xAI Gets an OAuth-First Setup Path
Until now, connecting Grok to OpenClaw meant generating an xAI API key and pasting it into the configuration. It worked, but it was never the smoothest experience — especially for users who already had SuperGrok or X Premium subscriptions and didn't want to manage yet another API credential.
The updated documentation flips that default. OAuth is now the recommended path, with API keys documented as an alternative for operators who prefer explicit credential management. The setup instructions split into three branches depending on where the user is in their OpenClaw journey: new installs go through the onboarding wizard, existing installs authenticate with a single CLI command, and API-key users continue as before.
A new troubleshooting section addresses the device-code flow — the fallback for environments where browser-based OAuth can't reach localhost. The docs also clarify that OAuth credentials work for Grok-backed web_search tools, and that the Grok Build app is not required. These are the kinds of details that save operators thirty minutes of experimentation.
The change ripples across four documentation files: the xAI provider page, the model-providers overview, the wizard CLI reference, and the code-execution guide. Each now reflects the OAuth-first posture. The model-providers table, for instance, previously listed only XAI_API_KEY as the authentication method. It now reads “SuperGrok/X Premium OAuth or XAI_API_KEY.”
Gateway Benchmarks Finally Have Documentation
OpenClaw's gateway has had benchmark probes for some time, but running them correctly required reading the test scripts directly. That changes now with two new documentation sections covering startup and restart benchmarks end to end.
The startup benchmark measures the full cold-boot sequence: process output, health and readiness probes, event-loop delay, and plugin lookup timings. It ships with predefined case IDs — default, skipChannels, oneInternalHook, fiftyPlugins — letting operators isolate specific subsystems and compare JSON output across runs.
The restart benchmark is more specialized. It uses SIGUSR1 to trigger an in-process restart on macOS and Linux, then captures downtime, ready timing, CPU usage, RSS memory, and restart-specific trace metrics including signal handling and close phases. The documentation explicitly notes that this doesn't work on Windows, and emphasizes using multiple samples and matching trace spans rather than relying on single measurements.
The docs also clarify a distinction that has caused confusion: /healthz is a liveness probe, while /readyz indicates usable readiness. They are not interchangeable, and the benchmark tooling treats them differently.
A One-Line Fix That Matters More Than It Looks
The slash-commands documentation previously described /reset as “the reset alias” of /new. That phrasing was wrong, and it caused real confusion. Users who thought the commands were interchangeable discovered too late that /reset wipes the current session in place, while /new archives it and starts fresh.
The difference is not academic. An archived session can be reviewed later. A wiped session is gone. Describing one as an alias for the other is the kind of documentation error that leads to lost context — and a one-line fix is all it takes to prevent it.
Codex Plugin Docs Get a Better Home
The native Codex plugins reference has been relocated from the References section to Capabilities, positioned directly under the Codex harness guide. It's a navigation change, not a content change, but it reflects how operators actually discover features. Bundled plugins are a capability — something Codex can do out of the box. Burying them in reference material meant operators had to already know they existed to find them.
Four documentation updates, each targeting a different part of the operator experience. The xAI OAuth rewrite is the most substantial — it signals that OpenClaw is treating subscription-based OAuth as the primary authentication pattern, not a secondary option bolted onto API-key workflows. The gateway benchmarks fill a gap that has existed since the profiling tools shipped. And the slash-command clarification is a reminder that a single misleading word in documentation can cost users real data.