OpenClaw v2.4.1 — version sync

OpenClaw v2.4.1

• Synced OpenClaw package/plugin metadata to 2.4.1.
• Fixed stale OpenClaw README and CLI strings that still reported 2.3.1.
• Rebuilt dist/cli.js from the updated TypeScript source.

Parity check

• Checked whether OpenClaw had the same short-tool-result retry-loop bug. It does not: the live Claude Code inline loop warning is deferred in OpenClaw, and OpenClaw retry churn is a post-hoc detector based on failed session outcomes.

Verification

• npm run build in openclaw/
• Included in the repo-wide python3 -m pytest tests pass (141 passed)

v5.6.2 — Quality Score Persistence + Coach Accuracy

What's New

Quality Score Persistence

• Quality scores now stored in the trends database per session, enabling historical tracking
• Dashboard shows a rolling 7-day quality trend chart (daily average + minimum)
• Backfill computes quality scores for all pre-existing sessions on upgrade

Coach Health Score Fixes

• Plugin-installed hooks (hooks.json) are now detected by the component scanner
• Namespaced sub-skill usage now correctly counts parent skill as active
• Extracted score_to_band() to eliminate duplicated threshold literals

Housekeeping

• Fixed version constant drift (measure.py was stuck at 5.5.1)
• Cleaned up 3 orphan remote branches from merged PRs

Full Changelog: v5.6.1...v5.6.2

v5.6.1

Fix bash compression hook: missing hookEventName field + hardcoded python3 bypassing python-launcher.sh (#26)

• Added required hookEventName: "PreToolUse" to hook response, fixing schema validation failures on Claude Code v2.1.101+
• Rewritten commands now route through python-launcher.sh for cross-platform Python discovery, fixing Windows Store shim failures
• Added anti-recursion guard: shell interpreters excluded from compression whitelist

v5.6.0 — Activity Intelligence + Savings Measurement

What's New

Savings Measurement Fix

• Loop detection now estimates 15K tokens saved per caught loop (was logging 0)
• Quality nudges now estimate 10K tokens recovered per nudge (was logging 0)
• Your dashboard will finally show real savings numbers instead of $0.02

New Detectors

• Output waste: 3-signal detector for excessive output tokens
• Cache instability: flags CLAUDE.md patterns that break prompt cache prefix

Activity Intelligence

• Mode detection: 10-tool sliding window classifies session mode
• Mode-aware compaction: PRESERVE/DROP adapts to what you are doing
• Decision extraction: detects chose/decided/going with patterns in real-time
• Anchored compact state: persists across compaction cycles

OpenClaw v2.4.0

• Output waste detector ported to TypeScript (16 detectors total)

Quality Fixes

• Catastrophic regex backtracking eliminated
• Activity log bounded with automatic pruning
• Vacuous truth on empty tool lists fixed
• Rollback guard prevents leaked implicit transactions

Claude Code plugin: 5.6.0 | OpenClaw: 2.4.0

v5.5.1 — Structure Map, Context Intel, MCP Introspection, Security Hardening

What changed since v5.5.0

Structure Map unblocked for large files. The feature was silently rejecting the most valuable files (anything over 300KB or 5K lines). Now handles Python files up to 800KB/20K lines. A 180,000-token file re-read compresses to ~250 tokens (99.86% reduction). Updated all surfaces (README, dashboard, welcome screen) to reflect structure map is actively saving tokens, not just measuring.

Context Intel Promotion. After compaction wipes your conversation, the model now receives a digest of large tool outputs it previously processed (~200 tokens). Prevents the post-compaction re-read-everything pattern that burns 20-50K tokens.

MCP Tool Introspection. Replaced the flat 10-tools-per-server estimate with a known-server lookup table for 8 public MCP servers. More accurate baseline measurement for users with common servers.

Security hardening. Removed printenv and docker exec from bash compression whitelist. Added kubectl secrets guard (catches secret/name aliased form). Removed Start/End verbatim lines from context intel summaries (prompt injection surface). Added RECOVERED DATA disclaimer to intel digest output.

Simplification. Trimmed MCP server table from 24 personal entries to 8 public ones. Removed dead code (unused return keys, dead split logic). Net -20 lines across the session.

Upgrade

Plugin users with auto-update: automatic. Otherwise: restart Claude Code.
Script users: cd ~/.clone/token-optimizer && git pull

v5.5.0 — Bash Compression On By Default + Security Hardening

What's New

Bash Output Compression is now ON by default. 16 handlers compress verbose CLI output from git, pytest, jest, npm, lint tools, logs, tree, docker, kubectl, sqlite3, du/df/wc, and build tools. Saves 5,000-30,000 tokens per session depending on CLI usage.

Disable anytime: measure.py v5 disable bash_compress or TOKEN_OPTIMIZER_BASH_COMPRESS=0

Security Hardening

Ahead of the default-ON flip, three whitelist tightenings:

• printenv removed from compression whitelist (could expose environment variables)
• docker exec removed (not read-only, executes arbitrary commands in containers)
• kubectl get secrets now blocked (prevents Kubernetes secret disclosure)

Dashboard and Documentation

• Dashboard V5 feature metadata synced with Python source of truth
• Dashboard toggle handler now uses correct per-feature defaults
• Welcome screen updated to reflect new defaults
• README: removed outdated Unknown skill: plugin section
• All SVG assets updated to show bash compression as active (green)
• Comparison table updated with accurate handler count

Upgrade

Plugin users: auto-update delivers this automatically if enabled.
Script users: cd ~/.claude/token-optimizer && git pull

v5.4.26

v5.4.26

Bug fix

• Bash compression savings now recorded to trends.db. bash_compress.py performed output compression but never called _log_compression_event, so all bash compress savings showed as 0 in the dashboard. Now records to compression_events after each successful compression.

Docs

• Fold install troubleshooting subsections (Unknown skill, Windows, macOS/Linux script install) behind expandable titles.

Tests

• Fix _load_measure() in all 11 test files to resolve ModuleNotFoundError: No module named 'hook_io' after the hook_io extraction refactor.

v5.4.25

Context Intelligence shadow mode, session-aware compaction guidance, shared hook I/O module, and review-driven hardening (injection sanitization, SQLite-backed cooldown, connection leak fixes).

v5.4.24

Smarter compression, broader coverage, cache-aligned hooks

• Range-aware read cache: Whole-file reads now cover subsequent partial reads of the same unchanged file, preventing redundant re-reads
• Non-code structure maps: Heading outlines for .md, key trees for .json and .yaml, section lists for .toml
• Expanded bash compression: sqlite3 queries, docker exec/logs/inspect, kubectl get/describe/logs, du/df/wc
• Structure-aware MCP compression: JSON key trees, path directory grouping, and table preservation replace flat truncation
• Session Knowledge Store: SQLite-backed per-session cache with WAL mode for concurrent hook access, replacing JSON file cache
• Cache-aligned injection: Structure map messages are now stable per file state, preserving prompt cache prefix stability
• Fail-open safety: All error paths verified to allow tool calls, never block them

v5.4.23 — plugin_env resolver + hardened plugin-data discovery

What's new

Plugin-data discovery just works. Token Optimizer now finds your live session data even when the plugin context is not active — running measure.py or the dashboard from a plain terminal walks ~/.claude/plugins/installed_plugins.json and lands on the right install. Dashboards stop showing stale snapshots.

User-level config edits take effect. Direct edits to ~/.claude/token-optimizer/config.json now win over plugin-data config in the priority chain. If you flip a v5 flag in your own config file, the hooks honor it on the next call.

Env var booleans are forgiving. TOKEN_OPTIMIZER_BASH_COMPRESS=true, TOKEN_OPTIMIZER_READ_CACHE_DELTA=yes, and TOKEN_OPTIMIZER_QUALITY_NUDGES=on all work as expected (case-insensitive). Tri-state flags like TOKEN_OPTIMIZER_STRUCTURE_MAP=beta keep their exact-match semantics.

Atomic config writes everywhere. Pricing-tier and quality-bar opt-out writes now use the same advisory-flock + tempfile + os.replace path as the dashboard toggle, so concurrent writers can never leave partial JSON on disk.

SessionStart legacy data migration also fires for CLI-discovered installs, so first-run dashboard users in a CLI shell get their trends.db and snapshots copied into the active plugin-data dir.

Hardened

The new plugin_env.py resolver is built for adversarial input. Marketplace names from installed_plugins.json are validated against [A-Za-z0-9._-]+ before being concatenated into a path. All resolved candidates must be real directories under ~/.claude/plugins/data/ — symlinks are rejected, traversal attempts are confined out via resolve().is_relative_to(). JSON reads are bounded at 1 MB and protected against RecursionError from pathological nesting. The CLAUDE_PLUGIN_DATA env var must itself resolve under ~/.claude/. Multi-key installs (e.g., -inline and -marketplace variants both registered) sort candidates by mtime so the freshest install wins instead of whatever Python's dict ordering surfaces first. Discovery is lru_cache(maxsize=1) so each hook process makes one filesystem traversal per call, not four.

Internals

A single plugin_env.py module is now the source of truth for plugin-data discovery and v5 feature flag resolution; bash_hook.py, read_cache.py, archive_result.py, and measure.py all consult it instead of inlining their own copies. The previous module name paths.py is renamed to make the two responsibilities self-evident.

Compatibility

OpenClaw stays at 2.3.0; this release only touches the Token Optimizer plugin. README badges and the OpenClaw version line are aligned across all surfaces.