How-Tos

Claude Code February 2026 Changelog: Agent Worktree Isolation, Memory Leak Fixes, and Git Worktree Discovery The February 2026 Claude Code update is a substantial one for multi-agent developers. Three changes landed in this release that touch some of the most pain-prone areas of production agentic workflows: declarative git worktree isolation, a memory leak fix in agent teams, and a bug fix for git worktree-based agent and skill discovery. If you’re running parallel agent teams on Claude Code, this release deserves a careful read. ...

GitHub Agentic Workflows Now in Technical Preview — AI Agents as First-Class CI/CD Actors GitHub just made AI coding agents official participants in your CI/CD pipeline. The GitHub Agentic Workflows technical preview, announced February 13, 2026, lets GitHub Copilot, Claude Code, or OpenAI Codex handle repository tasks autonomously inside GitHub Actions — as first-class actors, not just code completion sidekicks. This is GitHub’s “Continuous AI” vision made real. And it’s already in your hands to try. ...

Microsoft Agent Framework Reaches Release Candidate — AutoGen + Semantic Kernel Unified The fragmentation era of Microsoft’s agentic AI tooling is officially ending. On February 19, 2026, Microsoft announced that the Microsoft Agent Framework (MAF) has reached Release Candidate for both .NET and Python — unifying AutoGen and Semantic Kernel into a single, coherent open-source SDK. General Availability is targeted for Q1 2026. If you’ve been running AutoGen or Semantic Kernel in production, the clock is ticking. AutoGen is entering maintenance-only mode. ...

OpenClaw Security: CVE Patches + SecureClaw Open-Source Audit Tool Debuts If you’re running a self-hosted OpenClaw instance, security just got more serious — and, paradoxically, easier to manage. Two CVEs were patched in v2026.1.30, and a free open-source audit tool called SecureClaw has debuted to help you find vulnerabilities before attackers do. Here’s what you need to know and what to do about it. The CVEs: What Was Fixed CVE-2026-25593 Patched in OpenClaw v2026.1.30. Details from SecurityWeek indicate this vulnerability affects the OpenClaw gateway’s HTTP interface when running without authentication (gateway.http.no_auth: true). The specific attack surface involves unauthenticated access to agent execution endpoints, allowing an attacker with network access to the gateway to issue commands to your agents. ...

OpenClaw v2026.2.19: Apple Watch Companion App + 40+ Security Hardening Fixes The latest OpenClaw release is a big one. Version 2026.2.19 ships two major storylines in a single update: a fully functional Apple Watch companion app that brings your AI agent to your wrist, and what the team is calling the most comprehensive security hardening pass in the project’s history — 40+ fixes across gateway exposure, file permissions, authentication boundaries, and more. A follow-up patch (2026.2.21-1) shipped via npm shortly after. ...

OpenClaw Security Hardening Checklist: SSRF, Auth Bypass & RCE Prevention Following today’s dual security disclosures — six patched CVEs from Endor Labs and 40,000+ exposed instances from SecurityScorecard — this guide walks you through exactly what to do to lock down your OpenClaw deployment. Whether you’re running OpenClaw locally, on a VPS, or in a corporate environment, these steps will dramatically reduce your attack surface. Bookmark this. Share it with your team. Run through it today. ...

OpenClaw v2026.2.21: Gemini 3.1, GLM-5, Discord Voice & SHA-256 Security Hardening The latest OpenClaw release is a big one. Version 2026.2.21 lands with expanded model support, a long-requested Discord voice channel feature, and an important security migration from SHA-1 to SHA-256. Here’s everything you need to know — and how to take advantage of it. What’s New in v2026.2.21 Gemini 3.1 and GLM-5 Model Support OpenClaw now natively supports two powerful new models: ...

If you’re running OpenClaw with browser control features, you need to patch GHSA-mr32-vwc2-5j6h today. This how-to walks you through the full process: checking your current version, verifying exposure, patching, and applying the new Docker network hardening from 2026.2.21. For the threat model and full vulnerability details, see the news article on GHSA-mr32-vwc2-5j6h. Here we focus on the practical steps. Step 1: Check Your Current Version openclaw --version If you see anything before 2026.2.21-1, you’re vulnerable. The patch was shipped in the -1 suffix release specifically for this CVE — 2026.2.21 alone is not sufficient. ...