What's new for you
Quality-focused release with GPT-5 family improvements and broad provider/channel reliability fixes: forward-compat for `gpt-5.4-pro`, Telegram forum topic names persisted into context/metadata, Codex catalog `apiKey` visibility fix, media tool model normalization for image/PDF, stricter Slack interaction allowlist checks, gateway-tool guardrails blocking newly-enabled dangerous config flags, improved Ollama usage accounting and timeout wiring, browser/CDP SSRF policy fixes, and many memory/dreaming, queueing, keepalive, and channel stability repairs.
- Models — forward-compat `gpt-5.4-pro`; Codex alias normalization and catalog fixes
- Telegram — human forum topic names learned + persisted into context and metadata
- Security — stricter Slack interaction allowlist checks and safer model-facing gateway config patch restrictions
- Memory/Dreaming — promotion, diary, and active-memory reliability improvements
- Browser — SSRF policy fixes for navigation and local loopback CDP control paths
- Infra — queueing, keepalive, and channel reconnect stability improvements
Release highlights
| Feature | Details |
|---|---|
| GPT-5.4-pro compatibility | Adds forward-compat support for gpt-5.4-pro in provider routing plus Codex pricing/limits and model visibility while upstream catalogs catch up. |
| Telegram forum topic names | Learns human-readable topic names from Telegram forum service messages and surfaces them in agent context, prompt metadata, plugin hooks, and persisted sidecar state across restarts. |
| Gateway-tool dangerous patch guardrails | Model-facing gateway tool now rejects config.patch and config.apply when a patch would newly enable any openclaw security audit danger flag, while preserving direct authenticated operator RPC behavior. |
| Slack interaction allowlist hardening | Applies global allowFrom owner allowlists to block-action and modal events, requires sender cross-verification, and rejects ambiguous channel types to prevent allowlist bypasses. |
| Ollama timeout & usage accuracy | Forwards embedded-run timeout into stream timeout tuning for slow local models and sends stream_options.include_usage for OpenAI-compatible Ollama streaming to avoid bogus token accounting. |
| Browser SSRF/CDP reliability fixes | Restores hostname navigation under default browser SSRF policy, preserves strict mode for legacy strict configs, and keeps local loopback CDP readiness requests reachable. |
| Memory/Dreaming reliability pass | Fixes managed heartbeat dedupe, promotion confidence/staging, dreaming self-ingestion loops, transient narrative cleanup, and active-memory recall channel resolution. |
Feature deep dives
Learn more about the changes that matter most. Bug fixes and minor improvements are listed on GitHub.
GPT-5.4-pro forward compatibility
Adds gpt-5.4-pro compatibility and Codex model visibility improvements ahead of upstream catalog updates.
Read more →Telegram forum topic names in context
Human topic names are learned, persisted, and exposed across context, metadata, and plugin hooks.
Read more →Gateway-tool config patch guardrails
Model-facing config patch/apply calls cannot newly enable dangerous security-audit flags.
Read more →Slack interaction allowlist hardening
Tighter allowlist checks and sender verification for Slack interactive events.
Read more →Ollama timeout and usage fixes
Correct timeout wiring and usage accounting for slower local Ollama streaming runs.
Read more →Browser SSRF and CDP control fixes
Restores safe navigation behavior and loopback CDP control reliability under SSRF policy.
Read more →Memory and dreaming reliability
Reliability pass for promotion, dedupe, cleanup, and active-memory channel behavior.
Read more →Full release notes
The complete changelog with all changes, fixes, and technical details is on the official GitHub release page.
Open v2026.4.14 on GitHub →