npm openclaw 2026.5.16-beta.2
openclaw 2026.5.16-beta.2
on Node.js NPM

3 hours ago

Changes

  • Providers/xAI: add xAI Grok OAuth login for SuperGrok subscribers, letting xai/* models and xAI media/tool providers authenticate without XAI_API_KEY.
  • CLI/cron: add openclaw cron run --wait with timeout and poll interval controls, plus exact cron.runs --run-id filtering so automation can block on one queued manual run. (#81929) Thanks @ificator.
  • Maintainer tooling: route Crabbox skill defaults through the repo brokered AWS config, leaving Blacksmith Testbox as an explicit opt-in instead of the broad-proof default.
  • CLI/onboarding: localize the setup wizard and bundled channel setup flows for English, Simplified Chinese, and Traditional Chinese. (#80645) Thanks @GaosCode.
  • Agents/skills: cache hydrated resolvedSkills across warm gateway turns while keying reuse by the redacted effective config, reducing redundant skill snapshot rebuilds without crossing config-gated skill boundaries. (#81451) Thanks @solodmd.
  • Telegram/group chat: add opt-in messages.groupChat.ambientTurns: "room_event" handling so always-on ambient chatter can run as quiet room context and speak visibly only via the message tool. (#81317) Thanks @obviyus.
  • Codex/context engines: bind thread-bootstrap projection epochs to Codex app-server threads, carry redacted tool-result context into fresh threads, and rotate backend threads when projection state changes. (#82351) Thanks @jalehman.

Fixes

  • Telegram: persist polling updates through restart replay so queued same-topic messages resume in order instead of losing context after a gateway restart. (#82256) Thanks @VACInc.

  • Gateway/Gmail: abort in-flight Gmail watcher startup and hot-reload restarts before shutdown so reloads cannot spawn gog serve after the Gateway is closing. Thanks @frankekn.

  • MCP plugin tools: forward host MCP tools/call AbortSignal through createPluginToolsMcpHandlers().callTool into plugin tool.execute, so host cancellation actually cancels in-flight plugin tool calls instead of letting them run to completion. Fixes #82424. (#82443) Thanks @joshavant.

  • Media: ignore image MIME and filename hints when bytes sniff as generic containers, so zip/octet-stream payloads mislabeled as images do not become local image media or keep image file extensions when staged.

  • Update/doctor: avoid materializing groupAllowFrom for channel schemas that reject it, so package-swap doctor repairs do not fail on externalized Slack configs.

  • Gateway/media: prevent image filenames from overriding generic non-image byte sniffing, so zip/octet-stream payloads mislabeled as images are offloaded or rejected before they become inline image attachments.

  • Plugins/web search: downgrade stale optional provider installs to warnings so Gateway and doctor repair paths keep running after startup provider selection. Refs #82313. Thanks @crackmac.

  • Telegram/Gateway: route targeted Telegram /stop@bot messages onto the control lane without cached bot metadata and match gateway stop requests across raw/canonical session aliases. (#82298) Thanks @VACInc.

  • MS Teams/media: sniff inline data:image/* attachment bytes before staging them, skipping payloads that are not actually images.

  • Update: let package-swap doctor --fix persist core config repairs while plugin schemas are still converging, preventing update failures on externalized channel configs.

  • Update: carry plugin-validation bypasses into config mutation pre-write reads, so package update doctor repairs can finish while externalized plugin schemas are converging.

  • Update/doctor: keep plugin-validation bypasses on the top-level $include config write path, so package repair can update included plugin config files without flattening them into the root config.

  • Agents/subagents: warn and continue completion announce cleanup when lifecycle cleanup fails, preventing ended subagent runs from becoming silent ghosts. Fixes #82306. Thanks @SebTardif.

  • Telegram: let authorized text /stop commands use the fast-abort path before queued agent work, so active turns stop immediately instead of processing the abort after the turn finishes; foreign-bot /stop@otherbot mentions now stay on the regular topic lane instead of being routed into our control lane. Fixes #82162. Thanks @civiltox.

  • Sessions: drop persisted entries with invalid session ids and strip malformed transcript file metadata before hydrating session runtime state.

  • Auth/device: normalize malformed persisted device-auth token metadata before returning or preserving token entries.

  • Pairing: skip malformed persisted pending pairing requests before approving valid channel pairing codes.

  • Commitments: strip malformed optional reminder scope metadata from persisted commitments before matching pending follow-ups.

  • Config persistence: normalize malformed auth profile credential fields/state, skip JSON-valid garbage transcript checkpoint rows, and let openclaw doctor --fix remove unrepairable cron job rows.

  • Cron: skip persisted job rows with malformed schedule or payload shapes in memory, leaving the store for openclaw doctor --fix instead of hydrating them into runtime state.

  • Cron: reject empty scheduled main/isolated payloads before persisting jobs, keeping runtime stores compatible with malformed-row hardening.

  • Task persistence: drop malformed array/scalar requester-origin JSON from task and task-flow SQLite sidecars instead of restoring it as delivery metadata.

  • Agents/timeouts: clarify model idle-timeout errors and docs so provider timeoutSeconds is shown as bounded by the whole agent/run timeout ceiling.

  • Release tooling: align the published launcher Node floor, npm start, package script checks, sharded lint locking, Vitest root project coverage, and plugin-SDK declaration build cache metadata so release/package validation does not silently skip or ship stale surfaces.

  • Cron/agents: honor configured subagent model fallbacks for isolated scheduled runs and forward that fallback policy into embedded agent timeout failover. Fixes #74985. Thanks @chrisgwynne.

  • Codex app-server/MCP: scope user MCP servers to specific OpenClaw agent ids through an optional mcp.servers.<name>.codex.agents list and accept codex.defaultToolsApprovalMode (auto/prompt/approve) for native Codex approval defaults; OpenClaw strips the codex block before handing mcp_servers config to Codex. (#82180) Thanks @sercada.

  • Agents/OpenAI Responses: clamp input_tokens - cached_tokens at zero and reconstruct totalTokens from input + output + cached components so Responses-API streams report consistent usage when providers under-report input_tokens relative to cached_tokens.

  • Agents: mark adapter-caught tool execution failures as error tool results in embedded Pi sessions, so models can retry recoverable edit failures instead of seeing a successful tool result. Fixes #81546. (#81564) Thanks @najef1979-code and @MonkeyLeeT.

  • Plugins: reject malformed package.json openclaw.extensions metadata during install, discovery, and post-update payload smoke instead of silently dropping invalid entries.

  • Plugins: reject package metadata records whose package.json resolves outside the plugin root instead of trusting persisted or reconstructed registry snapshots.

  • Plugins: ignore malformed persisted package channel/install metadata instead of crashing catalog reconstruction or leaking invalid install hints.

  • Plugin releases: reject package files negations that would omit advertised package-local runtime entries from npm plugin tarballs.

  • Media/files: sniff input_file bytes before trusting declared MIME headers, rejecting spoofed image or zip payloads before they become agent-visible text.

  • Plugins/dependencies: scrub stale managed-root openclaw ownership metadata without deleting a linked active host package, preventing plugin installs from downgrading npm-global hosts. Fixes #79462. Thanks @lisandromachado.

  • Gateway/update: keep shutdown hook-runner imports on a stable dist entry and ship a legacy chunk alias so package swaps do not strand running gateways on missing shutdown chunks. Fixes #81819. Thanks @najef1979-code.

  • Config persistence: ignore malformed array/scalar auth profile, cron job state, and session store entries instead of hydrating them into numeric profile ids, crashed cron rows, or invalid session records.

  • Config persistence: strip malformed pending final-delivery session fields on load so replay/recovery paths skip poisoned reply metadata instead of crashing on raw objects.

  • Config persistence: strip malformed plugin extension state and promoted session-slot ownership on load so corrupted session rows do not leak poisoned plugin metadata into replay/projection paths.

  • Gateway/sessions: ignore malformed compaction checkpoint rows during session projection so corrupted stores do not crash session list/describe responses or show bogus checkpoint counts.

  • Gateway/sessions: keep reachable transcript history when imported tree transcripts reference missing or legacy parent rows, preventing session history reads from going empty after a partial import.

  • Providers: reject malformed successful Runway, BytePlus, and Ollama embedding responses with provider-owned errors instead of raw parser/type failures, silent bad vectors, or long bogus polling.

  • Providers/images: reject malformed successful OpenAI-compatible, OpenAI, Google, fal, and OpenRouter image responses with provider-owned errors instead of raw shape failures, silent invalid base64 skips, or empty image results.

  • Providers/videos: reject malformed successful xAI, OpenRouter, and fal video create, poll, and result responses with provider-owned errors instead of raw parser failures or long bogus polling.

  • Providers/audio: reject malformed successful OpenAI-compatible, ElevenLabs, and Deepgram speech responses with provider-owned errors instead of raw parser failures, wrong-shaped transcripts, or JSON/text bodies treated as audio.

  • Providers/embeddings: reject malformed successful OpenAI-compatible, Google Gemini, and Amazon Bedrock embedding responses instead of silently returning empty or coerced vectors.

  • Providers/catalogs: reject malformed successful LM Studio, GitHub Copilot, DeepInfra, Vercel AI Gateway, and Kilocode model-list responses with provider-owned errors instead of raw parser/type failures or silent fallback catalogs.

  • Providers/polling: reject array, null, or scalar successful operation status responses with provider-owned malformed JSON errors instead of waiting until timeout.

  • ACPX/Codex: reap plugin-local Codex ACP adapter orphans on startup after wrapper crashes while keeping direct adapter commands out of launch-lease injection. Fixes #82364. (#82459) Thanks @joshavant.

  • Telegram: send presentation-only payloads by rendering fallback text and inline buttons instead of treating them as empty. Fixes #82404. (#82449) Thanks @joshavant.

  • Trajectory export: skip and report malformed session/runtime JSONL rows in manifest.json instead of letting wrong-shaped session rows crash support bundle export.

  • Voice calls: persist rejected inbound-call replay keys so duplicate carrier webhook retries stay ignored after a Gateway restart.

  • Config/doctor: copy fallback-enabled channel allowFrom entries into explicit groupAllowFrom allowlists during openclaw doctor --fix, preserving current group access without adding runtime fallback-transition flags.

  • Config/doctor: replace source-only official Brave and Slack plugin installs from trusted catalog metadata during openclaw doctor --fix, unblocking externalized stock plugin recovery after upgrade. (#82425) Thanks @joshavant.

  • Agents/bootstrap: ignore stale completed root BOOTSTRAP.md context after workspace setup cleanup fails, preventing channel agent turns from treating it as a directory. (#82463) Thanks @joshavant.

  • Update/doctor: re-enable the Codex plugin during openclaw doctor --fix when configured OpenAI agent models require the Codex runtime, preventing upgraded configs from failing with an unregistered Codex harness. Fixes #82368. (#82502) Thanks @joshavant.

  • Configure: show one OpenAI provider entry with ChatGPT/Codex sign-in and API key choices, and keep browsed Codex models in the saved /model picker allowlist.

  • Agents/model fallback: preserve auto fallback chains across deferred config reloads when session fallback provenance survives but modelOverrideSource is missing. Fixes #81982. Thanks @joshavant.

  • Hooks: raise bounded gateway lifecycle hook wait budgets to 5 seconds for shutdown and 10 seconds for pre-restart, giving short restart notification handlers time to finish before shutdown continues. (#82273) Thanks @bryanbaer.

  • Plugin releases: require external package compatibility metadata in the npm plugin publish plan, matching the ClawHub package contract before packages ship.

  • Agents/OpenAI-compatible: honor per-model max_completion_tokens/max_tokens params in embedded OpenAI-completions runs so high-token Kimi-style routes keep their configured completion cap. Fixes #82230. Thanks @albert-zen.

  • Agents/local: install a local gateway request scope around trusted openclaw agent --local runs, so subagent completion announces can use in-process gateway dispatch without crashing. Fixes #82140. Thanks @Kushmaro.

  • Cron: keep failed isolated-agent runs from marking successful result delivery when only the failure notification was delivered. Fixes #72985. Thanks @Allenbluff.

  • Discord: validate message-read results before normalizing channel history and report unexpected payloads with a Discord boundary error instead of map is not a function. Fixes #82252. Thanks @jessewunderlich.

  • Agents/runtime: apply agents.defaults.models["provider/*"].agentRuntime as provider-wide model runtime policy while preserving exact model runtime precedence. Fixes #82243. Thanks @rendrag-git.

  • Agents/auto-reply: restrict NO_REPLY prompt guidance to automatic group/channel replies, remove legacy silent-reply rewrites, and suppress accidental direct-chat silent tokens instead of delivering fallback text. Fixes #82254. Thanks @absol89.

  • Telegram: retain a longer partial-stream preview when a final callback only carries an ellipsis-truncated snapshot, preventing the visible answer and transcript mirror from being replaced by the short preview. Fixes #82239. Thanks @crash2kx.

  • Telegram/active-memory: run blocking memory recall through the Telegram provider for direct-message turns even when the hook context carries the raw chat id, preventing embedded recall from launching against an invalid numeric channel. Fixes #82177. Thanks @cslash-zz.

  • Control UI/WebChat: keep optimistic image messages from embedding large inline data: previews and preserve image-only user turns in chat history, avoiding browser stack overflows when sending image attachments. Fixes #82182. Thanks @ExploreSheep.

  • Agents/media: preserve message-tool-only delivery for generated music and video completion handoffs, so group/channel completions do not finish without posting the generated attachment.

  • Telegram: drain queued outbound deliveries after polling reconnect confirms fresh getUpdates activity, so stale-socket and network recovery do not leave failed replies stranded. Fixes #50040. Refs #82175. Thanks @dmitriiforpost-commits and @shellyrocklobster.

  • Gateway/model auth: abort active provider runs when saved auth is removed through the Gateway control plane, refresh live runtime auth snapshots, and surface stopReason: "auth-revoked" to clients. Fixes #81987. (#82346) Thanks @joshavant.

  • Codex app-server: keep the raw tool-output idle watchdog armed after custom_tool_call_output notifications, so post-tool stream silence fails fast instead of waiting for the terminal idle timeout. Fixes #82274. (#82378) Thanks @joshavant.

  • Codex app-server: enforce OpenClaw before_tool_call policy for Codex-native app-server shell and approval paths, preventing native tool execution from bypassing plugin policy. Fixes #82372. (#82496) Thanks @joshavant.

  • Telegram: mark isolated polling ingress unhealthy when a spooled inbound backlog stalls while Bot API polling still succeeds, so gateway/channel health no longer stays green after Telegram DM processing wedges. Fixes #82175. Thanks @shellyrocklobster.

  • Telegram: drop expired approval callbacks from isolated polling after approval id expiry so stale inline-button updates do not retry forever across restarts. Fixes #82347. (#82455) Thanks @joshavant.

  • Agents: strip Gemini/Gemma <final> tags with attributes or self-closing syntax from delivered replies, including strict final-tag streaming enforcement. Fixes #65867. Thanks @grizdum.

  • macOS/update: disarm legacy ai.openclaw.update.* LaunchAgents when openclaw update starts from one, preventing KeepAlive relaunch loops that repeatedly restart the Gateway and replay update continuations. Fixes #82167. Thanks @DougButdorf.

  • Agents/replay: strip internal runtime-context metadata and NO_REPLY sentinels from provider replay and pending final-delivery recovery so restart and heartbeat resumes do not feed control text back to the model. Fixes #76629. Thanks @fuyizheng3120, @bryan-chx, and @cael-dandelion-cult.

  • Agents/replay: skip malformed transcript tail rows when deduping embedded assistant gap-fill, preventing truncated JSONL from duplicating the final assistant reply during replay recovery.

  • LINE: acknowledge signed webhook events before agent processing so slow model replies do not cause LINE request_timeout delivery failures. Fixes #65375. Thanks @myericho.

  • LINE: stop cron recovery from inferring lowercased LINE recipients from canonical session keys, so long-running task replies do not silently retry undeliverable push targets. Fixes #81628. (#81704) Thanks @edenfunf.

  • TTS: preserve channel-derived voice-note delivery for /tts audio replies even when the provider output is not natively voice-compatible. (#82174) Thanks @xuruiray.

  • Codex app-server: preserve inbound sender metadata and source-channel provenance on mirrored user prompts, including failure snapshots, so channel history keeps the original sender identity. (#82184) Thanks @zknicker.

  • Codex app-server: yield projector work to the event loop between embedded-run notifications while preserving pre-turn rate-limit capture, reducing gateway stalls from account and MCP status notifications. Fixes #81936. (#82333) Thanks @joshavant.

  • Plugins/web search: start the configured web_search provider plugin during gateway startup, including auto-enabled external providers behind allowlists. Fixes #82313. (#82376) Thanks @joshavant.

  • Codex account/status: treat metadata-only rate-limit buckets as returned but empty so /codex status and /codex account report none returned instead of counting phantom limits.

  • Codex/Lossless: keep Codex explicit compaction on native app-server threads while allowing Lossless through the context-engine slot; openclaw doctor --fix now migrates legacy compaction.provider: "lossless-claw" config to plugins.slots.contextEngine.

  • Cron/doctor: report scheduled jobs with explicit payload.model overrides, including provider namespace counts and default-model mismatches, so stale cron model pins are visible during auth or billing investigations. Fixes #82151. Thanks @mgonto.

  • Codex app-server: keep the short turn-completion idle watchdog armed after the last non-assistant current-turn item completes, so a quiet Codex app-server releases the OpenClaw session lane before the outer attempt timeout. Fixes #82171. (#82172) Thanks @funmerlin.

  • Providers/OpenRouter: stop adding empty DeepSeek V4 reasoning_content placeholders to assistant tool-call replay messages and strip empty replay artifacts before follow-up Chat Completions requests, so openrouter/deepseek/deepseek-v4-pro no longer fails after tool use. Fixes #82150. (#82158) Thanks @luyao618 and @Suquir0.

  • OpenAI-compatible providers: honor streaming-usage compatibility metadata when deciding whether to send stream_options.include_usage, while keeping bundled Volcengine routes opted in to Ark streaming usage. Refs #44845. (#82181) Thanks @xuruiray.

  • Gateway/approvals: treat turnSourceTo as optional in canBridgeNoDeviceChatApprovalFromBackend, matching the existing optional handling of turnSourceAccountId and turnSourceThreadId. Channels without a recipient concept (webchat, control-ui) leave turnSourceTo null on both the approval snapshot and the replay params, so the prior required-string check rejected every backend replay with APPROVAL_CLIENT_MISMATCH. Cross-channel replay is still gated by the required turnSourceChannel and sessionKey checks. Fixes #82132. (#82136) Thanks @ottodeng.

  • OC Path: add openclaw path set --dry-run --diff so addressed edits can be reviewed as a unified diff before writing.

  • Cron: load runtime plugins before isolated cron model and delivery resolution so external channels can be selected for scheduled runs. (#82111) Thanks @medns.

  • Cron: mirror successful direct scheduled deliveries into the resolved destination session transcript while preserving isolated-delivery awareness policy. (#80786) Thanks @cavit99.

  • Cron: preserve rotated transcript identity after session-bound scheduled runs compact, so sessionTarget: "current" keeps the next user message on the same conversation. Fixes #82164. Thanks @weissfl.

  • Twitch: keep gateway accounts running until shutdown instead of treating successful monitor startup as a clean channel exit, preventing immediate auto-restart loops. Fixes #60071. (#81853) Thanks @edenfunf.

  • Agents/auto-reply: honor agents.defaults.silentReply and per-surface group silent-reply policy when generic agent-run failure fallbacks decide whether to send visible fallback text. Fixes #82060. (#82086) Thanks @taozengabc.

  • Discord: render channel topic context as structured untrusted metadata in reply prompts and stop duplicating inbound message bodies or exposing raw EXTERNAL_UNTRUSTED_CONTENT envelopes. Fixes #82168. Thanks @ronan-dandelion-cult.

  • Codex app-server: arm the short idle watchdog as soon as Codex accepts a turn, so accepted turns with no current-turn progress release the OpenClaw session lane before the outer model timeout. Fixes #82129. Thanks @Francois3d.

  • Agents/replies: also strip <function_response> workflow output when it becomes visible after an adjacent stripped tool-call XML block, closing the remaining sanitizer leak from #47444. Thanks @5toCode.

  • Control UI/WebChat: focus the composer when users click the visible input chrome and restore larger, labeled desktop composer controls while preserving compact mobile taps. Fixes #45656. Thanks @BunsDev.

  • Discord: suppress generated link embeds on outbound messages by default so agent-sent URLs stay as plain links unless channels.discord.suppressEmbeds is disabled.

  • System events: keep owner downgrades in structured metadata while rendering queued prompt text as plain System: lines, preserving least-privilege wakeups without prompt-visible trust labels. (#82067)

  • Gateway/agents: abort active embedded runs when diagnostics detect a stale native tool call, preventing nested agent sessions from staying deadlocked through restart recovery. Fixes #81976. (#82369) Thanks @joshavant.

  • Slack: default outbound bot link unfurls off so agent-sent URLs no longer expand into inline previews unless channels.slack.unfurlLinks is enabled. (#82123) Thanks @kibi-bsp.

  • Slack: keep finalized draft-preview replies visible when a later same-turn tool warning is delivered normally instead of clearing the edited answer. Fixes #81903. (#81979) Thanks @neeravmakwana.

  • Providers/Xiaomi: preserve MiMo reasoning_content on multi-turn tool-call replay, including custom Xiaomi-compatible proxy routes, so follow-up turns no longer fail with 400 Param Incorrect. Fixes #81419. (#81589) Thanks @lovelefeng-glitch and @jimdawdy-hub.

  • Slack/plugins: route plugin-owned modal view_submission and view_closed events through Slack interactive handlers before compacting the agent-visible system event, so plugins can persist full submitted form state while the transcript stays compact. Fixes #82102. Thanks @shannon0430.

  • Providers/Xiaomi: promote legacy MiMo V2 reasoning-only final answers to visible text, including Xiaomi-compatible proxy routes, so mimo-v2-pro and mimo-v2-omni replies no longer appear blank when the answer arrives in reasoning_content. Fixes #60261. (#60304) Thanks @HiddenPuppy.

  • Providers: preserve required reasoning_content replay for Kimi K2.6/K2 thinking and MiMo V2.6 OpenAI-compatible tool-call follow-up turns while keeping the stock OpenAI/Qwen strip path intact. Fixes #82139. Thanks @yimao.

  • Memory search: stop using chokidar write-stability polling for memory and QMD watchers so large Markdown extraPath trees no longer build up regular file descriptors; changed files now settle through the existing debounced sync queue. Fixes #77327 and #78224. (#81802) Thanks @frankekn, @loyur, and @JanPlessow.

  • Message tool: rename the Discord channel-create schema field exposed to models from type to channelType, avoiding NVIDIA NIM JSON Schema parser failures while still accepting legacy type tool calls. (#78920) Thanks @YashSaliya.

  • Feishu: send CardKit streaming cards as delivered deltas and retry failed updates, preventing duplicated or dropped streamed text. Fixes #82417. (#82419) Thanks @hclsys.

  • Gateway/Gmail: stop queued post-ready Gmail sidecars before hot reload and abort stale Tailscale setup, so cancelled watcher restarts cannot rewrite an old public hook target or report abort-killed commands as success. (#82395) Thanks @samzong.

Check out latest releases or
releases around openclaw 2026.5.16-beta.2

Don't miss a new openclaw release

NewReleases is sending notifications on new releases.

Get notifications