npm openclaw 2026.5.31-beta.3
openclaw 2026.5.31-beta.3
on Node.js NPM

4 hours ago

2026.5.31

Highlights

  • Agents and CLI-backed runtimes recover more cleanly from interrupted tool calls, stale session bindings, compaction handoffs, and media delivery retries. (#88129, #88136, #88141, #88162, #88182)
  • Channels and mobile delivery are steadier across Telegram, WhatsApp, iMessage, Slack, Discord, Microsoft Teams, Google Chat, Google Meet, and iOS realtime Talk. (#88096, #88105, #88183, #88231)
  • Gateway and channel setup add Tailscale Serve service-name binding, Communication notification settings, safer agents add, and more reliable progress drafts across Discord, Telegram, Slack, Matrix, and Teams. (#74715, #83115, #88314, #88749) Thanks @VladyslavLevchuk and @zhangguiping-xydt.
  • Provider and plugin requests now bound more timers, retries, OAuth/device-code lifetimes, media downloads, local service probes, and generated-content polling paths before they can hang a run.
  • Skills, session metadata, gateway runtime state, plugin metadata, and store writes do less repeated work on hot paths while keeping config and dispatch behavior stable.
  • Skills and plugin loading now handle stale disabled snapshots and loader failures more clearly, so channel turns avoid disabled SecretRefs and operators get better recovery guidance. (#79072, #79173) Thanks @zeus1959.
  • Workboard, SecretRef plugin manifests, hosted iOS push relay, and external Copilot/Tokenjuice packaging add broader orchestration, integration, and plugin delivery surfaces. (#82326, #87469, #87796, #88107, #88117)
  • Release, CI, Docker, E2E, and diagnostics lanes now cap more logs, response bodies, readiness probes, artifact checks, and status polling so failures report bounded proof instead of stalling.

Changes

  • Docs: add a dedicated Skill Workshop guide covering governed skill creation, reviewable proposals, CLI, Gateway, agent tool behavior, approval policy, support files, and recovery. Thanks @shakkernerd.
  • Skills: let the skill_workshop agent tool apply, reject, and quarantine explicit proposals through the guarded review flow. Thanks @shakkernerd.
  • Skills: let proposals carry approved support files under standard skill folders, with scanner, hash, and rollback safeguards. Thanks @shakkernerd.
  • Skills: let pending proposals be revised in place with versioned, dated proposal frontmatter before approval. Thanks @shakkernerd.
  • Skills: add Skill Workshop with pending proposals, CLI/Gateway review actions, rollback metadata, and the skill_workshop agent tool. Thanks @shakkernerd.
  • Plugins: externalize Tokenjuice as the official @openclaw/tokenjuice plugin with npm and ClawHub publish metadata.
  • Plugins: externalize the GitHub Copilot agent runtime as the official @openclaw/copilot plugin with npm and ClawHub publish metadata.
  • iOS: add hosted push relay defaults, realtime Talk playback, and a guarded WebSocket ping path for more reliable mobile sessions. (#88096, #88105, #88231)
  • Workboard: add orchestration primitives and agent coordination tools for multi-agent planning and run tracking. (#87469)
  • Gateway: support Tailscale Serve service-name bindings for gateway exposure and status.
  • Code mode: add internal namespaces for scoped agent/global sessions and exact namespace tool dispatch. (#88043)
  • Control UI: add a Dreaming-tab agent selector and propagate the selected agent through Dreaming status, diary, and diary actions. (#78748) Thanks @stevenepalmer.
  • Control UI: expose the Communication Notifications settings tab so notification controls are reachable from settings. (#74715) Thanks @VladyslavLevchuk.
  • Plugin SDK/channels: add typed presentation command actions so native slash-command and callback controls can round-trip through capable channel plugins without being reinterpreted. (#88721)
  • Plugins: add a SecretRef provider integration manifest contract and extract shared LLM core packages for provider/plugin reuse. (#82326, #88117)
  • Skills: add the core skills index and centralize skills runtime loading, status, filtering, and prompt formatting.

Fixes

  • Agents/media: keep async image, music, and video generation starts from ending the Codex turn, so mixed requests can continue with summaries or other work while media renders in the background.
  • Agents/Codex: keep public OpenAI API-key profiles from being treated as native Codex app-server auth while preserving persisted Codex OAuth sessions.
  • Agents/Codex: stream Codex app-server final-answer partials to live reply previews, preserve ACP metadata in SQLite, prefer real tool results over synthetic repair output, and preserve workspace/session metadata through ACP runtime refactors. (#88405, #88724, #88730)
  • Control UI: keep collapsed tool cards labeled with the tool name and action instead of generic output text. Thanks @shakkernerd.
  • Agents/Codex: surface Skill Workshop guidance in Codex app-server prompts when skill_workshop is available. Thanks @shakkernerd.
  • Agents/auth: write auth profiles atomically, add force re-login recovery, preserve workspaces during state-only uninstall, and compact before oversized turns so recovery paths avoid partial state.
  • Skills: skip disabled skill env overrides from stale persisted snapshots so disabled skill apiKey SecretRefs cannot abort embedded or channel turns. (#79072, #79173) Thanks @zeus1959.
  • CLI: avoid live catalog validation during openclaw agents add, so adding a secondary agent no longer depends on provider catalog availability. (#76284, #88314) Thanks @zhangguiping-xydt.
  • CLI: keep plugins list --json on the snapshot-only path so plugin sweeps avoid loading the full runtime status graph.
  • Plugins: make PixVerse external-plugin ClawHub metadata explicit and keep it out of bundled dist builds.
  • Plugins: clarify plugin loader failure guidance so missing or incompatible plugin packages point operators at the right repair path.
  • Cron: keep SQLite cron migrations compatible with legacy run-log tables, archived job stores, diagnostic cron names, and legacy one-shot delete-after-run behavior. (#88285)
  • Memory: serialize QMD update/embed writes per store, preserve phase signals on read errors, and rewrite generated transcript paths on rollover so memory/search state survives concurrent gateway and CLI activity. (#66339, #85931) Thanks @openperf.
  • Media: allow validated TXT, JSON, YAML, and YML host-local document sends while rejecting binary-disguised text files. (#79658) Thanks @simplyclever914.
  • Voice calls: migrate legacy call logs through doctor into plugin-state SQLite while keeping malformed or incomplete sources retryable. (#88731)
  • Providers: bound generated media downloads from OpenAI, Runway, xAI, MiniMax, BytePlus, DashScope-compatible, FAL, OpenRouter, Google, Vydra, and Comfy providers.
  • Providers/OpenAI: avoid orphan Responses message-id replay and sanitize raw HTTP 401 provider errors before they reach user-facing logs.
  • Providers: cap GitHub Copilot OAuth request timeouts before creating abort signals.
  • Cron: retry recurring jobs after transient model rate limits before waiting for the next scheduled slot.
  • Agents/Codex: keep live session locks during cleanup, recover interrupted CLI tool transcripts, preserve Codex auth and compaction session identity, clear orphan tool state, cap app-server idle timers, and keep media completion delivery retryable. (#88129, #88136, #88141, #88162, #88182)
  • Chat/UI: show Gateway chat failures as visible assistant messages in the Control UI instead of only setting an invisible error state.
  • Channels: recover failed progress-draft starts and refresh just-started progress drafts across Discord, Telegram, Slack, Matrix, and Teams instead of losing early progress updates. (#83115, #88749)
  • Discord: bound REST entity cache growth and keep recovered tool warning output mention-inert.
  • Channels: cap Telegram, Discord, WhatsApp, Signal, Feishu, Google Chat, Microsoft Teams, QQBot, Nostr, Zalo, Zalouser, and Nextcloud-style request/retry timers; preserve SMS approval reply routes; and retry WhatsApp QR login 408 timeouts. (#88183)
  • Security/config parsing: reject unsafe OAuth/token lifetimes, retry-after delays, inbound timestamps, response body sizes, command timeout config, sandbox observer token TTLs, and gateway WebSocket calls after close.
  • Gateway/security: rate-limit bootstrap-token verification, guard direct session display names, and add Tailscale Serve service-name support without weakening gateway exposure checks.
  • Providers/media: cap local service, model, usage, queue, generated media, TTS, music, workflow polling, and provider OAuth request timers across hosted and local providers.
  • Plugins/install: add npm README coverage for channel providers and pin WhatsApp media decoding to Baileys' supported peer range so external WhatsApp installs do not fail npm peer resolution.
  • Release/CI/E2E: bound release candidate reads, beta smoke REST calls, changelog restore, kitchen-sink and bundled plugin readiness probes, secret-provider probes, Vitest routing, and mainline test flakes. (#88127, #88137, #88155, #88160)
  • Release/CI/E2E: refresh pinned Node Docker image digests and keep pairing challenge assertions aligned with fenced approval commands. (#84981, #84988) Thanks @LibraHo.
  • Release/CI/E2E: run the secret-provider integration proof through the repo pnpm runner so native macOS and Windows validation use the hydrated package-manager shim.
  • Release/CI/E2E: run the Telegram desktop proof gateway through the repo pnpm runner so native macOS proof uses the hydrated package-manager shim.
  • Docs/CI: run Mintlify anchor checks through the repo pnpm runner so docs link validation works when pnpm is only available through the hydrated package-manager shim.
  • Agents: keep configured fallback model metadata typed so provider params, context-token caps, and media input limits do not break changed-gate typechecks.
  • Agents: accept hidden sessions_send body aliases before validation while keeping the model-facing message schema canonical. (#88229) Thanks @zhangguiping-xydt.
  • CI/Crabbox: keep default runner capacity spot-only and provider-neutral so OpenClaw remote validation does not silently fall back to on-demand leases or stale AWS region hints.
  • CI/Crabbox: route Crabbox wrapper and Testbox workflow edits to their regression tests so changed-test gates do not silently run zero specs.
  • CI/workflows: route workflow sanity helper edits to their guard tests and cover composite-action input interpolation checks.
  • CI/tooling: route CI scope, dependency, changelog, and docs helper edits to their owner tests instead of silently skipping changed-test coverage.
  • CI/tooling: route package, release, and install helper edits to their owner tests so changed-test gates cover publish and installer script changes.
  • CI/tooling: route shared script library edits through their owner tests so lock, process, safety, and scan helpers do not skip changed-test coverage.
  • CI/tooling: skip expensive import-graph scans once a changed diff already requires broad fallback, keeping local changed-test planning fast while still collecting explicit owner tests.
  • CI/tooling: route script edits through conventional owner tests when matching test/scripts or src/scripts coverage already exists.
  • CI/tooling: honor option terminators in the memory FD repro script so follow-on arguments are not reparsed.
  • Release/CI/E2E: assert plugin lifecycle runtime inspect output instead of only capturing it.
  • Release/CI/E2E: make gateway-network prove the advertised health RPC and retry early WebSocket closes without burning full open timeouts.
  • Release/CI/E2E: honor option terminators across release, Parallels smoke, plugin gauntlet, and extension-memory scripts.
  • Release/CI/E2E: fail plugin gateway gauntlet QA chunks when the requested suite summary is missing or invalid.
  • Performance: prebuild QA runtime probes with generated plugin assets but without CLI startup metadata.
  • Performance: skip declaration bundling for runtime-only CLI startup and gateway watch build profiles.
  • Performance: reuse prepared provider handles, strict tool schemas, gateway runtime metadata, session maintenance config, plugin metadata, bundled skill allowlists, package-local plugin artifacts, single-entry store writes, and validated/serialized session prompt blobs.
Check out latest releases or
releases around openclaw 2026.5.31-beta.3

Don't miss a new openclaw release

NewReleases is sending notifications on new releases.

Get notifications