chore(deps): bump openclaw from 2026.3.11 to 2026.4.10

[dependabot]

Bumps openclaw from 2026.3.11 to 2026.4.10.

Release notes

Sourced from openclaw's releases.

openclaw 2026.4.10

2026.4.10

Changes

• Models/Codex: add the bundled Codex provider and plugin-owned app-server harness so codex/gpt-* models use Codex-managed auth, native threads, model discovery, and compaction while openai/gpt-* stays on the normal OpenAI provider path. (#64298)
• Memory/Active Memory: add a new optional Active Memory plugin that gives OpenClaw a dedicated memory sub-agent right before the main reply, so ongoing chats can automatically pull in relevant preferences, context, and past details without making users remember to manually say "remember this" or "search memory" first. Includes configurable message/recent/full context modes, live /verbose inspection, advanced prompt/thinking overrides for tuning, and opt-in transcript persistence for debugging. Docs: https://docs.openclaw.ai/concepts/active-memory. (#63286) Thanks @​Takhoffman.
• macOS/Talk: add an experimental local MLX speech provider for Talk Mode, with explicit provider selection, local utterance playback, interruption handling, and system-voice fallback. (#63539) Thanks @​ImLukeF.
• Tools/video generation: add Seedance 2.0 model refs to the bundled fal provider and submit the provider-specific duration, resolution, audio, and seed metadata fields needed for live Seedance 2.0 runs.
• Microsoft Teams: add message actions for pin, unpin, read, react, and listing reactions. (#53432) Thanks @​sudie-codes.
• QA/Matrix: add a live openclaw qa matrix lane backed by a disposable Matrix homeserver, shared live-transport seams, and Matrix-specific transport coverage for threading, reactions, restart, and allowlist behavior. (#64489) Thanks @​gumadeiras.
• QA/Telegram: add a live openclaw qa telegram lane for private-group bot-to-bot checks, harden its artifact handling, and preserve native Telegram command reply threading for QA verification. (#64303) Thanks @​obviyus.
• QA/testing: add a --runner multipass lane for openclaw qa suite so repo-backed QA scenarios can run inside a disposable Linux VM and write back the usual report, summary, and VM logs. (#63426) Thanks @​shakkernerd.
• CLI/exec policy: add a local openclaw exec-policy command with show, preset, and set subcommands for synchronizing requested tools.exec.* config with the local exec approvals file, plus follow-up hardening for node-host rejection, rollback safety, and sync conflict detection. (#64050)
• Gateway: add a commands.list RPC so remote gateway clients can discover runtime-native, text, skill, and plugin commands with surface-aware naming and serialized argument metadata. (#62656) Thanks @​samzong.
• Models/providers: add per-provider models.providers.*.request.allowPrivateNetwork for trusted self-hosted OpenAI-compatible endpoints, keep the opt-in scoped to model request surfaces, and refresh cached WebSocket managers when request transport overrides change. (#63671) Thanks @​qas.
• Feishu: standardize request user agents and register the bot as an AI agent so Feishu deployments identify OpenClaw consistently. (#63835) Thanks @​evandance.
• Matrix/partial streaming: add MSC4357 live markers to draft preview sends and edits so supporting Matrix clients can render a live/typewriter animation and stop it when the final edit lands. (#63513) Thanks @​TigerInYourDream.
• Control UI/dreaming: simplify the Scene and Diary surfaces, preserve unknown phase state for partial status payloads, and stabilize waiting-entry recency ordering so Dreaming status and review lists stay clear and deterministic. (#64035) Thanks @​davemorin.
• Agents: add an opt-in strict-agentic embedded Pi execution contract for GPT-5-family runs so plan-only or filler turns keep acting until they hit a real blocker. (#64241) Thanks @​100yenadmin.
• Agents/OpenAI: add provider-owned OpenAI/Codex tool schema compatibility and surface embedded-run replay/liveness state for long-running runs. (#64300) Thanks @​100yenadmin.
• Docs i18n: chunk raw doc translation, reject truncated tagged outputs, avoid ambiguous body-only wrapper unwrapping, and recover from terminated Pi translation sessions without changing the default openai/gpt-5.4 path. (#62969, #63808) Thanks @​hxy91819.

Fixes

• Browser/security: tighten browser and sandbox navigation defenses across strict SSRF defaults, hostname allowlists, interaction-driven redirects, subframes, CDP discovery, existing sessions, tab actions, noVNC, marker-span sanitization, and Docker CDP source-range enforcement. (#61404, #63332, #63882, #63885, #63889, #64367, #64370, #64371)
• Security/tools: harden exec preflight reads, host env denylisting, node output boundaries, outbound host-media reads, profile-mutation authorization, plugin install dependency scanning, ACPX tool hooks, Gmail watcher token redaction, and oversized realtime WebSocket frame handling. (#62333, #62661, #62662, #63277, #63551, #63553, #63886, #63890, #63891, #64459)
• OpenAI/Codex: add required Codex OAuth scopes, classify provider/runtime failures more clearly, stop suggesting /elevated full when auto-approved host exec is unavailable, add OpenAI/Codex tool-schema compatibility, and preserve embedded-run replay/liveness truth across compaction retries and mutating side effects. (#64300, #64439) Thanks @​100yenadmin.
• CLI/WhatsApp media sends: route gateway-mode outbound sends with --media through the channel sendMedia path and preserve media access context, so WhatsApp document and attachment sends stop silently dropping the file while still delivering the caption. (#64478, #64492) Thanks @​ShionEria.
• Microsoft Teams: restore media downloads for personal DMs, Bot Framework a: conversations, OneDrive/SharePoint shared files, and Graph-backed chat IDs; accept Bot Framework audience tokens; prevent feedback-learning filename collisions; keep long tool chains alive with typing indicators; add SSO sign-in callbacks; inject parent context for thread replies; and deliver cron announcements to Teams conversation IDs. (#54932, #55383, #55386, #58001, #58249, #58774, #59731, #60956, #62219, #62674, #63063, #63942, #63945, #63949, #63951, #63953, #64087, #64088, #64089)
• Gateway/tailscale: start Tailscale exposure and the gateway update check before awaiting channel and plugin sidecar startup so remote operators are not locked out when startup sidecars stall.
• Gateway/startup: keep WebSocket RPC available while channels and plugin sidecars start, hold chat.history unavailable until startup sidecars finish so synchronous history reads cannot stall startup (reported in #63450), refresh advertised gateway methods after deferred plugin reloads, and enforce the pre-auth WebSocket upgrade budget before the no-handler 503 path so upgrade floods cannot bypass connection limits during that window. (#63480) Thanks @​neeravmakwana.
• WhatsApp: keep inbound replies, media, composing indicators, and queued outbound deliveries attached to the current socket across reconnect gaps, including fresh retry-eligible sends after the listener comes back. (#30806, #46299, #62892, #63916) Thanks @​mcaxtr.
• Gateway/thread routing: preserve Slack, Telegram, Mattermost, Matrix, ACP, restart-sentinel, and agent announce delivery targets so subagent, cron, stream-relay, session fallback, and restart messages land back in the originating thread, topic, or room casing. (#54840, #57056, #63143, #63228, #63506, #64343, #64391)
• Models/fallback: preserve /models selection across transient primary-model failures and config reloads, allow timeout cooldown probes, classify OpenRouter no-endpoints responses, detect llama.cpp context overflows, and keep provider/runtime context metadata stable through reloads. (#61472, #64196, #64471)
• Agents/BTW: keep /btw side questions working after tool-use turns by stripping replayed tool blocks, hidden reasoning, and malformed image payloads, omitting empty tool arrays, allowing Bedrock auth: "aws-sdk", and routing Feishu /btw plus /stop through bounded out-of-band lanes. (#64218, #64219, #64225, #64324) Thanks @​ngutman.
• Control UI/BTW: render /btw side results as dismissible ephemeral cards in the browser, send /btw immediately during active runs, and clear stale BTW cards on reset flows so webchat matches the intended detached side-question behavior. (#64290) Thanks @​ngutman.
• Commands/targeting: use the selected agent or session for command output, send policy, usage/cost, context reports, model lists, bash sandbox hints, BTW/compact working directories, plugin commands, and session exports so multi-agent commands describe and mutate the intended target instead of the requester.
• Conversation bindings: normalize focused/current conversation ids, preserve binding metadata on account and Discord rebinds, avoid stale Discord lifecycle windows, and keep generic activity touches persisted so reply routing survives rebinds and restarts.
• iMessage/self-chat: distinguish normal DM outbound rows from true self-chat using destination_caller_id plus chat participants, preserve multi-handle self-chat aliases, drop ambiguous reflected echoes, and strip wrapped imsg RPC text fields. (#61619, #63868, #63980, #63989, #64000) Thanks @​neeravmakwana.
• Matrix: keep multi-account room scoping consistent, keep packaged crypto migrations warning-only when appropriate, preserve ordered block streaming, add explicit Matrix block-streaming opt-in, and resolve verification/bootstrap from the packaged runtime entry. (#58449, #59249, #59266, #64373) Thanks @​gumadeiras.
• Telegram/security: tighten Telegram allowFrom sender validation and keep /whoami allowlist reporting in sync with command auth checks.
• Agents/timeouts: extend the default LLM idle window to 120s and keep silent no-token idle timeouts on recovery paths, so slow models can retry or fall back before users see an error.
• Gateway/agents: preserve configured model selection and richer IDENTITY.md content across agent create/update flows and workspace moves, and fail safely instead of silently overwriting unreadable identity files. (#61577) Thanks @​samzong.
• Skills/TaskFlow: restore valid frontmatter fences for the bundled taskflow and taskflow-inbox-triage skills and copy bundled SKILL.md files as hard dist-runtime copies so skills stay discoverable and loadable after updates. (#64166, #64469) Thanks @​extrasmall0.
• Skills: respect overridden home directories when loading personal skills so service, test, and custom launch environments read the intended user skill directory instead of the process home.
• Windows/exec: settle supervisor waits from child exit state after stdout and stderr drain even when close never arrives, so CLI commands stop hanging or dying with forced SIGKILL on Windows. (#64072) Thanks @​obviyus.
• Browser/sandbox: prevent sandbox browser CDP startup hangs by recreating containers when the browser security hash changes and by waiting on the correct sandbox browser lifecycle. (#62873) Thanks @​Syysean.
• QQBot/streaming: make block streaming configurable per QQ bot account via streaming.mode ("partial" | "off", default "partial") instead of hardcoding it off, so responses can be delivered incrementally. (#63746)
• QQBot/config: allow extra fields in channels.qqbot and channels.qqbot.accounts.* so extended qqbot builds can add new config options without gateway startup failing on schema validation. (#64075) Thanks @​WideLee.

... (truncated)

Commits

• 44e5b62 fix(macos): harden shell executor timeouts
• 9a4a9a5 Heartbeat: spread interval runs across stable phases (#64560)
• e11d902 fix(ci): stop telegram debounce media leak
• df7e61b fix(ci): align compact count assertion
• 5b2888e test(install): pin smoke docker platform
• 421338f test(install): quiet smoke npm output
• 05659cf test: harden macOS Parallels permission check
• 896eb88 fix(ci): align target session alias fixture
• 0552124 fix(ci): stabilize agentic compact tests
• 1fb8a8c fix: prefer target entry for inline command dispatch
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for openclaw since your current version.

Install script changes

This version adds postinstall script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.