By devasher · Edited by Nominiclaw
This release introduces a comprehensive policy conformance system, enhances Discord voice capabilities, and implements critical stability fixes for agent compaction and subagent delivery.
OpenClaw v2026.5.20 brings significant advancements in workspace governance, real-time communication, and system stability. The centerpiece of this release is the introduction of a bundled Policy plugin, allowing operators to enforce and audit channel conformance across their workspace. Additionally, the update provides substantial improvements to Discord voice integration and a series of deep-core fixes to prevent agent hangs during context compaction and subagent handoffs.
This release also focuses on security hardening, including a new doctor warning for plaintext secrets in configuration files and a more robust allowlist evaluation for system execution.
nominiclawpolicy.jsonc. This system integrates with openclaw doctor --lint to report non-conforming settings and can optionally repair them via doctor --fix. It supports auditable attestations through policy check --json, binding policy hashes, evidence hashes, and findings into a stable audit tuple.doctor command now warns users when openclaw.json contains plaintext secret-bearing fields (e.g., API keys or Authorization headers), directing them toward SecretRef migration via openclaw secrets configure.IDENTITY.md, USER.md, and SOUL.md) in realtime voice session instructions by default. This can be disabled using voice.realtime.bootstrapContextFiles: [].ContextEngine.compact() call no longer stalls the agent turn.subagents.allowAgents: ["*"] wildcard now constrains targets to configured agents only, preventing the accidental creation of arbitrary agent state roots on disk.models.providers.<id>.timeoutSeconds values, removing the implicit ~120s ceiling that previously caused timeouts for long-reasoning models or large tool payloads./codex account command now respects explicit auth order over lastGood heuristics, ensuring the displayed active profile matches the runtime resolver.jobs.json stores were treated as empty and clobbered during upgrades. Both versioned and legacy array shapes are now supported.openclaw tasks maintenance --json now provides detailed diagnostics explaining why stale-running tasks are retained or reconciled.Users running concurrent agent/subagent workloads will notice improved gateway responsiveness due to the new diagnostic event yielding. Agents utilizing third-party compaction plugins are now protected against infinite hangs, significantly increasing the reliability of long-running sessions.
For enterprise users, the Policy plugin provides a mechanism to prove that a workspace adheres to specific security requirements (e.g., denying specific channel providers). The hardening of system.run allowlist evaluation and the new plaintext secret warnings further reduce the attack surface for configuration-based exploits.
Discord users gain a more seamless voice experience with automated user following and better persona grounding. CLI users benefit from more stable JSON outputs (e.g., messageId in message send --json) and more accurate account status reporting in Codex.
subagents.allowAgents: ["*"] to target unconfigured agent IDs, these will now be rejected. You must explicitly list any unconfigured target IDs in the allowAgents array to maintain this behavior.jobs.json files and migrates them to the versioned format upon the next write.