OpenClaw

2026.4.9

Thu, 09 Apr 2026 02:38:08 +0000

OpenClaw 2026.4.9

Changes

Memory/dreaming: add a grounded REM backfill lane with historical rem-harness --path, diary commit/reset flows, cleaner durable-fact extraction, and live short-term promotion integration so old daily notes can replay into Dreams and durable memory without a second memory stack. Thanks @mbelinky.
Control UI/dreaming: add a structured diary view with timeline navigation, backfill/reset controls, traceable dreaming summaries, and a grounded Scene lane with promotion hints plus a safe clear-grounded action for staged backfill signals. (#63395) Thanks @mbelinky.
QA/lab: add character-vibes evaluation reports with model selection and parallel runs so live QA can compare candidate behavior faster.
Plugins/provider-auth: let provider manifests declare providerAuthAliases so provider variants can share env vars, auth profiles, config-backed auth, and API-key onboarding choices without core-specific wiring.
iOS: pin release versioning to an explicit CalVer in apps/ios/version.json, keep TestFlight iteration on the same short version until maintainers intentionally promote the next gateway version, and add the documented pnpm ios:version:pin -- --from-gateway workflow for release trains. (#63001) Thanks @ngutman.

Fixes

Browser/security: re-run blocked-destination safety checks after interaction-driven main-frame navigations from click, evaluate, hook-triggered click, and batched action flows, so browser interactions cannot bypass the SSRF quarantine when they land on forbidden URLs. (#63226) Thanks @eleqtrizit.
Security/dotenv: block runtime-control env vars plus browser-control override and skip-server env vars from untrusted workspace .env files, and reject unsafe URL-style browser control override specifiers before lazy loading. (#62660, #62663) Thanks @eleqtrizit.
Gateway/node exec events: mark remote node exec.started, exec.finished, and exec.denied summaries as untrusted system events and sanitize node-provided command/output/reason text before enqueueing them, so remote node output cannot inject trusted System: content into later turns. (#62659) Thanks @eleqtrizit.
Plugins/onboarding auth choices: prevent untrusted workspace plugins from colliding with bundled provider auth-choice ids during non-interactive onboarding, so bundled provider setup keeps operator secrets out of untrusted workspace plugin handlers unless those plugins are explicitly trusted. (#62368) Thanks @pgondhi987.
Security/dependency audit: force basic-ftp to 5.2.1 for the CRLF command-injection fix and bump Hono plus @hono/node-server in production resolution paths.
Android/pairing: clear stale setup-code auth on new QR scans, bootstrap operator and node sessions from fresh pairing, prefer stored device tokens after bootstrap handoff, and pause pairing auto-retry while the app is backgrounded so scan-once Android pairing recovers reliably again. (#63199) Thanks @obviyus.
Matrix/gateway: wait for Matrix sync readiness before marking startup successful, keep Matrix background handler failures contained, and route fatal Matrix sync stops through channel-level restart handling instead of crashing the whole gateway. (#62779) Thanks @gumadeiras.
Slack/media: preserve bearer auth across same-origin files.slack.com redirects while still stripping it on cross-origin Slack CDN hops, so url_private_download image attachments load again. (#62960) Thanks @vincentkoc.
Reply/doctor: use the active runtime snapshot for queued reply runs, resolve reply-run SecretRefs before preflight helpers touch config, surface gateway OAuth reauth failures to users, and make openclaw doctor call out exact reauth commands. (#62693, #63217) Thanks @mbelinky.
Control UI: guard stale session-history reloads during fast session switches so the selected session and rendered transcript stay in sync. (#62975) Thanks @scoootscooob.
Gateway/chat: suppress exact and streamed ANNOUNCE_SKIP / REPLY_SKIP control replies across live chat updates and history sanitization so internal agent-to-agent control tokens no longer leak into user-facing gateway chat surfaces. (#51739) Thanks @Pinghuachiu.
Auto-reply/NO_REPLY: strip glued leading NO_REPLY tokens before reply normalization and ACP-visible streaming so silent sentinel text no longer leaks into user-visible replies while preserving substantive NO_REPLY ... text. Thanks @frankekn.
Sessions/routing: preserve established external routes on inter-session announce traffic so sessions_send follow-ups do not steal delivery from Telegram, Discord, or other external channels. (#58013) Thanks @duqaXxX.
Gateway/sessions: clear auto-fallback-pinned model overrides on /reset and /new while still preserving explicit user model selections, including legacy sessions created before override-source tracking existed. (#63155) Thanks @frankekn.
Slack/ACP: treat Slack ACP block replies as visible delivered output so OpenClaw stops re-sending the final fallback text after Slack already rendered the reply. (#62858) Thanks @gumadeiras.
Slack/partial streaming: key turn-local dedupe by dispatch kind and keep the final fallback reply path active when preview finalization fails so stale preview text cannot suppress the actual final answer. (#62859) Thanks @gumadeiras.
Matrix/doctor: migrate legacy channels.matrix.dm.policy: "trusted" configs back to compatible DM policies during openclaw doctor --fix, preserving explicit allowFrom boundaries as allowlist and defaulting empty legacy configs to pairing. (#62942) Thanks @lukeboyett.
npm packaging: mirror bundled channel runtime deps, stage Nostr runtime deps, derive required root mirrors from manifests and built chunks, and test packed release tarballs without repo node_modules so fresh installs fail fast on missing plugin deps instead of crashing at runtime. (#63065) Thanks @scoootscooob.
QA/live auth: fail fast when live QA scenarios hit classified auth or runtime failure replies, including raw scenario wait paths, and sanitize missing-key guidance so gateway auth problems surface as actionable errors instead of timeouts. (#63333) Thanks @shakkernerd.
Providers/OpenAI: default missing reasoning effort to high on OpenAI Responses, WebSocket, and compatible completions transports, while still honoring explicit per-run reasoning levels.
Providers/Ollama: allow Ollama models using the native api: "ollama" path to optionally display thinking output when /think is set to a non-off level. (#62712) Thanks @hoyyeva.
Codex CLI: pass OpenClaw's system prompt through Codex's model_instructions_file config override so fresh Codex CLI sessions receive the same prompt guidance as Claude CLI sessions.
Auth/profiles: persist explicit auth-profile upserts directly and skip external CLI sync for local writes so profile changes are saved without stale external credential state.
Agents/timeouts: make the LLM idle timeout inherit agents.defaults.timeoutSeconds when configured, disable the unconfigured idle watchdog for cron runs, and point idle-timeout errors at agents.defaults.llm.idleTimeoutSeconds. Thanks @drvoss.
Agents/failover: classify Z.ai vendor code 1311 as billing and 1113 as auth, including long wrapped 1311 payloads, so these errors stop falling through to generic failover handling. (#49552) Thanks @1bcMax.
QQBot/media-tags: support HTML entity-encoded angle brackets (</>), URL slashes in attributes, and self-closing media tags so upstream payloads are correctly parsed and normalized. (#60493) Thanks @ylc0919.
Memory/dreaming: harden grounded backfill inputs, diary writes, status payloads, and diary action classification by preserving source-day labels, rejecting missing or symlinked targets cleanly, normalizing diary headings in gateway backfills, and tightening claim splitting plus diary source metadata. Thanks @mbelinky.
Memory/dreaming: accept embedded heartbeat trigger tokens so light and REM dreaming still run when runtime wrappers include extra heartbeat text.
Android/manual connect: allow blank port input only for TLS manual gateway endpoints so standard HTTPS Tailscale hosts default to 443 without silently changing cleartext manual connects. (#63134) Thanks @Tyler-RNG.
Windows/update: add heap headroom to Windows pnpm build steps during dev updates so update preflight builds stop failing on low default Node memory.
Plugin SDK: export the channel plugin base and web-search config contract through the public package so plugins can use them without private imports.
Plugins/contracts: keep test-only helpers out of production contract barrels, load shared contract harnesses through bundled test surfaces, and harden guardrails so indirect re-exports and canonical *.test.ts files stay blocked. (#63311) Thanks @altaywtf.
Control UI/models: preserve provider-qualified refs for OpenRouter catalog models whose ids already contain slashes so picker selections submit allowlist-compatible model refs instead of dropping the openrouter/ prefix. (#63416) Thanks @sallyom.
Plugin SDK/command auth: split command status builders onto the lightweight openclaw/plugin-sdk/command-status subpath while preserving deprecated command-auth compatibility exports, so auth-only plugin imports no longer pull status/context warmup into CLI onboarding paths. (#63174) Thanks @hxy91819.

View full changelog

2026.4.8

Wed, 08 Apr 2026 06:12:50 +0000

OpenClaw 2026.4.8

Fixes

Telegram/setup: load setup and secret contracts through packaged top-level sidecars so installed npm builds no longer try to import missing dist/extensions/telegram/src/* files during gateway startup.
Bundled channels/setup: load shared secret contracts through packaged top-level sidecars across BlueBubbles, Feishu, Google Chat, IRC, Matrix, Mattermost, Microsoft Teams, Nextcloud Talk, Slack, and Zalo so installed npm builds no longer rely on missing dist/extensions/*/src/* files during gateway startup.
Bundled plugins: align packaged plugin compatibility metadata with the release version so bundled channels and providers load on OpenClaw 2026.4.8.
Agents/progress: keep update_plan available for OpenAI-family runs while returning compact success payloads and allowing tools.experimental.planTool=false to opt out.
Agents/exec: keep /exec current-default reporting aligned with real runtime behavior so host=auto sessions surface the correct host-aware fallback policy (full/off on gateway or node, deny/off on sandbox) instead of stale stricter defaults.
Slack: honor ambient HTTP(S) proxy settings for Socket Mode WebSocket connections, including NO_PROXY exclusions, so proxy-only deployments can connect without a monkey patch. (#62878) Thanks @mjamiv.
Slack/actions: pass the already resolved read token into downloadFile so SecretRef-backed bot tokens no longer fail after a raw config re-read. (#62097) Thanks @martingarramon.
Network/fetch guard: skip target DNS pinning when trusted env-proxy mode is active so proxy-only sandboxes can let the trusted proxy resolve outbound hosts. (#59007) Thanks @cluster2600.

View full changelog

2026.4.7

Wed, 08 Apr 2026 02:54:26 +0000

OpenClaw 2026.4.7

Changes

CLI/infer: add a first-class openclaw infer ... hub for provider-backed inference workflows across model, media, web, and embedding tasks. Thanks @Takhoffman.
Tools/media generation: auto-fallback across auth-backed image, music, and video providers by default, preserve intent during provider switches, remap size/aspect/resolution/duration hints to the closest supported option, and surface provider capabilities plus mode-aware video-to-video support.
Memory/wiki: restore the bundled memory-wiki stack with plugin, CLI, sync/query/apply tooling, memory-host integration, structured claim/evidence fields, compiled digest retrieval, claim-health linting, contradiction clustering, staleness dashboards, and freshness-weighted search. Thanks @vincentkoc.
Plugins/webhooks: add a bundled webhook ingress plugin so external automation can create and drive bound TaskFlows through per-route shared-secret endpoints. (#61892) Thanks @mbelinky.
Gateway/sessions: add persisted compaction checkpoints plus Sessions UI branch/restore actions so operators can inspect and recover pre-compaction session state. (#62146) Thanks @scoootscooob.
Compaction: add pluggable compaction provider registry so plugins can replace the built-in summarization pipeline. Configure via agents.defaults.compaction.provider; falls back to LLM summarization on provider failure. (#56224) Thanks @DhruvBhatia0.
Agents/system prompt: add agents.defaults.systemPromptOverride for controlled prompt experiments plus heartbeat prompt-section controls so heartbeat runtime behavior can stay enabled without injecting heartbeat instructions every turn.
Providers/Google: add Gemma 4 model support and keep Google fallback resolution on the requested provider path so native Google Gemma routes work again. (#61507) Thanks @eyjohn.
Providers/Google: preserve explicit thinking-off semantics for Gemma 4 while still enabling Gemma reasoning support in compatibility wrappers. (#62127) Thanks @romgenie.
Providers/Arcee AI: add a bundled Arcee AI provider plugin with Trinity catalog entries, OpenRouter support, and updated onboarding/auth guidance. (#62068) Thanks @arthurbr11.
Providers/Anthropic: restore Claude CLI as the preferred local Anthropic path in onboarding, model-auth guidance, doctor flows, and Docker Claude CLI live lanes again.
Providers/Ollama: detect vision capability from the /api/show response and set image input on models that support it so Ollama vision models accept image attachments. (#62193) Thanks @BruceMacD.
Memory/dreaming: ingest redacted session transcripts into the dreaming corpus with per-day session-corpus notes, cursor checkpointing, and promotion/doctor support. (#62227) Thanks @vignesh07.
Providers/inferrs: add string-content compatibility for stricter OpenAI-compatible chat backends, document inferrs setup with a full config example, and add troubleshooting guidance for local backends that pass direct probes but fail on full agent-runtime prompts.
Agents/context engine: expose prompt-cache runtime context to context engines and keep current-turn prompt-cache usage aligned with the active attempt instead of stale prior-turn assistant state. (#62179) Thanks @jalehman.
Plugin SDK/context engines: pass availableTools and citationsMode into assemble(), and expose memory-artifact and memory-prompt seams so companion plugins and non-legacy context engines can consume active memory state without reaching into internals. Thanks @vincentkoc.
ACP/ACPX plugin: bump the bundled acpx pin to 0.5.1 so plugin-local installs and strict version checks pick up the latest published runtime release. (#62148) Thanks @onutc.
Discord/events: allow event-create to accept a cover image URL or local file path, load and validate PNG/JPG/GIF event cover media, and pass the encoded image payload through Discord admin action/runtime paths. (#60883) Thanks @bittoby.

Fixes

CLI/infer: keep provider-backed infer behavior aligned with actual runtime execution by fixing explicit TTS override handling, profile-aware gateway TTS prefs resolution, per-request transcription prompt/language overrides, image output MIME/extension mismatches, configured web-search fallback behavior, and agent-vs-CLI web-search execution drift.
Plugins/media: when plugins.allow is set, capability fallback now merges bundled capability plugin ids into the allowlist (not only plugins.entries), so media understanding providers such as OpenAI-compatible STT load for voice transcription without requiring openai in plugins.allow. (#62205) Thanks @neeravmakwana.
Agents/history and replies: buffer phaseless OpenAI WS text until a real assistant phase arrives, keep replay and SSE history sequence tracking aligned, hide commentary and leaked tool XML from user-visible history, and keep history-based follow-up replies on final_answer text only. (#61729, #61747, #61829, #61855, #61954) Thanks @100yenadmin and contributors.
Control UI: show /tts audio replies in webchat, detect mistaken ?token= auth links with the correct #token= hint, and keep Copy, Canvas, and mobile exec-approval UI from covering chat content on narrow screens. (#54842, #61514, #61598) Thanks @neeravmakwana.
iOS/gateway: replace string-matched connection error UI with structured gateway connection problems, preserve actionable pairing/auth failures over later generic disconnect noise, and surface reusable problem banners and details across onboarding, settings, and root status surfaces. (#62650) Thanks @ngutman.
TUI: route /status through the shared session-status command, keep commentary hidden in history, strip raw envelope metadata from async command notices, preserve fallback streaming before per-attempt failures finalize, and restore Kitty keyboard state on exit or fatal crashes. (#49130, #59985, #60043, #61463) Thanks @biefan and contributors.
iOS/Watch exec approvals: keep Apple Watch review and approval recovery working while the iPhone is locked or backgrounded, including reconnect recovery, pending approval persistence, notification cleanup, and APNs-backed watch refresh recovery. (#61757) Thanks @ngutman.
Agents/context overflow: combine oversized and aggregate tool-result recovery in one pass and restore a total-context overflow backstop so recoverable sessions retry instead of failing early. (#61651) Thanks @Takhoffman.
Auth/OpenAI Codex OAuth: reload fresh on-disk credentials inside the locked refresh path and retry once after refresh_token_reused rotates only the stored refresh token, so relogin/restart recovery stops getting stuck on stale cached auth state. Thanks @owen-ever.
Auth/OpenAI Codex OAuth: keep native /model ...@profile selections on the target session and honor explicit user-locked auth profiles even when per-agent auth order excludes them. (#62744) Thanks @jalehman.
Providers/Anthropic: preserve thinking blocks for Claude Opus 4.5+, Sonnet 4.5+, and newer Claude 4-family models so prompt-cache prefixes keep matching, and skip service_tier injection on OAuth-authenticated stream wrapper requests so Claude OAuth streaming stops failing with HTTP 401. (#60356, #61793)
Agents/Claude CLI: surface nested API error messages from structured CLI output so billing/auth/provider failures show the real provider error instead of an opaque CLI failure.
Agents/exec: preserve explicit host=node routing under elevated defaults when tools.exec.host=auto, fail loud on invalid elevated cross-host overrides, and keep strictInlineEval commands blocked after approval timeouts instead of falling through to automatic execution. (#61739) Thanks @obviyus.
Nodes/exec approvals: keep host=node POSIX transport shell wrappers (/bin/sh -lc ...) aligned with inner-command allowlist analysis so allowlisted scripts stop prompting unnecessarily, while Windows cmd.exe wrapper runs stay approval-gated. (#62401) Thanks @ngutman.
Nodes/exec approvals: keep Windows cmd.exe /c wrapper runs approval-gated even when env carriers, including env-assignment carriers, wrap the shell invocation. (#62439) Thanks @ngutman.
Gateway tool/exec config: block model-facing gateway config.apply and config.patch writes from changing exec approval paths such as safeBins, safeBinProfiles, safeBinTrustedDirs, and strictInlineEval, while still allowing unchanged structured values through. (#62001) Thanks @eleqtrizit.
Host exec/env sanitization: block dangerous Java, Rust, Cargo, Git, Kubernetes, cloud credential, config-path, and Helm env overrides so host-run tools cannot be redirected to attacker-chosen code, config, credentials, or repository state. (#59119, #62002, #62291) Thanks @eleqtrizit and contributors.
Commands/allowlist: require owner authorization for /allowlist add and /allowlist remove before channel resolution, so non-owner but command-authorized senders can no longer persistently rewrite allowlist policy state. (#62383) Thanks @pgondhi987.
Feishu/docx uploads: honor tools.fs.workspaceOnly for local upload_file and upload_image paths by forwarding workspace-constrained localRoots into the media loader, so docx uploads can no longer read host-local files outside the workspace when workspace-only mode is active. (#62369) Thanks @pgondhi987.
Network/fetch guard: drop request bodies and body-describing headers on cross-origin 307 and 308 redirects by default, so attacker-controlled redirect hops cannot receive secret-bearing POST payloads from SSRF-guarded fetch flows unless a caller explicitly opts in. (#62357) Thanks @pgondhi987.
Browser/SSRF: treat main-frame document redirect hops as navigations even when Playwright does not flag them as isNavigationRequest(), so strict private-network blocking still stops forbidden redirect pivots before the browser reaches the internal target. (#62355) Thanks @pgondhi987.
Browser/node invoke: block persistent browser profile create, reset, and delete mutations through browser.proxy on both gateway-forwarded node.invoke and the node-host proxy path, even when no profile allowlist is configured. (#60489)
Gateway/node pairing: require a fresh pairing request when a previously paired node reconnects with additional declared commands, and keep the live session pinned to the earlier approved command set until the upgrade is approved. (#62658) Thanks @eleqtrizit.
Gateway/auth: invalidate existing shared-token and password WebSocket sessions when the configured secret rotates, so stale authenticated sockets cannot stay attached after token or password changes. (#62350) Thanks @pgondhi987.
MS Teams/security: validate file-consent upload URLs against HTTPS, Microsoft/SharePoint host allowlists, and private-IP DNS checks before uploading attachments, blocking SSRF-style consent-upload abuse. (#23596)
Media/base64 decode guards: enforce byte limits before decoding missed base64-backed Teams, Signal, QQ Bot, and image-tool payloads so oversized inbound media and data URLs no longer bypass pre-decode size checks. (#62007) Thanks @eleqtrizit.
Runtime event trust: mark background notifyOnExit summaries, ACP parent-stream relays, and wake-hook payloads as untrusted system events so lower-trust runtime output no longer re-enters later turns as trusted System: text. (#62003)
Auto-reply/media: allow managed generated-media MEDIA: paths from normal reply text again while still blocking arbitrary host-local media and document paths, so generated media keep delivering without reopening host-path injection holes.
Gateway/status and containers: auto-bind to 0.0.0.0 inside Docker and Podman environments, and probe local TLS gateways over wss:// with self-signed fingerprint forwarding so container startup and loopback TLS status checks work again. (#61818, #61935) Thanks @openperf and contributors.
Gateway/OpenAI-compatible HTTP: abort in-flight /v1/chat/completions and /v1/responses turns when clients disconnect so abandoned HTTP requests stop wasting agent runtime. (#54388) Thanks @Lellansin.
macOS/gateway version: strip trailing commit metadata from CLI version output before semver parsing so the Mac app recognizes installed gateway versions like OpenClaw 2026.4.2 (d74a122) again. (#61111) Thanks @oliviareid-svg.
Sessions/model selection: resolve the explicitly selected session model separately from runtime fallback resolution so session status and live model switching stay aligned with the chosen model.
Discord/ACP bindings: canonicalize DM conversation identity across inbound messages, component interactions, native commands, and current-conversation binding resolution so --bind here in Discord DMs keeps routing follow-up replies to the bound agent instead of falling back to the default agent.
Discord: recover forwarded referenced message text and attachments when snapshots are missing, use ws:// again for gateway monitor sockets, stop forcing a hardcoded temperature for Codex-backed auto-thread titles, and harden voice receive recovery so rapid speaker restarts keep their next utterance. (#41536, #61670) Thanks @artwalker and contributors.
Slack/thread mentions: add channels.slack.thread.requireExplicitMention so Slack channels that already require mentions can also require explicit @bot mentions inside bot-participated threads. (#58276) Thanks @praktika-engineer.
Slack/threading: keep legacy thread stickiness for real replies when older callers omit isThreadReply, while still honoring replyToMode for Slack's auto-created top-level thread_ts. (#61835) Thanks @kaonash.
Slack/media: keep attachment downloads on the SSRF-guarded dispatcher path so Slack media fetching works on Node 22 without dropping pinned transport enforcement. (#62239) Thanks @openperf.
Matrix/onboarding: add an invite auto-join setup step with explicit off warnings and strict stable-target validation so new Matrix accounts stop silently ignoring invited rooms and fresh DM-style invites unless operators opt in. (#62168) Thanks @gumadeiras.
Matrix/formatting: preserve multi-paragraph and loose-list rendering in Element so numbered and bulleted Markdown keeps their content attached to the correct list item. (#60997) Thanks @gucasbrg.
Telegram/doctor: keep top-level access-control fallback in place during multi-account normalization while still promoting legacy default auth into accounts.default, so existing named bots keep inherited allowlists without dropping the legacy default bot. (#62263) Thanks @obviyus.
Plugins/loaders: centralize bundled dist/** Jiti native-load policy and keep channel, public-surface, facade, and config-metadata loader seams off native Jiti on Windows so onboarding and configure flows stop tripping ERR_UNSUPPORTED_ESM_URL_SCHEME. (#62286) Thanks @chen-zhang-cs-code.
Plugins/channels: keep bundled channel artifact and secret-contract loading stable under lazy loading, preserve plugin-schema defaults during install, and fix Windows file:// plus native-Jiti plugin loader paths so onboarding, doctor, openclaw secret, and bundled plugin installs work again. (#61832, #61836, #61853, #61856) Thanks @Zeesejo and contributors.
Plugins/ClawHub: verify downloaded plugin archives against version metadata SHA-256, fail closed when archive integrity metadata is missing or malformed, and tighten fallback ZIP verification so plugin installs cannot proceed on mismatched or incomplete ClawHub package metadata. (#60517) Thanks @mappel-nv.
Plugins/provider hooks: stop recursive provider snapshot loads from overflowing the stack during plugin initialization, while still preserving cached nested provider-hook results. (#61922, #61938, #61946, #61951)
Docker/plugins: stop forcing bundled plugin discovery to /app/extensions in runtime images so packaged installs use compiled dist/extensions artifacts again and Node 24 containers do not boot through source-only plugin entry paths. Fixes #62044. (#62316) Thanks @gumadeiras.
Providers/Ollama: honor the selected provider's baseUrl during streaming so multi-Ollama setups stop routing every stream to the first configured Ollama endpoint. (#61678)
Providers/Ollama: stop warning that Ollama could not be reached when discovery only sees empty default local stubs, while still keeping real explicit Ollama overrides loud when the endpoint is unreachable.
Providers/xAI: recognize api.grok.x.ai as an xAI-native endpoint again and keep legacy x_search auth resolution working so older xAI web-search configs continue to load. (#61377) Thanks @jjjojoj.
Providers/Mistral: send reasoning_effort for mistral/mistral-small-latest (Mistral Small 4) with thinking-level mapping, and mark the catalog entry as reasoning-capable so adjustable reasoning matches Mistral’s Chat Completions API. (#62162) Thanks @neeravmakwana.
OpenAI TTS/Groq: send wav to Groq-compatible speech endpoints, honor explicit responseFormat overrides on OpenAI-compatible paths, and only mark voice-note output as voice-compatible when the actual format is opus. (#62233) Thanks @neeravmakwana.
Tools/web_fetch and web_search: fix TypeError: fetch failed caused by undici 8.0 enabling HTTP/2 by default; pinned SSRF-guard dispatchers now explicitly set allowH2: false to restore HTTP/1.1 behavior and keep the custom DNS-pinning lookup compatible. (#61738, #61777) Thanks @zozo123.
Tools/web search/Exa: show Exa Search in onboarding and configure provider pickers again by marking the bundled Exa provider as setup-visible. Thanks @vincentkoc.
Memory/vector recall: surface explicit warnings when sqlite-vec is unavailable or vector writes are degraded, and strip managed Light Sleep and REM blocks before daily-note ingestion so memory indexing and dreaming stop reporting false-success or re-ingesting staged output. (#61720) Thanks @MonkeyLeeT.
Memory/dreaming: make Dreams config reads and writes respect the selected memory slot plugin instead of always targeting memory-core. (#62275) Thanks @SnowSky1.
QQ Bot/media: route gateway-side attachment and fallback downloads through guarded QQ/Tencent HTTPS fetches so QQ media handling no longer follows arbitrary remote hosts.
Browser/remote CDP: retry the DevTools websocket once after remote browser restarts so healthy remote browser profiles do not fail availability checks during CDP warm-up. (#57397) Thanks @ThanhNguyxn07.
UI/light mode: target both root and nested WebKit scrollbar thumbs in the light theme so page-level and container scrollbars stay visible on light backgrounds. (#61753) Thanks @chziyue.
Agents/subagents: honor sessions_spawn(lightContext: true) for spawned subagent runs by preserving lightweight bootstrap context through the gateway and embedded runner instead of silently falling back to full workspace bootstrap injection. (#62264) Thanks @theSamPadilla.
Cron: load jobId into id when the on-disk store omits id, matching doctor migration and fixing unknown cron job id for hand-edited jobs.json. (#62246) Thanks @neeravmakwana.
Agents/model fallback: classify minimal HTTP 404 API errors (for example 404 status code (no body)) as model_not_found so assistant failures throw into the fallback chain instead of stopping at the first fallback candidate. (#62119) Thanks @neeravmakwana.
BlueBubbles/network: respect explicit private-network opt-out for loopback and private serverUrl values across account resolution, status probes, monitor startup, and attachment downloads, while keeping public-host attachment hostname pinning intact. (#59373) Thanks @jpreagan.
Agents/heartbeat: keep heartbeat runs pinned to the main session so active subagent transcripts are not overwritten by heartbeat status messages. (#61803) Thanks @100yenadmin.
Agents/heartbeat: respect disabled heartbeat prompt guidance so operators can suppress heartbeat prompt instructions without disabling heartbeat runtime behavior.
Agents/compaction: stop compaction-wait aborts from re-entering prompt failover and replaying completed tool turns. (#62600) Thanks @i-dentifier.
Approvals/runtime: move native approval lifecycle assembly into shared core bootstrap/runtime seams driven by channel capabilities and runtime contexts, and remove the legacy bundled approval fallback wiring. (#62135) Thanks @gumadeiras.
Security/fetch-guard: stop rejecting operator-configured proxy hostnames against the target-scoped hostname allowlist in SSRF-guarded fetches, restoring proxy-based media downloads for Telegram and other channels. (#62312) Thanks @ademczuk.
Logging: make logging.level and logging.consoleLevel honor the documented severity threshold ordering again, and keep child loggers inheriting the parent minLevel. (#44646) Thanks @zhumengzhu.
Agents/sessions_send: pass threadId through announce delivery so cross-session notifications land in the correct Telegram forum topic instead of the group's general thread. (#62758) Thanks @jalehman.
Daemon/systemd: keep sudo systemctl calls scoped to the invoking user when machine-scoped systemctl fails, while still avoiding machine fallback for permission-denied user bus errors. (#62337) Thanks @Aftabbs.
Docs/i18n: relocalize final localized-page links after translation and remove the zh-CN homepage redirect override so localized Mintlify pages resolve to the correct language roots again. (#61796) Thanks @hxy91819.
Agents/exec: keep timed-out shell-backgrounded commands on the failed path and point long-running jobs to exec background/yield sessions so process polling is only suggested for registered sessions.

View full changelog