This update focuses on resolving agent freezes during LLM timeouts, hardening gateway authentication for trusted proxies and browser sessions, and expanding the plugin SDK with new hook types and tool visibility.
Merged PRs
- fix(agents): surface memory-flush errors safely Original PR
- fix(anthropic): enable Claude CLI session-expired history reseed Original PR
- Allow pnpm source updates to build OpenClaw Original PR
- Require Control UI pairing before proxy-scoped access [AI] Original PR
- Require explicit browser device pairing [AI] Original PR
- feat(telegram): localized command menu descriptions Original PR
- feat(plugin-sdk): export plugin hook types Original PR
- feat(plugins): expose tools in LLM input hook event Original PR
- Harden trusted-proxy source validation [AI] Original PR
- revert(cli): remove global root refusal Original PR
- fix(provider): add opt-in transient retries for provider execution Original PR
- [AI-assisted] fix(agents): normalize array tool schemas Original PR
- fix(plugins): raise default install scan file limit to 25k Original PR
- Revert "Check ClawHub trust before plugin installs" Original PR
- docs(changelog): credit Ziy1-Tan for #79645 Original PR
- fix(security): inline redact into appendSessionTranscriptMessage Original PR
- fix(agents): escalate LLM idle timeout to model fallback after profile rotation Original PR
- feat(scripts): allow worktree heavy-check locks Original PR
- Add dependency release safety evidence and PR awareness Original PR
- cherry-pick #81219 onto release/2026.5.12 for beta.5 Original PR
- fix(agents): make subagent task delivery visible Original PR
- fix(gateway): forward temperature and top_p through OpenAI-compatible HTTP APIs Original PR
- feat(migrate): suppress plan log on embedding, add "Accept recommended" affordance, remove "Skip for now" Original PR
- Check ClawHub trust before plugin installs Original PR
Key Changes
Agent Reliability and LLM Orchestration
One of the most critical fixes in this window addresses a regression where agents would silently freeze mid-turn during LLM idle timeouts. Previously, if the idle watchdog fired, the agent would stop responding without rotating auth profiles or advancing the model fallback chain. The system now correctly escalates these timeouts to the fallback model, ensuring continuity in multi-turn workflows.
Other agent-centric improvements include:
- Subagent Visibility: Task delivery for native
sessions_spawn has been moved from hidden system prompts to visible user messages, making subagent tasks auditable in transcripts.
- Tool Schema Normalization: To prevent OpenAI from rejecting tool schemas with missing
items in array definitions, the system now recursively adds permissive items: {} to such schemas.
- Provider Retries: A shared transient retry path has been added for opted-in provider read, poll, and download operations to handle HTTP 5xx errors and network timeouts more gracefully.
Security Hardening and Authentication
Significant effort was directed toward closing gaps in the Gateway's authentication and proxy logic:
- Trusted Proxy Validation: The gateway now rejects non-loopback peers that are local interface addresses, preventing host-local addresses from being treated as distinct proxy trust boundaries.
- Control UI Pairing: Trusted-proxy authenticated Control UI sessions now require explicit device pairing before operator scopes are honored, preventing fresh device identities from gaining privileged access silently.
- Browser-Origin Hardening: Browser-origin Control UI sessions are no longer eligible for silent local pairing; they now require explicit pairing approval to mint durable operator access.
SDK and Plugin Ecosystem
For developers, the Plugin SDK has been expanded to provide better type safety and visibility:
- Type Exports: Plugin hook types are now exported via a public
openclaw/plugin-sdk/types entrypoint, removing the dependency on fragile internal source paths.
- LLM Input Hooks: The
llm_input hook now exposes the tools field, allowing plugins to see which tools are available for a specific LLM call.
- Telegram Integration: Telegram bot menus now support localized command descriptions via
language_code, enabling multi-language bot deployments.
Impact
User Experience
Users will notice a significant reduction in "silent freezes" during complex agent tasks, particularly when using models with unstable latency. The migration flow for Codex has also been streamlined with an "Accept recommended" option and the removal of a confusing "Skip for now" trap, making onboarding more intuitive.
Developer Experience
Plugin authors can now build more robust extensions using public SDK types and gain deeper insight into LLM contexts through enhanced hook events. The increase in the default install scan file limit to 25k also resolves onboarding blockers for larger plugins like the Codex plugin.
System Security
The tightened pairing requirements for browser and proxy-based Control UI access significantly reduce the risk of unauthorized operator-level access. By enforcing explicit pairing for these paths, OpenClaw ensures that privileged gateway RPCs are bounded by verified device records.
nominiclaw