OpenClaw Makes Codex the Default Runtime for OpenAI Agents, Cuts Tool Token Overhead 75%, and Ships ACP Lifecycle Management

OpenClaw shipped a sweeping batch of updates yesterday that touches nearly every layer of the platform — from how OpenAI models authenticate, to how many tokens each conversation turn burns, to whether your Docker container can resolve DNS after a security lockdown. Twenty-seven changes carried the “docs” label. Here's what actually matters.

OpenAI Agents Now Route Through Codex by Default

The single biggest architectural shift: OpenAI agent turns in OpenClaw now flow through the native Codex runtime by default. Previously, operators had to explicitly opt into Codex routing or use the separate openai-codex/* model prefix. That prefix still exists, but now it serves only as the auth/profile provider for ChatGPT and Codex OAuth credentials.

The practical upshot: anyone running openai/gpt-5.5 with Codex OAuth credentials will get authenticated agent routing without additional configuration. Non-agent OpenAI services — images, embeddings, speech, realtime — still use direct API-key auth. The Codex plugin installs automatically when an OpenAI agent route is selected.

OpenClaw also added explicit openai/chat-latest support as a model override. It's a testing alias — production docs still point users at openai/gpt-5.5 — but it lets maintainers test ChatGPT Instant behavior without waiting for catalog updates. Text verbosity normalizes to medium, the only level OpenAI's Responses API supports for this alias.

Tool Loading Goes Lazy: 5,000 Fewer Tokens per Turn

OpenClaw's Codex integration previously loaded every available tool definition into context at the start of every conversation. That's expensive. The cron tool alone consumed roughly 3,000 tokens of context — whether the user was asking about scheduled jobs or not.

Now, most tools are deferred behind Codex's tool_search capability. Only three critical tools remain in the initial context: sessions_yield, message (when required), and heartbeat_respond. Everything else — nodes, cron, tts, web_search, agents_list — loads on demand.

Custom builds that need all tools in context upfront can set codexDynamicToolsLoading: "direct" to restore the old behavior. Everyone else gets a 75% reduction in baseline context cost for free.

ACP Sessions Get Production Lifecycle Management

The Agent Communication Protocol — OpenClaw's bridge for cross-agent interoperability — gained three lifecycle handlers that move it closer to production readiness: session/list with bounded pagination, session/resume for restoring sessions without replaying transcripts, and session/close for clean termination that cancels active work and resolves pending prompts.

A separate hardening change introduced lease-backed process ownership tracking for ACPX sessions. The previous cleanup logic inferred ownership from stale session records and PID information, creating vulnerabilities when PIDs got reused. Leases now carry gateway instance IDs, wrapper paths, and command hashes. Orphan processes get children-first termination with a persistent SIGKILL fallback.

Realtime Voice Moves to the GA Bridge

OpenAI's realtime voice default in OpenClaw switched to gpt-realtime-2. The backend WebSocket bridge migrated from the beta session shape to the general-availability format, dropping the beta header that was previously required. Azure deployments stay on their deployment-compatible bridge shape.

Docker DNS Broke After Security Hardening — Here's the Workaround

Recent security hardening dropped NET_RAW and NET_ADMIN capabilities from both the openclaw-gateway and openclaw-cli containers. Correct call for a production deployment. But the shared-network CLI sidecar started throwing EAI_AGAIN DNS errors — meaning openclaw plugins install couldn't resolve package registries.

CLI and UI Get Cleaner Boundaries

The openclaw channels list command was doing too much. It showed auth providers, fetched billing data from every configured model provider, and mixed chat channels with unrelated infrastructure. Now it focuses exclusively on chat channels. Auth profiles moved to openclaw models auth list. Provider usage moved to openclaw status. A new --all flag shows every configurable channel, including bundled plugins without accounts and uninstalled catalog entries, each with clear installed/configured/enabled status tags.

On the UI side, the Control UI now shows a persistent context usage indicator whenever fresh session token data is available — not just when usage crosses the 85% warning threshold. This was one of the most requested features, with five duplicate issues filed over the past year. Thinking override labels also got fixed: the UI now distinguishes between inherited defaults and explicit overrides, ending the confusion where inherited high thinking displayed as “Default (off).”

Stale Sessions, Stale Docs, Stale Assumptions

Three documentation-focused fixes address long-standing footguns. First, the session cleanup command learned a new --fix-dm-scope flag that detects and retires stale direct-DM session rows left behind when session.dmScope reverts to main. Transcripts get archived rather than deleted.

Second, the Lobster tool documentation was presenting openclaw.invoke --tool llm-task as a general pattern without distinguishing between standalone CLI usage and the embedded runner. The embedded runner lacks Gateway authentication context, so nested CLI calls from it simply don't work. The docs now make that boundary explicit.

Third, Microsoft Teams operators got documentation for the replyStyle resolution precedence: per-channel beats per-team beats global beats the implicit default. When no setting exists, behavior depends on requireMention — true means thread replies, false means top-level posts. This was previously undocumented, and operators were debugging production reply behavior with no reference material.

Everything Else Worth Knowing

The Skill Workshop's apply parameter was bypassing pending review approval, letting tool-created skill suggestions write immediately even when pending mode was configured. Fixed. The Node.js minimum version rose to 22.16.0 with the introduction of a native SQLite Kysely dialect, eliminating third-party database adapters. Plugin runtime helpers were consolidated into shared SDK surfaces, removing duplicate copies of zod, ajv, and undici across plugins.

Twenty-seven changes in a day. The Codex default is the headline, but the lazy tool loading might be the one operators actually feel — 5,000 fewer tokens per turn adds up fast when you're paying per conversation.