OpenClaw Zero Token

v2026.4.5 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 2mo LLM Frameworks

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Summary

AI summary

Fixed long prompt handling and SSE deduplication across 13 web models.

Full changelog

What's New in 2026.4.5

Upgraded to OpenClaw 3.28 — all 13 web models tested and verified working.

Highlights

All 13 web models pass end-to-end testing: ChatGPT, Claude, DeepSeek, Doubao, Gemini, GLM, GLM International, Grok, Kimi, Perplexity, Qwen, Qwen CN, Xiaomi MiMo
Fixed long prompt issue: web models now receive only the user's message instead of the full system prompt + 24 tool definitions (~35,000 chars). This caused garbled responses, timeouts, and system prompt leaks
Fixed repeated content: Qwen CN and Doubao SSE streams send accumulated content (not incremental deltas) — now correctly deduplicates by emitting only the new portion
Simplified chat UI: removed the redundant session/agent selector, keeping only the model selector dropdown

Web Model Fixes (per provider)

| Provider | Fix |
|----------|-----|
| ChatGPT | Playwright native keyboard API for reliable input; updated send button selectors |
| Gemini | Playwright keyboard API; innerText instead of textContent for response extraction |
| Grok | Playwright keyboard API for message submission |
| Perplexity | Rewritten as DOM simulation with "New Thread" button click; only sends user message |
| Kimi | Fixed Connect binary protocol parser (only accept append/set ops) |
| Qwen CN | Added credentials: "include" to fix 403 signature error; fixed auth loop |
| Qwen Web | Fixed model ID (qwen-max → qwen3.5-plus) |
| DeepSeek | Enhanced tool_call regex, data.v array handling, XML argument fallback |
| Xiaomi MiMo | Filter <think> blocks and dialogId events; strip null bytes |
| Doubao | Deduplicate accumulated SSE content |
| GLM/Grok | Deduplicate repeated SSE content |

Infrastructure

Shared stripInboundMeta(): all web streams now strip OpenClaw metadata (Sender, Conversation info, timestamps) from user messages before sending to web models
E2E test suite (scripts/test-web-model-e2e.sh): two-phase testing (TUI first, then WebUI), anti-ban adaptive delays, message pool with 20 CN/EN natural prompts, HTML report output
onboard.sh webauth auto-exits after authorization completes (no more Ctrl+C needed)

Dependencies

Upgraded to upstream OpenClaw v2026.3.28
Bumped Swift deps (swift-log 1.11.0, Sparkle 2.9.1)
Bumped Android deps (Compose BOM, commonmark, kotest)

Full Changelog: https://github.com/linuxhsj/openclaw-zero-token/compare/v2026.3.27...v2026.4.5

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OpenClaw Zero Token

Get notified when new releases ship.

About OpenClaw Zero Token

All releases →