MCP screenshots by appending the required file extension, resolving ENOENT errors.

Performance and Resource Management

To mitigate OOM risks in long-running sessions, transcript scanning has been migrated from whole-file buffering to streaming. Using fs.createReadStream and readline, the system now processes JSONL transcripts one line at a time. This ensures that peak resident memory (RSS) no longer scales linearly with the size of the session transcript, particularly during idempotency lookups and compaction forks.

Security and Reliability Hardening

Several security-focused patches were merged:

• Secret Redaction: A new structured payload redaction boundary was introduced to mask credential-shaped strings in persistent sinks, including config audit records, trajectory events, and session transcripts.
• Path Traversal Prevention: The memory_get function now rejects symlinked directory components in extraPaths, preventing attackers from redirecting reads outside the configured memory corpus.
• Retry Logic: The retryAsync helper was updated to use "positive" jitter when a Retry-After header is present. This ensures that retries never undercut the server-supplied lower bound, avoiding potential rate-limit escalation.

Integration and Platform Fixes

• Codex & OpenAI: Native Codex side threads are now used for /btw and /side commands, ensuring correct OAuth transport and preventing permission errors associated with plain OpenAI Responses.
• Microsoft Teams: The resolveMSTeamsRouteSessionKey helper is now idempotent, stripping stale thread suffixes to prevent malformed keys like :thread:OLD:thread:NEW.
• Windows: A race condition in gateway restart that spawned duplicate processes via schtasks /Run was resolved by querying task status before attempting a restart. Additionally, skill path compaction now normalizes backslashes to forward slashes for better model resolution.
• Fal AI: Routing for GPT Image 2 and NanoBanana 2 was corrected to use the /edit endpoint, and support for up to 14 reference images was added.

Impact

These changes collectively reduce the operational burden on developers and users by providing more honest diagnostic signals and preventing silent failures. The shift to streaming transcripts significantly improves the stability of the gateway for power users with massive session histories. From a security perspective, the redaction of secrets in logs and the blocking of symlink traversal close critical gaps in data privacy and filesystem isolation. Finally, the platform-specific fixes for Windows and MSTeams ensure a more consistent and predictable routing and lifecycle experience across different environments.