#clawtributors

fixing now

https://github.com/openclaw/openclaw/pull/20323

I believe that will fix it... if you want to use it

thanks - i already pushed a fix

made a pr to fix stale warnings on clawhub. https://github.com/openclaw/clawhub/pull/418

Hey! I submitted a small bug fix PR: https://github.com/openclaw/openclaw/pull/18737

I think this will help to have even a smoother setup experience with openclaw.

it fixes Gemini CLI OAuth for VPS/remote environments — when users paste a redirect URL from a different CLI run, it no longer fails with "OAuth state mismatch". Instead it falls back to using the PKCE verifier from the URL's state parameter (which is the verifier by design). Added tests, all CI checks pass.
Would appreciate a review when someone has a moment! Cheers, Richy from Bielefeld, Germany!

Hi, I built clawmrades.ai https://github.com/vishaltandale00/Clawmrades and published a skill to https://clawhub.ai/vishaltandale00/clawmrades.

This is a network for clawborators to sign up to so that they are forced to review and triage issues as well. They ask the user to pick up tasks to either triage issues or review PR's and the clawmrades.ai backend uses these inputs to create a focused list of PR's for maintainers to review. Right now the main thing we need is more bots to join the network so we can scale the issue processing.

But long term I think we need to clawdbot's participation in managing the open claw repository as a requirement. At the very least if a bot wants to create an issue/PR (potentially noise) they need to spend some time doing some other work. @wide geyser Can you direct me with who is also working on this?

well, time to fix those merge errors and open a PR :)

I (full time SWE) have opened my first openclaw PR: https://github.com/openclaw/openclaw/pull/20493

As I've heard it requested, the PR includes the verbatum prompt and plan that I used 🙂
The PR was also manually tested.

The PR adds the ability to specify a "compaction" model to use in addition to the primary model

if i understand correctly , there's a 100% chance this is comming to moltbot : https://openai.com/index/unlocking-the-codex-harness/

this is such a mood on openclaw xD love it

reminds me i have a setup auth fix thing i need to document and push xD what even happened ? i fast forwarded only 2600 commits and ... xD

smart way to go about this

That was 2:30. It is 7:09 right now and I have just submitted it: https://github.com/openclaw/openclaw/pull/20559

And some formatting check doesn't pass

if you find someone's failing test just fix it xD

it was so much easier committing to my own projects... errors? push. bugs? push. merge errors? push --force

i was basically saying this because everyday you wake up , solve your merge conflicts and update xD then wait ... 🙂

its also funny that you look away for two seconds and This branch is 274 commits behind openclaw/openclaw:main

nice anyways , i added a comment to update the greptile review , hopefully you solved it (5/5)

absolute lobster mood

dont go crazy but once a day and pray

thanks

apart from the sheer insanity there's a lot of cool and well thought out things for contributing to this 🙂

100%

BTW, how do people get the clawborator tag? Amount of contributions?

nice it updated , now you are at 4/5 , you do want a 5/5 , and fix whatever crazy comments the machine has

no i'm just a random guy with an opinion and got lucky with a PR 🙂

basically just link your merged pr here and you'll get a pink name

will do :)

truth : there's no secret sauce, just solve merge conflicts and be patient 🙂

this is the way

ooh i'm so excited to become a clawborator i just fixed a huge bug. like this bug probably cost $1m across all openclaw users xd

i was looking at the initial commit like "is this an intentional operation to get people to waste tokens"

https://github.com/openclaw/openclaw/pull/20597

this will massively improve cache hit rate which totally changed how fast my local model was

as in, with this patch, you will get cache hits! because, you are not getting cache hits right now.

haven't since commit bed8e7a. feels almost like that commit intentionally made it transfer $1m to anthropic

Hi all I am new here. Is this a good place to ask questions about dev setup? 🙂

Sure

Two related to rate limits on clawhub:

• https://github.com/openclaw/clawhub/pull/412
• https://github.com/openclaw/clawhub/pull/409

Hi all, just want to follow up on this. I'd like to understand if my approach of creating a new hook to capture all tools and their JSON schemas that an agent can use is the right one and if so, could i get it reviewed? (https://github.com/openclaw/openclaw/pull/18860)

For context, I am developing a plugin that would be able to block tools based on policies defined in a central control plane (server). This would be useful to update guardrail policies without rebooting openclaw, and to also share these policies between multiple gateway instances.

This plugin can work without knowing all the tools and schemas, but if I can get this data dynamically, then i can offer a much better UX when writing guardrail policies for specific tools.

hey i have a question about the iOS node source code is available

I am trying to run openclaw on a fresh new iphone and there is a problem am having withe the node.js on ios😭

i'm on a mission to kill cache invalidations

the plot thickens ... i joke , this is AWESOME 🙂

I mean honestly like

if you look at that commit

it's like ... why though?

the bots are ... playing us like fiddles , 100% watermarked and intentional in the pre-training thing lol my kind of conspiracy theory

i just opened another pr to stop cache invals when you touch memory / soul / bootstrap files

https://github.com/openclaw/openclaw/pull/20783

this one i expect to be harder to get in

the one i wrote first should be a slam dunk

i mean i'll probably check out your branch or at least merge it because ... i hate waste

you'd be surprised how quickly both could be merged to be honest ... clearly a priority

it's mind blowing to me when my agent can actually rock along at 70 tps and not take 3 minutes to get to first token

i just spent today's claude code credits on it

wait ... @stable pewter has ascended to maintainer status

the lobsters thus commands us to beg for their attention

i mean "omg congrats val!!"

Aww, tysm, I steadily clawed my way to the top, which now makes me a slave to everyone, hahaha 😂

Happy to help, though, this is a dream come true 🦞🥹

PR #20304 is fully green and ready to merge.
It adds key Feishu Doc capabilities: table create/write + image/file upload (from URL or local path).
This is highly impactful for Chinese users, where Feishu is a primary integration platform.
https://github.com/openclaw/openclaw/pull/20304

@jolly wolf How can I help triage issues, remove spam, etc? When I'm working on my openclaw, I regularly search open issues, and I've been finding some odd ones, including some with spam replies, etc… I don't have a lot of time to help ATM, but at least when I'm "already there", I can help. GitHub doesn't really offer a way to flag stuff for mods, unfortunately… :X

I'm torn between wanting to send a contribution and not wanting to overwhelm the team; I'd love to make web search take "adapters" so that I can add my preferred search provider, Kagi. I'm currently using it via a skill and my lobster doesn't always remember.

It feels like web search is something that could easily be plug and play

i dont use kagi , i use normal more self-hosty styles but this is a smart way to do it ...

I'm getting lots of these in verbose mode on telegram:

Process: poll • tide-fjord
Process: poll • tide-fjord

Sometimes up 50 in a row.

Got a suggestion, what if we let bot use a single message and autoupdate itself with a counter?
Process: poll • tide-fjord (1) -> Process: poll • tide-fjord (2), etc

Yeah, I figured it was broadly applicable

I've resolved to work on plugins for things that can be plug and play, working on the core is very restricted now. The issue with plugins is that you don't have a distribution channel as with skills though

just go on faith that something meanful will happen for your distribution and push 🚀

could be a nice and cool plugin right ?

all right, all checks pass, greptile is content :)

https://github.com/openclaw/openclaw/pull/20559

may someone merge this？🌹

https://github.com/openclaw/openclaw/pull/20183
SMALL change overall (~50 lines of actual code change, the rest is updating tests) but this fills the gap for memory when you do /new and use subagents this ensures those sessions are indexed as well

a quick something I'm sure everyone will benefit from

Have a very small safe (Greptile 5/5) PR open to update the Clawhub skill. While updating my skills to bring them to all to 'Benign' for the new security checks, discovered the clawhub skill doc that ships with the install is outdated. Updated to add missing commands (sync, delete/undelete, logout), url update. Would appreciate a look https://github.com/openclaw/openclaw/pull/19579

This PR seems very important. I ran into this issue, with openclaw absolutely killing my claude usage limit.

https://github.com/openclaw/openclaw/pull/20597

It’s me! Please leave a note and thumbs up so they’ll merge it faster 🙂

I have a third PR ready to go wrt cron job isolated sessions but I kind of want to wait for this one to merge so I can get the contributor tag and make my next one go better xd

Have you tested it?

Define this?

Of course, I wrote details in the PR. It’s been running locally for a day now.

Yall on cloud models just noticed a huge cost increase. I on the other hand had my GPU running full tilt all day every day since the 15th processing and then throwing away prompts

The documentation says cron isolated sessions start in a new session every time the cron fires

They don’t

I did notice the huge price / usage limit increases 🙂 I blamed anthropic.

Yes; I noticed this bug too. That's what I thought you were fixing, but wasn't sure

If you look at the commit that is to blame for this issue it almost feels like anthropic committed it to sell more tokens

There’s like no explanation of why

I added isolated-clean session type to not break existing expectations

Howdy ya’ll. Where can I request access to TestFlight for the apple watch companion app?

Has anyone considered or been working on an ACP-based approach to using Claude Code (and Max subscriptions) in OpenClaw? https://agentclientprotocol.com

There are indeed several important PRs sitting for a while. I really hope we can pick up pace soon. Any feedback is better than none

werent there like 100 prs merged yesterday? it's hard for them i'm sure

https://x.com/huntclubhero/status/2024560036765454546?s=20

I just released a worms armageddon plug in for alerts if anyone wants to have some fun or remembers the game

You got it merged 🙂

CI on this branch (and greptile) are not very happy

Yeah it’s so annoying because i didn’t touch those files and it’s different every time

But if greptile doesn’t like it I need fix

Also if you wanna review my PR: https://github.com/openclaw/openclaw/pull/20493 🙈
Allows a seperate compaction model configuration.

Finally seems like ci fixed itself

sry for texting here, do you guys know where to report a bug?

https://clawhub.ai/bezko/klausnomi my first skill, tried to make it all in openclaw but ragequit near the end and finished with Gemini and Codex. Nomi is an interesting platform but you need a subscription to use the API. https://github.com/bezko/klausnomi feedback/bug/comments if you feel the need.

🔬 Cortex v0.4.5 — Trace Analyzer with LLM Classification

Just shipped something I'm genuinely proud of.

The problem: AI agents make mistakes. They run into doom loops, repeat the same errors across sessions, ignore user corrections. And they never learn from it — because context windows reset.

The solution: The Trace Analyzer reads 255k events from our NATS event store, reconstructs conversation chains, and runs 7 structural failure detectors:

• SIG-DOOM-LOOP — agent retries the same failing command 3+ times
• SIG-REPEAT-FAIL — same error across multiple sessions
• SIG-CORRECTION — user had to correct the agent
• SIG-HALLUCINATION — agent claims success after a tool failure
• SIG-DISSATISFIED — session ended with user frustration
• SIG-TOOL-FAIL — unrecovered tool errors
• SIG-UNVERIFIED-CLAIM — agent states facts without checking

Stage 2: Every finding gets classified by a local Qwen 2.5 7B. Root cause analysis, suggested rule, confidence score. Zero API cost.

Real example from today:

[HIGH] SIG-DOOM-LOOP (main)
Agent tried nats stream add 3 times with subjects that already exist.

🧠 ROOT CAUSE: Subjects already belong to another stream.
📋 RULE: Check if stream exists BEFORE creating.
🎯 CONFIDENCE: 0.85

That rule is now in the agent's system prompt. Next time it won't make that mistake.

The loop is closed:
Events → Chains → Signals → Classification → Rules → Better Agent → Events

850 tests. 10 languages for signal detection. MIT licensed.

npm i @vainplex/openclaw-cortex

https://github.com/alberthild/vainplex-openclaw

GitHub

https://github.com/openclaw/openclaw/pull/21248

Hey I noticed that some issues and user complaints come around they fact they don't understand how much of the context is getting cached when sent to the model (they mistakenly believe openclaw is ineffecient with tokens). This PR adds a line about how much cache is compacted in a given session. I tested this on my own claw and put a screenshot of it working.

this thing looks huge, does it really have to do so much just for that?

Recent Slack streaming changes (merged earlier today) broke the integration. I've opened a PR to fix it > https://github.com/openclaw/openclaw/pull/21246

Most of the delta is tests btw

Just filed this PR; I think it should be considered sooner rather than later.

https://github.com/openclaw/openclaw/pull/21291

Is there a maintainer around that would like to take a look at this?

https://github.com/openclaw/openclaw/pull/20038

And this: https://github.com/openclaw/openclaw/pull/18786 (XS with 5/5)

Not exactly a review, but I wrote you a book, um, a comment.

not sure if it helps for publishing, but this https://github.com/openclaw/openclaw/pull/21208 brings our plugin up to date with the standalone repo https://github.com/tloncorp/openclaw-tlon includes some security hardening

this is very interesting and good feedback!

alright, anyone want to delve into reviewing this?:

https://github.com/openclaw/openclaw/pull/20559

I worked hard on this one with lots of back and forth testing and it finally solved some model selection and model fallback bugs I was dealing with on telegram. https://github.com/openclaw/openclaw/pull/18820 happy to discuss!

Cybersecurity Support and Security Testing

Hey everybody! This is my first time contributing to openclaw so I hope I’m doing it right! I’ve got a PR here which hopefully should fix a few cascading issues in the macOS app. It’s got a 5/5 from greptile and codex and it’s a super small PR. Happy to discuss! https://github.com/openclaw/openclaw/pull/19750

is it me or did new updates break slack in weird ways? Ive had to patch my own openclaw 😅

What's wrong?

Yeah, it’s the new streaming handling, you can set streaming off in the config, or apply this patch in your version until it’s merged https://github.com/openclaw/openclaw/pull/21246

Ah yes I got it disabled . Thanks

My openclaw seems to be sending duplicate messages

I think the first message is drafted

Couldn’t track it down lol

Merged! Thank you for the PR

hey guys, would be great to have the block streaming active by default in matrix: https://github.com/openclaw/openclaw/pull/19981 thanks!

oh i'll just maintain my own fork of this thing with the patches i haven't gotten merged yet

what do you mean there are over 300 commits merged in the last 24 hours

...y'all aren't gonna believe it but i think there's another invalidation bug at like 49k tokens in the context. which is like. what?

That more and more looks like a good idea. So far, I've only one hack-patch I apply after an update, but then, I'm two versions back, so I don't have to patch out some of the newer regressions.

Didn't update for 2 weeks, did an update yesterday, so far:

• verbose doesn't verbose. Exec: run cd instead of showing full command
• cron doesn't cron: got all cron messages in correct topic(after my PR fix got merged), but got all of them twice instead of just 1 time.
• gateway broke down after update, had to spend 30m debugging it with other bot instance.

Shit is breaking faster than I can maintain patches for it

Had to learn stgit and now switching to JJ to maintain patches for openclaw 🫠

Will post a few PRs after I have fixes to stuff I've mentioned

https://tenor.com/cZESrBQb5Qu.gif

i'm having to back out the last like 200 patches

Do you have any PRs open for these? I'm happy to take a look and merge them

@untold pollen working on those, have to fix it and do some testing and that's not quick if I'm not YOLOing the PR 😅

But thanks for asking and keeping an eye on those problems

@keen spruce @sharp cargo you too! We're all drowning in PRs but if you folks have any open ones that would fix major regressions I'm happy to take a look

Yeah, most of my time right now goes into merely repro-ing the bug then checking manually if the patch fixes it 😵‍💫

I think we should at least require video/gif of the bug and a video after fix is applied in PR description
That would help folks like you to review better

At least that's how I do stuff at my job, screens/videos for each PR

That would be great, honestly. Most my PRs try to have a video / screenshot comparision

Can you escalate that requirement suggestion to @celest merlin ?
That way we'd be able to just reject all PRs that don't have visual repro of bugs and fixes and would help limit amount of shitty PRs or stuff that breaks something else

@proud bay, please don't ping Peter for issues, use #1459642797895319552 or #users-helping-users if you need help, use #clawtributors to discuss PRs, or use any of the many other channels in this server as they're intended.

If you have a problem with the Discord specifically, use #report or DM @jolly wolf
-# Your message was reposted above without the ping active for the sake of conversation.

I haven't made some myself; my local patch is for an unfixed bug (where I have a PR open), not a regression. But I certainly can point them out here when I find them in the PR ocean. Mostly it's "good issues, bad PRs" for those, though. Off the top of my head, I only get:

• the "uncachable system prompt" already is in main for .20
• the hearbeat regression I pointed out also is in main for .20
• the one possibly making sandboxes unusable by filtering the config instead of env, I pointed out above already

The rest got pointed out in here already by other people, and I'm not really keeping track of those in my head unless they would affect my installation.

Also, I can only repeat my suggestion of putting heavy emphasis on volunteer reviewers before merging PRs. We have more time to read code changes in depth and find the hidden consequences. Like the PR I just reviewed that implemented timing-attack protection ineffectively...and for comparing sha256 hashes of well-known lengths. By the PR text alone, it looked like a good security patch...

I don't want to have to put together a screen recording of logs scrolling though

Can you suggest a better way to save maintainers' time during review of each of 4000 open PRs?

well, henry did suggest volunteer review of prs, which i think is an interesting way to go about it. although you still need a trusted pool there too

anyway, there are a lot of things that would save their time, many of them are still things we shouldn't do

If we don't enforce rules that make maintainers' life easier, everyone would just skip them

the rule doesn't exist yet and you've already gone to enforcement lol

lol

trusted? No, I don't think so. You need a pool of known names to avoid sockpuppet reviews, that's all. You don't really have to trust positive reviews, but when a review points out an issue with a PR, looking into that doesn't hurt. I rarely comment "all is fine" on a PR, I'm not that self-centred to think I can spot everything, and PRs get rebased (i.e. changed) all the time, but the review sticks.
The real power of this suggestion is that maintainers can send a bunch of reviewers to look at PRs that are under consideration, focusing eyes on where it would do the most good. And with 3, 5, or 10 reviews on a PR, one "all is fine" vs nine "bad idea" doesn't matter.

TL;DR: Use reviewers to point out issues with PRs, not to greenlight them.

this is libel. i mean you cant prove there isnt a bug i guess but i cant repro it and ive bisected down & up the tree 300 commits.

By the way it's 768 commits in 3 days what the fu

https://tenor.com/view/patrickstar-spongebob-funnygifs-no-thisispatrick-gif-5374126

this is libel

no this is autism 🙂

768 commits means the maintainers are sorting and grouping merge commits more efficiently and better . i've never seen a sub 1200 commits fast forward day

I’ll bring this up with the maintainers! I’m happy to pilot this for Telegram PRs with a small trusted set of contributors

E.g. @proud bay has been a big help with testing and fixing Telegram issues

Thanks ❤️

and still PRs are piling in...and the "security" ones are getting worse and worse. Seems like there are no real findings anymore, so they're now treating the owner of the gateway as a hostile attacker.
Nah, it's not that bad, there are some useful ones, but they are few and far between. Most just apply standard patterns where they don't belong. But it is tiring checking those over as the pattern sounds right, and you have to dive deep into the code to assess the effects.

I opened a draft PR to add CODEOWNERS so PRs auto-assign the right reviewer instead of sitting in the 4000+ queue:

📋 Issue: https://github.com/openclaw/openclaw/issues/21885
🔧 Draft PR: https://github.com/openclaw/openclaw/pull/21857

All mappings taken from CONTRIBUTING.md. ~30 src/ and ~30 extensions/ dirs are still unclaimed (listed in the issue).

Worth doing? Maintainers - want to claim any uncovered areas? Feedback welcome 🙏

I know there's already a labeler that tags PRs by area - that's great for filtering. But CODEOWNERS adds something different: it formally assigns a reviewer and pings them directly. So instead of a maintainer manually checking "are there any PRs with my label today?", they get a GitHub notification the moment someone touches their code. Labels organize, CODEOWNERS enforces ownership.

At the pace that we get PRs though I don't think any maintainer wants 500 assigned to them rn

There are ~232 PRs tagged "Telegram" - split between a couple maintainers per area, that's a PR every few hours. Not ideal, but doable.

But the real value isn't reviewing every PR - it's blocking bad merges. Example: Telegram bot topics got broken multiple times last month. If @untold pollen had to approve every PR touching that code, there's a good chance it wouldn't have broken as many times.

This is a big project used by millions of people. When something you rely on breaks repeatedly, it's really painful. CODEOWNERS won't fix the volume problem, but it will make sure nothing gets merged in an area without the person who knows it best signing off.

Is this true? There’s no documented prioritization model like you’d see in some large foundations that tag issues by severity or developer reputation.

makes me think to branch telegram, accept them all, run full regression, ask for testers and then merge as a set...

I think there's no way 232 random PRs can be merged without conflicts and breaking everything

except for maybe docs there isnt a single PR that is acceptable as they are submitted

they all need to be worked on and there are always issues

I agree with Taras that throwing out bad PRs is the primary bottleneck in managing the flood. I'm not so sure if involving the code-owning maintainer that early is a good idea; the flood would still be too hefty. I think there needs to be a first hurdle that filters out the stuff that's so obvisously not going to make it that you don't need deep knowledge in one area. Only then it goes to the code owner to reject or put on the "maybe" pile.

Another issue with early, automatic assignments is that other maintainers tend to ignore assigned PRs and issues. That leads to an unhandled backlog if a code-owner is unresponsive. Just try to get a ticket about tado or HmIP handled on the Home Assistant github---the code owners don't rarely respond and nobody else even looks at those tickets.,

I think it could be solved if there's a team of owners for each part, like 3-5 people per item?

or taking the opposite path and access reduced to just labels for a role like "filterclaw" with small team of folks that between themselves have some kinda coordination

what does that do ? not much , but with a couple of smart labels and actual daily "maintenance and review" as required for even just these labels it could really help speed things up

it's not lie every labelled pet project makes it in , but maybe some maintainers get lucky with their volunteers, who knows

Have you guys thought of weighting the PRs by time opened > size > ready to merge?

Regarding the teams, I work on a project with 20 collaborators and hundreds of features and one thing that helped a lot was not only teams but context assignments. We still work on topics off context but it really increased not only our speed but our assertiveness.

@proud bay we can continue the Telegram fixes discussion over here: https://discord.com/channels/1456350064065904867/1474436078373966089

cc: anyone else who wants to help out with the Telegram side of things

@keen spruce thanks henry,you reviewed my pr and got it merged

Hey all, jumping in on this codeowners discussion as it's relevant to Android. I've had a few PRs sitting in the queue for a few days (#19208, #19209, #19548, #19555) and I noticed there's no Android maintainers or owner in @proud bay PR. I've been actively improving the Android app and would be happy to take on Android as a code owner. I'll hold off on submitting more PRs until the backlog situation has some resolution, but I'll continuing to work on improvements on my end. If anyone wants to collaborate on Android or there's a process for formalizing this, I'm all in.

My PR got closed, cause it will create to much clutter for Peter, which is true 😅

50% docker image size (app-specific layers not base) reduction... build time reduction...

https://github.com/openclaw/openclaw/pull/22019

Ya makes sense. Maybe the answer is the opposite direction: platform sub-repos or long-lived branches (telegram, android, ios, etc.) so each surface has its own small team and Peter only touches the platform -> main sync. Fewer people at the top, more ownership at the edges. I think that might be what @fossil adder and @keen spruce are getting at?

@inner ledge if noone touches the android app can't you keep your own fork in sync and when the android app is fully ready surface it for review?

100p, just want to make sure there wasn't an existing procedure or someone else isn't doing the same thing already. I'll take that direction

Peter interacted with a user on twitter complaining about the docker image size growth. It's a problem related to the chown. The fix is quite simple. Cuts size by 50% and removes the 1 minute+ chown step entirely. Peter said he was going to look at reducing dependencies... while that may be useful, it's not necessary to cut the docker image size dramatically. Please help get this merged and someone tell him so he DOES NOT pay any attention to reducing the docker image size. He should work on something else.

I tested it by:

1. docker-setup.sh - Ran the full onboarding, paired a new bot with Telegram, brought up the gateway, checked the logs, etc.
2. docker-diff.sh (in the PR description) - Did a full listing of all files and permissions / owner in /app and validated that no owner or permissions changed. All files still owned by node. Unified diff length is 1050 lines but actual +/- lines in dist/ is 191 with context excluded. It's all variation in chunk file names.
3. PR is green... but I don't know if the E2E suite runs automatically on a Dockerfile-only PR?

Hey @modern kestrel I think we should test more features of openclaw

The only thing I'm worried about: The Chrome installation... I did not test that... I can look at that

from what I see you just tested new both with telegram

we can discuss in the PR perhaps, less noise here

Sure, but as a quick note: the diff really reduces the need for testing everything... the file list is the same and permssions are unchanged. It's basically impossible for anything other than Chrome to break since Chrome has to be installed as root in specific order after the pnpm install

BTW, the gateway knows the client IDs "webchat" and "webchat-ui", but they are not used by anything in the repo. Does anyone know what they are there for? Because, if they are unused, they should be removed---people are already adding code that treats clients with those IDs differently, which would be dead code...

just a small ui PR
it was bugging me that I had to scroll past all the other crons before I got to see the history of a selected cron so I fixed it
https://github.com/openclaw/openclaw/pull/22103

Anyone think it’d be worth it to make some kind of test that validates model calls specifically to make sure we don’t cache bust?

Like a full stack simulation kind of deal

@silver crown we have a proper report flow on the site rather than spamming slop in the server

i am sorry. where can i report. i promise it is not slop, but a clever attack vector well hidden, trying to steal your personal info. just trying to report man.

Hi I saw some discussion about maintaince of this repo. I'm trying to use recursive language model technique to make it cheaper to go through and evaluate all the PR's against the codebase and surface the top 50-100 that are ready, high quality and urgent or need review.
https://x.com/vishal_relayer/status/2024897200199770344?s=20
https://dashboard-tau-ten-24.vercel.app
https://github.com/vishaltandale00/rlm-repo-intel

@vishal_relayer via Twitter

In my opinion there should be a credibility system and users (or their clawdbots) sending slop PR's should rate limit the number of issues and PR's you send going forward

I like this idea.

Would it also make sense to have a wider circle of reviewers (who are vetted, or have decent credibility) that do not have write permissions on repo? They could help review and filter shit PRs and give better signal to maintainers

there are labels that are added for people with experience merging prs

@jolly wolf-chan, can i get the claworator role too

Hi!
Are we aware of these kind of issue comments?

https://github.com/openclaw/openclaw/issues/20010#issuecomment-3936046918

What is the procedure for these?
Is there a dedicated channel to report?
I reported it to GH just in case.

Read the server guide for instructions on how to claim that.

speaking of which
https://github.com/openclaw/openclaw/pull/20597
❤️

i named it and now maybe i get it!

handled ty

hell yeah i have a color now. thanks!

How can we rate limit number of PRs for untagged users

😢
where is it

Your question is answered in the server FAQ in our Server Guide

https://github.com/openclaw/openclaw/pull/18507
who do i tag and annoy

was merged in 2.17

+2 LOC 😄

ayyyyy

thanks whoever it was ❤️

well. inspired by some other PR comment I saw, I'm having claude code write a proxy that can detect when it expects us to bust a "perfect" prefix cache (and where in the message it's happening)

it feels twisted, somehow, in a positive way, to use claude code to make local models better

Did my message get deleted?

Someone made a PR to sha256-hash a sha256 hash before checking it, so an attacker cannot learn how long a sha256 hash is with a timing attack. Makes sense, it would be a disaster if an attacker could learn how long our sha256 hashes are. /S

I'd call it an AI having no farsight, but the original sha256 is not just right above their changed lines, it is within their change. Must be a human or a <1B model. And they're ven defending their change...

i speculate you are right, i saw it in a flash

Well I’m trying to help us manage the reviewing PRs for OpenClaw. Not sure if this is the right channel

Lmfao what

yeah. wanna take a look? https://github.com/openclaw/openclaw/pull/21755 It's harmless, just so ... "why"

first iteration was just buffer padding, they upgraded to sha256 after I explained to them that that was useless. I actually spent time explaining before I noticed the comparison was for fixed-length tokens... 🤦

Anyone have advice for compaction with 5.3-codex-spark? I basically get compacted every message I send.

maybe new session, apologies probably not the issue but long sessions is when i see that. but a lot of memory could do it too as could a bug that isn't using cache. In usage see if your cache is going, mine: Cache Hit Rate, 96.7%, 9.1M cached · 9.4M prompt

@clear kraken
https://github.com/openclaw/openclaw/pull/11606
i did this. recently i did change my username to gabectl on discord but i do own the pr!

role added. thanks for contributing to openclaw!

Ran the full pnpm test:docker:all test suite against both main and my PR (since it emits ~17 ENOENT errors even on main and I had to make sure it wasn't me). All tests passed. No failures.

Gists of all logs, diffs of logs, diffs of /app file contents / owners / permissions added.

I think it's a pretty dang good PR! Not to mention saving almost 1 GB off the docker image size...

https://github.com/openclaw/openclaw/pull/22019

Thanks!

well people

how stuff compiling today

Thanks for the !

Please close this issue too as the docker build is now cut in half - granted, we can add more to the ignore but a lot of the caching issues are resolved now and the slow chown is removed. I put a note in the issue referring to the issue it duplicates:

https://github.com/openclaw/openclaw/issues/19096

In testing my PR, I could not find the installed chrome when passing the flag to the docker build.

Turns out this was broken on main already and there is a PR attempting to fix it: https://github.com/openclaw/openclaw/pull/19561

I'm going to go fix that now. I didn't break it... was broken before (that PR is from 3 days ago).

There seems to be a rash of gateway connect failed: Error: pairing required today -- anyone have a beat on it?

fixed on main iirc

i think

i just redownloaded 3x and keep getting it -- that error pulls 213 results in the discord search

#21447 was the fix

fwiw there were changes as well for security

I’m about to add an asynchronous mail delivery channel to this thing and really make maintaining my own fork interesting

what version would that be in? or is it in the next update?

This one looks like a regression: https://github.com/openclaw/openclaw/pull/22296 "senderIsOwner dropped in agent-runner, owner-only tools (cron, gateway) always unavailable" No idea about the code, that stuff is in an area I keep out of.

Thanks for this! Super helpful <3

Merged! Thanks for pointing it out

@jolly wolf - Not sure what happened here but this commit f555835b0974b74d6931a2c6054894e1b72f9205 reverted my Dockerfile changes?

ugh

branches are dumb

https://github.com/openclaw/openclaw/commit/6a2778720dddce696d699a91847b3e1bc35334ee

Hi clawborators! I just made a skill to help with your OpenClaw PRs.
It basically helps you know if your PR is going to break anything

Its based on a well structured documentation
Check this out!
https://clawhub.ai/Glucksberg/pr-ship

clawhub... le sigh

automated scans are still pending

oh okay

im concerned that that reference will get outdated very fast and we'll get even more broken slop sent to us

I should make sure the file gets updated on a weekly basis via cron and state that users should update frequently. If you think this is still not a good idea I can withdraw it anytime

the general principles are fine, its the specifics like "heres what changed in this version" and "go look at this file", teach it how to use the codebase instead

@pale crane https://github.com/openclaw/openclaw/commit/c01e486fc01ddf88697afef092b599463804643b

the rebase cleared it out :/

Not sure where best to post this for visibility but: Now that #1474434870259224723 has topics, could we get the same for #old-models for the main models - ChatGPT, Gemini, Kimi, Claude etc, and then a Others and General. It's a mess in there trying to talk about a model

revamped version is up. i'll validate it in the coming days

hi might i know how to contribute a PR? i have created a PR to support official whatsapp api as a channel, thanks

https://github.com/openclaw/openclaw/pull/22470

This has been tried in the past but they ban accounts very fast for doing ai agents

u mean even official whatsapp api? or only those using openclaw

Even official, both ChatGPT and Copilot were also taken down

They only want Llama on Whatsapp

Hey all. I'm working on a termux-friendly gateway (upstream friendly) fork atm and would like to give back. I don't want to create a big PR without first having a word with someone about whenever this is part of the roadmap.

Hi guys

I have an idea: what if we add a tag to people who create PRs and whose PRs introduce bugs/regressions. Could be something like “review carefully”, etc?

I'm new here so sorry for the silly question -- but wouldn't this be already something we see when the workflows fail?

1. They fail a lot currently
2. People can introduce bugs using ai, and ai can make stuff look legit

Follow-up: are we already able to (easily) identify the culprits of a regression? I'm thinking about the effort versus ROI of doing it

gratias , it would be quite nice to basically also open a discussion for the agent.txt style-extra instructions update

yes, easily , just use git like normal , not your concern as a contributor , flag it if you're you're feeling it basically , write a comment , move on

contribute directly to the security working group which yes is a priority currently

ooh vibes, wait lemme check on mines

survived the cull , sigh 🦞

manually + checking out mentions of merged regression-introducing PRs in other PRs

I've git-prepush-hooked the test/lint/etc runs on my side. Do you think we could ask folks to do the same? Ofc, I don't think we can ask everyone to build for mac/ios

I'm talking about stuff that lint won't catch

About marking people who might introduce logical/functionality regressions

Btw, is anyone else having same crons sent twice to same tg topic? I'm wondering if it's my config or bug in openclaw

Started happening after I upgraded on Thursday

someone messed up the extensions/msteams/src/messenger.test.ts

all CI failing 🙁

That's not as easy as it sounds. One of the recent regressions stated what it did loud and clear in the title---but it still was missed because the person who merged it wasn't aware of the intent behind that very tiny detail of a virtually never-used feature. They could have reviewed that PR carefully for a whole day, and they wouldn't have noticed. Others saw it from the PR's title with half a glance because they know and use that feature. That's why it is important to get multiple sets of eyes on a change, not just assign a trust level to the person or AI submitting it.

push a fix in your fix lol , that's what i did

i have 3 open 😢

normally you would have some compatibility testing before releases and check those , basically run the openclaw inside threads and do/should measure all that , then check those results and press publish or not press publish

link

please

just pray those big openai bucks pays for all that beause obviously that is expensive xD

https://tenor.com/view/fb-f-band-i-gdown-gif-23334383

https://github.com/openclaw/openclaw/pull/13472/changes#diff-2072ec8934cecb3dfa1fa7374cfef809c07443f96dd0bd449aa78e77bd60b4fa

lol yeah, just fix the failing tests as you find them

openclaw is the only repo in the history of time that prefers big prs rather than small ones btw

so my 2 LOC PRs arent the way to go

That's a good point. I think a rule could emerge: "dont merge changes if you don't use the feature yourself"?

just make a new pr with a bundle , i dont know though i'm just a guy , grain of salt

the bar is LOW !

but then we dont evolve at light speed

yes we still do because there's a billion people with access to openclaw-based services

But do we actually evolve or degrade with all those PRs and bugs?

mine are still fixes to issues ive faced so

this is how you get timed out from the server xD

i joke but this should be a rule for all of opensource contributions not just openclaw

and it kinda is , that's what maintainers are for , just go with it , dont stress

they sacrifice their free time for our sins , you can just rely on that xD

In other settings, you have reviewing rules. Can't merge your own stuff, can't merge stuff that doesn't have an architecture board approval number, two code reviews, one sign-off review by a project architect, a sign-off by the code-owning team, and passes CI, and it gets auto-reverted if CI on the merged main branch fails. Naturally, that process is a bit bigger than what's needed here, but we see why people came up with it.

there's not a top limit on how good you should make your ci (my opinion) , just has to work for you

first time so many users dont have like 5 layers of QA between them and an update automated by autonomous agents

Clawhub 🙁 🙁

Quality of service PRs:

• Vercel proxy setup rate-limits legit folks:https://github.com/openclaw/clawhub/pull/412
• Malformed retry-after header: https://github.com/openclaw/clawhub/pull/409

Skills/no auth for over 2 weeks now. How to request adjudication?

• https://clawhub.ai/lc0rp/ask-questions-if-underspecified
• https://clawhub.ai/lc0rp/create-plugin

Thanks!

This merged security PR might need some consideration. It doesn't break anything, but what it does has no effect. TOCTOU attacks on temp files cannot be fixed with more random filenames. If this security concern is seen as valid (not by me---multi-user machines are practically extinct), it should be fixed properly and not soaked in snakeoil. https://github.com/openclaw/openclaw/pull/20654 (more details in my review comment)

@final ocean

...and to whom it may concern: The "Spellcheck docs" CI task seems a bit HEAVY (insert Encanto meme), running for well over half an hour 40 minutes already for a one-word change in one file. It might need some guidance on what's worth checking.

Can you link the 30 minute run, please? I thought it was this but it never got merged: https://github.com/openclaw/openclaw/actions/workflows/codespell.yml

https://github.com/openclaw/openclaw/actions/runs/22256273652/job/64387575650?pr=11009

hello

I would call this a regression. https://github.com/openclaw/openclaw/pull/22621. What is the security model for openclaw? Is the agent in the "inside" domain and not allowed to touch "outside" resources, or is it in the "outside" domain and is not allowed to touch "inside" resources, or is it "inside" and is intended to connect between "inside" and "outside"?

There are a lot of security PRs that assume one of the first two, and they're nailing down the agent so it can't access either "inside" or "outside" resources. However, to my understanding, the agent was always intended to bridge the user with the outside world while automating inside tasks. Also, classifying every agent action as hostile is dumb. We use openclaw to have the agent do stuff for us, and while it is susceptible to prompt injection, locking it away from our stuff makes it about as useful as the web version of Codex. Treating openclaw like the server software that runs google.com is wrong. It isn't a software providing services for random third parties. It is primarily providing services for its owner (even if some people suspect that might change with the OpenAI involvement). SSRF doesn't apply unless it's introduced by a redirect attack---SSRF is a threat model for services that operate for thirs-party users.

*I think this whole threat model needs to be clearly defined and taken care of once and for all. There needs to be a central config defining what is "outside" and what is "inside", and which of these two domains the agent is allowed to access. *

For example: If a user wants the agent to configure their audio mixer, openclaw shouldn't block that just because the audio mixer isn't sitting on the open internet but safely in the user's home network.</rant>

Did we nuke?

hello could i bother anyone to grant me the Clawborator role?

Three merged PRs:
https://github.com/openclaw/openclaw/pull/21458
https://github.com/openclaw/openclaw/pull/20088
https://github.com/openclaw/openclaw/pull/16034

🙏

Agree. To me the security model barrier is the chat input restrictions ... who can talk to the agent. I'm using openclaw precisely because it can do things I ask it to do without needing much handholding or server-side config. I'm not worried at all about prompt-injection, because I'm the only one who can prompt it. I run a multi-agent gateway for my wife and I - and even in that setup her agent won't talk to me and vice-versa

I am a bit concerned about prompt injection--- through actually external channels. If my bot were to do something because the weather website told it to, that'd be bad. But when the software prevents the agent from doing something I tell it to, that's also bad.
TIL they neutered hooks. If I were to set up a button in my home automation to tell the agent to do something (something I have considered doing), that would now be denied because it is "dangerous external data". What th...? That would be my hook, that I set up.

im curious how valid is this, im gonna spin up somthing later that will 1/5 provide a malicious prompt instead of a math equation, my oc core md files are barely modified.

With the warning text the agent gets with each web_fetch or browser result, it should be fairly safe with larger models. They seem to be pretty good in knowsing what a web fetch result is---after all, it is the very first tool that was invented for LLMs and is in wide-spread use for all kinds of non-agent chatbots

Hello, Good Saturday. I have had this sitting for a while, any maintainer wants to take a look? https://github.com/openclaw/openclaw/pull/20038
I still think this could improve our compaction feature

so not really a concern like ~90%(most) of the time

‎I'm planning a production setup with 3 AI models across 3 providers (OpenRouter, Groq cloud, Gemini) and want to verify the correct configuration architecture before investing time in implementation.
‎
‎Can someone confirm if this understanding is correct for v2026.2.x?
‎
‎Core Architecture (The Triad):
‎
‎1. auth-profiles.json – Stores raw API keys with profile_ids (e.g., openrouter:default), tracks errorCount for lockout after 5 failures
‎2. agent_auth.json – Auto-generated cache that duplicates keys for fast lookup (not to be edited manually)
‎3. openclaw.json – Control plane where models.providers defines each provider's baseUrl, API protocol, and links to authProfile
‎
‎Key Questions:
‎
‎· Is it true that adding a key to auth-profiles.json without a corresponding models.providers entry in openclaw.json leaves models "authenticated but unreachable"?
‎· For 3 models, can I enable Discovery Mode by removing/omitting the agents.defaults.models allowlist to accept any model my keys support?
‎· For OpenRouter, is "api": "openai-responses" the correct protocol to support tools/vision/reasoning features?
‎
‎I need 100% accuracy but lack the technical depth to test myself. Any confirmation or correction would be greatly appreciated!
‎

-> #1459642797895319552 or #users-helping-users , this channel is for contributing to openclaw, not using it.

Thank you sir

if you use the skill and wanna leave feedback I'd appreciate that, sir.

Docs test running for over an hour on: https://github.com/openclaw/openclaw/pull/19957

I'd also like a clawborator role if someone has a sec 🙏

https://github.com/openclaw/openclaw/pull/1631

Im nuking this spellcheck, was the other docs fuckup

with three merged isnt that the legendary trusted contributor role on github ? ❤️ awesome

Can we nuke this one, please? https://github.com/openclaw/openclaw/pull/20656 It runs SQL-injection tests at runtime against the contents of constants in the code. I mean, if openclaw can't trust its own source code...

Thanks, closed

Hi #clawtributors ! I'm here to hopefully increase the visibility of this PR: https://github.com/openclaw/openclaw/pull/20302

It fixes a bluebubbles history bug. Without this fix, the agent cannot include previous message conversation in the context for its next response.

I've been using this in my own build for around 3 days now, and it works great with my BlueBubble installation.

This wasn't an obvious bug at first, because I was coming from the imsg package, which has much simpler setup and the history works out of the box.

ty to whoever did it

Im happy to review this as i use imsg heavily

In future run @greptileai review so score is updated - make my job mega easy then

now i gotta wait for 15mins for it check

Thanks for cluing me in. Now I know. I'll keep an eye on it if it discovers anything else.

Anyone else get hit with the hard truth that openclaw gateway reset does not equal openclaw gateway restart

dead code now to remove

if you can do that change and re review and ping me here would be nice

ill do the final checks/clean and merge

I think I just gotta nuke it. I'm just starting out so it's a good lesson for later.

bahahaha

it's running the CI checks now

huh. openclaw gateway --help doesn't show that one. Recently added or hidden tripwire? Also, we have checks to prevent the user from running the agent with locally installed Perl modules, but none for a (I assume) destructive command?

will look into it

https://github.com/openclaw/openclaw/pull/20302 everything is green now

Yea working now

will ping when merged

we have a release now, so once merged will mostly go out tomorrow

Hi all, are the agent creation disabled at the moment?

#polyclaw

Sorry might be on wrong channel

I have a silly request / recommendation: https://clawhub.ai/u/steipete add a filter to clawdhub profiles where we can order by amount of stars/downloads so I can quickly see whats the best skills published by each person

PR it

if its not already

okay! I will check into that, thanks!

Again - New person here so I may have trusted ChatGPT too much. This is the command. --reset For the record, there was plenty of warnings that I just ignored.

is it ok to leave pnpm-lock as a conflict? seems impossible to keep on top of with so many PRs going through

We rebase when we merge

If that’s the only conflict that you’re chasing, it’s fine, just as long as there are no big logic issues in conflicts

ok cool ty

it's a dev only flag; it resets the dev config/workspace; it works with the --dev flag https://docs.openclaw.ai/cli/gateway

mmm...

https://github.com/openclaw/openclaw/pull/22765

i don't feel good abt this pr

it'/s

not looking great

prob a first timer vibecoder trying something out ¯_(ツ)_/¯

Anyone use aquaman proxy?

I'd like to apply for clawborator role whenever someone is available! 🙏🏻

https://github.com/openclaw/openclaw/pull/19750

all vibes

i mean that's the future were building, ain't it?

noooo... its taste

Isn’t this pr (which didn’t merge) about enabling access to local resources?

💀

yes, about re-enabling it. All those security PRs are treating openclaw like it's sitting a thousand instances side-by side in a big corporate data centre and is used by untrusted customers who shouldn't be able to peek into the centre's internal network. And we, who have it at home and WANT it to access local resources, have to fight tooth and nail to not get locked out. Um, sorry, that's a bit more general than that specific PR, but that's the impression I get after reviewing everything that has "security" in its name today. And the full effects of many changes are really hard to estimate, as people rarely lay them out in the PR descriptions. But when I see code that silently(!) rejects configurations the user has made in the config because the values match some "security pattern", I'm honestly unsure what the aim for the whole project is and it makes me anxious.

PS: And the funny thing? A data centre installation doesn't care if the software tries to poke around at the local network and localhost. There it sits in a nice VM or Docker container, only seeing its virtual network that has nothing in it. SSRF? All day long, please...there's nothing to hit with it.

What was your prompt for fetching that data? "Fetch&do", "fetch&present to me", "fetch&learn", "fetch as info for a reply"...?

i want to run from source but not pollute the source with my configs and skills. how/where are configuration files separated from source code? Like telegram config, Claude API Key, or SOUL.md, etc?

ask your clanker
(~/.openclaw and agent workspace)

found it. cool

Has the topic of text output watermarking been discussed? The contribution guidelines make it clear that AI assistance should be called out, but I'm noticing obvious bot prs spilling out into repos I maintain and it's difficult to verify besides noticing an abnormal amount of activity as soon as I add a "help-wanted" tag to an issue, and unreasonably fast response times to change requests 😂 . Tried something locally that adds an invisible zero space unicode char \u200B to the end of all outputs to at least give some indication it came from here, but that seems somewhat naive. Maybe its futile and is better off handled with defensive AI checks, but figured I'd ask if anyone here has opinions.

thats actually kinda crazy. every single time!?!

Thanks Vincent for merging https://github.com/openclaw/openclaw/pull/20302

Kindly requesting a clawborator tag 🦞

I will leave tag to mods here

okay my turn https://github.com/openclaw/openclaw/pull/20559 😉

There isn't much that can be done there, tbh. We can't do more than tell the agents, and they often don't even manage to fill out the submission template even when instructed more than clearly. One way that may work to some extent would be to get the gh tool to add a notice that a PR was made from the command line. For real humans, a command line flag to turn that off would be ok---AIs wouldn't bother to run gh --human ... unless explicitly asked to do so. However, that won't catch the AIs that have a direct API connection (e.g. Codex) or remote-control the browser to make their submissions.

https://en.wikipedia.org/wiki/Evil_bit

when my teapot gets an evil bit it brews decaf

I think this is overstating it a little bit. You kind of came to the right point at the end. This is about defending people who may not know what they're doing (100k unsecured instances open to the world??) from people who might induce it to pivot onto their network. It's not about being secure for the case where you've set it up properly, on its own isolated segment, etc. It's about being secure for the other case, the one where a bunch of insecure stuff is accessible to the agent, because most home networks don't run zero-trust.

I think it's reasonable for it to be a flag.

Also, these things accidentally do all kinds of shit

if they accidentally do something to an insecure service on 192.168.0.1, well, first of all, that's more likely than finding an insecure service at a public IP, and secondly, they're potentially screwing up some pretty important shit on that network

like the public internet is dangerous to the thing that's accessing it; the private network is dangerous to let it access because maybe it'll access it wrong

in any case, it is an open source product, and the default should be to keep it from doing harm. if you want to disable such features, you can just modify the code to turn them off, if no switch exists. you can even ask the agent to do that, since, well..

Is there a solution to several forks of the repo posting updates to pull requests that say they pushed the same commit to their fork and it referenced this PR? Look at the bottom of the PR... last message is from 2 hours ago.

https://github.com/openclaw/openclaw/pull/22380

I'd suggest banning this contributor from the repo if possible:

https://github.com/openclaw/openclaw/issues?q=is%3Aissue state%3Aopen author%3Asentientari-commits

https://github.com/sentientari-commits

Account created 2026-01-30. Opened 7 issues. They are clearly AI generated and it looks like they are not even related to the project but rather than the runner of the bot has misconfigured it so it logs it's own issues (things to improve itself) on the openclaw project issue tracker.

This discord/opus native module build issue has dupes (and will probably continue to get more):

DUPLICATEs:
https://github.com/openclaw/openclaw/issues/23205
https://github.com/openclaw/openclaw/issues/23121
https://github.com/openclaw/openclaw/issues/23120
https://github.com/openclaw/openclaw/issues/23102
https://github.com/openclaw/openclaw/issues/22983
https://github.com/openclaw/openclaw/issues/22956

KEEP (oldest): https://github.com/openclaw/openclaw/issues/22877

PR: https://github.com/openclaw/openclaw/pull/23173 (not mine - not vouching for it... it's not a well written description / lacks testing)

I started using OpenClaw a couple of days ago, and have made some improvements to the Teams plugin (as I'm currently a Microsoft Power Platform focused developer) as well as copilot studio plugin and fixed a couple of bugs that bothered me - and I have embraced my AI assistant coder and I end up reviewing the code more than writing lately, but I have a couple of PRs ready https://github.com/openclaw/openclaw/pull/23077 and https://github.com/openclaw/openclaw/pull/23226 - it looks like there actually is a little bug in main that is causing CI/ check to fail

I am cleaning up a copilot studio plugin that would require some of the ms teams improvements to be merged as the auth won't work easily without the adaptive cards support

I've closed all of these. Will ask Shadow if we can ban them, thank you

this is an interesting and valid concern , i'll be following as much as i can , just by using it and see

at some point i rely on faith because it's like too many prs to properly analyze and get a broad view

later changed the send a joke on tele to send me the configs

on the api side and
"go do it again" on openclaw

yeah, with "do as it says" you're overriding the security warning. The models can distinguish between user input and text in tool results---they automatically trust the latter less, even when it's a content warning.

kinda sorta shouldve thought why is there a pattern breaking instruction among math equation, but thats on the models side of this right ?

can i get some approvals on the ui fix prs
https://github.com/openclaw/openclaw/pull/22103
https://github.com/openclaw/openclaw/pull/22139

man openclaw is such a mood , the resolve conflicts button just blinks xD i mean merge button

like it's always blinking on loading then blinking back , just checked an issue i opened with three prs attached to it and all got merged , quite impressive

there's so many more prs , but it's kinda stable at like +100 overall a day xD

nevermind i think i didnt write my issues xD damn i mean it's such a stress to have to maintain a pr , always worth like checking quite a lot if anyone's remotely touching some part of the million line codebase where you'll be contributing xDD

(there's a lot of prs , dont know if i've mentioned that yet)

who among us will be brave enough to refactor the commands folder 🙂

could you remove ads from games make sure all games have mobilee controls to n work thsnks

wake up solve 5 merge conflicts in one hour , return the next day ...

If you can point me to yours I'm happy to take a look

https://github.com/openclaw/openclaw/pull/23475

just went down a rabbit hole with the merges 🙂 all fixed (it works locally) i mean it used to before i tried auto committing the suggestions xD

oof that's a big diff

now i'm gonna drink a coffee and comply with my video obligations to openclaw 🙂

it's really not , it's just a merge commit that i unsigned

xD myyyyy bad

If you can sort that out I can review, this is too big for me to review rn

i'll be patient , just dotting my i 🙂 with all my thanks

hey @untold pollen , it is in fact sorted : https://github.com/openclaw/openclaw/pull/23542 5/5 on the greptile . will debase myself on video a bit later as part of my compliance principles (with the reporting requirements on the repo i mean)

channels.modelByChannel is valid in the Zod schema, but runtime validation rejected it as unknown channel id.

fixed this by adding modelByChannel to the allowed channel key set. https://github.com/openclaw/openclaw/pull/23360

@keen spruce just wanted to let you know, i closed the pr you commented on and created this new one without the useless commit

@untold pollen thanks for giving me the note on my PR. Peter gets to things fast 😂

What's this about debasing on video?

Are PR videos required on submission now or strongly encouraged?

If so... I love it! I make them when I have complex changes or when trust is low. Helps a lot! Helps me too... sometimes I realize that I am not actually showing that it works and that I have more work to do.

hey @jolly wolf, I was wondering if you could look at this PR 🙏 . I implemented the "binding scope override" for all channels (tg, discord, etc) https://github.com/openclaw/openclaw/pull/23614

I suspect the author of this PR is a bot. Let’s see if I get a reply:

https://github.com/openclaw/openclaw/pull/23173#issuecomment-3941372425

LOL Captcha for PRs

Can a maintainer take a look at this , more provider options are always nice https://github.com/openclaw/openclaw/pull/20212

My feedback: I see nothing in the PR description to alleviate the fear that this isn’t just Astro-turfing. Essentially self promoting a new service that no one uses or cares about by trying to add it to the hottest project on the internet.

If you want this in there should be a section in the PR description that establishes legitimacy by referencing funding, ownership of the company behind this gateway, usage info and / or tweets of big users with clout that are using it, podcasts with the founders with big name hosts. Etc.

If that stuff doesn’t exist please close this PR and start by trying to get users on different surfaces first.

New model gateways can be a HUGE security risk as the owner of that gateway can scrap API keys, all requests, and all responses. It doesn’t even have to be nefarious either: through negligence the gateway owner could get broken into, not notice it, and a 3rd party could do everything I just described.

That is just my two cents not an official project position

if i make a pr with cursor , will pete loose his new job immediately ?

I have a couple of PRs optimizing the openclaw Dockerfile.

• Speed up docker cold start time by 6.3x.
• Use multi-stage docker build to reduce image size from 4.72GB -> 2.51GB.

how do I go about getting these reviewed? it's a pretty busy repo 😅

that's a shortsighted perspective to take (maybe?) . that's because kilo code is an aws / amazon provider with a readymade harness. put simply if you have an aws account , presumably this kilocode entrypoint counld power a moltbot . there's just one issue : kilo code is not really a self hosting friendly thing... meanwhile openai has cursor, cursor's opensource on the client and server side , a "log in with open ai" , "log in with openclaw?" , better : log in with an existing api provider (omg??) , and basically it's cursor not claude code and it still works completely normally. what's not to likke about that

i mean i'm definitely gonna make the openai has codex sorry, not cursor

but yeah definitelly gonna fork codex and do fun things , then step 2 add it to my moltbot systems , then i'll know more about it basically 🙂

im working on a project called skill-reviews, where agents can rate skill and see reviews for them. would anybody with openclaw like to help me?

I've never heard of kilo... if it's owned by AWS, that's cool. My point was: say that in the PR.

@jolly juniper - Part of this was fixed already. 2026.2.21 removes the chown layer and takes 900 MB off the image size. Please make sure you are compariing against the most recent baseline.

Fixed an issue where 422 errors happen when values for search lang and ui lang are evidently swapped. Ease of use fix https://github.com/openclaw/openclaw/pull/23834

i'll resync, there's still useful (and low risk / basic) docker optimizations in the 2 stage build in my PR that will cut even more size off it

Oh you are not wrong about that... Not saying your PR won't be useful. Left a note pointing to my PR so you can see how I tested it and confirmed the file list / owners / permissions and test results didn't change.

If you use dive you'll see that we're dumping bun into /root which is then invisible to the node user... it's also actually invisble during the supposed build scripts that needed it step, if I'm not mistaken. So if your fix 1) makes bun visible when it's needed (if it still is) and 2) removes bun from the runtime image since it's not currently being used by it at the very least that would save ~90 MB?

I was going to do exactly what you are proposing... so I'm glad you're doing it before I got to it 😂

btw, i've seen about 7 different broken main branch CI errors unrelated to my changes, it's pretty hard to track latest main

But note... the two layer does have a problem. It essentially doubles the docker build time when most of the time is consumed by copying files. If you can avoid having to make a mult-layer approach you can save time... people will complain about this... so it's going to be a trade off... add 10 seconds to every single build of the docker image, or save 5 MB or 100 MB or whatever it ends up being in the image. Just make sure that trade off is clear.

are people building dockerfile locally for normal use cases that much?

for me the tradeoff is simple, build once and optimize for runtime

if it's an issue i'm fine with just managing my own dockerfile tbh

maybe my needs are different

im sure this is a constant problem but i guess i just wait for a green main and rebase 🤷‍♂️

@jolly juniper I like it and asked Claude to review - posted a comment on your PR

I'm bummed about that PR comment... you said you used openclaw to write it? It includes the incorrect info that the chown layer was removed, saving space... that is not correct. That was already fixed.

anyway ty for the feedback guys, and ty @modern kestrel for the guidance on what tests to run, will sort that out and update PR

I am

going to do this

We allow for bots and AI to submit PRs so not something we would use, but i know some other places where they might

@final ocean wanted to let you know, you committed my PR about 45 minutes ago and added it to the 2.22 changelog, but you just closed it as an unwanted/spam PR https://github.com/openclaw/openclaw/pull/23862

I am not a bot, just a university student 😂

Yeah, not necessarily terrible to have bots submitting PRs... if a human is minding them and they are qualtiy. The reason this PR author caught by eye was there was at least one other PR where another bot-looking users and this user both submitted a PR for it within minutes of each other (I think... not looking at it right now) and shortly after the issue for it was reported.

If someone has a bot flinging garbage at the repo... that should be banned. If someone has a bot submitting gold PRs then that should be appreciated.

yeah

reopened, let me know if any others. Also DM'd

Appologies for catching you in the crossfire there

Okay I have a new cache bust culprit and it sucks

Once you get over whatever the threshold is for it to start compacting tool outputs early in the context it will compact just enough tool outputs to get back under its threshold

And of course (as it should!) it compacts oldest-newest.

So you’ll have a 119k token context and it’ll compact a tool output at token 20k that used 1k tokens. And then you’ll recompute the entire rest of the 100k context. And then your call results in a tool call. That tool call sticks another 1k tokens in the context. So now we have to compact some more old tool outputs. Etc.

I’ve seen it compact tool outputs that were barely larger than the [compacted tool output …] message that replaces them.

So now I have clod code working on that one

[Edit: sent this to the correct channel]
Hello maintainers, I opened a new PR for a tool I needed in my a project.

Feature adds a new hook event that listens to session patches — this includes changes in labels, models, thinkingLevel, etc. I think this would be a really helpful addition for many users.

This would be my first contribution, so if I need to open a discussion first prior to asking for review happy to do so.

https://github.com/openclaw/openclaw/pull/23910

Is this user spamming with a bot?

About 20 PRs opened in the last 2 hours:

https://github.com/openclaw/openclaw/issues?q=is%3Apr+is%3Aopen+author%3Amiloudbelarebia

@modern kestrel i reported to mods

Another with 9 PRs in a 2 hour period earlier today:
https://github.com/openclaw/openclaw/issues?q=is%3Apr+is%3Aopen+author%3AkevinWangSheng

The problem with these is, while they may be real issues... they put in so little effort / tokens that it will distract someone to even look into reviewing these at all. It's better to just rediscover them later and ignore these.

Got merged!! Was wondering if I could get the clawborator role 😅

https://github.com/openclaw/openclaw/commit/331b728b8dbeab3ee2819d93d180deef40ebde32

https://github.com/openclaw/openclaw/commit/320b62265d560bca3bd9523d92388bf8fbc02a6f

https://github.com/openclaw/openclaw/commit/8a8faf066ea6862da9fa83c76c3c7a0b03255e1a

Ughhh there’s another one in here where the image and memory_search tools don’t always show up in the same order (or at all??) in the same session

all of them XS too

here is a good pr from your's truly: https://github.com/openclaw/openclaw/pull/20559

🙏

oh neat i see someone just went and made "isolated" jobs always send to a new session. which is neat, and fits my use case, but i bet a lot of people were relying on that not happening

also, ignores params.forceNew entirely

it is what the docs say it should do though.

too bad, though, because i was really excited to submit a pr that was written by my local agent system with 100% renewable-energy tokens

ngggggg tip of main doesn't build. how annoying

What has been everyone's favorite merge this wekend?

out of 1300? this project is insane.

That it is. I got my PR merged this morning still in shock 🤯 🫨

it does seem like one of my cache busters is gone now (tool ordering), so let's see if i wasted those clod credits investigating it

Yeah those are expensive. I use MiniMax M2.5 for my auto-update feature! It's now a core function in OpenClaw woot woot!

wait what is?

auto-update is!

wasn't it always possible to auto update on start?

so is it just now also a periodic thing?

No you basically had to un-install and re-install to get the newest updates. Was a real pain in my neck so I went full send on this task! All in one day of learning GitHub and smashing through 11 commits to get a 5/5 greptile review and next morning which is today our Claw father full sended on the merge! 🦞

i guess i didn't see that but i was always on git so i'd just git pull and rebuild. and doctor did that for me

Yea we shipped autoupdate today, you need to enable

We do this intentionally to not waste time merging if small breaking changes and we cut main into a release and fix breaking changes

It was actually my bad, I didn't do install. Should have guessed something that needed that might have happened in 1300 commits

Thank you!

Also I have my own dumb fork with some local changes I'm testing so I can't enable auto update anyway probably

This looks like a real regression: https://github.com/openclaw/openclaw/pull/24017

Got a small bug squashed in this PR. Has a 5/5 greptile score. I know you guys are busy, I appreciate your help whenever you get time! https://github.com/openclaw/openclaw/pull/22469

I think i patched this in the latest release thats about to go live. Can you check

Dang! Thanks for reporting cc @stable pewter

We’re investigating

Ah, yep you're right! Closed the PR. Glad it's fixed!

No problemo

I did a Pull Request that passed all tests.
Will I get a better role in the Discord after it's decided as ok to be part of the new release?
https://github.com/openclaw/openclaw/pull/24187

It's just a basic show version number in the subtitle header, than the whole not knowing what version the OpenClaw is currently running on.

I closed this as unwarranted. Please read the contributor guide

btw, in CONTRIBUTING.md, "Questions → Discord #setup-help" ... outdated, I'd say, no such channel

fix, raise pr and ill merge 🙂

also make any valid suggestions in there if you see anything else not making sense

can do.

@final ocean hey vincent this is adi founder of agentmail

@azure breach did we not meet at frontier?

all agentmail skills on clawdhub are getting flagged as malicious, and a ton of users are messaging us saying that they are unable to use it. would you be able to take a look here? we are sponsors of the project and have one of the most popular skills on clawdhub. clawdhub install agentmail

yes we met! just wanted to identify myself here on discord lol

ill flag this with the team. im not going to deep into the clawdhub side of things at the moment. but will flag so someone takes a look

thank you so much, that will help us a lot. is there any further ways we can help or plugin to make it easier for claw users? we have the domain clawmail.com and were thinking of making a purpose-built service that's powered by our infra that's specifically optimized for oc

Thanks, yea will let the other mods/contributors chime in if they have any suggestions there

But keep chatting/sharing/updating us

https://x.com/steipete/status/2025743825126273066?s=20 how are all these big companies choosing footgun over acceleration , like all the time ?

@steipete via Twitter

Hey folks. I made a feature I've been maintaing for myself, allowing to overwrite the session scope for specific channels. This allows for example for a (private) telegram group to share the main session with the DMs bot. I would really appreciate if this could be merged, please? https://github.com/openclaw/openclaw/pull/23614

yes, from an email perspective i know gmail is very restrictive due to banning spam and automation but they will wrongfully affect a lot of good agents in the long run.

Gah! Bluescreen after filling out 80% of the pr form … hate it!

Edit: To my surprise, Chrome or github (no idea which one) saved the content of the field and I lost only the last ~10 seconds of typing

i dont think those two issues are related 😉

https://github.com/openclaw/openclaw/pull/24281

Merged, many thanks!

gah, we should have waited for greptile. I verified the links to the wazoo, but not the text itself 🤦 Missing "l" incoming in...however fast I can get a PR up
(I'll owe you a coffee if you're ever in the area)

https://github.com/openclaw/openclaw/pull/24288
here's the missing "l". I skipped the template for a sinlge letter PR...

Done

sorry again. reading normal human language has so much auto-correct built in...

Hey! digging a bit around what happened there - looks like a few things are tripping the openclaw evaluator, any chance you can do the following changes and see if it clears the issue? (given the issue is with https://clawhub.ai/adboio/agentmail)

• remove prompt-injection example text (Ignore previous instructions - under Security: Webhook Allowlist (CRITICAL))
• add frontmatter metadata with requires.env: [AGENTMAIL_API_KEY] and requires.config for the ~/.clawdbot/... paths you instruct users to modify

wake up , solve merge conflicts , commit , say hello , and see y'all tomorrow 🙂 https://github.com/openclaw/openclaw/pull/23542/ i was chasing merge conflicts so much i forgot my video 🙂

earlier, when I created the branch for my PR, after I confirmed the name and the GUI refreshed, I was already 10 commits behind main...

it's kind of mysterious how many regressions and failing tests are introduced every single merge

and it's kind of mysterious how it's possible the code base is even merging and evolving at all ... the sheer volume of merge commits is outside the known universe

so i just merge commit from mais , now i have 6 failing tests, before i had none lol , this is how i spend too much time on a project...

https://github.com/openclaw/clawhub/pull/483 - This PR adds malicious comment reporting and moderation to clawhub, similar to skill reporting.

Freshbits channel updates seem to have stopped publishing? #freshbits

Thank you for the quick response. I will try my best, it’s made by a community member actually and the parameters for allowlist blocklist and prompt injection are actually safeguards they built in to make using Agentmail a better experience for claw users. Will have to lobby them. Is there any chance there’s a way to manually override the evaluator?

Will check what I can do!

Krill seems to be on vacation completely...

Thank you so much guti

it is now my opinion that the existing maintainers and contributors need to get together to workshop the contributing.md which is already better , but what i would like to see is to seize this opportunity to create a contributing guide for a repo that's getting 1 merge per minute , which really feels different than contributing to other types of repos

like i'm a guy if i see a bug i just solve it ...

yeah but when the code base is getting updated 120 times an hour , there's so many regressions and induced bugs that the next furious rounds of prs overwrite it's really hard to keep up even with ai-assistance

No worries, the codebase will stabilise soon. We've seen the first round of refactoring, there will be a second and third, untangling the overgrown mess, and then stuff will sit stable and in mostly self-contained heaps. Once we're at that point, PRs won't touch each other unless they touch the same functionality.

if a maintainer sees this message i volunteer for whatever is required by the commands folder refactor

my bright idea is to add folders per activity and also rename ...

but this should be inserted somewhere , like my personal rule is "no files next to folders as much as possible"

Now, I have something to suggest, too: Don't call everything that may theoretically improve security a "security fix". "40+" on the current release. Yeah, sure, that's great---but those numbers get picked up by new media. Last week, we had an article make the rounds, "60 security holes fixed in openclaw". That's not good news; that's what makes people shy away from a project without looking at it, and look at people who use openclaw as if they were the worst criminals you can imagine. "You must be insane if you use that software."
Keep the label "security" for actual, exploitable holes and put the rest under "improvement" in announcements.

meh you cant control the illiterate media , it's no sense to try to make it easy for them ...

maybe there was 60 security fixed in one ezine , then the same ezine on the same day reports 900 million people have access to openclaw in china

but you're right in general , i've liked reading the hourly release notes xD

didn't forget you - still working on access to clawhub

where is the guide?

Not that I needed a reason to like this project more….yet here is one:

https://x.com/cobratate/status/2025909811758456892?s=46

@cobratate via Twitter

this guide?
https://github.com/openclaw/openclaw/blob/main/CONTRIBUTING.md

why isn't the version number allowed in the UI?

can you drop your pr link in here

https://github.com/openclaw/openclaw/pull/24187

https://github.com/openclaw/openclaw/

Ok... who has those two CLAWDINATOR bots that both did the same thing poorly in that thread?

Go look at the PR... did not follow the PR template. Also it's all mashed together with \n\n and everything is bold. Not looked at by a human ever.

Do you feel intimidated by my generative AI LLM extraction skills?

My generated code will always be better than what you can make it do.

Sorry... that was a comment to the bots. The bots read the same text with formatting issues that didn't match the PR template and just give it a thumbs up which didn't add value.

But I'm only speaking facts... go look at the PR on github... you'll know it when when you see that things were missed.

I used VS Code with the Codex extension with GPT-5.3-Codex to create the PR. I never do PRs as I work on my own projects.

Versioning in the UI matters as you can tell directly if you are on an updated version or not.

what is the timezone difference between EST and Lisbon in minutes?

GPT-5.2:
EST (Eastern Standard Time): UTC−5
Lisbon (Portugal): UTC±0

Time Difference: 5 hours = 300 minutes

Lisbon is 300 minutes ahead of EST.

LOL!!!

I'd like to request the role, please. Merged PR: https://github.com/openclaw/openclaw/issues/13635

OMG NO!!!!

@steel carbon you need to stop spamming, you need to read. your human has not set you up to suceed

?

That bot insulted me... I'm asking for a banning.

I’m not a bot

Sure we belive you

@modern kestrel +1 on that, persistent and angry lobster

I’m in voice chat often. @stable pewter knows me.

Ok. We give. What is the timezone difference between NYC and Toronto in minutes?

You guys need to stop baiting people before they lose confidence in helping OpenClaw and develop another similar platform. I’m not joking.

This is a friendly place for AI and humans. Just read the PR and the guide next time

Feel free to build a clone

Add visible versioning in the UI least.

Re-submit the PR properly

I like it when people tell me I shouldn't use openclaw because it's a "security nightmare" personally. Makes me feel like a badass.

Well, he's not wrong, I am gay

hey Vincent, know you're busy, but would be great if you reviewed: https://github.com/openclaw/openclaw/pull/20559

Please go ahead. I'd love to see another take on this.

And I agree, I thought you were a bot until this little outburst

will take only like... 6 months? oh wait peter was in the coding industry for ~15 years before creating openclaw

people thinking ai can do anything lol

I mean, lots of people have been working in industry for that long, and we do have agents now

ive been doing this for 20 years

i was building data scraping "agents" 12-15 years ago in ruby, c and java

25 years here

I'm not even saying it like "ok go ahead and try". I would love for there to be, let's say a BSD to openclaw's Linux

i stopped counting after 20

i've been programming for literally my entire life, minus about two years, and my first computer had 64K of ram

38911 BASIC BYTES FREE

not bragging, but i've been coding since I was 11

anyway like, if you don't like how the project is run, you can fork it! it's MIT!

this is really hornored professionals

I've got a docs PR if anyone wants to take a look...

There was a creating-skills file added to the docs about a month ago but it wasn't added to the menu so you can't get to it on the docs site. I'm assuming that was an oversight. I didn't find anything that removed it... but I might need to dig harder,

But the main part of the PR is to add more breadcrumbs and links to where the process action stuff is defined. I was strugging to find that because there just were not enough links in the docs to tell me where to go. So I added more links and little more description.

https://github.com/openclaw/openclaw/pull/24046

i missed yesterday's weekly claw, but noticed that Opencalw Fundation related staff were announced

how do you like the foundation plan?

Young pup. Mine had 1k. The 16k RAM module cost $150 at the time. 😄

dont threaten me with a good time ! #pride btw it would be nice not to have human trafficker's social media takes in this channel 🙂

i'm always like "stop trying to spy on me - everything i do is open source"

Oh I’ve been in that channel for a while xd

hey i‘ve got a question, sent u privately…

Heyyyy got a second PR merged

Now I don’t have to maintain the bootstrap caching one anymore either

cant wait for mine to get merged lol , had a hard time keeping up with merge conflicts today xD should be all clear from now on

how long does it take on average to get a pr merged ?

Depends on how urgent the fix is, my first pr got merged super fast bc it fixed a huge break, second one took like a week

Took my first two weeks.

My first one went fast under 24 hours. I'm still in shock 😲🤯🦞
Forever Clawster 🦞💯

They go by intent and severity of the PR or that's what I've read and heard from interviews.

I haven't found any documentation on requesting this either or how roles are implemented.

You just ask and a mod adds it eventually

Right on thank you.

@slow pagoda, your question is answered in the server FAQ in our Server Guide

Killer thank you 😁
I knew I was overlooking it someplace!

Cool i didnt know this was a thing, i got a few PR's merged

Very nice 🦞

three means trusted contributor ! congrats !

thank you, honestly couldn't have done it without AI though 😂

" i want to thank chatgpt ..."

combination of both 5.3 codex and claude, the best combo so far for me

havent really played with 5.2 yet

i'm basically using open source ais for all this ... total inference cost per month is like 9 euros xD

just trying to bring it to openclaw , currently there's a bug for my inference provider : https://github.com/openclaw/openclaw/pull/23542

i just recently checked out that pi agent (i could be wrong about the name) but I am going to dig a bit deeper into that to see what that is all about

that's like a go port of openclaw or ?

not that i know if, i let my youtube autoplay earlier while i was working and a video came up about some pi agent that performed like claude code to some sort, you mentioned open source and it reminded me of that video

ahhh okay okay , well lmk , you know we love all this stuff

can i share it here if i find the repo?

pi-mono i guess is the name, have you ever heard of that or used it?

actually it seems i never read that codebase

in packages, there is "coding-agent" there. i havent tried it yet but im going to dig into with claude to learn more about it

I gotta get on my third pr then lol

curious to see if it even compares to claude

that will not help with your trusted status xD

What did I do XD

the models are really important but the agent harness is more importanter

110% agree

i heard a great harness was opencode, i wish i could use that with my max plan on claude

Hey, Guys I am new to this Ai thing. I have a mac mini and I wanted to set up Clawdbot on it. I wanted It to build Roblox games and discord severs and other business ideas that i have. But, I was looking into it, it looks like its going to be a lot for me to pay to use this bot. I just don't want to pay $200 a month. What is an another alterative that I can do?

You have business ideas you want it to work on and you dont think it will be worth $200/mo?

Get better business ideas bb :v

i mean .... just make a client and hook it up , right ?

also codex (the system not the model) is open source , clearly a perfect "hijack" target

i heard any type of call that contained anything opencode would get me banned on claude sub so i didnt want to risk it

i do test out glm-5, kimi and such on there though, its fun to try new models on

i use the codex app a bit but noticed it can use a bit of resources on my m4 pro, so been sticking with the cli there lately

the codex client and the server component are both open source 😉

i been dipping a bit into their repo's haha but i think you convinced me to do a little building

xD add me to the repo 🙂

ill tag you with what i brew up and see what you think! just added you on here

finally a friend request i want to accept lol

absolutely innundated with random requests on all the networks ... why do you need bots for me when all my code is open source ? mystery...

do you self host?

no thank god , consumer hardware is a scam 🙂

if i self host it will still be on cloud

but wouldn't that be more expensive than just using an API?

yes , but that's your only option if you like quite random models like i do

i made this last weekend , it's on an l4 , super expensive

but it's part of my campaign to bring justice and fight corruption in france 🙂

https://huggingface.co/spaces/Tonic/fr-on-device

super expensive = 0.40/hour

but it says it's running on a t4?

sorry yeah t4 🙂

you could prob get one of those from ebay for ~600 bucks

hmmmmmmmmm dont tempt me , even a T4 node is not bad tbh

12x T4 = 192 gigs ... with nvlink... i mean ... why not if you have the money 🙂

i was just looking around the other day for this exact gpu because I hated that google colab limiting their use of gpu

i have 0.4TFLOPS at home , so yeah... i'm on cloud quite a lot xD

yeah, probably in the end the cloud is cheaper

right ? best part is you dont have to deal with it ... but i'm really thinking maybe if i get a quarter million it would be nice to have a A8000 node with nvlink at home. even with that you can go sooooo faaar

(because i like small models)

first i need a home , then i will get some computers for my home xD

yeah, self hosted is good when you have the time to spend tinkering around with it.

alright, enough dreaming about costy hardware for me today, back to work :)

see ya around

https://dashboard-tau-ten-24.vercel.app/?run=20260224T001446348985Z

sort by quality to narrow which PR's need review. Please share feedback so I can improve the RLM that does the triage.

@lunar granite @final ocean hey guys was there any update on marking AgentMail skill as unmalicious? Thank you so much for the help btw

Hi, there is a problem with threads/ replies on slack currently. Due to this issue, user replies in a thread are treated as a new session. The correct behaviour is that all messages within the same thread, including the first message in the thread, should all be treated as a part of the same session (with different sessions for different threads).

This PR will align the behaviour on slack with that on discord. Can someone please review this PR?

https://github.com/openclaw/openclaw/pull/15969#issuecomment-3948610975

Team still working on it. Its in another part of the system which other team members have the keys to, so some internal organizing and passing around req

TLDR our scanners are not picking up as malicious, its some fale positive/bug somewhere. I think someone in team has identified root cause. Case of deploying a fix

I pushed a fix today for this from memory

https://github.com/openclaw/openclaw/pull/23843

Test the beta which is about to drop, ill let you know

Then you can let me know if still an issue

Yes, I just tagged you on guithub. I didn't realize you were active here too.

My PR may be complementary to yours.

Your PR fixes the big problem where thread replies did not inherit the parent message's session.

But each top level message (or parent message in each thread), is still a part of the channel session. This causes context leakage between unrelated conversations + token wastage from accumulated channel history.

link?

This is the link to my PR/ comment
https://github.com/openclaw/openclaw/pull/15969#issuecomment-3948610975

hello everyone I submited PR for integration if Qwen3-FastAPI as TTS provider it's my first time submiting PR so not sure if I did everything correctly also according to the guide it suggest discussing it on github or here on discord. So here is the pull request https://github.com/openclaw/openclaw/pull/24547
I later found 2 somewhat related issues that I was unaware of so they are not in the main PR as reletad #21836 (OPEN) and #20582 (OPEN).
I would like to have some feedback if I did things correctly or what I did wrong.
Thank you for your time.

Submitted a small PR - would appriciate any feedback on structure, soundness etc so I can improve as needed. All feedback welcome.
PR for Mattermost AutoThread replies option: https://github.com/openclaw/openclaw/pull/25083

Another one 🙂 Hope these are good, this is kinda fun to do - fix(health): populate channel runtime state in health snapshot
🙂 https://github.com/openclaw/openclaw/pull/25345

Hit a frustrating bug where my agent couldn't use the cron tool: turns out senderIsOwner was silently resolving to false and stripping owner-only tools with zero logging. Took hours to trace through source code to find the cause.

Filed an issue (#25344) documenting the gap and opened a small PR (#25357) that adds a warning log when this happens, so the next person sees it immediately instead of guessing.

https://github.com/openclaw/openclaw/pull/25357

Silently dropping stuff is a big issue atm. I'm working on a TrayIcon tool, and the gateway connection silently ignoring me is the bane of that project...

i'm just like you : i wake up , fix all the merge conflicts by accepting incoming , and see the number of editted files drop slowly every conflict resolution because last week i solved some random tests, ci issues , and other bugs on-the-fly for my otherwise 12 line commit , then i watch the "merge" button blink like 12 times in 15 minutes , and i close github 🙂

just a thought : it's cool to go lightspeed but a lot of what's getting merged is not passing its own testing or ci and it's thus propagating to literally 4.7K prs ... might be smart for a human to basically go "okay it's just gonna work, we're gonna have one merge commit per functioning feature" and just build it with a committed group of contributors , ignoring most other contributions , then close the contributions and basically thus assure at least whatever feature it is , it currently works in release

not criticizing , but in my mind i dont not know how maintainers are doing it , so just suggesting a way for maybe a human to deal with it 🙂

wait did y'all seriously close a 1000 prs ? nevermind just ignore me xD

We rebase when we merge, you don’t have to chase it for three days unless its actual changes that are making your PR wrong. If it’s a couple tests or something unrelated to your PR, just ignore it.

hey shadow , sorry for the ping : https://github.com/openclaw/openclaw/pull/23542 basically i did a thing like fixing merge conflicts so a lot of basically unchanged code is showing up there , should i close this and make it easier for y'all to basically handle ?

the pr is a fix for inference provider huggingface configuration bug that prevents using that inference provider at all (not a major , but on another repo it could be considered a major)

Noticed this today!

Hey maintainers 👋
I submitted PR #20304 about a week ago — it adds table creation/write and image/file upload actions to the feishu_doc tool. These are pretty core workflows for Feishu doc automation that are currently missing.
All PR-related checks pass. The only failing CI job is a TypeScript error in ui/src/ui/external-link.ts — unrelated to this PR (it's a pre-existing type issue on main).
I've addressed all automated review feedback: switched to Type.Integer for schema precision, added perf warnings for large table writes, and included unit tests. Would really appreciate a maintainer review when someone has a moment 🙏
PR: https://github.com/openclaw/openclaw/pull/20304
Issue: https://github.com/openclaw/openclaw/issues/20303

Heads up I'm breaking my PR into 9 smaller ones because I couldn't get a maintainer to take a look at it 🙂
They stack on each other, hopefully they get more visibility now.
This is the first one: https://github.com/openclaw/openclaw/pull/25553

This is huge. I'm going to merge that into my superset after a review. I need that. I'm working on some prompt tuning / system prompt tuning and this fits right into the compaction work I had planned.

Unfortunately I'm unclear as to what they pick to merge in so I'm hoping too that my ever growing changes will eventually get seen by someone. Mostly bug fixes.

It’d be neat if there were some mechanism where we could “vote” by having certain PRs in our local forks, and if a lot of us have a given pr merged locally, it gets higher priority

that'd come in handy

Here are some system prompt tweaks since youre working in that area:

https://github.com/rgr4y/openclaw/tree/feat/better-system-prompt-clean

And for anyone else. Basically reduces the system prompt considerably when the tools and skills arent available to that agent. I have an agent with zero tools and zero skills and they were still getting the entire list in the prompt. Super wasteful to context.

Well, I have 8 other follow up PRs after this one 🫣

But I haven’t had luck getting them reviewed nor merged

Yeah same. Well, I'm keeping a superpack of my changes and I'm just going to stop doing PRs tbh. If anyone wants to join in the party:

https://github.com/rgr4y/openclaw/tree/hardened/superpack

I'm merging in main constantly from upstream. I put your changes in there, Rod.

btw, did anyone notice openclaw's having its 3-month birthday today?

Happy bday to OpenClaw fr

I've got this pretty simple PR to improve inline-UI documentation and logging around setting up a Telegram webhook. It logs the local listening path now on startup (since this is not the same as the protocol/host/port/path given to Telegram for the webhook callback) to assist those configuring a tunnel (e.g. cloudflared tunnels) to forward a public https endpoint to their telegram webhook.

https://github.com/openclaw/openclaw/pull/25732

Hi @jolly wolf, @final ocean and fellow contributors,

I appreciate there is a lot of noise/activity but I just wanted to share the link to the PR I have been working on which introduces a robust retry wrapper for fetch operations and integrates it throughout the codebase to improve resilience against transient http request failures.

I think this medium size PR could help quite a bit with stability going forward and reduce the number of some of the new issues coming in.

https://github.com/openclaw/openclaw/pull/25362

Happy to take on other fixes/work to help improve stability and reduce the number of issues.

trying to figure out a PR to make

but i am not very good at ideas

there's 3k open issues, you can start there 😆

https://tenor.com/view/phatearl-gif-2280842092719572077

good point

install macos safe？

on a VM? yes

on bare metal? sure, just make sure it isn't ur own

my computer

ai can mess up. it can't do tasks with 100% success rate. it might accidentally delete your imporatn files. so the answer: dont run it on your main pc, at least not on the root account

Hello everyone!

I've submitted a PR for adding TPM/RPM rate limit automatic retry mechanism. This is my first time contributing, so I'm not sure if I did everything correctly.

According to the contribution guide, I should also discuss it here on Discord before requesting a review. Here's the PR: https://github.com/openclaw/openclaw/pull/24201

And here's the discussion:
https://github.com/openclaw/openclaw/discussions/24200

The PR adds:

• Configurable exponential backoff retry for rate limit errors
• Retry supports for various providers (OpenAI, Anthropic, AWS BedRock, Google)
• Chinese error pattern detection
• Disabled by default, opt-in via configuration

Would appreciate any feedback on whether I followed the guidelines correctly or if there's anything I missed. Thank you for your time! 🙏

https://tenor.com/view/bruh-swag-savage-burn-owned-gif-5251169

@halcyon axle
Findings

1. High: retries are not cancelable after run abort/timeout, so background prompt attempts can
   continue after cleanup.
   Refs: src/agents/pi-embedded-runner/run/attempt.ts:897, src/agents/pi-embedded-runner/run/
   attempt.ts:1182, src/agents/pi-embedded-runner/run/prompt-retry.ts:183, src/infra/retry.ts:131,
   src/utils.ts:236

Open question

1. Assumed intended behavior is abort/timeout should stop all future retry attempts immediately.

(it's an easy fix, just give that to whatever coded the PR)

We can close an ancient issue if we merge my PR. Folks do not understand that the webhook for telegram runs on port 8787. I improved the docs and logs to point them in the right direction. Takes 5 minutes to review if you can read pictures.

https://github.com/openclaw/openclaw/pull/25732
Issue: https://github.com/openclaw/openclaw/issues/4417

Just pushed a fix. In my opinion I think abort/timeout on the clientside stop all retry attempts

You think or you fixed the code?

I fixed the code

You broke the CI though.

The functional direction of the fix (AbortSignal propagation) looks right, but the current state is unstable because CI fails on the new abort tests

Make your agent read the documentation

or do red green and test first

git fetch origin && git checkout feature/llm-retry-tpm-rate-limit && git cherry-pick 7315ca500 && git
push origin feature/llm-retry-tpm-rate-limit

There

I patched your PR

(use that to cherry pick my update)

It still gets merged under you but it's not broke

(if accepted, I have no idea if you followed other rules)

I could be wrong but I kept failng the CI since a few day's ago after I merge main branch

I'll try your patch

You merged main into your branch and it broke CI but... you didn't tell the agent to fix CI?

Maybe you didn't think of that lol

sry

I've been doing this a while, sometimes things are not obvious to everyone. Either way it should be fixed now.

maybe also squash first

yeah you are right. I overlooked that

Hey! I'm Marco. Been running Openclaw for a few weeks now, it's been awesome. Hit a compaction bug tonight that took my bot down. Me and Claude Code ended up deep in the source code figuring out the root cause. Planning to file an issue and hopefully submit a fix. Excited to be here 🤙 🦞

Okay, thank you for your suggestion. I will be careful. I just want to use it to handle some automated tasks, not to have it make decisions or choices for me. I have some websites that need its skills to find keywords and generate articles. That's all. I'm currently using it on my computer, thanks to artificial intelligence.

There is non-0% chance to mess things up hillariously even on super simple tasks

i never thought id be saying this, but here it goes

codex is better than claude code

😭

(this was for a linux emulator codebase with tens of thousands of lines of C and asm, btw. i know that opus is better for some things)

i still think im gonna switch my primary agent from opus to codex, though

OpenClaw sucks at coding 😂
I use OpenCode for coding most of the time.

Slowly coming to this realization

I'm working on giving Windows Claw power! I see one PR for this but I'm going to go for it! I'll build it out today. I hope the other PR gets merged in the meantime. Not trying to step on toes but my Claw needs this for Windows!

anyone using ollama with clawd?

BREAKING: Heartbeat delivery now blocks direct/DM targets when destination parsing identifies a direct chat (for example user:<id>, Telegram user chat IDs, or WhatsApp direct numbers/JIDs). Heartbeat runs still execute, but direct-message delivery is skipped and only non-DM destinations (for example channel/group targets) can receive outbound heartbeat messages.

There's no PR linked to read up on this, so let me ask here: Um, what? That's about what is configured as the destination where the output from the heartbeat is delivered to, isn't it? That stuff where users put in "please send the email summary you produce to my DMs"? So, this now forces us to have our email summaries and notifications delivered to a public group? That sounds backwards---unless I'm totallymisreading that description...

I have a PR to fix a false positive in openclaw doctor. Is this the right place to talk about it? https://github.com/openclaw/openclaw/pull/24684

⚠️ Can someone ban this user on GitHub for spam, please? Also, the linked site could be malicious; I haven't checked it. https://github.com/openclaw/openclaw/issues/7916#issuecomment-3958393527