v1.6.10

What's changed

• Auto-register plugins.allow: Plugin adds itself to plugins.allow during setup, eliminating manual config after OpenClaw 2026.3.x upgrade
• Bump peer dependency: openclaw peer dependency updated to ^2026.3.2
• Fix security audit false positives: Resolved 3 potential-exfiltration warnings from openclaw security audit --deep
• CI: Node 22 + npm install: Publish workflow uses Node 22 and npm install (fixes opusscript peer dep conflict)

v1.6.9

What's changed

• Auto-register plugins.allow: Plugin now adds itself to plugins.allow during setup, eliminating the manual config step after OpenClaw 2026.3.x upgrade
• Bump peer dependency: openclaw peer dependency updated to ^2026.3.2
• Fix security audit false positives: Resolved 3 potential-exfiltration warnings from openclaw security audit --deep
• CI: Node 22: Publish workflow updated to Node 22 (required by openclaw 2026.3.x)

v1.6.8

What's changed

• Auto-register plugins.allow: Plugin now adds itself to plugins.allow during setup, eliminating the manual config step after OpenClaw 2026.3.x upgrade
• Bump peer dependency: openclaw peer dependency updated to ^2026.3.2
• Fix security audit false positives: Resolved 3 potential-exfiltration warnings from openclaw security audit --deep (scanner was matching comments/string literals)

v1.6.7

What's Changed

Stall detection & nudge mechanism

• Heartbeat now detects stalled sessions (idle > 15 min, configurable via stallTimeoutMinutes)
• Low context tokens (< 1000) → task never arrived → requeue for re-dispatch
• High context tokens → task arrived but worker stalled → nudge message sent
• New session_stalled health issue type with audit logging

Focused merge conflict resolution prompt

• When a PR has merge conflicts, the developer now gets a minimal conflict-fix prompt instead of the full issue description
• Detection via prFeedback.reason === "merge_conflict" — no new workflow state needed
• Prompt contains only: rebase instructions, PR URL, branch name, and work_finish instructions
• Prevents LLM confusion from re-reading the full issue context during a simple rebase

Explicit branch name in conflict resolution (#484)

• Conflict resolution instructions now include the explicit PR branch name
• Prevents developers from working on the wrong branch when multiple PRs exist

PR mergeable re-validation in work_finish (#483)

• work_finish now re-checks PR mergeable status before completing conflict resolution
• Prevents premature completion when conflicts aren't actually resolved

Full Changelog: v1.6.3...v1.6.7

v1.6.6

What's Changed

Stall detection & nudge mechanism

• Heartbeat now detects stalled sessions (idle > 15 min, configurable via stallTimeoutMinutes)
• Low context tokens (< 1000) → task never arrived → requeue for re-dispatch
• High context tokens → task arrived but worker stalled → nudge message sent
• New session_stalled health issue type with audit logging

Focused merge conflict resolution prompt

• When a PR has merge conflicts, the developer now gets a minimal conflict-fix prompt instead of the full issue description
• Detection via prFeedback.reason === "merge_conflict" — no new workflow state needed
• Prompt contains only: rebase instructions, PR URL, branch name, and work_finish instructions
• Prevents LLM confusion from re-reading the full issue context during a simple rebase

Explicit branch name in conflict resolution (#484)

• Conflict resolution instructions now include the explicit PR branch name
• Prevents developers from working on the wrong branch when multiple PRs exist

PR mergeable re-validation in work_finish (#483)

• work_finish now re-checks PR mergeable status before completing conflict resolution
• Prevents premature completion when conflicts aren't actually resolved

Full Changelog: v1.6.3...v1.6.6

v1.6.3

Bug Fixes

Session lifecycle (#488)

• Fix percentUsed always defaulting to 0 — compute from contextTokens/totalTokens when field is missing, so session budget checks actually work
• Delete gateway session when budget exceeded — previously only nulled the slot reference, leaving orphaned session data
• Force fresh session for deactivated slots — when a slot has no issueId (previous issue completed), delete the stale session instead of resuming it with context from the wrong issue

Heartbeat & worker reliability (#489)

• Prevent concurrent heartbeat ticks — add _tickRunning mutex so overlapping async ticks don't interleave and cause orphaned-label reverts
• Fix work_finish wrong-slot matching — with maxWorkersPerLevel > 1, the slot-finding loop now matches on sessionKey instead of picking the first active slot
• Check gh CLI exit codes — gh() now throws on non-zero exit codes (retried by resilience layer), preventing silent failures like undetected merge conflicts

Config resolution (#487)

• Include testPolicy in resolved config — previously dropped during resolve(), causing testPolicy: agent to silently fall back to skip (fix from v1.6.2+, now released)

v1.6.2

Hotfix: dispatch agent RPC regression

Bug fix

• Fix dispatch silently failing — Commit 59e61b1 added a model property to the gateway agent RPC params, but the gateway rejects unknown properties. This caused sendToAgent to fail silently (fire-and-forget error swallowed), resulting in sub-agents being spawned but never receiving their task message. The model is correctly set via sessions.patch instead. (#456)
• Fix missing runCommand in notify call — The notify() call in dispatch was missing the runCommand fallback, causing notification failures when runtime was unavailable (e.g. heartbeat context).

Test updates

• Updated model propagation test to verify model is set via sessions.patch, not the agent RPC.

v1.6.1

Added

• Research task tool for architect dispatch and research management

Changed

• Notify label routing uses source channel for improved notification accuracy
• Removed reset_defaults and upgrade tools; streamlined workspace defaults management
• Simplified loadDefault function with improved error handling
• Cleaned up exports and removed unused code across multiple modules
• Major structural refactor

Fixed

• Model parameter now passed to agent RPC call so subagents respect workflow.yaml config (#436)

Docs

• README updated with Discord and License badges

Full Changelog: v1.6.0...v1.6.1

v1.6.0 🎉

Highlights

Smart prompt upgrades — DevClaw now auto-upgrades default role prompts on version change while preserving your customizations. A hash manifest tracks what DevClaw last wrote; unmodified files are safely updated, customized files are skipped with a warning. Run reset_defaults to get the latest when you're ready.

Auto-upgrade on heartbeat — No more manual upgrade calls. Workspace files (docs, prompts, workflow states) are automatically upgraded on the first heartbeat tick after a version change.

Attachment support — Upload images and files to issues via Telegram, GitHub, and GitLab. New task_attach tool for programmatic attachments from worker sessions (#397).

Review skip policy — Auto-merge PRs matching configurable skip criteria without human review.

---

Added

• Smart prompt upgrades with SHA-256 hash manifest for customization detection
• Auto-upgrade on heartbeat startup (version stamp gates execution)
• Stale prompt health warnings (persistent until reset_defaults is run)
• Project prompt backup on both first install and upgrades
• Attachment support — channel-agnostic media handling (#397)
• task_attach tool for programmatic file attachments
• claim_ownership tool with deterministic name generation
• Review skip policy for auto-merging qualifying PRs
• Test policy for automated testing workflow
• Orphan scan with smart label revert based on PR status
• Closed issue detection in health checks
• Owner label auto-assignment (#421)
• PR seen marking (#409)

Changed

• Worker names use unique-names-generator library (#424)
• Standardized worker name in all notifications (#412, #416)
• Enhanced feedback cycle task messages prioritize PR review comments
• reset_defaults writes hash manifest and clears stale-prompts marker
• upgrade tool surfaces skipped customized prompts in response
• 20 tools (was 18) — added task_attach, claim_ownership

Fixed

• Workflow actions for PR approval and skip states
• To Do label color contrast (#423)
• GitHub attachment upload CLI syntax (#410)

Removed

• WELCOME.md (#407)

Full Changelog: v1.5.2...v1.6.0

v1.5.2

Changes

• Hybrid bootstrap hooks — Worker sessions now use two hooks for role instruction injection:
  • agent:bootstrap strips the orchestrator AGENTS.md from subagent context
  • before_agent_start injects role-specific instructions via prependContext (always fires, no config dependency)
• GitLab label color fix — Existing labels now get their colors updated (update-first approach)
• Updated peer dependency for openclaw