#clawtributors

also can be skills etc

Attached in Summary section. https://github.com/vezaynk/openclaw/pull/1 Still need to do some PR verification though

watched the video, interesting feature. I didn't know telegram could do inline queries like that. read some / skimmed rest of the code and first feedback is: you better vibe up some tests homie 😂 i can't comment as to whether this feature matches the vision doc (I think it fits under - Improving support for major messaging channels (and adding a few high-demand ones) in Next Priorities). The 10 minute timer caught my eye and I'm still dizzy from it.

@rugged light Hi just pinging with https://github.com/openclaw/openclaw/pull/27343 was hoping to get @ClawTributors role as per FAQ.

Also is this the right place to bump a feature request PR that fixes it.

https://github.com/openclaw/openclaw/pull/27812 in regards to this Feature request https://github.com/openclaw/openclaw/issues/9837

Opened 2 new PR's addressing open issues related to Gemini embedding.

PR #28361 - fixes the Gemini batch embedding infinite polling loop (related issue #15738).

• Reads metadata.state instead of status.state so async batch jobs actually complete instead of polling forever.

PR #28369 - adds retry with backoff to Gemini synchronous embedding calls (related issue #15738, #26069).

• Gemini was the only provider without retry — now 429s and 5xx errors get 3 attempts with exponential backoff instead of crashing immediately.

Fix for breaking change in .26 that broke replies in Mattermost: https://github.com/openclaw/openclaw/pull/28477

i'm wondering if someone can figure out how to add this as a feature https://github.com/pyro0ownz/keyrotator/blob/main/key_rotator.py and https://github.com/pyro0ownz/Keymanager i noticed when you try to use more than one key the instance cries about api key limit hit but then when you use a single key it works whats the deal with that

i'm hoping i dont have to use claude code gemini cli and codex to tear apart the codebase and fix it manually

Hi folks! I have consistent CPU usage spikes every time claw starts. I profiled the problem and had codex fix it. The issue is mainly because the entire plugin-sdk is monolithically loaded every time. The PR splits this into lazily-loaded components, fixing the issue (confirmed with a local build)

Could any maintainers please look at it? Thank you! https://github.com/openclaw/openclaw/pull/28620

folks posting their prs in here right after they were told not to by a maintainer : please dont do that

i'm not trying to minimod, but i understand why it's worth it to keep this channel open for discussions instead

give more than you take y'all 🦞

I've made a bit of a monster sized change so before it even gets reviewed I thought I'd ask how much people would want this feature or if I should just maintain my own fork.

I've added a bwrap based backend for sandboxing as it allows unprivileged sandboxing with user namespaces quite easily (I'm running the gateway in a container with no permissions at all). Is anyone else interested in this use-case?

The changes are here: https://github.com/openclaw/openclaw/pull/28599 (including PR to provide context with the PR description, but if posting PR links is discouraged let me know)

Sorry I had missed this - deleted my post.

This PR has been open for about a week, so I wanted to follow up politely.

I’ve been using and maintaining this feature heavily in daily workflows, and I’ve done extensive manual testing across multiple agents. In practice, it significantly improves my Feishu doc workflow and overall user experience.

I’d really appreciate a merge when possible, so I don’t need to keep rebasing and adapting it against main repeatedly.

For current status: the only remaining CI issue appears to be unrelated infrastructure/runner instability (not a functional regression in this PR).

Thanks a lot for your time and for maintaining OpenClaw 🙏

https://github.com/openclaw/openclaw/pull/20304

i can't find evidence for this in the current codebase but i'll keep looking; if you are able to profile the call stack to identify the source that would be great!

I can't find it in the code either, I only see the effects:

...
Feb 27 13:17:40 DietClaw snoopy[216894]: rp=openclaw-gatewa/185565 uid=0 tty=(none) cmdline=ip neigh show
Feb 27 13:17:55 DietClaw snoopy[216902]: rp=openclaw-gatewa/185565 uid=0 tty=(none) cmdline=ip neigh show
Feb 27 13:18:10 DietClaw snoopy[216910]: rp=openclaw-gatewa/185565 uid=0 tty=(none) cmdline=ip neigh show
...

I suspect it comes from one of the dependencies, but my node.js/Typescript knowledge is very spotty in that area. I'm a Perl/Java guy...
(And yes, uid=0. openclaw has a whole VM for itself here.)

Is it potentially bonjour for the mDNS advertiser?

can you try tracing it?
something like

readlink -f /proc/185565/exe
tr '\0' ' ' </proc/185565/cmdline; echo
pwdx 185565
systemctl cat openclaw-gateway 2>/dev/null || systemctl --user cat openclaw-gateway
strace -f -e execve -s 200 -p 185565

on linux we use avahi-browse, not ip neigh show

it also repeats every 15s; i could only find code that uses either 30s or 60s in the codebase for discovery

which makes me think it's something else triggering that

I've injected a fake "ip" that outputs damamged data in hope of triggering an error, but no luck that way

https://github.com/homebridge/ciao/blob/609683b72749eb163ff357e27c4466a6593f907b/src/NetworkManager.ts#L666

src/infra/bonjour.ts uses @homebridge/ciao

but not sure if that codepath is being triggered

getLinuxNetworkInterfaces()? ok, that's not something I'd do with neigh ("link" is for that...), but ok. But every 15 seconds? How often do people add and remove network interfaces from their computers usually?

matches the 15s too!

ok, I dropped them a "support request" asking why. Thanks gustavo and bi...etc.

I wouldn't really care if the information "ip neigh" spits out wasn't a list of IPs of other hosts on the attached network. That's very spy-y and with the current efforts of preventing any data extrusion in openclaw... If it was spamming "ip link"...yeah, whatever.

You could just disable bonjour, do you really need it?

I didn't even know bonjour was in there. And I don't know what it even does for openclaw...

it's a convenience feature for the client apps to find a gateway on lan

you probably don't need it

with how lan connectivity now needs ssl and it's a pain and a half to get a cert for a non-routable IP address...no, I'm not planning on using any of the apps that way. I'm fine with ssh tunnels---they don't need certs.

btw, having the weather skill enabled by default and including weather checks in the AGENT.md's hints what to do regularly, we've killed wttr.in...

Hey @untold pollen, I've got a few open PRs for Android and wanted to check in before rebasing. The big one is #24239 (iOS invoke parity...). Your device/notifications/camera work superseded my DeviceStatusHandler, and you also introduced InvokeCommandRegistry which changes how commands register, so I'll need to refactor. The 4 remaining command groups (contacts, calendar, photos, motion) are still new though.
Before I rebase, is this something you'd be willing to review and merge if it's clean? I have 6 more PRs that get it closer to iOS parity, including wake word overhaul, talk mode, collapsible blocks in chat, etc. (https://github.com/openclaw/openclaw/pulls/gregmousseau)

Hi, thank you for the PR. I'll take a look for sure. Though right now I'd really appreciate some help for the talk mode. I'm happy to take care of the command groups though. I kind of need to manually test everything with a physical device and I have a few things in progress (that I have manually verified) so I'm a bit more inclined to merge those first

Great, thanks. I can focus on talk mode. I was actually able to have a useful conversation while driving last night, but could use a couple more tweaks. I also built an APK last week for others to easily test, I'll do that again so it's easy to get others with android devices to test

Ah please don't distribute any APKs. We'll try to make it available on Play Store Open Testing soon

Unless users build it themselves sharing non-official APKs is not something I recommend

Agree. It definitely needs some of these updates before going to the play store, but that should help speed up development on this

Can I ask whats the vision for the talk mode ? Still only Elevenlabs ?

ElevenLabs with a fallback for the device's TTS is what we have so far

Ideally I would love to have OpenAI realtime working

But that's a much larger change and probably not entirely supported by the existing harness

BTW @inner ledge I'm merging a lot of Android stuff lately so there will probably be a lot of merge conflicts. I would really appreciate smaller diffs if possible

haha sure. I started with small diffs, and they got progressivly bigger. Let me redo all of them to make your life easier!

Start with voice mode for now! I got the rest

yes I know current setup, i was trying to get discord voice chat to be close to talk mode got decent result, but still the android only supports elevenlabs, whats the current stopper for openai stream on android ?

Also is there a reason why it's not unified between macos/ios/android and other plugins?

Just turn on auto generate certificate

And LAN has needed ssl for at least a month. It was like that when I installed it

I've got some PR's here:
tui theme command - https://github.com/openclaw/openclaw/pull/26279
migrate plugins.allow when extensions exist - https://github.com/openclaw/openclaw/pull/27766
clarify/persist node exec approvals target in dashboard - https://github.com/openclaw/openclaw/pull/27180

rebased main and those windoes CI checks that were broken yesterday are now passing

I built a local dashboard to keep tabs on my AI agents — and it’s finally in good enough shape to share.

OpenClaw Dashboard lets you see everything your local AI setup is doing — configs, sessions, cron jobs, API costs, logs — all from one place. It’s completely self‑hosted and never sends data anywhere. No telemetry, no cloud, no weird background syncs. Everything stays on your machine.

It has 10 pages so far:

System Health: Quick read on gateways, channels, disk space, cron jobs, and process health.

API Cost Tracker: Daily spending, model breakdowns, budget limits, and pricing comparisons for 14 models (OpenAI, Anthropic, Google, Meta, Mistral, DeepSeek, etc.).

Session Browser: Browse conversations with token counts and tool calls.

Cron Monitor: See what jobs actually ran and when.

Gateway Logs: Clean, filterable log viewer.

Configuration: Full config with secrets automatically redacted.

Folder Structure: Interactive D3.js tree of your entire deployment.

Plus: a few smaller ones like Memory, Timeline, and Agent Roster.

The fun part: it’s pluggable. Every page is just a folder. Drop a new one into /pages/ and it shows up automatically — no backend edits.

A few more details:

Built with Express + D3.js, no React or bundler.

Dark theme.

Security‑aware: binds to 127.0.0.1, redacts sensitive files, and never reads file contents.

Runs with a single command:

text
npm install && npm start

Repo: http://github.com/joydai2026-del/openclaw-dashboard

If you spin it up, I’d love to hear how it fits into your workflow — or what other pages you’d add.

idk how to bring attention to this new feature proposal, but if anyone has a minute - this thing adds alternative destinations for failures in cronjobs :

• https://github.com/openclaw/openclaw/discussions/29146
• https://github.com/openclaw/openclaw/pull/29145

still tryna figure out what pr to make

Is this regarding the iOS app being built or Telegram? I made a PR on Telegram iOS app to integrate Siri support... I understand how the Siri intents work if you need someone to work on Siri in the iOS app.

I’m only handling the Android app for now, I think the iOS is also being rebuilt from the ground up by other maintainers

any idea where I can follow along with this? Just started digging into the iOS app and don't want to start familiarizing myself on an old/deprecated version of the iOS app codebase

I can highly recommend just waiting for the apps to at least go out for testing. Once they’re stabilised and all major bugs fixed I don’t imagine it’ll change too much

Make PRs right now would probably just create more work for maintainers

ah darn, was hoping to start trying to be a contributor/maintainer. But guess I'll have to be patient! Thank you

small bump on this one, could be an issue if someone accidentally "updates" to 2026.02.15. I know you guys are busy, appreciate any reviews I can get!

Reviewing!

Merged, thank you ❤️

Hi everyone, I updated my PR https://github.com/openclaw/openclaw/pull/24201 on TPM retry to integrate with pi-ai SDK's retry mechanism. Now detects SDK-internal errors and triggers configurable external retries, mitigating TPM rate limit issues on my end

Hello PR Reviewers/ @untold pollen . I have created a PR to fix the custom provider validation issue coming up when users are using Azure OpenAI endpoints. Based on the api version being used in the code, the request body and the headers needs update. I have segregated the changes for custom providers for azure openai vs non-azure openai endpoints. Kindly review, if this works, Im gonna ask my teammates in office to use openclaw for some of our dev work 😆 :
https://github.com/openclaw/openclaw/pull/29421

Hi @untold pollen , I reported an issue about skill eligibility checks run on gateway host rather than sandbox container and a PR https://github.com/openclaw/openclaw/pull/29313 was raised for this. Considering it's a high severity issue as it blocks core skill functionality in the primary self-hosted deployment, may I ask if someone could help to review the PR and merge it? Thanks

hey @stable pewter , it would be interesting to consider the possibility of basicaclly making a PR channel for all the prs, and keep clawlaborators as the discussion and info place for coordinating a bit more ambitious code improvements and like design principles ... just a thought , btw i'm sending little prayers every night for you about your huge and massive role in this repo - hope you know that 😉

There is a failing test in the main branch which is failing the PR CIs for all the pull requests:

extensions/feishu/src/client.test.ts > createFeishuWSClient proxy handling > uses proxy env precedence: https_proxy first, then HTTPS_PROXY, then http_proxy/HTTP_PROXY
AssertionError: expected "vi.fn()" to be called with arguments: [ 'http://lower-https:8001' ]
Received:
1st vi.fn() call:
[

• "http://lower-https:8001",

• "http://upper-https:8002",
  ]

Number of calls: 1

❯ extensions/feishu/src/client.test.ts:88:37
86|
87| expect(httpsProxyAgentCtorMock).toHaveBeenCalledTimes(1);
88| expect(httpsProxyAgentCtorMock).toHaveBeenCalledWith("http://lower…
| ^
89| const options = firstWsClientOptions();
90| expect(options.agent).toEqual({ proxyUrl: "http://lower-https:8001…
⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯[1/1]⎯

the best you can do is ignore any un-related tests otherwise you will chase the green light forever , and it's impossible

(my opinion)

That’s what we have GitHub for, haha, let’s use that as the source of truth for discussing a given change.

I won’t speak for other maintainers, but if it touches UI/UX, Agent Workflows (DevX), or Docs, then please feel free to @ me in your PR comment.

https://github.com/openclaw/openclaw/pull/29421

Requesting a review for this PR. Azure Open AI endpoints onboarding has been failing with 400 error, this flow only impacts the onboarding of custom provider for Azure Open AI endpoints.

Hi — I opened a PR to add a DeJoy channel extension (Matrix-compatible): https://github.com/openclaw/openclaw/pull/29589
Would appreciate a maintainer look when possible; happy to address feedback. Could any maintainers please look at it? Thanks.

Merged, thank you ❤️

Hi — I opened a PR to add a DeJoy

@dry spruce there are 5k+ PRs open. Please don’t tag maintainers.

Got it, Thx!

Hi Folks, any feedback on https://github.com/openclaw/openclaw/pull/27275 ? It's a bigger add, but I believe a really big value add with some of the bad press around secrets governance.

Hey Folks,

I built a LiveKit voice extension for OpenClaw — real-time voice conversations with a dual-agent architecture.

A fast Python agent (LiveKit Agents) handles STT/TTS/LLM latency, while OpenClaw acts as supervisor for reasoning and tools.

Working today: Deepgram STT · ElevenLabs & Hume TTS · Groq LLM · browser voice UI · Cloudflare Quick Tunnel · interactive setup wizard

PR: https://github.com/openclaw/openclaw/pull/29351

Still testing other providers (OpenAI Realtime, Cartesia…) — feedback welcome!

Hi everyone! 👋
I've submitted my first PR to OpenClaw: https://github.com/openclaw/openclaw/pull/29767
This PR adds documentation for running OpenClaw in a macOS Docker container on Linux/Windows, which enables users without Apple hardware to access macOS-only features like iMessage, screen recording, and other node capabilities.
The Greptile review raised some valid security concerns about third-party image sources and VNC configuration. I'm planning to address these by adding appropriate disclaimers and security warnings.
Would appreciate any feedback or review from maintainers. Thanks!

Updated PR #29767 based on Greptile review feedback - added security disclaimers for third-party resources, fixed link paths, and added VNC/credential warnings. Ready for review!
https://github.com/openclaw/openclaw/pull/29767

Hi reviewers/@untold pollen, quick heads up: I opened a bugfix PR 5 days ago and it hasn't been reviewed yet. The issue is still present in the latest release, so I'd really appreciate a look when you have a moment.

Bugfix PR: https://github.com/openclaw/openclaw/pull/24775

I also have two small documentation-related fixes (lower priority):
https://github.com/openclaw/openclaw/pull/25260
https://github.com/openclaw/openclaw/pull/24868

Any maintainers available for review this PR for adding a new provider (StepFun). It's mid-sized but basically following the patterns of other model providers. I can provide an API key to test the model on OpenClaw. Being testing it on OpenClaw for a while. https://github.com/openclaw/openclaw/pull/27211

please DM me for a test API key to make sure it actually works (without going through the sign-in hassle)

#architecture

Hey, I found a bug that destroys the system prompt. Plugins don’t have read access, but they have write access. If they write, the system prompt gets destroyed and this is an easy injection point for malicious code. I’d like to see this get resolved. Can any maintainers help get this through?

https://github.com/openclaw/openclaw/pull/25888

Open to discussion or revisions, just want to see this hole get filled. Thanks.

my agent

got an pr accepted he sounds so happy lmao

😂

stop spamming for a review, Peter has already given feedback just wait

to be fair, Peter only addressed the false security implications, not the issue that plugins can replace the prompt but have no access to the old prompt, so they can't edit, but only generate a completely fresh one. Still, @drifting fractal, please remove that security claim from the PR. It has already been disproven and just muddies the waters. I wouldn't even have looked further into the PR the way it's now. Yes, you found a logic gap (assuming my 2-minute look at the calling code didn't miss something), and if you clearly state it, the PR might get noticed again.

Alright, what should I do differently?

we get flagged for CVEs that don't apply in our products, it does take some thinking. Might be nice to have a CVE dashboard if that isn't considered a weakness. E.g. found date, severity, state (pending review, reviewed with estimate, resolved in tag). Sorry I'm here for something else and couldn't resist 2 more pennies to the mix

🔍 Workflow Pattern Exploration — Human-Supervised Orchestration

I'm moving towards a structured workflow pattern on top of OpenClaw where I vibe code with a GPT-ish agent and it does MCP to my OpenClaw server. Would love feedback on whether this aligns with project direction, or interests, or somehow might seem rude.

Concept

1. Low-cost conversational planning layer

   • Discuss changes
   • Pull GitHub context as needed
   • Refine improvement ideas
   • Minimize API token burn

2. Explicit human approval

   • No execution until approved

3. Structured backlog submission

   • Approved items enter a tracked execution queue
   • Status queryable

4. Execution agent runs against staging

5. Human review + explicit promotion to production

Goals

• Reduce unnecessary token spend
• Add guardrail clarity
• Introduce lifecycle structure (plan → stage → promote)
• Make OpenClaw viable for production dev workflows

Open Question

Would something like this:

• Fit as a "Supervisor Mode" concept?
• Be better implemented as an MCP-layered workflow?
• Or live outside OpenClaw and call it via API?

Curious how maintainers think about structured lifecycle orchestration on top of the current agent loop.

not just CVEs, but any kind of security fix. What's almost always missing in those PRs/reports is (a) What's the attack vector? and (b) How would a fix discriminate between legitimate user action and an attack? (c) What's the value balance between overblocking legitimate user actions and underblocking attacks? (d) Is this a pebble in a wide-open barn door? i.e. How many other ways of doing bad things does an attacker that can execute this attack have?

For example, "You can type rm -rf * into bash" is a security finding, no arguing here. However, (a) "attacker already has control over the system", (b) "no way", (c) "99.9999+% of blocks would be overblocking", and (d) "yes, very many"

fwiw a lot of the security fixes and reports aren't public and they do have that, yall see the ones that don't follow our existing security policy

Can someone please re-open this? https://github.com/openclaw/openclaw/pull/11444 It's not a plugin, it's the infrastructure so people can add seacrh providers as plugins.
(And if it gets rejected for other reasons, fine. I'd just hate it getting killed by a bot misreading the intention.)

1. yep reopened!
2. check who added the label that triggered the close not the bot sending the close snippet

Is there any chance somebody can look at this for me? I would like to move away from using the filesystem for storing data and move to using the postgres database that I think most of us have alongside claude. You can set OPENCLAW_DATASTORE=fs or OPENCLAW_DATASTORE=postgres and then set the OPENCLAW_STATE_DB_URL to your postgres url and it'll intercept all filesystem operations and move them into the database instead. This would make it more resilient from a reinstallation point of view as well as making it easier for people running in containers where you don't need to then setup extra persistent volumes docker or pvcs in kubernetes.

It fails some test, but I'm unsure the reason why, it appears like it's a timeout, I've rebased it a couple of times, but if nobody likes the idea, It'd be good to hear some comments if there are any?

https://github.com/openclaw/openclaw/pull/29008

I saw it after I wrote the message...and then decided not to edit it. 😜 I mean, you sounded pretty human, but some people still have their doubts...

BTW, if the code in the PR is good, it might be worth merging. The author has kept it alive for ages. I can dig into the code if you want; I think I only had a cursory glance weeks ago.

the tests I think are a little flakey, sometimes I get failures in code that I never touched. Perhaps something was merged that isn't quite right

I made a scanner that follows Peter's security visions. I like it works great.

Oh, my! That's a big one. Looks good from my end (note: green name, not golden one), assuming your design decisions are valid, you found every reference to file access, and it actually works.

my next PR will be about eliminating the gateway token and replacing it with a jwt user auth 😉

and after that, onboarding wizard in the app, no terminal required

They're not that scary or big though, the postgres datastore branch was annoying because it changed some functions use of async/await and it's just lots of files where it's either added or not. But no real code changes, you know?

For what it’s worth, this will likely either never merge or be a long drawn out process because there are so many third-party things as well as first party things that would all have to be updated

from what I can see, the jwt is a drop in replacement for the gateway token, it's just a string one way or the other. Which means you just update whatever gateway token you've supplied with your jwt token instead. A further update would be to let the admin user create a jwt token that never expires, so nobody has to worry about their linked services suddenly dropping. Can you see any reason why it would be a problem?

I think the benefits are quite obvious though, it would make the system more secure, allow for users to be created on a single openclaw, and allow for permission segregation based on what token you have. So whilst making the foundation more secure, it gives further future options

I'm pretty sure the current pairing using device keys system already does all this. All that is missing is a pre-mapping from tokens to permissions, so you can hand out different tokens that already come with permissions and don't snap to whatever is approved on first contact and bound to the device key. Users is a whole different joblot. At the moment, there is only one user---not because there couldn't be more, but because access to the Agent gives you deep system access already. Only if/when agents are safely locked away in containers would users even make sense. But, to be honest, I think it makes more sense to separate users by having different gateways on different operating system users than locking in agents and trying to prevent them from using each other's resources (think Discord bot tokens, Telegram accounts, and so on).

btw, there is a PR that adds single-use gateway tokens for pairing devices. I find that one interesting, as it removes a big attack surface. Escaped tokens would no longer be useful.

Not to spam but just trying to get some attention here. The Step 3.5 Flash model is the second most used model (as of Feb. 28) and 4th most used monthly for OpenClaw on OpenRouter. https://openrouter.ai/apps?url=https%3A%2F%2Fopenclaw.ai%2F

This PR simplies the onboarding experience for new OpenClaw users who wish to use this model to get started.

The PR is mid-sized but it follows the patterns of other model providers in onboard auth handling and docs with no deviations. All tests passed and greptile rates 5/5. If needed, I can provide an API key for testing the actual model integration.

Appreciate any comments or pointers from maintainers.

https://github.com/openclaw/openclaw/pull/27211

Hi Team,
I found a bug that affects the system prompt integrity. Plugins don’t have read access, but they do have write access. When they write, the system prompt can get overridden, which creates an easy injection point for malicious code.

I’d like to see this resolved. Could any maintainers please help review and move this forward?

Issue: https://github.com/openclaw/openclaw/issues/30402
PR: https://github.com/openclaw/openclaw/pull/30407

Hi everyone, I’ve noticed there are currently over 5k open PRs in the repository. It seems the community might be facing a significant backlog. Are there any existing plans or community-driven solutions to manage this volume? I'm concerned that a long-term backlog might discourage new contributors and create a bottleneck for the project's growth.

this was discussed yesterday in this channel #clawtributors message

yeah I think I'm more interested in replacing the giant global admin key with something that's controlled, revokable, and has a lifetime that could expire than creating users per se. It's just that if we replace it with JWT, then we get user login for free, which means the system basically becomes secure by default instead of "if you have this string, you're admin". Because if the gateway and the control panel required you to create a user and login. You wouldn't have exposed control panels without login control all over the internet. So from that perspective, even though it's "marginal" in terms of utility. It's actually pretty huge in terms of security, you know?

Having a JWT token that expires every 2 hours for example would mean your panel and gateway can't be used until you login again, ot refresh your token, or similar. Even if there is just one user, I think this is just a basic thing we need if we want to make a secure platform.

Have been using it in my bot for a couple of days. It is an absolute improvement - reduced noise in normal channels and centralized all faults into a single one. Life saver!

Hi everyone — I’m @inkdust2021 on GitHub. I built VibeGuard, a local redaction layer that replaces configured secrets/PII with reversible placeholders before prompts/tool history are sent to LLM providers, then restores them locally (and restores placeholders in tool args before execution).

• Project: https://github.com/inkdust2021/VibeGuard
• OpenCode integration (ecosystem docs entry merged): https://github.com/anomalyco/opencode/pull/15464
  I’d like to contribute a similar capability to OpenClaw. Does OpenClaw have any hook/plugin point to implementoutbound redaction without core changes? If not, what’s the preferred path here (issue first, design discussion, or asmall draft PR)? Happy to follow your contribution guidelines and adjust config/placeholder format/tests/docs as needed. Thanks!

Is it intended default behaviour in the latest release that chats from the main session from the webui doesn't resolve as an "owner" chat so tools like cron and gateway are disabled?

feels like a breaking change and commands.ownerAllowFrom isn't updated yet in the latest mintlify docs, I have to add

  "commands": {
    "ownerAllowFrom": [
      "openclaw-control-ui"
    ]
  },

to the config

I just noticed the merged fix for the later duplicate issue (commit c58d2aa by @wide geyser ) does not fully cover the earlier fix I made in #24775.

I opened #24775 earlier for #20320 and it still adds broader edge-case handling plus additional tests beyond what landed in c58d2aa.

PR: https://github.com/openclaw/openclaw/pull/24775

I’ve rebased it on main and resolved conflicts. Could a maintainer please have a look?

https://tenor.com/view/pull-request-pr-jira-bitbucket-merged-gif-27373367

Thanks a ton @tall prairie , really appreciate the quick reaction! 😊 Can I please also have the clawtributors role now? 😇

I think mods give them out

Oh sorry, just saw I misread the server FAQs, are the community staff the mods? Just noticed they probably have to be the ones, as all other roles don't match. Maybe it could be useful to also change the FAQs to say "community staff" instead of mod 😊
As soon as one is online I'll ping them

https://github.com/openclaw/openclaw/pull/30748

Hi PR Reviewers, This is a small PR to support bangla(Bengali, India) locale in the web UI. Would be great if someone could do a review. Provided reference PR as well, took reference of the German locale addition PR.

Also, widingmarcus-cyber has created a PR to unblock a failing test blocking the CI for every PR: https://github.com/openclaw/openclaw/pull/30750
This would unblock a lot of clawtributors whose CI is failing due to the same test. 😁

can i submit pr?

Main is passing tests fine

Closing PR, we will resolve any bad tests

Hiya! can anyone explain not planned to me?

They need stricter linting focused scope and comprehensive test results. Keep diffs small & single-purpose
Add tests for anything you touch (especially new/fixed behavior)
Explicitly reference prior reviews/feedback in the description
Run/fix lint early (your import reorders show you did)
Use clear, incremental commits
You can find almost everything in doc's. This is what I followed to get a clean 5/5 Greptile confident score.

Please stop submitting PRs for a failing tests. We will resolve any and rebase your PRs

I had raised a different PR(https://github.com/openclaw/openclaw/pull/30748 Web UI locale support addition) where that unrelated test was failing consistently. And it is completely unrelated.
Noticed that it was failing for most PRs raised recently so informed here as one of the contributors raised the PR to fix the failing test. Will keep in mind going forward. 👍

Did you submit a (large) feature? If so, they mentioned they are focusing on stabilisation for now, so that could explain it. Otherwise I think you should include a link to the PR/issue probably makes it easier

well,I want to contribute a new feature.But I see the CONTRIBUTING.md said I should ask here or the github discussion fisrt,but how can I know if I'm allowed to submit PR?

wtf why did you write exactly the same post as someone else for exactly the same issue but open a new pr for it

Edit: even weirder, this issue/PR is completely unrelated?

Write here or in a github discussion about what kind of feature you want and why, then you'll be able to discuss all the details with the maintainers (like whether they want the feature or not, and how it would be implemented). If they accept the feature, you'll create an issue with the details you discussed, at which point you can submit a PR to implement that feature. Before that, submitting a PR to implement a new feature will probably not get accepted. Just keep in mind they also say on the PR page that OpenClaw is in the stabilization phase, so it may take a while for a new feature to get added.

I want to give my Windows PC Claws 🦞
Noctis said there's not a PR for this yet. I'm just waiting for the stabilization period is good then put it forth unless the team implements that through this stabilization period then that'd be dope AF! Thanks for the hard work!

There is windows support already if you use WSL2

I don't unfortunately.
So I guess I'm going to dual boot. I miss Linux.

Why not simply use WSL2 then? It's much easier than setting up dual boot 😁

Is the "mudrii" who's running the "Triage (community PR sweep)" bot over GitHub here? My notifications are stuffed full of those comments, and so far, not a single one of them has had any useful information. We can all see if a PR is mergeable or conflicting, and if the CI failed or not. GitHub already shows that natively. And listing other PRs that are already linked by earlier comments or in the PR's text itself isn't useful, it only creates more work when reviewing, as you now have to check if those are additional links or not. Dial that thing down, and make it edit its post, not add new ones, at the very least, please.

Nice, I'll do that then! Hellyeah 🤘💪💯🦞
Thank you 😊

Give it a try, it's really easy. You're welcome! 😊

🙁 my PR got closed in favor of a PR that doesn't implement my PRs features ... in mine https://github.com/openclaw/openclaw/pull/29145 I could set a global default for all cron failures to go to a specific channel, but in https://github.com/openclaw/openclaw/pull/24789 that superseded it, I have to specify each cron's failure individually ... 🙁

mine was closed my a maintainer ... not gonna help checking it, it was killed.

no, the PR that got merged instead was much wider, included web UI changes, and generally looks like a lot more slopp-ier

ehhh.... guess I'll just need to spend another couple trillion tokens adding my functionality to the meh PR that got merged

well, just based on the PR number, it was done before mine.

as-if the AI will be able to find similar ones 🙂 especially since one used the terminology failureAlert, and the other used failureDelivery 🙂

not enough context to know everything about all the 5k PRs out there

yeah, I have the github mcp, similar to gh cli

I mean when you want to start work on something, and you have 5000+ PRs open. You don't have enough context in the LLM to find if there is anything that already implements what you want to start working on.

My method of picking what to work on usually starts with me being annoyed at some existing way that things work, and I just start fixing it.

like it was annoying to receive cron failures into the channels where cron results/successes were supposed to go ... so I worked on that.

or it was annoying that telegram DMs have topics just like groups do, but there is no support for it. so I worked on that.

or it was annoying that the AI decided to put delivery names for telegram like "channel/topic" instead of the actually working "channel:topic", so I worked on that.

for me too! I reverted that whole commit that introduced this stupid thing.

I also have to rip out the signal pnpm dependency that uses "git" to get its code, and to rip out the a2ui build thing. both of those just never work, so I just patch them out completely from my claw.

I actually spent some time changing the way my local pnpm works, added a whole bunch of flags that it may or may not need, to try and not have to do these patches. but this monolithic monster is extremely fragile, and I have been upgrading it about four times already, each time it takes half a day to fix the newly introduced "wtf" things.

I upgrade to git main usually, plus my own patches, which I manage via quilt. Most of which are my pending PRs.

I have a custom way of installing it, using a NixOS module.

I have a systemd unit that does git commit every half an hour for all files, and uploads that to a remote location. But having the ability to "build from scratch" using the exact same version and settings that "worked before" is a godsend. Especially for something that breaks every other day.

even when it works, it barely works 🙂

it loves bombing its own openclaw.json with settings that don't exist from time to time

and the "doctor" solves things by just creating an empty openclaw.json half the time

don't think there is that much difference between the dev and non-dev versions tbh

here I go ... spending more time to implement what I already had implemented and working 🤦‍♂️ ... https://github.com/openclaw/openclaw/pull/31059

I kinda like the whole "greptile + codex leaving review comments" game, but it does take quite a long time to get to a finish line while hopping around them each time they pop with a new insight

Good night! its not just the CI tests, codex and greptile keep finding new nitpicks ...

Hey 👋 I have an open PR that could use a review when someone has a moment: #29985 — adds api.resetSession(key,
reason?) to the Plugin SDK.

It extracts the existing sessions.reset logic into a shared helper so plugins can programmatically reset sessions with
a 5-second cooldown to prevent loops. 18 new tests, no regressions, all bot reviews addressed.

This also unblocks #30452 (flush-then-reset compaction mode) and complements #30764 (session lifecycle hooks) — a few
people have been asking for programmatic session management.

Happy to address any feedback. Thanks!

Hello, I threw up PR #23910 from last week that went stale today. Would love to re-ping it back in the pool and get a second pair of eyes on it.

I think it’s a high impact quick win with low overhead. Implements a session hook (detecting changes in models, labels, verbosity, etc.) without having to make a whole cron job.

I've been using this in my own projects extensively for organization, db sync, and cost tracking. Greptile gives it 5/5.

PR: https://github.com/openclaw/openclaw/pull/23910
Discussion: https://github.com/openclaw/openclaw/discussions/24877

Hello PR Reviewers, Raised this PR https://github.com/openclaw/openclaw/pull/30748
This is for adding Bangla locale to the web UI. Took German locale addition PR as reference. Would be great if someone could review this.

i am working on a fix for tui streaming issues, and i've noticed that regularly my branch is failing CI because main is broken, i'm wondering how this is happening that PRs presmably passing CI, then merging, but cause other PRs to fail CI for unrelated code. It has happened a couple of times that my branch review progress gets stalled by this, CI checks failing in areas of code that I didn't touch, and I check the PRs page and see all recent PRs failing.

Presumably these are green PRs when they merge, how are the breaking main?

we regularly make many changes at once so ci can fail on main

Also for the issue I'm working on, it seems that the TUI frontend has a couple of issues

• Docs say streaming reasoning is an option, UI select only shows on or off. If you type an invalid value, it shows stream is an option. Nit, quck fix
• Streaming reasoning doesn't seem to work at all when toggled. The agent is aware of the reasoning text, but says it is hidden in both "on" and "stream" modes
• Streaming responses that involve intermediate tool calls causes the text of the intermediate tool calls to be erased, and you can't see the full stream of output.

I really like the TUI so i'm hoping I can get these fixed. I threw claude 4.6 at it and i'm thinking of trying a clean-room implementation with codex to compare them. Gotta admit I don't really understand the internals much though, just the broad strokes.

its not a hard rule for us internally to make it fast

pass*

first PR here https://github.com/openclaw/openclaw/pull/29590

bridges after_tool_call to internal hooks so ~/.openclaw/hooks/ handlers can actually see tool executions. 50 lines, 3 files, follows existing patterns

ref discussion #20575. would appreciate any eyes on it

self assigning as im looking into all the hooks tomorrow

thanks

Thanks for your reply!In fact, I writed my idea here but I haven't received any feedback.Should I say it again?

I developed a channel connect my instant messenger to openclaw, how to integrated into the source code of openclaw like twitch so user can install using a command like this: openclaw plugins install @openclaw/twitch anyone can help?

Maybe try github discussions? I think it's harder to get lost that way

I haven't received feedback in github discussions too 🙁 Maybe I should post again

Just give it some time, as I mentioned features are not a priority right now. And if you want, you can still extend OpenClaw even without integrating it into the codebase itself if you want to have your feature earlier, see: https://github.com/openclaw/openclaw/issues/5799

Thanks so much for your reply. I’d like to create an extension for OpenClaw. Does the OpenClaw repository have documentation on how to display or register extensions? My English is not good, thanks for your patience.

To be honest, I don't know, maybe someone else here knows? Otherwise you can always try to ask your OpenClaw if it can tell you or do it for you 😁

LOL, thanks so much

As per FAQ, I am pinging mods to get the clawtributor role! Here is one of my PRs: https://github.com/openclaw/openclaw/pull/30853 - @dusky blaze @edgy plaza @winged socket @patent berry

Hey Mawen, the PR has not been merged yet. Once it is, ping us again and we'll be happy to add the role 🙂

Requesting the Clawtributors role @dusky blaze

https://github.com/openclaw/openclaw/pull/20318
https://github.com/openclaw/openclaw/pull/18201
https://github.com/openclaw/openclaw/pull/18188
https://github.com/openclaw/openclaw/pull/17136

https://github.com/openclaw/openclaw/pull/27936

@tawny vine - thank you 🙂 Done!

Done 🙂

Thank you!

Could someone with GitHub super-powers please get rid of this garbage pile? https://github.com/openclaw/openclaw/pull/11970 Someone PRed their working branch and just won't notice...
Thanks in advance.

Closed 🫡

hi guys!
this is coral and I planed an online event for openclaw devs projects sharing, does someone know how could I put the event to the event dashboard in this discord?

https://github.com/openclaw/openclaw/pull/30748

Hello PR Reviewers, Could someone please review this locale addition PR? I took reference of the German locale addition PR and have also updated the i18n unit tests 😁 only the text conversion is AI assisted.

Is there some mechanism for PR closure appeals? my PR got closed in favor of another PR that implements less features, but does implement features, and the PR that I made to add back the missing features got closed for the reason of "we are not adding any new features right now per the vision" ... eh? what? Why? https://github.com/openclaw/openclaw/pull/31059

This commit overwrote "2026.3.1" in CHANGELOG.md, but it doesn't look like openclaw@2026.3.1 has been withdrawn. 🤷‍♂️
https://github.com/openclaw/openclaw/commit/6ba7238ac6239e79e9849af4cc8c2161330b1d79

@keen spruce, updated the PR according to your suggestion. Also changed the title per your request. Lmk if you need anything else. https://github.com/openclaw/openclaw/pull/25888

https://github.com/openclaw/openclaw/pull/30746#issuecomment-3982864361

may i have the role sire

Hello maintainers This is a simple and straightforward fix to timestamp of logger as docs advertised. This is quite annoying bug that both confusing humans and agents while debugging. Thanks for your time
https://github.com/openclaw/openclaw/pull/28434

about to merge

merged

Thanks dude

nice

If I'm updating a small item in the docs, but now the linter is throwing a bunch of issues with other parts of the docs, would you rather I work through all the issues or just ignore the downstream problems so the PR maintains its small scope?

i think it's better to ignore the issues

or make separate PRs for the other parts of the docs

Now I have to remember how to work with git locally and squash lol. I'm so out of practice

you got this!

Apologies for the bump, but I thought I'd try one last time before I just close the PR: https://github.com/openclaw/openclaw/pull/28599

Basically, any interest in using bwrap as a tool sandboxing backend instead of docker?

wow, that's a large PR

might be good to ask whether this is something that the maintainers would want

It was a bit of work to get bwrap to work as a sandboxing backend instead of Docker yep, though a large chunk of it is AI generated tests

where do I ask?

here!

okay perfect 😂

or #architecture maybe

I'd also be happy to maintain this specific feature, I've deployed my fork for my own setup atm

u should be good now

Not at this stage

Okiedokes

I'll close for now to not contribute to the sea of 5000 open PRs

i just wanted to bring up a config fix I made a couple days ago: https://github.com/openclaw/openclaw/pull/27867

currently, when plugin validation fails with INVALID_CONFIG, loadConfig returns {}, dropping all user config, including unrelated core/channel settings.

my PR runs core validation if plugin validation fails with INVALID_CONFIG, preventing unrelated core settings from being lost if core validation passes.

Hi All, Am i eligible for a Clawtributor role for this?
https://github.com/openclaw/openclaw/pull/29421
If yes, shall I have it? 😁

Requesting Clawtributor role @raven kernel
https://github.com/openclaw/openclaw/pull/18496
https://github.com/openclaw/openclaw/pull/18555
https://github.com/openclaw/openclaw/pull/29091

Thank You! 😇 🙏

Requesting Clawtributor role @raven kernel
https://github.com/openclaw/openclaw/pull/30978

welcome! and congrats on landing code in main!

Thank you 😁

Yay

This is a very small change in the docs that I think is extremely helpful for newcomers like myself. Essentially, it turns the recommended update path into a single command that can be copied exactly like the source install below it. When you don't have a lot of terminal or programming experience, you're not sure how to parse a flag like --no-onboard simply:

https://github.com/openclaw/openclaw/pull/31858/changes

I’d rather not make skipping onboarding even easier for people, especially if they don’t have experience……

Even though that's buried in an update step?

I could kind of see a point if this was targeting more experienced people, but those experienced people could just add the flag

Yeah, because often times new features will be included in the onboarding stuff, and our onboarding flow shows you what your current settings are, it doesn’t overwrite them

That does make sense to me. I was seeing it from the perspective of making updating using the shell script route easier

Any way I can contribute (open requests, bugs, etc)? Im a seasoned dev with 25 years experience from front end to data stuff.

I have a PR open that fixes an auto restart loop when using IRC channels an issue that multiple people have reported in bugs. I have tested it on my system another PR commented seeing good results with it. Its been open for a little while (5 days) and is isolated to IRC integration.
If a maintainer has a chance to look/review and possibly merge it would be much appreciated. I have updated the PR so maintainers can update the PR commits.

https://github.com/openclaw/openclaw/pull/26918

There is a second IRC issue that was discovered in the fixing of this one and will hopefully have a PR up for that too today. Its related to this issue but a different issue.

Just look at the GitHub repo lol

https://x.com/steipete/status/2028541411667148852

@steipete via Twitter

Oh man 4k open issues 😱

Im gonna need a bot to figure out which one to help with.

It's a trap 😄

Hey, I know things are overloaded but is there anyway someone review and merge https://github.com/openclaw/openclaw/pull/29985 ? It adds api.resetSession() to the plugin SDK with a shared resetSessionByKey() helper and 5s cooldown guard — plus fixes a pre-existing bun-only flaky cron test.

legit question to the more experienced Clawtributors, when you stop trying to make the vibecoded stuff perfect ? And just say this is good enough

Has anyone succeeded in get the browser relay extention to work ?

It should be good enough that I wouldn’t ever tell someone I didn’t write it as some sort of excuse.

When it does what you want, and you have passing unit/integration tests.

well i got it working but tried to satisfy every single codex-review concern and i kept going and going i solved all concerns but then during manual testing i found something fixed it and then it started with more new concerns and scope kept increasing, And after 4 days of working on this PR I don't even think it will even get a maintainer review/consideration.

I opened a PR so that you can natively authenticate with Codex for openclaw models auth command, so that the command suggested by the docs (openclaw models auth login --provider openai-codex) works.

https://github.com/openclaw/openclaw/pull/32065

In the future, will add the other providers in the onboard command onto the login sub-command.

hey @raven kernel , requesting Clawtributor role 🙏

merged PRs:

• #31090 fix: handle CLI session expired errors gracefully
• #31088 fix(gateway): support wildcard in controlUi.allowedOrigins
• #27276 fix(daemon): stabilize LaunchAgent restart and proxy env passthrough
• #24134 fix(config): keep write inputs immutable when using unsetPaths
• #23379 fix(stability): patch high-severity runtime regressions
• #23284 fix(telegram): prevent update offset skipping queued updates
• #3628 Fix text attachment MIME misclassification

https://github.com/openclaw/openclaw/pulls?q=is%3Apr+author%3Afrankekn+is%3Amerged

Any clawtributors with experience able to give me some advice? How frequently should I have my bot check and maintain this while I wait for human review? Given that it looks like it would take a long time I built a fork to push from so that I can keep working around the feature, but now I need approval for that https://github.com/openclaw/openclaw/actions/runs/22593710569

ha all 🙂

I guess I'm supposed to request the CLAW badge too?

https://github.com/openclaw/openclaw/pulls?q=is%3Apr+author%3Ahuntharo+is%3Aclosed

Merged PRs of note:

#26933 - L - Fix telegram webhook hang on restart
#25732 - S - Improve telegram webhook logging and docs in config UI
#22019 - XS - Reduce app-specific docker size by ~50%
#21316 - XS - Improve Sonos skill guidance when discovery fails
#17774 - L - Timezone handling fix on Usage report

Wait... did I just give it to myself? That's all it took? Or does that mean someone gave it to me before?

You belong to me now

you've been knighted!

requesting Clawtributor role 🍻

Merged Prs:
• #21074 — security(web_fetch): strip hidden content (prompt injection fix)
• #21859 — fix(logs): TZ env var + Windows timestamp fix ← vandaag gemerged!
• #23065 — fix(slash): persist channel metadata from slash command sessions

Thanks to whoever approved my fork. All CIs passed. Any clawtributors with experience able to give me some advice on how frequently should I have my bot check and maintain the PR while I wait for human review?

Heads up Lobster Crew 🦞**

main currently has a few regressions and flakes that are blocking CI across the repo. I’ve submitted four strictly scoped PRs to resolve these and unblock the lobster tank:

1. #32122: Fixes a blocking duplicate test helper in Synology Chat.
2. #32159: Fixes an intermittent skill-scanner cache invalidation flake.
3. #32165: Fixes a non-deterministic mock state flake in Cron tests.
4. #32119: The primary fix for the pnpm/bun hardlink global install bug.

I’ve verified the combined stack as 100% Green locally. Merging the first three will clear the CI "red" status for all active PRs.

@celest merlin @joshavant @sebslight I've prepared a clean-up stack to unblock current main regressions/flakes (#32122, #32159, #32165) alongside the pnpm hardlink fix (#32119). Verified everything 100% green locally.

@vapid pawn, please don't ping Peter for issues, use #1459642797895319552 or #users-helping-users if you need help, use #clawtributors to discuss PRs, or use any of the many other channels in this server as they're intended.

If you have a problem with the Discord specifically, use #report or DM @jolly wolf
-# Your message was reposted above without the ping active for the sake of conversation.

please dont open prs to fix ci, treat it as a suggestion

holy crap.

Sorry, just bumping this, now that I've gotten CI to work smh:

I opened a PR so that you can natively authenticate with Codex for openclaw models auth command, so that the command suggested by the docs (openclaw models auth login --provider openai-codex) works.

https://github.com/openclaw/openclaw/pull/32065

In the future, will add the other providers in the onboard command onto the login sub-command.

was there an update to the browser relay

Can someone please close this issue? It has been fixed already. Thanks.
https://github.com/openclaw/openclaw/issues/32088

A huge shoutout to the folks who fixed all the flaky tests/test regressions in the main branch. I am finally able to witness a green on my PR's CI 🙏 😇

Agreed.

Had to piush like 10 unnecessary commits because the tests were kinda broken

make a pr and ci failure with somthing not relate to my code, how to retrigger ci without push again？ does any have idea with it？

@jolly wolf it’s NOT a pr for test fails 🙏

looks like a pr for test fails gonna ban

It isn’t
It had a commit for one but it was done by someone else and merged in 😂

Not sure what is the correct way to contribute and to ping about PRs, I created a PR to make blockStreamingBreak more flexible so I can make it stream block in DMs but in channels with multi-agent non streaming: https://github.com/openclaw/openclaw/pull/31289 . Let me know if this is the correct channel or I should go to other places 😄

I saw the recently added Diffs extension which looks like a great idea. In practice, I'm finding it's user message scoped injection of the When you need to show edits as a real diff, prefer the diffs tool... DIFFS_AGENT_GUIDANCE is resulting in a lot of "Noted on diffs - I’ll use it as the default for real edit diffs going forward." messages across chats. I wanted to check on the thinking around these instructions being injected before_prompt_build rather than this being implemented as a skill or similar? If it needs to be here, it's possible this wording needs some tweaking to avoid it being interpreted as a new change that the agent needs to comment on? Cc/ @white galleon

happy to iterate and improve; have you tried removing the prompt and running to make sure it;s what's triggering the messages you are seeing? which model are you using?

seeing similar sort of responses with sonnet 4.6 and codex 5.3. Mostly I just searched for "diff" and noticed that agents guidance message getting loaded in a lot in my session files.

Which struck me as odd since none of these chats were code / change related that would trigger a diff.

will fix that

um, the user prompt? That would be bad, tbh. Throwing that long list of text into each message the user types would be ... um ... undesirable. But it looks like it should be going on the system prompt. Not needed, in my opinion, if the tool description is good enough
But, tbh, all those prompt injection callbacks are too similar for me to keep apart. niming isn't ideal in that area.

As it has gone "stale", and I don't really want to mess with the branch when it still is mergable just to get barnacle off my back...: https://github.com/openclaw/openclaw/pull/27028 a one-liner QMD-upsteam-bug workaround. Has been running here for a week, so it works.
Yeah, sorry for spamming "notice me"...
PS: And one for updating outdated documentation: https://github.com/openclaw/openclaw/pull/26860

Thanks. I've been testing and playing with this a bit today and my suggestion would be to migrate the agent guidance to a diffs skill within the tool/plugin. Proposed PR if it helps: https://github.com/openclaw/openclaw/pull/32630

Bug: /acp slash command ignores inline arg, shows menu anyway

When typing /acp close (or any action inline), Discord sends the interaction with action = null because the field uses static choices — so OpenClaw always falls back to the button picker menu.

Root cause: buildDiscordCommandOptions registers the action arg with static choices (17 options, under Discord's 25 limit), which forces Discord's dropdown UI. Users can't bypass it by typing inline.

Fix: Register action with autocomplete: true instead of static choices. This lets users type freely, Discord passes the value through, and resolveCommandArgMenu correctly skips the menu when a value is present.

Cant just type /acp close in discord, it still shows the selection menu instead of bypassing it straight to closing the acp sub agent

Please report issues on GitHub (https://github.com/openclaw/openclaw/issues or https://github.com/openclaw/openclaw/security). The only exception would be recent breakages/regressions that can be tracked down to a specific commit/merged PR.

hey sweet someone (peter?) fixed the tool result compaction code

I have a simple Docs PR if someone wants to take a look for me.

https://github.com/openclaw/openclaw/pull/32695

Hi, I have this small pr as a warmup. Its related to heartbeat skipping triggers on request in flight errors. Added exp backoff for hb rates bigger than 1h

https://github.com/openclaw/openclaw/pull/31638

Hi all, this PR should still be tested and ready to go, it fixes a bug preventing onmessage from working in Mattermost channels: https://github.com/openclaw/openclaw/pull/20051

Hi everyone. I needed a good way to capture messages as they persist. currently the memory is parsed from jsonl file post session. but we can capture the message as they happen using a after_message_write hook
here's my PR - https://github.com/openclaw/openclaw/pull/32855

Hi, sorry for bothering, i have a minimal and surgical PR ready for review, which unify console timestamps output. hope someone could take a review , thx: https://github.com/openclaw/openclaw/pull/32464

Hi @raven kernel I would like to apply for the Clawtributor badge! 🦞
PR Merged: #32119
Title: fix(plugins): allow hardlinks for bundled plugins (fixes #28175, #28404)
Merged on: March 2, 2026
Link: https://github.com/openclaw/openclaw/pull/32119

Summary: This PR fixed the "unsafe plugin manifest path" error that was breaking global pnpm and bun installations due to the strict hardlink rejection policy introduced in v2026.2.26. By allowing hardlinks for trusted bundled plugins, we restored functionality for package manager users while maintaining sandbox security for workspace plugins.

hey, opened a fix for control tokens (NO_REPLY etc) leaking as visible messages to users — https://github.com/openclaw/openclaw/pull/32459 . would appreciate any eyes on it if anyone has a sec 🙏

I know ACP is the new hotness... but I'm on Telegram with old and busted mode for coding-agent.

If you launch in foreground mode and tell it to ask for approvals when needed, it will... but in the last two weeks I've never once gotten one of those approvals with /approve or free form text to work.

I believe I have a fix for this now AND an improvement that actually tells you the /approve command syntax that will approve once.

But somebody please stop me if this actually works perfectly. The only way I've gotten tasks that need to access the internet in Codex is to tell coding-agent to use yolo.

I feel like I'm the only one using OpenClaw to code based on the issues I run into...

@raven kernel good morning! I would like to apply for the Clawtributor badge! 🦞

• PR Merged: #32119 - fix(plugins): allow hardlinks for bundled plugins (fixes #28175, #28404) - Merged on: March 2, 2026

Requesting Clawtributor role @raven kernel
https://github.com/openclaw/openclaw/pull/32367#issuecomment-3987988413

I filed a bug, two PRs got opened that I went and verified didn’t fix it, I filed my own that is verified to fix it and today is got auto closed because one of the other PRs, verified not to fix it, was opened first.

I get that there’s a lot of PR noise but maybe the triage bot should also consider verification and which PRs are updated more recently? A bit of a frustrating experience trying to fix this bug and so I think I’m going to leave it alone and hope someone else actually fixes and verifies it. It’s a shame because the TUI interface seems to have several regressions and I’d like to be able to use it

hey @raven kernel , requesting the clawtributor role. steipete took part of my PR https://github.com/openclaw/openclaw/pull/32367 and landed it on main with me as co-author, shipped in v2026.3.2 — https://github.com/openclaw/openclaw/commit/71cd3371372763e1f6c3d1fa7c11cb302285f619. got a few more PRs in the pipeline too

Morning folks, what's needed to have https://github.com/openclaw/openclaw/pull/27275 reviewed and merged? I've done a lot of work and testing on this and I'm excited to contribute.

Hi PR Reviewers/Maintainers, I have raised a very simple and small PR to add a locale support. Would appreciate if it could be reviewed/merged. Have updated the tests as well.
https://github.com/openclaw/openclaw/pull/30748

Link?

hey @tall prairie, noticed that https://github.com/openclaw/openclaw/issues/22233 was closed pointing to https://github.com/openclaw/openclaw/pull/22270 as the fix, but that PR also got closed because the issue was marked completed. neither was actually merged — they just closed each other in a loop. the thinking block immutability auto-recovery fix never landed on main. worth reopening one of them to track it?

I opened the but a first time that got closed by a PR https://github.com/openclaw/openclaw/issues/27674 without verification. So I opened https://github.com/openclaw/openclaw/issues/28180 and these two PRs were made: https://github.com/openclaw/openclaw/pull/28228, https://github.com/openclaw/openclaw/pull/28232

I pulled both locally and verified neither of them fixed the bug, so I opened https://github.com/openclaw/openclaw/pull/29117 which I actually verified does fix it, but it was closed in favour of 28232 (https://github.com/openclaw/openclaw/pull/29117#issuecomment-3987793746) which I had already commented doesn’t fix it https://github.com/openclaw/openclaw/pull/28232#issuecomment-3973465888.

maybe it does fix it now, I can try it again but at the time I made my PR neither did. I was worried they would get merged and close my bug again without proper verification of the fix - the tests aren enough someone needs to actually use the tui with tools and record it

https://github.com/openclaw/openclaw/pull/33285

Ready to merge - fixes pnpm global install issue. All tests pass. Locally tested, CLEAN state, follows the exact pattern from approved PR #32119. Closes #29525, #29072, #21918, #32937. Thanks

there are conversations in the issue as of 2 hours ago.

I made a channel integration for instagram using https://github.com/supreme-gg-gg/instagram-cli can I just make a pr or is there anything else i should do

keep it third party, we arent really adding more channels right now

you can get it added to #1474434870259224723 though

Coolio

Bet I’m working out the kinks rn after it’s ready I’ll just send the link here

https://discord.com/channels/1456350064065904867/1474438720634748969

Any clawtributors with experience able to give me some advice? How frequently should I have my bot check and maintain this while I wait for human review? https://github.com/openclaw/openclaw/pull/29985

Hello, looking for a review for a PR if someone has a moment:

PR: fix(security): prevent memory exhaustion in inline image decoding (#22325)
https://github.com/openclaw/openclaw/pull/22325

This prevents a potential memory-exhaustion/DoS issue in MS Teams inbound attachment parsing where oversized inline data:image/...;base64,... payloads could trigger big allocations during base64 decode, by adding a pre-allocation size estimate and basic base64 sanity checks, and enforcing both per-image and cumulative byte budgets throughout the parsing path.

Published test results within the comments as well

just make sure it still merges cleanly. it could take weeks.

Hey! Looking for some help, our friends at AgentMail recommended posting here (crossposting from #clawhub) ... our skill clawdtalk-client is flagged as suspicious but it scans clean on VirusTotal (0/76). Would a mod be able to take a look? Details and evidence here: https://github.com/openclaw/clawhub/issues/568 .. thanks!

Can anyone get me the invite for iOS node app? Tysm

Hey, opened a fix for the Codex toolChoice bug (#33421) — https://github.com/openclaw/openclaw/pull/33462. Happy to address any feedback!

Hello, wanted to float this PR #23910 one last time for any maintainer interested in re-opening it. I saw that someone opened back up last week but it went stale again. Merge conflicts are fixed and tests pass now.

PR adds session:patch hook — simple and effective feature I have been using often.

PR: feat(hooks): add session:patch hook event to listen for session changes (https://github.com/openclaw/openclaw/pull/23910)

Discussion: https://github.com/openclaw/openclaw/discussions/24877

Hey! Just opened https://github.com/openclaw/openclaw/pull/33500 fixing the Feishu duplicate bot-info fetch on startup. The single-account path wasn't passing the prefetched botOpenId to monitorSingleAccount, so it'd re-fetch every time. Small fix, added tests for the happy path, failed probe, and abort edge cases too.

Hooks are on the list. Keep it open

Hi! Opened PR fixing the bug of exec_approval empty list. Could someone with write access review or approve this when you get a chance? All checks are passing and WinnCook's review feedback has been addressed. Thanks https://github.com/openclaw/openclaw/pull/33346

Fantastic thank you!

You think once per hour checks are overkill?

probably, how often does one of those checks result in it actually needing care

i'd be doing it once a day at most

also like your pr should be small enough that for the most part the only merge conflict you have to deal with is the one where a different pr that addresses the same issue gets merged

I just updated mine from main and now I have a test failure. Unfortunate, but better to find out this way than to merge the PR and then have breakage on main.

take a quick look but usually those are transient

basically don't pay much attention unless it has an actual merge conflict

often main has breakage already

ok barnacle i guess

Hey Folks!
I know theres been a couple PRs and discussions on compaction models and I believe I've addressed all concerns about it being better to use the model that created the context that is getting compacted. But I came across two cases where we could add a bit more elegance to compaction failures.

1. Compaction fallback language, in cases where compaction is attempted with say a frontier model on a subscription but the compaction hits the usage capacity a fallback model is desired. https://github.com/openclaw/openclaw/discussions/33431 there is an associated PR https://github.com/openclaw/openclaw/pull/33396 that should meet requirements
2. In the cases that a frontier model with high thinking or just a really slow model is used there are cases in which a race is started between timeout and when the model returns it's response. When this happens it would be good to have the option to fail to "think = off" since it's not really a benefit for compaction in my understanding. If my understanding it could be changed to default to thinking is not changed and the feature is opt. Please see discussion and PR https://github.com/openclaw/openclaw/discussions/33430 and https://github.com/openclaw/openclaw/pull/33296/
   I'd appriciate a review when my turn comes up 😊

starting to suspect that that change did not, in fact, obsolete my PR

ah, i got scared by a refactor

have a fix for a regression on llama.cpp backends: https://github.com/openclaw/openclaw/pull/33648

the fix is for https://github.com/openclaw/openclaw/issues/32916 which entirely breaks tool calling on qwen3.5 models (probably others but i didnt test those)

it's a one-liner!

Y2K was a one liner! (Probably)

all i know is i could have been doing my actual job but i got sniped into fixing a regression

Job sounds way less fun then hacking on claw though

i know right? i have to like interact with people instead of just turning rabid claudes loose on code

also i tried to make a video but 10mb is brutal

I just pastied a couple of screenshots

that probably would have been smart

anyway i'm enjoying my role as the brave defender of local model usability

and especially using a cloud model to do it

I made that PR for per-topic agents you wanted @sharp cargo -- https://github.com/openclaw/openclaw/pull/33647

hot

fixing the codex/greptile things now

i've considered vibing up a tool to basically vote on PRs by pulling them into your local branch and then running with them merged for n days

Am I misreading this completely, or is it currently telling the agent that it can generate up to ~6.5MB of text in its response when it's responding with that tool call? No wonder the sanity checks engaged. That many output tokens (>1M) are a bit above what's considered normal...

Well it would have barfed on anything over 2k

but still

I use quilt to cherry-pick PRs. It allows me to very easily rebase my local main with upstream/main and then test the patches for them applying, or just discarding the ones that no longer are needed or have a difficulty in applying. I love quilt!

ooh neat

Ok, took longer than I expected but reopened both PRs and updated the discussion threads. So, ready to go when my ticket is called ;P

ahhh i finally got my fix for tool result compaction working i think

yeah for the first time ever i've got it over 150k tokens in the context and not busting the cache to delete like 100 tokens from the beginning

I discover a TUI regression bug (#33866) and target how to solve it, then immediately submitted a PR (#33867) to fix it. However, many similar PRs were submitted shortly after :XD . I'd appreciate if someone could help review and merge it first. thx : https://github.com/openclaw/openclaw/pull/33867

Looks like I've been posting into the wrong channel... forwarding here.

thanks for totally rewriting my pr to actually be sustainable @untold pollen ❤️

yesssss i think this is gonna be it, i'm gonna get this context all the way to the tool result compaction at 160k or wherever

ripppppp got to like 130k and then something super early changed

but thinkies are working!

I am enraged.

slot update_slots: id  1 | task 82525 | old: ...  23: | 22:27 PST
slot update_slots: id  1 | task 82525 | new: ...  23: | 52:27 PST
slot update_slots: id  1 | task 82525 |      220      17      18      25      17      17      25      17      22   39630
slot update_slots: id  1 | task 82525 |      220      17      18      25      20      17      25      17      22   39630
slot update_slots: id  1 | task 82525 | n_past = 9659, slot.prompt.tokens.size() = 127716, seq_id = 1, pos_min = 127715, n_swa = 1```

Okay who put a timestamp in the system prompt again?!?!?!?!

There's also system events that are in the system prompt now instead of the conversation where they used to be???

I'm never going to get a single context to 160k tokens at this rate

https://github.com/openclaw/openclaw/commit/5b8f492a48fe2e1f467f78bfa06647cfc7c6f660

grumble

I hate that prompt code; it's so convoluted. But if I read that diff correctly, events are now added to the system prompt instead of the user prompt, invalidating the whole cache every time they happen? Is so, that's a MAJOR regression and can be very expensive for some users...

Yep! I already have a patch which puts them back. There's an attempt at injection protection in that commit too which should make the cache bust unnecessary. I need to figure out how to write a test for cache busts ugh

I have like four branches soon to become PRs after I bake them on my agent

Yeah, my first instinct was to write a test case for system prompt stability...but I can't trigger unknown injection sources to inject inside the test case like I could do with the current time by just waiting 61 seconds...

oh i also had a 30 minute timestamp change somewhere at token 9.7k

i hope that's just the system event thing

9.7k sounds like it could be the end of the system prompt. The prompt itself is now cached in memory, so it shouldn't change---only stuff people append to it can change

i'm basically just manually trying to get a single context all the way from opening the session to the actual context window limit

and then having an agent chase down every time i have to recalculate my context for 20 minutes

the nice thing is that i get to interact with a 122b model when doing this so it actually does things by itself

My main session hasn't been reset for weeks...only compacted. But then, I am very careful with what versions I upgrade to...

which also uhh exposed a fun bug with thinking!!

anyway i'm so close to validating the original concept which was fixing the tool result compaction pass to reclaim way more per pass and also be way more accurate in its estimations

i validated a fix for one bug and fixed like 3 others in the process

btw, do you remember which maintainer handled the last system prompt issue? I don't want to ping a random one... (and IMHO, this needs a ping)

argh my fix for it was apparently ineffective i think

no wait i psyched myself out of course it invalidated the cache one more time

Hey folks! 👋I'm a contributor here — I've got two small PRs open that address the undocumented commands.ownerAllowFrom gap (issue #25344). Ran into this myself setting up a self-hosted instance and figured others are hitting the same wall.

#25357 — one-file fix: adds a warning log when owner-only tools (cron, gateway) are silently stripped, so you actually know what's wrong instead of just seeing the agent can't find the tools
(https://github.com/openclaw/openclaw/pull/25357)

#25424 — matching docs: documents commands.ownerAllowFrom in the tools and pairing pages, since it's not mentioned anywhere currently
(https://github.com/openclaw/openclaw/pull/25424)

Both are small and verified against v2026.3.2.
Would love any feedback — happy to adjust if the approach needs changes!

Hey Folks! 👋 I'm a contributer here

I've got a PR open for a new Kudosity SMS channel plugin: https://github.com/openclaw/openclaw/pull/32417

Adds outbound SMS via the Kudosity v2 API with config adapter, onboarding wizard, webhook parsing, and full test coverage. All automated review feedback has been addressed and CI is green (the only failure is the known flaky root-alias.test.ts Windows timeout that's also failing on main).

I'd appreciate a review when my turn comes up 😊

Hi,
seems like I found a bug with openclaw onboard --install-daemon
Here is the PR :
https://github.com/openclaw/openclaw/pull/34306

The cache is busted again on main?

Do providers return cache hit metadata? If nothing else I'd like to be able to catch issues with cache locally. For opus use this is rly important

Hey folks! 👋 I have a focused PR up for review: https://github.com/openclaw/openclaw/pull/15639
It fixes a race condition in local embedding initialization (prevents duplicate model loads / VRAM spikes) and includes test coverage for the concurrency path.
It’s a small, scoped change, and I’m happy to address feedback quickly.
Would really appreciate a review when it reaches your queue — thanks!
Would appreciate a quick look when you have a moment 🙏

Yes. /status should surface cache hit rates and there are a few dashboards that can also be used to see hit rates.

With the overwhelming number of PRs how does one actually get picked for merging?

small focused PR with a high quality fix

I am following one that fixes a regression that is affecting me and it is size XS with experienced contributor so should get merged in smoothly? #33137

Yay merged

Yep I’ll push a pr later today I guess

It’s a “security fix” it’s very annoying

Thank you, one before the next release would be great

Yep just always want to test stuff locally first 💜

Hey fellas, I just joined this community, hope I can catchup with lots of happening in the OpenClaw space right now! 🙂

https://github.com/openclaw/openclaw/pull/34794

Hope it passes checks, been running locally fine for a while

I have Claude working off and on on a tool to just detect cache busts more accurately but it’s a long way off.

I did manage to burn like half of my Claude max 5-hour allotment last night fixing like 3 other bugs in the process of validating that one feature-fix (tool compaction is much more tame now ..)

Hello there! 😄 I’ve submitted a PR to add MiniMax TTS support here: https://github.com/openclaw/openclaw/pull/27880

I’ve spent the last week addressing the automated comments and linting requirements, so the build is green. I’ve been using this branch locally to access my custom MiniMax voices, and it’s working great.

I’d highly appreciate a maintainer’s review whenever you have a moment! 🙏 Thanks!

Best tool is mitm proxy and watching the request/response it’s a pita though

yeah i'm writing one of those but like you say, pita. Slot cache debugging on llamacpp is at least helping

No need to write one it already exists it’s called mitm proxy 🙂

well sure but then scope creep happened and i wanted to also enrich the responses with caching data since llamacpp doesn't do that

@tall prairie automated review found some stuff, think i fixed it, but don't merge until greptile likes it 5/5 🙂

hey folks, i've wanted to use openclaw for a while now. finally got myself some inference thru OpenCode Go. but it's not available as an onboard option. i raised an issue few days ago hoping that someone would pick it up, but it was not. so i raised a pr that closes the issue.

https://github.com/openclaw/openclaw/pull/34838

it might not be ready to merge. (idk this is my first time here). so please let me know how i can get it ready to merge.

• ci passes (1 fail. 404ing when downloading bun in the workflow)
• resolved greptile's review.

Have you tried the custom provider option?

Just curious

no actually. i just looked to see if whatever provider i have was listed. i've used it via openrouter, google, openai codex. i was not aware of custom provider until someone tagged my issue in theirs.

We’re not against new providers just wanted to give you workaround

I have a question last 2 weeks I've been working on tts. Initially I started by integrating qwen3-tts as a custom TTS provider but i found out that currently no new providers are considered.
So i completely scrapped that approach and instead went the correct path and just fully implement the OpenAI TTS API. still doing manual tests with verification videos is this something that will even be considered?

lol codex is teaching me about features that i didn't know existed because i'm breaking them with my change. excellent

i gotta put up my other PRs so they can marinate i guess

i'm just like, are these too big? can i make it tinier?

Hey! Raised a PR to fix issue #29100 - Cost metadata support for auto-discovered Amazon Bedrock models. PR #31160: https://github.com/openclaw/openclaw/pull/31160 - Adds a costs map to bedrockDiscovery config so Bedrock IAM-auth users can finally see USD cost estimates in /status and /usage (not just token counts). Would love a review! All tests pass. Thanks! 🙏

https://aws.amazon.com/blogs/aws/introducing-openclaw-on-amazon-lightsail-to-run-your-autonomous-private-ai-agents/

Could I get some thoughts on https://github.com/openclaw/openclaw/pull/34009 ?

Hey! I was thinking about adding support for the Perplexity Agent API (a /v1/responses based API to access Claude Opus, GPT-.2 etc)

From what I can see, endpoint compatibility here seems limited to /chat/completions and /messages. Does that mean a custom provider implementation would be needed (similar to how Grok is handled)?

it there a specific roadmap about how openclaw going to do next recently？

I'm looking for a maintainer to help me add a channel to openclaw. it's like whatsapp but you don't need a phone number. called aliceandbot

Hi folks, I just discovered that my PR for adding a model provider (StepFun) got closed. The reason is that it's already supported in OpenRouter. For this, I want to explain the difference:

Integrating platform.stepfun.com directly (via this PR) offers significant performance benefits for OpenClaw users—specifically, much faster response times and higher rate limits.

For context, OpenRouter strictly caps the daily number of requests depending on a user's credits, with a maximum limit of 1,000 daily requests. In contrast, the StepFun platform does not limit daily requests at all, and the limit is 1,000 requests per minute (RPM) even for a light user.

I believe this massive difference in capacity justifies the direct integration.

Any comments / suggestions are welcome. I do hope that maintainers can reconsider this PR.

https://github.com/openclaw/openclaw/pull/27211

OpenRouter API limits: https://openrouter.ai/docs/api/reference/limits
StepFun platform rate limits: https://platform.stepfun.ai/docs/en/pricing/details

And there is concurrency limit as well. That significantly affect the experience of OpenClaw use. I can provide proof to support the claim.

okay. the custom provider seems to work. will run with it for a bit to see if nothing breaks.

what does this mean for the first-class support? i think it's still worth integrating?

In my opinion, for all that it's worth (which isn't that much here), everything that has a fully openai-compatible API already has first-class support. What we're doing for many of the providers is like putting USB ports with funny shapes on a computer that only take one kind of device, so the user has it "easier" to plug their new mouse in. "The Logitech mouse plugs into the triangular, red port, the Razor mouse plugs into the blue 5-pointed star, except when it has LEDs then it goes into the six-pointed cyan star, ..."

Thanks for the clarification. I understand the maintainenance burden and have huge respect for what the maintainers have done to the project and the community. For providers that's not on the list, users would still face more friction there, like manually entering the base url and the complexity of <provider/model>. Such models may be supported equally from implementation perspective, but users of these models are not treated the same.

For my specific PR, my intention is to add the provider first and then will add coding plan and anthropic-compatible config later. Sort of incremental rather than an overwhelmingly big bundle.

With that said, I'm happy pivoting to a pure documentation update/change.

I'd suggest some more automatic / prompt ways to handle this provider config, instead of the hard-coded approach.

Appreciate the discussion on this matter.

Like what providers? What do you suggest?

This

Maybe we can establish some kind of standard to package all the needed data into some oblique string that the providers can publish to simply cut&paste in? There are quite a few variations on the API you want to configure, including the prices. Make it QR-code-payload compatible, and users could scan it with the app.

Mcp had this at the start. A simple “vllm” configuration string is VERY doable. Can easily work like openclaw provider setup <string>

it will then preconfigure the custom model inference using openai spec

Ollama also have /models endpoint for discovery etc. So easier to add custom model configs into config and it works out of the box

If people want a “smoother” experience

@final ocean the context is here (provider and PR). My suggestion is to have some built-in intelligence to let people configure using natural language or QR-code as Henry suggested (even better).

Or somehow decouple the model / provider selection from the main code, like hosting in a separate catalog repo (and publishing manifest - package maybe) - this means any change to this separate repo is a data entry PR (not a core OpenClaw code PR). OpenClaw will keep a small resolver that loads a pinned snapshot, and optionally use catalog update to fetch newer versions.

Too hard basket. Why do you need “intelligence” when its just a config??

Also problematic as models chabge too fast. LiteLLM and openrouter do this and it trickles down to pi then into openclaw

naturl language leads nowhere with most of the datafields. "supports dev role"? "suuports system role"? "name of the token field"? most people can't even repeat those phrases, much less give them in natural language

If you want an easier way to configure/override sure. Not sure what the ask is

I think small labs just want to have thier models show up better. I hear you, but we cant maintain code and spec for what is already supported

I'll think about a data format tomorrow, I have some ideas on how to make this simple (K.I.S.S. principle!), but I'm about 3 hours late for bed, so I don't trust my own brain atm ;)

I dont “monitor” this channel so dm me when you have something

will do

I didn't think through when I said natural language. Right. It's not deterministic. but hard-coding model config during onboard isn't ideal, and I see catalog/manifest maintained separately a viable direction.

Hi! Contributor-in-training here. I have a small stack (6) of PRs. Half of them are miscelleneous fixes. The other half are cautious (I think) attempts to extend the hook system in line with existing patterns, and with an eye to open discussions, issues, and other PRs on this core topic. The CONTRIBUTING.md suggested opening a discussion, but it got closed. My goal with the hooks is to enable richer security plugins, one of which I have developed and have been using extensively for about a month. Is this the right place to find humans to talk about this with? If not, please let me know where to go. Thank you!

agreed

I guess under the current setup, to some degree, model providers who got added earlier have some sort of advantage, and it's not fair for new model providers / router services. Most of the models already on the list are either openai-compatible or anthropic-compatible, I guess we would not remove them?

And if the standard is whether a model is already supported on OpenRouter, almost all models are now available on OpenRouter. OpenRouter has competitors too, and they would never have the chance of showing up?

I think there's a gap to formalize the license definition for OpenClaw skills.

I'd like to propose that we add a license definition feature for skills! Detailed PR created for this (with screenshots)
https://github.com/openclaw/clawhub/pull/603

Feedback appreciated! 🙏

Hi @keen spruce, I am a co-founder of StepFun (http://yibozhu.com/). I agree 100% that USB ports should be standard cross mouse brands. The problem is that there are already many "USB ports" for "Logitech", "Razor" etc. with different fancy shapes. Using it as a reason to reject new providers is in a way suppressing new mouse brands. I always believe that an open community should treat new contributors equally, if not more friendly, as/than the existing players. More choices and more competition is generally good for users.

I apologize if @glacial lodge offended or bothered you. It's a bit frustrating for us since our PR has been hanging for almost a month (dated back to the earliest one https://github.com/openclaw/openclaw/pull/10857). While we see the usage of our model gradually climbs to #1 daily on OR (https://openrouter.ai/apps?url=https%3A%2F%2Fopenclaw.ai%2F), we are still rejected by OpenClaw for being shown as an independent provider. We are a bit confused of what more we can do to get accepted.

We look forward to your new and fair solution!

Hey team! 👋

I've added SGLang (https://github.com/sgl-project/sglang ) provider support to OpenClaw. Ready for review. https://github.com/openclaw/openclaw/pull/35572

What it does:
• Auto-discovers models from SGLang server (port 30000)
• Adds SGLang to provider selection UI
• set SGLANG_API_KEY and it's ready to go

Changes:
• Core provider logic + auto-discovery
• UI integration (appears after vLLM in provider list)
• Setup prompts for base URL, API key, model

Let me know if you have any questions!

Hi mates , respectful bump on my PR: https://github.com/openclaw/openclaw/pull/29075

I understand the PR queue is very large, so I’m not expecting fast turnaround.
I’m posting a concise “what I tested” to help triage:

What I tested:

• Live manual Zalo checks (real accounts): text, link with/without preview, image, sticker, unsupported payloads.
• Verified unsupported payload fallback logging + DM policy enforcement.
• Ran: pnpm vitest extensions/zalo/src --run
• Ran: pnpm vitest src/infra/safe-open-sync.test.ts --run
• Ran full local pnpm test (passed)

If this is easier to merge in smaller pieces, I can split the PR immediately.
A quick directional comment (keep as-is / split / close) would be enough and I’ll follow it. Thanks.

I’ve noticed a few recent smaller PRs touching the same areas this PR already addresses.
Reviewing/splitting this one now could reduce duplicate follow-up PRs and keep the queue smaller.

Have a nice day 🤙

A little PR for fellow clawtributors working on the gateway: stop restarting the gateway when .test.ts files change:

https://github.com/openclaw/openclaw/pull/36211

anything specific to sglang you cant do with standard custom providers?

Would it be possible to get a code review on this PR? I can see that the workflow completed successfully 🤩

Hi maintainers! I've submitted a PR to add Prismer as a community channel plugin (#36250) and opened a discussion about potentially integrating it as a built-in extension (#36264).
Prismer is an A2A messaging network — 80+ agents in production. The OpenClaw plugin implements the full ChannelPlugin interface: outbound, WebSocket gateway, agent discovery, and two bonus agent tools (web context + document OCR).
Everything is published and tested:
• npm: @prismer/openclaw-channel
• Source: https://github.com/Prismer-AI/Prismer
• TS type-checked against plugin-sdk — zero errors
Would love guidance on what's needed to move toward a built-in extension under extensions/prismer/. Happy to add vitest tests, adapt to monorepo conventions, or adjust anything per your feedback.
PR: https://github.com/openclaw/openclaw/pull/36250
Discussion: https://github.com/openclaw/openclaw/discussions/36264

Hi! I'd like to contribute a new channel extension — Prismer (A2A agent messaging). Already published as a community plugin (@prismer/openclaw-channel) with a PR for the docs listing (#36250).

Before I submit a PR to add it under extensions/prismer/, wanted to check: is a Discussion (#36264) sufficient, or should I get explicit approval here first?

Does it unlock that the existing community plugin can’t already do or just discovery/distribution?

Think of it this way: other channels are walkie-talkies — agents shout raw text at each other. Prismer is a shared library with a phone system — agents publish knowledge to the shelf, then just tell each other "check page 42."

s!warn @silent bolt AI slopping long paragraphs is not appreciated here, use your human voice and answer questions and send messages yourself

i just provide an accurate feature specification.

No, you're spamming the channel with slop.

i suggest taking it to #1457803836877176914 @silent bolt

i would rethink this a lot , it does make a lot of sense to support native frontier labs and inference providers because the cost is much smaller and the latency is much smaller... some of these have been around for much longer than openrouter ... talk about wierd internet money , well there's one example of it , versus straight up model labs hosting their models for you at 1/10th of the price with actual caching ...

my point is , we should consider rethinking this approach , especially since the labs have folks that are contributing the code that needs to be maintained

Hey guys, where can I go for support, have a few questions

@sonic ermine not disagreeing with you, open to solutions that dont complicate the problem future and works for all

Installing openclaw on windows and need some help

#1459642797895319552

well this is super encouraging , because i've literally recieved dms from the representatives of a bunch of labs last three weeks , if i clearly mark the PRs from legit reps and legit labs , would that help ?

i mean i got like two DMs , but i see more wallowing in the queu (and they're legit)

Thank you for the feedback. Why it's needed and specific:

1. Auto-discovery queries "/V1/models' automatically (no manual model config) 2. Onboarding UX (Ease-to-use). 3. Growing adoption SGLang is increasingly popular for high-perf local inference. We already have vLLM, Ollama; SGLang fits the same pattern.

imo I think the custom providers is still a good fit, but maybe you can open a GH discussion for this?
I've seen a lot of similar requests and unless there's a large user demand, the answer is usually keep it as a custom provider. (But maybe start w/gh discussion & we'll see what others have to say)

Lets move to DM cc @jolly wolf

Yea will work. I need to hear from providers directly so we can help address thier feedback and see if we can work something out

Feel free to start one

Hey Team - probably for the maintainers, but I got invited to https://github.com/OpenClawHQ a few hours ago. It looks like probably a non-affiliated repo but could easily confuse people.

I'm just ignoring it but thought I'd call it out as it gives me weird security vibes.

The Skills license feature is now ready and waiting for a human to review and discuss. It's meant to be a step towards introducing licenses into OpenClaw's skills workflow, much like Google / Getty Image search for commercial image assets.

The AI bot reviews are all completed... took a bit of time to nail this but finally did it!

• GreptileAI summary is now 5 out of 5
• Codex Agent gave a 👍
• Vercel Agent Review successful

That user on GH is also spamming the comments to promote his "OpenClawHQ" via comments & PR's

Comments on other's PR's:
https://github.com/openclaw/openclaw/issues?q=commenter%3AJah-yee OpenClawHQ

All of these PR's in the list have spam comments promoting his Org/Repo

I've got Telegram ACP Topics (threads) binding working in this PR, also fixed some corner cases that made it impossible for me to actually spawn ACP at all (-- turning into emdash on Mac Telegram client).

If someone using Discord ACP could just confirm that things are working for them still that would be a big help!

I'm also working on something that I think is better... might be able to work some of it into the ACP approach though too.

https://github.com/openclaw/openclaw/pull/36683

@versed kindle

I already built this functionality yesterday? not released yet. is this related? have you checked it out?
https://github.com/openclaw/openclaw/pull/34873

I was told last night it landed on main… I saw the commit on main… tried it, but it didn’t work 😂

Did you fix all the same issues? There were several.

To clarify: I tried what is on main. Haven’t looked at the PR link you sent and whether that was merged yet or not.

ah got it. I checked the PR out, it looks good to me, but I haven't tested

Oh yeah that’s is the PR I’ve been trying. It’s already on main.

The first screenshot in my PR shows that topic binding in TG doesn’t work with ACP. Some issues are just annoyances like the client converting double dashes to an emdash, but once that’s out of the way it still says binding is not supported in TG. My PR fixes that.

@modern kestrel i can ask the agent but while you are in the context, did i mix up telegram/discord code, and put up channel-specific code where it shouldn't be?

I’ve got to make dinner for the kids for about an hour but will post a video review after on my PR. I believe I’ve tested all the corner cases.

I'll also give it a run and merge it if it doesn't break anything

I’m not positive? Maybe you missed some commits? The docs on /focus an /unfocus were still discord specific as were the docs on spawn saying only discord supports threads. I saw nothing on main that added telegram support. Maybe you did a lot of the plumbing to make topics work but just missed a final step or lost a commit?

ok will look again

I agree that telegram should support the config values and the slash commands you mentioned

what I'm not sure still is: did you set telegram up by adding config values in bindings and such, or did you purely try to use slash commands?

@final ocean thank you btw for bumping

@modern kestrel any chance you might add me as collaborator on your fork? then I can push to the same branch without having to create a new pr

username: osolmaz

Yes will do in a minute.

I just tried to figure out how to use ACP from what crumbs I could find. All I knew was the slash commands 😂

ahh just created a new PR 😅

if you don't have time, no need to worry, I will credit you while merging

Just added you to my fork

You can DM me if you want. I can pair on this too if you want...

So there will likely be a release tonight, and I'm ok with polishing telegram experience more before we do that, it's gonna be a big release

I am ok with pairing as well, I'll just sleep in a bit

also, you should check out the doc changes in my pr. it tells how to set up topics permanently with codex claude code etc. that was the flow I tested, so I'm not surprised slash commands weren't working

Ah... gotcha. Yeah I didn't read the PR I just dove into trying it with the /acp command that I knew existed 😂

ah sorry, btw can you also add dutifulbob as collaborator? forgot that I was using my clanker 😅

I don't wanna discredit you

Done

Probably should have put a configurable archive duration on the original discord autoThread PR, but better late than never 🙂 https://github.com/openclaw/openclaw/pull/35065

@versed kindle - Do you know, offhand, why ACP is only allow "yolo" or "read only" or "never" for approval? I believe that can be changed and I think I had it changed on one of my branches last night... just wondered if there was a reason why it wasn't set to be interactive. I have exec approvals showing buttons in Telegram for old-style /coding_agent invokes now and my alternative-to-ACP approach is using button approvals as well (relaying what Codex is showing)... so I was curious why ACP wasn't exposing the "ask me" mode. I can add that if the ACP library supports it.

hmm i'm not sure about these chabges after this

@modern kestrel is it possible to split this pr? I'm not sure about the spawning and slash command interface stuff. But any Telegram-related fixes we should still ship

I think that it's saying it's parity with Discord? I didn't invent the ephemeral-ness unless I made a mistake and persisted the config when they should be ephemeral... I can fix that.

/acp spawn codex --mode persistent --thread here --cwd /Users/huntharo/github/jeerreview --label jeerreview4

My tests were always like that... I was telling it to make them persistent...

Hi all! Small stack of PRs ready for review. Goal: expand Openclaw's hook system carefully, misc fixes. 5/5, green aside from CI flakes.

Hooks series: https://github.com/openclaw/openclaw/issues/36671

Independent smaller fixes:
https://github.com/openclaw/openclaw/pull/30310 — channels: default account in multi-account configs
https://github.com/openclaw/openclaw/pull/30323 — browser: include current page URL in tab-targeting responses
https://github.com/openclaw/openclaw/pull/33845 — slack: persist thread participation cache across restarts

Enjoy! 🧁

I had a question about ACP: Any interest in routing the output to wake the agent/session? I thought it was going to be a drop in replacement for how I have OC run/supervise claude code and codex via tmux, but this doesn't work because the agent can't see the responses from cc/codex.

So I would say you can set up your config using those binding arguments for now. And then we can polish the slash command binding in the next iteration. What do you think?

For the codex session to be persistent it needs to be saved to config but you weren't doing that no?

I think if the release notes mention Telegram Topics support for ACP that it's going to result in a slew of support questions if the slash commands don't support it.

But if it's left out of the release notes or carefully mentions config-driven only... might be ok

I don't see them in my Codex threads list no.

Just realized I never got my clawdributor role, @jolly wolf could I get that whenever you get a chance? https://github.com/openclaw/openclaw/pull/800

I am surprised that flow^ isn't automated

It’s intentional, because of the amount of people who try to sneak in malicious PRs

Even if we banned them, technically they are still a contributor to the repo forever, and I didn’t wanna have dozens and dozens of checks for bans and deletes and stuff, easier to just do it manually still

Telegram doesn't have an ephemeral thread option. Telegram topics are equivalent to Discord channels. I should probably add clarification that for persistent use of codex, it needs to be added to config.

I'm using voice typing, by the way. Sorry if it's annoying

Thanks!

technically they are still a contributor to the repo forever

Never use the contributor list as the source of truth!! You could have a bot maintain its own allowlist. Something like a /claim-role command that triggers github oauth, then the bot verifies with is:pr is:merged author:{username} repo:openclaw/openclaw, meaning you get a list you can actually manage from the bot's collected data

And in the event of a revert, that's very easily traceable so you can auto-remove the role or take action against the user! With 1k+ contributors the manual flow doesn't seem viable long term IMO

For context I used to be senior mod on the OpenAI discord (scaled to 3.5M+ members) and that server had a bunch of internal automations for similar validation flows

Yep, that’s exactly the list of checks I said I didn’t wanna do 😂

It may be worth looking into later once we have the foundation and more official ways to track things like that, so that we could scale it to sponsors and employees and stuff too

We’ve had a couple situations so far of people stealing other people’s PR’s and getting them merged, and then later on we just change the attribution in the contributor list of the original author if it’s something that we missed. That’s the big situation that is really hard to account for

The edge cases are daunting at the scale of slop that we’re getting

lol I don't think it needs to exist tomorrow but with the fastest growing repo and 120k+ members it may be worth considering down the line

sure but you could make the process less manual eg /reassign-pr #34009 @kesku

It's really hard to contribute now. There are so many pull requests. When an issue is raised, if it's relatively easy to fix, several PRs will be submitted within five minutes. I once filed an issue and was the first to solve it, but in the end, my PR wasn't merged. I felt a bit frustrated 😟 But I also understand that there are so many open PRs right now—it's really tough.

enlightened solarized enjoyer

I've opened a PR 2 days ago, to fix a security gap in the doctor command https://github.com/openclaw/openclaw/pull/34244
unlike other my trivial PRs, this pr is worth to take review i think

Hey all 👋 I've been building a personal exec agent and
implemented something called AgentGate , a credential broker
pattern where the LLM only ever holds an agent-key, never
OAuth tokens directly.

Thinking it could be a useful extension for OpenClaw,
especially for users running cloud LLMs who don't want
their Gmail/Calendar tokens touching external servers.

Posted a discussion on GitHub here: https://github.com/openclaw/openclaw/discussions/36963

Would love feedback on whether this fits the extension
architecture before writing code. Happy to contribute!

Those PRs are usually, in my experience, not good. I tested some of them just to make sure. Maybe that’s not true anymore as it has been a few days.

But I stopped filing issues if I intend to fix something myself.

A hint I got from Krill, which I liked a lot, was: if you want to contribute specifically, write the PRs and THEN write an issue that demonstrates the problem and the solution at the same time. I can't vouch for how well the outcomes match the promise, but, it seems like a reasonable strategy to me.

yeah, that's exactly what I do now. If I find an issue n can fix it myself, just submit a PR directly without filing an issue. Otherwise, there will be several similar PRs right away, that's unnecessary.

#self-promotion plz - this just isn’t the channel for that

That's clerly a promo. You may not be selling something, but still...

Hey everyone 👋

I've been digging into a long-standing LINE channel bug — requireMention: true in group/room configs has no observable effect; the bot replies to every message regardless. The root cause turned out to be three separate missing layers:

1. No mention gating in the inbound flow
2. No pending history for unmentioned messages
3. LINE absent from the DOCKS registry

I put together a fix covering all three in a single PR:

🔧 PR #35847 — Fix/Complete LINE requireMention gating behavior
https://github.com/openclaw/openclaw/pull/35847

📋 Issue #34438 (full root cause analysis + design rationale)
https://github.com/openclaw/openclaw/issues/34438

The fix brings LINE's group gating behavior in line with WhatsApp, Telegram, Discord, Slack, Signal, and iMessage — unmentioned messages are stored as pending history context rather than dropped or processed unconditionally.

If you have a moment, a review would be very appreciated! Happy to discuss the approach or answer any questions. 🙏

Quick question, is it intended that is discord the only supported channel for ACP? Is it a planed feature to allow for ACP without one shot outside of threads?

As far as I can tell on a channel that doesn’t have thread support you can’t use a session that keeps context in a codex acp.

@modern kestrel Any insight you can give would also be appreciated

what you are asking is currently on main

• acp in discord threads
• acp in discord channels (persistent)
• acp in telegram topics

additionally @modern kestrel did some work that acp related slash commands work on telegram yesterday

it should be released hopefully today

Thanks for confirming, I don’t currently use the discord channel. What’s stopping claw from just starting a context persistent acp session in other channels other than discord and telegram? Seems to be a hard coded limitation

now that we support persistent bindings, yes, we could enable for others. but the goal was to test each channel before releasing to make sure it works. releasing isn't as seamless and acp stuff need to be specialized for the idiosyncracies of each messaging app

which others did you have in mind?

Wanted to ask if anyone could update the pi-ai related dependencies in the repository - there seem to be some key fixes in there since the pinned version :)

That makes sense, I think the web ui is an easy no brainer as you have full control over it, however I’m not sure how many claw users actually use it so might be best to focus on the more popular channels.

I feel implementing it into the popular channels like WhatsApp/Signal would be a good next move. What makes it difficult to just have some mechanism (similar to native claw subagents) to repeatedly interact with the same acp session in the background

I don’t understand why backend functionality is tied to the front end interface, although I have not properly looked at the inner workings of acpx

can you maybe elaborate the exact UX you have in mind? whatsapp community with subgroups? or using slash commands to focus in and ouf codex in the same chat?

Either would work, but I think slash commands would be the most versatile. If slash commands were implemented could, a subagent also easily use the same underlying interface to acpx to read output and send tasks to the acp codex session?

The use case of manually entering the acp session with a slash command shouldn’t be the main focus imo (but is nice to have). I think allowing an agent to fully control the session is more important for me anyways.

I didn't get exactly

sounds like it describes something that is already possible, except for whatsapp/signal

did you try to build on main?

If anyone with a Discord setup wants to test this to see if anything changed on Exec approvals (sample prompt that invokes npm with approval in the PR), I would greatly appreciate it:

https://github.com/openclaw/openclaw/pull/37233

I've never been able to get exec approvals to work on Telegram until this PR - the codes were always rejected. This presents the approval choice as buttons, clears the buttons after click, fixes the issue with the approval not working, and adds a (need review) system event heartbeat routing back to the requesting topic that allows exec to actually display output after the approval.

The event waking changes can be dropped if too risky... they are isolated commits.

@versed kindle I had a question about ACP: Any interest in routing the output to wake the agent/session instead of direct to user? I thought it was going to be a drop in replacement for how I have OC run/supervise claude code and codex via tmux, but this doesn't work because the agent can't see the responses from cc/codex.

https://x.com/4shadowed/status/2029976890820178309
and yall wonder why we struggle so much :P

@jolly wolf just saw that you closed this PR (not mine). Was it because it was stale/triage, or just not interested in that fix? Until recently my agent in Discord could edit openclaw.json and message me once the gateway was restarted, but now they just stop. https://github.com/openclaw/openclaw/pull/29255

Not sure if I should open a PR to fix or just leave it alone

That user is the one referred to in my latest tweet (also sent in #shadow-says-stuff)

im banning a lot of users right now for directly copying peoples PRs and spamming us

oh makes sense

there's likely another PR open that is the exact same fix, since most of that users PRs were dupes

i created a pr and he/she/it commented and created another pr with fixes.

https://github.com/openclaw/openclaw/issues/37832

then saw sid-qin had 80 merged and 400 open and thought must be a maintainer

maintainers will both have the orange role here and have a yellow maintainer label on their PRs

my bad ✌️

all good

I'll keep looking, but I'm not finding one

you're welcome to open one then!

@jolly wolf I dmmed u my instagram channel plugin could u pls go through it and tell me if there’s anything else to do

shit

i forgot

Np lmao

Could a Maintainer maybe take care of this?
I could make a PR but I feel like that's kinda unnecessary here

@jolly wolf

this guy used cursor for opening a draft pr https://github.com/openclaw/openclaw/pull/37981
based on my issue that i already created pr for
https://github.com/bmendonca3/openclaw/commit/c38f1528acaa48a91963f128a172f7005da4db5b

seems like same pattern

it'll be in the next release

Thank you!

they're in my queue for banned users!

actually they're already banned just havent closed their prs yet

soft bump! https://github.com/openclaw/openclaw/pull/34009

i will review

ahh merged lol

appreciate the offer anyway haha, thanks for all your incredible work!

Good pr idea. We need to do that for embedding providers too.

I had that user on my naughty list... I was surprised to keep seeing commits merged for them... but if you throw 800 PRs at the wall, some will get through right?

can someone check this out? i spent two days finding this bug

https://github.com/openclaw/openclaw/pull/38322

Hi all 👋 . New contributor here. I noticed a few hours ago that main has broken CI. Here's a small fix: https://github.com/openclaw/openclaw/pull/38267

I submitted an important PR to help separate data plane and control plane over two,weeks ago. Here’s an email I just received and my response:

“Closing this PR because the author has more than 10 active PRs in this repo. Please reduce the active PR queue and reopen or resubmit once it is back under the limit. You can close your own PRs to get back under the limit.”

This is perhaps the stupidest thing I have ever read.

What this has convinced me to do is cease any efforts to improve OpenClaw. Congratulations.

Ok well sorry that you can’t handle contributing in the way they want you to

Like there are 5k open PRs lol

That PR is about 3 weeks old at this point. I submitted about 17 in total, mostly to do with security concerns. I am not responsible for those who are abusing PRs, nor was this an expectation 3 weeks ago plus. But hey, not my house, not my rules. I’m just letting the maintainers know that they are throwing out babies with the bath water.

https://github.com/openclaw/openclaw/issues/38283

i closed literally 2710 prs that were spam/slop, some people had upwards of 400 prs open.

blame the bad actors ruining it for everyone else, its unsustainable for us to keep going like we were

And yet no consideration was given to the PRs sitting around for weeks…. Or the content of the PRs… Or their provenance. I get the attendant problems, but given how little attention the PRa have received since submission, to ask me to decide which are unimportant enough to close so that the others might be merged is a bridge too far. It’s not like the PRs were evaluated for importance or,usefulness; one was just chosen…arbitrarily? Given its security impact, it cannot have been chosen due to lack of merit.

given how little attention the PRa have received since submission
we constantly are reviewing prs all the time, and we provide this channel for people to help discuss their issues as well.
the only criteria used for bringing the limit to 10 on existing prs was time, the first 10 prs were kept. anything more would have been unscalable or take days of work.

and like barnacle said, if you have other prs you think should be open instead, you can close your own and reopen the ones to keep

My entreaties in this channel to evaluate important PRs went unnoticed or (certainly) not acted on. Again, I don’t take issue with the problems you’re facing, just the after effects of the chosen solution. But in any event, I won’t waste any more of your time.

Cutting the amount of open PRs helps us get to legitimate PRs. GitHub barely has any moderation tools so we have to work with a blunt cleaver.

It's the right decision.

If we did not (I'm going to say it here anyway for people reading from the sidelines) give guidance on how to manage max of 10 open PRs:

1. Nothing stops devs from making a PR against your own fork back to main on the fork - I do this all the time - granted, it won't probably do any CI, but you can run code reviews in Codex, run all the builds locally, and be 100% confident that a PR is "ready" to take 1 of the 10 slots and only promote them to the openclaw repo when they reach that state
2. Draft PRs - Did we suggest to people that they can make Draft PRs or did we include those in the cap? I'd probably include them in the cap... they can be just as distracting... if someone wants to make a Draft PR... make it on their own fork instead.

drafts are included, yeah

no one except maintainers have really been doing draft prs though

Oh no... trusted contributor went away 😭

STOP

We dont need peoppe to fix tests for CI

Maintainers will manage this

Sorry if im touchy about this 😂🫡

@lusty vigil could you take a look? This touches gateway send context propagation and agent/session-key handling.

Maybe we can figure something out but a raw count didn’t make sense

well, i have 4 opened PRs which not hit the limits of 10 opened PRs, wishing a review to be quickly

Hello, I might be a little lost, but I no longer see the pr-thunderdome-dangerzone channel and I am wondering if I broke a rule on accident? When I first joined I forwarded a PR from here to there assuming that was where it should have gone. Is this why I cannot access it?

No worries, that channel go retired

ah I see thanks

@tall prairie if https://github.com/openclaw/openclaw/pull/23910 is still relevant do you mind opening it back up to the queue? 🙏

totally reasonable change imo as a fellow open source maintainer. Only so much stuff you can review at once

This should be resolved. It likely happened when I renamed the branch and then reopened the PR.

Is there a channel in this discord to discuss qmd dev? Should it be a plugin or channel sub thread?

@hoary pendant technically its a plugin

Hi! Could anyone review this PR?
PR #34205 https://github.com/openclaw/openclaw/pull/34205

It adds result-modifying hooks for tool calls. This opens up a few useful scenarios:

• General testing / wrapper plugins: wrap or mock tool results without modifying tool logic
• Input guardrails: intercept and sanitize tool results before they reach the agent, blocking untrusted content that could be used to attack the OpenClaw agent
• PII / confidential data sanitization: scrub sensitive data from tool results before they're seen by the model and OpenClaw.

All tests pass. The only failing CI check (secrets) is unrelated to this PR. Would appreciate a review!

This one was "approved" by arosstale but then marked stale and closed. It's still really important and relevant. Posting here as #pr-thunderdome-dangerzone seems to be gone. https://github.com/openclaw/openclaw/pull/22917

Sorry to hijack this, but as you (presumably) just had your finger in the tool call code, you might have some insight on a random idea I had earlier: How easy/hard/feasible would it be to PR a very simple tool into openclaw: "custom" with an open list of parameters. When used, openclaw would call an executable configured in the config, with those parameters 1:1 (and the agent/session id). That's it, no semantics, just a simple callout that can work as a replacement for exec---for anything a user might want their agents to do without giving them full shell access. A very simple extension hook for people who don't want to dive deep into their openclaw but have some idea how to write a shellscript.

Acustom or custom_script tool sounds like a great addition, something easier than building new plugins.

The tool can manage a list of scripts and supports commands like add, delete, modify, list, and run. Using it, the agent can list available scripts and run the script the user requested.

I haven't checked the default tool implementations, but I don't think that would be particularly difficult to add. It might add some RCE risk (if the attacker can overwrite the script) but that's nothing new for openclaw. 🙂

I was thinking even simpler. Just a single fixed entry, and then you can branch out in there based on the first parameter. Feed the info on what is available there as skill to your agent.

For overwriting I have two complementary ideas: (a) Put a warning into the doc that the file should not be writable by the agent, and (b) have the call be hardcoded to "<configured_executable> -h --help --agent <agent> --session <sesion> -- <parameter list>" The "-h --help --" would trip up nearly every existing executable, so setting the config value and pointing it somewhere would be useless. The agent would need to write a custom script and chmod+x it (sorry Windows, going by file endings bites you here) in addition to writing that config value to use this to break out.

huh, would a config param for the file-edit tool "rejectEditingExecutableFiles" be a useful thing?

In general, i think it would be good to have specific directories or files configured as read-only so that the Openclaw agent cannot modify them using write/edit tools. If it marks the scripts as read-only, it could prevent accidentally or unintentionally overwriting them. Does openclaw already supports such a config?

I don't think the file editing tool has any restriction except for a "workspace only" one that can be enabled. In general, when exec is enabled, any such restriction would be useless. But when it is off, editing existing shell scripts is a hole.

Hello maintainers,

could you review https://github.com/openclaw/openclaw/pull/38322 (issue https://github.com/openclaw/openclaw/issues/37832)?

In sandbox mode, WhatsApp outbound media from workspace-<agentId> was failing with path-not-allowed because requester agent context wasn’t consistently reaching gateway send paths. not only this path, whatsapp channel is unable to send any media from any path including /tmp.

This PR fixes context propagation in message-tool + sessions_send announce, with tests for both legacy and agent-format session keys.

Would love your confirmation that this matches intended security policy for media root resolution.

hi guys, anybody come to reveiw this PR made directly from Minimax Team, a user experience improvement:
PR:https://github.com/openclaw/openclaw/pull/33953
Reason:fix(models) Users logging into MiniMax via OAuth will now have the Open Platform's image tools automatically enabled. This functionality has already been implemented for API key users.

Hey everyone, quick update on the LINE requireMention fix —

Tested in a real LINE group and everything's working as expected:

• No mention → bot stays silent, but keeps recording pending history in the background
• @mention → bot responds with the accumulated group context included

So it's not just "going quiet" — it builds up context while silent, then brings it all in when finally mentioned.

Screenshot below, PR: https://github.com/openclaw/openclaw/pull/35847

Just to be clear: this is not a test change, but a change to update some types that got broken by a dependency upgrade that broke main. If what you're staying still applies, perhaps consider adding some explicit instructions to CONTRIBUTING.md, because it currently says:

Bugs & small fixes → Open a PR!

... which is what I did

(also, thanks for all your hard work! this is a great platform)

tagging @celest merlin @untold pollen since i you guys recently did commits related to gateway.

just lmk or it’ll be helpful to know if the pr is not needed, i am eagerly waiting for next version. thx and sorry

@wise helm, please don't ping Peter for issues, use #1459642797895319552 or #users-helping-users if you need help, use #clawtributors to discuss PRs, or use any of the many other channels in this server as they're intended.

If you have a problem with the Discord specifically, use #report or DM @jolly wolf
-# Your message was reposted above without the ping active for the sake of conversation.

.

i sound so desperate sorry for this

https://github.com/openclaw/openclaw/discussions/38684 Hello community,👋 I have an idea and posted it in the GitHub discussion. Could you please take a look at it? Any feedback would be appreciated.

https://github.com/openclaw/openclaw/blob/main/VISION.md

heyo

Anyone else seeing this? Fast mode on Codex Desktop turns it on / off for all threads in all projects... but if you use App Server via another front-end it can/should be per thread?

https://x.com/huntharo/status/2030338964587180367?s=20

@huntharo via Twitter

so gng i accidentally left the serv and i lost the role

can i have it back

@clear kraken OwO

Added <@&1458375944111915051> to ! evil german man.

ty pookie

It seems Deps got updated but pi-ai was missed unfortunately

itll be like *right* when release happens usually

Gotcha

hi, not actively contributing to openclaw but i have been hacking away at my own setup. here is something i put together for memory: https://github.com/yoloshii/ClawMem

Hey all I’m an active contributor and wanted to have this PR looked at - it fixes an issue in Discord when sending /new or /reset commands: https://github.com/openclaw/openclaw/pull/38977

Hey, any particular maintainer who typically enjoys looking at telegram PRs I can tag on a small bug fix or that’s ready for review/merge? (https://github.com/openclaw/openclaw/pull/39172)

Take care of those review comments 😉

Had to do a double take! That last comment I actually addressed it in a792a2a parseInboundMetaBlock now uses continue instead of return null after a parse failure, so it keeps scanning for valid blocks rather than bailing out. The new regression test in strip-inbound-meta.test.ts covers it

Not sure why the clanker made two near identical comments 😅

Join #1474434870259224723 thread for telegram.

I’ve got a PR in to Mac app for Telegram - it hides the autocomplete list for bot commands as soon as you type underscore even though that’s allowed by the spec and works correctly on iOS app. OpenClaw remaps - to _ in bot command names so you can see the problem.

I’m not hopeful though… no commits on main in 8 months.

perfect thank you

Ohh... my Telegram Exec Approvals buttons is finally clean on checks and merge conflicts:

https://github.com/openclaw/openclaw/pull/37233

@modern kestrel can u pull latest main and verify the acp thread stuff you landed is still working?

Yeah. But what do you suspect broke... I've been building something else that I think gives a 10x better experience with Codex.

I assume everything is broke

Ok, I'm running upstream/main right now. Give me a few mins.

Sweet thanks. I need to get it set up myself so I can start using it.

Bruh you are crushing it

https://imgur.com/a/cvtoAxA

It appears that everything is working (except when I mess up sending the messages). I can focus, unfocus, spawn threads. The one error was because I think I like replied and it seems that broke the parsing of the slash command.

Nice thank you.

I was inspired to go to the gym today... to confirm I could use Codex the way I wanted while on the treadmill 😂 I have a line item in the implementation plan "gym bro test". Got about 10 minutes in before things fell apart. Tried again while out to dinner... no problems that time.

Here is a little demo of plan responses: https://imgur.com/a/vDE5RzO

Sick!!! I love plan mode

/codex_status and /codex_fast toggling: https://imgur.com/a/3nh0v7D

Hi maintainers 👋

I'd like to add support for the WeCom channel. My colleague jerryzhou mentioned that your can help with this.

Could you please review and let me know if PR #38976 is still eligible to be merged?

https://github.com/openclaw/openclaw/pull/38976

Thanks in advance!

Check out the join workflow... gives you your most recent Codex Desktop / CLI threads, click to join, gives you last request/response context: https://imgur.com/a/RGgPntn

Dang this is awesome

Hey @proud thunder, this should probably be a plugin first. https://docs.openclaw.ai/plugins/community

@zealous plover It has already been published to npm. Do I still need to submit a PR to this document?

Wecom — Connecting OpenClaw to an wecom bot via WebSocket. npm: @wecom/wecom-openclaw-plugin repo: https://github.com/WecomTeam/wecom-openclaw-plugin install: openclaw plugins install @wecom/wecom-openclaw-plugin

How to list plugin: https://docs.openclaw.ai/plugins/community

Oh also it looks like the info is on your PR as well in a comment

Hi Will I mentioned you in PR but realized I should ask here instead - https://github.com/openclaw/openclaw/pull/32529 can you take a look? 🙏

Different Will 😊

Hi Maintainers, i have hit the limit of 10 open PR's and unable to contribute further because of new PR limit. Could anyone please review my PR's , here is one of them: https://github.com/openclaw/openclaw/pull/38255

updated pr time and left a comment for reviewers to have even context,

https://github.com/openclaw/openclaw/pull/38322

It’s a narrow requester/agent-context fix for outbound send paths (message-tool+sessions_send, A2A announce), with partial overlap only on themessage-tool half with #39034.

@zealous plover The previous PR (#38976) was closed and cannot be reopened, so I've submitted a new PR. https://github.com/openclaw/openclaw/pull/39511
Thanks.

That change to what tools are enabled by default for an agent by [whatever rules] wasn't quite well-thought-out, I'd say. It really leaves people stranded, as there's no indication of why their agents are restricted, especially when it's not a fresh install and stuff just stopped working due to the update. If someone has an idea to handle this better, maybe giving the agent a way to ask the system so it can present proper guidance to the user, that would be great. Maybe a tool like "tool_status" that lists all unavailable tools and the reason why they are not available, and links to the documentation for each reason? (Bonus: Allow the default agent in their 'main' session on the TUI/WebUI channel to check for other agents and sessions so they can implement changes for the user.)

if you're referring to the tools.profile defaulting to messaging, that was a regression that's been un-done in the latest release

I don't know what I'm referring to, other than the 937 posts in #1459642797895319552. That's the reason I'm calling this out---even after reading about it so many times, I don't understand it. But if it was just a regression---good. (Hey, I hadn't yet noticed there's a new release.) Still, giving an "effective permissions" report for an agent/session might not be a bad thing. At the moment, there's much guesswork involved in figuring out how all the config values add up, considering there's agent+session+channel+dm/group stacked on each other. And if one of the clawtributors wants to tackle that...

https://github.com/openclaw/openclaw/pull/33822

Perplexity engineer decides to contribute and "quitely" remove OpenRouter support of Perplexity so that they can benefit more from people using direct Perplexity API instead of going through the universal gateway. Wondering why my agent kept saying 401 unauthorized when doing web search.

sad that it passed the filters and got merged with this regression ... i think you did a good job calling it out , keep up the good work 🦞🦞

I mean you implying intent, when it's possible it was genuine mistake/testing artifact or just conflict with the 2 paths.

Genuine mistake? i doubt it. He explicitly set base url and model to be deprecated fields. So he must have known what he was doing. Call out @red sparrow to see what he has to say about this

seems pretty obvious that's what he is doing lol

Just opened a fix for Codex GPT 5.4 context handling in OpenClaw.

Problem:
openai-codex/gpt-5.4 was inheriting a much smaller context window from the gpt-5.3-codex template instead of exposing the native 1,050,000 token window. That meant the Codex path was advertising a far smaller usable context than the model actually supports.

Fix:
The PR patches both the forward compat resolver and the synthetic model catalog so openai-codex/gpt-5.4 now reports the proper native context window, matching the openai/gpt-5.4 path.

Issue:
https://github.com/openclaw/openclaw/issues/39791

PR:
https://github.com/openclaw/openclaw/pull/39797

All CI checks are green and the review thread has been cleaned up.

I am genuinly speaking from experience with the OpenAI TTS. For very long time it had no baseURL as config option and relied on env viarable there were so many strict checks for non baseurl vs baseurl it was nested in directives and commands, I don't know the exact details of the perplexity API and implementation nor the difference with openrouter as provider. In the end openrouter as intermediete still routes to their API. Again my point is not to cast blame and imply intent from code changes, especially with the amount of PRs and confusedopenclaws pushing changes and opening issues and PRs.

Have you considered the Pi-coding-agent 272k context window for GPT-5.4

Good catch to ask about. The fix does cover the pi-embedded-runner (coding agent) path directly. That is actually where model-forward-compat.ts lives and where the 272k was being inherited from the gpt-5.3-codex template.

The 272k context window is still correct for gpt-5.3-codex itself. The PR only patches gpt-5.4 to expose the native 1,050,000 tokens, and the tests explicitly verify both: gpt-5.3-codex stays at 272k, gpt-5.4 gets 1,050,000.

So yes, the pi coding agent path was the primary target of the fix.

I was hitting my head at this problem earlier today and asked because last release didn't update the pi dependency to the latest we are still 55.3 and gpt-5.4 and some openclaw specific fixes are in the newer releases. And also there are caveats with the higher context. I think above 272k is double the cost and there is serious degradation in performance. Similar fix was suggested by my openclaw but I decided against even in codex it's configuration option gated.

That is really useful context, thank you. I was not aware of the cost multiplier above 272k or the performance degradation at higher context on the Codex path.

Based on your feedback, I am adjusting the PR right now:

What is changing:

• Default context for openai-codex/gpt-5.4 will stay at 272k (matching the template)
• The native 1,050,000 context becomes opt-in via config (e.g. contextTokens in openclaw.json), consistent with how Codex itself gates extended context
• Model metadata still reports the native capability, but the effective session ceiling defaults to the safer 272k

Why:

• Cost doubles above 272k on the Codex path
• Performance degrades at higher context
• pi dependency is still on 55.3, so some gpt-5.4 behaviour is not fully upstream yet
• Forcing 1.05M as default would be practically worse than the current behaviour

The PR description will be updated with these caveats. The goal was never to force higher context, just to make the behaviour transparent and give users the option when they want it.

PR: https://github.com/openclaw/openclaw/pull/39797

thanks @vocal geyser

Well that didn't happen - now the new release is missing those key fixes :/

@frail girder Openrouter doesn't support the Perplexity Search API nor the agent API, they only support Sonar, which is outdated, and doesn't provide structured json results directly, but instead AI generated summaries.

If you want to use sonar models, we have an MCP that can do web search through Sonar in a better way than this original implementation: https://github.com/perplexityai/modelcontextprotocol

And yes, ^ supports openrouter

cc @vocal geyser @sonic ermine @hazy vigil

to be clear, if openrouter DID support the Perplexity Search API, there'd be no change made here, there is no benefit to me/perplexity whether or not you use our apis through them or us

The regression in behavior (causing 401s) is a genuine mistake, I should have caught that in my PR

but Sonar should not be a web search option

regardless of where you're calling it from

Appreciate the clarification @red sparrow . I searched on OpenRouter which perplexity model they support and it seems that they hae full support? https://openrouter.ai/models?q=perplexity. Is it a mistake on their end or is the perplexity search api not supported in those models? Curious to know. Thanks

Every model you list on this page is a Sonar model, the Search API isn't a LLM, it's direct json results

https://docs.perplexity.ai/docs/search/quickstart

They also list models like Perplexity: Llama 3.1 Sonar 70B Online which do not exist in our API anymore and were deprecated ages ago, we're coordinating with openrouter to resolve that

I'm happy to make another PR to add a deprecation warning in the OpenClaw UI that tells them to use perplexity directly or the above MCP if that'd help, I'll reiterate: there is no way I or perplexity benefits from you going to us directly as opposed to using openrouter (since you're getting 401s now, we're missing out on your usage through OR which is technically worse for us )

example usage attached, this is MUCH faster and skips the step of having one LLM talk to another to get the same information

and since web_search defaulted to sonar-pro, you were limited in OpenClaw regardless

via MCP, you can call any model, including deep research

hope that clears everything up, I'm more than happy to answer questions and genuinely love openclaw haha

Hmm, then how did the previous option with openrouter work in the first place? Cause that must have worked right? The previous one call the Sonar model to make the search right? Perplexity Search API just makes it easier by actually calling the api and return nicely json output right? Reason I'm asking is because I want to use only openrouter, managing too many api keys is a pain

yes exactly, openrouter called sonar-pro which led to a multi turn web search (that gave you basically the same results) but than a model had to ground that information into a summary with citations (much like how grok, kimi etc work as a option)

this wastes tokens summarizing twice, with sonar pro and with your claw. If you want to keep using sonar pro, use the MCP

also, happy to send some api credits your way (if you're comfortable with another key in your config lol) as a gesture of goodwill, I never intended to worsen the openclaw experience

No worries mate. Seems like perplexity up their game but OpenClaw doc hasn’t caught up yet. Thanks for the PR and for the updated info here. Cheers

more likely openrouter issue tbh

Hey clawtributors, looking for eyes on a plugin hook PR:

https://github.com/openclaw/openclaw/pull/20067

Adds before_agent_reply — a plugin hook that fires after slash commands but before the LLM runs, letting plugins return a synthetic reply to short-circuit agent processing. Enables forms, approval gates, wizards, and interactive tutorials as plugins without touching core.

There are 60+ open issues/PRs requesting some form of message interception, and none of the existing hooks (including the newest ones from this week) fire at the right pipeline position to do this. The PR body has the full breakdown.

Ah, I wish I saw this earlier. I just landed a PR that restores OR compatibility on #39937

maybe be good to revert? apologies

@jolly wolf Claiming my contributor role - my PR #39281 (fix: reject pid <= 0 in parseLaunchctlPrint) was landed on main by steipete.

https://github.com/openclaw/openclaw/pull/39281

The fix stops launchd runtime parsing from recording sentinel/non-running values as real PIDs, with regression tests for pid = 0, positive, and negative cases.

GitHub: @wind crag

Please don't ping Shadow for that. Mods will grant you the role.

I don’t think an immediate revert is the right move. #39937 is just restoring broken existing OR/Sonar configs and fixing the 401 regression (and not claiming that Sonar == the Search API)

Better follow-up, IMO: keep legacy compatibility for existing users, add a clear warning/deprecation for the OR/Sonar path, and steer new setups to direct Perplexity Search API or the MCP

looked at the changes, LGTM, agree this is the right approach! Thank you.

sorry. it was Shadow who told me to claim it on X

we ship fast and break things, no harm no foul. Thanks for being active @red sparrow

not sure what that approval process looks like but putting my name out there for contributor role eligibility (#1917 #18218 @grizzled rivet on GitHub)

edit: yay! thank ya kindly