vector store

openclaw update does not sync embedded openclaw copy in ~/.openclaw/extensions/node_modules/

[Bug] iMessage inbound messages not received - watch stream not working

mlx runner failed: Error: unsupported architecture: Gemma4ForConditionalGeneration

Bug: openclaw-cli cannot connect to gateway when bind=lan on Docker Desktop macOS (Apple Silicon)

When running the gateway with `gateway.bind=lan` inside Docker Desktop on macOS (Apple Silicon), the `openclaw-cli` container cannot connect to the gateway via WebSocket, making all CLI commands fail. This breaks the documented device pairing flow (`devices list` / `devices approve`).

[Bug]: AnthropicException 400 - vector_store_ids: Extra inputs are not permitted

[Bug]: OpenClaw v2026.3.13 still sends Ollama an oversized context window (~262144 / 265k), ignoring configured lower limits

OpenClaw `v2026.3.13` still appears to send an extremely large context window to Ollama (around `262144` / `265k`), even when a much lower context size is configured. This looks very similar to the previously reported issue about OpenClaw forcing or propagating an oversized context window to Ollama. Although that issue was marked as fixed, I can still reproduce the behavior on the latest version.

web_search broken — DuckDuckGo returns bot detection since 2026-03-30

[Bug]: Windows: allowFrom + security: standard does not enable auto-approval for remote commands

Environment | Component | Value | | ---------------- | ------------- | | OS | Windows 10/11 | | OpenClaw Version | 2026.4.1 | | Node.js | v25.7.0 | | Platform | win32 (x64) | ─── Description On Windows, even with security: standard and allowFrom configured, OpenClaw requires explicit approval for every command executed via Telegram. This makes remote management impractical. ─── Configuration { "security": "standard", "channels": { "telegram": { "enabled": true, "dmPolicy": "allowlist", "allowFrom": ["<telegram_user_id>"] } } } ─── Error Message Warning: allowlist auto-execution is unavailable on win32; explicit approval is required. Root Cause The restriction appears to be hardcoded: allowlist auto-execution is unavailable on win32; explicit approval is required ─── Impact • Remote management is impractical on Windows • Every command requires explicit approval • Telegram bot utility is severely limited ─── Suggested Fix

[Bug]: plugins install ignores --dangerously-force-unsafe-install (2026.4.2 d74a122)

`openclaw plugins install` still blocks installation on dangerous-code findings even when `--dangerously-force-unsafe-install` is provided. Plugin Github: https://github.com/albertbuchard/forge

CLI WebSocket handshake timeout - all CLI commands fail to connect gateway

All CLI commands (cron, config, doctor, etc.) fail to connect to the gateway via WebSocket with handshake timeout. The gateway itself runs normally - channel messaging (Feishu) and browser dashboard both work. Only CLI-gateway RPC connections are broken.

Integration: Cryptographic audit trails for agent actions with asqav

[Bug]: qmd boot update failed: Error: qmd update failed (code 1): file:///C:/software/nvm/v25.8.2/node_modules/@tobilu/qmd/bin/qmd:2 # Resolve symlinks so global installs (npm link / npm install -g) can find the ^

qmd版本2.0.1，openclaw版本20260401.集成qmd后运行报错qmd boot update failed: Error: qmd update failed (code 1): file:///C:/software/nvm/v25.8.2/node_modules/@tobilu/qmd/bin/qmd:2 # Resolve symlinks so global installs (npm link / npm install -g) can find the ^

ollama generate images failed in cuda 13.1

npm install -g shows deprecation warning for [email protected]

[Security] Memory content injected into system prompt without sanitization enables indirect prompt injection

The `LiteAgent` concatenates retrieved memory content directly into the system prompt without sanitization. If memory entries have been poisoned (e.g., via indirect prompt injection through tool outputs), an attacker can inject arbitrary instructions into the system prompt of future agent interactions. **Severity**: MEDIUM **Rule**: AGENT-010 — Unsanitized External Content in Agent Prompt **OWASP Agentic Security Index**: ASI-01 — Prompt Injection **Affected files**: - `lib/crewai/src/crewai/lite_agent.py` (lines 568-581)

[Security] crewai create ships template with eval() on unsanitized LLM input

The `AGENTS.md` template bundled with CrewAI's project scaffolding (`crewai create`) includes a Calculator tool example that uses `eval()` on LLM-provided input, creating a remote code execution vulnerability in every new CrewAI project that follows the template. **Severity**: MEDIUM **Rule**: AGENT-053 — Unsafe Code Execution Pattern in Template **OWASP Agentic Security Index**: ASI-09 — Improper Output Handling **Affected files**: - `lib/crewai/src/crewai/cli/templates/AGENTS.md` (line 773)

[Bug]: Azure GPT-5.2 chat rejects leaked vector_store_ids from extra_body passthrough

When routing Azure GPT-5.2 chat requests through LiteLLM, `vector_store_ids` can leak into provider payload via `extra_body`, causing Azure to reject the request with: `litellm.BadRequestError: AzureException BadRequestError - Unknown parameter: 'vector_store_ids'`

Bug: Anthropic OAuth refresh intermittently fails across chats/topics

lossless-claw: orphaned tool_use blocks in lcm.db after model switch cause permanent Anthropic API failures

When switching from a non-Anthropic model (e.g. MiniMax M2.7) to an Anthropic model (e.g. Claude Sonnet) mid-conversation, an orphaned \`tool_use\` block gets written to \`lcm.db\` without a corresponding \`tool_result\`. Every subsequent Anthropic API request for that channel then fails permanently with: \`\`\` LLM request rejected: messages.N: tool_use ids were found without tool_result blocks immediately after: <id>. Each tool_use block must have a corresponding tool_result block in the next message. \`\`\`

GatewayDrainingError should auto-retry, not surface to user