惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
C
CERT Recently Published Vulnerability Notes
P
Proofpoint News Feed
Y
Y Combinator Blog
T
The Blog of Author Tim Ferriss
云风的 BLOG
云风的 BLOG
H
Help Net Security
Recorded Future
Recorded Future
The Register - Security
The Register - Security
F
Full Disclosure
N
Netflix TechBlog - Medium
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hackread – Cybersecurity News, Data Breaches, AI and More
爱范儿
爱范儿
Security Archives - TechRepublic
Security Archives - TechRepublic
Simon Willison's Weblog
Simon Willison's Weblog
Cisco Talos Blog
Cisco Talos Blog
I
InfoQ
T
Tenable Blog
T
Tor Project blog
人人都是产品经理
人人都是产品经理
D
DataBreaches.Net
NISL@THU
NISL@THU
Google DeepMind News
Google DeepMind News
博客园 - 叶小钗
B
Blog
V
V2EX
Jina AI
Jina AI
L
LangChain Blog
月光博客
月光博客
W
WeLiveSecurity
U
Unit 42
AWS News Blog
AWS News Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园 - 聂微东
V
Visual Studio Blog
A
Arctic Wolf
T
Tailwind CSS Blog
The Cloudflare Blog
SecWiki News
SecWiki News
S
SegmentFault 最新的问题
Hacker News - Newest:
Hacker News - Newest: "LLM"
宝玉的分享
宝玉的分享
MyScale Blog
MyScale Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Securelist
www.infosecurity-magazine.com
www.infosecurity-magazine.com
腾讯CDC
雷峰网
雷峰网

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
docs: MCP + cron + plugin lifecycle plus channel env-block cross-links · openclaw/openclaw@91c795c
vincentkoc · 2026-04-23 · via Recent Commits to openclaw:main
Original file line numberDiff line numberDiff line change

@@ -90,6 +90,8 @@ This fires ~5–6 times per month instead of 0–1 times per month. OpenClaw use

9090
9191

For isolated jobs, runtime teardown now includes best-effort browser cleanup for that cron session. Cleanup failures are ignored so the actual cron result still wins.

9292
93+

Isolated cron runs also dispose any bundled MCP runtime instances created for the job through the shared runtime-cleanup path. This matches how main-session and custom-session MCP clients are torn down, so isolated cron jobs do not leak stdio child processes or long-lived MCP connections across runs.

94+
9395

When isolated cron runs orchestrate subagents, delivery also prefers the final

9496

descendant output over stale parent interim text. If descendants are still

9597

running, OpenClaw suppresses that partial parent update instead of announcing it.

Original file line numberDiff line numberDiff line change

@@ -237,6 +237,14 @@ Default account supports:

237237

- `IRC_NICKSERV_PASSWORD`

238238

- `IRC_NICKSERV_REGISTER_EMAIL`

239239
240+

<Note>

241+

`IRC_HOST` is on the endpoint-block list and cannot be set from a workspace

242+

`.env` file. It must come from shell environment or the gateway process

243+

environment so that untrusted workspaces cannot redirect IRC traffic to a

244+

different server. See [Workspace `.env` files](/gateway/security) for the full

245+

list.

246+

</Note>

247+
240248

## Troubleshooting

241249
242250

- If the bot connects but never replies in channels, verify `channels.irc.groups` **and** whether mention-gating is dropping messages (`missing-mention`). If you want it to reply without pings, set `requireMention:false` for the channel.

Original file line numberDiff line numberDiff line change

@@ -179,6 +179,14 @@ For example, `-` becomes `_X2D_`, so `ops-prod` maps to `MATRIX_OPS_X2D_PROD_*`.

179179
180180

The interactive wizard only offers the env-var shortcut when those auth env vars are already present and the selected account does not already have Matrix auth saved in config.

181181
182+

<Note>

183+

`MATRIX_HOMESERVER` is on the endpoint-block list and cannot be set from a

184+

workspace `.env` file. It must come from shell environment or the gateway

185+

process environment so that untrusted workspaces cannot redirect Matrix

186+

traffic to a different homeserver. See

187+

[Workspace `.env` files](/gateway/security) for the full list.

188+

</Note>

189+
182190

## Configuration example

183191
184192

This is a practical baseline config with DM pairing, room allowlist, and E2EE enabled:

Original file line numberDiff line numberDiff line change

@@ -109,6 +109,14 @@ Set these on the gateway host if you prefer env vars:

109109
110110

Env vars apply only to the **default** account (`default`). Other accounts must use config values.

111111
112+

<Note>

113+

`MATTERMOST_URL` is on the endpoint-block list and cannot be set from a

114+

workspace `.env` file. It must come from shell environment or the gateway

115+

process environment so that untrusted workspaces cannot redirect Mattermost

116+

traffic to a different server. See

117+

[Workspace `.env` files](/gateway/security) for the full list.

118+

</Note>

119+
112120

## Chat modes

113121
114122

Mattermost responds to DMs automatically. Channel behavior is controlled by `chatmode`:

Original file line numberDiff line numberDiff line change

@@ -89,6 +89,14 @@ For the default account, you can use env vars:

8989
9090

Config values override env vars.

9191
92+

<Note>

93+

`SYNOLOGY_CHAT_INCOMING_URL` is on the endpoint-block list and cannot be set

94+

from a workspace `.env` file. It must come from shell environment or the

95+

gateway process environment so that untrusted workspaces cannot redirect

96+

Synology Chat traffic to a different webhook. See

97+

[Workspace `.env` files](/gateway/security) for the full list.

98+

</Note>

99+
92100

## DM policy and access control

93101
94102

- `dmPolicy: "allowlist"` is the recommended default.

Original file line numberDiff line numberDiff line change

@@ -63,6 +63,12 @@ Important behavior:

6363

- older transcript history is read with `messages_read`

6464

- Claude push notifications only exist while the MCP session is alive

6565

- when the client disconnects, the bridge exits and the live queue is gone

66+

- stdio MCP servers launched by OpenClaw (bundled or user-configured) are torn

67+

down as a process tree on shutdown, so child subprocesses started by the

68+

server do not survive after the parent stdio client exits

69+

- deleting or resetting a session disposes that session's MCP clients through

70+

the shared runtime cleanup path, so there are no lingering stdio connections

71+

tied to a removed session

6672
6773

## Choose a client mode

6874
Original file line numberDiff line numberDiff line change

@@ -478,6 +478,10 @@ Important trust note:

478478

- A workspace plugin with the same id as a bundled plugin intentionally shadows

479479

the bundled copy when that workspace plugin is enabled/allowlisted.

480480

- This is normal and useful for local development, patch testing, and hotfixes.

481+

- Bundled-plugin trust is resolved from the source snapshot — the manifest and

482+

code on disk at load time — rather than from install metadata. A corrupted

483+

or substituted install record cannot silently widen a bundled plugin's trust

484+

surface beyond what the actual source claims.

481485
482486

## Export boundary

483487

@@ -507,7 +511,9 @@ At startup, OpenClaw does roughly this:

507511

4. normalize plugin config (`plugins.enabled`, `allow`, `deny`, `entries`,

508512

`slots`, `load.paths`)

509513

5. decide enablement for each candidate

510-

6. load enabled native modules via jiti

514+

6. load enabled native modules — built `dist/*` bundled modules go through a

515+

native loader path, while non-built native plugin modules are loaded via

516+

jiti

511517

7. call native `register(api)` (or `activate(api)` — a legacy alias) hooks and collect registrations into the plugin registry

512518

8. expose the registry to commands/runtime surfaces

513519
Original file line numberDiff line numberDiff line change

@@ -254,6 +254,18 @@ OpenClaw checks for native plugin format first:

254254

If a directory contains both, OpenClaw uses the native path. This prevents

255255

dual-format packages from being partially installed as bundles.

256256
257+

## Runtime dependencies and cleanup

258+
259+

- Bundled plugin runtime dependencies ship inside the OpenClaw package under

260+

`dist/*`. OpenClaw does **not** run `npm install` at startup for bundled

261+

plugins; the release pipeline is responsible for shipping a complete bundled

262+

dependency payload (see the postpublish verification rule in

263+

[Releasing](/reference/RELEASING)).

264+

- Sub-agent runs that launch bundled MCP servers dispose those MCP clients

265+

through the shared runtime-cleanup path when the sub-agent exits, so

266+

sub-agent lifecycles do not leak stdio child processes or long-lived MCP

267+

connections across turns.

268+
257269

## Security

258270
259271

Bundles have a narrower trust boundary than native plugins: