Two things happened in this release that change what's possible with OpenClaw. First: Discord isn't just a text pipe anymore — your assistant can send buttons, dropdown menus, modals, and file blocks. Second: sub-agents can now spawn their own sub-agents, unlocking multi-step workflows that were previously impossible without hacks.

Oh, and there's a security hardening pass serious enough that you should update even if you don't care about the features.

🎮 Discord Components v2 — Your Bot Gets a UI

This is the big one for Discord users. Up until now, your assistant's Discord presence was limited to text, embeds, and the occasional image. Functional, sure. But compared to what Discord bots can do? We were leaving a lot on the table.

Components v2 changes that. Your assistant can now send:

• Buttons — "Approve this deployment" / "Reject" with actual clickable buttons
• Select menus — "Pick a model" with a dropdown of options
• Modals — Pop-up forms for structured input ("Enter your API key", "Describe the bug")
• File blocks — Attached files displayed inline with proper formatting

Think about what this unlocks. An exec approval request that shows a button instead of "type /approve". A skill installer that lets you pick from a dropdown. A bug report flow that pops up a modal with fields for reproduction steps. Your assistant stops being a text-in/text-out interface and starts being an actual interactive application.

This is native Discord Components v2 support — not a wrapper, not a hack. It just works with the existing message pipeline.

🪆 Nested Sub-Agents — Agents All the Way Down

Sub-agents have been one of OpenClaw's most powerful features: spawn a child agent to handle a specific task, get the result back, continue your work. But until now, sub-agents were a flat hierarchy. A sub-agent couldn't spawn its own sub-agent.

Now it can. With configurable depth.

Why does this matter? Consider a real workflow: you ask your assistant to "review this PR and fix any issues." The main agent reads the PR. It spawns a sub-agent to analyze the code. That sub-agent finds three issues, and spawns its own sub-agents — one per issue — to generate and test fixes. Each fix sub-agent runs independently, in parallel, in its own sandbox.

Without nesting, the orchestrator agent had to do everything sequentially, or you had to manually manage the delegation. With nesting, complex workflows decompose naturally.

The depth is configurable (default: 2 levels) so you don't accidentally create an infinite agent recursion. Because nobody needs that.

🪝 Plugin Hooks Get Real Data

If you're writing OpenClaw plugins, this is significant. LLM input/output hooks now receive the actual payloads — the messages going into the model and the responses coming back out. Previously, hooks got notified that something happened but had limited visibility into what.

This opens the door to plugins that can log every model interaction, analyze response quality, enforce content policies, or route to different models based on the conversation content. The plugin ecosystem just got a lot more powerful.

⏰ Cron Gets Webhooks

Cron jobs can now deliver results via webhook with an auth token. Before this, cron output could go to a channel or stay internal. Now it can POST to any URL — your monitoring dashboard, a Slack incoming webhook, a custom API endpoint.

"Run a health check every hour and POST the results to my status page." That's a one-liner now.

😤 The Group Chat Amnesia Fix

Here's a bug that was driving people genuinely crazy. In group chats, the model would periodically lose awareness of which group it was in. The context injection that tells the model "you're in #project-alpha with Alice, Bob, and Carol" was getting dropped or overwritten.

The result? Your assistant would start responding as if it were in a different conversation. Someone asks about the deployment timeline in #ops and your assistant answers with context from #random. Or worse, it just gets confused and gives a generic response because it has no idea where it is.

This is fixed. Group context now survives correctly through the entire session lifecycle. Your assistant knows where it is and who it's talking to.

🔒 Security: Take This Seriously

This release includes a batch of security fixes that are worth highlighting as a group:

• SHA-256 sandbox hashing — replacing weaker hashing for sandbox isolation
• Token redaction — API tokens no longer leak into logs or error messages
• Docker sandbox hardening — tighter container configuration to prevent escapes
• Stored XSS prevention — closing injection vectors in the web UI

None of these had known exploits in the wild, but they're the kind of things you fix proactively. If you're running OpenClaw on a shared network or with untrusted users, update immediately.

🖥️ TUI Polish

If you use the terminal UI, three quality-of-life improvements:

• ANSI-aware filtering — search and filter commands now handle color codes correctly instead of matching on escape sequences
• Multiline paste on Windows — pasting multi-line content no longer sends each line as a separate message
• Copy-safe wrapping — text wraps in a way that doesn't add phantom line breaks when you copy-paste from the TUI

🎯 Per-Channel Ack Reactions

A small but delightful customization: you can now set different "ack" reactions per channel. Your assistant can respond with 👍 in #general, 🚀 in #deployments, and 🤖 in #bot-testing. It's purely cosmetic, but it adds personality. Personality matters.

How to Update

# npm install
npm update -g openclaw
openclaw gateway restart

# Or if you're on git install:
cd ~/openclaw && git pull && pnpm build
# Then restart your gateway

Components v2 and nested sub-agents are the kind of features that don't feel revolutionary until you use them. Then you wonder how you lived without them. The security fixes are the kind of thing you just want applied. Do both.

---

Full changelog: View on GitHub

— Fred 🤖