OpenClaw Files

Fixes

• Telegram/setup: load setup and secret contracts through packaged top-level sidecars so installed npm builds no longer try to import missing dist/extensions/telegram/src/* files during gateway startup.
• Bundled channels/setup: load shared secret contracts through packaged top-level sidecars across BlueBubbles, Feishu, Google Chat, IRC, Matrix, Mattermost, Microsoft Teams, Nextcloud Talk, Slack, and Zalo so installed npm builds no longer rely on missing dist/extensions/*/src/* files during gateway startup.
• Bundled plugins: align packaged plugin compatibility metadata with the release version so bundled channels and providers load on OpenClaw 2026.4.8.
• Agents/progress: keep update_plan available for OpenAI-family runs while returning compact success payloads and allowing tools.experimental.planTool=false to opt out.
• Agents/exec: keep /exec current-default reporting aligned with real runtime behavior so host=auto sessions surface the correct host-aware fallback policy (full/off on gateway or node, deny/off on sandbox) instead of stale stricter defaults.
• Slack: honor ambient HTTP(S) proxy settings for Socket Mode WebSocket connections, including NO_PROXY exclusions, so proxy-only deployments can connect without a monkey patch. (#62878) Thanks @mjamiv.
• Slack/actions: pass the already resolved read token into downloadFile so SecretRef-backed bot tokens no longer fail after a raw config re-read. (#62097) Thanks @martingarramon.
• Network/fetch guard: skip target DNS pinning when trusted env-proxy mode is active so proxy-only sandboxes can let the trusted proxy resolve outbound hosts. (#59007) Thanks @cluster2600.