OpenClaw LogoOpenClaw AI News
Releasesecurityextensions

clawdbot 2026.1.16-2

7 min read

openclaw/openclaw released version v2026.1.16-2. This release includes breaking changes. Key updates: Hooks: add hooks system with bundled hooks, CLI tooling, and docs. (#1028) — thanks @ThomsenDrake. https://docs.clawd.bot/hooks; Media: add inbound media understanding (image/audio/video) with pr...

Highlights

  • Hooks: add hooks system with bundled hooks, CLI tooling, and docs. (#1028) — thanks @ThomsenDrake. https://docs.clawd.bot/hooks
  • Media: add inbound media understanding (image/audio/video) with provider + CLI fallbacks. https://docs.clawd.bot/nodes/media-understanding
  • Plugins: add Zalo Personal plugin (@clawdbot/zalouser) and unify channel directory for plugins. (#1032) — thanks @suminhthanh. https://docs.clawd.bot/plugins/zalouser
  • Models: add Vercel AI Gateway auth choice + onboarding updates. (#1016) — thanks @timolins. https://docs.clawd.bot/providers/vercel-ai-gateway
  • Sessions: add session.identityLinks for cross-platform DM session li nking. (#1033) — thanks @thewilloftheshadow. https://docs.clawd.bot/concepts/session
  • Web search: add country/language parameters (schema + Brave API) and docs. (#1046) — thanks @YuriNachos. https://docs.clawd.bot/tools/web

Breaking

  • BREAKING: clawdbot message and message tool now require target (dropping to/channelId for destinations). (#1034) — thanks @tobalsan.
  • BREAKING: Channel auth now prefers config over env for Discord/Telegram/Matrix (env is fallback only). (#1040) — thanks @thewilloftheshadow.
  • BREAKING: Drop legacy chatType: "room" support; use chatType: "channel".
  • BREAKING: remove legacy provider-specific target resolution fallbacks; target resolution is centralized with plugin hints + directory lookups.
  • BREAKING: clawdbot hooks is now clawdbot webhooks; hooks live under clawdbot hooks. https://docs.clawd.bot/cli/webhooks
  • BREAKING: clawdbot plugins install <path> now copies into ~/.clawdbot/extensions (use --link to keep path-based loading).

Changes

  • Plugins: ship bundled plugins disabled by default and allow overrides by installed versions. (#1066) — thanks @ItzR3NO.
  • Plugins: add bundled Antigravity + Gemini CLI OAuth + Copilot Proxy provider plugins. (#1066) — thanks @ItzR3NO.
  • Tools: improve web_fetch extraction using Readability (with fallback).
  • Tools: add Firecrawl fallback for web_fetch when configured.
  • Tools: send Chrome-like headers by default for web_fetch to improve extraction on bot-sensitive sites.
  • Tools: Firecrawl fallback now uses bot-circumvention + cache by default; remove basic HTML fallback when extraction fails.
  • Tools: default exec exit notifications and auto-migrate legacy tools.bash to tools.exec.
  • Tools: add exec PTY support for interactive sessions. https://docs.clawd.bot/tools/exec
  • Tools: add tmux-style process send-keys and bracketed paste helpers for PTY sessions.
  • Tools: add process submit helper to send CR for PTY sessions.
  • Tools: respond to PTY cursor position queries to unblock interactive TUIs.
  • Tools: include tool outputs in verbose mode and expand verbose tool feedback.
  • Skills: update coding-agent guidance to prefer PTY-enabled exec runs and simplify tmux usage.
  • TUI: refresh session token counts after runs complete or fail. (#1079) — thanks @d-ploutarchos.
  • Status: trim /status to current-provider usage only and drop the OAuth/token block.
  • Directory: unify clawdbot directory across channels and plugin channels.
  • UI: allow deleting sessions from the Control UI.
  • Skills: add user-invocable skill commands and expanded skill command registration.
  • Telegram: default reaction level to minimal and enable reaction notifications by default.
  • Telegram: allow reply-chain messages to bypass mention gating in groups. (#1038) — thanks @adityashaw2.
  • iMessage: add remote attachment support for VM/SSH deployments.
  • Messages: refresh live directory cache results when resolving targets.
  • Messages: mirror delivered outbound text/media into session transcripts. (#1031) — thanks @TSavo.
  • Messages: avoid redundant sender envelopes for iMessage + Signal group chats. (#1080) — thanks @tyler6204.
  • Media: normalize Deepgram audio upload bytes for fetch compatibility.
  • Cron: isolated cron jobs now start a fresh session id on every run to prevent context buildup.
  • Docs: add /help hub, Node/npm PATH guide, and expand directory CLI docs.
  • Config: support env var substitution in config values. (#1044) — thanks @sebslight.
  • Health: add per-agent session summaries and account-level health details, and allow selective probes. (#1047) — thanks @gumadeiras.
  • Hooks: add hook pack installs (npm/path/zip/tar) with clawdbot.hooks manifests and clawdbot hooks install/update.
  • Plugins: add zip installs and --link to avoid copying local paths.

Fixes

  • macOS: drain subprocess pipes before waiting to avoid deadlocks. (#1081) — thanks @thesash.
  • Verbose: wrap tool summaries/output in markdown only for markdown-capable channels.
  • Telegram: accept tg/group/telegram prefixes + topic targets for inline button validation. (#1072) — thanks @danielz1z.
  • Telegram: split long captions into follow-up messages.
  • Config: block startup on invalid config, preserve best-effort doctor config, and keep rolling config backups. (#1083) — thanks @mukhtharcm.
  • Sub-agents: normalize announce delivery origin + queue bucketing by accountId to keep multi-account routing stable. (#1061, #1058) — thanks @adam91holt.
  • Sessions: include deliveryContext in sessions.list and reuse normalized delivery routing for announce/restart fallbacks. (#1058)
  • Sessions: propagate deliveryContext into last-route updates to keep account/channel routing stable. (#1058)
  • Sessions: preserve overrides on /new reset.
  • Memory: prevent unhandled rejections when watch/interval sync fails. (#1076) — thanks @roshanasingh4.
  • Memory: avoid gateway crash when embeddings return 429/insufficient_quota (disable tool + surface error). (#1004)
  • Gateway: honor explicit delivery targets without implicit accountId fallback; preserve lastAccountId for implicit routing.
  • Gateway: avoid reusing last-to/accountId when the requested channel differs; sync deliveryContext with last route fields.
  • Build: allow @lydell/node-pty builds on supported platforms.
  • Repo: fix oxlint config filename and move ignore pattern into config. (#1064) — thanks @connorshea.
  • Messages: /stop now hard-aborts queued followups and sub-agent runs; suppress zero-count stop notes.
  • Messages: honor message tool channel when deduping sends.
  • Messages: include sender labels for live group messages across channels, matching queued/history formatting. (#1059)
  • Sessions: reset compactionCount on /new and /reset, and preserve sessions.json file mode (0600).
  • Sessions: repair orphaned user turns before embedded prompts.
  • Sessions: hard-stop sessions.delete cleanup.
  • Channels: treat replies to the bot as implicit mentions across supported channels.
  • Channels: normalize object-format capabilities in channel capability parsing.
  • Security: default-deny slash/control commands unless a channel computed CommandAuthorized (fixes accidental “open” behavior), and ensure WhatsApp + Zalo plugin channels gate inline /… tokens correctly. https://docs.clawd.bot/gateway/security
  • Security: redact sensitive text in gateway WS logs.
  • Tools: cap pending exec process output to avoid unbounded buffers.
  • CLI: speed up clawdbot sandbox-explain by avoiding heavy plugin imports when normalizing channel ids.
  • Browser: remote profile tab operations prefer persistent Playwright and avoid silent HTTP fallbacks. (#1057) — thanks @mukhtharcm.
  • Browser: remote profile tab ops follow-up: shared Playwright loader, Playwright-based focus, and more coverage (incl. opt-in live Browserless test). (follow-up to #1057) — thanks @mukhtharcm.
  • Browser: refresh extension relay tab metadata after navigation so /json/list stays current. (#1073) — thanks @roshanasingh4.
  • WhatsApp: scope self-chat response prefix; inject pending-only group history and clear after any processed message.
  • WhatsApp: include linked field in describeAccount.
  • Agents: drop unsigned Gemini tool calls and avoid JSON Schema format keyword collisions.
  • Agents: hide the image tool when the primary model already supports images.
  • Agents: avoid duplicate sends by replying with NO_REPLY after message tool sends.
  • Auth: inherit/merge sub-agent auth profiles from the main agent.
  • Gateway: resolve local auth for security probe and validate gateway token/password file modes. (#1011, #1022) — thanks @ivanrvpereira, @kkarimi.
  • Signal/iMessage: bound transport readiness waits to 30s with periodic logging. (#1014) — thanks @Szpadel.
  • iMessage: avoid RPC restart loops.
  • OpenAI image-gen: handle URL + b64_json responses and remove deprecated response_format (use URL downloads).
  • CLI: auto-update global installs when installed via a package manager.
  • Routing: migrate legacy accountID bindings to accountId and remove legacy fallback lookups. (#1047) — thanks @gumadeiras.
  • Discord: truncate skill command descriptions to 100 chars for slash command limits. (#1018) — thanks @evalexpr.
  • Security: bump tar to 7.5.3.
  • Models: align ZAI thinking toggles.
  • iMessage/Signal: include sender metadata for non-queued group messages. (#1059)
  • Discord: preserve whitespace when chunking long lines so message splits keep spacing intact.
  • Skills: fix skills watcher ignored list typing (tsc).

Tags

#release#breaking-change#ai#chatgpt#breaking-change

Sources

Related Releases