Skip to content
OpenClaw VPS
Archived update

This post is kept for reference, but it is not part of the main hosted OpenClaw VPS blog feed.

OpenClaw 2026.1.29 โ€” What Shipped (Operator Guide)

Operator-focused summary of OpenClaw 2026.1.29: what shipped, what matters for hosted bots, and what to check after upgrade.

Jason Cochran
January 30, 2026
#openclaw#release-notes#operator-guide#update

This post covers what shipped in v2026.1.29 and what it means for OpenClaw VPS operators.

What shipped

Status: stable.

Changes

  • Rebrand: rename the npm package/CLI to openclaw, add a openclaw compatibility shim, and move extensions to the @openclaw/* scope.
  • Onboarding: strengthen security warning copy for beta + access control expectations.
  • Onboarding: add Venice API key to non-interactive flow. (#1893) Thanks @jonisjongithub.
  • Config: auto-migrate legacy state/config paths and keep config resolution consistent across legacy filenames.
  • Gateway: warn on hook tokens via query params; document header auth preference. (#2200) Thanks @YuriNachos.
  • Gateway: add dangerous Control UI device auth bypass flag + audit warnings. (#2248)
  • Doctor: warn on gateway exposure without auth. (#2016) Thanks @Alex-Alaniz.
  • Web UI: keep sub-agent announce replies visible in WebChat. (#1977) Thanks @andrescardonas7.
  • Browser: route browser control via gateway/node; remove standalone browser control command and control URL config.
  • Browser: route browser.request via node proxies when available; honor proxy timeouts; derive browser ports from gateway.port.
  • Browser: fall back to URL matching for extension relay target resolution. (#1999) Thanks @jonit-dev.
  • Telegram: allow caption param for media sends. (#1888) Thanks @mguellsegarra.
  • Telegram: support plugin sendPayload channelData (media/buttons) and validate plugin commands. (#1917) Thanks @JoshuaLelon.
  • Telegram: avoid block replies when streaming is disabled. (#1885) Thanks @ivancasco.
  • Telegram: add optional silent send flag (disable notifications). (#2382) Thanks @Suksham-sharma.
  • Telegram: support editing sent messages via message(action="edit"). (#2394) Thanks @marcelomar21.
  • Telegram: support quote replies for message tool and inbound context. (#2900) Thanks @aduk059.
  • Telegram: add sticker receive/send with vision caching. (#2629) Thanks @longjos.
  • Telegram: send sticker pixels to vision models. (#2650)
  • Telegram: keep topic IDs in restart sentinel notifications. (#1807) Thanks @hsrvc.
  • Discord: add configurable privileged gateway intents for presences/members. (#2266) Thanks @kentaro.
  • Slack: clear ack reaction after streamed replies. (#2044) Thanks @fancyboi999.
  • Matrix: switch plugin SDK to @vector-im/matrix-bot-sdk.
  • Tlon: format thread reply IDs as @ud. (#1837) Thanks @wca4a.
  • Tools: add per-sender group tool policies and fix precedence. (#1757) Thanks @adam91holt.
  • Agents: summarize dropped messages during compaction safeguard pruning. (#2509) Thanks @jogi47.
  • Agents: expand cron tool description with full schema docs. (#1988) Thanks @tomascupr.
  • Agents: honor tools.exec.safeBins in exec allowlist checks. (#2281)
  • Memory Search: allow extra paths for memory indexing (ignores symlinks). (#3600) Thanks @kira-ariaki.
  • Skills: add multi-image input support to Nano Banana Pro skill. (#1958) Thanks @tyler6204.
  • Skills: add missing dependency metadata for GitHub, Notion, Slack, Discord. (#1995) Thanks @jackheuberger.
  • Commands: group /help and /commands output with Telegram paging. (#2504) Thanks @hougangdev.
  • Routing: add per-account DM session scope and document multi-account isolation. (#3095) Thanks @jarvis-sam.
  • Routing: precompile session key regexes. (#1697) Thanks @Ray0907.
  • CLI: use Node's module compile cache for faster startup. (#2808) Thanks @pi0.
  • Auth: show copyable Google auth URL after ASCII prompt. (#1787) Thanks @robbyczgw-cla.
  • TUI: avoid width overflow when rendering selection lists. (#1686) Thanks @mossein.
  • macOS: finish OpenClaw app rename for macOS sources, bundle identifiers, and shared kit paths. (#2844) Thanks @fal3.
  • Branding: update launchd labels, mobile bundle IDs, and logging subsystems to bot.molt (legacy com.clawdbot migrations). Thanks @thewilloftheshadow.
  • macOS: limit project-local node_modules/.bin PATH preference to debug builds (reduce PATH hijacking risk).
  • macOS: keep custom SSH usernames in remote target. (#2046) Thanks @algal.
  • macOS: avoid crash when rendering code blocks by bumping Textual to 0.3.1. (#2033) Thanks @garricn.
  • Update: ignore dist/control-ui for dirty checks and restore after ui builds. (#1976) Thanks @Glucksberg.
  • Build: bundle A2UI assets during build and stop tracking generated bundles. (#2455) Thanks @0oAstro.
  • CI: increase Node heap size for macOS checks. (#1890) Thanks @realZachi.
  • Config: apply config.env before ${VAR} substitution. (#1813) Thanks @spanishflu-est1918.
  • Gateway: prefer newest session metadata when combining stores. (#1823) Thanks @emanuelst.
  • Docs: tighten Fly private deployment steps. (#2289) Thanks @dguido.
  • Docs: add migration guide for moving to a new machine. (#2381)
  • Docs: add Northflank one-click deployment guide. (#2167) Thanks @AdeboyeDN.
  • Docs: add Vercel AI Gateway to providers sidebar. (#1901) Thanks @jerilynzheng.
  • Docs: add Render deployment guide. (#1975) Thanks @anurag.
  • Docs: add Claude Max API Proxy guide. (#1875) Thanks @atalovesyou.
  • Docs: add DigitalOcean deployment guide. (#1870) Thanks @0xJonHoldsCrypto.
  • Docs: add Oracle Cloud (OCI) platform guide + cross-links. (#2333) Thanks @hirefrank.
  • Docs: add Raspberry Pi install guide. (#1871) Thanks @0xJonHoldsCrypto.
  • Docs: add GCP Compute Engine deployment guide. (#1848) Thanks @hougangdev.
  • Docs: add LINE channel guide. Thanks @thewilloftheshadow.
  • Docs: credit both contributors for Control UI refresh. (#1852) Thanks @EnzeD.
  • Docs: keep docs header sticky so navbar stays visible while scrolling. (#2445) Thanks @chenyuan99.
  • Docs: update exe.dev install instructions. (#3047) Thanks @zackerthescar.

Breaking

  • BREAKING: Gateway auth mode "none" is removed; gateway now requires token/password (Tailscale Serve identity still allowed).

Fixes

  • Telegram: avoid silent empty replies by tracking normalization skips before fallback. (#3796)
  • Mentions: honor mentionPatterns even when explicit mentions are present. (#3303) Thanks @HirokiKobayashi-R.
  • Discord: restore username directory lookup in target resolution. (#3131) Thanks @bonald.
  • Agents: align MiniMax base URL test expectation with default provider config. (#3131) Thanks @bonald.
  • Agents: prevent retries on oversized image errors and surface size limits. (#2871) Thanks @Suksham-sharma.
  • Agents: inherit provider baseUrl/api for inline models. (#2740) Thanks @lploc94.
  • Memory Search: keep auto provider model defaults and only include remote when configured. (#2576) Thanks @papago2355.
  • Telegram: include AccountId in native command context for multi-agent routing. (#2942) Thanks @Chloe-VP.
  • Telegram: handle video note attachments in media extraction. (#2905) Thanks @mylukin.
  • TTS: read OPENAITTSBASE_URL at runtime instead of module load to honor config.env. (#3341) Thanks @hclsys.
  • macOS: auto-scroll to bottom when sending a new message while scrolled up. (#2471) Thanks @kennyklee.
  • Web UI: auto-expand the chat compose textarea while typing (with sensible max height). (#2950) Thanks @shivamraut101.
  • Gateway: prevent crashes on transient network errors (fetch failures, timeouts, DNS). Added fatal error detection to only exit on truly critical errors. Fixes #2895, #2879, #2873. (#2980) Thanks @elliotsecops.
  • Agents: guard channel tool listActions to avoid plugin crashes. (#2859) Thanks @mbelinky.
  • Discord: stop resolveDiscordTarget from passing directory params into messaging target parsers. Fixes #3167. Thanks @thewilloftheshadow.
  • Discord: avoid resolving bare channel names to user DMs when a username matches. Thanks @thewilloftheshadow.
  • Discord: fix directory config type import for target resolution. Thanks @thewilloftheshadow.
  • Providers: update MiniMax API endpoint and compatibility mode. (#3064) Thanks @hlbbbbbbb.
  • Telegram: treat more network errors as recoverable in polling. (#3013) Thanks @ryancontent.
  • Discord: resolve usernames to user IDs for outbound messages. (#2649) Thanks @nonggialiang.
  • Providers: update Moonshot Kimi model references to kimi-k2.5. (#2762) Thanks @MarvinCui.
  • Gateway: suppress AbortError and transient network errors in unhandled rejections. (#2451) Thanks @Glucksberg.
  • TTS: keep /tts status replies on text-only commands and avoid duplicate block-stream audio. (#2451) Thanks @Glucksberg.
  • Security: pin npm overrides to keep [email protected] for install toolchains.
  • Security: properly test Windows ACL audit for config includes. (#2403) Thanks @dominicnunez.
  • CLI: recognize versioned Node executables when parsing argv. (#2490) Thanks @David-Marsh-Photo.
  • CLI: avoid prompting for gateway runtime under the spinner. (#2874)
  • BlueBubbles: coalesce inbound URL link preview messages. (#1981) Thanks @tyler6204.
  • Cron: allow payloads containing "heartbeat" in event filter. (#2219) Thanks @dwfinkelstein.
  • CLI: avoid loading config for global help/version while registering plugin commands. (#2212) Thanks @dial481.
  • Agents: include memory.md when bootstrapping memory context. (#2318) Thanks @czekaj.
  • Agents: release session locks on process termination and cover more signals. (#2483) Thanks @janeexai.
  • Agents: skip cooldowned providers during model failover. (#2143) Thanks @YiWang24.
  • Telegram: harden polling + retry behavior for transient network errors and Node 22 transport issues. (#2420) Thanks @techboss.
  • Telegram: ignore non-forum group messagethreadid while preserving DM thread sessions. (#2731) Thanks @dylanneve1.
  • Telegram: wrap reasoning italics per line to avoid raw underscores. (#2181) Thanks @YuriNachos.
  • Telegram: centralize API error logging for delivery and bot calls. (#2492) Thanks @altryne.
  • Voice Call: enforce Twilio webhook signature verification for ngrok URLs; disable ngrok free tier bypass by default.
  • Security: harden Tailscale Serve auth by validating identity via local tailscaled before trusting headers.
  • Media: fix text attachment MIME misclassification with CSV/TSV inference and UTF-16 detection; add XML attribute escaping for file output. (#3628) Thanks @frankekn.
  • Build: align memory-core peer dependency with lockfile.
  • Security: add mDNS discovery mode with minimal default to reduce information disclosure. (#1882) Thanks @orlyjamie.
  • Security: harden URL fetches with DNS pinning to reduce rebinding risk. Thanks Chris Zheng.
  • Web UI: improve WebChat image paste previews and allow image-only sends. (#1925) Thanks @smartprogrammer93.
  • Security: wrap external hook content by default with a per-hook opt-out. (#1827) Thanks @mertcicekci0.
  • Gateway: default auth now fail-closed (token/password required; Tailscale Serve identity remains allowed).
  • Gateway: treat loopback + non-local Host connections as remote unless trusted proxy headers are present.
  • Onboarding: remove unsupported gateway auth "off" choice from onboarding/configure flows and CLI flags.

What matters for hosted operators

  • Validate channel delivery behavior (web chat + Telegram).
  • Verify model/provider settings and fallback behavior.
  • Run a smoke test after deploy: message flow, tool call, and response quality.

Post-upgrade checklist

  1. Send/receive test messages in active channels.
  2. Confirm bot settings and auth paths still behave as expected.
  3. Check billing/usage visibility and dashboard status.
  4. Log regressions immediately and keep rollback notes.

Related reading

Start your free 7-day Pro trial

Source

  • https://github.com/openclaw/openclaw/releases/tag/v2026.1.29

Get the free guide

Get the free plain-English PDF on the 10 costly mistakes people make when hosting an AI assistant themselves, plus a few short follow-up tips.

Ready to run OpenClaw without infrastructure headaches?

Start your free 7-day Pro trial on OpenClaw VPS and get a production-ready bot online with managed hosting, updates, and support.

Start your free 7-day Pro trialWhy OpenClaw VPS
Share this post

Related Posts

OpenClaw Troubleshooting Hub: BYOK, Web Chat, Telegram, and VPS Fixes

A troubleshooting hub for the most common OpenClaw VPS setup issues, from invalid BYOK keys to Telegram replies and private access confusion.

OpenClaw Tips and Tricks: Practical Setup, Hosting, and Workflow Guide

A plain-English hub for OpenClaw setup, VPS hosting, BYOK, Telegram, web chat, private access, security, troubleshooting, release notes, and first useful workflows.

Claude Opus 4.7: What It Means for Personal AI Assistants

Claude Opus 4.7 is Anthropic's latest Opus model, built for long-running asynchronous agents and carrying forward the coding and agentic focus of Opus 4.6.

Back to Blog

Free plain-English PDF

Get the free DIY VPS checklist

Before you host an AI assistant yourself, learn the 10 common mistakes that cause downtime, lost keys, missed alerts, and painful recovery work.

Send me the free PDF

We will send the plain-English PDF on the 10 costly mistakes people make when hosting an AI assistant themselves, plus short follow-up tips. Unsubscribe anytime.