OpenClaw v2026.5.12-beta.5 Release Summary

Key Changes

This release focuses on hardening the security posture of the Gateway, expanding the capabilities of the Plugin SDK, and resolving several high-impact stability regressions in agent coordination and memory management.

Security & Authorization Hardening

• Device Pairing & Access: The Gateway now requires explicit pairing approval for setup-code bootstrap and browser-origin sessions. Pending Nodes no longer leak capabilities or permissions until approved, and node-role device token management is now restricted to admin-scoped sessions.
• Trusted Proxy Validation: Source validation for trusted proxies has been hardened to reject non-loopback peers that are local interface addresses, preventing host-local interface addresses from being treated as distinct proxy trust boundaries.
• Tool Authority: Hook-authenticated agent turns routed through CLI backends now use non-owner tool authority, preventing external hook ingress from granting privileged loopback access.
• Browser Control: Navigation checks are now enforced for all /act interactions (select, fill, type, evaluate), ensuring that page scripts cannot move a tab to a policy-denied URL between calls.

Plugin SDK & Workflow Enhancements

• Workflow Seams: The Plugin SDK now supports typed session actions, host-mediated outbound attachments, and scheduled session turns via the existing cron-compatible scheduler. Plugins can also request bounded agent-finalize retries.
• Install-Time Scanning: Plugin package installation now includes a comprehensive scan of the installed runtime tree (including node_modules) to detect blocked code patterns before a plugin is published.
• Dependency Management: The workspace has been upgraded to pnpm 11, aligning Docker, install, and update workflows with the new workspace config surface.

Agent & Provider Stability

• Failover Logic: A critical fix resolves a regression where agents would silently freeze during LLM idle timeouts. The system now correctly escalates idle timeouts to model fallback or profile rotation.
• Subagent Coordination: Spurious heartbeat wake-ups on parent sessions triggered by subagent background exec completions have been eliminated, reducing unnecessary LLM invocations.
• OpenAI Compatibility: Tool schemas are now normalized to recursively add items: {} to array parameters, preventing validation rejections from OpenAI-compatible providers.
• Llama.cpp Integration: Self-hosted providers now opportunistically discover the actual loaded runtime context window via the /props endpoint, ensuring session budgeting reflects real server limits rather than training ceilings.

Channel & UI Improvements

• Telegram: Fixed a critical bug where bot token rotation caused the bot to go "deaf" due to stale update offsets. The system now fingerprints tokens to detect rotation and reset offsets automatically. Additionally, supported HTML tags are now preserved in replies.
• iMessage: Added support for routing inbound tapbacks as reaction system events and fixed a bug where pasted URLs were treated as media due to Apple's rich-link preview blobs.
• Control UI: Subagent sessions are now visually nested under their parent sessions in the picker using a └─ prefix, and isolated heartbeat sessions are hidden to prevent users from accidentally routing chat input into background sessions.

Impact

Fixed Issues

• #76877: Resolved the "silent freeze" where agents stopped responding mid-work during idle timeouts.
• #80653: Fixed Telegram message loss following bot token rotation.
• #73691: Prevented Gateway freezes caused by unbounded growth of MEMORY.md during dreaming promotions by implementing a bounded compaction budget.
• #80381: Fixed EACCES permission errors during Docker setup on Windows/WSL by pinning container environment paths.
• #66748: Eliminated unnecessary parent-session wake-ups caused by subagent exec completions.

Performance & Reliability

• Memory Efficiency: Session transcript reads now use streaming helpers instead of loading full files into memory, significantly reducing RSS delta for large transcripts (e.g., 200 MiB transcripts now see a peak RSS delta of ~27 MiB instead of ~252 MiB).
• Config Reliability: Concurrent config mutations are now serialized through central transform/write helpers, preventing ConfigMutationConflictError and data loss during simultaneous agents add calls.

Upgrade Guide

Breaking Changes

• iMessage Allowlists: allowFrom entries for iMessage now strictly require sender handles. Conversation IDs or chat GUIDs are no longer accepted as proof of sender identity (though they remain valid for group admission and message targeting). Users should update their allowFrom configurations to use specific sender handles.
• Trusted Proxy Config: Deployments that listed the gateway host's own non-loopback interface address in gateway.trustedProxies will no longer authenticate direct requests from that address. Use a distinct proxy peer address or the loopback trusted-proxy path.

Migration Steps

1. Update pnpm: Ensure you are using pnpm 11 for local development and source installs.
2. Review iMessage Config: Check your allowFrom settings for iMessage to ensure they use sender handles rather than chat IDs.