OpenClaw and Hermes are tightening the boundaries around always-on agents

Always-on agents fail in the seams: an old reply looks current, a diagnostic endpoint leaks runtime state, a browser endpoint is too eager to connect, a local document send bypasses validation, or a queue silently accumulates work. These fixes show the ecosystem moving from “can the agent act?” toward “can it act without crossing the wrong boundary?”

• OpenClaw PR #79645 repairs centralized appendSessionTranscriptMessage redaction and adds regression tests for transcript redaction behavior
• OpenClaw PR #79649 includes real Telegram QA showing stale reply ancestry no longer dominates the active live chat window
• OpenClaw PR #79658 allows TXT/JSON/YAML local media sends only with MIME/extension validation and binary-disguise rejection coverage
• OpenClaw PR #79562 adds targeted backpressure and read-path fixes for Discord queues, media downloads, preview writes, transcript idempotency, Codex RPC writes, and session-store reads
• Hermes PR #22280 explicitly lists three security boundaries: Telegram callback authorization, safe CDP override validation, and auth for /health/detailed
• Hermes PR #22261 documents a Gemini HTTP 400 failure mode after parallel tool calls and coalesces tool responses into one user turn for both native and CloudCode adapters

• Most items are PR-stage at aggregation time and may not be in a tagged release yet
• The fixes span several surfaces, so teams should not cherry-pick blindly without matching their actual channels and providers
• Boundary hardening can expose previously hidden configuration mistakes, especially around API keys, browser automation endpoints, and chat history limits