Bot It OutBot It Out
Back to Newsletter
v2026.4.23OpenClawSecurity

xAI image/voice/STT support, local TUI mode, and hardened Bot Framework token validation.

This release adds broad new provider capabilities — xAI image generation, TTS, and STT — along with a local TUI mode for terminal chats without the gateway. Security improvements include hardened Bot Framework token validation and rejection of non-HTTP(S) attachment URLs. Performance gains of up to 90% for bundled plugin loading round out the update.

New features

New features

  • OpenClawxAI image generation (grok-imagine-image/pro), TTS (six voices, MP3/WAV/PCM/G.711), and STT (grok-stt) now available as provider options.
  • OpenClawVoice Call streaming transcription via Deepgram, ElevenLabs, Mistral, and xAI STT providers.
  • OpenClawElevenLabs Scribe v2 batch transcription for inbound media files.
  • OpenClawLocal embedded TUI mode — run terminal chats without the gateway while still enforcing plugin approval.
  • OpenClawIn-chat model registration via `/models add <provider> <modelId>` — no restart required.
  • OpenClawOpenAI image generation now works via Codex OAuth without requiring a separate OPENAI_API_KEY.
  • OpenClawOpenRouter image generation enabled through OPENROUTER_API_KEY.
  • OpenClawConfigurable `memorySearch.local.contextSize` for memory search on constrained hosts (default 4096).
  • OpenClawAmazon Bedrock Mantle support for Claude Opus 4.7 via provider-owned bearer-auth streaming.
  • OpenClawMailbox-style session list filters for label, agent, and search with visibility-scoped title/preview.
Improvements

Improvements

  • OpenClawBundled plugin native Jiti loading delivers 82-90% faster plugin load times.
  • OpenClaw`doctor --non-interactive` runs 74% faster via lazy plugin loading.
  • OpenClawWhatsApp configurable native reply quoting with `replyToMode` and per-group/direct `systemPrompt` injection with wildcard support.
  • OpenClawOpenAI Responses API auto-uses native `web_search` tool when web search is enabled.
  • OpenClawBrowser-local personal identity (name + avatar) for operators in the control UI.
  • OpenClawSupport-ready diagnostics export with sanitized logs, status, health, config, and stability snapshots.
  • OpenClawNon-retryable provider failures (billing, auth, rate-limits) now surface with model-switch hints.
  • OpenClawTelegram markdown image syntax now parsed into media payloads.
Fixes

Fixes

  • OpenClawRealtime audio bridges properly cleaned up on launch failure; Twilio calls hung up on leave.
  • OpenClawStop-button now aborts queued requests across gateway reconnects.
  • OpenClawWebchat session-mutation guard extended to `sessions.compact` and compaction restore.
  • OpenClawQMD collection recreation for stale managed collections.
  • OpenClawDuplicate reply suppression after partial block-delivery aborts.
  • OpenClawMissing tool results no longer synthesized during OpenAI/Codex replay.
  • OpenClawSlack verbose tool/plan progress suppressed in non-DM surfaces.
Notes

Notes

  • OpenClawPi packages updated to 0.70.0 with upstream gpt-5.5 catalog metadata.
  • OpenClawLegacy `qrcode-terminal` replaced with bounded `qrcode-tui` for QR rendering.
  • OpenClawCodex CLI auth import path removed from onboarding — use browser login or device pairing instead.
← Older: v2026.4.21

Running an older version?

Upgrade your instance from the dashboard to get everything above.

Open Dashboard