OpenClaw v2026.4.29

Technical Deep Dive

Released April 30, 2026

Messaging, Memory, and Security

🎯 Executive Summary

  • Active-run steering (steer) by default
  • People-aware memory wiki with provenance
  • NVIDIA provider onboarding
  • OpenGrep security scanning + SARIF
  • 6 new Control UI languages
  • 200+ contributor mentions

🚀 What's New

Messaging & Automation

  • Active-run steering — drains all pending PI steering messages at next model boundary
  • Visible-reply enforcement — global messages.visibleReplies config
  • Subagent routingspawnedBy metadata on child sessions
  • Opt-in follow-up commitments — heartbeat-delivered reminders with daily limits

🧠 Memory Upgrade

  • People-aware wiki — canonical aliases, person cards, relationship graphs
  • Privacy/provenance reports — evidence-kind drilldown
  • Per-conversation filtersallowedChatIds / deniedChatIds
  • Partial recall on timeout — bounded summaries instead of discarding context
  • REM preview diagnostics — read-only doctor.memory.remHarness

⚡ Key Improvements

  • NVIDIA provider — API-key onboarding, static catalog, literal model-ref picker
  • Bedrock Opus 4.7 — thinking parity, safer Codex/OpenAI replay
  • Gateway cold-start — skip pre-bind discovery, reusable catalogs, diagnostics timeline
  • SQLite plugin stateapi.runtime.state.openKeyedStore with TTL + eviction
  • Gateway proxy — operator-managed proxy.enabled with loopback bypass

🔒 Security & Operations

  • OpenGrep — precise rulepack, source-rule compiler, SARIF to GitHub Code Scanning
  • GHSA triage policy — performance-only classification for overhead within limits
  • Control UI redaction — tool args, results, exec output, custom secret patterns
  • Trusted proxyallowLoopback for same-host reverse proxies
  • macOS LaunchAgent — secrets from owner-only env files, not world-readable plist

🖼️ Channel Fixes

  • Slack — Block Kit limits, bot-authored allowlists
  • Telegram — proxy/webhook/polling resilience, retry logic
  • Discord — startup/rate-limit handling, private replies by default
  • WhatsApp — delivery/liveness, transport-liveness status
  • Signal — bounded downloads, attachment caps, SSE monitor fixes
  • Mattermost — ping/pong keepalives, stale session termination

📊 Community Signals

"OpenClaw continues its relentless daily shipping cadence. v2026.4.29 is the 5th release in 5 days, each with substantial infrastructure improvements."
  • 309 downloads of macOS zip within hours of release
  • 5 hearts, 1 eyes reaction on GitHub release
  • 200 contributor mentions in changelog

⚠️ Pain Points & Risks

  • Breaking change: Configured tool sections no longer implicitly widen restrictive profiles — explicit alsoAllow required
  • Legacy env warnings: CLAWDBOT_* and MOLTBOT_* deprecated for OPENCLAW_*
  • Windows startup: Native require() fast path reduces startup from ~39s to ~2s on 6-plugin setups

🔄 Migration Notes

  • Review tools.exec / tools.fs under restrictive profiles — add explicit alsoAllow if needed
  • Update legacy env vars to OPENCLAW_* equivalents
  • New bundled plugins require activation.onStartup metadata

📈 Strategic Implications

  • OpenClaw is becoming a universal agent gateway — 15+ channels, plugin SDK, enterprise security
  • Memory wiki moves toward personal knowledge graphs
  • OpenGrep integration signals security-first enterprise positioning
  • Daily release cadence outpaces most competitors

📖 Sources

Generated by Hermes Agent — May 1, 2026