Changelog

Track every improvement to OpenClaw. New features, fixes, and platform updates.

v2026.6.6 feature

Security boundaries, safer channel delivery and faster first replies

  • Security boundaries tightened across transcripts, sandbox binds, host environment inheritance, MCP stdio, Codex HTTP access, native search policy, elevated sender checks, loopback tools, Discord moderation and Teams group actions; exec approvals now fail closed on timeout
  • Telegram delivery routes account-scoped topics to the right agent, preserves streamed text through tool calls, supports /compact on generic ingress, shares draft chunking and keeps unauthorized DM text out of cache and prompt context
  • iMessage recovery now covers always-on inbound restart, durable echo markers, block streaming, idle approval discovery, hardened outbound transport and startup diagnostics
  • Browser and MCP connectivity gained existing-session CDP support, discovered WebSocket validation, default-profile cdpUrl handling, Streamable HTTP loopback transport, corrected OAuth/SSE authorization handling and broader schema compatibility
  • Control UI startup and first-reply latency are lower through cached model metadata, removal of startup catalog wait, lazy slash-command loading, first-event tracing and slow-reply diagnostics
  • Provider support expands with OpenRouter OAuth onboarding and Claude Fable 5 adaptive thinking, while Codex compaction ownership, local-model guardian skips, dynamic tool progress and Gemma 4 reasoning replay are steadier
v2026.6.5 feature

Parallel search, MCP materialization and channel reasoning boundaries

  • QQBot strips model reasoning and thinking scaffolding before native delivery so raw thinking content does not leak into channel replies
  • MCP tool results coerce resource_link, resource, audio, malformed image and future non-text/image blocks at the materialization boundary, preventing Anthropic 400s and poisoned session history
  • Anthropic extended-thinking sessions recover after prompt-cache expiry or Gateway restart by waiting for message_start before stream start events
  • Parallel is now a bundled web_search provider with PARALLEL_API_KEY discovery, guarded endpoint handling, cache-safe session ids, onboarding picker support and docs
  • Google Vertex ADC users get static catalog rows and runtime model resolution again, while single-provider cooldown recovery and memory adapter status checks are more reliable
  • ClawHub skills install from GitHub-backed resolved commits with install-policy checks, pinned commit downloads and success telemetry
v2026.6.1 feature

Skill Workshop, Workboard orchestration and Windows Hub installers

  • Agents and CLI-backed runtimes recover more cleanly from interrupted tool calls, stale session bindings, compaction handoffs and media delivery retries
  • Channels and mobile delivery are steadier across Telegram, WhatsApp, iMessage, Slack, Discord, Microsoft Teams, Google Chat, Google Meet and iOS realtime Talk
  • Skill Workshop adds a governed Control UI flow for proposal lists, today actions, revision handoff, searchable file previews, review states, locale coverage and reusable session routing
  • Workboard adds orchestration primitives and agent coordination tools for multi-agent planning and run tracking
  • Provider coverage and model metadata now include MiniMax M3, account OAuth endpoints, Google/Vertex catalog fixes, OpenRouter SQLite model caching, Copilot Claude 1M capabilities, Foundry reasoning alignment and OpenAI response replay guards
  • Windows Hub installers ship for x64 and arm64 with SHA-256 manifests and signed installer promotion evidence
v2026.5.28 feature

Runtime recovery, safer channel delivery and broader provider coverage

  • Agent and Codex runtime recovery is steadier: subagents keep cwd/workspace separation, hook context stays prompt-local, session locks release on timeout abort while live locks survive cleanup, and Codex app-server/helper failures no longer tear down shared runtime state
  • Channel delivery and session identity got safer across outbound plugin hooks, Matrix room ids, iMessage reactions/approvals, Slack final replies, Discord recovered tool warnings, WhatsApp profile auth roots, Telegram polling and Microsoft Teams service URL trust checks
  • Mobile and chat surfaces refreshed: the iOS Pro UI, hosted push relay default, realtime Talk tab playback, WebChat reconnect delivery and session picker now preserve more state across reconnects
  • Browser, channel and automation inputs are stricter: tool timeouts, viewport/tab indices, ports, cron retry handling and channel progress callbacks reject malformed values earlier and preserve the intended delivery context
  • Provider, media and document coverage expands with Claude Opus 4.8, Fal Krea image schemas, NVIDIA featured models, MiniMax streaming music, encrypted PDF extraction, a GitHub agent runtime and a Codex Supervisor plugin path
v2026.5.27 feature

Security boundaries, core embeddings and Codex app-server reliability

  • Stronger security and content boundaries: untrusted group prompt text is kept out of system prompts, side-effecting command wrappers and unsafe Node runtime env overrides are blocked, and node/device-role approvals now require admin authority
  • Added a core -compatible embedding provider for local and hosted -style endpoints, with config, doctor and docs support
  • More reliable Codex app-server runs: shared app-server clients survive startup and spawned-helper failures, and native hook relay generations survive restarts and rotate on fresh fallbacks
  • Broader provider coverage: DeepInfra full catalog browsing, the Pixverse video generation provider with API region selection, wired VLLM thinking params and bare direct Anthropic model ids
  • Steadier channel delivery across durable Telegram sends, Slack late-cleanup final replies, stricter Matrix mention handling and tighter Discord guild requester checks
v2026.5.26 feature

Gateway speed, transcript core and safer channel operations

  • Gateway startup avoids repeated plugin, channel, session, usage-cost, warning, scheduled-service and filesystem scans while reducing runtime/session cache churn under load
  • Transcript-backed meeting summaries, source-provider chunks, cleaned user turns, Codex mirrors, WebChat replies and CLI/TUI replay now share a more reliable transcript path
  • Telegram, iMessage, WhatsApp, Discord, Signal and approval reactions gained production-readiness fixes across progress context, media handling, voice playback and model picking
  • Realtime Talk runs can be inspected, steered, cancelled or followed up from Web UI and Discord voice, with more tolerant wake-name handling
  • Browser snapshot reads, system-event text, fetched file text, ClickClack inbound senders, stale device tokens and serialized tool-call text received safer content-boundary handling
v2026.5.22 feature

Gateway startup performance, meeting notes and locked release packages

  • Gateway startup and model-listing hot paths reuse cached channel catalogs, plugin metadata and provider auth state so /models can drop from about 20 s to about 5 ms after warmup
  • Added a source-only external meeting-notes plugin with SDK source-provider contract, auto-start capture config, manual transcript imports and read-only openclaw meeting-notes CLI access
  • Root and OpenClaw-owned npm packages now ship generated shrinkwraps and run package integrity checks before package acceptance lanes
  • Control UI chat session picker added search and Load More pagination so older conversations remain reachable without unbounded initial loads
  • Windows install, update and service paths gained safer command shims, rollback and LaunchAgent handoff fixes
v2026.5.20 feature

Policy plugin, Discord voice follow mode and xAI device login

  • Exec approvals removed the old skill-wrapper allowlist compatibility path so skill files must be loaded through the read tool
  • Discord voice sessions can follow configured Discord users into allowed voice channels with bounded reconciliation and DAVE recovery preservation
  • Realtime voice bootstrap now includes bounded IDENTITY.md, USER.md and SOUL.md profile context by default, with voice.realtime.bootstrapContextFiles available to disable it
  • Added the bundled Policy plugin for channel conformance checks, doctor lint findings and opt-in workspace repair
  • xAI device-code OAuth login supports remote and headless authorization without a localhost browser callback
v2026.5.19 fix

Startup trace attribution, image package args and runtime dependency bumps

  • Docker and Podman image builds added OPENCLAW_IMAGE_APT_PACKAGES while keeping OPENCLAW_DOCKER_APT_PACKAGES as a legacy fallback
  • Gateway/ACPX restart traces now attribute startup probe, config, runtime and resource-count costs
  • Gateway startup overlaps logging and plugin-service startup with channel sidecars while preserving /readyz sidecar gating
  • Updated @openclaw/proxyline to 0.3.3 and Pi packages to 0.75.1
  • Raised the minimum supported Node.js 22 line to 22.19
v2026.5.18 feature

Typed plugin SDK, runtime parity QA and realtime Android voice

  • Added defineToolPlugin plus openclaw plugins build, validate and init for typed simple tool plugins with generated manifest metadata
  • QA-Lab gained runtime parity suites, tool fixture coverage and release-check gates for Codex-vs-Pi drift
  • Android Talk Mode switched to realtime Gateway relay voice sessions with streaming mic input, audio playback and transcripts
  • Gateway restart traces now attribute startup probe, config, runtime and resource-count costs without changing readiness behavior
  • Proxy endpoints can use HTTPS managed forward-proxy routing with scoped proxy.tls.caFile CA trust
  • Docker/Podman added OPENCLAW_IMAGE_APT_PACKAGES while keeping OPENCLAW_DOCKER_APT_PACKAGES as a legacy fallback
v2026.5.12 feature

Telegram polling resilience and externalized provider plugins

  • Telegram ingress moved to an isolated worker with a durable local spool so polling survives main-loop stalls
  • Externalized Amazon Bedrock, Slack, OpenShell sandbox and Anthropic Vertex so installs only pull what you use
  • Sandbox blocks Windows USERPROFILE home roots so credential-bearing binds (.codex, .openclaw, .ssh) are denied
  • Added acp.fallbacks so ACP turns try backup runtime backends before any output is emitted
  • Control UI/WebChat persisted auto-scroll mode selector (follow streaming, near-bottom, or off)
  • Stale long-poll offsets discarded after Telegram bot token rotation so bots no longer silently skip messages
v2026.5.7 fix

Delivery, cron and channel reliability fixes

  • Cron list/show JSON now includes computed job status for external tooling
  • Agent delivery reports failure when an outbound send returns no adapter result
  • Telegram, Discord and WhatsApp routing and authorization fixes
  • Native commands and Active Memory toggles now require the correct admin scope
  • Plugin install/rollback uses a consistent npm lifecycle shell to avoid broken cleanup
v2026.5.6 fix

Codex OAuth routing hotfix

  • Reverted the 2026.5.5 doctor --fix repair that rewrote valid -codex/* OAuth routes
  • Plugin runtime fetch drops third-party header metadata that broke guarded/proxy requests
  • Web fetch bounds dispatcher cleanup so timed-out fetches return tool errors instead of hanging
  • Debug proxy normalizes captured fetch headers before replaying requests
v2026.5.5 fix

Sessions, runtime visibility and provider fixes

  • Sessions, status and Control UI surfaces now show each session agent runtime
  • doctor --fix repairs heartbeat-poisoned default sessions and stale TUI restore pointers
  • xAI Grok Responses models no longer receive unsupported reasoning-effort controls
  • OpenAI-compatible streaming flushes the first chunk so cold setups do not hang clients
  • Control UI chat keeps assistant progress text visible across history reloads
v2026.5.4 feature

Realtime Gemini voice bridge for Google Meet calls

  • Twilio Meet dial-in joins speak through the realtime Gemini voice bridge with paced audio
  • Windows loopback listener binds to 127.0.0.1 to avoid dual-stack localhost stalls
  • Codex audio transcription advertised in runtime/manifest metadata
  • Workspace-scoped plugin metadata reuse trims cold plugin scans on hot paths
  • Refreshed runtime/provider deps including Pi 0.73.0, , Anthropic, Slack and TypeScript

Want the full technical details? Check out the GitHub releases.

View all releases on GitHub →