OpenClaw v3.12: Revamped Dashboard, 20+ Security Fixes & Fast Mode

OpenClaw v3.12 follows the quick release of v3.11, which already fixed a critical cross‑site WebSocket hijack (GHSA‑5wcw‑8jjv‑m286) in the trusted-proxy mode that could expose the operator.admin permission.

Key Functional Improvements

iOS/macOS native client overhaul – iOS Home canvas now has a welcome screen, real‑time Agent overview, and a bottom Dock replacing the floating button; macOS adds a model selector and persists the thinking‑level choice across restarts.

Ollama onboarding – supports Local or Cloud+Local modes, offers curated model recommendations, and skips local pulls when a Cloud model is selected.

Multimodal memory – memorySearch.extraPaths now indexes images and audio using Gemini’s gemini-embedding-2-preview, enabling agents to retrieve visual and audio content.

Breaking change – cron task delivery no longer accepts ad‑hoc agent sends or fallback session summaries; run openclaw doctor --fix after upgrade.

Dashboard v2: From "usable" to "pleasant"

The new Dashboard is split into five independent views (Overview, Chat, Config, Agent, Session) and adds a VS Code‑style Command Palette (Cmd+K) for quick actions.

The main Dashboard now presents information at a glance, the Chat view supports slash commands, search, export and pinning, and the Config page gets better horizontal space utilization. Mobile adds Bottom Tabs for easier touch navigation.

Fast Mode: Turbo‑charging Agents

A session‑level Fast Mode toggle is available via /fast, the TUI, Control UI and ACP. Implementation details:

OpenAI side : uses Codex request shaping to configure a default fast state per model.

Anthropic side : maps /fast to the API’s service_tier field and validates tier availability in real time.

Use Fast Mode for batch processing, debugging or rapid iteration; switch back for deep‑thinking tasks.

Provider Plugin Architecture

Ollama, vLLM and SGLang are migrated to a provider‑plugin system, each exposing onboarding, model discovery/picker, and post‑selection hooks. Adding a new inference engine now only requires implementing the plugin interface, paving the way for future backends such as llama.cpp or TensorRT‑LLM.

Kubernetes Deployment Docs

The long‑awaited K8s guide includes raw manifests, a Kind local cluster setup, and step‑by‑step deployment instructions, providing an official starting point for production deployments.

Advanced Features

Subagent sessions_yield – lets the orchestrator end the current round immediately, skip queued tool calls, and pass hidden payloads to the next session, reducing wait times in multi‑step Agent workflows.

Slack Block Kit support – agents can now send structured messages via channelData.slack.blocks, enabling buttons, forms and rich text.

Security Overhaul (20+ fixes)

Command execution – patches a chain of attacks involving zero‑width/full‑width characters, and wrappers like pnpm exec, npm exec, npx; now enforces Unicode normalization, invisible‑character stripping, and fails closed on shell payloads.

Permission boundaries – owner‑only enforcement for /config and /debug (GHSA‑r7vr), removal of elevated scopes from shared‑token WebSocket connections (GHSA‑rqpp), tighter gateway workspace isolation (GHSA‑2rqg), sandbox agents blocked from reading parent session data (GHSA‑wcxr), and token‑scope caps (GHSA‑2pwv).

Plugin security – workspace plugins are disabled by default; explicit trust is required to load them (GHSA‑99qw).

Webhook hardening – Feishu now requires both encryptKey and verificationToken; LINE adds signature checks for empty‑event POSTs; Zalo adds rate limiting for invalid key guesses; Slack/Teams require stable channel/team IDs unless name matching is explicitly allowed via dangerouslyAllowNameMatching.

Device pairing – /pair and openclaw qr now use short‑lived tokens instead of embedding shared Gateway credentials in QR codes.

Other hardening – limits on WebSocket pre‑auth frame size, 5 MB attachment size cap, fail‑closed for GIT_EXEC_PATH injection, and strict handling of Ruby -r / --require / -I flags.

These fixes demonstrate a serious commitment to production‑grade security; users with public or multi‑user deployments are strongly urged to upgrade.

Upgrade Procedure

# Backup (new in 3.8)
openclaw backup create

# Upgrade
openclaw update

# Post‑upgrade health check
openclaw doctor

# Fix breaking cron changes if needed
openclaw doctor --fix

For more details, see the official GitHub repository and the K8s manifests linked in the documentation.