OpenClaw v2026.5.26-beta.2 Release Summary

Key Changes

Core Infrastructure & Performance

OpenClaw v2026.5.26-beta.2 focuses heavily on reducing Gateway latency and hardening the system's core data paths. A major architectural shift sees Transcripts becoming a core component, providing a reliable path for meeting summaries, source-provider chunks, and CLI/TUI replay.

Performance gains are achieved through aggressive caching of plugin metadata, package realpaths, and session/auth hot-path facts. These changes significantly reduce the CPU churn during Gateway startup and reply delivery, ensuring faster response times under load.

Channel Enhancements

Several messaging channels have received production-ready updates:

• Signal, iMessage, and WhatsApp: Now support native reaction approvals (👍 for allow-once, 👎 for deny), removing the need for textual /approve commands for mobile users.
• Telegram: Now preserves inbound text entities (bold, italic, code, etc.) as Markdown in agent prompts and improves forum topic handling.
• Discord: Improved voice playback, model picking, and a fix to suppress self-reply echoes in agent prompts.
• iMessage: Hardened catchup cursors to prevent duplicate message replay after restarts.

Security & Content Boundaries

Security hardening is a primary theme in this release:

• SSRF Protection: Browser snapshot reads now honor SSRF policies to prevent unauthorized internal network access.
• Prompt Injection Guards: The memory_store tool now rejects prompt-like instruction payloads before they reach persistent storage.
• Content Sanitization: Queued system-event text is now sanitized to prevent spoofing of nested prompt markers, and serialized tool-call text is scrubbed from user-facing replies.
• Auth Rate Limiting: Default auth rate limiting is now enabled for remote non-browser Gateway auth failures.

Agent & Provider Stability

• Codex & Local Models: Improved stability for Codex app-server recovery and normalized top_p for Ollama greedy sampling.
• Context Management: The system now derives overflow budgets directly from provider errors, allowing for more precise auto-compaction when context windows are exceeded.
• OpenAI Compatibility: The HTTP Gateway now forwards frequency_penalty, presence_penalty, and seed parameters to upstream providers.

Impact

For End Users

Users will experience a more responsive Gateway and a more intuitive mobile experience via reaction-based approvals. The TUI now allows prompts to be submitted while an agent is busy, queuing them for the next turn instead of blocking input.

For Developers & Operators

Observability is significantly improved with the addition of an ephemeral Activity tab in the Control UI and richer OpenTelemetry LLM spans. The openclaw path command now supports deep JSON edits for openclaw.json, facilitating easier configuration of nested settings.

Fixed Issues

• Codex Reliability: Fixed a critical issue where Codex app-server turns would silently drop due to event loop saturation (#86948).
• TUI Input Lock: Resolved the issue where the TUI blocked prompt submission during active runs (#86673).
• Telegram Delivery: Fixed a bug where Telegram DM replies were intermittently dropped due to overlapping turns (#85314).
• Installer Hangs: Fixed a bug where the installer could hang indefinitely during the finalization stage (#62509).
• WhatsApp Group Gating: Added warnings when group inbound messages are dropped due to missing configuration entries (#83777).

Upgrade Guide

Breaking Changes & Migration

• Auth Migration: A new openclaw migrate command is available to import credentials from Hermes and Codex into OpenClaw auth profiles. Users are encouraged to run this to transition their existing credentials.
• WhatsApp Approvals: Old numeric/keycap reaction shortcuts for WhatsApp approvals are no longer accepted; users must now use 👍 or 👎.
• iMessage Approvals: If channels.imessage.allowFrom is configured, the /approve command is now authorized against this specific list rather than the broader DM allowlist.