Skip to content
OpenClaw VPS
Archived update

This post is kept for reference, but it is not part of the main hosted OpenClaw VPS blog feed.

OpenClaw 2026.1.21 β€” What Shipped (Operator Guide)

Operator-focused summary of OpenClaw 2026.1.21: what shipped, what matters for hosted bots, and what to check after upgrade.

Jason Cochran
January 22, 2026
#openclaw#release-notes#operator-guide#update

This post covers what shipped in v2026.1.21 and what it means for OpenClaw VPS operators.

What shipped

Highlights

  • Lobster optional plugin tool for typed workflows + approval gates. docs
  • Custom assistant identity + avatars in the Control UI. docs docs
  • Cache optimizations: cache-ttl pruning + defaults reduce token spend on cold requests. docs
  • Exec approvals + elevated ask/full modes. docs docs
  • Signal typing/read receipts + MSTeams attachments. docs docs
  • /models UX refresh + clawdbot update wizard. docs docs

Changes

  • Highlight: Lobster optional plugin tool for typed workflows + approval gates. docs (#1152) Thanks @vignesh07.
  • Agents/UI: add identity avatar config support and Control UI avatar rendering. (#1329, #1424) Thanks @dlauer. docs docs
  • Control UI: add custom assistant identity support and per-session identity display. (#1420) Thanks @robbyczgw-cla. docs
  • CLI: add clawdbot update wizard with interactive channel selection + restart prompts, plus preflight checks before rebasing. docs
  • Models/Commands: add /models, improve /model listing UX, and expand clawdbot models paging. (#1398) Thanks @vignesh07. docs
  • CLI: move gateway service commands under clawdbot gateway, flatten node service commands under clawdbot node, and add gateway probe for reachability. docs docs
  • Exec: add elevated ask/full modes, tighten allowlist gating, and render approvals tables on write. docs docs
  • Exec approvals: default to local host, add gateway/node targeting + target details, support wildcard agent allowlists, and tighten allowlist parsing/safe bins. docs docs
  • Heartbeat: allow explicit session keys and active hours. (#1256) Thanks @zknicker. docs
  • Sessions: add per-channel idle durations via sessions.channelIdleMinutes. (#1353) Thanks @cash-echo-bot.
  • Nodes: run exec-style, expose PATH in status/describe, and bootstrap PATH for node-host execution. docs
  • Cache: add cache.ttlPrune mode and auth-aware defaults for cache TTL behavior.
  • Queue: add per-channel debounce overrides for auto-reply. docs
  • Discord: add wildcard channel config support. (#1334) Thanks @pvoo. docs
  • Signal: add typing indicators and DM read receipts via signal-cli. docs
  • MSTeams: add file uploads, adaptive cards, and attachment handling improvements. (#1410) Thanks @Evizero. docs
  • Onboarding: remove the run setup-token auth option (paste setup-token or reuse CLI creds instead).
  • macOS: refresh Settings (location access in Permissions, connection mode in menu, remove CLI install UI).
  • Diagnostics: add cache trace config for debugging. (#1370) Thanks @parubets.
  • Docs: Lobster guides + org URL updates, /model allowlist troubleshooting, Gmail message search examples, gateway.mode troubleshooting, prompt injection guidance, npm prefix/node CLI notes, control UI dev gatewayUrl note, tool_use FAQ, showcase video, and sharp/node-gyp workaround. (#1427, #1220, #1405) Thanks @vignesh07, @mbelinky.

Breaking

  • BREAKING: Control UI now rejects insecure HTTP without device identity by default. Use HTTPS (Tailscale Serve) or set gateway.controlUi.allowInsecureAuth: true to allow token-only auth. docs
  • BREAKING: Envelope and system event timestamps now default to host-local time (was UTC) so agents don’t have to constantly convert.

Fixes

  • Streaming/Typing/Media: keep reply tags across streamed chunks, start typing indicators at run start, and accept MEDIA paths with spaces/tilde while preferring the message tool hint for image replies.
  • Agents/Providers: drop unsigned thinking blocks for Claude models (Google Antigravity) and enforce alphanumeric tool call ids for strict providers (Mistral/OpenRouter). (#1372) Thanks @zerone0x.
  • Exec approvals: treat main as the default agent, align node/gateway allowlist prechecks, validate resolved paths, avoid allowlist resolve races, and avoid null optional params. (#1417, #1414, #1425) Thanks @czekaj.
  • Exec/Windows: resolve Windows exec paths with extensions and handle safe-bin exe names.
  • Nodes/macOS: prompt on allowlist miss for node exec approvals, persist allowlist decisions, and flatten node invoke errors. (#1394) Thanks @ngutman.
  • Gateway: prevent multiple gateways from sharing the same config/state (singleton lock), keep auto bind loopback-first with explicit tailnet binding, and improve SSH auth handling. (#1380)
  • Control UI: remove the chat stop button, keep the composer aligned to the bottom edge, stabilize session previews, and refresh the debug panel on route-driven tab changes. (#1373) Thanks @yazinsai.
  • UI/config: export SECTION_META for config form modules. (#1418) Thanks @MaudeBot.
  • macOS: keep chat pinned during streaming replies, include Textual resources, respect wildcard exec approvals, allow SSH agent auth, and default distribution builds to universal binaries. (#1279, #1362, #1384, #1396) Thanks @ameno-, @JustYannicc.
  • BlueBubbles: resolve short message IDs safely, expose full IDs in templates, and harden short-id fetch wrappers. (#1369, #1387) Thanks @tyler6204.
  • Models/Configure: inherit session model overrides in threads/topics, map OpenCode Zen models to the correct APIs, narrow Anthropic OAuth allowlist handling, seed allowlist fallbacks, list the full catalog when no allowlist is set, and limit /model list output. (#1376, #1416)
  • Memory: prevent CLI hangs by deferring vector probes, add sqlite-vec/embedding timeouts, and make session memory indexing async.
  • Cron: cap reminder context history to 10 messages and honor contextMessages. (#1103) Thanks @mkbehr.
  • Cache: restore the 1h cache TTL option and reset the pruning window.
  • Zalo Personal: tolerate ANSI/log-prefixed JSON output from zca. (#1379) Thanks @ptn1411.
  • Browser: suppress Chrome restore prompts for managed profiles. (#1419) Thanks @jamesgroat.
  • Infra: preserve fetch helper methods/preconnect when wrapping abort signals and normalize Telegram fetch aborts.
  • Config/Doctor: avoid stack traces for invalid configs, log the config path, avoid WhatsApp config resurrection, and warn when gateway.mode is unset. (#900)
  • CLI: read Codex CLI account_id for workspace billing. (#1422) Thanks @aj47.
  • Logs/Status: align rolling log filenames with local time and report sandboxed runtime in clawdbot status. (#1343)
  • Embedded runner: persist injected history images so attachments aren’t reloaded each turn. (#1374) Thanks @Nicell.
  • Nodes/Subagents: include agent/node/gateway context in tool failure logs and ensure subagent list uses the command session.

What matters for hosted operators

  • Validate channel delivery behavior (web chat + Telegram).
  • Verify model/provider settings and fallback behavior.
  • Run a smoke test after deploy: message flow, tool call, and response quality.

Post-upgrade checklist

  1. Send/receive test messages in active channels.
  2. Confirm bot settings and auth paths still behave as expected.
  3. Check billing/usage visibility and dashboard status.
  4. Log regressions immediately and keep rollback notes.

Related reading

Start your free 7-day Pro trial

Source

  • https://github.com/openclaw/openclaw/releases/tag/v2026.1.21

Get the free guide

Get the free plain-English PDF on the 10 costly mistakes people make when hosting an AI assistant themselves, plus a few short follow-up tips.

Ready to run OpenClaw without infrastructure headaches?

Start your free 7-day Pro trial on OpenClaw VPS and get a production-ready bot online with managed hosting, updates, and support.

Start your free 7-day Pro trialWhy OpenClaw VPS
Share this post

Related Posts

OpenClaw Troubleshooting Hub: BYOK, Web Chat, Telegram, and VPS Fixes

A troubleshooting hub for the most common OpenClaw VPS setup issues, from invalid BYOK keys to Telegram replies and private access confusion.

OpenClaw Tips and Tricks: Practical Setup, Hosting, and Workflow Guide

A plain-English hub for OpenClaw setup, VPS hosting, BYOK, Telegram, web chat, private access, security, troubleshooting, release notes, and first useful workflows.

Claude Opus 4.7: What It Means for Personal AI Assistants

Claude Opus 4.7 is Anthropic's latest Opus model, built for long-running asynchronous agents and carrying forward the coding and agentic focus of Opus 4.6.

Back to Blog

Free plain-English PDF

Get the free DIY VPS checklist

Before you host an AI assistant yourself, learn the 10 common mistakes that cause downtime, lost keys, missed alerts, and painful recovery work.

Send me the free PDF

We will send the plain-English PDF on the 10 costly mistakes people make when hosting an AI assistant themselves, plus short follow-up tips. Unsubscribe anytime.