大家好，我是程序员虎哥，跟踪学习、不定期同步以 OpenClaw 为代表的 Agent 技术。技术发展应该为劳动者减负，而不应该增加焦虑和内耗~

小小的大发

OpenClaw 每日更新 | 3 月 27 日：大规模重构收尾 + 回归修复潮

📊 概览

统计时间：2026 年 3 月 27 日（太平洋时区 PDT UTC-7）

分类统计

主要贡献者 TOP 5

🔧 关键 Bug 修复（回归修复潮）

1. 大规模回归修复

贡献者：Tak Hoffman

内容：

• fix(regression): auto-enable channel status state
• fix(regression): auto-enable gateway send selection
• fix(regression): auto-enable channels resolve selection
• fix(regression): auto-enable message channel selection
• fix(regression): persist auto-enabled directory config
• fix(regression): auto-enable channel auth selection
• fix(regression): auto-enable gateway bootstrap snapshots
• fix(regression): auto-enable gateway plugin loads
• fix(regression): auto-enable directory channel selection
• fix(regression): auto-enable web search provider loads
• fix(regression): auto-enable provider runtime loads
• fix(regression): auto-enable memory runtime loads
• fix(regression): auto-enable channel setup registry loads
• fix(regression): auto-enable plugin status loads
• fix(regression): auto-enable plugin tool loads
• fix(regression): auto-enable plugin cli loads
• fix(regression): preserve telegram pairing account context
• fix(regression): preserve feishu pairing account context
• fix(regression): preserve matrix pairing account context
• fix(regression): preserve discord pairing account context
• fix(regression): preserve whatsapp pairing account context
• fix(regression): preserve slack pairing account context
• fix(regression): preserve googlechat pairing account context
• fix(regression): preserve msteams pairing account context
• fix(regression): preserve nextcloud-talk pairing account context
• fix(regression): preserve zalo pairing account context
• fix(regression): preserve imessage pairing account context
• fix(regression): preserve signal pairing account context
• fix(regression): preserve line pairing account context
• fix(regression): preserve bluebubbles pairing account context

影响：修复了大规模重构后的大量回归问题，主要是自动启用配置和配对上下文保存。

2. 安全修复

贡献者：Jacob Tomlinson

内容：

• fix(gateway): require verified scope for chat provenance (#55700)
• 要求验证范围才能进行聊天溯源
• fix(gateway): cap concurrent pre-auth websocket upgrades (#55294)
• 限制并发预认证 WebSocket 升级，防止 DoS 攻击
• fix(gateway): restrict node pairing approvals (#55951)
• 限制节点配对审批范围
• fix(media): require fs access for dynamic local roots (#55946)
• 要求文件系统访问权限才能使用动态本地根目录
• fix(exec): reject wrapper carrier allow-always targets (#55947)
• 拒绝包装器载体 allow-always 目标
• fix(channels): preserve routed group policy (#56011)
• 保留路由组策略

影响：提高网关安全性，防止未授权访问和 DoS 攻击。

3. Matrix 渠道修复

贡献者：Gustavo Madeira Santana

内容：

• fix(matrix): align outbound direct-room selection (#56076)
• fix(matrix): preserve strict DM SAS fallback
• fix(matrix): guard invalid HTML entity mention labels
• fix(matrix): mentions should work with displayName labels (#55393)
• fix(matrix): only use 2-member DM fallback when dm refresh fails (#54890)
• fix(matrix): resolve reply context body and sender for quoted messages (#55056)
• fix(matrix): pass originalFilename to saveMediaBuffer and expose path via MEDIA tag (#55692)

影响：Matrix 渠道功能恢复正常，提及、回复、媒体处理等功能修复。

4. Telegram 渠道优化

贡献者：Ayaan Zaidi, Jacob Tomlinson

内容：

• fix(telegram): tighten reaction typings
• fix(telegram): tighten helper field readers
• fix(telegram): simplify action button parsing
• fix(telegram): simplify message helper parsing
• fix(telegram): unify inline button capability parsing
• fix(telegram): tighten api result typings
• fix(telegram): unify chat metadata parsing
• fix(telegram): simplify transport typing
• fix(telegram): simplify runtime handler typing
• fix(telegram): share chat lookup types
• fix(telegram): tighten chat action typings
• fix(telegram): tighten media SSRF policy (#56004)
• fix(zalo): gate image downloads before DM auth (#55979)

影响：Telegram 渠道类型定义更严谨，媒体下载更安全。

5. Discord 渠道修复

贡献者：Peter Steinberger, Jacob Tomlinson

内容：

• fix(discord): stop queued reconnect exhaustion crash (#55991)
• fix(discord): align rate-limit error callsites
• fix(discord): apply component interaction policy gates (#56014)
• fix(discord): enforce approver checks for text approvals (#56015)
• fix(discord): fix Carbon RateLimitError calls
• fix(discord): update carbon beta (#55980)

影响：Discord 渠道稳定性提升，重连崩溃问题修复。

✨ 新功能

1. OpenClaw Channel MCP Bridge

贡献者：Peter Steinberger

内容：

• feat: add openclaw channel mcp bridge

意义：支持通过 MCP 协议桥接渠道，提高渠道互操作性。

2. ACP 会话绑定

贡献者：Peter Steinberger, Tak Hoffman

内容：

• feat(acp): add conversation binds for message channels
• fix(acp): avoid no-op gateway self-call after spawn
• fix(acp): cover persisted generic conversation binds
• fix(acp): generalize message-channel binds

意义：ACP 会话绑定功能完善，支持消息渠道的会话管理。

3. 插件审批钩子

贡献者：Tak Hoffman, Jacob Tomlinson

内容：

• feat(hooks): add async requireApproval to before_tool_call (#55339)
• fix: harden plugin approval hook reliability
• fix: tighten plugin approval schema and add kind-prefixed IDs

意义：插件可以在工具调用前要求用户审批，提高安全性。

📝 文档更新

1. 技能来源优先级文档

贡献者：Gustavo Madeira Santana

内容：

• docs: document skill source precedence

意义：明确技能来源的优先级顺序，帮助开发者理解技能加载逻辑。

2. Podman 部署文档更新

贡献者：Sally O'Malley

内容：

• update podman setup and docs (#55388)
• podman: persist runtime env defaults
• podman: harden env and path handling
• podman: allow symlinked home path components

意义：Podman 部署文档更完善，支持更多场景。

🧪 测试优化

1. 测试去重

贡献者：Peter Steinberger

内容：

• test: dedupe plugin contract suites
• test: dedupe plugin provider runtime suites
• test: dedupe plugin bundle discovery suites
• test: dedupe plugin runtime registry suites
• test: dedupe plugin manifest and wizard suites
• test: dedupe plugin core utility suites
• test: dedupe security utility suites
• test: dedupe security audit and acl suites
• test: dedupe gateway network and transcript suites
• test: dedupe utility and config suites
• test: dedupe outbound routing and queue suites
• test: dedupe exec approval and system run suites
• test: dedupe infra utility suites
• test: dedupe plugin sdk helper suites
• test: dedupe helper-heavy test suites
• test: dedupe plugin hook runner suites
• test: dedupe plugin command and runtime helpers
• test: dedupe plugin bundle and discovery helpers
• test: dedupe loader heartbeat and audit cases
• test: dedupe config and utility suites
• test: dedupe plugin runtime and provider suites
• test: dedupe plugin install and packaging suites

意义：大量测试去重，减少测试代码冗余，提高测试可维护性。

2. 测试稳定化

贡献者：Peter Steinberger, Tak Hoffman

内容：

• test: stabilize extension ci mocks
• test: stabilize telegram stalled-runner restart assertion
• test: stabilize windows lock and cache paths
• test: fix docker mcp stdio notification hook
• test: fix voice-call cli stdout assertions
• test: fix feishu batch insert test syntax
• test: fix feishu test typings
• test: harden parallels smoke verification
• test: harden extension integration fixtures
• test: harden contract registry fixtures
• test: harden discord rate-limit helpers
• test: harden browser config refresh seam
• test: harden browser logger and schema seams
• test: harden discord session-key facade
• test: harden discord rate limit calls
• test: harden bundled provider runtime surfaces
• test: harden ci test and loader regressions
• test: harden ci shards and extension mocks
• test: harden ci gate
• test: harden ci align skill fixture source info
• test: harden ci align compaction and skills api drift

意义：CI 测试更稳定，减少误报。

📈 贡献者榜单

📝 观察与总结

技术趋势

1. 重构收尾：3 月 26 日的大规模重构在 27 日进入收尾阶段，大量回归修复确保重构后功能正常。

2. 安全加固：多个安全修复（网关认证、DoS 防护、文件系统访问控制）显示团队对安全问题的重视。

3. 测试优化：大量测试去重和稳定化工作，显示团队对测试质量的持续投入。

代码质量观察

• 回归修复及时：重构后立即进行大规模回归修复，确保功能正常
• 安全意识强：多个安全修复同时发布，覆盖网关、媒体、执行等关键路径
• 测试覆盖全面：测试去重和稳定化工作量大，但提高了测试可维护性

🔗 相关链接

• OpenClaw GitHub: https://github.com/openclaw/openclaw^[1]
• 本次 Commits 对比：https://github.com/openclaw/openclaw/compare/之前的^[2] SHA..a3b85e1583
• 插件审批钩子 PR：https://github.com/openclaw/openclaw/pull/55339^[3]
• 网关安全修复 PR：https://github.com/openclaw/openclaw/pull/55700^[4]

这是「Agent 扫地僧」的 OpenClaw 每日更新。如果你觉得有价值，欢迎关注公众号，一起跟踪学习 Agent 技术~ 🧹

引用链接