openclaw v2026.6.5-beta.5 release notes: what's new & changelog

OpenClaw v2026.6.5-beta.5 delivers a new bundled web-search provider, improved transparency for iOS voice interactions, and critical security hardening for Gateway tool invocation and MCP transports.

Key Changes

New Parallel Web-Search Provider

Parallel is now a bundled web_search provider designed for agentic search, returning LLM-optimized dense excerpts. It is configurable via the PARALLEL_API_KEY environment variable or plugins.entries.parallel.config.webSearch.apiKey config. The provider includes support for custom base URL overrides (e.g., for Cloudflare AI Gateway proxying) and integrates directly into the pnpm openclaw onboard search-provider picker.

iOS Talk Transparency and Fallback

Voice interactions on iOS now explicitly distinguish between the configured voice mode and the active runtime mode. When a configured gateway realtime mode fails, the app now surfaces a visible fallback banner and a detailed diagnostic sheet instead of silently switching to native iOS speech recognition and TTS. This allows users to identify specific failure reasons, such as invalid API keys or unavailable models, while still maintaining voice functionality via local fallback.

Security Hardening and Infrastructure

• Gateway Tool Gating: Owner-only core tools (including gateway, cron, and nodes wrappers) are now strictly gated. Non-owner identity-bearing callers are denied access to these tools even if they are explicitly included in the gateway.tools.allow list.
• MCP Transport Guarding: MCP HTTP, SSE, and Streamable HTTP requests are now routed through a shared SSRF-guarded fetch path. Redirect targets are re-evaluated independently per hop, preventing redirects to blocked private or internal targets.
• Auth Profile Migration: Auth profiles and runtime state have been migrated from JSON files to SQLite-backed storage within each agent's openclaw-agent.sqlite for improved durability.
• State Storage Refactor: Several runtime states, including Memory Core dreaming state, Matrix crypto sidecars, and Memory Wiki import-run metadata, have been moved to SQLite-owned storage.

Provider and Channel Enhancements

• QQBot: Now strips model reasoning/thinking scaffolding (e.g., <thinking> tags) before delivery to prevent raw internal model narration from leaking into channel replies.
• Matrix: Added inbound audio preflight to transcribe voice notes before mention gating and implemented thread-aware read/reply behavior using Matrix relations pagination.
• Google Vertex: Fixed a regression where ADC-backed static catalog providers were dropped, ensuring google-vertex/* models are correctly resolved at runtime for ADC users.
• iMessage: Implemented a 150-second send timeout to resolve intermittent stalls on macOS 26 and updated split-send coalescing to use structural balloon_bundle_id metadata for higher precision.

Impact

For Users

• Search Options: Users gain a high-accuracy, agent-optimized search alternative with Parallel.
• iOS Experience: Voice users get clear feedback when realtime mode fails, reducing confusion during fallback to native speech.
• Reliability: Improved stability for iMessage on macOS 26 and better recovery for Anthropic extended-thinking sessions after prompt-cache expiry or Gateway restarts.

For Developers and Operators

• Security: Stricter boundaries on Gateway tool invocation and MCP redirects reduce the attack surface for internal network probing.
• Maintenance: The migration of auth and plugin state to SQLite reduces the risk of state corruption associated with ad hoc JSON files.
• Deployment: Podman users on Fedora/RHEL will no longer encounter interactive short-name prompts during builds due to fully-qualified base image references.

FAQ

What's new in v2026.6.5-beta.5?

This release introduces the Parallel web-search provider, iOS Talk fallback banners, and migrates auth and various plugin states to SQLite. It also includes security hardening for Gateway tools and MCP transports, and fixes for QQBot, Matrix, and iMessage.

Are there any breaking changes?

Yes, agent-driven gateway config.patch and gateway config.apply calls that target global prompt overlays or global default model settings are now rejected as protected config changes. Additionally, non-owner HTTP callers can no longer access owner-only core tools (cron, gateway, nodes) regardless of the allowlist.

How do I upgrade?

Upgrade via the standard npm package update process. The openclaw doctor preflight now automatically handles the migration of legacy cron JSON stores and auth profiles into SQLite.