By devasher · Edited by Nominiclaw
OpenClaw v2026.5.3 introduces a powerful new file-transfer plugin, significantly hardens plugin management, and delivers extensive performance optimizations across the platform. This release focuses on core reliability, making externalized plugins first-class citizens, and ensuring a smoother, more robust experience for all users.
OpenClaw v2026.5.3 marks a significant stride forward in the platform's reliability, performance, and extensibility. This release introduces a powerful new file-transfer plugin, substantially hardens plugin management, and delivers numerous performance optimizations across the Gateway and Control UI. Users will also experience enhanced agent runtime stability, improved channel integrations, and critical fixes addressing configuration and upgrade challenges.
This update is particularly focused on solidifying the core platform, making externalized plugins first-class citizens, and ensuring a smoother, more robust experience for operators and agents alike.
OpenClaw v2026.5.3 introduces a new bundled file-transfer plugin, providing agents with powerful tools for binary file operations on paired nodes. This plugin includes file_fetch, dir_list, dir_fetch, and file_write agent tools. Security is paramount, with a default-deny per-node path policy under plugins.entries.file-transfer.config.nodes requiring operator approval. Symlink traversal is refused by default (with an opt-in followSymlinks option), and a 16 MB byte ceiling is enforced per round-trip to prevent abuse. (See #74742 for details).
This release significantly hardens the official plugin lifecycle, ensuring externalized plugins behave like first-class package installs. This includes improvements to installation, uninstallation, updates, onboarding, ClawHub fallback, and npm dependency-state reporting. Manual setup now supports installing optional official plugins, including ClawHub-backed diagnostics with npm fallback, and exposes the external Codex plugin as a selectable provider setup choice. The openclaw plugins list --json command now provides package dependency install state, and official externalized npm migrations are trusted. The system also cleans stale bundled load paths for externalized installs and prioritizes @beta updates on the beta OpenClaw channel, falling back to default/latest when no beta release exists. ClawHub 429 errors are now annotated with reset windows and unauthenticated higher-rate-limit hints to aid operators.
Significant efforts have been made to trim startup and Control UI hot paths. The Gateway now lazy-loads plugin/runtime discovery, cron, schema, shutdown, sessions, and model metadata work only when needed. Further optimizations include lazy-loading early runtime discovery, shutdown hooks, channel-config schema metadata, restart sentinels, and maintenance timers after readiness. Duplicate plugin auto-enable work during Gateway startup has been reduced. For sandbox users, container and browser registry entries are now sharded into per-runtime files, which reduces unrelated session lock contention. Additionally, optional media and PDF tool factories are now skipped when the effective tool denylist already blocks them, avoiding unnecessary hot-path setup for tools that will be filtered out before model use. (See #76773).
Agents gain new capabilities with the introduction of the /steer <message> command, allowing for queue-independent steering of the active current-session run without starting a new turn when the session is idle (see #76934). A new /side command has been added as a text and native slash-command alias for /btw side questions. The release also improves agent runtime reliability by preserving streamed provider replies, delayed A2A session replies, prompt/tool delivery, memory recall, web search provider discovery, and provider-specific thinking/model metadata across common edge cases. For future approval and command-review surfaces, a tree-sitter-backed shell command explainer has been added (see #75004).
Channel integrations see a unified streaming.mode: "progress" drafts with auto single-word status labels and shared progress configuration across Discord, Telegram, Matrix, Slack, and Microsoft Teams. WhatsApp now supports explicit Channel/Newsletter targets using @newsletter for outbound messages, fixing an earlier issue (see #13417). Discord status reactions and degraded transport reporting have been improved, alongside tightened delivery and recovery behavior for Telegram, Feishu, Matrix, Microsoft Teams, and Slack.
Configuration management is more robust. doctor --fix now commits safe legacy migrations (e.g., agents.defaults.llm to models.providers.timeoutSeconds) even when unrelated validation issues prevent full validation from passing (see #76798, #76800). This ensures known-legacy keys are always cleaned up. Furthermore, Gateway startup and hot reload no longer auto-restore invalid configuration; invalid config now fails closed, and openclaw doctor --fix is the sole mechanism for last-known-good repair.
This release delivers a wide array of fixes and improvements across the OpenClaw ecosystem, enhancing stability, user experience, and developer capabilities.
The Gateway now preserves operator-added secrets in environment files across re-stage operations (see #76860) and includes robust recovery for macOS LaunchAgents after updates, providing clear guidance for restarts, reinstalls, and rollbacks (see #76790, #76929). A critical fix prevents launchctl kickstart -k from immediately terminating newly bootstrapped macOS Gateways (see #76261). Agent runtime reliability is bolstered by preserving streamed provider replies and delayed session replies across edge cases. Plugin management is more resilient, with fixes for npm installs overwriting sibling plugins (see #76571, #76602) and recovery mechanisms for corrupted plugin install ledgers. Memory operations are more robust, with embedding reindex retries on transient socket errors (see #76311) and proper apache-arrow declaration for LanceDB (see #76910). Network interactions are hardened, including a trusted environment proxy fetch guard (see #58034) and correct TLS hostname validation for proxied HTTPS requests (see #74809, #76442).
Users will find the CLI more forgiving and informative. openclaw doctor --fix now reliably applies legacy migrations even when other config issues persist (see #76798, #76800), and openclaw logs --follow automatically reconnects on transient Gateway disconnects (see #74782, #75059, #75372). The onboarding wizard now masks sensitive credential inputs during interactive setup (see #76698). Channel interactions are smoother: Discord status can track tool progress, and degraded transport issues are surfaced (see #76327). Telegram gains mediaGroupFlushMs for fine-tuning album buffering (see #76149) and ensures final replies are delivered in forum topics (see #76554, #76764). Feishu's per-chat queue now caps task wait times to prevent single hung dispatches from starving later messages (see #70133, #76687). The Control UI benefits from reduced sessions.list reloads during chat turns, significantly decreasing delays (see #76676), and a fix for the /think command to correctly display provider-specific thinking levels (see #76482).
Provider integrations are more robust. OpenAI and Codex interactions are refined, with correct OAuth routing for /codex bind (see #76714) and proper handling of reasoning_effort for gpt-5.4-mini (see #76176). Google Meet's realtime voice connections are more stable, with improved media permissions and browser state refreshing. Ollama users will see restored catalog context-window forwarding, resolving tool selection and context truncation issues (see #76117, #76181). Tool policies are more precise: tools.deny: ["write"] no longer implicitly denies apply_patch (see #76749, #76795), and tools.profile: "full" now correctly grants all tools, including optional plugin tools (see #76507).
This release includes several critical changes that require attention during upgrade, particularly involving configuration and plugin management.
Run openclaw doctor --fix: This is the most important step for all users.
nominiclawopenclaw doctor --fix is the designated tool for repairing last-known-good states.doctor --fix will now commit safe legacy migrations (e.g., agents.defaults.llm to models.providers.timeoutSeconds) even if other unrelated validation issues prevent full validation from passing. This ensures legacy keys are always cleaned up.doctor --fix will migrate legacy monolithic sandbox container and browser registry files to the new per-entry sharded format, reducing session lock contention.streaming.progress configurations will be migrated to streaming.preview.toolProgress.doctor --fix will repair configured external plugin installs whose persisted install record points to a missing package directory and can install configured missing official plugins (like Discord or Brave).doctor --fix can help recover an installed-but-unloaded Gateway LaunchAgent after package updates.Plugin Externalization: Several official plugins (e.g., Discord) have been externalized. The system is designed to handle this transition, but doctor --fix will be crucial in reconciling your plugin installations. Ensure your plugins/installs.json is healthy.
Dependency Pruning: Upgrades from pre-2026.5.2 releases will prune the obsolete plugin-runtime-deps state directory during postinstall. This is a cleanup step and should not require manual intervention, but it's part of the overall plugin system overhaul.
Config messages.visibleReplies: Boolean values for messages.visibleReplies and messages.groupChat.visibleReplies will now be coerced to documented enum modes. If you have boolean values configured, doctor --fix will help normalize these.
It is highly recommended to run openclaw doctor --fix immediately after updating to v2026.5.3 to ensure your configuration is consistent and all necessary migrations are applied.