OpenClaw Now Revokes Auth Mid-Session, Mutes Link Previews Across Discord and Slack, and Scopes Codex Extensions Per Agent

No More Orphaned Runs After Credential Removal

Until now, removing a provider's authentication through the OpenClaw gateway control plane had an uncomfortable blind spot. The system would delete saved auth profiles for that provider, but any agent runs actively using those credentials would continue running — or more accurately, continue trying to run. The result was orphaned sessions that had lost their ability to communicate with the upstream model provider but had no way of knowing why.

The gateway now takes two explicit actions when provider authentication is removed. First, it deletes all saved auth profiles for that provider, as before. Second, it aborts every active chat or agent run that depends on those credentials. Aborted runs emit standard cancellation and lifecycle events carrying stopReason: "auth-revoked", giving connected clients a clear signal to display that the session was terminated because its credentials were pulled.

There's a nuance worth calling out: removing saved auth from OpenClaw does not revoke API keys at the provider level. If you rotate or decommission credentials, you still need to visit the provider's own dashboard to invalidate the keys themselves. OpenClaw handles the local side; the provider handles the remote side.

The End of Unsolicited Link Cards

Anyone running OpenClaw agents in busy Discord servers or Slack workspaces has experienced the visual noise: an agent shares a URL as part of a response, and the platform helpfully expands it into a large preview card. Multiply that by a dozen agent replies in a channel and the actual conversation gets buried under a wall of auto-generated embeds.

Both channels now suppress link previews by default. On the Discord side, a new suppressEmbeds setting defaults to true, preventing outbound bot URLs from triggering Discord's generated link embeds. Explicit embeds payloads — the rich cards that agents deliberately construct — are unaffected. Operators who want the old behavior can set suppressEmbeds: false to restore automatic previews, and per-message overrides remain available via message actions for expanding individual links.

On the Slack side, the change is parallel: unfurlLinks now defaults to false for all outbound bot messages. Links stay as plain text unless the operator explicitly enables unfurling. The unfurlMedia setting is left untouched unless configured. The practical effect: agent responses in Slack channels are cleaner and more compact out of the box.

Per-Agent Extension Isolation

OpenClaw's Codex runtime supports external MCP (Model Context Protocol) servers that extend agent capabilities with custom tools. Until now, every MCP server registered in the system was visible to every Codex agent. That's fine when you have one agent, but when you're running multiple agents with different trust levels or different functional domains, universal tool visibility becomes a problem.

MCP server configurations now accept an optional codex block with agent-scoped controls. The codex.agents field takes an array of agent IDs, and the server only becomes visible to those specific agents. A companion codex.defaultToolsApprovalMode field configures whether tools from that server require explicit approval before execution. Both settings are optional and maintain full backward compatibility — MCP servers without a codex block remain globally visible, just as before.

The design preserves compatibility with other runtime adapters. Non-Codex runtimes simply ignore the codex block, so operators running mixed environments don't need separate configurations per runtime type.

One Rule for an Entire Provider's Catalog

Operators running local inference servers through tools like vLLM or Ollama have dealt with an irritation: every time a new model appeared on the server, it needed a manual entry in OpenClaw's agent configuration to assign it a runtime. With model catalogs that change frequently — especially on development and testing clusters — this was busywork.

OpenClaw now supports wildcard provider entries in agent runtime policy. A configuration like "vllm/*": { agentRuntime: { id: "pi" } } assigns the same runtime to every model discovered under the vllm provider, without requiring individual model entries. Exact model policies still take precedence — if you need one specific model to use a different runtime, the provider/model entry overrides the wildcard.

The runtime precedence chain now has three tiers: exact model match first, then provider wildcard, then system default. The wildcard also works for model discovery — provider/* entries surface all discovered models for selected providers in the agent configuration UI without manually listing each one.

Direct Conversations Stop Getting the Silent Treatment

OpenClaw's NO_REPLY token has been a useful mechanism for group chats: it tells the agent that silence is an acceptable response when a message doesn't require its input. The problem was that the same silent-reply guidance was leaking into direct conversations, where staying silent is almost never the right behavior. If someone DMs your agent, they expect a response.

The update draws a clear boundary. Direct conversations no longer receive NO_REPLY guidance in their prompt context. Silent tokens in direct chats are now suppressed rather than rewritten. Groups and channels retain the ability to allow silence, but only for automatic group replies — the mechanism that fires when an agent is mentioned in a group conversation. The silentReplyRewrite configuration has been removed entirely.

Separately, OpenClaw now ships comprehensive channel turn guardrail documentation for plugin developers. The new reference covers media handling with toInboundMediaFacts(), history window management via the newer createChannelHistoryWindow API, and message patterns for common scenarios: text-only groups requiring mentions, image-only messages, explicit reply-to-image flows, and direct messages with history context. It's the kind of reference that should have existed before the plugin SDK shipped, but better late than never.

Under the Hood: Codex Gets Three Reliability Fixes

Three smaller but operationally significant changes landed for the Codex runtime. First, when a local OAuth refresh token is rejected, OpenClaw can now fall back to a usable Codex CLI token for the same account as a temporary runtime substitute. The CLI token is used for the current request only and is never persisted back to the auth profile — it's a bridge, not a replacement.

Second, the idle turn watchdog that guards against silent Codex turns now arms earlier. Previously, the timeout only started ticking after OpenClaw handed a response back to Codex. Now it activates the moment Codex accepts a turn, catching the gap where Codex acknowledges work but produces no output. The configuration parameter turnCompletionIdleTimeoutMs remains the same; only the arming point changed.

Third, gateway lifecycle hooks received raised timeout budgets: 5 seconds for gateway:shutdown and 10 seconds for gateway:pre-restart. The updated documentation includes a practical example showing how to use the pre-restart hook to notify connected users about an upcoming gateway restart with countdown timing.

Legacy Reply History Helpers Officially Deprecated

The plugin SDK's low-level reply history map helpers — buildPendingHistoryContextFromMap, recordPendingHistoryEntry, and clearHistoryEntriesIfEnabled — are now formally marked as deprecated compatibility exports. The replacement is createChannelHistoryWindow, which handles history recording with media support and builds pending context through a single, cohesive API surface.

The old helpers remain importable for existing plugins, but new development should use the channel history window API exclusively. The SDK migration reference, subpath documentation, and channel turn guides all now reflect this change. If you're maintaining a community plugin that imports from plugin-sdk/reply-history, the code still works — but consider it borrowed time.

Documentation Changes at a Glance

Defaults That Should Have Been Defaults

The link preview changes on Discord and Slack are the kind of update that makes you wonder why it took this long. Anyone running a bot in a busy channel knows that auto-expanded URL cards are noise, not signal. Making suppression the default — while preserving opt-in for operators who actually want previews — is the right call. The same logic applies to the silent-reply restriction: an agent that stays silent in a one-on-one conversation isn't being polite, it's being broken.

The more structurally interesting changes are the MCP server scoping and wildcard runtime policies. Both address the growing complexity of multi-agent deployments. When you have one agent, everything being globally visible is convenient. When you have ten agents with different security boundaries and different model backends, global visibility becomes a liability. OpenClaw's solution — optional agent-level scoping that defaults to the existing global behavior — threads the needle between backward compatibility and operational maturity.

The auth revocation change is arguably the most important operationally. Credential removal is a security action, and security actions should have immediate, visible effects. Leaving orphaned agent sessions running on deleted credentials isn't just messy, it's a trust violation. The auth-revoked stop reason makes the chain of cause and effect explicit, which is exactly what operators need when they're rotating keys during an incident.