惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Heimdal Security Blog
P
Privacy International News Feed
S
Schneier on Security
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
Spread Privacy
Spread Privacy
P
Privacy & Cybersecurity Law Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
K
Kaspersky official blog
大猫的无限游戏
大猫的无限游戏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
aimingoo的专栏
aimingoo的专栏
Simon Willison's Weblog
Simon Willison's Weblog
S
Securelist
Help Net Security
Help Net Security
B
Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Security Archives - TechRepublic
Security Archives - TechRepublic
云风的 BLOG
云风的 BLOG
The GitHub Blog
The GitHub Blog
N
News and Events Feed by Topic
Hacker News: Ask HN
Hacker News: Ask HN
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
M
MIT News - Artificial intelligence
雷峰网
雷峰网
博客园 - 司徒正美
V
V2EX
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
N
News | PayPal Newsroom
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
PCI Perspectives
PCI Perspectives
Google DeepMind News
Google DeepMind News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
P
Palo Alto Networks Blog
G
Google Developers Blog
T
Threat Research - Cisco Blogs
博客园 - Franky
I
InfoQ
D
DataBreaches.Net
爱范儿
爱范儿
Y
Y Combinator Blog
博客园 - 叶小钗
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
docs: improve 2026.4.23 release docs · openclaw/openclaw@b2352c3
steipete · 2026-04-25 · via Recent Commits to openclaw:main
Original file line numberDiff line numberDiff line change

@@ -9,6 +9,16 @@ title: "Chat channels"

99

OpenClaw can talk to you on any chat app you already use. Each channel connects via the Gateway.

1010

Text is supported everywhere; media and reactions vary by channel.

1111
12+

## Delivery notes

13+
14+

- Telegram replies that contain markdown image syntax, such as `![alt](url)`,

15+

are converted into media replies on the final outbound path when possible.

16+

- Slack multi-person DMs route as group chats, so group policy, mention

17+

behavior, and group-session rules apply to MPIM conversations.

18+

- WhatsApp setup is install-on-demand: onboarding can show the setup flow before

19+

Baileys runtime dependencies are staged, and the Gateway loads the WhatsApp

20+

runtime only when the channel is actually active.

21+
1222

## Supported channels

1323
1424

- [BlueBubbles](/channels/bluebubbles)**Recommended for iMessage**; uses the BlueBubbles macOS server REST API with full feature support (bundled plugin; edit, unsend, effects, reactions, group management — edit currently broken on macOS 26 Tahoe).

Original file line numberDiff line numberDiff line change

@@ -461,6 +461,10 @@ Two built-in tools can make persistent control-plane changes:

461461

The owner-only `gateway` runtime tool still refuses to rewrite

462462

`tools.exec.ask` or `tools.exec.security`; legacy `tools.bash.*` aliases are

463463

normalized to the same protected exec paths before the write.

464+

Agent-driven `gateway config.apply` and `gateway config.patch` edits are

465+

fail-closed by default: only a narrow set of prompt, model, and mention-gating

466+

paths are agent-tunable. New sensitive config trees are therefore protected

467+

unless they are deliberately added to the allowlist.

464468
465469

For any agent/surface that handles untrusted content, deny these by default:

466470

@@ -843,6 +847,10 @@ Plaintext `ws://` is loopback-only by default. For trusted private-network

843847

paths, set `OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1` on the client process as

844848

break-glass. This is intentionally process environment only, not an

845849

`openclaw.json` config key.

850+

Mobile pairing and Android manual or scanned gateway routes are stricter:

851+

cleartext is accepted for loopback, but private-LAN, link-local, `.local`, and

852+

dotless hostnames must use TLS unless you explicitly opt into the trusted

853+

private-network cleartext path.

846854
847855

Local device pairing:

848856
Original file line numberDiff line numberDiff line change

@@ -71,6 +71,18 @@ ReadWritePaths=/var/lib/openclaw /home/openclaw/.openclaw /tmp

7171

If `OPENCLAW_PLUGIN_STAGE_DIR` is not set, OpenClaw uses `$STATE_DIRECTORY` when

7272

systemd provides it, then falls back to `~/.openclaw/plugin-runtime-deps`.

7373
74+

### Bundled plugin runtime dependencies

75+
76+

Packaged installs keep bundled plugin runtime dependencies out of the read-only

77+

package tree. On startup and during `openclaw doctor --fix`, OpenClaw repairs

78+

runtime dependencies only for bundled plugins that are active in config, active

79+

through legacy channel config, or enabled by their bundled manifest default.

80+
81+

Explicit disablement wins. A disabled plugin or channel does not get its

82+

runtime dependencies repaired just because it exists in the package. External

83+

plugins and custom load paths still use `openclaw plugins install` or

84+

`openclaw plugins update`.

85+
7486

## Auto-updater

7587
7688

The auto-updater is off by default. Enable it in `~/.openclaw/openclaw.json`:

Original file line numberDiff line numberDiff line change

@@ -15,6 +15,15 @@ OpenAI provides developer APIs for GPT models. OpenClaw supports three OpenAI-fa

1515
1616

OpenAI explicitly supports subscription OAuth usage in external tools and workflows like OpenClaw.

1717
18+

## Quick choice

19+
20+

| Goal | Use | Notes |

21+

| --------------------------------------------- | -------------------------------------------------------- | ---------------------------------------------------------------------------- |

22+

| Direct API-key billing | `openai/gpt-5.4` | Set `OPENAI_API_KEY` or run OpenAI API-key onboarding. |

23+

| GPT-5.5 with ChatGPT/Codex subscription auth | `openai-codex/gpt-5.5` | Default PI route for Codex OAuth. Best first choice for subscription setups. |

24+

| GPT-5.5 with native Codex app-server behavior | `openai/gpt-5.5` plus `embeddedHarness.runtime: "codex"` | Uses the Codex app-server harness, not the public OpenAI API route. |

25+

| Image generation or editing | `openai/gpt-image-2` | Works with either `OPENAI_API_KEY` or OpenAI Codex OAuth. |

26+
1827

<Note>

1928

GPT-5.5 is currently available in OpenClaw through subscription/OAuth routes:

2029

`openai-codex/gpt-5.5` with the PI runner, or `openai/gpt-5.5` with the

@@ -200,6 +209,14 @@ Choose your preferred auth method and follow the setup steps.

200209

Use `contextWindow` to declare native model metadata. Use `contextTokens` to limit the runtime context budget.

201210

</Note>

202211
212+

### Catalog recovery

213+
214+

OpenClaw uses upstream Codex catalog metadata for `gpt-5.5` when it is

215+

present. If live Codex discovery omits the `openai-codex/gpt-5.5` row while

216+

the account is authenticated, OpenClaw synthesizes that OAuth model row so

217+

cron, sub-agent, and configured default-model runs do not fail with

218+

`Unknown model`.

219+
203220

</Tab>

204221

</Tabs>

205222
Original file line numberDiff line numberDiff line change

@@ -44,6 +44,21 @@ image endpoints remain blocked by default.

4444
4545

The agent calls `image_generate` automatically. No tool allow-listing needed — it's enabled by default when a provider is available.

4646
47+

## Common routes

48+
49+

| Goal | Model ref | Auth |

50+

| ---------------------------------------------------- | -------------------------------------------------- | ------------------------------------ |

51+

| OpenAI image generation with API billing | `openai/gpt-image-2` | `OPENAI_API_KEY` |

52+

| OpenAI image generation with Codex subscription auth | `openai/gpt-image-2` | OpenAI Codex OAuth |

53+

| OpenRouter image generation | `openrouter/google/gemini-3.1-flash-image-preview` | `OPENROUTER_API_KEY` |

54+

| Google Gemini image generation | `google/gemini-3.1-flash-image-preview` | `GEMINI_API_KEY` or `GOOGLE_API_KEY` |

55+
56+

The same `image_generate` tool handles text-to-image and reference-image

57+

editing. Use `image` for one reference or `images` for multiple references.

58+

Provider-supported output hints such as `quality`, `outputFormat`, and

59+

OpenAI-specific `background` are forwarded when available and reported as

60+

ignored when a provider does not support them.

61+
4762

## Supported providers

4863
4964

| Provider | Default model | Edit support | Auth |

Original file line numberDiff line numberDiff line change

@@ -75,6 +75,19 @@ higher-quality model. You can configure this via `agents.defaults.subagents.mode

7575

overrides. When a child genuinely needs the requester's current transcript, the agent can request

7676

`context: "fork"` on that one spawn.

7777
78+

## Context modes

79+
80+

Native sub-agents start isolated unless the caller explicitly asks to fork the

81+

current transcript.

82+
83+

| Mode | When to use it | Behavior |

84+

| ---------- | -------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------- |

85+

| `isolated` | Fresh research, independent implementation, slow tool work, or anything that can be briefed in the task text | Creates a clean child transcript. This is the default and keeps token use lower. |

86+

| `fork` | Work that depends on the current conversation, prior tool results, or nuanced instructions already present in the requester transcript | Branches the requester transcript into the child session before the child starts. |

87+
88+

Use `fork` sparingly. It is for context-sensitive delegation, not a replacement

89+

for writing a clear task prompt.

90+
7891

## Tool

7992
8093

Use `sessions_spawn`: