openclaw/openclaw ยท 3429 open PRs analyzed ยท 2026-02-23 18:17 UTC
Models: anthropic/claude-sonnet-4, google/gemini-2.0-flash-001, meta-llama/llama-3.1-70b-instruct, mistralai/mistral-large-latest, openai/gpt-4o
3429
PRs Analyzed
283
Duplicate Clusters
688
Duplicate PRs
79
Vision Drift Flags
๐ Duplicate Clusters
PRs grouped by semantic intent. Within each cluster, PRs are ranked by quality score โ #1 is the recommended merge candidate.
Fixes a bug where Slack bot replies in DMs would incorrectly be forced into a thread created by the typing indicator, ignoring the user's `replyToMode` setting.
#16871
fix(slack): respect replyToMode=off in statusThreadTs
@Limitless2023
5.7/10
โ Human Review
Fixes an issue where Telegram Premium users' DM topic replies were incorrectly sent to the top-level chat instead of the intended thread by removing an unnecessary guard that prevented the `message_thread_id` parameter from being included in DM requests.
Fixes a bug where cron jobs get permanently blocked after a timeout or crash by automatically clearing stale `runningAtMs` markers, allowing the job to resume scheduling after twice the job's timeout period.
#12443
fix(cron): don't advance past-due jobs that haven't been executed
@rummangeminicode
8.9/10
โ Consensus
#5
#17561
fix(cron): add runtime staleness guard for runningAtMs (#17554)
@robbyczgw-cla
8.5/10
โ Consensus
#6
#17643
fix: clear stale runningAtMs in cron.run to allow manual triggers
@MisterGuy420
8.4/10
โ Consensus
#7
#18192
fix(cron): auto-clear stale runningAtMs markers after timeout (#18120)
@BinHPdev
8.3/10
โ Consensus
#8
#17664
fix(cron): detect and clear stale runningAtMs marker in manual run (#17554)
@echoVic
8.2/10
โ Consensus
Fixes an issue where document messages sent via WhatsApp Web always had the filename 'file' regardless of the actual filename, by correctly passing the filename through the send pipeline.
7 duplicatesbugfix
area: WhatsApp Web ยท confidence: 86.0%
Rank
Pull Request
Quality
Review
โญ#1
#15650
fix(whatsapp): pass fileName to document sends instead of hardcoding 'file'
@whoknowsmann
9.1/10
โ Consensus
#2
#6566
fix: thread fileName through WhatsApp document send path
@giannisanni
9.0/10
โ Consensus
#3
#6566
fix: thread fileName through WhatsApp document send path
@giannisanni
9.0/10
โ Consensus
#4
#10889
fix: pass fileName through WhatsApp document send path
@DeveshParagiri
9.0/10
โ Consensus
#5
#16785
fix(whatsapp): preserve document filenames in outbound Baileys mode
@SahilSahu731
8.8/10
โ Consensus
#6
#9606
fix: pass fileName to WhatsApp document messages
@AytuncYildizli
8.2/10
โ Consensus
#7
#7458
fix: pass filename through to WhatsApp document sends (#7446)
@gavinbmoore
8.0/10
โ Consensus
Fixes a bug where Signal group IDs were being lowercased during target normalization, causing allowlist matching to fail because Signal group IDs are Base64 encoded and case-sensitive.
7 duplicatesbugfix
area: signal ยท confidence: 86.0%
Rank
Pull Request
Quality
Review
โญ#1
#12793
fix(signal): preserve case-sensitivity for group IDs, UUIDs, and usernames
@wilmerdooley1-star
9.4/10
โ Consensus
#2
#13640
fix(signal): preserve case-sensitive Base64 group IDs in target normalization
@Siauruk
9.4/10
โ Consensus
#3
#14462
fix(messaging): preserve case in target normalization fallback (#14263)
@lailoo
9.4/10
โ Consensus
#4
#10623
fix(signal): preserve case for Base64 group IDs in target normalization
@heyhudson
9.1/10
โ Consensus
#5
#16562
fix(signal): preserve case for group and username targets
@akalypse
9.1/10
โ Consensus
#6
#12698
Fix: preserve Signal group ID case during normalization
@hunsbea
9.0/10
โ Consensus
#7
#4573
fixed the bug: signal group base64 forced to lowercase
@jdainireda03-pixel
7.6/10
โ Consensus
Adds the `--ignore-scripts` flag to the `npm install` command during plugin installation to prevent supply chain attacks by preventing the execution of arbitrary lifecycle scripts from untrusted packages.
#8073
fix(plugins): add --ignore-scripts to npm install
@yubrew
9.4/10
โ Consensus
#2
#8600
fix(update): add --ignore-scripts to prevent supply chain attacks
@yubrew
9.3/10
โ Consensus
#3
#8075
fix(skills): add --ignore-scripts to all package managers
@yubrew
9.1/10
โ Consensus
#4
#10528
security: add --ignore-scripts to plugin and hook dependency installation
@abdelsfane
9.0/10
โ Consensus
#5
#11432
fix(security): add --ignore-scripts to npm install in hook and plugin installers
@coygeek
8.5/10
โ Human Review
#6
#13169
security: add --ignore-scripts to npm install during plugin/hook installation
@RamiNoodle733
8.5/10
โ Consensus
Adds a periodic retry mechanism with bounded exponential backoff to ensure subagent announce messages are eventually delivered, even if initial attempts fail due to temporary issues like gateway unavailability or race conditions.
Removes a false-positive billing error rewrite in `sanitizeUserFacingText` that was triggered on normal assistant responses discussing billing topics, affecting Telegram, Discord, and WhatsApp channels.
#17834
fix: remove false-positive billing error rewrite on normal assistant text
@niceysam
9.3/10
โ Consensus
#2
#11680
Agents: guard billing error detection with length check (#11649)
@lailoo
9.3/10
โ Consensus
#3
#12226
fix: remove billing error false-positive from sanitizeUserFacingText
@Yida-Dev
9.3/10
โ Consensus
#4
#12777
fix: prevent false positive billing error detection in sanitizeUserFacingText
@jpaine
9.2/10
โ Consensus
#5
#13467
fix(errors): prevent billing false positive in sanitizeUserFacingText
@lailoo
9.2/10
โ Consensus
#6
#12720
fix: prevent sanitizeUserFacingText false-positives on 402 in normal text
@zerone0x
9.1/10
โ Consensus
Fixes a race condition where sub-agent model overrides set via `sessions.patch` were sometimes ignored by the agent handler due to stale cached data, ensuring the handler uses the most up-to-date session information from the store.
#8398
Fix: preserve modelOverride in agent handler (#5369)
@CodeReclaimers
9.1/10
โ Consensus
#2
#8398
Fix: preserve modelOverride in agent handler (#5369)
@CodeReclaimers
9.1/10
โ Consensus
#3
#16340
fix: load model catalog from agent-specific directory for sub-agents
@Limitless2023
8.8/10
โ Consensus
#4
#16988
fix: always regenerate models.json from gateway config
@MisterGuy420
7.1/10
โ Consensus
#5
#13376
fix: pass model directly to agent for sub-agent runs
@jrbobbyhansen-pixel
6.7/10
โ Consensus
Fixes a bug where context token lookups could return incorrect context window sizes due to cross-provider model ID collisions by using only available models from configured providers.
#11647
fix(webchat): filter HEARTBEAT_OK messages from chat.history response
@liuxiaopai-ai
9.4/10
โ Consensus
#2
#11889
fix(chat): filter HEARTBEAT_OK messages in chat.history when showOk is false
@bendyclaw
9.4/10
โ Consensus
#3
#11859
fix: filter HEARTBEAT_OK messages from chat.history when showOk is false
@Zjianru
9.0/10
โ Consensus
#4
#11661
fix: Filter HEARTBEAT_OK from chat.history when showOk is false
@veast
8.8/10
โ Consensus
Fixes false positives in `sanitizeUserFacingText` by introducing an `errorContext` flag to ensure error-specific rewrites are only applied to actual error messages, preventing normal assistant replies from being incorrectly modified.
#11685
Agents: scope error rewrites in sanitizeUserFacingText behind errorContext flag (#11649)
@lailoo
9.1/10
โ Consensus
#2
#12052
fix: scope error-detection heuristics to error source in sanitizeUserFacingText
@skylarkoo7
9.1/10
โ Consensus
#3
#12702
fix: prevent sanitizeUserFacingText false-positives on assistant prose
@zerone0x
9.1/10
โ Consensus
#4
#13318
fix(agents): prevent sanitizeUserFacingText from rewriting conversational context overflow mentions
@hleliofficiel
8.4/10
โ Consensus
Fixes a bug in the cron scheduler where the timer callback would not fire for scheduled jobs due to incorrect timer clearing logic, and improves logging for debugging.
#12303
fix(cron): correct nextRunAtMs calculation and prevent timer stall
@colddonkey
9.0/10
โ Consensus
#2
#12131
fix(cron): ensure timer callback fires for scheduled jobs
@divol89
8.9/10
โ Consensus
#3
#12122
fix(cron): ensure timer callback fires for scheduled jobs
@divol89
8.8/10
โ Consensus
#4
#12086
fix(cron): ensure timer callback fires for scheduled jobs
@divol89
6.5/10
โ Consensus
Prevents the HEARTBEAT_OK token, an internal acknowledgement, from being incorrectly delivered to user channels, even when visibility.showOk is enabled.
#17009
fix(heartbeat): strip HEARTBEAT_OK from streaming during heartbeat runs
@arosstale
8.4/10
โ Human Review
#4
#17006
fix(heartbeat): skip delivery when showOk is false
@Limitless2023
7.3/10
โ Consensus
Fixes a bug where `dangerouslyDisableDeviceAuth` did not properly bypass device identity checks and cleared operator scopes, preventing the Control UI from functioning correctly.
#17572
fix: make dangerouslyDisableDeviceAuth bypass device identity checks
@gitwithuli
9.1/10
โ Consensus
#2
#17844
fix: preserve scopes when dangerouslyDisableDeviceAuth is enabled
@Maxymvs
8.2/10
โ Human Review
#3
#17605
fix: preserve scopes when disableControlUiDeviceAuth is enabled
@MisterGuy420
7.9/10
โ Consensus
#4
#17180
fix: preserve scopes when dangerouslyDisableDeviceAuth is enabled
@Limitless2023
6.6/10
โ Human Review
Skips the embedding provider check in `openclaw doctor` when the QMD memory backend is active, preventing a false positive warning.
4 duplicatesbugfix
area: doctor command ยท confidence: 90.0%
Rank
Pull Request
Quality
Review
โญ#1
#17295
fix(doctor): skip embedding provider check when QMD backend is active
@miloudbelarebia
9.4/10
โ Consensus
#2
#17360
fix(doctor): skip embedding provider check when memory backend is QMD
@nikhil8182
9.4/10
โ Consensus
#3
#17381
fix: skip embedding provider check in doctor when QMD backend is enabled
@Limitless2023
8.3/10
โ Consensus
#4
#17660
fix: skip embedding provider check in doctor when QMD backend is configured (#17263)
@echoVic
7.9/10
โ Consensus
Fixes a lost-update race condition in `updateSessionStoreEntry` and `updateLastRoute` by ensuring the session store is re-read from disk within the lock, preventing stale cached data from overwriting concurrent writes.
4 duplicatesbugfix
area: session store ยท confidence: 81.0%
Rank
Pull Request
Quality
Review
โญ#1
#10726
fix: re-read session store inside lock in updateLastRoute
@Yida-Dev
9.5/10
โ Consensus
#2
#10725
fix: re-read session store inside lock in updateSessionStoreEntry
@Yida-Dev
9.4/10
โ Consensus
#3
#16987
fix(config): add skipCache to updateSessionStoreEntry and updateLastRoute to prevent lost updates
@AI-Reviewer-QS
9.2/10
โ Consensus
#4
#15882
fix: move session entry computation inside store lock to prevent race conditions
@cloorus
8.9/10
โ Consensus
Prevents orphaned tool results by dropping assistant messages with a 'stopReason' of 'error' during transcript repair, which can occur when providers filter out errored assistant messages.
#4844
fix(agents): skip error/aborted assistant messages in transcript repair
@lailoo
9.3/10
โ Consensus
#2
#9416
fix: drop errored/aborted assistant tool pairs in transcript repair
@xandorklein
9.2/10
โ Consensus
#3
#3880
fix: drop assistant messages with stopReason 'error' to avoid orphaning tool results (#3860)
@SalimBinYousuf1
6.9/10
โ Consensus
#4
#3880
fix: drop assistant messages with stopReason 'error' to avoid orphaning tool results (#3860)
@SalimBinYousuf1
6.9/10
โ Consensus
Enable Slack Block Kit functionality for plugin-level edit actions, allowing plugins to update messages with structured blocks instead of just plain text.
#18262
feat(slack): support Block Kit blocks in editMessage
@Solvely-Colin
8.7/10
โ Consensus
#2
#18257
feat(slack): support Block Kit blocks in sendMessage
@Solvely-Colin
8.7/10
โ Consensus
#3
#18268
feat(slack): support blocks in plugin send action
@Solvely-Colin
7.8/10
โ Human Review
#4
#18278
feat(slack): support blocks in plugin edit action
@Solvely-Colin
7.4/10
โ Consensus
Prevents a cron job from entering a tight spin loop and starving the event loop when its next execution time is in the past by enforcing a minimum timer delay.
#17370
fix(cron): prevent spin loop when timer delay resolves to 0ms
@BinHPdev
8.9/10
โ Consensus
#3
#16878
fix(cron): prevent timer spin loop with minimum delay floor
@Limitless2023
7.9/10
โ Consensus
Fixes a bug where WhatsApp media from group members was not downloaded when using groupPolicy: allowlist and the group was in the groups allowlist but the sender was not in groupAllowFrom, by allowing messages from all participants in groups that are explicitly in the groups allowlist.
3 duplicatesbugfix
area: WhatsApp inbound access control ยท confidence: 88.0%
Rank
Pull Request
Quality
Review
โญ#1
#6567
fix: include paired users in WhatsApp group sender allowlist
@giannisanni
9.2/10
โ Consensus
#2
#6567
fix: include paired users in WhatsApp group sender allowlist
@giannisanni
9.2/10
โ Consensus
#3
#4390
fix(whatsapp): allow media from allowlisted groups without groupAllowโฆ
@Sarang19114
8.6/10
โ Consensus
Fixes a bug where memory flush was not triggering before compaction because it was using the last turn's tokens instead of the cumulative context size for the threshold check.
#12760
fix(memory-flush): fire on every compaction cycle instead of skipping alternate cycles (#12590)
@lailoo
9.3/10
โ Consensus
#2
#15945
fix(memory-flush): only write memoryFlushCompactionCount when compaction succeeds
@aldoeliacim
9.3/10
โ Consensus
#3
#4999
fix(memory-flush): use contextTokens instead of totalTokens for threshold check
@Farfadium
8.5/10
โ Consensus
Fixes a bug where WhatsApp replies from LID JIDs were not correctly identified as replies to the bot, preventing implicit mentions from working as expected when requireMention is true.
#11166
fix(whatsapp): detect LID @mentions in self-chat mode
@mcaxtr
9.3/10
โ Consensus
#2
#17256
fix: allow text regex fallback when bot JID not in mentionedJids
@DarlingtonDeveloper
9.2/10
โ Consensus
#3
#16655
fix(whatsapp): resolve reply-to sender E.164 for LID JIDs (have bot see replys without a mention even with "requireMention: true", like the Discord integration)
@mascarenhas
9.0/10
โ Consensus
Add baseline HTTP security headers to all gateway responses to improve security posture.
#10526
security: add baseline security headers to gateway HTTP responses
@abdelsfane
8.8/10
โ Consensus
#2
#6906
Add baseline HTTP security headers to gateway responses
@QuantumEdu
8.6/10
โ Consensus
#3
#6906
Add baseline HTTP security headers to gateway responses
@QuantumEdu
8.6/10
โ Consensus
Fixes a bug where inbound voice calls were not properly cleaned up when disconnected by using media stream disconnect as a fallback signal to mark the call as ended, preventing the exhaustion of the `maxConcurrentCalls` limit.
Wires up the `message_sending` plugin hook in the outbound delivery pipeline, allowing plugins to modify outgoing message content or cancel delivery before the channel adapter sends the message.
#18152
feat: support per-model thinkingDefault override in models config
@wu-tian807
8.8/10
โ Consensus
#2
#16899
feat(config): per-agent and per-model thinking defaults
@jh280722
8.5/10
โ Consensus
#3
#15030
Agents: support per-agent thinking defaults
@sauerdaniel
7.8/10
โ Human Review
Fixes cron jobs created via the tool API not auto-firing because the `enabled` flag was not being defaulted to `true` when omitted, preventing the calculation of `nextRunAtMs`.
#8701
fix: default enabled to true for cron jobs created via tool API
@maximus-claw
9.4/10
โ Consensus
#2
#9088
fix(cron): ensure nextRunAtMs is computed when enabled is undefined (#9056)
@divol89
8.9/10
โ Consensus
#3
#9088
fix(cron): ensure nextRunAtMs is computed when enabled is undefined (#9056)
@divol89
8.9/10
โ Consensus
Prevents unnecessary gateway restarts triggered by changes to the `meta.lastTouchedAt` field in the configuration by marking the `meta` section as non-actionable for config reloads.
#11746
fix: treat meta config paths as no-op to prevent unnecessary gateway restarts
@QDenka
9.3/10
โ Consensus
#2
#11280
fix(gateway): add meta prefix to reload rules to prevent double SIGUSR1
@cheenu1092-oss
9.2/10
โ Consensus
#3
#8473
fix(gateway): prevent spurious restarts on meta.lastTouchedAt changes
@adam-smeth
8.9/10
โ Consensus
Adds Mistral AI as a supported provider, including CLI onboarding, configuration, and documentation, enabling users to easily use Mistral's models within the application.
#9425
refactor(agents): replace console.warn with SubsystemLogger in compaction.ts
@dinakars777
9.5/10
โ Consensus
#2
#9990
refactor(agents): replace console.warn with SubsystemLogger in venice-models.tsrefactor(agents): replace console.warn with SubsystemLogger in veniceโฆ
@dinakars777
8.0/10
โ Consensus
#3
#9974
refactor(agents): replace console.warn with SubsystemLogger in compaction-safeguard.ts
@dinakars777
5.3/10
โ Human Review
Fixes a bug where rate-limit errors from Anthropic were being incorrectly classified as context overflow errors by tightening the regex used for context overflow detection and adding guard clauses to exclude rate-limit and billing errors.
Fixes a false positive in the `openclaw doctor` command that incorrectly identified unrelated LaunchAgents as gateway-like services by adding a check to only consider services with labels starting with `ai.openclaw.` after detecting an 'openclaw' marker.
#10182
fix: skip non-openclaw LaunchAgents in doctor gateway scan
@Yida-Dev
9.2/10
โ Consensus
#2
#15908
fix: doctor falsely flags non-gateway services as 'gateway-like'
@echoVic
7.1/10
โ Consensus
#3
#15903
fix(doctor): stricter gateway service detection to prevent false positives
@Shuai-DaiDai
5.5/10
โ Human Review
Fixes a bug where the Mattermost integration incorrectly required mentions in group channels even when the `chatmode` was set to `onmessage`, by ensuring the account-level mention preference is passed into group mention resolution as a fallback.
#10675
feat(feishu): add audio message support and fix file upload
@YumoeZhung
7.5/10
โ Consensus
Fixes a bug in bash completion generation where empty flags in command options would cause spurious completion matches.
3 duplicatesbugfix
area: cli ยท confidence: 85.0%
Rank
Pull Request
Quality
Review
โญ#1
#10710
fix(cli): filter empty flags in bash completion generation
@Yida-Dev
9.3/10
โ Consensus
#2
#10723
fix(cli): filter empty flags in PowerShell completion generation
@Yida-Dev
9.2/10
โ Consensus
#3
#11165
fix(cli): filter empty flags in zsh and PowerShell nested completion
@Yida-Dev
9.1/10
โ Consensus
Hides assistant messages containing only tool call information when the 'Toggle assistant thinking/working output' button is off in the Control UI, preventing tool call blocks from being displayed when they should be hidden.
3 duplicatesfeature
area: UI ยท confidence: 84.0%
Rank
Pull Request
Quality
Review
โญ#1
#10996
fix(control-ui): hide tool call blocks when thinking/working toggle is off
@Annaxiebot
8.5/10
โ Consensus
#2
#11010
fix(control-ui): hide tool call cards when thinking toggle is off
@Annaxiebot
8.0/10
โ Consensus
#3
#11526
fix(control-ui): hide tool-only assistant messages when thinking is off
@Annaxiebot
7.9/10
โ Consensus
Adds support for the DeepSeek provider (DeepSeek-V3, DeepSeek-R1) to enable users to utilize DeepSeek models within the application.
#13117
fix: Telegram webhook mode allows unauthenticated update injection when
@coygeek
9.5/10
โ Consensus
#2
#13170
security: enforce webhookSecret at runtime for Telegram webhook mode
@RamiNoodle733
9.4/10
โ Consensus
#3
#13521
telegram: require webhook secret in runtime webhook mode
@davidahmann
8.5/10
โ Consensus
Adds support for Cloudflare's Markdown for Agents by modifying the Accept header in web-fetch to prefer markdown responses while maintaining backward compatibility with existing servers.
#15251
feat(web-fetch): send Accept: text/markdown header for Cloudflare Markdown for Agents
@wujieli0207
9.3/10
โ Consensus
#2
#15242
feat(web-fetch): Add Accept header for Cloudflare Markdown for Agents [AI-assisted]
@drkraft
8.2/10
โ Consensus
#3
#15414
feat(web-fetch): add Accept: text/markdown header for Cloudflare Markdown for Agents
@aldoeliacim
8.2/10
โ Consensus
Adds comprehensive GraphQL documentation to the GitHub skill, including basic query and mutation examples, schema introspection commands, and guidance to prevent hallucination when working with GitHub Projects V2
Implements lazy-loading of CLI commands to improve cold-start performance by deferring the import of command dependencies until the command is actually invoked.
#15978
perf(cli): defer browser-cli and status command imports
@RocketMan234
7.8/10
โ Consensus
#3
#15979
perf(cli): defer all sub-CLI imports and add help stubs
@RocketMan234
7.5/10
โ Consensus
Fixes a bug where `resolveSessionFilePath` was defaulting to the main agent's session directory when called for other agents, leading to incorrect file path resolution and errors when accessing sessions for non-main agents, and also includes unrelated changes such as cross-gateway support, per-agent API key preservation, and CI/CD pipeline updates.
#16325
fix: resolve agentId from sessionKey when not provided
@Limitless2023
8.4/10
โ Consensus
#2
#15792
fix: pass agentId to resolveSessionFilePath in additional call sites
@MisterGuy420
7.3/10
โ Consensus
#3
#15982
fix: pass agentId to resolveSessionFilePath in reply flow (NX-003)
@automagik-genie
4.6/10
โ Consensus
Adds a new 'set_public_permission' action to the Feishu Doc tool, allowing users to programmatically set the public access level (read or edit) of a document.
#17094
fix(clawdock): include docker-compose.extra.yml in helper commands
@zerone0x
8.2/10
โ Human Review
#2
#17104
fix(clawdock): include docker-compose.extra.yml in compose commands
@Limitless2023
7.9/10
โ Consensus
#3
#17097
fix(clawdock): include docker-compose.extra.yml in compose commands
@DhruvGarg111
7.9/10
โ Consensus
Fixes a bug where inbound voice calls via Telnyx were being silently dropped by ensuring the `direction`, `from`, and `to` fields are passed through and the `direction` field is normalized from Telnyx's `incoming`/`outgoing` to `inbound`/`outbound`.
#16651
fix(voice-call): pass direction, from, to fields in Telnyx call.initiated events
@brandonwise
9.3/10
โ Consensus
#3
#16998
fix(voice-call): pass direction/from/to in Telnyx call.initiated events
@arosstale
9.2/10
โ Consensus
Adds a foundational Chinese UI translation project to OpenClaw, including core translations and documentation, to improve accessibility for Chinese-speaking users.
Enables the memory-lancedb plugin to support custom OpenAI-compatible endpoints (e.g., Ollama, vLLM) by allowing a configurable baseURL and custom vector dimensions.
#17874
feat(memory-lancedb): Custom OpenAI BaseURL & Dimensions Support
@rish2jain
8.9/10
โ Consensus
#2
#17566
memory-lancedb: support local OpenAI-compatible embeddings
@lumenradley
8.4/10
โ Consensus
#3
#10064
feat(memory-lancedb): Support custom embedding providers (SiliconFlow, etc.)
@kckylechen1
7.8/10
โ Consensus
Fixes a false positive in the `openclaw doctor` command that incorrectly reports permission warnings for symlinks pointing to the Nix store on NixOS systems.
3 duplicatesbugfix
area: doctor tool ยท confidence: 90.0%
Rank
Pull Request
Quality
Review
โญ#1
#11458
fix(doctor): skip config permission check on symlinks
@AnonO6
9.3/10
โ Consensus
#2
#11408
Security: resolve symlink target permissions in safeStat; skip doctor config warning for symlinks (#11307)
@lailoo
8.9/10
โ Consensus
#3
#16957
fix(doctor): skip false positive permission warnings for Nix store symlinks
@soumikbhatta
8.3/10
โ Human Review
Adds support for the DingTalk messaging platform as a new channel within OpenClaw, including inbound/outbound message handling, configuration, and documentation.
Fixes a bug where the `before_tool_call` hook was firing twice when an abort signal was present due to a Symbol property being dropped during object spreading.
#16978
fix(hooks): preserve before_tool_call marker across abort signal wrapping
@arosstale
9.6/10
โ Consensus
#2
#16852
fix: before_tool_call hook double-fires with abort signal
@sreuter
9.4/10
โ Consensus
#3
#16870
fix: before_tool_call hook double-fire with abort signal
@Limitless2023
4.5/10
โ Consensus
Fixes an issue where session file paths from one agent are incorrectly validated against the main agent's sessions directory in multi-agent setups, causing errors when sub-agents with explicit agentDir configurations try to reference their own session files.
#16249
fix(sessions): allow cross-agent session paths in multi-agent bindings
@0xbrak
9.1/10
โ Consensus
#2
#15474
fix: validate session file paths against any agent sessions dir
@maximalmargin
8.9/10
โ Consensus
#3
#16171
fix: trust absolute sessionFile paths in multi-agent setups
@iJaack
8.9/10
โ Consensus
Improves the performance of shell completion generation by avoiding the loading of heavy plugins during the process, resulting in significantly faster completion script generation.
Fixes an issue where auto-paired Dashboard/webchat devices were not receiving the full set of operator scopes after a gateway restart, preventing them from functioning correctly, and includes several other related fixes and improvements.
#17205
fix: enforce full operator scopes for Control UI and Webchat auto-pairing
@Limitless2023
6.7/10
โ Consensus
#2
#17205
fix: enforce full operator scopes for Control UI and Webchat auto-pairing
@Limitless2023
6.7/10
โ Consensus
#3
#17201
fix: include full operator scopes for auto-paired Dashboard/webchat devices
@Limitless2023
5.3/10
โ Consensus
Restores the correct priority of device tokens over config tokens for authentication, fixing a regression introduced in v2026.2.14 where config tokens were incorrectly prioritized.
#17279
fix: restore device token priority over config token
@MisterGuy420
9.0/10
โ Consensus
#2
#17336
fix(gateway): restore device token priority over passive config token
@milosm
8.4/10
โ Human Review
#3
#17379
fix: restore device token priority in device-auth mode
@Limitless2023
7.4/10
โ Human Review
Fixes a bug where WhatsApp Web QR login auto-retry fails to trigger for 515 "restart required" errors due to incorrect status code extraction from nested error structures.
3 duplicatesbugfix
area: WhatsApp Web ยท confidence: 89.0%
Rank
Pull Request
Quality
Review
โญ#1
#3071
fix: WhatsApp 515 error retry not triggering
@rabsef-bicrym
8.9/10
โ Consensus
#2
#3071
fix: WhatsApp 515 error retry not triggering
@rabsef-bicrym
8.9/10
โ Consensus
#3
#9515
fix(web): retry WhatsApp 515 restart up to 3 times with delay
@Sebachowa
7.6/10
โ Consensus
Fixes a bug where the `pnpm ui:build` command fails on Windows when the pnpm executable path contains spaces due to incorrect handling by the shell.
3 duplicatesbugfix
area: UI ยท confidence: 96.0%
Rank
Pull Request
Quality
Review
โญ#1
#4295
fix: quote Windows paths with spaces in UI runner command
@Xieweikang123
6.8/10
โ Consensus
#2
#4295
fix: quote Windows paths with spaces in UI runner command
@Xieweikang123
6.8/10
โ Consensus
#3
#10051
CLI: fix ui build on Windows when pnpm path contains spaces
@jibrailinitdsg
6.5/10
โ Human Review
Enables autoSelectFamily by default for Node.js 22+ in the Telegram plugin to allow IPv4 fallback when IPv6 is configured but not properly routed, resolving issues with sending messages on certain networks.
#4057
fix: sanitize tool call IDs for Azure OpenAI
@wangchuan3533
6.2/10
โ Consensus
Fixes a bug where orphaned user messages, when rebuilt into the session context, bypass the sanitization pipeline, leading to mismatched tool_use/tool_result pairings and API errors.
#4257
fix(slack): Convert Unicode emojis to Slack shortcodes for ack reactions
@rossshannon
8.0/10
โ Consensus
#2
#4257
fix(slack): Convert Unicode emojis to Slack shortcodes for ack reactions
@rossshannon
8.0/10
โ Consensus
Updates Antigravity integration to avoid recent gateway failures by bumping the hardcoded Antigravity User-Agent version and adding a transcript sanitizer to ensure tool-related blocks include a required input object
#4653
fix(gateway): improve crash resilience for mDNS and network errors
@AyedAlmudarra
8.2/10
โ Consensus
#2
#4653
fix(gateway): improve crash resilience for mDNS and network errors
@AyedAlmudarra
8.2/10
โ Consensus
Prevents outbound direct message sends from overwriting the main session's display name with the last recipient's name, while still updating delivery context for accurate routing.
#4693
fix: keep main session displayName on outbound sends
@ManojINaik
7.2/10
โ Consensus
#2
#4693
fix: keep main session displayName on outbound sends
@ManojINaik
7.2/10
โ Consensus
Adds proactive compaction to the embedded Pi agent runner to prevent context overflow by checking token usage before sending API requests and compacting if necessary.
#4042
agents: add proactive compaction before request
@freedomzt
8.6/10
โ Consensus
#2
#4042
agents: add proactive compaction before request
@freedomzt
8.6/10
โ Consensus
Adds a configuration option to store messages from non-allowlisted group members as context, allowing the agent to see all messages in a group even if some members are not allowed to trigger the agent.
2 duplicatesfeature
area: WhatsApp group messaging ยท confidence: 99.0%
Rank
Pull Request
Quality
Review
โญ#1
#4402
fix: store group messages from non-allowlisted senders as pending context
@adam91holt
8.6/10
โ Consensus
#2
#4402
fix: store group messages from non-allowlisted senders as pending context
@adam91holt
8.6/10
โ Consensus
Adds validation to base64 encoded image data before sending it to the Anthropic API to prevent session corruption caused by invalid image data, replacing invalid images with descriptive text blocks.
#18263
fix: validate base64 image data before API submission
@sriram369
9.1/10
โ Consensus
#2
#18219
fix: validate base64 image data before sending to LLM APIs
@Grynn
9.1/10
โ Consensus
Reduces lock contention on the global sessions.json file by introducing per-session metadata files for frequent updates and a debounced background sync to keep the global file in sync.
#4664
fix: per-session metadata files to eliminate lock contention
@tsukhani
7.5/10
โ Consensus
#2
#4664
fix: per-session metadata files to eliminate lock contention
@tsukhani
7.5/10
โ Consensus
Corrects the workspace directory path reported to agents running in a sandbox to reflect the path inside the Docker container, ensuring tools execute in the correct location.
Fixes a packaging issue on Windows by correcting the bin path in package.json and adds support for OpenAI vision models by extracting image data from data URIs in the OpenAI-compatible API and converting them to the internal agent command format.
#4534
fix: packaging and OpenAI vision format conversion
@SalimBinYousuf1
6.5/10
โ Consensus
#2
#4534
fix: packaging and OpenAI vision format conversion
@SalimBinYousuf1
6.5/10
โ Consensus
Prevents the compaction safeguard extension from discarding conversation history in embedded mode by returning undefined when ctx.model or apiKey is unavailable, allowing the built-in compaction logic to handle summarization.
#11333
fix(docker): align host directory ownership with container user
@liuxiaopai-ai
8.1/10
โ Consensus
#2
#5458
fix: set correct file ownership in Dockerfile (#5450)
@hakyonglee
7.7/10
โ Human Review
Prevents the Slack integration from attempting to process HTML login pages (returned due to authentication failures or expired URLs) as media files, improving error handling and visibility by logging a warning and skipping the file.
2 duplicatesbugfix
area: Slack media downloads ยท confidence: 82.0%
Rank
Pull Request
Quality
Review
โญ#1
#14847
fix(slack): preserve auth across Slack-hosted file redirects
@natashache
9.1/10
โ Consensus
#2
#4665
fix(slack): reject HTML responses when downloading media
@tumf
9.0/10
โ Consensus
Adds a BouncyCastle fallback for Ed25519 key generation and signing on Android devices where the system provider fails, and introduces a UI setting for users to input a gateway token for authentication.
#14944
fix(browser): prefer openclaw profile in headless/noSandbox environments
@BenediktSchackenberg
9.1/10
โ Consensus
#2
#6193
fix(browser): default to openclaw profile instead of chrome extension relay
@mikezaoldyeck
7.3/10
โ Consensus
Fixes a potential hang in the embedded Pi runner teardown process by making the compaction wait abortable, ensuring that the teardown path proceeds even if compaction events are not received.
#13347
fix: wrap waitForCompactionRetry() in abortable() to prevent lane deadlock on timeout
@smartleos
9.2/10
โ Consensus
#2
#5467
Fix: make embedded compaction wait abortable
@yoyooyooo
9.1/10
โ Consensus
Fixes a bug where the session-memory hook reads from an empty current session file after a /new or /reset command, leading to loss of conversation history, by adding a fallback mechanism to read from the most recent .jsonl.reset.* file if the current session file is empty or too small.
#6630
feat(hooks): add agent:turn_start and agent:turn_end lifecycle events
@drdigital13
6.4/10
โ Consensus
#2
#6630
feat(hooks): add agent:turn_start and agent:turn_end lifecycle events
@drdigital13
6.4/10
โ Consensus
Fixes a bug where cron jobs with `deliver: true` would silently fail to deliver the original message when the agent response was filtered as heartbeat-only, by substituting the original message as the delivery payload in such cases.
#6522
fix(cron): deliver original message when agent response is heartbeat-only
@sidmohan0
9.2/10
โ Consensus
#2
#6522
fix(cron): deliver original message when agent response is heartbeat-only
@sidmohan0
9.2/10
โ Consensus
Fixes a bug where messages sent via the Matrix channel without specifying an accountId were being sent from the wrong Matrix account due to incorrect account resolution.
#6517
fix(matrix): pass accountId through outbound chain to resolveMatrixClient
@saxyguy81
8.5/10
โ Consensus
#2
#6517
fix(matrix): pass accountId through outbound chain to resolveMatrixClient
@saxyguy81
8.5/10
โ Consensus
Adds a new interactive HTML visualization for line balancing of a Double End M12 Cable Assembly, including multiple balancing algorithms, animated station merging, and performance metrics.
#7030
feat: add line balancing animation for Double End M12 Cable Assembly
@ceasarcapuno
6.8/10
โ Consensus
#2
#7030
feat: add line balancing animation for Double End M12 Cable Assembly
@ceasarcapuno
6.8/10
โ Consensus
Fixes a bug where compaction summarization fails in 'safeguard' mode due to missing model context, causing fallback to static summaries by passing the model through the runtime registry.
#6800
fix: pass model to compaction-safeguard via runtime for compact.js workflow
@earlook99
8.6/10
โ Consensus
#2
#6800
fix: pass model to compaction-safeguard via runtime for compact.js workflow
@earlook99
8.6/10
โ Consensus
Adds a configurable placeholder message to the Telegram channel while the agent is processing a request, updating it with tool usage information and deleting it upon completion.
#7046
feat(telegram): add placeholder message while processing
@shanemort1982
7.5/10
โ Consensus
#2
#7046
feat(telegram): add placeholder message while processing
@shanemort1982
7.5/10
โ Consensus
Updates the Hetzner VPS installation guide with improved instructions, including optional hcloud CLI provisioning, expanded Docker Compose examples, and a new section on configuring the gateway with first-run commands and validation/access flows.
#6677
fix(tts): always load fresh config for voice selection
@Jinqiao
8.5/10
โ Consensus
#2
#6677
fix(tts): always load fresh config for voice selection
@Jinqiao
8.5/10
โ Consensus
Adds a persistent contact storage mechanism for the WhatsApp tool by creating a CONTACTS.md file in the workspace to store contact information, allowing the agent to remember previously used contacts across sessions.
#6751
docs(browser): update JSON configuration format in documentation
@saltapp
8.2/10
โ Human Review
#2
#6751
docs(browser): update JSON configuration format in documentation
@saltapp
8.2/10
โ Human Review
Adds a `supportsStrictMode` option to the model configuration to allow disabling the `strict: true` parameter in tool/function definitions for OpenAI-compatible endpoints that do not support it.
#6683
feat(config): add supportsStrictMode compat option for model definitions
@long-pham
9.2/10
โ Consensus
#2
#6683
feat(config): add supportsStrictMode compat option for model definitions
@long-pham
9.2/10
โ Consensus
Triggers internal hooks when a new session is created via the `sessions.reset` RPC, mirroring the behavior of the `/new` command when issued through a channel, to ensure features like session memory and command logging function correctly in TUI and webchat.
#6853
fix: fire internal hooks on sessions.reset RPC (TUI/webchat /new)
@hamiltonchua
8.5/10
โ Consensus
#2
#6853
fix: fire internal hooks on sessions.reset RPC (TUI/webchat /new)
@hamiltonchua
8.5/10
โ Consensus
Adds a cleanup mechanism to remove orphaned temporary files created during cron store saves on application startup, preventing potential interference from incomplete writes.
2 duplicatesbugfix
area: cron store ยท confidence: 96.0%
Rank
Pull Request
Quality
Review
โญ#1
#6827
fix: cron scheduler cleanup orphaned .tmp files on startup
@fatelei
7.6/10
โ Consensus
#2
#6827
fix: cron scheduler cleanup orphaned .tmp files on startup
@fatelei
7.6/10
โ Consensus
Improves the user experience of the `/queue` and `/subagents` chat commands by reformatting their output to be more readable and informative.
#6729
fix(security): prevent path traversal in archive extraction (CWE-22)
@unisone
8.9/10
โ Consensus
#2
#6729
fix(security): prevent path traversal in archive extraction (CWE-22)
@unisone
8.9/10
โ Consensus
Addresses a crash on Android/Termux by wrapping calls to `os.networkInterfaces()` in try/catch blocks to gracefully handle the restricted `uv_interface_addresses` system call.
#7060
fix: handle uv_interface_addresses failure on Android/Termux
@kjoh94
8.3/10
โ Consensus
#2
#7060
fix: handle uv_interface_addresses failure on Android/Termux
@kjoh94
8.3/10
โ Consensus
Removes the workspace protocol dependency on openclaw from the feishu extension's package.json to resolve an npm install error related to unsupported workspace protocols during plugin installation.
#11454
fix(plugins): remove workspace:* from extension dependencies
@AnonO6
8.6/10
โ Human Review
#2
#18209
fix(feishu): remove workspace protocol from devDependencies to fix inโฆ
@zywj
7.8/10
โ Consensus
Fixes a bug where messages sent via `sessions_send` were incorrectly routed to the webchat channel due to a hardcoded channel value, and introduces support for direct session key formats to correctly route messages to the intended channel.
#6850
fix: support direct channel:account:peer format in session key extraction
@toboto
8.6/10
โ Consensus
#2
#6850
fix: support direct channel:account:peer format in session key extraction
@toboto
8.6/10
โ Consensus
Modifies plugin installation to use the 'id' field from the plugin manifest file for the installation directory name, falling back to the npm package name if the manifest or ID is missing.
#7090
fix: plugin install uses manifest ID for folder name (#2796)
@dial481
8.8/10
โ Consensus
#2
#7090
fix: plugin install uses manifest ID for folder name (#2796)
@dial481
8.8/10
โ Consensus
Adds a new 'camb-ai' extension to OpenClaw, providing agent tools and CLI commands for text-to-speech, speech-to-text, translation, voice cloning, and sound generation using the Camb AI platform.
Strips malformed tool_use blocks from assistant messages to prevent permanent session corruption caused by interrupted tool calls, ensuring subsequent API requests do not fail due to unexpected or missing tool_use_id errors.
Adds regression tests to verify that the `sessions_spawn` tool correctly applies explicit model overrides, even when an `agentId` is provided, and that explicit models take precedence over global subagent model defaults.
#6875
test: add coverage for sessions_spawn model + agentId (#6817)
@whoknowsmann
9.0/10
โ Consensus
#2
#6875
test: add coverage for sessions_spawn model + agentId (#6817)
@whoknowsmann
9.0/10
โ Consensus
Removes the unnecessary and failing 'restore control-ui' step in the update runner, which attempts to restore a gitignored directory, causing update failures despite successful builds.
#6857
docs: clarify that /elevated on is an alias for ask
@whoknowsmann
9.4/10
โ Consensus
#2
#6857
docs: clarify that /elevated on is an alias for ask
@whoknowsmann
9.4/10
โ Consensus
Fixes an issue where node pairing requests created via WebSocket connection were not being properly handled by the `node.pair.*` API handlers, leading to an inability to approve or reject pairing requests through the CLI or API.
#6846
fix: bridge node.pair.* tools to device pairing store
@cortexuvula
8.4/10
โ Consensus
#2
#6846
fix: bridge node.pair.* tools to device pairing store
@cortexuvula
8.4/10
โ Consensus
Adds a new environment variable to configure volume mount options in docker-compose, primarily to support rootless Podman and SELinux environments by allowing users to specify mount flags like `:U` or `:Z`.
#7061
Add additional variable to the docker-compose file (default off) to make it work with rootless podman
@aupeachmo
7.4/10
โ Consensus
#2
#7061
Add additional variable to the docker-compose file (default off) to make it work with rootless podman
@aupeachmo
7.4/10
โ Consensus
Increase the maximum WebSocket payload size to accommodate larger attachments sent from node clients, specifically addressing the issue of silently dropped payloads when sending base64-encoded images.
#6805
fix: increase WebSocket MAX_PAYLOAD_BYTES to 6MB for attachments
@cortexuvula
8.8/10
โ Consensus
#2
#6805
fix: increase WebSocket MAX_PAYLOAD_BYTES to 6MB for attachments
@cortexuvula
8.8/10
โ Consensus
Removes MiniMax from the list of reasoning tag providers to fix an issue where MiniMax responses were not displayed in the TUI due to the absence of ``/`` tags.
#7106
fix: openclaw update includes external npm-installed plugins
@dial481
8.0/10
โ Human Review
#2
#7106
fix: openclaw update includes external npm-installed plugins
@dial481
8.0/10
โ Human Review
Adds internationalization (i18n) infrastructure to the project, including support for English and Simplified Chinese, to enable future localization efforts.
#7130
[AI-Assisted] Add i18n infrastructure with Chinese (zh-CN) support
@01luyicheng
8.6/10
โ Consensus
#2
#7130
[AI-Assisted] Add i18n infrastructure with Chinese (zh-CN) support
@01luyicheng
8.6/10
โ Consensus
Ensures that the `resolveSoulEvilConfigFromHook` function prioritizes environment variables defined within the `env` block of a hook configuration, preventing accidental access to top-level configuration properties when an `env` block is present.
#7036
Fix evil soul hooks by enforcing env properties
@richard-chau
8.4/10
โ Consensus
#2
#7036
Fix evil soul hooks by enforcing env properties
@richard-chau
8.4/10
โ Consensus
Adds support for the CommonStack AI provider, including onboarding, model scanning, and integration with the CLI, allowing users to access and manage models through the CommonStack platform.
#7113
feat(providers): add CommonStack provider support
@flhoildy
7.4/10
โ Consensus
#2
#7113
feat(providers): add CommonStack provider support
@flhoildy
7.4/10
โ Consensus
Adds documentation to address the 'stranger problem' in agents, proposing a lighter approach to continuity with a self-check ritual and memory hierarchy, and provides a practical template for agents to use in their workspaces.
2 duplicatesdocs
area: agent architecture and continuity ยท confidence: 94.0%
Rank
Pull Request
Quality
Review
โญ#1
#7196
docs: Agent continuity - the 'stranger problem' and lighter approach
@sincere-arjun
7.7/10
โ Consensus
#2
#7196
docs: Agent continuity - the 'stranger problem' and lighter approach
@sincere-arjun
7.7/10
โ Consensus
Improves the reliability of agentic loops by adding resilience to transient network errors, including automatic retries and proper classification of network-related failures, preventing silent failures and ensuring continuous operation.
#7229
fix: add network error resilience to agentic loop failover
@ai-fanatic
9.0/10
โ Consensus
#2
#7229
fix: add network error resilience to agentic loop failover
@ai-fanatic
9.0/10
โ Consensus
Changes the `openclaw gateway stop` command to use `launchctl kill SIGTERM` instead of `launchctl bootout` so that the LaunchAgent remains loaded and can be restarted without requiring a reinstall.
#16845
fix(daemon): gateway auto-restart on SIGTERM + agent restart guidelines
@kiminbean
8.8/10
โ Consensus
#2
#7155
fix(gateway): use kill SIGTERM instead of bootout for stop
@rafaelreis-r
8.5/10
โ Consensus
Adds a 'gateway:shutdown' internal hook to allow internal hooks to perform cleanup, logging, or other shutdown tasks when the gateway stops, and consolidates plugin lifecycle hook firing to prevent duplicates.
#15425
Gateway: add gateway:shutdown internal hook for lifecycle cleanup
@a-anand-91119
9.0/10
โ Consensus
Adds support for detecting mentions in Matrix messages from Element clients by parsing the `formatted_body` field for `matrix.to` links, as Element does not use the `m.mentions` field.
#16941
fix(matrix): detect mentions in formatted_body matrix.to links
@zerone0x
9.5/10
โ Consensus
#2
#7842
Fix Matrix mention detection for Element client (formatted_body links)
@emadomedher
7.9/10
โ Consensus
Adds a new hook event type 'message:received' that fires before a message is processed by the agent, enabling custom logic on incoming messages and context injection
#7545
feat(hooks): add message:received hook for pre-turn automation
@wangtian24
8.6/10
โ Consensus
Integrate Speechify as a new Text-to-Speech provider, including API integration, configuration schema updates, gateway RPC exposure, CLI command adjustments, and documentation.
Improves OpenClaw's memory management by standardizing on a WM/STM-friendly workspace layout, automatically creating and maintaining STM.md, and allowing memory tools to search/read STM and LTM (when opted in) out of the box, enhancing personalization and continuity without requiring extra configuration.
#7894
Memory improvements: Give OpenClaw better memory + REM sleep
@bornio
8.1/10
โ Consensus
#2
#7894
Memory improvements: Give OpenClaw better memory + REM sleep
@bornio
8.1/10
โ Consensus
Implements a new `before_model_select` plugin hook that allows plugins to intercept and modify the model selection process before it's finalized, enabling intelligent model routing based on prompt content.
2 duplicatesfeature
area: model selection ยท confidence: 100.0%
Fixes a bug where Slack channel and user names were incorrectly treated as IDs, preventing directory lookup and causing `channel_not_found` errors in cross-account messaging scenarios.
#8024
fix(slack): resolve channel names via directory for cross-account messaging
@emma-digital-assistant
9.1/10
โ Consensus
#2
#8024
fix(slack): resolve channel names via directory for cross-account messaging
@emma-digital-assistant
9.1/10
โ Consensus
Integrate Atlas browser capabilities for web search and fetch, reducing API usage by prioritizing in-browser ChatGPT tasks and falling back to existing providers when Atlas is unavailable, while also adding Atlas profile auto-detection and per-profile executable path support.
#7982
Save API Usage: Use Atlas Browser ChatGPT Capabilities
@yaoshengwang
6.3/10
โ Human Review
#2
#7982
Save API Usage: Use Atlas Browser ChatGPT Capabilities
@yaoshengwang
6.3/10
โ Human Review
Fixes a bug where one-shot cron jobs scheduled during gateway downtime are not executed after the gateway restarts by ensuring the timer is armed immediately for past-due jobs.
#8034
fix(cron): run past-due one-shot jobs immediately on startup
@FelixFoster
8.4/10
โ Consensus
#2
#10918
fix(cron): add tolerance for timer precision and skip due jobs in recompute
@Cherwayway
8.1/10
โ Consensus
Adds a new CLI tool, openclaw-env, to generate hardened Docker Compose sandboxes for running OpenClaw, enforcing least-privilege defaults and supporting restricted network access via an egress proxy with domain allowlisting.
Persist the webchat message queue to localStorage to prevent message loss on browser refresh, ensuring messages queued while the agent is busy are retained across sessions.
#8344
fix: persist webchat message queue to localStorage across browser refresh
@vishaltandale00
7.4/10
โ Consensus
#2
#8344
fix: persist webchat message queue to localStorage across browser refresh
@vishaltandale00
7.4/10
โ Consensus
Adds the ability to configure context pruning settings on a per-cron-job basis, overriding the global defaults, to reduce unnecessary token costs associated with caching context for simple cron jobs.
2 duplicatesfeature
area: cron jobs and gateway ยท confidence: 96.0%
Rank
Pull Request
Quality
Review
โญ#1
#8341
feat: add per-job cache control for cron jobs
@vishaltandale00
8.1/10
โ Consensus
#2
#8341
feat: add per-job cache control for cron jobs
@vishaltandale00
8.1/10
โ Consensus
Fixes a bug where the browser bridge server was unreachable from inside Docker containers by binding to 127.0.0.1 instead of 0.0.0.0 when running in sandbox mode, and advertising the Docker bridge IP.
#8303
fix(browser): enable downloads via CDP Browser.setDownloadBehavior
@gavinbmoore
8.5/10
โ Consensus
#2
#8303
fix(browser): enable downloads via CDP Browser.setDownloadBehavior
@gavinbmoore
8.5/10
โ Consensus
Adds clickable state filter chips to the skills page, allowing users to filter skills based on their state (Ready, Disabled, Missing Dependencies, Blocked).
#8244
feat(hooks): add session:before_compact and session:after_compact internal hook events
@kephail
7.9/10
โ Consensus
Adds the ability to configure per-skill thinking level and model selection via the skills.entries configuration, allowing overrides of session defaults when invoking specific skills.
#8334
fix(webchat): Filter NO_REPLY messages from chat history
@vishaltandale00
8.5/10
โ Consensus
#2
#8334
fix(webchat): Filter NO_REPLY messages from chat history
@vishaltandale00
8.5/10
โ Consensus
Implements a per-tool-call timeout to prevent agent hangs caused by indefinitely running tool calls, returning an error result to the model instead of hanging, and fixes a memory leak related to abort listeners.
Adds a configuration option to customize the user's display name in the webchat interface, allowing users to replace the default "You" label with a custom name.
Fixes outbound voice calls failing due to the Twilio webhook returning empty TwiML for calls that are not yet in 'in-progress' status, by ensuring valid TwiML (streaming or pause) is always returned.
Adds support for configuring the base URL of the Brave Search provider, allowing users to use local proxies, audit logs, or corporate network policies.
#18167
feat(web-search): add baseUrl support for Brave Search provider
@jkoprax
9.2/10
โ Consensus
#2
#13843
feat(web-search): allow overriding Brave Search base URL
@strelov1
8.1/10
โ Consensus
Fixes a bug where images pasted into webchat disappeared after sending because they were being sent with the full data URL instead of just the base64 content.
#8284
Fix: Webchat images now persist after sending
@vishaltandale00
7.5/10
โ Consensus
#2
#8284
Fix: Webchat images now persist after sending
@vishaltandale00
7.5/10
โ Consensus
Enables file downloads in the OpenClaw Chrome profile by calling the CDP Browser.setDownloadBehavior command after browser launch, configuring the download path to the user's default Downloads directory.
#8282
Fix: Enable browser downloads via CDP Browser.setDownloadBehavior
@vishaltandale00
7.0/10
โ Consensus
#2
#8282
Fix: Enable browser downloads via CDP Browser.setDownloadBehavior
@vishaltandale00
7.0/10
โ Consensus
Removes the redundant conversation transcript from the extraSystemPrompt in the voice response generator to avoid duplicated context, reduce token usage, and improve latency.
#8251
fix(voice-call): remove redundant transcript from extraSystemPrompt
@geodeterra
8.4/10
โ Consensus
#2
#8251
fix(voice-call): remove redundant transcript from extraSystemPrompt
@geodeterra
8.4/10
โ Consensus
Adds support for `payload.fallbacks` in isolated cron jobs, allowing users to specify a list of fallback models to use if the primary model fails, optimizing token costs and reducing latency.
Add a real-time Model Requests panel to the Control UI for monitoring model API calls with success/failure status, timing, token usage, and error details
#8522
feat(control-ui): Add Model Requests panel for real-time API monitoring
@GiantAxeWhy
7.1/10
โ Human Review
#2
#8522
feat(control-ui): Add Model Requests panel for real-time API monitoring
@GiantAxeWhy
7.1/10
โ Human Review
Persist session token totals by falling back to transcript usage parsing or a bounded token estimate when live usage metadata is missing, and improve transcript lookup reliability by passing session identifiers.
#8614
fix(browser): detect early chromium exit to prevent startup hang
@Wren-OC
7.5/10
โ Consensus
#2
#8614
fix(browser): detect early chromium exit to prevent startup hang
@Wren-OC
7.5/10
โ Consensus
Enhance Slack interaction handling by attributing confirmation messages to the acting user and exposing structured select entity arrays (users, channels, conversations) in the payload normalization.
#18467
Slack: expand advanced modal controls payloads and confirms
@Solvely-Colin
7.5/10
โ Consensus
#2
#18474
Slack: attribute interaction confirmations and structured selects
@Solvely-Colin
7.3/10
โ Human Review
Fixes a bug where cron jobs get stuck in the running state indefinitely after a timeout or crash by adding a timeout to the executeJob function, scheduling maintenance ticks, and reducing the stuck run time.
#16880
fix(cron): respect per-job timeoutSeconds in executeJob path (#16841)
@echoVic
9.0/10
โ Consensus
#2
#18144
fix(cron): clear stuck runningAtMs after timeout and add maintenance ticks
@taw0002
8.3/10
โ Consensus
Adds a CONTRIBUTING.md file to the documentation to provide guidelines for contributing to the OpenClaw documentation, including instructions on building a local preview, required frontmatter, style and writing tips, and the pull request process.
Implement per-model cooldown tracking for rate limit errors, allowing other models from the same provider to be used even if one model is rate-limited.
#9177
feat(media): add parakeet-mlx CLI output support
@mac-110
8.1/10
โ Human Review
#2
#9177
feat(media): add parakeet-mlx CLI output support
@mac-110
8.1/10
โ Human Review
Fixes a bug where new agent messages were not rendering in the Control UI after a successful chat.history WebSocket response due to missing properties in the GatewayHost type definition.
2 duplicatesbugfix
area: UI ยท confidence: 99.0%
Rank
Pull Request
Quality
Review
โญ#1
#9195
Fix: Control UI fails to render new messages after chat.history WebSocket response
@vishaltandale00
7.6/10
โ Consensus
#2
#9195
Fix: Control UI fails to render new messages after chat.history WebSocket response
@vishaltandale00
7.6/10
โ Consensus
Adds a link and embedded video of the freeCodeCamp OpenClaw tutorial to the documentation showcase page.
2 duplicatesdocs
area: docs ยท confidence: 100.0%
Rank
Pull Request
Quality
Review
โญ#1
#9151
Docs: add freeCodeCamp OpenClaw full tutorial to showcase
@kiankyars
8.6/10
โ Human Review
#2
#9151
Docs: add freeCodeCamp OpenClaw full tutorial to showcase
@kiankyars
8.6/10
โ Human Review
Configures the concurrency of the nested command lane in the gateway to prevent timeouts during `sessions_send` operations by increasing the number of concurrent tasks it can handle.
#9266
fix(gateway): configure nested lane concurrency to prevent sessions_send timeout
@100menotu001
8.4/10
โ Consensus
#2
#9266
fix(gateway): configure nested lane concurrency to prevent sessions_send timeout
@100menotu001
8.4/10
โ Consensus
Changes the default installation source for four channel plugins from npm to local to prevent 404 errors during setup due to the packages not being published to the npm registry.
2 duplicatesbugfix
area: onboarding and plugin installation ยท confidence: 100.0%
Rank
Pull Request
Quality
Review
โญ#1
#9196
Fix: Use local plugins for unpublished npm packages
@vishaltandale00
8.8/10
โ Consensus
#2
#9196
Fix: Use local plugins for unpublished npm packages
@vishaltandale00
8.8/10
โ Consensus
Strips dangerous environment variables like NODE_OPTIONS, LD_PRELOAD, and DYLD_INSERT_LIBRARIES from the base environment when executing commands on the host (gateway/node) via the exec tool to prevent unintended inheritance and potential security vulnerabilities.
#9200
Fix: Strip dangerous env vars from baseEnv in host execution
@vishaltandale00
8.3/10
โ Consensus
#2
#9200
Fix: Strip dangerous env vars from baseEnv in host execution
@vishaltandale00
8.3/10
โ Consensus
Prevents uncaught EPIPE exceptions during rapid systemd service restarts by safely writing to stdout, checking if the stream is writable and handling potential write errors.
Fixes plugin installation failure on Windows by adding `shell: true` option when spawning `.cmd` files, validating command arguments, and filtering out null/undefined arguments.
2 duplicatesbugfix
area: process execution ยท confidence: 96.0%
Rank
Pull Request
Quality
Review
โญ#1
#9250
Fix: Add shell:true for Windows .cmd files to prevent spawn EINVAL error
@vishaltandale00
8.8/10
โ Consensus
#2
#9250
Fix: Add shell:true for Windows .cmd files to prevent spawn EINVAL error
@vishaltandale00
8.8/10
โ Consensus
Implements resumable file uploads to Microsoft Teams for files larger than 4MB to improve reliability and prevent failures during large file transfers.
#9217
feat(msteams): implement resumable upload sessions for files >4MB
@hubertusgbecker
8.8/10
โ Consensus
#2
#9217
feat(msteams): implement resumable upload sessions for files >4MB
@hubertusgbecker
8.8/10
โ Consensus
Adds error handling around message processing in the Mattermost monitor to prevent crashes caused by malformed messages, logging errors and skipping the problematic messages to maintain monitor stability.
#9253
Fix: Feishu chat ID mismatch causing session context confusion
@vishaltandale00
8.2/10
โ Consensus
#2
#9253
Fix: Feishu chat ID mismatch causing session context confusion
@vishaltandale00
8.2/10
โ Consensus
Fixes a bug where the `openclaw gateway install` command on macOS ignores the node version managed by fnm/nvm and hardcodes the Homebrew node path in the launchd plist.
Prevents the webchat UI from crashing when a tool returns a large or circular object by sanitizing the tool's arguments before rendering and adding a try-catch block around the message building process.
Fixes a bug where WhatsApp QR codes were not rendering in the chat interface by allowing `` tags and `src` and `alt` attributes in the markdown sanitizer, and restricts image sources to data URLs for security.
Fixes a bug in the TUI where API responses were silently dropped when events arrived out of order or were duplicated after a runId was finalized, by ensuring that 'final' events are always processed even if the runId is in finalizedRuns.
#13016
fix(heartbeat): ignore session modelOverride when heartbeat.model is configured
@asklee-klawd
9.3/10
โ Consensus
#2
#9429
fix: skip session model override for heartbeat runs
@dbottme
8.5/10
โ Consensus
Corrects the fallback path used to locate the bundled Chrome extension directory in the CLI, ensuring it resolves to the correct location within the package's assets directory instead of potentially resolving to a location within node_modules.
2 duplicatesbugfix
area: CLI ยท confidence: 82.0%
Rank
Pull Request
Quality
Review
โญ#1
#10937
fix(browser): correct fallback path for bundled Chrome extension
@dddabtc
8.9/10
โ Consensus
#2
#9796
fix(cli): correct fallback path for bundled Chrome extension (#9772)
@lailoo
8.5/10
โ Human Review
Fixes a memory leak in the gateway process by clearing the `seqByRun` map when an agent run context is cleared, preventing unbounded growth of the map.
Updates the coding-agent skill documentation to use the `openclaw system event` command instead of the removed `openclaw gateway wake` command, and clarifies the event delivery semantics.
#10665
fix(docs): replace removed gateway wake with system event in coding-agent skill
@Yida-Dev
9.5/10
โ Consensus
#2
#11009
fix: Correct data path in SKILL.md (coding-agent)
@HenryLoenwind
9.1/10
โ Human Review
Adds internationalization (i18n) support to the UI, including English, Chinese (Simplified and Traditional), and Portuguese translations, with a language selector and persistent user preferences.
2 duplicatesfeature
area: UI ยท confidence: 82.0%
Rank
Pull Request
Quality
Review
โญ#1
#10657
feat(ui): add i18n support with English, Chinese, and Portuguese
@SalimBinYousuf1
7.4/10
โ Consensus
#2
#13622
feat(i18n): add complete multi-language support (EN, TR, FR, DE)
@vaur94
7.1/10
โ Consensus
Fixes a bug where the `session_status` tool displays incorrect thinking/reasoning levels by reading them from the session entry instead of defaulting to agent settings.
#10970
fix(session-status): pass session-level overrides to buildStatusMessage (#10867)
@lailoo
9.4/10
โ Consensus
#2
#10998
fix(agents): pass session thinking/reasoning levels to session_status display
@wony2
9.3/10
โ Consensus
Fixes a TypeError during Matrix media downloads by correctly destructuring the return value of `MatrixClient.downloadContent()` to access the media data buffer and propagates the content type.
#17559
fix: don't rotate auth profile on timeout during active tool use
@jg-noncelogic
8.7/10
โ Consensus
#2
#16554
fix(agent): prevent session deadlock on timeout during tool execution
@mverrilli
8.4/10
โ Consensus
Adds a configuration option to allow users to customize the OpenClaw instance name displayed in the Control UI title, improving identification of multiple instances.
#10991
feat(gateway): add configurable instance name for Control UI title
@Annaxiebot
9.0/10
โ Consensus
#2
#11528
feat(control-ui): configurable page title with hostname default
@Annaxiebot
7.4/10
โ Consensus
Fixes a bug where model fallback mechanism fails when fallbacks are configured at the agent level by checking agent-scoped fallbacks and forwarding fallbacksOverride to runEmbeddedPiAgent.
#11113
fix(memory-lancedb): preserve error cause in LanceDB load failure
@marezgui
8.0/10
โ Consensus
#2
#11405
fix(extensions): add cause to lancedb load errorfix(extensions): add cause to lancedb load error
@dinakars777
7.9/10
โ Consensus
Improves the mobile user experience of the chat compose area by restyling the layout for smaller screens, stacking elements vertically and making buttons full-width.
2 duplicatesstyle
area: UI ยท confidence: 86.0%
Rank
Pull Request
Quality
Review
โญ#1
#11167
style(chat): UI: add mobile layout for chat compose actions
Fixes a bug where Telegram update offsets were not scoped to the bot token, causing messages to be skipped after a token change by storing and validating the bot ID in the offset file.
#12472
fix(telegram): discard stale update offset after bot token swap
@Yida-Dev
9.3/10
โ Consensus
#2
#11347
fix: scope Telegram update offset to bot token
@owleyes
9.1/10
โ Consensus
Fixes a bug where isolated cron sessions were ignoring the `subagents.model` configuration, forcing users to explicitly specify the model in every cron job payload, and adds a test case to verify the fix.
#11869
feat: Multi-account Matrix plugin with accountId routing
@jacoblyles
8.1/10
โ Consensus
Fixes a cron job spin loop that occurs when a job completes within the same second it was scheduled, by ensuring the next run is always computed for the next second and adding a minimum re-fire gap.
#17967
fix(cron): prevent spin loop when job completes within firing second
@Operative-001
9.3/10
โ Consensus
#2
#18073
fix(cron): prevent spin loop when job completes within scheduled second
@widingmarcus-cyber
9.2/10
โ Consensus
Fixes an issue where the media stream auth token was being dropped by Twilio because it was passed as a URL query parameter, which Twilio silently strips, by passing the token via a TwiML Parameter element instead.
#12471
fix(voice-call): pass stream auth token via TwiML Parameter for Twilio Media Streams
@Yida-Dev
9.1/10
โ Consensus
#2
#11913
fix(voice-call): pass stream auth token via TwiML Parameter, not URL query
@jason-alvarez-git
8.9/10
โ Consensus
Fixes a session lock leak in the embedded runner that occurs when `waitForCompactionRetry()` hangs indefinitely after an aborted run, preventing proper cleanup and rendering the agent unresponsive.
Allows the openclaw-cli Docker container to connect to the openclaw-gateway Docker container by sharing the same network namespace, resolving connection issues when both are running in separate containers.
#12844
fix(llm-task): use correct import path for built/npm installs
@scout-wolfe
9.0/10
โ Consensus
#2
#13176
fix: resolve llm-task module import for global installs
@striking
9.0/10
โ Consensus
Add a production-ready WeCom (WeChat Work / ไผไธๅพฎไฟก) Channel plugin for OpenClaw, enabling support for the most important enterprise messaging ecosystem in China
Fixes a bug where the compaction-safeguard extension was not loading in embedded Pi sessions, causing `ctx.model` to be undefined during compaction, and adds a fallback mechanism to provide a transcript-based summary when summarization fails.
#13956
fix(web-search): fix grok web search returning empty content
@seraphg
9.0/10
โ Consensus
#2
#13327
fix(tools): find message output in Grok web_search response
@nezovskii
7.0/10
โ Consensus
Fixes a bug where the `systemPrompt` field returned by the `before_agent_start` hook was being ignored, preventing plugins from modifying the system prompt.
#14940
fix(googlechat): convert Markdown formatting to Google Chat markup
@brandonwise
8.4/10
โ Consensus
#2
#15172
fix(googlechat): convert Markdown formatting to Google Chat markupfix(googlechat): convert Markdown formatting to Google Chat markup
@EnzoGaillardSystems
8.1/10
โ Consensus
Fixes a bug where peer-based routing bindings would fail to match when a channel plugin sent `peer.kind = 'dm'` instead of `'direct'` due to asymmetric normalization of the peer kind.
#14888
fix(routing): normalize peer.kind in matchesPeer for symmetric comparison
@omair445
9.4/10
โ Consensus
#2
#14820
fix: normalize peer.kind in routing to handle dm/direct variants
@superlowburn
8.8/10
โ Consensus
Fixes a bug where stale token counts after compaction could trigger unnecessary memory flushes, by resetting totalTokens to zero when a post-compaction token estimate is unavailable.
#15173
fix(session): reset totalTokens after compaction when estimate unavailablefix(session): reset totalTokens after compaction when estimate unavaiโฆ
@EnzoGaillardSystems
8.4/10
โ Human Review
#2
#15196
fix: clear stale token totals after compaction
@bufordtjustice2918
6.3/10
โ Consensus
Improves the Chrome extension relay's connection resilience by adding auto-reconnect, state persistence, a keepalive mechanism, and improved tab lifecycle management to address connection drops and data loss issues.
#15901
fix: preserve Google Chat space ID case for API replies
@echoVic
8.3/10
โ Human Review
#2
#15902
fix: pass all Slack file attachments to agent, not just first
@echoVic
5.9/10
โ Human Review
Updates the systemd unit file with the correct service version after an update, preventing stale version information from being displayed and adding a check to `openclaw doctor` to detect version mismatches.
#16016
fix: update systemd unit version on gateway restart
@jbold
8.8/10
โ Consensus
#2
#16185
fix: patch systemd unit version before service restart
@nozh
8.7/10
โ Consensus
Adds Kubernetes deployment configurations, including a Helm chart and Kustomize overlays, to facilitate the deployment and management of OpenClaw within a Kubernetes environment.
Adds support for processing image attachments in the OpenAI chat completions endpoint by extracting base64 encoded images from the request and passing them to the agent command.
#16346
feat: support image attachments in OpenAI chat completions endpoint
@sh1nj1
8.8/10
โ Consensus
#2
#16777
feat(gateway): add multimodal image support to /v1/chat/completions
@dzianisv
8.6/10
โ Consensus
Adds a new 'create_from_markdown' action to the Feishu doc tool, allowing the creation of documents from Markdown content via the Feishu import task API.
#16592
feat(feishu): add write mode import for markdown documents
@ciberponk
8.6/10
โ Consensus
Fixes a bug in the web UI where extra newlines were being injected into assistant messages when tool output was hidden, causing inconsistent formatting.
2 duplicatesbugfix
area: UI ยท confidence: 83.0%
Rank
Pull Request
Quality
Review
โญ#1
#16873
Fix extra newlines in web UI when thinking toggle is off
@niceysam
9.5/10
โ Consensus
#2
#16733
fix(ui): avoid injected newlines when tool output is hidden
@jp117
9.4/10
โ Consensus
Fixes a regression where the `exec` tool returns empty output on Windows Scheduled Tasks due to detached process spawning preventing stdout/stderr pipes from connecting, by conditionally disabling detached mode on Windows.
2 duplicatesbugfix
area: process ยท confidence: 83.0%
Rank
Pull Request
Quality
Review
โญ#1
#18067
fix(process): disable detached spawn on Windows to fix empty exec output
@arosstale
9.2/10
โ Consensus
#2
#17862
fix: Windows exec returns empty output when pty=false
@MisterGuy420
8.4/10
โ Human Review
Correctly classify statements containing the word 'need' as 'preference' within the memory-lancedb extension.
#16678
fix(memory-lancedb): classify need statements as preference
@ciberponk
9.1/10
โ Consensus
#2
#16703
fix(memory-lancedb): classify important statements as preference
@ciberponk
9.1/10
โ Consensus
Enables default rate limiting for authentication endpoints in the gateway to prevent brute-force attacks, while allowing explicit disabling of rate limiting.
#16881
fix(gateway): enable auth rate limiting by default
@Limitless2023
5.3/10
โ Human Review
Correctly classify Czech 'preferuji' statements as 'preference' in the memory-lancedb extension by updating the category detection logic to align with the capture logic.
#12499
fix(config): add missing customBindHost to gateway Zod schema
@sfo2001
9.5/10
โ Consensus
#2
#16192
fix(config): add customBindHost to gateway zod schema (#5435)
@Glucksberg
9.4/10
โ Consensus
Fixes a bug where Telegram HTML formatter produces empty output for certain markdown constructs, leading to message delivery failure, by adding fallbacks to plain text and auto-detecting markdown tables.
#17769
fix(telegram): preserve reply text in threaded mode dispatch
@Glucksberg
9.3/10
โ Consensus
#2
#17629
fix(telegram): fall back to plain text when HTML formatter produces empty output
@Glucksberg
8.6/10
โ Consensus
Fixes a bug where parsing Docker bind mounts on Windows would incorrectly truncate the host path due to drive letters containing colons, leading to incorrect filesystem path resolution in the sandbox environment.
#17955
fix(sandbox): parse Windows bind mounts in fs-path mapping
@Clawborn
9.2/10
โ Consensus
#2
#13873
fix(sandbox): prevent Windows PATH from poisoning docker exec
@alessandrorodi
8.8/10
โ Consensus
Fixes sandbox path validation to allow access to files within Docker bind mount host paths, enabling sandboxed agents to use read, write, and edit tools on those files.
#16509
Fix sandbox path validation rejecting Docker bind mount paths
@Clawborn
8.1/10
โ Human Review
#2
#16389
fix: allow Docker bind mount paths in sandbox tools
@Limitless2023
7.7/10
โ Consensus
Fixes an issue where the zsh completion script would fail if `compinit` was not initialized before the script was sourced, by adding a check and initialization of `compinit` within the script itself.
2 duplicatesbugfix
area: cli ยท confidence: 88.0%
Rank
Pull Request
Quality
Review
โญ#1
#17325
fix(completion): avoid zsh compdef error when compinit is not initialized
@ephelia-ai
9.4/10
โ Consensus
#2
#17922
fix(completion): initialize compinit when compdef is unavailable
@Clawborn
8.6/10
โ Consensus
Adds a staleness check to the cron job execution to prevent jobs from being permanently blocked if a previous execution crashed without clearing the running marker, allowing manual triggers to proceed after a timeout.
#17895
fix(cron): add staleness check for runningAtMs on manual trigger
@PlayerGhost
9.2/10
โ Consensus
#2
#12018
fix(cron): clear stale running markers based on job timeout
@benzer25
6.5/10
โ Consensus
Adds a configuration option to allow users to specify extra command-line arguments when launching Chrome, enabling customization like stealth flags and user-agent overrides.
#15690
feat(browser): add browser.args config field for custom Chrome launch flags (#14803)
@lailoo
9.2/10
โ Consensus
#2
#18443
feat(browser): add extraArgs config for custom Chrome launch args
@JayMishra-source
9.1/10
โ Consensus
Implements per-thread session keys for Slack channels and groups to prevent context mixing, fixes a bug where the previousTimestamp was not correctly read from the thread-level session, and increases the thread cache TTL and max entries.
#17908
fix(slack): per-thread session keys to prevent context mixing
@tonydehnke
8.9/10
โ Consensus
#2
#10686
fix(slack): use thread-level sessions for channels to prevent context mixing
@pablohrcarvalho
8.3/10
โ Consensus
Improves gateway restart performance by skipping cache-busting for bundled hook imports, allowing V8 to reuse its module cache, and using file modification time for other hook types to only re-parse when necessary.
#16960
perf: skip cache-busting for bundled hooks, use mtime for workspace hooks
@mudrii
9.1/10
โ Consensus
#2
#17053
perf(hooks): skip cache-busting for immutable bundled hooks
@Limitless2023
4.8/10
โ Consensus
Refactor duplicated allowlist normalization logic from Slack, Signal, and iMessage monitors into a shared helper function to reduce code duplication and improve maintainability.
Adds the ability to configure compaction settings on a per-agent basis, overriding the global defaults, allowing for more granular control over memory management for different agent types.
#14598
feat: support per-agent compaction overrides in agents.list[]
@curtismercier
8.6/10
โ Consensus
#2
#14487
feat(config): support per-agent compaction overrides (#14446)
@lailoo
8.6/10
โ Consensus
Adds a human-readable timestamp to the inbound_meta.v1 payload to provide agents with continuous time awareness during long chat sessions, improving their ability to track time and avoid time-related errors.
#16403
feat: add readable timestamp to inbound_meta.v1 payload
@mcinteerj
8.6/10
โ Consensus
#2
#17017
feat(auto-reply): make agent time-aware with message timestamps
@liuy
7.9/10
โ Consensus
Adds support for configuring a primary heartbeat model with a chain of fallback models to be used if the primary model fails, along with different fallback strategies and state persistence to track the current fallback model.
#9486
feat(heartbeat): support primary/fallbacks model config
@sauerdaniel
8.0/10
โ Consensus
#2
#16289
feat: heartbeat model fallback chain support
@Unwatched2345
7.8/10
โ Consensus
Fixes a gateway crash caused by unhandled promise rejections when the Telegram getFile API fails due to network issues by adding error handling to the immediate-flush path in the inbound debouncer.
#12870
fix: recover from telegram fetch errors (issue #12835)
@ambicuity
8.7/10
โ Consensus
Increase the timeout for fetching attachments in the Signal integration to 30 seconds to prevent AbortErrors on slower connections or for larger attachments.
2 duplicatesbugfix
area: signal ยท confidence: 89.0%
Rank
Pull Request
Quality
Review
โญ#1
#16573
fix(signal): increase attachment fetch timeout to 30s (#16545)
@robbyczgw-cla
8.6/10
โ Human Review
#2
#6576
fix(signal): increase attachment fetch timeout to 60s
@rwarettg
8.0/10
โ Consensus
Fixes a bug where the WhatsApp Web channel would fail to start if the initial connection attempt resulted in a DNS or network error, by ensuring the reconnect loop handles initial connection failures.
2 duplicatesbugfix
area: WhatsApp Web gateway ยท confidence: 86.0%
Rank
Pull Request
Quality
Review
โญ#1
#9727
fix(whatsapp): retry reconnect loop on initial connection failure
@luizlf
9.0/10
โ Consensus
#2
#14484
fix(whatsapp): catch connection-phase errors in reconnect loop
@onthway
8.5/10
โ Consensus
Fixes a crash after `openclaw update` by spawning a new process for daemon restart and post-update doctor command to avoid stale module references due to content-hashed filenames.
2 duplicatesbugfix
area: cli ยท confidence: 88.0%
Rank
Pull Request
Quality
Review
โญ#1
#17251
fix(cli): spawn new process for daemon restart after update
@CornBrother0x
8.7/10
โ Consensus
#2
#17388
fix: spawn new process for daemon restart after update to avoid module loading errors
@Limitless2023
8.5/10
โ Consensus
Fixes a bug where third-party memory plugins were incorrectly displayed as 'unavailable' in the `openclaw status` command by probing the plugin's status via gateway RPC or marking it as 'active' if the gateway is unreachable.
2 duplicatesbugfix
area: status command ยท confidence: 86.0%
Rank
Pull Request
Quality
Review
โญ#1
#14466
fix(status): report memory status for all memory plugins (#14261)
@lailoo
9.4/10
โ Consensus
#2
#12596
fix(status): show third-party memory plugins as active instead of unavailable
@nhadaututtheky
9.0/10
โ Consensus
Suppress file-size error replies in Telegram groups when `requireMention` is enabled and the bot is not mentioned, preventing multiple bots from spamming the same error message.
#17081
fix(telegram): suppress file-size error replies in groups when bot is not mentioned
@p697
9.1/10
โ Consensus
#2
#17138
fix: skip file size error in Telegram groups when requireMention is enabled
@Limitless2023
4.7/10
โ Consensus
Adds support for the Gemini embedding model and a configurable base URL for OpenAI-compatible APIs to the memory-lancedb plugin, and fixes a TUI crash related to terminal width overflow.
#17701
fix(memory-lancedb): add gemini-embedding-001 and baseUrl support
@Phineas1500
8.7/10
โ Consensus
#2
#17696
fix(memory-lancedb): add gemini-embedding-001 and baseUrl support
@aldoeliacim
8.7/10
โ Consensus
Improve the security of OpenClaw by providing guidance on redacting sensitive information in security reports and offering a quick hardening checklist for users.
#12062
docs: Add security hardening guide for OpenClaw configurations
@wlshlad85
7.7/10
โ Consensus
Enforce consistent Slack Block Kit validation across all message sending and editing paths, including runtime calls, to ensure payload integrity and prevent errors.
#18416
Slack: validate runtime blocks in send and edit paths
@Solvely-Colin
7.9/10
โ Human Review
Prevents binary audio files from being incorrectly identified as UTF-16 text during file extraction, which would lead to garbage data being injected into the context window.
#5588
fix(media): skip binary audio in file extraction to prevent false UTF-16 detection
@NSEvent
9.3/10
โ Consensus
#2
#7454
fix: skip UTF-16 heuristic for audio/video/image MIME types (#7444)
@gavinbmoore
8.7/10
โ Consensus
Fixes a race condition in webchat streaming where tool events could arrive before the preceding text, causing text truncation or incorrect positioning by flushing the text buffer before broadcasting tool start events.
#14946
fix(webchat): accumulate text across blocks in streaming buffer
@mcaxtr
8.6/10
โ Consensus
#2
#5681
fix(gateway): flush text buffer before tool events in webchat
@MaudeBot
8.0/10
โ Consensus
Fixes a bug where LLM slug generation fails in environments without Anthropic configured by using the configured default agent model instead of defaulting to Anthropic.
#15574
fix(hooks): use configured model for llm slug generation (#15510)
@TsekaLuk
9.3/10
โ Consensus
#2
#5945
fix: use configured model for slug generator (AI-assisted)
@HEDELKA
7.7/10
โ Consensus
Fixes a bug where the `/status` command would not reflect the thinking level set by a `/think` command in the same message when used in the directive-only path.
#16700
fix: /status shows stale thinking level after directive change
@cmfinlan
8.9/10
โ Consensus
#2
#5992
Fix: /status shows correct think level when used with /think (fixes #5919)fix(auto-reply): /status shows correct think level when combined withโฆ
@simran122
8.5/10
โ Consensus
Adds configuration options to customize the auto-compaction process, allowing users to specify custom instructions for the summary and override the model used for compaction.
#11089
feat(compaction): support customInstructions and model override for auto-compaction
@p697
8.8/10
โ Consensus
#2
#11970
feat: add model.compact config for dedicated compaction model
@meaadore1221-afk
6.8/10
โ Human Review
Preserve Web UI scopes when allowInsecureAuth is enabled to fix a 'missing scope: operator.read' error when accessing the Web UI over LAN (plain HTTP) without device authentication.
#17681
fix: preserve Web UI scopes when allowInsecureAuth is enabled
@peteropenclaw
9.1/10
โ Consensus
#2
#16866
fix: preserve scopes when shared-auth succeeds (Web UI LAN access)
@MisterGuy420
8.7/10
โ Consensus
Prevent the `formal-conformance` CI workflow from failing on fork PRs due to GitHub token restrictions when attempting to post PR comments, while still uploading the drift artifact.
2 duplicatesconfig
area: CI workflows ยท confidence: 82.0%
Rank
Pull Request
Quality
Review
โญ#1
#17426
ci(formal): don't fail on fork PRs when PR comment is blocked
@mitre88
9.4/10
โ Consensus
#2
#17056
ci(formal): use step summary instead of PR comment for drift notification
@LucasAIBuilder
7.9/10
โ Consensus
Fixes a cold-start race condition in `lookupContextTokens` by adding a synchronous fallback cache populated from the user's config file, ensuring the correct context window is used before the async model discovery cache is populated.
#12270
fix: add synchronous config fallback to lookupContextTokens
@Yida-Dev
9.3/10
โ Consensus
#2
#12195
fix(agents): sync config fallback for lookupContextTokens cold-start race
@mcaxtr
9.1/10
โ Consensus
Fixes a race condition on Windows where concurrent reads of the session store file can observe a truncated or empty file during writes, leading to loss of session context, by implementing atomic writes using a temporary file and rename operation, and adding retry logic for both read and write operations.
2 duplicatesbugfix
area: session store ยท confidence: 86.0%
Rank
Pull Request
Quality
Review
โญ#1
#16542
fix(sessions): use atomic temp+rename write on Windows
@aldoeliacim
8.7/10
โ Consensus
#2
#18347
fix: atomic session store writes to prevent context loss on Windows
@twcwinston
8.4/10
โ Consensus
Formats timestamps in the `sessions_history` tool output using the user's configured timezone, falling back to the host timezone if none is configured, and handles potentially invalid timestamps gracefully.
#12268
fix: format sessions_history timestamps using configured userTimezone
@mcaxtr
9.1/10
โ Consensus
#2
#12358
fix: Sessions format timestamps in sessions_history using userTimezone
@xialonglee
9.0/10
โ Consensus
Fixes an issue where sandbox agents cannot resolve container-absolute paths and rewrites bundled skill paths to workspace-local copies when running inside a sandbox.
Fixes a bug where Discord messages from unconfigured channels were incorrectly dropped when `groupPolicy` was set to 'open' and a partial channel configuration existed.
#17513
fix(discord): respect groupPolicy in channel config fallback (#4555)
@aronchick
9.6/10
โ Consensus
#2
#15816
fix(discord): respect groupPolicy "open" in channel allowed checks
@arosstale
8.5/10
โ Consensus
Allow plugins to override the model selection for an agent run using the `before_agent_start` hook, enabling use cases like cost-optimizing model routers and A/B testing.
#14647
feat(plugins): allow before_agent_start hook to override model (#14585)
@lailoo
8.5/10
โ Consensus
#2
#17614
feat: allow before_agent_start hook to override model selection
@plc
7.9/10
โ Consensus
Configures Mattermost to render Markdown tables natively by default instead of wrapping them in code blocks, and adds tests to verify the configuration and overrides.
Fixes a bug where the LINE channel status check incorrectly reports the channel as unconfigured when credentials are provided via files by using the `configured` flag from the `ChannelAccountSnapshot` instead of attempting to read credentials directly from the snapshot.
2 duplicatesbugfix
area: LINE channel plugin ยท confidence: 93.0%
Rank
Pull Request
Quality
Review
โญ#1
#11110
fix(line): false 'not configured' warnings when tokenSource=file
@lailoo
9.4/10
โ Consensus
#2
#10487
fix(line): use snapshot configured flag in collectStatusIssues
@mcaxtr
9.2/10
โ Consensus
Fixes a bug where verbose tool output was missing the file path when the tool used the 'file_path' alias instead of 'path' in its arguments, and adds tests to ensure both 'path' and 'file_path' are handled correctly, with 'path' taking precedence.
#13665
feat(web-search): add SearXNG as a search provider
@sfo2001
8.8/10
โ Consensus
#2
#16895
feat(web-search): add SearXNG as a search provider
@rustyorb
7.1/10
โ Human Review
Updates the diagnostics-otel plugin to be compatible with version 2.x of the @opentelemetry/resources package by using the resourceFromAttributes function instead of the Resource class constructor.
#11957
fix(diagnostics-otel): use @opentelemetry/resources v2 API
@scott-memco
9.1/10
โ Consensus
#2
#2574
fix(diagnostics-otel): update to @opentelemetry/resources v2.x API
@dillera
8.3/10
โ Human Review
Fixes a bug where chat messages were written to a different session than they were read from due to inconsistent use of session keys, causing messages to not appear in chat history.
#3182
fix(gateway): use canonical session key in chat.send
@chrisherold
8.0/10
โ Consensus
#2
#3182
fix(gateway): use canonical session key in chat.send
@chrisherold
8.0/10
โ Consensus
Prevents corrupted agent session transcripts by dropping toolResult messages that do not have a corresponding pending tool call, thus avoiding 'No tool call found' loops.
Refactors the GatewayDiscoveryModel to use structured concurrency with `Task` instead of `Task.detached` to ensure proper actor context inheritance and cancellation handling within the MainActor context.
#3424
Use structured concurrency instead of Task.detached in GatewayDiscoveryModel
@abhijeet117
8.1/10
โ Consensus
#2
#3424
Use structured concurrency instead of Task.detached in GatewayDiscoveryModel
@abhijeet117
8.1/10
โ Consensus
Fixes a TypeError on Matrix bot startup when E2EE is enabled and the crypto SDK does not have the `requestOwnUserVerification` function by adding a runtime check for the function's existence.
#2902
fix(matrix): check if requestOwnUserVerification exists before calling
@dokterdok
9.1/10
โ Consensus
#2
#2902
fix(matrix): check if requestOwnUserVerification exists before calling
@dokterdok
9.1/10
โ Consensus
Clarify in the Discord skill documentation that Discord search does not support boolean operators and suggest alternative approaches for searching multiple terms.
#3402
docs(discord): clarify search doesn't support OR/AND operators
@pvoo
9.1/10
โ Human Review
#2
#3402
docs(discord): clarify search doesn't support OR/AND operators
@pvoo
9.1/10
โ Human Review
Fixes OAuth credential extraction for the Google Gemini CLI when installed via version managers like mise by resolving shims and expanding search paths for the oauth2.js file.
#3521
fix(gemini-auth): handle mise shims and nested node_modules paths
@sebslight
6.7/10
โ Consensus
#2
#3521
fix(gemini-auth): handle mise shims and nested node_modules paths
@sebslight
6.7/10
โ Consensus
Fixes a crash in the macOS app caused by SwiftPM resource bundles not being located correctly within the app bundle's resource directory by patching the generated Swift code to use `resourceURL` instead of `bundleURL`.
#3337
fix(macos-app): patch SwiftPM Bundle.module accessor for app bundle
@skymoore
7.7/10
โ Human Review
#2
#3337
fix(macos-app): patch SwiftPM Bundle.module accessor for app bundle
@skymoore
7.7/10
โ Human Review
Improves the reliability of the autoCapture feature in the memory-lancedb extension by correctly identifying and capturing relevant user and assistant messages, even when autoRecall is enabled and injecting context into the messages.
#15896
fix(memory-lancedb): capture even with injected recall context
@aelaguiz
8.6/10
โ Consensus
#2
#3401
fix(memory-lancedb): improve autoCapture with turn-by-turn processing
@mike-nott
8.5/10
โ Consensus
Fixes a bug where one-shot cron jobs with `deleteAfterRun: true` would enter an infinite loop if they were skipped or failed, by ensuring they are deleted regardless of their execution status.
#3693
fix(cron): delete deleteAfterRun jobs regardless of execution status
@HirokiKobayashi-R
9.3/10
โ Consensus
#2
#11657
fix(cron): treat skipped heartbeat as ok for one-shot jobs
@DukeDeSouth
9.1/10
โ Consensus
Fixes a configuration validation error in Docker deployments caused by the missing memory-core plugin by ensuring its dependencies are installed during the Docker image build process.
Fixes intermittent sandbox execution failures by using an absolute path for the shell and adds the ability to allow reads from specific directories outside the workspace root via an allowlist.
Fixes compatibility issues with OpenTelemetry v2.x API in the diagnostics-otel plugin, addressing Resource constructor, Semantic Conventions, and LoggerProvider API changes.
#11530
diagnostics-otel: fix OpenTelemetry v2 resource/logs API compatibility
@erain
8.4/10
โ Consensus
Fixes deployment issues in containerized environments by updating the Docker Compose configuration to build the image from source and use the correct volume mount path, resolving image pull failures and EBUSY errors.
#3965
Fix Docker Compose configuration for moltbot deployment
@YoByron
8.4/10
โ Consensus
#2
#3965
Fix Docker Compose configuration for moltbot deployment
@YoByron
8.4/10
โ Consensus
Prevents OpenAI-compatible clients from crashing when the SSE stream terminates by ensuring a final `chat.completion.chunk` with a `finish_reason` is sent before `data: [DONE]` and improves compatibility with older client payload formats.
#4300
Gateway: prevent OpenAI-compatible client crash on SSE termination
@perryraskin
8.1/10
โ Consensus
#2
#4300
Gateway: prevent OpenAI-compatible client crash on SSE termination
@perryraskin
8.1/10
โ Consensus
๐งญ Vision Alignment
How well each PR aligns with the project's stated architecture and goals. Low scores indicate potential drift.
#11191feat: REALLYopenClaw JAILBREAK - disable global gateway lock by default@latamapac
CLOSE1.3/10
Rebrands the project as 'REALLYopenClaw' which conflicts with the established OpenClaw identity and branding
Changes fundamental architecture by disabling the gateway lock by default, which may compromise the 'personal, single-user assistant' vision stated in README
Introduces fork-specific installation instructions that diverge from the documented npm package distribution model
Uses inflammatory language ('THE GOOD TWIN', 'JAILBREAK') that conflicts with the project's professional tone
Removes the single-gateway guarantee which appears to be an intentional architectural decision for a personal assistant
This PR fundamentally rebrands the project and changes core architectural behavior (gateway locking) in ways that directly conflict with OpenClaw's vision as a personal, single-user assistant.
#17976Update print statement from 'Hello' to 'Goodbye'@canarylumen-droid
CLOSE1.7/10
Removes 549 lines from README.md while only adding 1 line, suggesting massive deletion of project documentation
Changes a print statement from 'Hello' to 'Goodbye' which appears unrelated to OpenClaw's core functionality as a personal AI assistant
PR template is completely unfilled despite being required - no problem description, scope, security impact, or verification provided
Massive file changes (+1/-549) with trivial description suggests either accidental changes or potential malicious intent
No clear connection to OpenClaw's stated goals of being a personal AI assistant with channel integrations
This PR appears to delete most of the README documentation while making an unexplained trivial change, with no proper justification or completed PR template.
#7315Launch: SotyBot v0.1.0 MVP - The Open Agent Engine@descambiado
CLOSE1.3/10
Completely replaces OpenClaw with a different project called 'SotyBot'
Changes from Node.js/TypeScript to Python/FastAPI architecture
Removes all existing OpenClaw functionality including channels (WhatsApp, Telegram, Slack, Discord, etc.)
Eliminates the personal AI assistant vision in favor of a generic 'Open Agent Engine'
Removes established branding, documentation, and project identity
This PR completely replaces the OpenClaw project with an entirely different project (SotyBot), fundamentally conflicting with the established vision of a personal AI assistant and breaking all existing functionality.
Contains embedded authentication tokens in agente.txt which violates security practices
Adds debug telemetry fetch() calls in production gateway message handler hot path
Includes keystroke injection Arduino code (openclaw_ducky.ino) unrelated to AI assistant functionality
Bypasses command enforcement security policies with 'temporary bypass' comments
Commits IDE debug logs (.cursor/debug.log) containing sensitive session data
This PR contains multiple security vulnerabilities including committed secrets, debug hooks in production code, and security policy bypasses that fundamentally conflict with OpenClaw's vision as a secure personal AI assistant.
#13655acceptAdd nixpacks configuration for Python and Node.js@Manosage67
CLOSE1.7/10
Fundamentally misunderstands OpenClaw as a Python project when it's Node.js/TypeScript
Incorrect start command - should be 'node openclaw.mjs gateway' not 'python3 -m openclaw.app'
Skips critical build steps (pnpm build, pnpm ui:build) that are required per README
Uses --no-frozen-lockfile instead of --frozen-lockfile which violates project conventions
This PR is based on a fundamental misunderstanding of the project architecture and would break deployment completely by treating a Node.js application as a Python project.
#9829Fix MCP transport reconnect and SSE header handling@mabengda
CLOSE2.3/10
Removes critical safety constraint 'Don't exfiltrate private data. Ever.' which conflicts with OpenClaw's personal AI assistant vision
Weakens 'ask first' boundaries by removing 'Anything that leaves the machine' and 'Anything you're uncertain about'
Adds concerning guidance to 'access user's data as much as possible' which could violate privacy expectations
Changes group chat behavior from 'not their proxy' to 'you are their proxy' which fundamentally alters the assistant's role
Removes reaction moderation guidance ('One reaction per message max') that helps maintain appropriate social behavior
This PR significantly weakens safety guardrails and privacy protections in a template that directly controls AI assistant behavior, fundamentally conflicting with OpenClaw's vision of a trustworthy personal assistant.
PR has no description explaining purpose or changes
Shows +0/-0 changes across 0 files indicating no actual code changes
Violates contributing guidelines requiring description of 'what & why'
Does not follow the project's expectation for focused PRs with clear purpose
Appears to be an empty or malformed PR that adds no value
This PR contains no actual changes and lacks any description, violating the project's contributing guidelines that require explaining what and why for each PR.
Removes critical OpenClaw-specific configuration including NODE_ENV=production, OPENCLAW_STATE_DIR=/data, and gateway process command
Changes service port from 3000 to 8080 breaking documented deployment guide
Removes persistent /data volume mount breaking state persistence
Removes Dockerfile build configuration
Changes app name from 'openclaw' to generic 'app-muddy-snow-1764'
This PR replaces working OpenClaw Fly.io configuration with a generic template that removes essential deployment settings and breaks documented functionality.
Introduces P2P/decentralized architecture that conflicts with OpenClaw's stated vision as a 'personal AI assistant you run on your own devices'
Adds external dependencies and infrastructure (BitTorrent, GitHub Gists) that contradict the local, self-contained nature described in the README
Creates security risks by requiring users to share GitHub tokens with external parties
Implements non-functional code with missing dependencies (axios) and unimplemented tool references
Introduces 'collective AGI' concepts that diverge from OpenClaw's focus on personal assistance
This PR fundamentally conflicts with OpenClaw's vision as a personal, local AI assistant by introducing decentralized infrastructure and collective intelligence features that contradict the project's core architecture and security model.
#18255Fix memory vector store dimension mismatch by resetting index@Clawborn
CLOSE2.5/10
The PR bundles 6 unrelated fixes into a single PR, violating the repository's commit guidelines.
The PR includes changes to multiple channels (Slack, Telegram, Discord) without a clear connection to the main issue being addressed.
The PR lacks a clear explanation of how the changes relate to the project's vision and goals.
The PR bundles multiple unrelated fixes, violating the contribution guidelines (CONTRIBUTING.md) which state 'Keep PRs focused (one thing per PR)'.
The PR includes changes to Slack, Telegram, Discord, and process management, which are not directly related to the stated primary focus areas of stability, UX, skills, and performance (CONTRIBUTING.md).
While the PR addresses a specific issue, it lacks focus and includes unrelated changes, making it difficult to review and understand the impact on the project.
Introduces duplicate imports that will prevent compilation, contradicting the project's emphasis on stability
Uses incorrect function signature for runCommandWithTimeout that will cause runtime crashes
Creates a mismatch between test mocks and production code by removing runDaemonRestart without updating tests
Despite claiming to fix syntax errors, actually introduces new blocking compilation and runtime issues
Introduces new compilation and runtime errors, conflicting with the project's stability goals.
This PR introduces compilation-breaking duplicate imports and runtime-crashing function calls, directly conflicting with the project's current stability focus and basic code quality standards.
PR description mentions only PowerShell changes but includes unrelated code style changes
Minor style changes (early returns) weren't mentioned in the description
Could have been more explicit about the security implications of ExecutionPolicy Bypass
The PR introduces several unrelated behavioral changes such as a SmartRouter system, smart rate limit retry behavior, and a context-optimizer without explicit feature gating.
These changes introduce new network and cache behavior, which could affect the stability and performance of the system, diverging from the current focus on stability and performance optimization.
This PR directly addresses Windows compatibility issues that align with the project's cross-platform goals and stability focus, with the ExecutionPolicy Bypass being a standard solution for PowerShell execution problems.
#7030feat: add line balancing animation for Double End M12 Cable Assembly@ceasarcapuno
CLOSE3.0/10
Adds manufacturing line balancing visualization completely unrelated to personal AI assistant functionality
No connection to OpenClaw's core purpose of AI chat/messaging across channels
Introduces domain-specific industrial engineering content that conflicts with the project's AI assistant vision
Large standalone HTML file doesn't follow the project's modular architecture patterns
No integration with OpenClaw's gateway, channels, models, or agent systems
This PR adds manufacturing line balancing functionality that has no relationship to OpenClaw's vision as a personal AI assistant for messaging channels.
PR only adds documentation without implementing the actual fixes described
No code changes to improve validation error messages or enforce authentication
Creates a contribution tracking file instead of solving the underlying technical issue
PR title contains a typo ('messag' instead of 'message')
Does not follow the project's expectation of focused, implementable changes
This PR documents an issue analysis but implements no actual fixes, failing to deliver the validation improvements and security enhancements it describes.
Critical runtime failure - core-memories package has no implementation despite being integrated into auto-reply flow
Violates dependency management guidelines by moving extension-only dependencies to root package.json
Introduces a major feature without prior discussion as recommended in CONTRIBUTING.md
Removes GitHub App token dependency without clear justification
Large scope change (+2398/-52 lines) that should have been broken into focused PRs
The PR introduces a critical runtime failure by integrating an unimplemented core-memories package and violates established dependency management guidelines.
#14469feat: Add automatic pnpm install to shell hook@marcoziti
CLOSE3.0/10
Introduces a full flake.nix with demo-style description and unused inputs (process-compose, services-flake, northwind) that don't relate to OpenClaw
shellHook persistently modifies user npm config with 'npm set registry' which affects global state
Runs 'pnpm install' unconditionally on every shell entry, causing network calls and potential repo mutations
The scope is much broader than described - creates entire development environment rather than just adding pnpm install
Includes commented-out PostgreSQL services configuration unrelated to OpenClaw's core functionality
While the intent to improve developer experience aligns with project goals, the implementation introduces significant scope creep with persistent side effects and unused infrastructure that conflicts with the focused, personal AI assistant vision.
#15941fix(sessions): allow session file paths from other agents' sessions dirs@LiJianLi128
CLOSE2.7/10
Introduces a critical security vulnerability by using insufficient path validation (substring matching instead of proper prefix checking)
Could allow path traversal attacks to access arbitrary files outside OpenClaw directories
The validation logic allows any path containing 'agents' and ending with 'sessions', which is too permissive
No discussion or architectural review mentioned for this security-sensitive change
Conflicts with security best practices that should be core to a personal AI assistant
This PR introduces a serious security vulnerability that could allow unauthorized file access, which directly conflicts with the security requirements of a personal AI assistant.
Fundamentally changes the project identity from 'OpenClaw' to 'openclaw-local' fork
Contradicts the documented focus on cloud providers (Anthropic Pro/Max + Opus 4.6 strongly recommended)
Changes default behavior from documented Anthropic/OpenAI OAuth setup to local Ollama
Removes substantial CI infrastructure that ensures cross-platform compatibility
Alters funding and branding elements without maintainer consensus
This PR creates a fundamental fork that changes the project's identity, default behavior, and recommended setup path, which conflicts with the documented vision of a premium cloud-based personal assistant.
#17648fix: Discord guild channel detection using rawMessage.guild_id@MisterGuy420
CLOSE2.7/10
PR title and description are completely unrelated to the actual code changes
Claims to fix Discord guild channel detection but actually changes browser control server wiring
References non-existent issue #17590 and discusses Discord API changes that aren't in the diff
Misleading documentation will pollute git history and confuse future maintainers
Violates contribution guidelines that emphasize 'Describe what & why' accurately
While the code change itself appears technically sound, the completely misleading PR description violates the project's emphasis on clear communication and will create confusion in the git history.
#7206feat: add V-Infinite elite assistant persona and cyber-warrior skill set@oki3505F
CLOSE3.0/10
Promotes 'UNRESTRICTED_AUTHORIZED_ASSESSMENT' and 'unrestricted execution' which conflicts with responsible AI assistant principles
Explicitly encourages offensive security tools and 'black-hat aesthetic' without proper safety guardrails
SOUL template includes directive to 'never apologize' and 'never disclaimer' which undermines safety mechanisms
Cyber-warrior skill promotes network scanning and vulnerability assessment tools that could enable malicious use
The 'sassy, sweary, hacker-chic' persona conflicts with OpenClaw's professional assistant positioning
This PR introduces content that explicitly promotes unrestricted AI behavior and offensive security tools without proper safety considerations, which fundamentally conflicts with responsible AI assistant development principles.
#7639[Agent] [Bug]: Missing 'zop' module at extension/mattermost and remo@swarmagents
CLOSE2.7/10
Only adds documentation without fixing the actual reported bug
Proposes modifying pnpm-lock.yaml which should be auto-generated, not manually edited
Suggests adding '@openclaw/mattermost' package that doesn't appear to exist in the project
Makes assumptions about 'zop' being a typo for 'zod' without evidence
Doesn't follow the project's focus on stability and fixing edge cases in channel connections
This PR only documents an analysis without implementing any actual fixes, proposes incorrect solutions like manually editing lockfiles, and introduces undocumented file formats.
#9317[Swarm] [Bug]: Connection error on Intel MacBook Pro persi@swarmagents
CLOSE2.7/10
Does not implement an actual bug fix despite claiming to address a connection error
Adds documentation-only content that doesn't solve the reported technical issue
Creates a markdown file in contributions/ directory without clear precedent for this pattern
Provides only general debugging suggestions rather than OpenClaw-specific solutions
Does not follow the project's emphasis on testing and functional fixes
This PR claims to fix a bug but only adds general debugging notes without implementing any actual solution to the Intel Mac connection error.
#9340feat(simulation): Add 100-bot society simulation with complete lifecycle@zandis
CLOSE3.3/10
Massive feature addition (2161 lines) with no prior discussion or GitHub issue
Introduces complex AI agent simulation system completely unrelated to OpenClaw's core mission as a personal AI assistant
Creates entirely new domain (bot society simulation) that conflicts with the project's focus on messaging channels and personal assistance
Adds experimental/research-oriented features that don't serve the stated goal of being a 'personal, single-user assistant'
No integration with existing OpenClaw architecture (channels, skills, models, gateway)
This PR introduces a complex simulation system completely unrelated to OpenClaw's mission as a personal AI assistant for messaging channels, violating the requirement to discuss new features first.
Removes persistent storage while keeping state/workspace directories configured for /data, creating runtime failures
Breaks core functionality of personal AI assistant that needs to maintain state and workspace data
Contradicts project's emphasis on being a 'personal assistant' that requires data persistence
No discussion or architectural consideration as required by contributing guidelines for infrastructure changes
Changes deployment configuration without testing or validation as required by contribution process
This PR breaks core functionality by removing persistent storage while keeping paths that depend on it, violating the project's stability focus and contribution guidelines requiring discussion for architectural changes.
#14280feat: add Rube MCP plugin for 500+ app integrations@qdonohue
CLOSE2.7/10
Uses incorrect branding throughout - 'clawdbot' instead of 'openclaw' in filenames, imports, and package names
Plugin manifest filename 'clawdbot.plugin.json' won't be discovered by OpenClaw's plugin system which expects 'openclaw.plugin.json'
Imports non-existent 'ClawdbotPluginApi' type instead of 'OpenClawPluginApi'
Package scope '@clawdbot/rube-mcp' conflicts with OpenClaw's '@openclaw/' namespace
Missing required 'openclaw' field in package.json for proper extension registration
This PR contains fundamental branding and architectural incompatibilities that indicate it was developed for a different project and not properly adapted for OpenClaw's codebase.
Commits invalid JSON config (openclaw.json) that will break core functionality like onboarding wizard and configuration flows
Introduces significant security regressions by granting passwordless sudo to node user, negating container hardening
Exposes sensitive ports (Chrome DevTools Protocol, bridge) on public interfaces by default, creating unsafe network exposure
Large infrastructure changes without prior discussion violate the contributing guideline to 'Start a GitHub Discussion or ask in Discord first' for new features/architecture
Changes appear untested and could break the stability focus mentioned in CONTRIBUTING.md
This PR introduces breaking configuration issues and security regressions that directly conflict with the project's stability focus and security practices, while making significant architectural changes without following the required discussion process.
#16543[AI-assisted] feat(usage): support cache-hit differentiated pricing@OwenJiong24
CLOSE3.0/10
Contains critical double-counting bug that overcharges users for cache reads
Hardcodes provider-specific pricing values without configuration system
Implements fallback calculation that produces mathematically incorrect results
No discussion or issue reference for this significant billing change
The PR contains a critical billing bug that double-counts cache read tokens, which would overcharge users and conflicts with the project's focus on stability and reliability.
#18157docs(mattermost): add always chatmode and requireMention workaround@andrey-esipov
CLOSE3.5/10
The `always` chatmode is not implemented in code, which may cause confusion for users who try to use it.
The `groups` workaround does not apply to Mattermost, which may lead to incorrect configuration and unexpected behavior.
The zh-CN translation was edited directly, which may not be in line with the project's translation workflow.
The `always` chatmode is not implemented in the code, so documenting it is premature and misleading.
The `groups` workaround for `requireMention` does not apply to Mattermost, making the documentation inaccurate.
While the PR adds useful documentation, it also introduces inconsistencies and potential issues that need to be addressed before merging.
Mandates Chinese-only interaction which conflicts with the English-first international project
Adds personal git configuration file (zhch/README.md) with private email that doesn't belong in the repository
Introduces language requirements not mentioned in any project documentation
Creates user-specific directory structure that goes against the documented project organization
The Chinese-only mandate contradicts the project's English documentation, international community, and global accessibility goals
The PR introduces a Chinese-only interaction requirement that fundamentally conflicts with the project's English-first international nature and adds inappropriate personal configuration files.
PR description mentions adding 'reasoning: true' for kimi-k2-thinking model but this change is not visible in the diff
Greptile summary indicates significant out-of-scope changes (SmartRouter, context optimizer, patch files) that are not shown in the provided diff
If additional unreported changes exist, they would represent scope creep beyond the stated Moonshot configuration improvements
The PR includes several unrelated changes such as SmartRouter, context optimizer, and local development artifacts, which significantly expand the scope beyond the intended Moonshot configuration updates.
These additional changes introduce new external API-calling logic and modify existing behaviors, which could impact the project's stability and performance.
The visible change aligns well with OpenClaw's configuration patterns, but the discrepancy between PR description and actual diff, plus Greptile's warning about hidden scope creep, requires careful review to ensure no unintended changes are included.
Adds '@elizaos/openclaw-adapter' dependency without any documentation or justification for this integration
Creates automated upstream sync workflow that suggests this is a fork rather than the main OpenClaw repository
Disables gateway locking by default which conflicts with the single-user personal assistant architecture
References 'REALLYopenClaw jailbreak changes' suggesting unauthorized modifications to core security features
Changes fundamental gateway behavior without discussion or architectural review
This PR appears to be from a fork attempting to integrate unauthorized modifications and external dependencies that fundamentally conflict with OpenClaw's architecture as a personal, single-user AI assistant.
#13539Claude/update dockerfile cmd 1 te te@federiconicolasvozza-oss
CLOSE3.7/10
Hard-codes port 18789 in Dockerfile CMD which conflicts with Render's PORT environment variable
Changes Render service plan from starter to standard without justification or discussion
Introduces potential deployment failure due to port mismatch between Docker and Render configuration
Makes unrelated changes (Dockerfile and Render plan) in a single PR without clear rationale
No testing mentioned despite CONTRIBUTING.md requirement to test locally
The PR addresses legitimate Docker deployment needs but introduces configuration conflicts and unrelated changes that could break Render deployments.
No linked issues or context provided despite CONTRIBUTING.md requirement
Security impact section not filled out despite being marked as required
Human verification section empty despite being required
Build errors present in included logs suggest incomplete/broken implementation
This PR violates multiple required contributing guidelines with an empty description, no testing evidence, build errors, and lacks all required documentation despite being a large change.
Package version rollback from 2026.1.30 to 2026.1.29 conflicts with development channel practices
Bundles unrelated changes (shell completion, security scaffolding) into what should be a focused test fix
Introduces new functional changes without prior discussion as recommended for new features
Contains logic bug in sanitizeSessionHistory() that computes but doesn't return sanitized content
Massive diff (+2460/-784) for what's described as a 'quick guard' test skip
This PR violates the project's contribution guidelines by bundling multiple unrelated changes, includes a version rollback that breaks development practices, and contains functional bugs while being presented as a simple test fix.
PR title claims to fix the bug but only adds documentation without implementing any solution
Creates a new 'contributions/' directory structure not mentioned in project guidelines
Does not follow the 'one thing per PR' principle - claims bug fix but delivers analysis
Adds documentation file instead of actual code changes to resolve the module resolution issue
Does not align with the project's focus on 'fixing edge cases' by actually fixing them
While the analysis is valuable, the PR misleadingly claims to fix a bug but only documents it, creating confusion about the actual state of the issue.
#10912feat: add --session-key to clawdis system event@SocialNerd42069
DISCUSS4.3/10
Introduces substantial unrelated Docker changes including external binary downloads (gh, gogcli, goplaces) not mentioned in core project docs
Adds tracked backup compose file (docker-compose.yml.bak) which appears to be development debris
Includes Chrome/Playwright dependencies installation that seems specific to 'Sparky' functionality not documented in project vision
Mixes a focused CLI feature with significant container infrastructure changes
sessionKey plumbing appears incomplete - hook-mapped wake actions don't forward sessionKey making the feature inconsistent
While the core sessionKey feature aligns with fixing documented issues, the PR introduces substantial unrelated Docker infrastructure changes and appears incomplete in its implementation.
Translates core documentation (AGENTS.md) to Chinese without clear internationalization strategy mentioned in project docs
Adds local machine-specific paths in codeindex.md that conflict with project's generic documentation guidelines
Introduces potentially broken Feishu audio implementation that may cause runtime failures
Changes appear to mix unrelated concerns (i18n, dev tools, media handling) in single PR
No clear connection to documented project roadmap priorities (stability, UX, performance)
While the Feishu media enhancement aligns with multi-channel support, the unauthorized documentation translation and potentially broken implementation require discussion before merge.
#12996feat(infra): Add session persistence with atomic writes and recovery@trevorgordon981
CLOSE4.0/10
Contains hardcoded API tokens in trading skills which directly violates security best practices
Adds extensive trading functionality that appears unrelated to the core personal AI assistant vision
Introduces 72 files with 9445 additions which suggests scope creep beyond the stated session persistence feature
Trading skills (news-sentiment, options-flow, portfolio-risk) don't align with the personal assistant use case described in README
Session persistence module is not wired into the gateway startup/shutdown flow, making it incomplete
The PR contains committed API secrets which is a security violation and includes extensive trading functionality that diverges from OpenClaw's core vision as a personal AI assistant.
Completely rebrands the project from 'OpenClaw' to 'SecureClaw' without discussion
Changes the core tagline from 'EXFOLIATE! EXFOLIATE!' to 'Secure by default. Open at heart.'
Introduces commercial branding (clawoncloud.com) suggesting this is a fork for commercial purposes
Adds complex encrypted vault infrastructure that wasn't on the documented roadmap
Changes fundamental project identity and messaging without maintainer consensus
This PR fundamentally rebrands the project and changes its core identity without maintainer approval, which conflicts with the established contribution process that requires discussion for architectural changes.
#14509feat: setup and configure proxy system@montelli99
CLOSE3.3/10
Introduces entirely new subsystems (proxy_system, unified_api) not mentioned in project vision or roadmap
Adds Python components to what appears to be a primarily Node.js/TypeScript project
Creates new API server infrastructure that duplicates existing gateway functionality
No clear connection to OpenClaw's core mission as a personal AI assistant
Proxy scraping functionality seems unrelated to AI assistant capabilities
This PR introduces major new subsystems unrelated to OpenClaw's AI assistant mission and violates the contributing guideline requiring discussion before new features/architecture changes.
Logs full user prompts and assistant responses at info level by default, creating major privacy/security risks for a personal assistant
Captures and persists tool outputs and results which may contain sensitive data
Violates the project's emphasis on being a 'personal' assistant by potentially exposing private conversations
Adds Python dependency and analyzer script without clear integration with the Node.js-based architecture
Changes logging path resolution behavior which could break existing configurations
This PR fundamentally conflicts with OpenClaw's vision as a personal, privacy-focused AI assistant by logging sensitive user data and conversations to disk by default.
#17986feat: Add GOALS.md and SOUVENIR.md template files@ibrahimq21
REVIEW4.5/10
The templates contain user-specific content instead of generic placeholders, reducing reusability across different workspaces.
The templates deviate from the established pattern of using placeholder text or leaving fields blank, which may cause inconsistencies in the codebase.
The PR adds templates with user-specific content, which deviates from the established pattern of using generic placeholders in templates like IDENTITY.md, USER.md, and SOUL.md, as noted by Greptile.
The CONTRIBUTING.md states that new features/architecture should be discussed first, and it's unclear if this was done.
The current focus is on stability, UX, skills, and performance, and this PR doesn't directly address those priorities.
While the PR adds new template files, it deviates from the established pattern of using generic placeholders, which may cause inconsistencies in the codebase, and therefore requires further review and discussion.
#18224fix(telegram): allow per-message link preview override@Clawborn
DISCUSS4.5/10
The PR includes multiple unrelated changes, which is against the repository guidelines
The PR description only mentions the Telegram link preview fix, but includes 6 other changes
A critical issue was found in the code, a command injection vulnerability in `src/process/kill-tree.ts`
The PR bundles multiple unrelated changes, violating the contribution guideline to keep PRs focused.
The PR description is misleading as it only describes one of the many changes included.
While the PR includes some useful changes, it also includes multiple unrelated changes and a critical security issue, which needs to be discussed and addressed before merging.
#7044feat: Add local model tool calling support@jokelord
REVIEW4.3/10
Contains unrelated breaking changes to schema that make optional config required
Removes 'edge' TTS provider despite existing references in codebase
Includes non-TypeScript test file that will fail CI checks
Adds debug file writes to /tmp with potential unhandled rejections
Multiple accidental changes not mentioned in PR description
The core feature aligns with project goals but the PR contains significant unrelated breaking changes and CI-breaking files that need to be addressed before merge.
#7328Feat/integrate chutes ai Details in Readme_chutes.md@Trompetilla
Adds provider-specific integration without clear documentation or rationale for why Chutes.ai deserves core integration
Contains functional bugs in OAuth handling and model discovery that could break user experience
Large code deletion (-1192 lines) suggests potential breaking changes to existing functionality
No clear connection to documented project roadmap or stated priorities
This PR removes critical CI infrastructure and introduces a provider-specific integration with functional bugs, conflicting with the project's stability focus and contribution guidelines requiring discussion for architectural changes.
Includes a brittle shell script that patches minified assets with hardcoded paths
The patch script assumes specific Homebrew installation paths that won't work across environments
Modifies built/minified JavaScript files rather than source code, creating maintenance issues
The patch approach conflicts with proper development practices and CI/CD workflows
Testing was explicitly not performed despite this being a performance-critical change
While the core UI performance fix aligns with project priorities, the brittle patching approach and lack of testing create significant maintenance and reliability concerns that need architectural discussion.
#9319[Swarm] [Mattermost] WebSocket disconnects with "client si@swarmagents
CLOSE3.3/10
PR title suggests a fix but only adds documentation without any code changes
Content is speculative analysis without actionable code fixes or reproducible steps
Does not follow the contributing guidelines which emphasize 'one thing per PR' and 'describe what & why'
Adds generic troubleshooting recommendations rather than OpenClaw-specific solutions
Created by 'swarmagents' which may indicate automated/AI generation without proper testing or understanding
This PR misleadingly suggests a bug fix but only adds speculative documentation without addressing the actual WebSocket issue, violating the project's expectation for focused, actionable contributions.
Creates P2P network connections and TLS certificate generation that may conflict with security model
Notification delivery implementation appears to have API mismatches that will cause runtime failures
Adds 2580+ lines of domain-specific code for a use case not aligned with 'personal AI assistant' vision
This PR adds cryptocurrency-specific functionality that significantly diverges from OpenClaw's core vision as a personal AI assistant, introduces complex blockchain dependencies, and appears to have implementation bugs that would break notifications.
#15583docs: Autonomous Governance Framework for bot ecosystem@Insider77Circle
CLOSE3.7/10
Introduces complex autonomous governance and security frameworks not mentioned in project vision or roadmap
Proposes blockchain/crypto elements (Solidity contracts, zero-knowledge proofs) that conflict with the personal AI assistant focus
Adds enterprise-scale governance concepts inappropriate for a single-user personal assistant
Creates 2371 lines of speculative documentation without prior discussion despite CONTRIBUTING.md requirement for architecture discussions
Introduces 'REDSTORM multi-agent research platform' branding that doesn't align with OpenClaw's identity
This PR introduces enterprise-scale governance and blockchain concepts that fundamentally conflict with OpenClaw's vision as a personal, single-user AI assistant running on individual devices.
PR adds only a binary image file (gateway-connection.png) without any description or context
Template sections are completely unfilled - no problem statement, change type, or scope identified
No linked issues or documentation explaining why this image is needed
Violates contribution guidelines requiring focused PRs with clear descriptions of 'what & why'
Missing required security impact assessment and human verification details
This PR provides no context for why the image is needed and completely ignores the contribution template requirements, making it impossible to evaluate its value to the project.
#17902Fix/skills toggle unavailable state (Emre #3 PR)@emre6943
No linked issues or clear justification for the changes
Massive scope (+2152/-25 across 28 files) without explanation of what's being fixed
Changes core gateway session handling and Telegram auth without security impact assessment
Adds personal fork documentation (openclaw-emre) that doesn't belong in upstream
This PR violates basic contribution guidelines with an empty description, lacks justification for extensive changes to core systems, and includes inappropriate personal fork documentation.
#2780feat(channels): Add WeChat Official Account support via Bridge@NannaOlympicBroadcast
CLOSE4.7/10
Uses incorrect branding throughout (Clawdbot instead of OpenClaw) suggesting this may be from a different project
Introduces significant security vulnerabilities with unauthenticated webhook endpoints and no request size limits
Creates inconsistent configuration paths (plugins.entries.webhook-server vs channels.wechat)
Adds external dependency on a third-party bridge service not controlled by the project
Package name @haiyanfengli-llc/webhook-server doesn't follow OpenClaw naming conventions
This PR appears to be from a different project (uses Clawdbot branding throughout) and introduces serious security vulnerabilities that conflict with OpenClaw's architecture principles.
Sets OPENCLAW_GATEWAY_BIND=lan by default without proper authentication, creating security risk
Changes health check endpoint from /health to /__openclaw__/canvas/ without justification
Adds Render-specific deployment configuration not mentioned in project roadmap or vision
Introduces platform-specific scripts that may not align with the project's focus on personal, local assistants
The PR sets `OPENCLAW_GATEWAY_BIND=lan` by default, which conflicts with the project's security expectations as outlined in the README and CONTRIBUTING documents.
While the PR addresses legitimate Docker deployment needs, it introduces security risks by defaulting to LAN binding without proper auth configuration, which conflicts with the project's emphasis on personal, secure AI assistants.
#10674docs(CLAUDE.md): add DJ setup documentation and troubleshooting@apakalypse
CLOSE3.3/10
Introduces a massive 'DJ' subsystem that is not mentioned anywhere in the project vision or architecture
Replaces CLAUDE.md symlink with a 28,577 line addition that appears to be unrelated to the core OpenClaw assistant functionality
Adds budget governor and busy-calendar utilities without clear connection to the personal AI assistant mission
Creates extensive DJ-specific documentation (docs/dj/*) and skills (skills/dj-*) that don't align with the stated focus on messaging channels and AI assistance
The PR description mentions 'DJ profile pack setup' which has no basis in the project's documented goals or architecture
This PR introduces an entirely undocumented 'DJ' subsystem that conflicts with OpenClaw's vision as a personal AI assistant, plus it contains a technical blocker that breaks git checkout.
Introduces significant new 'Aether Conductor' functionality not mentioned in project vision or roadmap
Adds external browser automation capabilities that could conflict with OpenClaw's focus on being a 'personal AI assistant'
Creates potential security risks with command injection vulnerabilities that contradict the project's emphasis on safety
Adds substantial complexity (2700+ lines) for functionality that wasn't identified as a current priority
The 'Aether' branding suggests this may be intended for a different project or fork
While technically competent, this PR introduces major new functionality with security concerns that wasn't on the stated roadmap and may not align with OpenClaw's vision as a personal assistant.
#11502Update CONTRIBUTING.md GitHub PR description or a "Recent Updates" list@mnk-nasir
CLOSE3.7/10
Changes 'We are currently prioritizing' section from future goals to past accomplishments, creating semantic inconsistency
Misleads potential contributors about what help is actually needed
Contradicts the section header which explicitly states current priorities
May discourage contributions in areas that are actually still being worked on
The PR changes the language from 'current priorities' to 'completed work', which conflicts with the section's intent to guide contributors on what help is needed.
The PR creates a fundamental semantic mismatch between the section header ('We are currently prioritizing') and the content (past tense accomplishments), which could misdirect contributor efforts.
Mandates Chinese language for all interactions, conflicting with the English-language project and international community
Adds personal git configuration file (zhch/README.md) with user-specific settings that would misconfigure other contributors
Language requirement directly conflicts with project's English documentation, Discord community, and international contributor base
Personal configuration files don't belong in the main repository
No clear justification for why Chinese language would be required for an international open source project
The mandatory Chinese language requirement fundamentally conflicts with the project's English-language nature and international community, plus the personal git config file would misconfigure other contributors.
Completely changes the project identity from 'OpenClaw' to 'OpenBea' without any discussion or justification
Adds 51,940 lines of code with no description, violating the 'Describe what & why' contribution guideline
Introduces a hardcoded 'Bea' personality that conflicts with the personal AI assistant vision
Adds Python dependencies to Docker image without architectural discussion
Disables device authentication by default, potentially compromising the security model
This PR fundamentally changes the project identity and makes significant architectural changes without any description or prior discussion, directly violating multiple contribution guidelines.
#15982fix: pass agentId to resolveSessionFilePath in reply flow (NX-003)@automagik-genie
DISCUSS4.3/10
Bundles multiple unrelated features (NX-001, NX-002, NX-003) in a single PR, violating 'Keep PRs focused (one thing per PR)' guideline
Adds Jenkins CI/CD infrastructure without prior discussion, which represents significant architectural change
Introduces cross-gateway functionality that wasn't documented as a project goal
Size XL PR with 3196 additions across 14 files conflicts with focused contribution approach
No GitHub Discussion or Discord consultation for major architectural additions as required for 'New features / architecture'
While the core agentId fix aligns with project goals, the PR bundles major undiscussed infrastructure changes that require architectural review and should be split into separate focused PRs.
#17777fix(tui): prevent URL breaking during line wrap@proto-genesys-x
DISCUSS4.0/10
Technical approach is fundamentally flawed - ZWNJ characters don't prevent line breaks and will corrupt URLs when copied
Solution makes URLs less functional rather than more functional, contradicting the stated goal
Includes accidental debug log file (openclaw-2026-02-16.log) suggesting incomplete cleanup
Uses Unicode characters that may not render consistently across all terminal environments
The use of zero-width non-joiner characters (U+200C) in URLs can corrupt copy/paste functionality, which conflicts with the project's goal of maintaining functionality and usability.
While this addresses a real TUI issue, the technical solution is incorrect and will make URLs non-functional when copied, requiring discussion of alternative approaches.
#3895perf: mathematical optimization of vision pipeline via deterministic scaling@adarshsen592-create
CLOSE4.3/10
Introduces breaking changes by removing required imports and constants without proper migration
Changes function signature to guarantee JPEG output but early-exit path can return non-JPEG buffers with incorrect contentType
Removes fallback mechanisms and error handling that were present in the original implementation
Mathematical optimization approach is heuristic without validation, potentially breaking the maxBytes constraint guarantee
Code appears to have compilation errors due to missing imports (getImageMetadata, resizeToJpeg, DEFAULT_* constants)
While the performance optimization goal aligns with project priorities, the implementation introduces breaking changes and compilation errors that fundamentally break the codebase.
Contains unresolved merge conflict markers in AGENTS.md making it unmergeable
CVE-2025-12345 appears to be a fictional/future CVE number that doesn't exist
Dockerfile changes break reproducible builds by installing from npm instead of source
Massive scope creep - claims to fix a CVE but changes Docker configs, environment files, and documentation
Author name and description are in Chinese while project uses English
This PR contains merge conflicts, references a non-existent CVE, breaks Docker builds, and shows signs of being an untested AI-generated submission that doesn't actually address any real security vulnerability.
Includes cron scheduling modifications, Signal message handling, UI performance limits, and model config defaults that aren't mentioned in the PR description
Appears to be an automated bot PR but doesn't follow the AI-assisted PR guidelines requiring transparency about AI involvement
Changes span 11 files with +94/-15 lines but only describes browser profile fix
Introduces potential bugs like 'undefined'/'NaN' messageId issues in Signal handling
While the core browser profile fix aligns with project needs, the PR violates the 'one thing per PR' principle and bundles unrelated changes without proper documentation or AI transparency.
#12411Test Improvements: Add Retry Logging and Max Attempts Handling@dikshithreddym
REVIEW4.7/10
Tests assert behavior that doesn't match current deliverWebReply API implementation
Introduces maxRetries parameter that isn't part of the actual function signature
Tests expect replyLogger.warn calls that don't exist in current retry logic
May cause test failures or type errors due to API mismatches
The tests assert behavior that does not match the current implementation of `deliverWebReply`, leading to potential test failures.
While the PR aligns with stability and testing goals, it contains implementation mismatches that need correction before merge.
The PR description claims only 2 files changed but the diff shows 72 files with +9438/-154 changes, indicating a massive scope creep
Includes extensive trading skills (news-sentiment.mjs, options-flow.mjs, portfolio-risk.mjs) which are not mentioned in the project vision or roadmap
Adds complex infrastructure modules (model routing, parallel spawn, perf tracing) without prior discussion as required for new features/architecture
The FEATURE_IMPLEMENTATION_COMPLETE.md suggests this is completing a 6-feature implementation that was never discussed or approved
Introduces significant new subsystems (cost alerts, session recovery, model switching) that would require architectural discussion per contributing guidelines
This PR has massive undisclosed scope that introduces major architectural changes without following the required discussion process for new features.
#15767Fix: Gemini REQUIRED_FIELD_MISSING on corrupted toolResults@janhcla
REVIEW4.0/10
Imports from external dependency '@mariozechner/pi-ai/dist/...' instead of repo-local code
Test will likely fail in CI due to unresolvable module import in clean checkout
Adds a test that documents broken behavior without fixing the underlying issue
Creates technical debt by depending on internal dist/ layout of external package
The test imports conversion logic from an external dependency's internal 'dist/' layout, which is not aligned with the project's architecture of using repo-local code.
While this addresses a legitimate stability issue aligned with project priorities, the implementation has significant technical problems that need resolution before merging.
#15542session control and cut down token cost@shuaige121
CLOSE3.7/10
Commits massive amounts of personal session data (720k+ lines) which violates privacy principles of a personal AI assistant
Includes personal project workspaces (UFriend, safarimetal-scraper, duduxiang-boss) that don't belong in the main repository
Exposes OAuth tokens and credentials despite auth-profiles being mentioned as excluded
Adds 1400+ lines of session conversation history containing private user interactions
Completely rewrites .gitignore removing important build artifacts and safety exclusions
This PR fundamentally violates the privacy principles of a personal AI assistant by committing massive amounts of private session data, credentials, and personal project files to a public repository.
Bundles multiple unrelated fixes into a single PR violating 'one thing per PR' guideline
Introduces critical logic bug in daemon/inspect.ts that disables gateway conflict detection entirely
Contains type error in venice-models.ts adding params property that doesn't exist on ModelDefinitionConfig
Mixes feature addition with bug fixes and infrastructure changes without clear rationale
Changes span across 9 files with unrelated functionality (Discord, Venice, cron, daemon)
While the core feature aligns with project needs, the PR violates contribution guidelines by bundling unrelated changes and introduces critical bugs that could break core functionality.
#16130fix: optimize cron job configuration and scheduling@ShunsukeHayashi
CLOSE3.0/10
Massive scope with 18,913 additions across 100 files for what claims to be a cron optimization
Introduces extensive Japanese documentation and Discord integration features not mentioned in project vision
Adds .claude/ directory with agent configurations that appear unrelated to OpenClaw's core assistant functionality
Creates clawdbot-specific features when OpenClaw is focused on being a personal AI assistant
No clear connection between the PR description (cron job optimization) and the actual changes (Discord bots, Japanese docs, Claude Code integration)
This PR appears to be adding an entirely different project's functionality (clawdbot/Claude Code integration) rather than optimizing OpenClaw's cron jobs, representing significant architectural drift from the personal AI assistant vision.
Massive scope (+23955/-635 lines across 100 files) conflicts with contributing guideline to 'keep PRs focused (one thing per PR)'
Introduces complex 3-layer architecture without prior discussion despite guidelines requiring GitHub Discussion for 'new features / architecture'
Changes span multiple unrelated areas (docs chat widget, LanceDB benchmarks, CLI scripts) suggesting this should be multiple separate PRs
No evidence of community discussion or maintainer input on this architectural change
Size XL label indicates this exceeds recommended PR scope
While the memory filtering feature aligns with the project's AI assistant goals, the massive scope and architectural changes require community discussion before implementation as per contributing guidelines.
Commits concrete secret values in railway.json which violates security best practices
Adds remote pairing approval API without clear architectural justification or security review
Introduces trust-all proxies default which could compromise security
Remote pairing handler has overly broad URL matching that doesn't respect configured path prefixes
Changes fundamental gateway binding behavior without clear documentation of security implications
While this PR addresses legitimate deployment needs, it introduces significant security concerns and architectural changes that require thorough review and discussion before merging.
#9017feat(ui): Premium polish with enhanced components and animations@thejustinfagan
CLOSE4.3/10
Introduces a complete neumorphic design system overhaul without prior discussion as required for architecture changes
Adds 2918 lines of purely cosmetic changes that don't address any documented project priorities (stability, UX onboarding, skills, performance)
Conflicts with project focus on being a 'personal AI assistant' by prioritizing visual polish over core functionality
No evidence this addresses user needs or improves the assistant's core value proposition
Massive scope creep - introduces entirely new design language without architectural discussion
This PR introduces a massive visual overhaul without prior architectural discussion, conflicts with stated project priorities of stability and core functionality, and doesn't align with OpenClaw's focus on being a practical AI assistant.
The change appears to break standard @everyone mention detection by requiring additional user mentions
No clear documentation of the specific bot-sent @everyone issue being solved
The logic change seems counterintuitive - @everyone should be considered a mention regardless of other users mentioned
Greptile analysis indicates this is 'not safe to merge as-is' and 'breaks @everyone mention detection in common cases'
The change introduces a potential bug by altering the behavior of `@everyone` mentions, which could lead to incorrect message handling.
While the PR addresses Discord stability (a stated priority), the implementation appears to introduce a logical flaw that could break standard mention detection functionality.
Documents architecture that doesn't match the actual OpenClaw structure
This PR documents an entirely different project called 'Moltbot' with fabricated statistics and incorrect technical details, creating misleading documentation that conflicts with OpenClaw's actual architecture.
#4404chrome-extension: enable On all sites (host_permissions )@CodeTrainerMan
DISCUSS4.3/10
Significantly expands security permissions from localhost-only to all websites without architectural discussion
Mixed unrelated changes (Swift import reordering, Windows test skip) suggest lack of focused PR scope
No discussion of security implications for a personal AI assistant that now has broad web access
Contradicts the project's emphasis on being 'personal' and 'local' by requesting universal web permissions
No mention in CONTRIBUTING.md process for security-sensitive changes requiring broader review
While the technical fix may be valid, requesting universal web permissions for a personal AI assistant requires architectural discussion about security trade-offs and alignment with the 'personal, local' vision.
#6910Holochain Integration Example Configurations@f13end
DISCUSS4.0/10
Introduces major architectural change (Holochain integration) without prior discussion or roadmap mention
Adds blockchain/cryptocurrency features (Solana/USDC wallet) that conflict with project's focus as a personal AI assistant
Creates enterprise-focused configurations that don't align with 'personal, single-user assistant' vision
Implements P2P networking features that contradict the local, fast assistant design goals
Adds complex distributed systems concepts that increase complexity beyond project's scope
This PR introduces a major architectural shift toward blockchain/P2P that fundamentally conflicts with OpenClaw's vision as a fast, local, personal AI assistant.
#17307session: abort previous run on /new and /reset to skip stale compaction@globalcaos
CLOSE4.3/10
Claims '1 file changed, 13 insertions' but shows +13458/-777 across 100 files - massive scope mismatch
Includes extensive fork-specific documentation (MERGE_PLAYBOOK.md, FORK.md) that conflicts with upstream project goals
Adds fork synchronization tooling and workflows that suggest maintaining a permanent fork rather than contributing upstream
Contains WhatsApp-specific modifications (triggerPrefix, syncFullHistory) that appear to be custom features not aligned with core project
Includes unrelated changes to Chrome extension, budget panel, and other components that don't match the stated session abort fix
This appears to be a fork merge masquerading as a focused bug fix, introducing fork-specific tooling and extensive modifications that conflict with the project's upstream contribution model.
#14788feat: Add DuckDuckGo search provider with Tor support@emadomedher
DISCUSS4.7/10
Introduces external CLI dependency (ddgs) that must be installed separately, conflicting with OpenClaw's self-contained philosophy
Adds Tor proxy support which introduces security/privacy complexity not mentioned in project vision
Massive file count (+15362/-13 across 24 files) suggests scope creep beyond just adding a search provider
Files changed include unrelated extensions (mcp-client, mumble) indicating this PR combines multiple unrelated features
No discussion or RFC mentioned despite CONTRIBUTING.md requiring discussion for new features/architecture
While the core search provider addition aligns with existing tools, the external dependencies, security implications, and apparent combination of multiple unrelated features requires architectural discussion before merge.
#15334feat: add multi-tenant REST API for BYOK multi-user support@0xpaperhead
CLOSE4.3/10
Fundamentally conflicts with core vision of 'personal AI assistant you run on your own devices' by adding multi-tenancy
README explicitly states 'single-user assistant that feels local, fast, and always-on' which this directly contradicts
Introduces complex multi-tenant architecture to a project designed for personal use
Adds significant complexity (+1476 lines) for functionality that goes against the stated product vision
No discussion or RFC mentioned despite this being a major architectural change
This PR fundamentally conflicts with OpenClaw's core vision as a personal, single-user AI assistant by introducing multi-tenant SaaS functionality.
โญ Top Quality PRs
Highest-scoring PRs across all quality dimensions.
#17232fix(memory-lancedb): classify preferuji statements as preference@ciberponk
9.3/10
Clean, focused fix that adds missing Czech keyword to preference detection regex with appropriate test coverage and zero breaking risk.
#17513fix(discord): respect groupPolicy in channel config fallback (#4555)@aronchick
9.6/10
High-quality PR with thorough tests and minimal scope, but minor style inconsistencies.
#12257fix(mattermost): default table mode to 'off' for native Markdown rendering@mcaxtr
9.6/10
High-quality PR with comprehensive tests and minimal scope, but minor style inconsistencies.
#16978fix(hooks): preserve before_tool_call marker across abort signal wrapping@arosstale
9.6/10
High-quality PR with clear rationale, comprehensive test coverage, and minimal, targeted fix.
High-quality PR with a focused change, thorough tests, and minimal risk of breaking existing functionality.
#6857docs: clarify that /elevated on is an alias for ask@whoknowsmann
9.4/10
High-quality PR with clear and concise changes, good test coverage, and minimal risk of breaking existing functionality.
#9425refactor(agents): replace console.warn with SubsystemLogger in compaction.ts@dinakars777
9.2/10
Clean, focused refactor that replaces console.warn with standardized logging - well-executed with minimal risk and good alignment to project conventions.
#10665fix(docs): replace removed gateway wake with system event in coding-agent skill@Yida-Dev
9.5/10
High-quality documentation-only change with clear explanations and minimal risk of breaking existing functionality.
#10726fix: re-read session store inside lock in updateLastRoute@Yida-Dev
9.3/10
Excellent focused fix that applies an established concurrency pattern to prevent race conditions, with clear documentation and minimal risk.
#12499fix(config): add missing customBindHost to gateway Zod schema @sfo2001
9.1/10
Clean, focused fix that adds a missing optional field to the Zod schema with good test coverage and minimal risk.