OpenClaw v2026.5.12 Release Summary

Key Changes

OpenClaw v2026.5.12 focuses on infrastructure stability, security hardening, and the expansion of the Codex harness. The release introduces critical fixes for event-loop saturation and configuration data loss, while refining how plugins and sandboxes are validated.

Infrastructure & Stability

• Telegram Polling Resilience: To prevent message loss during event-loop saturation, Telegram polling ingress has been moved to an isolated worker with a durable local spool. This ensures that getUpdates calls continue to function even when the main thread is blocked by heavy agent processing.
• Configuration Safety: A critical fix prevents config data loss during version upgrades. The system now creates a .pre-update snapshot and disables allowConfigSizeDrop during update-triggered doctor runs to ensure user-authored credentials and plugin records are not accidentally stripped.
• Concurrent Config Mutations: Config mutations are now serialized centrally, allowing concurrent commands to rebase safe changes instead of clobbering each other.

Security & Hardening

• Plugin Install Scanning: Security scanning during plugin installation has been expanded. The system now scans executable runtime and setup entries, and performs a post-install scan of the installed runtime tree (including node_modules) to detect dangerous code patterns in dependencies.
• Sandbox Security: On Windows, the sandbox now explicitly blocks USERPROFILE credential roots to prevent unauthorized access to .ssh or .codex folders, even if the HOME environment variable is redirected.
• Auth & Scope Enforcement:
  • Node-role device token management now requires admin scope.
  • Browser-origin Control UI sessions now require explicit device pairing before operator scopes are honored.
  • Setup-code bootstrap is now node-only and requires explicit pairing approval before returning durable tokens.

Codex & Agent Enhancements

• Codex Harness Integration:
  • Codex now supports routing plugin LLM completions through the Codex runtime, allowing context-engine plugins (like lossless-claw) to use Codex OAuth instead of requiring a direct OPENAI_API_KEY.
  • Cron-triggered Codex turns now receive specific automation instructions to execute payloads directly, avoiding timeouts caused by unnecessary workspace bootstrapping.
  • Lossless-managed Codex sessions now rotate incompatible native threads to prevent context-window overflows caused by stale hidden history.
• Agent Coordination: The session.agentToAgent.maxPingPongTurns ceiling has been raised from 5 to 20 to support more complex multi-agent coordination chains.
• Tooling: Added tools.toolsBySender to allow operators to restrict dangerous tools (like exec or write) on a per-user basis at the schema level, making them invisible to the LLM for restricted users.

Channel & UI Updates

• Telegram: Added support for localized command menu descriptions via setMyCommands and fixed HTML formatting for cron announce deliveries.
• Control UI: The session picker now visually nests subagent sessions under their parent using a └─ prefix for better clarity.
• iMessage: Fixed a bug where media-only sends included a visible <media:image> placeholder text.

Impact

Fixed Issues

• #81132: Fixed Telegram polling stalls during event-loop saturation.
• #80077: Resolved critical config wipe during v2026.5.7 updates.
• #81395: Fixed subagent runtime bypass that caused billing issues for Claude CLI users.
• #80677: Resolved stuck Telegram lanes after tool failures and auto-compaction.
• #81181: Fixed erroneous "Failed to download media" replies in Telegram groups with requireMention: true.

Performance Improvements

• Transcript Memory: Session transcript reads now use streaming helpers instead of loading full files into memory, significantly reducing RSS delta for large transcripts (e.g., from 252 MiB to 27 MiB for a 200 MiB file).
• Media Fetching: The system now skips buffering response bodies for bodyless media responses (HEAD probes), reducing heap waste.

Upgrade Guide

Breaking Changes & Migration

• iMessage Sender Allowlist: Sender allowlist matching now strictly requires normalized sender handles. Conversation-scoped IDs (chat GUIDs) are no longer accepted as proof of sender identity. Users must update their allowFrom configurations to use sender handles.
• Trusted Proxy Validation: Trusted-proxy authentication now rejects non-loopback peers that are local interface addresses. Deployments using the gateway host's own LAN address in gateway.trustedProxies must migrate to a distinct proxy peer address or use the loopback path.
• pnpm Upgrade: The workspace has been upgraded to pnpm 11. Users performing git source installs will find that build allowlists are now managed via pnpm-workspace.yaml#allowBuilds.