OpenClaw Fixes Silent Group Chat Failures, Tightens Codex Credentials, and Drops Telegram Draft Previews

The Reply That Looked Sent But Never Arrived

Since version 2026.4.27, every group and channel message in OpenClaw defaulted to a private message_tool_only reply mode without warning. Operators monitoring dashboards saw successful completions. Users in those group chats saw nothing. The AI agent processed the message, generated a response, and silently dropped the visible output.

The failure wasn't limited to one platform. Discord servers, Slack channels, Telegram groups, Feishu rooms — any multi-user conversation hit the same wall. The core issue: when the message tool wasn't available and the delivery mode was set to private-only, the system had no fallback path. It completed the turn and moved on. No error. No warning. No reply.

The fix introduces three safeguards. First, a one-time warning fires when implicit private defaults activate, so operators know the behavior exists before users report missing replies. Second, when message_tool_only is selected but the message tool isn't available, OpenClaw now delivers the final reply automatically instead of silently dropping it. Third, the messages.groupChat.visibleReplies configuration can now be hot-patched via config.patch — no manual JSON editing, no restart required.

The documentation update clarifies that private-by-default behavior applies to all group and channel chats, not just Discord as some operators assumed. It also adds a recovery path: set messages.groupChat.visibleReplies to "automatic" and the problem disappears immediately.

Credential Discovery Gets an Intent System

OpenClaw's external CLI credential discovery had a boundary problem. When the system loaded runtime auth overlays, it cast a wide net — broad enough that running a non-Claude model could trigger Claude CLI credential reads. The credentials weren't being sent anywhere malicious, but the access itself was unauthorized by intent. Auth store operations were loading provider credentials that callers never asked for.

The overhaul replaces the loose options pattern with an explicit ExternalCliAuthDiscovery API offering three modes: none (no credential discovery), existing (only refresh credentials already stored locally), and scoped (discover credentials for specific providers or profiles). Every credential-related operation now routes through this intent framework.

The refactor touches model authentication, gateway auth status endpoints, CLI runner preparation, auth ordering, and test assertions. The documentation update explains the three discovery modes and makes explicit which mode applies in each context. It's the kind of change that sounds like plumbing but carries real security weight: the difference between “we don't leak credentials” and “we provably can't read credentials we shouldn't.”

One Transport Path to Rule Them All

Telegram's Bot API offered a draft message mechanism that OpenClaw used to show streaming previews — the real-time text that appears while the AI is still generating a response. The sendMessageDraft transport path was smoother than the alternative but created a maintenance fork: drafts and final messages traveled through entirely separate code paths.

That fork is gone. All preview streaming now routes through standard sendMessage and editMessageText operations. Drafts and final messages share identical code paths. The Telegram documentation has been updated to remove references to native draft capability as a fallback option.

The change is a deliberate simplification. Maintaining two transport mechanisms for streaming previews doubled the test surface and introduced subtle inconsistencies in how partial responses appeared to users. The unified approach trades a marginal smoothness advantage for code path consistency. Whether users notice the difference is an open question. Whether maintainers notice the reduced complexity is not.

The “Cancelled” Error That Wasn't a Cancellation

Mac users running remote gateways through Tailscale Serve have been hitting a wall: when Tailscale rotated its TLS certificate, the macOS companion app would disconnect with a generic “cancelled” WebSocket error. The gateway was fine. The network was fine. The certificate pin was stale, and the app didn't know the difference.

The fix teaches the macOS companion three new tricks. It now detects TLS pin mismatches as structured connection problems instead of generic WebSocket cancellations. When it identifies a stale pin from a trusted endpoint — Tailscale Serve rotations, loopback connections, tunnel endpoints — it automatically replaces the outdated pin with a newly verified system-trusted certificate. And the companion's menu interface now surfaces partial connectivity states, showing which Mac capabilities are offline and which paired nodes are disconnected.

The remote gateway troubleshooting documentation has been updated to explain the auto-repair behavior. For most Mac users, the practical effect is that certificate rotations become invisible — exactly as they should be.

No More Silent Rollbacks

When operators made invalid direct edits to OpenClaw's config file, the gateway would silently revert to the last-known-good configuration. The system recovered. The operator had no idea why their change disappeared or what was wrong with it. Debugging meant guessing which key the validator rejected.

Recovery logs now include a “Rejected validation details” section that names the exact invalid paths and their error messages. An operator who sets an unrecognized key in agents.defaults or provides an invalid value for gateway.auth.password will see both the path and the validation reason in startup logs, reload logs, and main-agent notices.

A companion fix addresses a timing issue where strict config loading during proxy bootstrap could abort the CLI before recovery had a chance to run. The bootstrap now uses best-effort config loading, giving the recovery system time to activate before the process exits. The troubleshooting documentation has been updated with the new log format and diagnostic guidance.

Documentation Changes at a Glance

The Uncomfortable Pattern

Wednesday's batch tells a story that's becoming familiar. The group chat failure was invisible to operators for days. The credential confusion was invisible to users entirely. The config recovery issue has been frustrating operators since the feature launched. The Telegram draft fork was a known maintenance burden nobody prioritized.

Each fix is solid. The credential intent system is genuinely well-designed. The group chat fallback is the right architecture. The macOS TLS repair is how certificate management should work everywhere. But the thread connecting them is that every one of these problems was detectable before it shipped. Silent failures are the most expensive kind of bug — not because they're hard to fix, but because they erode trust while you're not looking.