From 8038ecd593fc7f435bac3d9b7b116b8d939c66db Mon Sep 17 00:00:00 2001
From: tboydar-agent <tboydar-agent@users.noreply.github.com>
Date: Wed, 6 May 2026 08:03:52 +0800
Subject: [PATCH] release-notes: add v2026.5.4 (2026-05-04)

---
 release-notes/2026-05-04.md | 463 ++++++++++++++++++++++++++++++++++++
 1 file changed, 463 insertions(+)
 create mode 100644 release-notes/2026-05-04.md

diff --git a/release-notes/2026-05-04.md b/release-notes/2026-05-04.md
new file mode 100644
index 0000000..1273eee
--- /dev/null
+++ b/release-notes/2026-05-04.md
@@ -0,0 +1,463 @@
+# OpenClaw v2026.05.04 版本發佈說明
+
+[GitHub Release](https://github.com/openclaw/openclaw/releases/tag/v2026.5.4)
+
+## ⚠️ 升級前必讀
+
+### Breaking Changes 摘要
+
+| 項目 | 影響 | 行動 |
+|------|------|------|
+| Google Meet 預設模式改為 `agent` | `mode: "realtime"` 不再是預設值，改為 `mode: "agent"`（STT → OpenClaw agent → TTS 路徑） | 如需直接 bidirectional realtime voice，改設 `mode: "bidi"`；`mode: "realtime"` 仍接受為 agent 的相容別名 |
+| Google Meet realtime 設定重構 | `realtime.provider` 拆分為 `realtime.transcriptionProvider` 與 bidi voice provider | 執行 `openclaw doctor --fix` 自動遷移 legacy Gemini Live bidi 設定 |
+| Plugin providers 預設尊重 restrictive allowlist | 新設定檔的 bundled provider discovery 預設遵守 `plugins.allow` | Legacy 設定檔由 `doctor --fix` 遷移為 `plugins.bundledDiscovery: "compat"` 以保留升級行為 |
+
+### 新功能亮點
+
+- **Google Meet/Voice Call Twilio 整合** — Twilio dial-in 透過 realtime Gemini voice bridge 發言，支援 paced audio streaming 與 barge-in queue clearing ([#77064](https://github.com/openclaw/openclaw/pull/77064))
+- **Google Meet Agent Mode 預設化** — STT → OpenClaw agent → TTS 成為預設路徑，`mode: "bidi"` 保留直接 realtime voice
+- **Exec Approvals Shell 解析器** — tree-sitter 支援的命令解釋器，為未來 approval 表面提供結構化理解 ([#75004](https://github.com/openclaw/openclaw/pull/75004))
+- **Plugin SDK `before_agent_finalize` 重試** — workflow plugin 可要求額外一次 model pass
+- **Discord degraded transport 偵測** — `openclaw channels status` 與 `openclaw status --deep` 可顯示 Discord 連線退化狀態 ([#76327](https://github.com/openclaw/openclaw/pull/76327))
+
+---
+
+## 概覽
+
+### 功能更新 (Features)
+
+- ⭐⭐⭐ Google Meet/Voice Call Twilio 整合：透過 realtime Gemini voice bridge 發言 ([#77064](https://github.com/openclaw/openclaw/pull/77064))
+- ⭐⭐⭐ Google Meet Agent Mode：STT → OpenClaw agent → TTS 成為預設路徑，取代直接 realtime voice
+- ⭐⭐⭐ Exec Approvals Shell 解析器：tree-sitter 支援的命令解釋器 ([#75004](https://github.com/openclaw/openclaw/pull/75004))
+- ⭐⭐ Gateway 效能優化：延遲非必要 sidecar、避免 jiti source-transform、fast-path bundled plugin metadata
+- ⭐⭐ Plugin Install/Update 強化：trusted source-linked installs、ClawHub fallback、CalVer correction 支援
+- ⭐⭐ Plugin SDK `before_agent_finalize`：workflow plugin 可要求額外 model pass
+- ⭐⭐ Plugin SDK SessionEntry slot projection：plugin-owned session extension reads ([#75609](https://github.com/openclaw/openclaw/pull/75609))
+- ⭐⭐ WhatsApp Channel/Newsletter 目標：支援 `@newsletter` 外送訊息 ([#13417](https://github.com/openclaw/openclaw/issues/13417))
+- ⭐⭐ Discord degraded transport 偵測 ([#76327](https://github.com/openclaw/openclaw/pull/76327))
+- ⭐⭐ Providers/OpenRouter cache 與 attribution：`X-OpenRouter-Cache` headers 與 app-attribution
+- ⭐⭐ Agents/performance：workspace-scoped plugin metadata snapshot reuse ([#77519](https://github.com/openclaw/openclaw/pull/77519), [#77532](https://github.com/openclaw/openclaw/pull/77532))
+- ⭐⭐ Plugins/performance：unscoped model catalog reuse plugin metadata snapshot ([#77519](https://github.com/openclaw/openclaw/pull/77519), [#77532](https://github.com/openclaw/openclaw/pull/77532))
+- ⭐⭐ Sandbox Shard 檔案：per-runtime shard 降低 session lock 爭用 ([#74831](https://github.com/openclaw/openclaw/pull/74831))
+- ⭐⭐ Control UI/chat 改善：agent-first filter、響應式佈局、重複訊息折疊
+- ⭐⭐ Control UI/cron：New Job sidebar 可收合
+- ⭐⭐ Control UI/Talk 修復：failed Talk session 可 dismiss 與 retry
+- ⭐⭐ Streaming progress 統一：cap progress-draft tool lines、compact explain-mode 預設
+- ⭐⭐ Slack streaming rich progress：`streaming.progress.render: "rich"` ([#76327](https://github.com/openclaw/openclaw/pull/76327))
+- ⭐⭐ QA/Mantis Slack desktop smoke：Crabbox VNC 桌面內 Slack QA
+- ⭐⭐ `openclaw models auth list`：檢視 per-agent auth profiles
+- ⭐ Agents/verbose compact tool summaries：`agents.defaults.toolProgressDetail: "raw"` 覆蓋
+- ⭐ Plugins/migration install hints：未安裝的 official plugin 自動提示 ([#77483](https://github.com/openclaw/openclaw/pull/77483))
+- ⭐ Secrets/apply preserve keyRef：SecretRef metadata 不再遺失
+- ⭐ Secrets/external channel contracts：`dist/` 路徑支援
+- ⭐ Config/plugin auto-enable：WeCom/Yuanbao 別名解析
+- ⭐ Plugins/active-memory：QQ c2c agent ID 跳過驗證 ([#77396](https://github.com/openclaw/openclaw/pull/77396))
+- ⭐ Plugins/ClawHub 429 註解：RateLimit-Reset 與認證提示
+- ⭐ Plugins/runtime state `registerIfAbsent`：atomic keyed-store dedupe
+- ⭐ Docs/IRC 安全說明
+- ⭐ Gateway/diagnostics：startup phase spans 與 sync-I/O tracing
+
+### 安全性提升 (Security)
+
+- ⭐⭐⭐ Windows `SystemRoot`/`WINDIR` 驗證：workspace `.env` 無法重導向 ACL/registry 工具 ([#74458](https://github.com/openclaw/openclaw/pull/74458), [#74454](https://github.com/openclaw/openclaw/pull/74454))
+- ⭐⭐⭐ Windows `LOCALAPPDATA` 封鎖：workspace `.env` 無法重導向 Git 發現路徑 ([#77470](https://github.com/openclaw/openclaw/pull/77470))
+- ⭐⭐⭐ Windows `.cmd`/`.bat` 安裝根解析：`ComSpec` 不再可被 workspace dotenv 劫持 ([#77472](https://github.com/openclaw/openclaw/pull/77472))
+- ⭐⭐ Browser SSRF current-URL checks：tab-scoped debug/export/read 路由先檢查 URL policy ([#75731](https://github.com/openclaw/openclaw/pull/75731))
+- ⭐⭐ WebSocket auth scopes 限制 ([#77413](https://github.com/openclaw/openclaw/pull/77413))
+- ⭐⭐ Device pairing scope 要求 ([#76377](https://github.com/openclaw/openclaw/pull/76377))
+- ⭐⭐ QQBot private commands 封鎖 ([#77212](https://github.com/openclaw/openclaw/pull/77212))
+- ⭐⭐ Backend message action routing 硬化 ([#76374](https://github.com/openclaw/openclaw/pull/76374))
+- ⭐⭐ QQBot streaming command auth 閘控 ([#76375](https://github.com/openclaw/openclaw/pull/76375))
+- ⭐⭐ Gateway loopback listener Windows：僅綁定 `127.0.0.1` ([#69701](https://github.com/openclaw/openclaw/pull/69701))
+- ⭐ iOS pairing：拒絕 non-loopback `ws://` setup URLs
+- ⭐ Control UI/media scoped tickets：assistant media 不再暴露長效 auth tokens ([#70830](https://github.com/openclaw/openclaw/issues/70830), [#77097](https://github.com/openclaw/openclaw/issues/77097))
+- ⭐ Proxy direct forwarding 封鎖：managed proxy 模式下停用直接連線
+- ⭐ APNs managed proxy 路由 ([#74905](https://github.com/openclaw/openclaw/pull/74905))
+
+### 錯誤修復 (Bug Fixes)
+
+- ⭐⭐⭐ Post-compaction loop guard：context-overflow + compaction 無法打破的 tool loop 自動中止 ([#77474](https://github.com/openclaw/openclaw/issues/77474))
+- ⭐⭐⭐ Agents/tools embedded-runner allowlists：cron/subagent 不再缺少工具 ([#77519](https://github.com/openclaw/openclaw/pull/77519), [#77532](https://github.com/openclaw/openclaw/pull/77532))
+- ⭐⭐⭐ Plugin Install/Update 全面修復：beta channel、npm/ClawHub fallback、CalVer correction、stale path cleanup
+- ⭐⭐⭐ Channels/Streaming 修復：Discord/Telegram/Matrix/Slack/Teams/Feishu/Mattermost streaming 與 progress draft
+- ⭐⭐⭐ Google Meet 全面修復：agent mode、Chrome talk-back、realtime echo suppression、audio buffer
+- ⭐⭐ Gateway startup provider plugins：generation defaults 設定後重啟不再遺失 ([#77244](https://github.com/openclaw/openclaw/issues/77244))
+- ⭐⭐ Agents/cache prompt-cache reuse：per-turn runtime context 不再破壞 prompt cache ([#77431](https://github.com/openclaw/openclaw/issues/77431))
+- ⭐⭐ Docker compose macOS 修復：host workspace path 不再洩漏進 container ([#77436](https://github.com/openclaw/openclaw/issues/77436))
+- ⭐⭐ Doctor/config 全面修復：auth profiles、legacy group chat migration、stale session cleanup
+- ⭐⭐ Plugin runtime-deps `json5`：memory-core plugin 沙盒可解析 JSON5 ([#77461](https://github.com/openclaw/openclaw/issues/77461))
+- ⭐⭐ Agents/subagents 完整性：保留 grouped child results、refresh deferred payloads
+- ⭐⭐ Gateway/update auth probe：token/device-auth VPS 不再誤報 unhealthy ([#77530](https://github.com/openclaw/openclaw/issues/77530))
+- ⭐⭐ CLI/update stability：broken plugin 不再導致更新失敗
+- ⭐⭐ Discord IPv4 preference：IPv4-only 網路不再卡在 READY 前 ([#77398](https://github.com/openclaw/openclaw/issues/77398))
+- ⭐⭐ Telegram streaming 修復：preview reuse、backtick sanitization、forum-topic mention gates
+- ⭐⭐ Active Memory recall 修復：latest-message search query 與 memory corpus balance ([#65309](https://github.com/openclaw/openclaw/issues/65309), [#77337](https://github.com/openclaw/openclaw/issues/77337))
+- ⭐⭐ Cron diagnostics：blocked runs 顯示實際 tool-policy 失敗 ([#75763](https://github.com/openclaw/openclaw/issues/75763))
+- ⭐⭐ CLI/sessions pagination：預設最多 100 行，`--limit` 支援 ([#77500](https://github.com/openclaw/openclaw/issues/77500))
+- ⭐⭐ Gateway/chat sequential sends：`ReplyRunAlreadyActiveError` 修復 ([#77485](https://github.com/openclaw/openclaw/issues/77485))
+- ⭐⭐ Codex app-server：OAuth、sanitization、image paths、failed tool results
+- ⭐⭐ Providers/OpenAI SSE 預設：WebSocket stall 時改用 HTTP stream
+- ⭐⭐ Providers/OpenRouter DeepSeek V4 thinking levels：`max` → `xhigh` 映射 ([#77350](https://github.com/openclaw/openclaw/issues/77350))
+- ⭐⭐ Providers/DeepSeek V4 thinking levels：`xhigh` 與 `max` 暴露於 lightweight provider-policy ([#77139](https://github.com/openclaw/openclaw/issues/77139))
+- ⭐ Claude CLI `/think` levels：`--effort` flag 正確傳遞 ([#77303](https://github.com/openclaw/openclaw/issues/77303))
+- ⭐ Windows temp path 修復：使用 `%TEMP%` 而非 `C:\tmp\openclaw` ([#60713](https://github.com/openclaw/openclaw/issues/60713))
+- ⭐ Windows media EPERM 修復：read/write 開啟後 fsync ([#76593](https://github.com/openclaw/openclaw/pull/76593))
+- ⭐ TUI escape abort：按 Esc 可正確中止運行 ([#1296](https://github.com/openclaw/openclaw/issues/1296))
+- ⭐ TUI render：long-token sanitizer 不再破壞 inline code 與 table borders ([#48432](https://github.com/openclaw/openclaw/issues/48432), [#39505](https://github.com/openclaw/openclaw/issues/39505))
+- ⭐ Agents/media double-send 修復：image/video/music 不再重複發送
+- ⭐ Plugin skills discovery：plugin-declared skills 可被 agent 發現 ([#77296](https://github.com/openclaw/openclaw/issues/77296))
+- ⭐ Control UI/media scoped tickets：assistant media URLs 使用短期 ticket ([#70830](https://github.com/openclaw/openclaw/issues/70830))
+- ⭐ Gateway/logging：`~` 開頭的 log path 正確展開 ([#73587](https://github.com/openclaw/openclaw/issues/73587))
+- ⭐ WhatsApp login QR routing：QR 不再遺失 ([#76213](https://github.com/openclaw/openclaw/issues/76213))
+- ⭐ WhatsApp onboarding canonicalization：allowlist 正確匹配 ([#13417](https://github.com/openclaw/openclaw/issues/13417))
+
+---
+
+## 功能更新 (Features) 詳細說明
+
+### ⭐⭐⭐ Google Meet/Voice Call Twilio 整合 ([#77064](https://github.com/openclaw/openclaw/pull/77064))
+
+- **用途**: 讓 Twilio dial-in 的 Meet 參與者透過 realtime Gemini voice bridge 發言，支援 paced audio streaming、backpressure-aware buffering 與 barge-in queue clearing
+- **解決問題**: 先前 Twilio dial-in 使用 TwiML fallback，語音回應延遲高且不支援即時打斷
+- **影響**: Meet 參與者獲得更快、更自然的語音 agent 體驗
+
+```text
+[Twilio Dial-in] → [Paced Audio Queue] → [Realtime Gemini Voice Bridge]
+                            ↓                       ↓
+                   [Backpressure Guard]    [Barge-in Queue Clear]
+                            ↓                       ↓
+                   [No TwiML Fallback]     [Snappier Voice Agent]
+```
+
+### ⭐⭐⭐ Google Meet Agent Mode 預設化
+
+- **用途**: STT → OpenClaw agent → TTS 成為預設的 Meet 語音路徑；`mode: "bidi"` 保留直接 realtime voice；`mode: "realtime"` 為相容別名
+- **解決問題**: 先前預設的 direct realtime voice fallback 不穩定，且 agent 處理能力未充分利用
+- **影響**: 新的 Meet 加入預設走 agent 路徑，語音回應更可靠且可使用完整 OpenClaw agent 能力
+
+```text
+[Meet Participant Speech]
+         ↓
+[Realtime Transcription (STT)]
+         ↓
+[OpenClaw Agent Processing]
+         ↓
+[TTS Speech Output] → [Chrome Talk-back / Twilio Dial-out]
+```
+
+### ⭐⭐⭐ Exec Approvals Shell 解析器 ([#75004](https://github.com/openclaw/openclaw/pull/75004))
+
+- **用途**: 使用 tree-sitter 支援的 shell 命令解釋器，為 approval 與 command-review 表面提供結構化理解
+- **解決問題**: 先前 approval 系統缺乏精確的 shell 命令結構理解，無法可靠辨識 `env -S`、`exec` 等命令載體
+- **影響**: 未來的 approval 表面能更精確地解釋與展示 shell 命令
+
+```text
+[Shell Command Input]
+         ↓
+[Tree-sitter Parser]
+         ↓
+[Structured AST]
+         ↓
+[Approval / Command Review UI]
+```
+
+### ⭐⭐ Gateway 效能優化
+
+- **用途**: 延遲非必要 sidecars 至 ready signal 後、避免 hot-path barrel imports、fast-path bundled plugin metadata、避免 jiti source-transform cost
+- **影響**: Gateway 啟動更快、benchmark plugin-load 與 memory pressure 降低
+
+### ⭐⭐ Plugin Install/Update 強化
+
+- **用途**: trusted source-linked installs、ClawHub↔npm fallback、CalVer correction 版本支援、stale bundled load path 清理、beta channel fallback、legacy install-runtime aliases
+- **影響**: Plugin 更新流程更穩健，跨版本遷移更順暢
+
+### ⭐⭐ Plugin SDK `before_agent_finalize`
+
+- **用途**: Workflow plugin 可透過 bounded retry instructions 要求額外一次 model pass
+- **影響**: Plugin 可在 agent finalize 前插入額外處理邏輯
+
+### ⭐⭐ Plugin SDK SessionEntry Slot Projection ([#75609](https://github.com/openclaw/openclaw/pull/75609))
+
+- **用途**: Plugin-owned session entry slot projection 與 scoped trusted-policy session extension reads
+- **影響**: Plugin 可更精確地存取與管理 session 資料
+
+### ⭐⭐ WhatsApp Channel/Newsletter 目標 ([#13417](https://github.com/openclaw/openclaw/issues/13417))
+
+- **用途**: 支援 `@newsletter` 外送訊息目標，使用 channel session metadata 而非 DM routing
+- **影響**: 可直接發送訊息至 WhatsApp Channel/Newsletter
+
+### ⭐⭐ Discord Degraded Transport 偵測 ([#76327](https://github.com/openclaw/openclaw/pull/76327))
+
+- **用途**: 在 `openclaw channels status`、`openclaw status --deep` 與 fetch-timeout logs 中顯示 Discord transport 退化與 gateway event-loop starvation 信號
+- **影響**: 間歇性 socket reset 不再偽裝為健康的運行頻道
+
+### ⭐⭐ Providers/OpenRouter Cache 與 Attribution
+
+- **用途**: Opt-in response caching params 發送 `X-OpenRouter-Cache` headers；擴展 app-attribution categories
+- **影響**: OpenRouter 用戶可啟用快取降低成本與延遲
+
+### ⭐⭐ Agents/Performance 與 Plugins/Performance ([#77519](https://github.com/openclaw/openclaw/pull/77519), [#77532](https://github.com/openclaw/openclaw/pull/77532))
+
+- **用途**: Workspace-scoped plugin metadata snapshot reuse，避免重複 cold plugin metadata scans
+- **影響**: Hot control-plane paths 與 model catalog reads 效能提升
+
+### ⭐⭐ Sandbox Shard 檔案 ([#74831](https://github.com/openclaw/openclaw/pull/74831))
+
+- **用途**: Sandbox container 與 browser registry entries 改為 per-runtime shard files
+- **影響**: 減少無關 session 的 lock 爭用；`doctor --fix` 自動遷移 monolithic registry
+
+### ⭐⭐ Control UI/chat 改善
+
+- **用途**: Agent-first filter、響應式 phone/tablet/desktop 佈局、重複訊息折疊、session switch 反饋
+- **影響**: 大幅改善多裝置使用體驗
+
+### ⭐⭐ Control UI/Talk 修復
+
+- **用途**: Failed Talk startup 可 dismiss、stale error state 清除、retry on next click
+- **影響**: Missing voice provider 設定不再留下永久 banner
+
+### ⭐⭐ Streaming Progress 統一
+
+- **用途**: Cap progress-draft tool lines 預設值、compact explain-mode 預設、`toolProgressDetail: "raw"` 覆蓋
+- **影響**: Progress boxes 不再因長行跳動
+
+### ⭐⭐ Slack Streaming Rich Progress ([#76327](https://github.com/openclaw/openclaw/pull/76327))
+
+- **用途**: `streaming.progress.render: "rich"` 支援 Block Kit progress drafts
+- **影響**: Slack 的 streaming progress 可展示結構化進度
+
+### ⭐⭐ `openclaw models auth list`
+
+- **用途**: 檢視 per-agent auth profiles 而不洩漏 secrets
+- **影響**: 方便排查 auth 設定問題
+
+### ⭐ Agents/Verbose Compact Tool Summaries
+
+- **用途**: `/verbose` 與 progress drafts 使用 compact explain-mode，`toolProgressDetail: "raw"` 可切換回 raw output
+- **影響**: 預設更簡潔，調試時可切換
+
+---
+
+## 安全性提升 (Security) 詳細說明
+
+### ⭐⭐⭐ Windows `SystemRoot`/`WINDIR` 驗證 ([#74458](https://github.com/openclaw/openclaw/pull/74458), [#74454](https://github.com/openclaw/openclaw/pull/74454))
+
+- **用途**: 透過 Windows install-root validator 驗證 `SystemRoot`/`WINDIR`，並加入 dangerous-host-env policy
+- **解決問題**: Workspace `.env` 可重導向 `icacls.exe`/`whoami.exe`/`reg.exe` 至攻擊者控制的二進位
+- **影響**: Windows host detection 不再可被 workspace 環境變數劫持
+
+```text
+[Workspace .env] → [Env Validator] → [Dangerous-host-env Policy]
+                         ↓                    ↓
+               [Block override]    [Pin to install root]
+                         ↓                    ↓
+               [icacls/reg.exe 安全]  [registry queries 安全]
+```
+
+### ⭐⭐⭐ Windows `LOCALAPPDATA` 封鎖 ([#77470](https://github.com/openclaw/openclaw/pull/77470))
+
+- **用途**: 從 workspace `.env` 封鎖 `LOCALAPPDATA`，並從 trusted process-local 解析 portable Git path
+- **解決問題**: Workspace-supplied values 可重導向 `git` discovery 至惡意路徑
+- **影響**: `openclaw update` 的 Git 發現無法被 workspace 劫持
+
+### ⭐⭐⭐ Windows `.cmd`/`.bat` 安裝根解析 ([#77472](https://github.com/openclaw/openclaw/pull/77472))
+
+- **用途**: Process wrapper 透過 shared Windows install-root resolver 而非 `process.env.ComSpec`
+- **解決問題**: Workspace dotenv-blocked 的 `SystemRoot`/`WINDIR` 覆蓋與 UNC paths 可重導向 `cmd.exe`
+- **影響**: `cmd.exe` 選擇無法被不安全的 workspace 值劫持
+
+### ⭐⭐ Browser SSRF Current-URL Checks ([#75731](https://github.com/openclaw/openclaw/pull/75731))
+
+- **用途**: 在 tab-scoped debug/export/read routes 收集資料前，先執行 current-tab URL navigation policy
+- **解決問題**: Blocked tabs 會先被讀取再 redacted，而非直接返回 policy error
+- **影響**: 敏感 tab 內容不再洩漏
+
+### ⭐⭐ WebSocket Auth Scopes 限制 ([#77413](https://github.com/openclaw/openclaw/pull/77413))
+
+- **用途**: 限制無界的 WebSocket auth scopes
+- **影響**: WebSocket 連線的 auth 權限範圍收窄
+
+### ⭐⭐ Device Pairing Scope 要求 ([#76377](https://github.com/openclaw/openclaw/pull/76377))
+
+- **用途**: Pair command 需要 pairing scope
+- **影響**: 未經授權的 pairing 嘗試被阻擋
+
+### ⭐⭐ QQBot Private Commands 封鎖 ([#77212](https://github.com/openclaw/openclaw/pull/77212))
+
+- **用途**: 保持 private commands 不洩漏至 framework surface
+- **影響**: QQBot 私人指令不再暴露於公開介面
+
+### ⭐⭐ Backend Message Action Routing 硬化 ([#76374](https://github.com/openclaw/openclaw/pull/76374))
+
+- **用途**: 硬化 backend message action 的 gateway routing
+- **影響**: 訊息動作路由更安全
+
+### ⭐⭐ QQBot Streaming Command Auth 閘控 ([#76375](https://github.com/openclaw/openclaw/pull/76375))
+
+- **用途**: 閘控 QQBot streaming command 的認證
+- **影響**: 未經授權的 streaming commands 被阻擋
+
+### ⭐⭐ Gateway Loopback Listener Windows ([#69701](https://github.com/openclaw/openclaw/pull/69701))
+
+- **用途**: Windows 上僅綁定 `127.0.0.1`
+- **影響**: libuv dual-stack `::1` 行為不再阻塞 localhost HTTP requests
+
+---
+
+## 錯誤修復 (Bug Fixes) 詳細說明
+
+### ⭐⭐⭐ Post-Compaction Loop Guard ([#77474](https://github.com/openclaw/openclaw/issues/77474))
+
+- **用途**: `pi-embedded-runner` 加入 post-compaction loop guard，auto-compaction-retry 後若 agent 重複相同 `(tool, args, result)` triple `windowSize` 次（預設 3），則中止運行
+- **解決問題**: Context-overflow + compaction 無法打破 tool-call loop 時，agent 無限循環
+- **影響**: 可透過 `tools.loopDetection.postCompactionGuard.windowSize` 調整，防止 compaction loop
+
+```text
+[Agent Turn] → [Auto-Compaction] → [Compaction Retry]
+                      ↓                    ↓
+            [Loop Guard Arms]   [Detect (tool, args, result) × 3]
+                      ↓                    ↓
+            [Same triple repeated?]  → [Abort: compaction_loop_persisted]
+```
+
+### ⭐⭐⭐ Agents/Tools Embedded-Runner Allowlists ([#77519](https://github.com/openclaw/openclaw/pull/77519), [#77532](https://github.com/openclaw/openclaw/pull/77532))
+
+- **用途**: Honor narrow runtime tool allowlists when constructing embedded-runner tool families 與 bundled MCP/LSP runtimes
+- **解決問題**: Cron/subagent runs 請求的工具（`update_plan`、`browser`、`x_search`、channel login tools、`group:plugins`）會缺少或包含無關 bootstrap work
+- **影響**: Cron 與 subagent 的工具可用性更準確
+
+### ⭐⭐⭐ Plugin Install/Update 全面修復
+
+- **用途**: Beta channel installs、npm/ClawHub fallback、CalVer correction 滿足 base API ranges、stale bundled path cleanup、legacy install-runtime aliases 回溯至 `2026.3.22`
+- **解決問題**: 多種 plugin update 邊緣情境導致安裝失敗或 stale metadata
+- **影響**: 跨版本 plugin 升級更可靠
+
+### ⭐⭐⭐ Channels/Streaming 修復
+
+- **用途**: 跨 Discord/Telegram/Matrix/Slack/Teams/Feishu/Mattermost 的 streaming progress draft、tool-progress 配置、backtick sanitization、standalone progress suppression 統一修復
+- **影響**: 所有頻道的 streaming 行為更一致
+
+### ⭐⭐⭐ Google Meet 全面修復
+
+- **用途**: Agent mode transcript forking、Chrome talk-back latency、realtime echo suppression、audio buffer size、mic unmute wait、legacy config migration
+- **影響**: Meet 語音 agent 功能大幅穩定化
+
+### ⭐⭐ Gateway Startup Provider Plugins ([#77244](https://github.com/openclaw/openclaw/issues/77244))
+
+- **用途**: Gateway 重啟後載入擁有 image/video/music generation defaults 的 provider plugins
+- **解決問題**: Generation tools 在 gateway restart 後仍為 catalog-only，無法使用
+- **影響**: 設定 generation defaults 後重啟即生效
+
+### ⭐⭐ Agents/Cache Prompt-Cache Reuse ([#77431](https://github.com/openclaw/openclaw/issues/77431))
+
+- **用途**: 將 per-turn runtime context 移出 ordinary chat system prompts，改為 hidden current-turn context
+- **解決問題**: Runtime context 破壞 prompt-cache reuse
+- **影響**: Chat continuations 恢復 prompt cache 命中
+
+### ⭐⭐ Docker Compose macOS 修復 ([#77436](https://github.com/openclaw/openclaw/issues/77436))
+
+- **用途**: Pin container-side `OPENCLAW_CONFIG_DIR` 與 `OPENCLAW_WORKSPACE_DIR`
+- **解決問題**: Host paths 洩漏進 container 導致 `EACCES: permission denied, mkdir '/Users'`
+- **影響**: macOS Docker 設定正常運作
+
+### ⭐⭐ Doctor/Config 全面修復
+
+- **用途**: 保持 `auth.profiles` metadata、legacy group chat config migrations、stale session routing state cleanup
+- **影響**: 升級後的設定遷移更完整
+
+### ⭐⭐ Plugin Runtime-Deps `json5` ([#77461](https://github.com/openclaw/openclaw/issues/77461))
+
+- **用途**: 將 `json5` 加入 memory-core plugin runtime dependency set
+- **解決問題**: Packaged `memory_search` sandboxes 無法解析 JSON5 config
+- **影響**: Memory search 在 packaged 環境正常運作
+
+### ⭐⭐ Agents/Subagents 完整性
+
+- **用途**: Preserve grouped child results when bypassing announce turn；refresh deferred final-delivery payloads
+- **影響**: Subagent 回報不再遺失
+
+### ⭐⭐ Discord IPv4 Preference ([#77398](https://github.com/openclaw/openclaw/issues/77398))
+
+- **用途**: Discord REST 與 gateway WebSocket 偏好 IPv4
+- **解決問題**: IPv4-only networks 卡在 Gateway READY 前
+- **影響**: Discord 在 IPv4-only 環境可正常啟動
+
+### ⭐⭐ Active Memory Recall 修復 ([#65309](https://github.com/openclaw/openclaw/issues/65309), [#77337](https://github.com/openclaw/openclaw/issues/77337))
+
+- **用途**: 發送 bounded latest-message search query；`corpus=all` 保留兩個 corpus 的 representation
+- **解決問題**: Channel/runtime metadata 成為 search string；memory hits 被 wiki integer scores 餓死
+- **影響**: Memory search 更準確
+
+### ⭐⭐ Cron Diagnostics ([#75763](https://github.com/openclaw/openclaw/issues/75763))
+
+- **用途**: Surface failed isolated-run diagnostics in `cron show`、status、run history
+- **解決問題**: Blocked cron runs 顯示 misleading green result
+- **影響**: Cron 問題更容易排查
+
+### ⭐⭐ CLI/Sessions Pagination ([#77500](https://github.com/openclaw/openclaw/issues/77500))
+
+- **用途**: 預設 cap 至 100 rows，新增 `--limit <n|all>` 與 JSON pagination metadata
+- **影響**: 大型 session stores 不再導致無限輸出
+
+### ⭐⭐ Gateway/Chat Sequential Sends ([#77485](https://github.com/openclaw/openclaw/issues/77485))
+
+- **用途**: Clear active reply-run guard before draining queued same-session follow-up turns
+- **影響**: Sequential `chat.send` 不再觸發 `ReplyRunAlreadyActiveError`
+
+### ⭐⭐ Codex App-Server 修復
+
+- **用途**: OAuth progress spinner、sanitized command readouts、preserved bound-turn image paths、failed dynamic tool results
+- **影響**: Codex 整合更穩定安全
+
+### ⭐⭐ Providers/OpenAI SSE 預設
+
+- **用途**: Direct OpenAI Responses models 預設使用 SSE transport
+- **解決問題**: WebSocket auto-selection 在某些伺服器上卡住
+- **影響**: OpenAI chat turns 不再 hang
+
+### ⭐⭐ Providers/OpenRouter DeepSeek V4 Thinking Levels ([#77350](https://github.com/openclaw/openclaw/issues/77350))
+
+- **用途**: Map stale `max` thinking overrides to `xhigh`
+- **影響**: DeepSeek V4 Pro 不再因 invalid-effort 400 失敗
+
+### ⭐⭐ Providers/DeepSeek V4 Thinking Levels ([#77139](https://github.com/openclaw/openclaw/issues/77139))
+
+- **用途**: Expose `xhigh` 與 `max` through lightweight provider-policy surface
+- **影響**: Control UI `/think` pickers 顯示完整的 reasoning options
+
+### ⭐⭐ Claude CLI `/think` Levels ([#77303](https://github.com/openclaw/openclaw/issues/77303))
+
+- **用途**: Pass Claude Code's `--effort` flag through CLI backend seam
+- **影響**: Chat bridges 的 thinking control 正常運作
+
+### ⭐ Windows Temp Path 修復 ([#60713](https://github.com/openclaw/openclaw/issues/60713))
+
+- **用途**: Windows 上跳過 POSIX `/tmp/openclaw`，改用 `%TEMP%\openclaw-<uid>`
+
+### ⭐ Windows Media EPERM 修復 ([#76593](https://github.com/openclaw/openclaw/pull/76593))
+
+- **用途**: Open saved attachment temp files read/write before fsync
+
+### ⭐ TUI Escape Abort ([#1296](https://github.com/openclaw/openclaw/issues/1296))
+
+- **用途**: Track in-flight runId after `chat.send` resolves，按 Esc 可正確中止
+
+### ⭐ TUI Render ([#48432](https://github.com/openclaw/openclaw/issues/48432), [#39505](https://github.com/openclaw/openclaw/issues/39505))
+
+- **用途**: Long-token sanitizer 不再注入 spaces 進 inline code spans、fenced code blocks、table borders
+
+### ⭐ Plugin Skills Discovery ([#77296](https://github.com/openclaw/openclaw/issues/77296))
+
+- **用途**: Plugin-declared skills 透過 `~/.openclaw/plugin-skills/` 發布
+
+### ⭐ Gateway/Logging `~` 展開 ([#73587](https://github.com/openclaw/openclaw/issues/73587))
+
+- **用途**: Expand leading `~` in `logging.file` before creating file logger
+
+### ⭐ WhatsApp Login QR Routing ([#76213](https://github.com/openclaw/openclaw/issues/76213))
+
+- **用途**: Route terminal login QR output through active runtime
+
+### ⭐ WhatsApp Onboarding Canonicalization
+
+- **用途**: Canonicalize allowlist entries to WhatsApp digit-only phone ids，接受 E.164、JID、`whatsapp:` 輸入