chore(openclaw): 升级 OpenClaw 至 2026.4.8

[xzq-xu]

OpenClaw 版本更新

项目	值
当前版本	2026.3.28
最新版本	2026.4.8
Release	https://github.com/openclaw/openclaw/releases/tag/v2026.4.8

CHANGELOG 摘要

展开查看

Fixes

• Telegram/setup: load setup and secret contracts through packaged top-level sidecars so installed npm builds no longer try to import missing dist/extensions/telegram/src/* files during gateway startup.
• Bundled channels/setup: load shared secret contracts through packaged top-level sidecars across BlueBubbles, Feishu, Google Chat, IRC, Matrix, Mattermost, Microsoft Teams, Nextcloud Talk, Slack, and Zalo so installed npm builds no longer rely on missing dist/extensions/*/src/* files during gateway startup.
• Bundled plugins: align packaged plugin compatibility metadata with the release version so bundled channels and providers load on OpenClaw 2026.4.8.
• Agents/progress: keep update_plan available for OpenAI-family runs while returning compact success payloads and allowing tools.experimental.planTool=false to opt out.
• Agents/exec: keep /exec current-default reporting aligned with real runtime behavior so host=auto sessions surface the correct host-aware fallback policy (full/off on gateway or node, deny/off on sandbox) instead of stale stricter defaults.
• Slack: honor ambient HTTP(S) proxy settings for Socket Mode WebSocket connections, including NO_PROXY exclusions, so proxy-only deployments can connect without a monkey patch. (#62878) Thanks @mjamiv.
• Slack/actions: pass the already resolved read token into downloadFile so SecretRef-backed bot tokens no longer fail after a raw config re-read. (#62097) Thanks @martingarramon.
• Network/fetch guard: skip target DNS pinning when trusted env-proxy mode is active so proxy-only sandboxes can let the trusted proxy resolve outbound hosts. (#59007) Thanks @cluster2600.

集成面检查清单

对照 ee/docs/OpenClaw集成面清单.md，逐项确认新版本兼容性：

• 配置 Schema — openclaw.json Zod strict schema 是否接受我们写入的全部字段
• 文件系统路径 — /root/.openclaw/ 目录结构是否变更
• Session 文件格式 — sessions.json / .jsonl 结构是否变更
• Channel Plugin SDK — openclaw/plugin-sdk API 是否有 breaking change
• Gateway 协议 — 端口 (18789/9721)、/healthz、认证方式是否变更
• CLI 行为 — openclaw gateway 参数是否变更
• Gene/Skill 注入 — SKILL.md 格式、extraDirs 机制是否变更
• 安全管道 — tools.exec.* 配置项、Security WebSocket 协议是否变更
• 镜像验证 — ./verify.sh <image:tag> 全部 PASS

---

此 PR 由 GitHub Actions 自动创建。

合并后请：

1. 构建新镜像：./build.sh openclaw --version 2026.4.8
2. 运行验证：./verify.sh <image:tag>
3. 在引擎版本管理中发布新版本