Changes

• Chat commands: add /think default and /fast default to clear session overrides and inherit configured/provider defaults. (#79385) Thanks @VACInc.
• Dependencies: refresh workspace dependency pins and lockfile, including @openai/codex 0.130.0, acpx 0.7.0, AWS SDK 3.1044.0, OpenTelemetry 0.217.0, typebox 1.1.38, vite 8.0.11, oxfmt 0.48.0, and oxlint 1.63.0, and update the Codex harness model snapshot for the new bundled app-server catalog.
• Plugins/install: add guarded plugin install overrides so onboarding and repair tests can route specific plugins to registry specs or local npm pack artifacts via environment variables.
• Tests/Docker: add Codex on-demand install and live plugin-tool dependency E2E lanes for packaged onboarding and npm-pack plugin proof.
• Plugins/ACPX: accept an optional args array in agents.<name> config so paths and flag values containing spaces stay intact when spawning ACP agent processes. Thanks @TheArchitectit and @BunsDev.
• Agents: inject the current provider/model identity into system prompts, including configured prompt overrides and CLI hook prompt replacements, so agents can answer model-identity questions from the actual runtime selection.
• Plugins/CLI: add the optional bundled oc-path plugin, providing openclaw path for surgical oc:// access to markdown, JSONC, and JSONL workspace files.
• Plugins/SDK: add unified model catalog registration for text, image, video, and music providers, including providerCatalogEntry manifests, shared media list help, live catalog caching, and per-model video capability overlays.
• Plugin SDK: add presentation helpers for controls-only interactive rendering and opt-in empty fallback text so rich channel renderers can share MessagePresentation semantics without duplicating native cards or components.
• CLI: make parser, startup, config, guardrail, channel, agent, task, session, and MCP failures explain what happened and point to the next recovery command.
• GitHub Copilot: refresh the model catalog from ${baseUrl}/models so per-account entitlement and accurate context windows surface at runtime; static manifest catalog (now including gpt-5.5) remains the fallback when discovery is disabled or the API is unreachable.
• Active Memory: support concrete plugins.entries.active-memory.config.toolsAllow recall tool names for custom memory plugins while keeping the built-in memory-core default on memory_search/memory_get and preserving memory_recall automatically for plugins.slots.memory: "memory-lancedb".
• Telegram: share the grammY API throttler across polling and ad hoc send clients for the same bot token, so visible draft previews and CLI sends use one quota gate. Thanks @anagnorisis2peripeteia.
• Telegram/Feishu: honor configured per-agent and global reasoningDefault values when deciding whether channel reasoning previews should stream or stay hidden, addressing the preview-default part of #73182. Thanks @anagnorisis2peripeteia.
• Docker: run the runtime image under tini so long-lived containers reap orphaned child processes and forward signals correctly. (#77885) Thanks @VintageAyu.
• Logging/redaction: redact quoted HTTP client secret fields and auth/cookie headers in shared log and formatted error output. Related #71211 and #65623. (#75033) Thanks @liaoandi.
• Gateway/SDK: document and stabilize the task ledger RPC surface for tasks.list, tasks.get, and tasks.cancel, including generated Swift model typing for optional task summaries. Thanks @BunsDev.
• Google/Gemini: normalize retired google/gemini-3-pro-preview and google-gemini-cli/gemini-3-pro-preview selections to google/gemini-3.1-pro-preview before they are written to model config.
• Google/Gemini: emit canonical google/gemini-3.1-pro-preview ids from configured provider catalog rows so model list and selection paths can test Gemini 3.1 instead of retired Gemini 3 Pro.
• Google/Gemini: normalize nested proxy-provider catalog ids like google/gemini-3-pro-preview to google/gemini-3.1-pro-preview, so Kilo-style configured catalogs test Gemini 3.1 instead of the retired Gemini 3 Pro id.
• Google/Gemini: canonicalize provider-onboarding model alias maps so setup flows preserve settings under google/gemini-3.1-pro-preview instead of re-emitting retired Gemini 3 Pro config keys.
• Google/Gemini: canonicalize retired Gemini 3 Pro Preview ids inside Google dynamic model resolution so runtime clones also use google/gemini-3.1-pro-preview.
• Amazon Bedrock: support serviceTier parameter for Bedrock models, configurable via agents.defaults.params.serviceTier or per-model in agents.defaults.models. Valid values: default, flex, priority, reserved. (#64512) Thanks @mobilinkd.
• Control UI: read the Quick Settings exec policy badge from tools.exec.security instead of the non-schema agents.defaults.exec.security path, so configured full/deny values render accurately. Fixes #78311. Thanks @FriedBack.
• Control UI/usage: add transcript-backed historical lineage rollups for rotated logical sessions, with current-instance vs historical-lineage scope controls and long-range presets so usage history stays visible after restarts and updates. Fixes #50701. Thanks @dev-gideon-llc and @BunsDev.
• Agents/failover: harden state-aware lane suspension by persisting quota resume transitions, restoring configured lane concurrency, preserving non-quota failure reasons, and exporting model failover events through diagnostics OTLP. Thanks @BunsDev.
• Control UI/Windows: add the SPA-side WebView2 bridge for native hosts so draft text can update the chat composer and the ready handshake is wired through the app lifecycle. (#69633) Thanks @AlexAlves87.
• Channels/streaming: make progress draft labels scroll away with other progress lines, render structured tool rows as compact emoji/title/details, show web-search queries from provider-native argument shapes, and skip empty Discord apply-patch starts until a patch summary exists. (#79146)
• Runtime/performance: avoid full-array sorting while auto-selecting providers, resolving supported thinking levels, picking node last-seen timestamps, and extracting Codex usage-limit messages. Thanks @shakkernerd.
• Plugins/doctor: avoid full-array sorting while selecting ClawHub search/archive results and bounded dreaming doctor entries. Thanks @shakkernerd.
• Agents/compaction: keep contributor diagnostics to a bounded top-three selection without sorting the full history. Thanks @shakkernerd.
• Sessions/UI: avoid full-array sorting while selecting ACPX leases, Google Meet calendar events, and latest chat sessions. Thanks @shakkernerd.
• Plugin SDK: mark direct deliverOutboundPayloads and legacy reply-dispatch bridges as deprecated compatibility substrate, enrich sendDurableMessageBatch with explicit durable send outcomes, migrate bundled send/turn paths off deprecated APIs, and enforce the split with check:deprecated-api-usage.
• Telegram: preserve the channel-specific 10-option poll cap in the unified outbound adapter so over-limit polls are rejected before send. (#78762) Thanks @obviyus.
• Telegram/streaming: continue over-limit draft previews in a new message instead of stopping when rendered preview text crosses Telegram's message limit. (#74508) Thanks @anagnorisis2peripeteia.
• Slack: route handled top-level channel turns in implicit-conversation channels to thread-scoped sessions when Slack reply threading is enabled, keeping the root turn and later thread replies on one OpenClaw session. (#78522) Thanks @zeroth-blip.
• Telegram: re-probe the primary fetch transport after repeated sticky fallback success so transient IPv4 or pinned-IP fallback promotion can recover without a gateway restart. Fixes #77088. (#77157) Thanks @MkDev11.
• Runtime/install: raise the supported Node 22 floor to 22.16+ so native SQLite query handling can rely on the node:sqlite statement metadata API while continuing to recommend Node 24. (#78921)
• Discord/voice: make duplicate same-guild auto-join entries resolve to the last configured channel so moving an agent between voice channels does not keep joining the stale channel.
• Discord/voice: add realtime /vc modes so Discord voice channels can run as STT/TTS, a realtime talk buffer with the OpenClaw agent brain, or a bidi realtime session with openclaw_agent_consult.
• Discord/voice: add bounded realtime gateway logs for voice channel joins, realtime model/voice selection, transcripts, consult routing/answers, and playback start, allow OpenAI realtime Discord sessions to disable input-triggered response interruption for echo-heavy rooms while keeping explicit Discord barge-in available for new and already-active speakers, and allow voice turns to target an existing Discord channel agent session.
• Discord/voice: add voice.realtime.minBargeInAudioEndMs and let the realtime provider own playback clearing, so speaker echo no longer cuts OpenAI realtime model audio at audioEndMs=0 while low-echo rooms can opt back into immediate barge-in with 0.
• Discord/voice: make agent-proxy the default voice mode so realtime voice acts as the microphone/speaker extension of the routed OpenClaw agent session, with stt-tts remaining available as an explicit fallback.
• Discord/voice: keep OpenAI realtime bidi consults quiet while the supervisor agent is still working, accept Codex-style conversation.item.done function-call events, and preserve continuing tool results through the gateway relay so the OpenAI realtime bridge reliably routes consults before speaking the final answer.
• Discord/voice: include a bounded one-line STT transcript preview in verbose voice logs so live voice debugging shows what speakers said before the agent reply.
• Codex app-server: pin the managed Codex harness and Codex CLI smoke package to @openai/codex@0.129.0, defer OpenClaw integration dynamic tools behind Codex tool search by default, and...

Fixes

• Release/plugin publishing: retry transient ClawHub CLI dependency install failures, keep preview-passing plugins publishable when one preview cell flakes, and verify every expected ClawHub package version after publish so maintenance releases are faster to recover and less likely to hide partial plugin publishes.
• OpenAI: support openai/chat-latest as an explicit direct API-key model override for trying the moving ChatGPT Instant API alias without changing the stable default model.
• Cron CLI: include computed status in cron list --json and cron show --json output so external tooling can read disabled/running/ok/error/skipped/idle state without reimplementing cron status derivation. (#78701) Thanks @aweiker.
• Channels CLI: make openclaw channels list channel-only, add --all for bundled and catalog channels, render installed/configured/enabled state, and move model auth/usage details to openclaw models auth list, openclaw status, and openclaw models list. (#78456) Thanks @sliverp.
• Native commands: honor owner enforcement for native command handlers. (#78864) Thanks @pgondhi987.
• Active Memory: require admin scope for global memory toggles. (#78863) Thanks @pgondhi987.
• Gateway/sessions: clear cached skills snapshots during /new and sessions.reset so long-lived channel sessions rebuild the visible skill list after skills change. (#78873) Thanks @Evizero.
• Auto-reply: gate inline skill tool dispatch through before-tool-call authorization hooks. (#78517) Thanks @pgondhi987.
• Tavily: resolve dedicated tavily_search and tavily_extract tool credentials from the active runtime config snapshot, so exec SecretRef-backed API keys do not reach the tools unresolved. (#78610) Thanks @VACInc.
• Plugins/install: use the same absolute POSIX npm lifecycle shell for managed plugin install, rollback, repair, and uninstall npm operations as staged package updates, preventing restricted PATH shells from breaking cleanup. Thanks @vincentkoc.
• Agents/context engine: invalidate cached assembled context views when source history shrinks or assembly fails, preventing stale pre-reset history from being reused. Fixes #77968. (#78163) Thanks @brokemac79 and @ChrisBot2026.
• Discord/message: parse provider-prefixed targets like discord:channel:<id> as channel sends instead of legacy Discord DM targets, so cross-channel agent message(action="send") calls no longer misroute channel IDs into misleading Unknown Channel failures. Fixes #78572.
• Agents/compaction: clamp compaction summary reserve tokens to each model's output limit so high-context compaction no longer requests invalid max_tokens values. (#54392) Thanks @adzendo.
• Commands/BTW: show the /btw missing-question usage placeholder with brackets so outbound channel sanitization keeps it visible. Fixes #62877. Thanks @RajvardhanPatil07.
• Cron/doctor: repair persisted cron jobs whose payload.model was stored as "default", "null", blank, or JSON null by removing the bad override during openclaw doctor --fix while keeping cron runtime model validation strict. Fixes #78549. Thanks @bizzle12368239.
• Telegram: honor accessGroup:* sender allowlists for DMs, groups, native commands, and callback authorization before applying Telegram's numeric sender-ID checks. Fixes #78660. Thanks @manugc.
• Agent delivery: report deliverySucceeded=false when outbound delivery returns no adapter result, so claimed/empty delivery paths no longer masquerade as successful sends. Fixes #78532. Thanks @joeyfrasier.
• Cron/isolated runs: fail implicit announce delivery before model execution when delivery.channel=last has no previous route, so recurring jobs do not spend tokens before hitting a permanent delivery-target error. Fixes #78608. Thanks @sallyom.
• Gateway/sessions: persist a new generated transcript file when daily gateway-agent session rollover changes the session id, while preserving custom transcript paths. Fixes #78607. Thanks @nailujac, @zerone0x, and @sallyom.
• Doctor/Codex OAuth: preserve working openai-codex/* PI routes during doctor --fix and recover 2026.5.5-rewritten openai/* GPT-5 routes when only Codex OAuth auth is available, so update repair does not break subscription-auth setups. Fixes #78407. Thanks @shakkernerd.
• Telegram: keep the polling watchdog tied to getUpdates liveness so unrelated outbound Bot API calls cannot mask a wedged inbound poller. Fixes #78422. Thanks @ai-hpc.
• Agents/subagents: have completed session-mode subagent registry rows honor agents.defaults.subagents.archiveAfterMinutes instead of a hardcoded 5-minute TTL, so registry-backed surfaces keep one retention knob across spawn modes. (#78263) Thanks @arniesaha.
• Plugins/channel setup: forward setChannelRuntime from non-bundled external plugin setup entries so deferred external channel runtime initializers are installed before startup polling. Fixes #77779. (#77799) Thanks @openperf.
• Telegram: treat successful same-chat message tool outbound sends during an inbound Telegram turn as delivered when deciding whether to emit the rewritten silent reply fallback. (#78685) Thanks @neeravmakwana.
• Gateway/tasks: reconcile stale CLI run-context tasks whose live run context disappeared and bound channel hot-reload deferrals so stale task records cannot block Discord/Slack/Telegram reloads forever.
• Discord/voice: audit Discord voice-channel permissions in channels capabilities and channels status --probe, including auto-join targets, so missing Connect/Speak/Read Message History permissions show up before /vc join.
• Discord/voice: make voice capture less choppy by extending the default post-speech silence grace to 2.5s, add voice.captureSilenceGraceMs for noisy Discord sessions, and tighten the spoken-output prompt around live STT fragments. Thanks @vincentkoc.
• WhatsApp: route proactive phone-number sends through Baileys LID forward mappings when available, so LID-addressed contacts receive agent messages instead of creating sender-only ghost chats. Fixes #67378. (#74925) Thanks @edenfunf.
• WhatsApp: send captioned MEDIA: directive auto-replies once instead of emitting an empty media message before the captioned media reply. (#78770) Thanks @ai-hpc.
• Codex/approvals: in Codex approval modes, stop installing the pre-guardian native PermissionRequest hook by default so Codex's reviewer can approve safe commands before OpenClaw surfaces an approval, remember allow-always decisions for identical Codex native PermissionRequest payloads within the active session window, and make plugin approval requests validate/render their actual allowed decisions so Telegram and other native approval UIs cannot offer stale actions. Thanks @shakkernerd.
• Model providers: normalize APNG sniffed PNG uploads, preserve Gemini 3 tool-call thought-signature replay with fallback signatures, accept legacy __env__:VAR custom-provider keys, and repair snake_case tool-call transcript sanitization. Fixes #51881, #48915, #77566, and #42858.
• Telegram/models: parse provider ids containing dots in /models callback buttons so hf.co model lists render as inline keyboard buttons. Fixes #38745.

2026.5.6

Fixes

• Doctor/OpenAI Codex: revert the 2026.5.5 doctor --fix repair that rewrote valid openai-codex/* ChatGPT/Codex OAuth routes to openai/*, which could break OAuth-only GPT-5.5 setups or accidentally move users onto the OpenAI API-key route. If 2026.5.5 already changed your default model, run openclaw models set openai-codex/gpt-5.5 && openclaw config validate to switch the default agent back to the Codex OAuth PI route. Fixes #78407.
• Plugins/runtime fetch: drop third-party symbol metadata from plain request header dictionaries before passing them into native fetch or Headers, so SDK and guarded/proxy fetch paths do not reject otherwise valid plugin requests. Fixes #77846. Thanks @shakkernerd.
• Debug proxy: normalize captured fetch header dictionaries before replaying requests so symbol metadata from caller-owned header objects cannot make debug-proxy fetches fail.
• Web fetch: bound guarded dispatcher cleanup after request timeouts so timed-out fetches return tool errors instead of leaving Gateway tool lanes active. (#78439) Thanks @obviyus.

Recovery docs: https://docs.openclaw.ai/providers/openai#check-and-recover-codex-oauth-routing

2026.5.5

Fixes

• Feishu: hydrate missing native topic starter thread IDs before session routing so first turns and follow-ups stay in the same topic session. Fixes #78262. Thanks @joeyzenghuan.
• LINE: reject dmPolicy: "open" configs without wildcard allowFrom so webhook DMs fail validation instead of being acknowledged and silently blocked before inbound processing. Fixes #78316.
• Telegram/Codex: keep message-tool-only progress drafts visible and render native Codex tool progress once per tool instead of duplicating item/tool draft lines. Fixes #75641. (#77949)
• Providers/xAI: stop sending OpenAI-style reasoning effort controls to native Grok Responses models, so xai/grok-4.3 no longer fails live Docker/Gateway runs with Invalid reasoning effort.
• Providers/xAI: clamp the bundled xAI thinking profile to off so live Gateway runs cannot send unsupported reasoning levels to native Grok Responses models.
• Matrix/approvals: retry approval delivery up to 3 times with a short backoff so transient Matrix send failures do not strand pending approval prompts. (#78179) Thanks @Patrick-Erichsen.
• Discord/gateway: measure heartbeat ACK timeouts from the actual heartbeat send, preventing late initial heartbeats from triggering false reconnect loops while the channel is still awaiting readiness. Fixes #77668. (#78087) Thanks @bryce-d-greybeard and @NikolaFC.
• Discord/guilds: route plain text control commands such as /steer through the normal authorization and mention gate instead of silently dropping them before an agent session can see them. Fixes #78080. Thanks @ramitrkar-hash.
• Control UI/Sessions: make the compaction count a compact N Checkpoint(s) disclosure and show expanded session-level details with modern checkpoint history cards across responsive table layouts. Thanks @BunsDev.
• Control UI/performance: keep chat and channel tabs responsive while history payloads and channel probes are slow, label partial channel status, and record slow chat/config render timings in the event log. Thanks @BunsDev.
• Control UI/sessions: fire the documented /new command and lifecycle hooks only for explicit Control UI session creation, restoring session-memory and custom hook capture without changing SDK parent-session creates. Fixes #76957. Thanks @BunsDev.
• Exec approvals: fall back to a guarded copy when Windows rejects rename-overwrite for exec-approvals.json, while preserving symlink, hard-link, and owner-only permission safeguards. Fixes #77785. (#77907) Thanks @Alex-Alaniz and @MilleniumGenAI.
• Slack: preserve Socket Mode SDK error context and structured Slack API fields in reconnect logs, so startup failures no longer collapse to a bare unknown error.
• iOS pairing: allow setup-code and manual ws:// connects for private LAN and .local gateways while keeping Tailscale/public routes on wss://, and prefer explicit gateway passwords over stale bootstrap tokens in mixed-auth reconnects. Fixes #47887; carries forward #65185. Thanks @draix and @BunsDev.
• Plugins/diagnostics: make source-only TypeScript package warnings actionable by explaining that missing compiled runtime output is a publisher packaging issue and pointing users to update/reinstall or disable/uninstall the plugin. Fixes #77835. Thanks @googlerest.
• Control UI/chat: keep persisted assistant progress text visible when the same transcript turn also contains tool-use metadata, so chat.history reloads no longer make those replies vanish after the next user message. Fixes #77374. Thanks @BunsDev.
• TUI: skip the generic CLI respawn wrapper for interactive launches, exit cleanly on terminal loss, and refuse to restore heartbeat sessions as the remembered chat session, preventing stale heartbeat history and orphaned openclaw-tui processes on first boot. Thanks @vincentkoc.
• Doctor/sessions: move heartbeat-poisoned default main session store entries to recovery keys and clear stale TUI restore pointers, so doctor --fix can repair instances already stuck on agent:main:main heartbeat history. Thanks @vincentkoc.
• Agents/context engines: keep hidden OpenClaw runtime-context custom messages out of context-engine assemble, afterTurn, and ingest hooks so transcript reconstruction plugins only see conversation messages. Thanks @vincentkoc.
• Gateway/shutdown: cancel delayed post-ready maintenance during close and suppress maintenance/cron startup after quick restarts, preventing orphaned background timers. Thanks @vincentkoc.
• Agents/generated media: treat attachment-style message tool actions as completed chat sends, preventing duplicate fallback media posts when generated files were already uploaded.
• Control UI/sessions: show each session's agent runtime in the Sessions table and allow filtering by runtime labels, matching the Agents panel runtime wording. Thanks @vincentkoc.
• Discord/streaming: show live reasoning text in progress drafts instead of a bare Reasoning status line.
• Gateway/status: avoid marking fast repeated health/status samples as event-loop degraded from CPU/utilization alone until the Gateway has accumulated a sustained sampling window. Thanks @shakkernerd.
• Plugins/update: keep installed official npm and ClawHub plugins such as Codex, Discord, WhatsApp, and diagnostics plugins synced during host updates even when disabled or previously exact-pinned, while preserving third-party plugin pins. Thanks @vincentkoc.
• Doctor/status: warn when OPENCLAW_GATEWAY_TOKEN would shadow a different active gateway.auth.token source for local CLI commands, while avoiding false positives when config points at the same env token. Fixes #74271. Thanks @yelog.
• Gateway/HTTP: avoid loading managed outgoing-image media handlers for unrelated requests, so disabled OpenAI-compatible routes return 404 without waiting on lazy media sidecars. Thanks @vincentkoc.
• Gateway/OpenAI-compatible: send the assistant role SSE chunk as soon as streaming chat-completion headers are accepted, so cold agent setup cannot leave /v1/chat/completions clients with a bodyless 200 response until their idle timeout fires.
• Agents/media: avoid direct generated-media completion fallback while the announce-agent run is still pending, so async video and music completions do not duplicate raw media messages. (#77754)
• WebChat/Codex media: stage Codex app-server generated local images into managed media before Gateway display, so Codex-home image paths no longer hit LocalMediaAccessError while keeping Codex home out of the display allowlist. Thanks @frankekn.
• TUI/sessions: bound the session picker to recent rows and use exact lookup-style refreshes for the active session, so dusty stores no longer make TUI hydrate weeks-old transcripts before becoming responsive. Thanks @vincentkoc.
• Doctor/gateway: report recent supervisor restart handoffs in openclaw doctor --deep, using the installed service environment when available so service-managed clean exits are visible in guided diagnostics. Thanks @shakkernerd.
• Gateway/status: show recent supervisor restart handoffs in openclaw gateway status --deep, including JSON details, so clean service-managed restarts are reported as restart handoffs instead of opaque stopped-service diagnostics. Thanks @shakkernerd.
• Providers/Fireworks: expose Kimi models as thinking-off-only and keep K2.5/K2.6 requests on thinking: disabled, so manual model switches do not send Fireworks-rejected reasoning* parameters. Refs #74289. Thanks @frankekn.
• WhatsApp responsiveness: stop only verified stale local TUI clients when they degrade the Gateway event loop and delay replies. Thanks @vincentkoc.
• Plugins/update: repair stale managed npm-root openclaw peer packages before plugin installs, so beta-channel official plugin updates are not downgraded by old core package-lock state. Thanks @vincentkoc.
• Plugins/install: reassert managed npm plugin openclaw peer links after shared-root npm installs, updates, and uninstalls, so mutating one plugin does not leave previously installed SDK-using plugins unable to resolve openclaw/plugin-sdk/*.
• Hooks/session-memory: add collision suffixes to fallback memory filenames so repeated /new or /reset captures in the same minute do not overwrite the earlier session archive. Thanks @vincentkoc.
• Agents/config: remove the ambiguous legacy main agent dir helper from runtime paths; model, auth, gateway, bundled plugin, and test helpers now resolve default/session agent dirs through agents.list/agent-scope helpers while plugin SDK keeps a deprecated compatibility export.
• CLI/status: show the selected agent runtime/harness in openclaw status session rows so terminal status matches the /status runtime line. Thanks @vincentkoc.
• CLI/sessions: prune old unreferenced transcript, compaction checkpoint, and trajectory artifacts during normal sessions cleanup, so gateway restart or crash orphans do not accumulate indefinitely outside sessions.json. Fixes #77608. Thanks @slideshow-dingo.
• Doctor/Codex: repair legacy openai-codex/* routes in primary models, fallbacks, heartbeat/subagent/compaction overrides, hooks, channel overrides, and stale session pins to canonical openai/*, selecting agentRuntime.id: "codex" only when the Codex plugin is installed, enabled, contributes the codex harness, and has usable OAuth; otherwise select agentRuntime.id: "pi". Thanks @vincentkoc.
• Plugins/update: keep installed official npm and ClawHub plugins such as Codex, Discord, WhatsApp, and diagnostics plugins synced during host updates even when disabled or previously exact-pinned, while preserving third-party plugin pins. Thanks @vincentkoc.
• Video generation: accept provider-specific aspect-ratio and resolution hints at the tool boundary, normalize 720P to MiniMax's supported 768P, and stop sending Google generateAudio on Gemini video requests so provider fallback can recover from model-specific parameter differences. Thanks @vincentkoc.
• Status: sh...

2026.5.4

Highlights

• Google Meet/Voice Call: make Twilio dial-in joins speak through the realtime Gemini voice bridge with paced audio streaming, backpressure-aware buffering, barge-in queue clearing, and no TwiML fallback during realtime speech, giving Meet participants a much snappier OpenClaw voice agent. (#77064) Thanks @scoootscooob.

Changes

• Gateway/Windows: bind the default loopback gateway listener only to 127.0.0.1 on Windows so libuv's dual-stack ::1 behavior cannot wedge localhost HTTP requests. (#69701, fixes #69674) Thanks @SARAMALI15792.
• Plugins/migration: emit catalog-backed install hints when plugins.entries or plugins.allow references an official external plugin that is not installed, so upgraded configs point operators to openclaw plugins install <spec> instead of telling them to remove valid plugin config. (#77483) Thanks @hclsys.
• OpenAI/Codex media: advertise Codex audio transcription in runtime and manifest metadata and route active Codex chat models to the OpenAI transcription default instead of sending chat model ids to audio transcription. Thanks @vincentkoc.
• Dependencies: refresh runtime and provider packages including Pi 0.73.0, ACPX adapters, OpenAI, Anthropic, Slack, and TypeScript native preview, while keeping the Bedrock runtime installer override pinned below the Windows ARM Node 24 npm resolver failure.
• Agents/performance: pass the resolved workspace through BTW, compaction, embedded-run model generation, and PDF model setup so explicit agent-dir model refreshes can reuse the current workspace-scoped plugin metadata snapshot instead of falling back to cold plugin metadata scans. (#77519, #77532)
• Plugins/performance: let unscoped model catalog and manifest-contract readers reuse the current workspace-compatible plugin metadata snapshot, avoiding repeated cold plugin metadata scans on hot control-plane paths while preserving env/config/workspace compatibility checks. (#77519, #77532)
• Config/plugin auto-enable: prefer the claiming plugin manifest id over a built-in channel alias when auto-allowlisting a configured channel, so WeCom/Yuanbao-style aliases resolve to the installed plugin id. Thanks @Beandon13.
• Secrets/apply: preserve auth-profile keyRef and tokenRef fields when scrubbing provider-target secrets, so the canonical SecretRef metadata survives secrets apply without keeping plaintext values. Thanks @Beandon13.
• Plugins/active-memory: skip session-store channel entries that contain : when resolving the recall subagent's channel, so QQ c2c agent IDs (e.g. c2c:10D4F7C2…) and other scoped conversation IDs do not reach bundled-plugin dirName validation and crash the recall run. The same guard already applied to explicit channelId params (#76704); this extends it to store-derived channels. (#77396) Thanks @hclsys.
• Secrets/external channel contracts: also look in <rootDir>/dist/ when resolving the secret-contract-api sidecar, so npm-published externalized channel plugins (e.g. @openclaw/discord since 2026.5.2) whose compiled artifacts live under dist/ actually contribute their channel SecretRef contracts to the runtime snapshot. Without this, env-backed channels.discord.token SecretRefs silently failed to resolve at gateway start on 2026.5.3, leaving the channel not configured even though #76449 had landed the generic external-contract loader. Thanks @mogglemoss.
• Models/auth: add openclaw models auth list [--provider <id>] [--json] so users can inspect saved per-agent auth profiles without dumping secrets or hitting the old “too many arguments” path. Thanks @vincentkoc.
• Control UI/header: show the active agent name in dashboard breadcrumbs without adding the current session key, keeping non-chat views oriented without crowding the topbar.
• Control UI/cron: make the New Job sidebar collapsible so the jobs list can reclaim space while keeping the form one click away. Thanks @BunsDev.
• Gateway/startup: keep model-catalog test helpers, run-session lookup code, QR pairing helpers, and TypeBox memory-tool schema construction out of hot startup import paths, reducing default gateway benchmark plugin-load and memory pressure.
• Control UI/performance: record browser long animation frame or long task entries in the debug event log when supported, making slow dashboard renders easier to attribute from the UI.
• Slack/streaming: add streaming.progress.render: "rich" for Block Kit progress drafts backed by structured progress line data.
• Slack/streaming: keep the newest rich progress lines when Block Kit limits trim long progress drafts. Thanks @vincentkoc.
• Channels/streaming: cap progress-draft tool lines by default so edited progress boxes avoid jumpy reflow from long wrapped lines.
• Agents/verbose: use compact explain-mode tool summaries for /verbose and progress drafts by default, with agents.defaults.toolProgressDetail: "raw" and per-agent overrides for debugging raw command/detail output.
• Control UI/chat: add an agent-first filter to the chat session picker, keep chat controls/composer responsive across phone/tablet/desktop widths, keep desktop chat controls on one row, avoid duplicate avatar refreshes during initial chat load, and hide that row while scrolling down the transcript. Thanks @BunsDev.
• Control UI/chat: collapse consecutive duplicate text messages into one bubble with a count so no-op heartbeat acknowledgements stay compact without hiding nearby context.
• Agents/subagents: preserve every grouped child result when direct completion fallback has to bypass the requester-agent announce turn. Thanks @vincentkoc.
• TTS/telephony: honor provider voice/model overrides in telephony synthesis providers so Google Meet agent speech logs match the backend that actually produced the audio. Thanks @vincentkoc.
• Voice Call/realtime: bound the paced Twilio audio queue and close overloaded realtime streams before provider audio can pile up behind the websocket backpressure guard. Thanks @vincentkoc.
• Docs: clarify that IRC uses raw TCP/TLS sockets outside operator-managed forward proxy routing, so direct IRC egress should be explicitly approved before enabling IRC. Thanks @jesse-merhi.
• Gateway/performance: defer non-readiness sidecars until after the ready signal, avoid hot-path channel plugin barrel imports, and fast-path trusted bundled plugin metadata during Gateway startup.
• Gateway/performance: avoid importing jiti on native-loadable plugin startup paths, so compiled bundled plugin surfaces do not pay source-transform loader cost unless fallback loading is actually needed.
• Gateway/diagnostics: add startup phase spans, active work labels, stale terminal bridge markers, and default sync-I/O tracing in pnpm gateway:watch so slow Gateway turns are easier to attribute from logs and stability diagnostics.
• Plugins/loader: preserve real compiled plugin module evaluation errors on the native fast path instead of treating every thrown .js module as a source-transform fallback miss. Thanks @vincentkoc.
• QA/Mantis: add pnpm openclaw qa mantis slack-desktop-smoke to run Slack live QA inside a Crabbox VNC desktop, open Slack Web, and capture desktop screenshots beside the Slack QA artifacts.
• QA/Mantis: pass the runtime env through desktop-browser Crabbox and artifact-copy child commands, so embedded Mantis callers can provide Crabbox credentials without mutating the parent process. Thanks @vincentkoc.
• QA/Mantis: return the copied Slack desktop screenshot path even when remote Slack QA fails, so the CLI still prints the failure screenshot artifact. Thanks @vincentkoc.
• QA/Mantis: accept Blacksmith Testbox tbx_... lease ids from desktop smoke warmup, so provider overrides do not fail before inspect/run. Thanks @vincentkoc.
• QA/Codex harness: add targeted live Docker/Testbox diagnostics, auth preflight checks, cache mount fixes, and app-server protocol checkout discovery so maintainer harness failures are easier to reproduce. Thanks @vincentkoc.
• Plugins/update: treat official externalized bundled npm migrations and ClawHub-to-npm fallbacks as trusted source-linked installs, so prerelease-only official plugin packages can migrate from bundled builds without being rejected as unsafe prerelease resolutions. Thanks @vincentkoc.
• Plugins/update: move ClawHub-preferred externalized plugin installs back to ClawHub after an earlier npm fallback once the ClawHub package becomes available. Thanks @vincentkoc.
• Plugins/update: clean stale bundled load paths for already-externalized pinned npm and ClawHub plugin installs, so release-channel sync does not leave removed bundled paths ahead of the installed external package. Thanks @vincentkoc.
• Telegram: accept plugin-owned numeric forum-topic targets in the agent message tool and keep reply-dispatch provider chunks behind a real stable runtime alias during in-place package updates. Fixes #77137. Thanks @richardmqq.
• Google Meet: preserve realtime.introMessage: "" so realtime Chrome joins can stay silent instead of restoring the default spoken intro. Thanks @vincentkoc.
• Plugins/SDK: add bounded before_agent_finalize retry instructions so workflow plugins can request one more model pass. Thanks @100yenadmin.
• Discord/status: add degraded Discord transport and gateway event-loop starvation signals to openclaw channels status, openclaw status --deep, and fetch-timeout logs so intermittent socket resets do not look like a healthy running channel. (#76327) Thanks @joshavant.
• Providers/OpenRouter: add opt-in response caching params that send OpenRouter's X-OpenRouter-Cache, X-OpenRouter-Cache-TTL, and cache-clear headers only on verified OpenRouter routes. Thanks @vincentkoc.
• Providers/OpenRouter: expand app-attribution categories so OpenClaw advertises coding, programming, writing, chat, and personal-agent usage on verified OpenRouter routes. Thanks @vincentkoc.
• Plugins/update: make package upgrades swap pnpm/npm-prefix inst...

2026.5.4

Highlights

• Google Meet/Voice Call: make Twilio dial-in joins speak through the realtime Gemini voice bridge with paced audio streaming, backpressure-aware buffering, barge-in queue clearing, and no TwiML fallback during realtime speech, giving Meet participants a much snappier OpenClaw voice agent. (#77064) Thanks @scoootscooob.

Changes

• Gateway/Windows: bind the default loopback gateway listener only to 127.0.0.1 on Windows so libuv's dual-stack ::1 behavior cannot wedge localhost HTTP requests. (#69701, fixes #69674) Thanks @SARAMALI15792.
• Plugins/migration: emit catalog-backed install hints when plugins.entries or plugins.allow references an official external plugin that is not installed, so upgraded configs point operators to openclaw plugins install <spec> instead of telling them to remove valid plugin config. (#77483) Thanks @hclsys.
• OpenAI/Codex media: advertise Codex audio transcription in runtime and manifest metadata and route active Codex chat models to the OpenAI transcription default instead of sending chat model ids to audio transcription. Thanks @vincentkoc.
• Dependencies: refresh runtime and provider packages including Pi 0.73.0, ACPX adapters, OpenAI, Anthropic, Slack, and TypeScript native preview, while keeping the Bedrock runtime installer override pinned below the Windows ARM Node 24 npm resolver failure.
• Agents/performance: pass the resolved workspace through BTW, compaction, embedded-run model generation, and PDF model setup so explicit agent-dir model refreshes can reuse the current workspace-scoped plugin metadata snapshot instead of falling back to cold plugin metadata scans. (#77519, #77532)
• Plugins/performance: let unscoped model catalog and manifest-contract readers reuse the current workspace-compatible plugin metadata snapshot, avoiding repeated cold plugin metadata scans on hot control-plane paths while preserving env/config/workspace compatibility checks. (#77519, #77532)
• Config/plugin auto-enable: prefer the claiming plugin manifest id over a built-in channel alias when auto-allowlisting a configured channel, so WeCom/Yuanbao-style aliases resolve to the installed plugin id. Thanks @Beandon13.
• Secrets/apply: preserve auth-profile keyRef and tokenRef fields when scrubbing provider-target secrets, so the canonical SecretRef metadata survives secrets apply without keeping plaintext values. Thanks @Beandon13.
• Plugins/active-memory: skip session-store channel entries that contain : when resolving the recall subagent's channel, so QQ c2c agent IDs (e.g. c2c:10D4F7C2…) and other scoped conversation IDs do not reach bundled-plugin dirName validation and crash the recall run. The same guard already applied to explicit channelId params (#76704); this extends it to store-derived channels. (#77396) Thanks @hclsys.
• Secrets/external channel contracts: also look in <rootDir>/dist/ when resolving the secret-contract-api sidecar, so npm-published externalized channel plugins (e.g. @openclaw/discord since 2026.5.2) whose compiled artifacts live under dist/ actually contribute their channel SecretRef contracts to the runtime snapshot. Without this, env-backed channels.discord.token SecretRefs silently failed to resolve at gateway start on 2026.5.3, leaving the channel not configured even though #76449 had landed the generic external-contract loader. Thanks @mogglemoss.
• Models/auth: add openclaw models auth list [--provider <id>] [--json] so users can inspect saved per-agent auth profiles without dumping secrets or hitting the old “too many arguments” path. Thanks @vincentkoc.
• Control UI/header: show the active agent name in dashboard breadcrumbs without adding the current session key, keeping non-chat views oriented without crowding the topbar.
• Control UI/cron: make the New Job sidebar collapsible so the jobs list can reclaim space while keeping the form one click away. Thanks @BunsDev.
• Gateway/startup: keep model-catalog test helpers, run-session lookup code, QR pairing helpers, and TypeBox memory-tool schema construction out of hot startup import paths, reducing default gateway benchmark plugin-load and memory pressure.
• Control UI/performance: record browser long animation frame or long task entries in the debug event log when supported, making slow dashboard renders easier to attribute from the UI.
• Slack/streaming: add streaming.progress.render: "rich" for Block Kit progress drafts backed by structured progress line data.
• Slack/streaming: keep the newest rich progress lines when Block Kit limits trim long progress drafts. Thanks @vincentkoc.
• Channels/streaming: cap progress-draft tool lines by default so edited progress boxes avoid jumpy reflow from long wrapped lines.
• Agents/verbose: use compact explain-mode tool summaries for /verbose and progress drafts by default, with agents.defaults.toolProgressDetail: "raw" and per-agent overrides for debugging raw command/detail output.
• Control UI/chat: add an agent-first filter to the chat session picker, keep chat controls/composer responsive across phone/tablet/desktop widths, keep desktop chat controls on one row, avoid duplicate avatar refreshes during initial chat load, and hide that row while scrolling down the transcript. Thanks @BunsDev.
• Control UI/chat: collapse consecutive duplicate text messages into one bubble with a count so no-op heartbeat acknowledgements stay compact without hiding nearby context.
• Agents/subagents: preserve every grouped child result when direct completion fallback has to bypass the requester-agent announce turn. Thanks @vincentkoc.
• TTS/telephony: honor provider voice/model overrides in telephony synthesis providers so Google Meet agent speech logs match the backend that actually produced the audio. Thanks @vincentkoc.
• Voice Call/realtime: bound the paced Twilio audio queue and close overloaded realtime streams before provider audio can pile up behind the websocket backpressure guard. Thanks @vincentkoc.
• Docs: clarify that IRC uses raw TCP/TLS sockets outside operator-managed forward proxy routing, so direct IRC egress should be explicitly approved before enabling IRC. Thanks @jesse-merhi.
• Gateway/performance: defer non-readiness sidecars until after the ready signal, avoid hot-path channel plugin barrel imports, and fast-path trusted bundled plugin metadata during Gateway startup.
• Gateway/performance: avoid importing jiti on native-loadable plugin startup paths, so compiled bundled plugin surfaces do not pay source-transform loader cost unless fallback loading is actually needed.
• Gateway/diagnostics: add startup phase spans, active work labels, stale terminal bridge markers, and default sync-I/O tracing in pnpm gateway:watch so slow Gateway turns are easier to attribute from logs and stability diagnostics.
• Plugins/loader: preserve real compiled plugin module evaluation errors on the native fast path instead of treating every thrown .js module as a source-transform fallback miss. Thanks @vincentkoc.
• QA/Mantis: add pnpm openclaw qa mantis slack-desktop-smoke to run Slack live QA inside a Crabbox VNC desktop, open Slack Web, and capture desktop screenshots beside the Slack QA artifacts.
• QA/Mantis: pass the runtime env through desktop-browser Crabbox and artifact-copy child commands, so embedded Mantis callers can provide Crabbox credentials without mutating the parent process. Thanks @vincentkoc.
• QA/Mantis: return the copied Slack desktop screenshot path even when remote Slack QA fails, so the CLI still prints the failure screenshot artifact. Thanks @vincentkoc.
• QA/Mantis: accept Blacksmith Testbox tbx_... lease ids from desktop smoke warmup, so provider overrides do not fail before inspect/run. Thanks @vincentkoc.
• QA/Codex harness: add targeted live Docker/Testbox diagnostics, auth preflight checks, cache mount fixes, and app-server protocol checkout discovery so maintainer harness failures are easier to reproduce. Thanks @vincentkoc.
• Plugins/update: treat official externalized bundled npm migrations and ClawHub-to-npm fallbacks as trusted source-linked installs, so prerelease-only official plugin packages can migrate from bundled builds without being rejected as unsafe prerelease resolutions. Thanks @vincentkoc.
• Plugins/update: move ClawHub-preferred externalized plugin installs back to ClawHub after an earlier npm fallback once the ClawHub package becomes available. Thanks @vincentkoc.
• Plugins/update: clean stale bundled load paths for already-externalized pinned npm and ClawHub plugin installs, so release-channel sync does not leave removed bundled paths ahead of the installed external package. Thanks @vincentkoc.
• Telegram: accept plugin-owned numeric forum-topic targets in the agent message tool and keep reply-dispatch provider chunks behind a real stable runtime alias during in-place package updates. Fixes #77137. Thanks @richardmqq.
• Google Meet: preserve realtime.introMessage: "" so realtime Chrome joins can stay silent instead of restoring the default spoken intro. Thanks @vincentkoc.
• Plugins/SDK: add bounded before_agent_finalize retry instructions so workflow plugins can request one more model pass. Thanks @100yenadmin.
• Discord/status: add degraded Discord transport and gateway event-loop starvation signals to openclaw channels status, openclaw status --deep, and fetch-timeout logs so intermittent socket resets do not look like a healthy running channel. (#76327) Thanks @joshavant.
• Providers/OpenRouter: add opt-in response caching params that send OpenRouter's X-OpenRouter-Cache, X-OpenRouter-Cache-TTL, and cache-clear headers only on verified OpenRouter routes. Thanks @vincentkoc.
• Providers/OpenRouter: expand app-attribution categories so OpenClaw advertises coding, programming, writing, chat, and personal-agent usage on verified OpenRouter routes. Thanks @vincentkoc.
• Plugins/update: make package upgrades swap pnpm/npm-prefix inst...

2026.5.4

Highlights

• Google Meet/Voice Call: make Twilio dial-in joins speak through the realtime Gemini voice bridge with paced audio streaming, backpressure-aware buffering, barge-in queue clearing, and no TwiML fallback during realtime speech, giving Meet participants a much snappier OpenClaw voice agent. (#77064) Thanks @scoootscooob.

Changes

• Plugins/migration: emit catalog-backed install hints when plugins.entries or plugins.allow references an official external plugin that is not installed, so upgraded configs point operators to openclaw plugins install <spec> instead of telling them to remove valid plugin config. (#77483) Thanks @hclsys.
• OpenAI/Codex media: advertise Codex audio transcription in runtime and manifest metadata and route active Codex chat models to the OpenAI transcription default instead of sending chat model ids to audio transcription. Thanks @vincentkoc.
• Dependencies: refresh runtime and provider packages including Pi 0.73.0, ACPX adapters, OpenAI, Anthropic, Slack, and TypeScript native preview, while keeping the Bedrock runtime installer override pinned below the Windows ARM Node 24 npm resolver failure.
• Agents/performance: pass the resolved workspace through BTW, compaction, embedded-run model generation, and PDF model setup so explicit agent-dir model refreshes can reuse the current workspace-scoped plugin metadata snapshot instead of falling back to cold plugin metadata scans. (#77519, #77532)
• Plugins/performance: let unscoped model catalog and manifest-contract readers reuse the current workspace-compatible plugin metadata snapshot, avoiding repeated cold plugin metadata scans on hot control-plane paths while preserving env/config/workspace compatibility checks. (#77519, #77532)
• Config/plugin auto-enable: prefer the claiming plugin manifest id over a built-in channel alias when auto-allowlisting a configured channel, so WeCom/Yuanbao-style aliases resolve to the installed plugin id. Thanks @Beandon13.
• Secrets/apply: preserve auth-profile keyRef and tokenRef fields when scrubbing provider-target secrets, so the canonical SecretRef metadata survives secrets apply without keeping plaintext values. Thanks @Beandon13.
• Plugins/active-memory: skip session-store channel entries that contain : when resolving the recall subagent's channel, so QQ c2c agent IDs (e.g. c2c:10D4F7C2…) and other scoped conversation IDs do not reach bundled-plugin dirName validation and crash the recall run. The same guard already applied to explicit channelId params (#76704); this extends it to store-derived channels. (#77396) Thanks @hclsys.
• Secrets/external channel contracts: also look in <rootDir>/dist/ when resolving the secret-contract-api sidecar, so npm-published externalized channel plugins (e.g. @openclaw/discord since 2026.5.2) whose compiled artifacts live under dist/ actually contribute their channel SecretRef contracts to the runtime snapshot. Without this, env-backed channels.discord.token SecretRefs silently failed to resolve at gateway start on 2026.5.3, leaving the channel not configured even though #76449 had landed the generic external-contract loader. Thanks @mogglemoss.
• Models/auth: add openclaw models auth list [--provider <id>] [--json] so users can inspect saved per-agent auth profiles without dumping secrets or hitting the old “too many arguments” path. Thanks @vincentkoc.
• Control UI/header: show the active agent name in dashboard breadcrumbs without adding the current session key, keeping non-chat views oriented without crowding the topbar.
• Control UI/cron: make the New Job sidebar collapsible so the jobs list can reclaim space while keeping the form one click away. Thanks @BunsDev.
• Gateway/startup: keep model-catalog test helpers, run-session lookup code, QR pairing helpers, and TypeBox memory-tool schema construction out of hot startup import paths, reducing default gateway benchmark plugin-load and memory pressure.
• Control UI/performance: record browser long animation frame or long task entries in the debug event log when supported, making slow dashboard renders easier to attribute from the UI.
• Slack/streaming: add streaming.progress.render: "rich" for Block Kit progress drafts backed by structured progress line data.
• Slack/streaming: keep the newest rich progress lines when Block Kit limits trim long progress drafts. Thanks @vincentkoc.
• Channels/streaming: cap progress-draft tool lines by default so edited progress boxes avoid jumpy reflow from long wrapped lines.
• Agents/verbose: use compact explain-mode tool summaries for /verbose and progress drafts by default, with agents.defaults.toolProgressDetail: "raw" and per-agent overrides for debugging raw command/detail output.
• Control UI/chat: add an agent-first filter to the chat session picker, keep chat controls/composer responsive across phone/tablet/desktop widths, keep desktop chat controls on one row, avoid duplicate avatar refreshes during initial chat load, and hide that row while scrolling down the transcript. Thanks @BunsDev.
• Control UI/chat: collapse consecutive duplicate text messages into one bubble with a count so no-op heartbeat acknowledgements stay compact without hiding nearby context.
• Agents/subagents: preserve every grouped child result when direct completion fallback has to bypass the requester-agent announce turn. Thanks @vincentkoc.
• TTS/telephony: honor provider voice/model overrides in telephony synthesis providers so Google Meet agent speech logs match the backend that actually produced the audio. Thanks @vincentkoc.
• Voice Call/realtime: bound the paced Twilio audio queue and close overloaded realtime streams before provider audio can pile up behind the websocket backpressure guard. Thanks @vincentkoc.
• Docs: clarify that IRC uses raw TCP/TLS sockets outside operator-managed forward proxy routing, so direct IRC egress should be explicitly approved before enabling IRC. Thanks @jesse-merhi.
• Gateway/performance: defer non-readiness sidecars until after the ready signal, avoid hot-path channel plugin barrel imports, and fast-path trusted bundled plugin metadata during Gateway startup.
• Gateway/performance: avoid importing jiti on native-loadable plugin startup paths, so compiled bundled plugin surfaces do not pay source-transform loader cost unless fallback loading is actually needed.
• Gateway/diagnostics: add startup phase spans, active work labels, stale terminal bridge markers, and default sync-I/O tracing in pnpm gateway:watch so slow Gateway turns are easier to attribute from logs and stability diagnostics.
• Plugins/loader: preserve real compiled plugin module evaluation errors on the native fast path instead of treating every thrown .js module as a source-transform fallback miss. Thanks @vincentkoc.
• QA/Mantis: add pnpm openclaw qa mantis slack-desktop-smoke to run Slack live QA inside a Crabbox VNC desktop, open Slack Web, and capture desktop screenshots beside the Slack QA artifacts.
• QA/Mantis: pass the runtime env through desktop-browser Crabbox and artifact-copy child commands, so embedded Mantis callers can provide Crabbox credentials without mutating the parent process. Thanks @vincentkoc.
• QA/Mantis: return the copied Slack desktop screenshot path even when remote Slack QA fails, so the CLI still prints the failure screenshot artifact. Thanks @vincentkoc.
• QA/Mantis: accept Blacksmith Testbox tbx_... lease ids from desktop smoke warmup, so provider overrides do not fail before inspect/run. Thanks @vincentkoc.
• QA/Codex harness: add targeted live Docker/Testbox diagnostics, auth preflight checks, cache mount fixes, and app-server protocol checkout discovery so maintainer harness failures are easier to reproduce. Thanks @vincentkoc.
• Plugins/update: treat official externalized bundled npm migrations and ClawHub-to-npm fallbacks as trusted source-linked installs, so prerelease-only official plugin packages can migrate from bundled builds without being rejected as unsafe prerelease resolutions. Thanks @vincentkoc.
• Plugins/update: move ClawHub-preferred externalized plugin installs back to ClawHub after an earlier npm fallback once the ClawHub package becomes available. Thanks @vincentkoc.
• Plugins/update: clean stale bundled load paths for already-externalized pinned npm and ClawHub plugin installs, so release-channel sync does not leave removed bundled paths ahead of the installed external package. Thanks @vincentkoc.
• Telegram: accept plugin-owned numeric forum-topic targets in the agent message tool and keep reply-dispatch provider chunks behind a real stable runtime alias during in-place package updates. Fixes #77137. Thanks @richardmqq.
• Google Meet: preserve realtime.introMessage: "" so realtime Chrome joins can stay silent instead of restoring the default spoken intro. Thanks @vincentkoc.
• Plugins/SDK: add bounded before_agent_finalize retry instructions so workflow plugins can request one more model pass. Thanks @100yenadmin.
• Discord/status: add degraded Discord transport and gateway event-loop starvation signals to openclaw channels status, openclaw status --deep, and fetch-timeout logs so intermittent socket resets do not look like a healthy running channel. (#76327) Thanks @joshavant.
• Providers/OpenRouter: add opt-in response caching params that send OpenRouter's X-OpenRouter-Cache, X-OpenRouter-Cache-TTL, and cache-clear headers only on verified OpenRouter routes. Thanks @vincentkoc.
• Providers/OpenRouter: expand app-attribution categories so OpenClaw advertises coding, programming, writing, chat, and personal-agent usage on verified OpenRouter routes. Thanks @vincentkoc.
• Plugins/update: make package upgrades swap pnpm/npm-prefix installs cleanly, keep legacy plugin install runtime chunks working, and on the beta channel fall back default-line npm plugins to default/latest when plugin beta releases are missing or fail install validation. Thanks...

2026.5.4

Highlights

• Plugins/file-transfer: add bundled file-transfer plugin with file_fetch, dir_list, dir_fetch, and file_write agent tools for binary file ops on paired nodes; default-deny per-node path policy under plugins.entries.file-transfer.config.nodes with operator approval, symlink traversal refused by default (opt-in followSymlinks), and a 16 MB byte ceiling per round-trip. (#74742) Thanks @omarshahine.
• Google Meet/Voice Call: make Twilio dial-in joins speak through the realtime Gemini voice bridge with paced audio streaming, backpressure-aware buffering, barge-in queue clearing, and no TwiML fallback during realtime speech, giving Meet participants a much snappier OpenClaw voice agent. (#77064) Thanks @scoootscooob.

Changes

• Control UI/header: show the active agent name in dashboard breadcrumbs without adding the current session key, keeping non-chat views oriented without crowding the topbar.
• Control UI/cron: make the New Job sidebar collapsible so the jobs list can reclaim space while keeping the form one click away. Thanks @BunsDev.
• Gateway/startup: keep model-catalog test helpers, run-session lookup code, QR pairing helpers, and TypeBox memory-tool schema construction out of hot startup import paths, reducing default gateway benchmark plugin-load and memory pressure.
• Control UI/performance: record browser long animation frame or long task entries in the debug event log when supported, making slow dashboard renders easier to attribute from the UI.
• Channels/streaming: add unified streaming.mode: "progress" drafts with auto single-word status labels and shared progress configuration across Discord, Telegram, Matrix, Slack, and Microsoft Teams.
• Slack/streaming: add streaming.progress.render: "rich" for Block Kit progress drafts backed by structured progress line data.
• Slack/streaming: keep the newest rich progress lines when Block Kit limits trim long progress drafts. Thanks @vincentkoc.
• Channels/streaming: cap progress-draft tool lines by default so edited progress boxes avoid jumpy reflow from long wrapped lines.
• Agents/verbose: use compact explain-mode tool summaries for /verbose and progress drafts by default, with agents.defaults.toolProgressDetail: "raw" and per-agent overrides for debugging raw command/detail output.
• Agents/commands: add /steer <message> for queue-independent steering of the active current-session run without starting a new turn when the session is idle. (#76934)
• Control UI/chat: add an agent-first filter to the chat session picker, keep chat controls/composer responsive across phone/tablet/desktop widths, keep desktop chat controls on one row, avoid duplicate avatar refreshes during initial chat load, and hide that row while scrolling down the transcript. Thanks @BunsDev.
• Control UI/chat: collapse consecutive duplicate text messages into one bubble with a count so no-op heartbeat acknowledgements stay compact without hiding nearby context.
• Agents/subagents: preserve every grouped child result when direct completion fallback has to bypass the requester-agent announce turn. Thanks @vincentkoc.
• TTS/telephony: honor provider voice/model overrides in telephony synthesis providers so Google Meet agent speech logs match the backend that actually produced the audio. Thanks @vincentkoc.
• Voice Call/realtime: bound the paced Twilio audio queue and close overloaded realtime streams before provider audio can pile up behind the websocket backpressure guard. Thanks @vincentkoc.
• Tools/BTW: add /side as a text and native slash-command alias for /btw side questions.
• Doctor/config: doctor --fix now commits safe legacy migrations even when unrelated validation issues (e.g. a missing plugin) prevent full validation from passing, so agents.defaults.llm and other known-legacy keys are always cleaned up by doctor --fix regardless of other config problems. Fixes #76798. (#76800) Thanks @hclsys.
• Docs: clarify that IRC uses raw TCP/TLS sockets outside operator-managed forward proxy routing, so direct IRC egress should be explicitly approved before enabling IRC. Thanks @jesse-merhi.
• Agents/tools: skip optional media and PDF tool factories when the effective tool denylist already blocks them, avoiding unnecessary hot-path setup for tools that will be filtered out before model use. (#76773) Thanks @dorukardahan.
• Discord/status: let explicit reaction tool calls opt into tracking subsequent tool progress on the reacted message with trackToolCalls: true, and use the shared tool display emoji table for status reactions.
• Gateway/config: stop Gateway startup and hot reload from auto-restoring invalid config; invalid config now fails closed and openclaw doctor --fix owns last-known-good repair.
• Gateway/performance: lazy-load early runtime discovery and shutdown-hook helpers, defer maintenance timers until after readiness, and trim duplicate plugin auto-enable work during Gateway startup.
• Gateway/performance: defer non-readiness sidecars until after the ready signal, avoid hot-path channel plugin barrel imports, and fast-path trusted bundled plugin metadata during Gateway startup.
• Gateway/performance: avoid importing jiti on native-loadable plugin startup paths, so compiled bundled plugin surfaces do not pay source-transform loader cost unless fallback loading is actually needed.
• Plugins/loader: preserve real compiled plugin module evaluation errors on the native fast path instead of treating every thrown .js module as a source-transform fallback miss. Thanks @vincentkoc.
• QA/Mantis: add a pnpm openclaw qa mantis discord-smoke runner and manual GitHub workflow that verify the Mantis Discord bot can see the configured guild/channel, post a smoke message, add a reaction, and upload artifacts.
• QA/Mantis: add pnpm openclaw qa mantis slack-desktop-smoke to run Slack live QA inside a Crabbox VNC desktop, open Slack Web, and capture desktop screenshots beside the Slack QA artifacts.
• QA/Mantis: pass the runtime env through desktop-browser Crabbox and artifact-copy child commands, so embedded Mantis callers can provide Crabbox credentials without mutating the parent process. Thanks @vincentkoc.
• QA/Mantis: return the copied Slack desktop screenshot path even when remote Slack QA fails, so the CLI still prints the failure screenshot artifact. Thanks @vincentkoc.
• QA/Mantis: accept Blacksmith Testbox tbx_... lease ids from desktop smoke warmup, so provider overrides do not fail before inspect/run. Thanks @vincentkoc.
• QA/Slack: add a Slack live transport QA runner with canary and mention-gating coverage for the private bot-to-bot harness. Thanks @vincentkoc.
• Gateway/performance: lazy-load the heavy cron runtime after the rest of Gateway startup, defer restart-sentinel refresh after readiness, and let the Gateway startup benchmark write per-run V8 CPU profiles with --cpu-prof-dir.
• Gateway/performance: keep raw channel-config schema parsing from discovering bundled plugin runtime metadata, and add pnpm gateway:watch --benchmark-no-force for profiling startup without the default port cleanup.
• Plugins/onboarding: let Manual setup install optional official plugins, including ClawHub-backed diagnostics with npm fallback, and expose the external Codex plugin as a selectable provider setup choice. Thanks @vincentkoc.
• Plugins/update: treat official externalized bundled npm migrations and ClawHub-to-npm fallbacks as trusted source-linked installs, so prerelease-only official plugin packages can migrate from bundled builds without being rejected as unsafe prerelease resolutions. Thanks @vincentkoc.
• Plugins/update: move ClawHub-preferred externalized plugin installs back to ClawHub after an earlier npm fallback once the ClawHub package becomes available. Thanks @vincentkoc.
• Plugins/update: clean stale bundled load paths for already-externalized pinned npm and ClawHub plugin installs, so release-channel sync does not leave removed bundled paths ahead of the installed external package. Thanks @vincentkoc.
• Plugins/CLI: include package dependency install state in openclaw plugins list --json so scripts can spot missing plugin dependencies without runtime-loading plugins.
• Telegram: accept plugin-owned numeric forum-topic targets in the agent message tool and keep reply-dispatch provider chunks behind a real stable runtime alias during in-place package updates. Fixes #77137. Thanks @richardmqq.
• Google Meet: preserve realtime.introMessage: "" so realtime Chrome joins can stay silent instead of restoring the default spoken intro. Thanks @vincentkoc.
• Discord/status: add degraded Discord transport and gateway event-loop starvation signals to openclaw channels status, openclaw status --deep, and fetch-timeout logs so intermittent socket resets do not look like a healthy running channel. (#76327) Thanks @joshavant.
• Providers/OpenRouter: add opt-in response caching params that send OpenRouter's X-OpenRouter-Cache, X-OpenRouter-Cache-TTL, and cache-clear headers only on verified OpenRouter routes. Thanks @vincentkoc.
• Providers/OpenRouter: expand app-attribution categories so OpenClaw advertises coding, programming, writing, chat, and personal-agent usage on verified OpenRouter routes. Thanks @vincentkoc.
• Plugins/update: on the beta OpenClaw update channel, default-line npm and ClawHub plugin updates try @beta first and fall back to default/latest when no plugin beta release exists.
• Channels/WhatsApp: support explicit WhatsApp Channel/Newsletter @newsletter outbound message targets with channel session metadata instead of DM routing. Fixes #13417; carries forward the narrow outbound target idea from #13424. Thanks @vincentkoc and @agentz-manfred.
• Exec approvals: add a tree-sitter-backed shell command explainer for future approval and command-review surfaces. (#75004) Thanks @jesse-merhi.
• Agents/sandbox: store sandbox container and browser registry entries as per-runtime sha...

Core npm hotfix release for v2026.5.3.

• Plugins/security: stop the install scanner from blocking official bundled plugin packages when process.env access and normal API sends only appear in distant parts of the same compiled bundle.

Published core npm package: openclaw@2026.5.3-1 on the beta dist-tag.

Highlights

• Plugins/file-transfer: add bundled file-transfer plugin with file_fetch, dir_list, dir_fetch, and file_write agent tools for binary file ops on paired nodes; default-deny per-node path policy under plugins.entries.file-transfer.config.nodes with operator approval, symlink traversal refused by default (opt-in followSymlinks), and a 16 MB byte ceiling per round-trip. (#74742) Thanks @omarshahine.
• Plugins/install: harden official plugin install, uninstall, update, onboarding, ClawHub fallback, npm dependency-state reporting, and beta-channel update paths so externalized plugins behave like first-class package installs.
• Gateway/performance: trim startup and Control UI hot paths by lazy-loading plugin/runtime discovery, cron, schema, shutdown, sessions, and model metadata work only when needed.
• Channels/replies: improve Discord status reactions and degraded transport reporting, add WhatsApp Channel/Newsletter targets, and tighten Telegram, Feishu, Matrix, Microsoft Teams, and Slack delivery/recovery behavior.
• Install/update: recover broken macOS LaunchAgent upgrades, reject source-only plugin packages before runtime load, and repair stale Gateway/plugin state during updates and doctor runs.
• Agent/runtime reliability: preserve streamed provider replies, delayed A2A session replies, prompt/tool delivery, memory recall, web search provider discovery, and provider-specific thinking/model metadata across common edge cases.

Changes

• Channels/streaming: add unified streaming.mode: "progress" drafts with auto single-word status labels and shared progress configuration across Discord, Telegram, Matrix, Slack, and Microsoft Teams.
• Agents/commands: add /steer <message> for queue-independent steering of the active current-session run without starting a new turn when the session is idle. (#76934)
• Tools/BTW: add /side as a text and native slash-command alias for /btw side questions.
• Doctor/config: doctor --fix now commits safe legacy migrations even when unrelated validation issues (e.g. a missing plugin) prevent full validation from passing, so agents.defaults.llm and other known-legacy keys are always cleaned up by doctor --fix regardless of other config problems. Fixes #76798. (#76800) Thanks @hclsys.
• Agents/tools: skip optional media and PDF tool factories when the effective tool denylist already blocks them, avoiding unnecessary hot-path setup for tools that will be filtered out before model use. (#76773) Thanks @dorukardahan.
• Discord/status: let explicit reaction tool calls opt into tracking subsequent tool progress on the reacted message with trackToolCalls: true, and use the shared tool display emoji table for status reactions.
• Gateway/config: stop Gateway startup and hot reload from auto-restoring invalid config; invalid config now fails closed and openclaw doctor --fix owns last-known-good repair.
• Gateway/performance: lazy-load early runtime discovery and shutdown-hook helpers, defer maintenance timers until after readiness, and trim duplicate plugin auto-enable work during Gateway startup.
• QA/Mantis: add a pnpm openclaw qa mantis discord-smoke runner and manual GitHub workflow that verify the Mantis Discord bot can see the configured guild/channel, post a smoke message, add a reaction, and upload artifacts.
• QA/Slack: add a Slack live transport QA runner with canary and mention-gating coverage for the private bot-to-bot harness. Thanks @vincentkoc.
• Plugins/onboarding: let Manual setup install optional official plugins, including ClawHub-backed diagnostics with npm fallback, and expose the external Codex plugin as a selectable provider setup choice. Thanks @vincentkoc.
• Plugins/CLI/update: include package dependency install state in openclaw plugins list --json, trust official externalized npm migrations, clean stale bundled load paths for externalized installs, try plugin @beta updates first on the beta OpenClaw channel, and fall back to default/latest when no plugin beta release exists.
• Plugins/ClawHub: annotate 429 errors with reset windows and unauthenticated higher-rate-limit hints, so operators can tell when downloads recover and when signing in helps. Thanks @RomneyDa.
• Gateway/performance: lazy-load early runtime discovery, shutdown hooks, cron, channel-config schema metadata, restart sentinels, and maintenance timers after readiness; trim duplicate plugin auto-enable work and add startup CPU/profile controls.
• Gateway/config: stop Gateway startup and hot reload from auto-restoring invalid config; invalid config now fails closed and openclaw doctor --fix owns last-known-good repair.
• Discord/status: let explicit reaction tool calls opt into tracking later tool progress with trackToolCalls: true, share tool display emoji mapping, and surface degraded Discord transport or gateway event-loop starvation in status output. (#76327) Thanks @joshavant.
• Channels/WhatsApp: support explicit WhatsApp Channel/Newsletter @newsletter outbound message targets with channel session metadata instead of DM routing. Fixes #13417; carries forward the narrow outbound target idea from #13424. Thanks @vincentkoc and @agentz-manfred.
• Agents/tools: skip optional media and PDF tool factories when the effective tool denylist already blocks them, avoiding unnecessary hot-path setup for tools that will be filtered out before model use. (#76773) Thanks @dorukardahan.
• Agents/sandbox: store sandbox container and browser registry entries as per-runtime shard files, reducing unrelated session lock contention while openclaw doctor --fix migrates legacy monolithic registry files. (#74831) Thanks @luckylhb90.
• Tools/BTW: add /side as a text and native slash-command alias for /btw side questions.
• Exec approvals: add a tree-sitter-backed shell command explainer for future approval and command-review surfaces. (#75004) Thanks @jesse-merhi.
• QA/Mantis: add a pnpm openclaw qa mantis discord-smoke runner and manual GitHub workflow that verify the Mantis Discord bot can see the configured guild/channel, post a smoke message, add a reaction, and upload artifacts.

Fixes

• Channels/WhatsApp: allow @whiskeysockets/libsignal-node in onlyBuiltDependencies so pnpm v9+ blockExoticSubdeps no longer rejects the baileys git-tarball subdep and silences all inbound agent replies. Fixes #76539. Thanks @ottodeng and @vincentkoc.
• Gateway/systemd: preserve operator-added secrets in the Gateway env file across re-stage while clearing OpenClaw-managed keys (such as OPENCLAW_GATEWAY_TOKEN) so a fresh staging value is never shadowed by a stale env-file copy; operator secrets are also retained when the state-dir .env is empty. Fixes #76860. Thanks @hclsys.
• Plugin updates: do not short-circuit trusted official npm updates as unchanged when the default/latest spec still resolves to an already-installed prerelease that the installer should replace with a stable fallback. Thanks @vincentkoc.
• Plugin tools: keep auth-unavailable optional tools hidden even when another default tool from the same plugin is available and tools.alsoAllow names the optional tool. Thanks @vincentkoc.
• Realtime transcription: report socket closes before provider readiness as closed-before-ready failures instead of mislabeling them as connection timeouts for OpenAI, xAI, and Deepgram streaming transcription. Thanks @vincentkoc.
• OpenAI/Google Meet: fail realtime voice connection attempts when the socket closes before session.updated, avoiding stuck Meet joins waiting on a bridge that never became ready. Thanks @vincentkoc.
• QA/cache: require the full CACHE-OK <suffix> marker before live cache probes stop retrying, so suffix-only prose cannot hide a broken probe response. Thanks @vincentkoc.
• Slack/Matrix: avoid creating blank progress-draft messages when streaming.progress.label=false and progress tool lines are disabled. Thanks @vincentkoc.
• QA/Matrix: keep the mock OpenAI tool-progress provider aligned with exact-marker Matrix prompts so the hardened live preview scenario still forces a deterministic read before final delivery. Thanks @vincentkoc.
• OpenAI/Google Meet: wait for realtime voice session.updated before treating the bridge as connected, so Meet joins do not return with audio queued behind an unconfigured realtime session. Thanks @vincentkoc.
• Plugins/catalog: merge official external catalog descriptors into partial package channel config metadata, so lagging WeCom/Yuanbao manifests keep their own schema while still exposing host-supplied labels and setup text. Thanks @vincentkoc.
• Plugins/catalog: supplement lagging official external WeCom and Yuanbao npm manifests with channel config descriptors and declared tool contracts from the OpenClaw catalog, so trusted package sweeps no longer fail because external package metadata trails the host contract. Thanks @vincentkoc.
• Plugins/install: let trusted official @openclaw/* catalog installs recover when npm latest points at a prerelease by falling back to the newest stable version, or by selecting the newest exact prerelease for prerelease-only launch packages with a warning instead of making beta/development plugin sweeps fail at install time. Thanks @vincentkoc.
• Google Meet: grant Chrome media permissions against the actual Meet tab, start the local realtime audio bridge only after Meet joins, expose realtime transcripts in status/logs, and force explicit audio responses with current OpenAI realtime output-audio events so BlackHole capture does not keep the OpenClaw participant muted or silent.
• Memory/LanceDB: declare apache-arrow in the bundled memory plugin package so LanceDB installs include its runtime peer. Fixes #76910. Thanks @afiqfiles-max.
• CLI/devices: retry explicit device-pair approval with operator.admin after a pairing-scope ownership denial, so existing admin-capable paired-device tokens can recover new Control UI/browser pairing after upgrades instead of re...