openclaw v2026.6.6-beta.1 release notes: what's new & changelog

OpenClaw v2026.6.6-beta.1 delivers substantial security boundary tightening, expanded model provider support, and significant performance optimizations for the Control UI and memory indexing.

Key Changes

Security Hardening

Security boundaries have been tightened across multiple surfaces to prevent unauthorized access and execution:

• Host Environment: The host exec sanitizer now blocks request-scoped environment overrides for Rustup toolchains, Git protocol controls, and various interpreter startup/search-path variables (e.g., BASHOPTS, FPATH).
• Sandbox & MCP: Docker sandbox bind sources are now validated to reject parent paths that cover blocked descendants. MCP stdio environment filtering has been hardened to drop inherited config pivot variables while preserving explicit credentials like GITHUB_TOKEN.
• Provider & Tooling: Native web search tool policy is now enforced before enabling provider-native Codex/OpenAI web_search. Codex sandbox HTTP requests are now guarded to reject private or internal HTTP targets.
• Access Control: Discord moderation actions and Microsoft Teams group actions now require trusted requester sender metadata or admin authorization. Telegram DM access enforcement is now applied before dispatch deduplication and prompt-context selection to prevent unauthorized text leaks.

Provider & Model Support

• Claude Fable 5: Added support for Claude Fable 5 across direct Anthropic, Vertex, and Amazon Bedrock catalogs, including adaptive-thinking defaults and refusal handling.
• OpenRouter: Added OpenRouter PKCE OAuth login to the CLI onboarding process.
• Gemma 4: Fixed an issue where Gemma 4 models via openai-completions were losing reasoning_content during multi-turn tool replay.
• OpenAI Realtime: Now requires OpenAI Platform API-key credentials instead of OAuth bearer tokens for Realtime voice.

Performance & UI Improvements

• Control UI Latency: Startup and first-reply latency are reduced through cached model metadata, lazy slash-command loading, and the removal of the startup catalog wait.
• TUI Enhancements: The TUI footer now displays the connection hostname. Runtime plugins are prewarmed before the first send in embedded local mode to eliminate initial submission freezes.
• iOS/iPadOS: The iPad control surface now features a macOS-aligned sidebar and navigation model, with connected surfaces for Workboard and Skill Workshop.

Memory & Indexing

• Batch Embedding: Memory embedding now batches work across dirty files for providers that opt into source-wide batch submission, significantly reducing the number of provider batch jobs.
• Llama.cpp: The local llama.cpp runtime has been moved into a dedicated provider plugin (@openclaw/llama-cpp-provider) to ensure stable native dependency management during updates.
• QMD Search: Fixed a hang where memory search --json with the QMD backend would stay alive due to background sync scheduling.

Impact

Fixed Issues

• iMessage: Resolved a P1 bug where stale backlog messages were dispatched as fresh requests after bridge recovery. Added support for block streaming and hardened outbound transport.
• Telegram: Fixed a bug where answer text emitted between tool calls would disappear during streaming. Restored /compact functionality on generic message ingress.
• WhatsApp: Fixed a failure where captured replies were lost after a ConnectionController restart.
• Discord: Fixed a regression where replies to messages inside existing threads escaped to the channel root.
• Codex: Fixed an issue where budget auto-compaction was short-circuited by the Codex app-server native path.
• Reply Queue: Fixed a race condition where inbound messages could be silently dropped during a burst if the queue was draining an in-flight item.

Breaking Changes

• Exec Approval Timeout: Unanswered exec approval requests now deny by default after the configured timeout. Users who require auto-approval must explicitly configure askFallback in their policy.
• OpenAI Realtime Auth: OAuth-only setups for OpenAI Realtime voice are no longer supported; a Platform API key is now required.
• Local Memory Provider: The local embedding provider is no longer built-in and requires the installation of the @openclaw/llama-cpp-provider plugin.

Upgrade Guide

Migration Steps

1. Local Memory: Users with memorySearch.provider: "local" should run openclaw doctor --fix to install the new @openclaw/llama-cpp-provider plugin.
2. Exec Approvals: If your workflows rely on timeout-based auto-approval, explicitly set askFallback in your exec approvals policy to avoid unexpected denials.
3. Auth Profiles: Ensure you have an openai API-key auth profile configured if you use OpenAI Realtime voice.

FAQ

What's new in v2026.6.6-beta.1? This release delivers tighter security boundaries for host and sandbox environments, support for Claude Fable 5 and OpenRouter OAuth, and performance optimizations for the Control UI and memory indexing.

Are there any breaking changes? Yes. Exec approval timeouts now fail closed (deny) by default, OpenAI Realtime voice now requires API-key auth instead of OAuth, and the local memory provider has been moved to a separate plugin.

How do I upgrade? Upgrade via your package manager and run openclaw doctor --fix to handle the migration of the local memory provider and any stale plugin configurations.