openclaw 2026.5.30-beta.1

openclaw 2026.5.30-beta.1

on Node.js NPM

Highlights

• Agents and CLI-backed runtimes recover more cleanly from interrupted tool calls, stale session bindings, compaction handoffs, and media delivery retries. (#88129, #88136, #88141, #88162, #88182)
• Channels and mobile delivery are steadier across Telegram, WhatsApp, iMessage, Slack, Discord, Microsoft Teams, Google Chat, Google Meet, and iOS realtime Talk. (#88096, #88105, #88183, #88231)
• Provider and plugin requests now bound more timers, retries, OAuth/device-code lifetimes, media downloads, local service probes, and generated-content polling paths before they can hang a run.
• Skills, session metadata, gateway runtime state, plugin metadata, and store writes do less repeated work on hot paths while keeping config and dispatch behavior stable.
• Workboard, SecretRef plugin manifests, hosted iOS push relay, and external Copilot/Tokenjuice packaging add broader orchestration, integration, and plugin delivery surfaces. (#82326, #87469, #87796, #88107, #88117)
• Release, CI, Docker, E2E, and diagnostics lanes now cap more logs, response bodies, readiness probes, artifact checks, and status polling so failures report bounded proof instead of stalling.

Changes

• Skills: let the skill_research agent tool apply, reject, and quarantine explicit Skill Workshop proposals through the guarded proposal lifecycle. Thanks @shakkernerd.
• Skills: let Skill Workshop proposals carry approved support files under standard skill folders, with scanner, hash, and rollback safeguards. Thanks @shakkernerd.
• Skills: let pending Skill Workshop proposals be revised in place with versioned, dated proposal frontmatter before approval. Thanks @shakkernerd.
• Skills: add Skill Workshop proposals with pending PROPOSAL.md drafts, CLI/Gateway review actions, rollback metadata, and the skill_research agent tool. Thanks @shakkernerd.
• Plugins: externalize Tokenjuice as the official @openclaw/tokenjuice plugin with npm and ClawHub publish metadata.
• Plugins: externalize the GitHub Copilot agent runtime as the official @openclaw/copilot plugin with npm and ClawHub publish metadata.
• iOS: add hosted push relay defaults, realtime Talk playback, and a guarded WebSocket ping path for more reliable mobile sessions. (#88096, #88105, #88231)
• Workboard: add orchestration primitives and agent coordination tools for multi-agent planning and run tracking. (#87469)
• Code mode: add internal namespaces for scoped agent/global sessions and exact namespace tool dispatch. (#88043)
• Control UI: add a Dreaming-tab agent selector and propagate the selected agent through Dreaming status, diary, and diary actions. (#78748) Thanks @stevenepalmer.
• Plugins: add a SecretRef provider integration manifest contract and extract shared LLM core packages for provider/plugin reuse. (#82326, #88117)
• Skills: add the core skills index and centralize skills runtime loading, status, filtering, and prompt formatting.

Fixes

• CLI: keep plugins list --json on the snapshot-only path so plugin sweeps avoid loading the full runtime status graph.
• Plugins: make PixVerse external-plugin ClawHub metadata explicit and keep it out of bundled dist builds.
• Cron: keep SQLite cron migrations compatible with legacy run-log tables, archived job stores, diagnostic cron names, and legacy one-shot delete-after-run behavior. (#88285)
• Providers: bound generated media downloads from OpenAI, Runway, xAI, MiniMax, BytePlus, DashScope-compatible, FAL, OpenRouter, Google, Vydra, and Comfy providers.
• Providers: cap GitHub Copilot OAuth request timeouts before creating abort signals.
• Cron: retry recurring jobs after transient model rate limits before waiting for the next scheduled slot.
• Agents/Codex: keep live session locks during cleanup, recover interrupted CLI tool transcripts, preserve Codex auth and compaction session identity, clear orphan tool state, cap app-server idle timers, and keep media completion delivery retryable. (#88129, #88136, #88141, #88162, #88182)
• Chat/UI: show Gateway chat failures as visible assistant messages in the Control UI instead of only setting an invisible error state.
• Channels: cap Telegram, Discord, WhatsApp, Signal, Feishu, Google Chat, Microsoft Teams, QQBot, Nostr, Zalo, Zalouser, and Nextcloud-style request/retry timers; preserve SMS approval reply routes; and retry WhatsApp QR login 408 timeouts. (#88183)
• Security/config parsing: reject unsafe OAuth/token lifetimes, retry-after delays, inbound timestamps, response body sizes, command timeout config, sandbox observer token TTLs, and gateway WebSocket calls after close.
• Providers/media: cap local service, model, usage, queue, generated media, TTS, music, workflow polling, and provider OAuth request timers across hosted and local providers.
• Release/CI/E2E: bound release candidate reads, beta smoke REST calls, changelog restore, kitchen-sink and bundled plugin readiness probes, secret-provider probes, Vitest routing, and mainline test flakes. (#88127, #88137, #88155, #88160)
• Release/CI/E2E: run the secret-provider integration proof through the repo pnpm runner so native macOS and Windows validation use the hydrated package-manager shim.
• Release/CI/E2E: run the Telegram desktop proof gateway through the repo pnpm runner so native macOS proof uses the hydrated package-manager shim.
• Docs/CI: run Mintlify anchor checks through the repo pnpm runner so docs link validation works when pnpm is only available through the hydrated package-manager shim.
• Agents: keep configured fallback model metadata typed so provider params, context-token caps, and media input limits do not break changed-gate typechecks.
• Agents: accept hidden sessions_send body aliases before validation while keeping the model-facing message schema canonical. (#88229) Thanks @zhangguiping-xydt.
• CI/Crabbox: keep default runner capacity spot-only and provider-neutral so OpenClaw remote validation does not silently fall back to on-demand leases or stale AWS region hints.
• CI/Crabbox: route Crabbox wrapper and Testbox workflow edits to their regression tests so changed-test gates do not silently run zero specs.
• CI/workflows: route workflow sanity helper edits to their guard tests and cover composite-action input interpolation checks.
• CI/tooling: route CI scope, dependency, changelog, and docs helper edits to their owner tests instead of silently skipping changed-test coverage.
• CI/tooling: route package, release, and install helper edits to their owner tests so changed-test gates cover publish and installer script changes.
• CI/tooling: route shared script library edits through their owner tests so lock, process, safety, and scan helpers do not skip changed-test coverage.
• CI/tooling: skip expensive import-graph scans once a changed diff already requires broad fallback, keeping local changed-test planning fast while still collecting explicit owner tests.
• CI/tooling: route script edits through conventional owner tests when matching test/scripts or src/scripts coverage already exists.
• CI/tooling: honor option terminators in the memory FD repro script so follow-on arguments are not reparsed.
• Release/CI/E2E: assert plugin lifecycle runtime inspect output instead of only capturing it.
• Release/CI/E2E: make gateway-network prove the advertised health RPC and retry early WebSocket closes without burning full open timeouts.
• Release/CI/E2E: honor option terminators across release, Parallels smoke, plugin gauntlet, and extension-memory scripts.
• Release/CI/E2E: fail plugin gateway gauntlet QA chunks when the requested suite summary is missing or invalid.
• Performance: prebuild QA runtime probes with generated plugin assets but without CLI startup metadata.
• Performance: skip declaration bundling for runtime-only CLI startup and gateway watch build profiles.
• Performance: reuse prepared provider handles, strict tool schemas, gateway runtime metadata, session maintenance config, plugin metadata, bundled skill allowlists, package-local plugin artifacts, single-entry store writes, and validated/serialized session prompt blobs.

Release verification

• npm package: https://www.npmjs.com/package/openclaw/v/2026.5.30-beta.1
• registry tarball: https://registry.npmjs.org/openclaw/-/openclaw-2026.5.30-beta.1.tgz
• integrity: sha512-uwbUzNsJ1NzVhlMEPSoLy3R36mGqdqcPEznpYQ3J1CGBJmMxoBjQ81i5O78QT7IfQ7DEnk4sbWWC+ckLfwtVVg==
• full release CI report: https://github.com/openclaw/releases/blob/main/evidence/2026.5.30-beta.1/release-evidence.md
• release publish: https://github.com/openclaw/openclaw/actions/runs/26700925470
• npm preflight: https://github.com/openclaw/openclaw/actions/runs/26700348538
• full release validation: https://github.com/openclaw/openclaw/actions/runs/26700348878
• plugin npm publish: https://github.com/openclaw/openclaw/actions/runs/26700983136
• plugin ClawHub publish: https://github.com/openclaw/openclaw/actions/runs/26700984428
• OpenClaw npm publish: https://github.com/openclaw/openclaw/actions/runs/26701031698
• npm Telegram beta E2E: https://github.com/openclaw/openclaw/actions/runs/26701378338