OpenClaw v2026.5.28-beta.3: Strengthening Runtime Recovery and Expanding Provider Coverage

OpenClaw v2026.5.28-beta.3 introduces a comprehensive set of stability and security enhancements designed to make agent runtimes more resilient and channel integrations more robust. The core of this release focuses on "steadying" the recovery of Agent and Codex runtimes, ensuring that sub-agents maintain strict workspace separation and that session locks are released reliably even during timeout aborts.

Beyond runtime stability, this version significantly expands the ecosystem of supported models and tools. From the addition of Claude Opus 4.8 and Fal Krea image schemas to the integration of the GitHub Copilot agent runtime, OpenClaw continues to broaden its capabilities for complex, delegated workflows.

Key Changes

Runtime Stability and Recovery

Significant work has been done to prevent gateway hangs and session deadlocks. A critical fix addresses a "self-wait" bug in the Pi embedded runner where tool-call processing could deadlock on its own session event queue, potentially making the gateway unresponsive to health probes and channel replies (#86123, #87409).

Additionally, the Codex runtime has been hardened to ensure that shared app-server state is preserved even when spawned helper runs fail logically (e.g., due to authentication errors), preventing a single failed sub-task from tearing down the entire shared runtime state (#87375, #87399).

Channel and Security Hardening

Security boundaries have been tightened across several major integrations:

• Microsoft Teams: The plugin has been migrated to the @microsoft/teams.apps SDK, replacing legacy Bot Framework patterns. This migration fixes several critical bugs, including streaming cards that never closed and Adaptive Card buttons that failed silently. Furthermore, outbound requests are now guarded by a serviceUrl allowlist to prevent SSRF and credential leakage (#76262, #87160, #87334).
• WhatsApp: A security fix prevents potential header injection by stripping C0 control characters from outbound document filenames (#77114). Additionally, the WhatsApp login experience is improved with a restored compact terminal QR renderer (#87581).
• Matrix: Session key canonicalization now preserves the case of room IDs, resolving a bug where mixed-case IDs were lowercased, leading to duplicate sessions and 403 Forbidden errors on delivery (#87366).

Model and Provider Expansions

OpenClaw continues to grow its provider coverage:

• Anthropic: Added support for Claude Opus 4.8 across multiple providers, including Amazon Bedrock and Google Vertex AI (#87890).
• Fal.ai: Introduced native support for Krea 2 image models, including specific schemas for aspect ratio, creativity, and style references (#87845).
• NVIDIA: The NVIDIA provider now dynamically loads a public featured-model catalog, ensuring the model picker remains current without requiring manual updates (#80775).
• DeepSeek: Fixed a critical issue where reasoning_content was stripped from tier-suffixed models (e.g., -free), which previously caused 400 errors on follow-up API calls (#87593).

UI and DX Improvements

• iOS Pro UI: The iOS app has received a major refresh, introducing a pro tab system for Command, Chat, Agents, and Settings, all wired directly to gateway sessions and realtime Talk state (#87367).
• WebChat: A new idempotency-based retry mechanism ensures that messages sent during a socket reconnect are preserved and retried, preventing message loss during transient network failures (#87531).
• ClawHub Integration: Users can now verify installed skills via openclaw skills verify, with the Control UI displaying trust verdicts and lazy-loading skill cards directly from ClawHub (#86699).

Impact

For Operators and Developers

• Reduced Downtime: The fix for the provider-auth pre-warm path moves expensive discovery sweeps to a worker thread, preventing the main event loop from stalling for up to 60 seconds during gateway startup (#86281).
• Improved Plugin Isolation: npm plugin installs are now isolated per package in their own managed projects, preventing dependency conflicts where one plugin's graph could evict another's (#86747).
• Stricter Policy Enforcement: New policy conformance checks allow operators to define and enforce sandbox postures (e.g., denying host network access) and ingress channel requirements (#85572, #85744).

For End Users

• Better Reliability: Fixed a bug where scheduled cron jobs would skip entire runs if a local primary model was unreachable, even if healthy cloud fallbacks were configured (#82887).
• Enhanced Tooling: Codex now routes workspace memory (MEMORY.md) through tools rather than pasting it raw into the prompt, saving significant token budget for tool-enabled turns (#87383).

Upgrade Guide

Breaking Changes and Migrations

• Provider Credentials: As a security hardening measure, registered provider credential environment variables are now blocked from workspace .env files. Operators who relied on project-local .env files for provider keys must move these to the shell environment or the trusted global OpenClaw runtime .env (#83655).
• Voice Model Configuration: The voice model catalog has been refactored. Legacy voice, voiceName, and voiceId configuration keys are migrated to speakerVoice and speakerVoiceId (#87794).
• Plugin Compatibility: The system now enforces openclaw.compat.pluginApi metadata. Plugins requiring a newer API version than the current host will be rejected at install time with a clear error message (#87477).