OpenClaw 4.7

Inference Hub, Memory Wiki & Enhanced Security

CLI
Inference Hub
WIKI
Memory Restored
50+
Security Fixes
NEW
Media Fallback

OpenClaw ยท Released April 2026 ยท v2026.4.7 ยท github.com/openclaw/openclaw

๐Ÿš€ OpenClaw Infer โ€” Unified Inference Hub

First-Class CLI for Provider-Backed Workflows

โšก New openclaw infer command unifies model, media, web, and embedding tasks across all configured providers with automatic fallback and capability detection.

๐Ÿค– Model Inference

Run any configured model from CLI with streaming, reasoning control, and multi-turn conversations.

๐ŸŽจ Media Generation

Generate images, music, and video with auto-fallback across providers, size/aspect remapping, and video-to-video support.

๐ŸŒ Web Search

Unified web search interface with configured provider fallback and consistent result formatting.

๐Ÿ” Embeddings

Generate embeddings for semantic search and RAG workflows with provider-agnostic interface.

Thanks @Takhoffman ยท Preserves intent during provider switches ยท Auto-remaps hints to closest supported options

๐Ÿ“š Memory Wiki Restored

Structured Knowledge Management with Claim Health & Freshness

๐Ÿง  Bundled memory-wiki stack returns with plugin, CLI, sync/query/apply tooling, structured claim/evidence fields, and freshness-weighted search.

๐Ÿ“ Structured Claims

Store knowledge as claims with evidence, sources, and confidence levels. Compiled digest retrieval for fast access.

๐Ÿ” Smart Search

Freshness-weighted search prioritizes recent knowledge. Contradiction clustering detects conflicting claims.

๐Ÿฅ Health Monitoring

Claim-health linting identifies stale, unsupported, or contradictory knowledge. Staleness dashboards track decay.

๐Ÿ”„ Memory Host Integration

Seamless integration with memory-host for unified recall across wiki and daily notes.

Thanks @vincentkoc ยท CLI: openclaw memory wiki ยท Replaces deprecated memory-wiki plugin

๐Ÿ”Œ Webhook Ingress Plugin

External Automation Meets TaskFlows

๐ŸŒ Bundled webhook plugin lets external systems create and drive bound TaskFlows through per-route shared-secret endpoints.

๐Ÿ” Secure Endpoints

Per-route shared secrets protect webhook endpoints. No public exposure without explicit configuration.

๐Ÿ”„ TaskFlow Binding

Webhooks can create, resume, and drive TaskFlow sessions with full context preservation.

๐ŸŽฏ Route Flexibility

Configure multiple webhook routes with different secrets, agents, and TaskFlow templates.

๐Ÿ“Š Event Tracking

Built-in logging and monitoring for webhook invocations, failures, and TaskFlow state transitions.

Thanks @mbelinky ยท PR #61892 ยท Enables GitHub Actions, CI/CD, and external tool integration

๐Ÿ’พ Session Compaction Checkpoints

Inspect & Restore Pre-Compaction State

โช Persisted compaction checkpoints + Sessions UI branch/restore actions let operators recover pre-compaction session state.

๐Ÿ“ธ Checkpoint Snapshots

Automatic snapshots before each compaction. Full conversation history preserved for recovery.

๐ŸŒณ Branch & Restore

Sessions UI shows compaction points. Branch from any checkpoint or restore to previous state.

๐Ÿ” Inspection Tools

View full pre-compaction context, compare before/after, and audit what was summarized.

๐Ÿ”ง Pluggable Providers

New compaction provider registry lets plugins replace built-in summarization pipeline.

Thanks @scoootscooob, @DhruvBhatia0 ยท PR #62146, #56224 ยท Configure via agents.defaults.compaction.provider

๐Ÿง  Memory Dreaming (4.5)

Weighted Recall Promotion & Conceptual Tagging

๐Ÿ’ญ Experimental dreaming system promotes short-term memories to long-term storage with three cooperative phases: Light Sleep, Deep Sleep, and REM.
๐Ÿ’ค
Light Sleep
Quick scan of recent daily notes. Identifies candidates for promotion.
๐ŸŒ™
Deep Sleep
Consolidates related memories. Groups nearby daily-note lines into coherent chunks.
๐ŸŒ€
REM
Extracts lasting truths. Writes to MEMORY.md with evidence and confidence.

โš™๏ธ Configurable Aging

Tune recencyHalfLifeDays and maxAgeDays to control recall decay and memory retention.

๐Ÿ“– Dream Diary

New Dreams UI surface shows dreaming trail in dreams.md. Preview REM staging with promote-explain.

Thanks @vignesh07, @davemorin ยท PR #60569, #60697 ยท CLI: /dreaming ยท Replaces competing dreaming modes

๐ŸŽจ Media Generation (4.5)

Video, Music & Multi-Provider Support

๐ŸŽฌ Built-in video_generate and music_generate tools with bundled providers: Google Lyria, MiniMax, ComfyUI, xAI, Alibaba Wan, and Runway.

๐ŸŽฅ Video Generation

  • xAI grok-imagine-video
  • Alibaba Model Studio Wan
  • Runway Gen-3
  • ComfyUI workflows
  • Video-to-video support

๐ŸŽต Music Generation

  • Google Lyria (bundled)
  • MiniMax Music
  • ComfyUI workflows
  • Async task tracking
  • Follow-up delivery

๐Ÿ–ผ๏ธ ComfyUI Plugin

  • Local & Comfy Cloud
  • Workflow-backed generation
  • Reference image upload
  • Live tests & output download

Auto-fallback across providers ยท Async completion with direct-send option ยท Unsupported hints ignored with warning

๐ŸŒ New Providers (4.5)

Expanded Model & Service Support

๐Ÿค– Chat Providers

  • Qwen โ€” Alibaba's flagship models
  • Fireworks AI โ€” Fast inference platform
  • StepFun โ€” Chinese AI provider
  • Arcee AI โ€” Trinity catalog + OpenRouter
  • Amazon Bedrock โ€” Mantle support + auto-region

๐Ÿ” Search & Speech

  • Ollama Web Search โ€” Local search integration
  • MiniMax Search โ€” Chinese search provider
  • MiniMax TTS โ€” Text-to-speech
  • Exa Search โ€” Now visible in onboarding

โ˜๏ธ Bedrock Enhancements

  • Inference-profile discovery
  • Automatic request-region injection
  • Claude, GPT-OSS, Qwen, Kimi, GLM support
  • Reduced manual setup

๐Ÿ”ข Bedrock Embeddings

  • Titan, Cohere, Nova, TwelveLabs
  • AWS credential-chain auto-detection
  • Provider-specific dimension controls

Thanks @wirjo, @arthurbr11, @eyjohn, @romgenie, @BruceMacD ยท Ollama vision capability auto-detection

๐Ÿ” Security Hardening (4.7)

50+ Security Fixes Across Attack Surfaces

๐Ÿ›ก๏ธ Major security release addressing SSRF, privilege escalation, token theft, and injection vulnerabilities across gateway, exec, browser, and channel plugins.

๐Ÿšซ Exec Hardening

  • Block dangerous env overrides (Java, Rust, Cargo, Git, K8s, cloud creds)
  • Require owner auth for /allowlist changes
  • Fix Windows cmd.exe wrapper approval bypass
  • Block config.apply writes to exec approval paths

๐ŸŒ SSRF Protection

  • Drop request bodies on cross-origin 307/308 redirects
  • Treat main-frame redirects as navigations for private-network blocking
  • MS Teams file-consent upload URL validation
  • Enforce byte limits before base64 decode

๐Ÿ”‘ Auth & Pairing

  • Invalidate stale WebSocket sessions on secret rotation
  • Require fresh pairing for nodes with new commands
  • Block cross-device token theft in pairing sessions
  • Fail closed on missing gateway pairing scopes

๐Ÿ”Œ Plugin Security

  • Block persistent browser profile mutations via node.invoke
  • Verify ClawHub plugin SHA-256 before install
  • Block remote marketplace symlink escapes
  • Keep plugin routes on write-only scopes

Thanks @eleqtrizit, @pgondhi987, @obviyus, @ngutman ยท PRs #59119, #62002, #62291, #62357, #62355, #60489, #62658, #62350

๐ŸŽฏ Claude CLI Security (4.5)

Backdoor Session Hardening

๐Ÿ”’ Multiple security fixes prevent OpenClaw-launched Claude CLI sessions from being hijacked or redirected to attacker-controlled contexts.

๐Ÿšซ Config Isolation

Clear inherited CLAUDE_CONFIG_DIR and CLAUDE_CODE_PLUGIN_* env vars so CLI runs can't be pointed at alternate config/plugin trees with different hooks or auth.

๐Ÿ” Provider Routing

Clear provider-routing and managed-auth env overrides. Mark runs as host-managed to prevent silent redirection to proxy, Bedrock, Vertex, or Foundry.

๐Ÿ“ Settings Sources

Force --setting-sources user even under custom backend args, blocking repo-local .claude project/local settings, hooks, and plugin discovery.

โš™๏ธ Permission Mode

Treat malformed bare --permission-mode overrides as missing and fail safe to bypassPermissions, preventing flag consumption bugs.

Thanks @vincentkoc ยท Prevents backdoor session hijacking ยท Applies to all OpenClaw-launched Claude CLI runs

๐Ÿ“ฑ Mobile & Platform (4.5)

iOS Exec Approvals, Matrix Support & UI Improvements

๐Ÿ“ฒ iOS Exec Approvals

  • Generic APNs approval notifications
  • In-app exec approval modal
  • Works while iPhone locked/backgrounded
  • Apple Watch review & approval recovery
  • Notification cleanup on resolution

๐Ÿ’ฌ Matrix Enhancements

  • Native exec approval prompts
  • Account-scoped approvers
  • Channel-or-DM delivery
  • Room-thread aware resolution
  • Auto-join setup with opt-in warnings

๐ŸŒ Control UI i18n

  • Simplified Chinese (zh-CN)
  • Traditional Chinese (zh-TW)
  • Brazilian Portuguese (pt-BR)
  • German, Spanish, Japanese, Korean
  • French, Turkish, Indonesian, Polish, Ukrainian

๐ŸŽจ UI Improvements

  • Per-session thinking-level picker
  • Stop button visible during tool execution
  • ClawHub search in Skills panel
  • Light mode scrollbar fixes

Thanks @ngutman, @gumadeiras, @vincentkoc, @samzong, @chziyue ยท PR #60239, #58635, #60134

โšก Performance & Stability

Prompt Caching, Provider Fixes & Channel Improvements

๐Ÿ’พ Prompt Cache Optimization

  • More reusable prefixes across transport fallback
  • Deterministic MCP tool ordering
  • Normalized system-prompt fingerprints
  • Embedded image history support
  • openclaw status --verbose cache diagnostics

๐Ÿค– Provider Improvements

  • GPT-5 lower-verbosity defaults & visible progress
  • Claude thinking blocks preserved for 4.5+ models
  • Gemma 4 support with reasoning compatibility
  • Mistral Small 4 reasoning_effort support
  • Ollama multi-endpoint streaming fix

๐Ÿ’ฌ Channel Fixes

  • Telegram: DM voice transcription restored
  • Discord: Reply tags, video splits, voice recovery
  • Slack: DM routing, thread stickiness
  • WhatsApp: Reconnect watchdog reset
  • Matrix: Secret storage recovery, DM sessions

๐Ÿ”ง Platform Stability

  • Gateway PID recycling detection (Windows/macOS)
  • macOS LaunchAgent recovery on restart
  • Windows scheduled task reinstall preservation
  • Docker/Podman auto-bind to 0.0.0.0
  • Node 22 undici HTTP/2 compatibility fix

Thanks @bcherny, @vincentkoc, @neeravmakwana, @sfuminya, @afurm, @MonkeyLeeT, @gumadeiras, @zozo123

๐ŸŽ“ Key Takeaways

OpenClaw 4.7 โ€” Production-ready inference hub, restored memory wiki, and comprehensive security hardening.
OpenClaw 4.5 โ€” Media generation (video/music), dreaming system, 12 UI languages, and mobile exec approvals.

๐Ÿš€ For Developers

  • Use openclaw infer for unified inference workflows
  • Enable memory wiki for structured knowledge management
  • Configure webhook endpoints for CI/CD integration
  • Review security updates and update exec policies

๐ŸŽจ For Creators

  • Generate videos with xAI, Runway, or Alibaba Wan
  • Create music with Google Lyria or MiniMax
  • Use ComfyUI workflows for custom media pipelines
  • Enable dreaming for automatic memory consolidation

๐Ÿ“ฆ Upgrade: npm install -g openclaw@latest

Release Notes: v2026.4.7 ยท v2026.4.5
Twitter: @openclaw announcement