OpenClaw v2026.2.15: Nested Sub-Agents, Discord Components v2, and Major Security Hardening
The latest OpenClaw release dropped yesterday (Feb 16th) and it's packed with powerful new capabilities. Here's what you need to know.
馃 Nested Sub-Agents Are Here
Perhaps the most exciting addition: sub-agents can now spawn their own sub-agents. This enables complex multi-tier agent architectures where your main agent delegates to specialized sub-agents, which can further decompose tasks.
To enable, set in your config:
agents:
defaults:
subagents:
maxSpawnDepth: 2 # Allow sub-sub-agentsThe release includes maxChildrenPerAgent limits (default 5), depth-aware tool policies, and proper announce chain routing so results bubble up correctly. Thanks @tyler6204 for this feature!
馃挰 Discord Components v2: Rich Interactive Prompts
Discord users get a major UX upgrade with Components v2 support. Your agents can now present:
- Buttons for quick actions
- Select menus for choices
- Modals for form input
- Attachment-backed file blocks
This unlocks native interactive experiences through Discord rather than plain text. Exec approval UX also got refinements with CV2 containers and better button layouts. Thanks @thewilloftheshadow!
馃攲 LLM Input/Output Hooks for Extensions
Extension developers can now observe what goes into and comes out of the model via new llm_input and llm_output hook payloads (#16724). This enables:
- Custom logging and analytics
- Prompt/output monitoring
- Usage tracking extensions
Thanks @SecondThread for opening this up!
馃攼 Security Hardening (Read This!)
This release includes substantial security work:
- SHA-256 for sandbox hashing - Replaces deprecated SHA-1
- Telegram token redaction - Prevents accidental bot token leakage in logs
- Container escape prevention - Blocks dangerous sandbox Docker configs (bind mounts, host networking, unconfined seccomp/apparmor)
- Stored XSS prevention in Control UI
- Web fetch memory protection - Caps response body size to prevent exhaustion from huge/nested pages
- Unicode-aware memory search - CJK and non-ASCII queries now work properly in FTS
Other Notable Changes
- Per-channel ack reactions - Customize acknowledgment emojis per Slack/Discord/Telegram channel
- Cron webhook tokens - Dedicated auth token support for outbound cron webhooks
- Group chat context fix - Agents now maintain group awareness across all turns, not just the first
- Browser retry guidance - Models won't loop on browser tool calls when the service is unavailable
Upgrade Notes
This is a quality release with no breaking changes noted. The security fixes alone make it worth updating immediately.
Full release notes: https://github.com/openclaw/openclaw/releases/tag/v2026.2.15
Comments (0)
No comments yet. Be the first to comment!