npm openclaw 2026.5.31-beta.4
openclaw 2026.5.31-beta.4
on Node.js NPM

7 hours ago

2026.5.31

Highlights

  • Agents and CLI-backed runtimes recover more cleanly from interrupted tool calls, stale session bindings, compaction handoffs, and media delivery retries. (#88129, #88136, #88141, #88162, #88182)
  • Channels and mobile delivery are steadier across Telegram, WhatsApp, iMessage, Slack, Discord, Microsoft Teams, Google Chat, Google Meet, and iOS realtime Talk. (#88096, #88105, #88183, #88231)
  • Gateway and channel setup add Tailscale Serve service-name binding, Communication notification settings, safer agents add, and more reliable progress drafts across Discord, Telegram, Slack, Matrix, and Teams. (#74715, #83115, #88314, #88749) Thanks @VladyslavLevchuk and @zhangguiping-xydt.
  • Provider and plugin requests now bound more timers, retries, OAuth/device-code lifetimes, media downloads, local service probes, and generated-content polling paths before they can hang a run.
  • Skills, session metadata, gateway runtime state, plugin metadata, and store writes do less repeated work on hot paths while keeping config and dispatch behavior stable.
  • Skills and plugin loading now handle stale disabled snapshots and loader failures more clearly, so channel turns avoid disabled SecretRefs and operators get better recovery guidance. (#79072, #79173) Thanks @zeus1959.
  • Workboard, SecretRef plugin manifests, hosted iOS push relay, and external Copilot/Tokenjuice packaging add broader orchestration, integration, and plugin delivery surfaces. (#82326, #87469, #87796, #88107, #88117)
  • Skill Workshop now has a fuller Control UI flow with proposal lists, today actions, revision handoff, searchable file previews, review states, locale coverage, and reusable session routing.
  • Chat and Control UI startup paths keep sends alive through history loading, stream deltas incrementally, skip markdown work while streaming, and expose calmer composer controls. (#88772, #88825)
  • Provider coverage and model metadata now include MiniMax M3, account OAuth endpoints, Google/Vertex catalog fixes, OpenRouter SQLite model caching, Copilot Claude 1M capabilities, Foundry reasoning alignment, and OpenAI response replay guards. (#88480, #88512, #88851, #88860)
  • iMessage monitor state, inbound queues, and plugin install ledgers moved toward SQLite-backed state so restarts and local monitors recover with less duplicate filesystem scanning. (#88794, #88797)
  • Release, CI, Docker, E2E, and diagnostics lanes now cap more logs, response bodies, readiness probes, artifact checks, and status polling so failures report bounded proof instead of stalling.

Changes

  • Docs: add a dedicated Skill Workshop guide covering governed skill creation, reviewable proposals, CLI, Gateway, agent tool behavior, approval policy, support files, and recovery. Thanks @shakkernerd.
  • Skills: let the skill_workshop agent tool apply, reject, and quarantine explicit proposals through the guarded review flow. Thanks @shakkernerd.
  • Skills: let proposals carry approved support files under standard skill folders, with scanner, hash, and rollback safeguards. Thanks @shakkernerd.
  • Skills: let pending proposals be revised in place with versioned, dated proposal frontmatter before approval. Thanks @shakkernerd.
  • Skills: add Skill Workshop with pending proposals, CLI/Gateway review actions, rollback metadata, and the skill_workshop agent tool. Thanks @shakkernerd.
  • Skill Workshop: add the Control UI navigation, styled dashboard, proposal today view, revision dialog, file preview modal, searchable preview files, reusable session handoff, and localized strings.
  • Plugins: externalize Tokenjuice as the official @openclaw/tokenjuice plugin with npm and ClawHub publish metadata.
  • Plugins: externalize the GitHub Copilot agent runtime as the official @openclaw/copilot plugin with npm and ClawHub publish metadata.
  • iOS: add hosted push relay defaults, realtime Talk playback, and a guarded WebSocket ping path for more reliable mobile sessions. (#88096, #88105, #88231)
  • iOS: support native iPad display layouts.
  • Workboard: add orchestration primitives and agent coordination tools for multi-agent planning and run tracking. (#87469)
  • Workboard: wire task-backed board runs and show task comments in the edit modal.
  • Gateway: support Tailscale Serve service-name bindings for gateway exposure and status.
  • Code mode: add internal namespaces for scoped agent/global sessions and exact namespace tool dispatch. (#88043)
  • Code mode: add MCP API files and docs for code-mode integrations.
  • Control UI: add a Dreaming-tab agent selector and propagate the selected agent through Dreaming status, diary, and diary actions. (#78748) Thanks @stevenepalmer.
  • Control UI: add calmer chat composer controls for active chat entry. (#88772)
  • Control UI: expose the Communication Notifications settings tab so notification controls are reachable from settings. (#74715) Thanks @VladyslavLevchuk.
  • Plugin SDK/channels: add typed presentation command actions so native slash-command and callback controls can round-trip through capable channel plugins without being reinterpreted. (#88721)
  • Plugins: add a SecretRef provider integration manifest contract and extract shared LLM core packages for provider/plugin reuse. (#82326, #88117)
  • Plugins: persist the plugin install index in SQLite so installed package lookup survives reloads with less filesystem scanning. (#88794)
  • Providers: add MiniMax M3 model support. (#88860)
  • Doctor: add disk space health checks and stabilize post-upgrade JSON probes.
  • Channels: store inbound queues in SQLite and migrate iMessage monitor state to SQLite-backed tracking. (#88797)
  • Skills: add the core skills index and centralize skills runtime loading, status, filtering, and prompt formatting.

Fixes

  • Agents/TUI: keep local custom provider runs from loading plugin runtime and auth alias metadata when plugins are disabled.
  • Agents/TUI: restore in-flight TUI run switch-back behavior, keep no-policy native hook fallback available, guard vanished workspaces, and keep lightweight isolated subagents lightweight.
  • Agents/media: keep async image, music, and video generation starts from ending the Codex turn, so mixed requests can continue with summaries or other work while media renders in the background.
  • Agents/Codex: keep public OpenAI API-key profiles from being treated as native Codex app-server auth while preserving persisted Codex OAuth sessions.
  • Agents/Codex: stream Codex app-server final-answer partials to live reply previews, preserve ACP metadata in SQLite, prefer real tool results over synthetic repair output, and preserve workspace/session metadata through ACP runtime refactors. (#88405, #88724, #88730)
  • Control UI: keep collapsed tool cards labeled with the tool name and action instead of generic output text. Thanks @shakkernerd.
  • Agents/Codex: surface Skill Workshop guidance in Codex app-server prompts when skill_workshop is available. Thanks @shakkernerd.
  • Agents/auth: write auth profiles atomically, add force re-login recovery, preserve workspaces during state-only uninstall, and compact before oversized turns so recovery paths avoid partial state.
  • Skills: skip disabled skill env overrides from stale persisted snapshots so disabled skill apiKey SecretRefs cannot abort embedded or channel turns. (#79072, #79173) Thanks @zeus1959.
  • CLI: avoid live catalog validation during openclaw agents add, so adding a secondary agent no longer depends on provider catalog availability. (#76284, #88314) Thanks @zhangguiping-xydt.
  • CLI: keep plugins list --json on the snapshot-only path so plugin sweeps avoid loading the full runtime status graph.
  • CLI/desktop: bridge WSL clipboard operations through the shell and recognize manual-update launchd jobs. (#88764)
  • Plugins: make PixVerse external-plugin ClawHub metadata explicit and keep it out of bundled dist builds.
  • Plugins: clarify plugin loader failure guidance so missing or incompatible plugin packages point operators at the right repair path.
  • Plugins: preserve npm plugin roots after blocked installs, isolate cached tool runtime siblings, and isolate web-provider factory failures so one bad plugin does not poison sibling runtime paths. (#77237, #88807)
  • Cron: keep SQLite cron migrations compatible with legacy run-log tables, archived job stores, diagnostic cron names, and legacy one-shot delete-after-run behavior. (#88285)
  • Cron: keep update delivery validation scoped, harden restart state, and retire MCP runtimes on isolated cron cleanup.
  • Memory: serialize QMD update/embed writes per store, preserve phase signals on read errors, and rewrite generated transcript paths on rollover so memory/search state survives concurrent gateway and CLI activity. (#66339, #85931) Thanks @openperf.
  • Media: allow validated TXT, JSON, YAML, and YML host-local document sends while rejecting binary-disguised text files. (#79658) Thanks @simplyclever914.
  • Voice calls: migrate legacy call logs through doctor into plugin-state SQLite while keeping malformed or incomplete sources retryable. (#88731)
  • Providers: bound generated media downloads from OpenAI, Runway, xAI, MiniMax, BytePlus, DashScope-compatible, FAL, OpenRouter, Google, Vydra, and Comfy providers.
  • Providers: resolve Google defaults to google-generative-ai, register Vertex static catalog rows, align Foundry reasoning metadata, skip DeepSeek V4 thinking params on Foundry fallback, use MiniMax account OAuth endpoints, preserve Copilot Claude 1M capabilities, suppress disabled Ollama reasoning output, keep OpenAI stop-finished tool calls, and avoid replay ids when the Responses store is disabled. (#88480, #88512)
  • Providers/OpenAI: avoid orphan Responses message-id replay and sanitize raw HTTP 401 provider errors before they reach user-facing logs.
  • Providers: cap GitHub Copilot OAuth request timeouts before creating abort signals.
  • Cron: retry recurring jobs after transient model rate limits before waiting for the next scheduled slot.
  • Agents/Codex: keep live session locks during cleanup, recover interrupted CLI tool transcripts, preserve Codex auth and compaction session identity, clear orphan tool state, cap app-server idle timers, and keep media completion delivery retryable. (#88129, #88136, #88141, #88162, #88182)
  • Chat/UI: show Gateway chat failures as visible assistant messages in the Control UI instead of only setting an invisible error state.
  • Channels: recover failed progress-draft starts and refresh just-started progress drafts across Discord, Telegram, Slack, Matrix, and Teams instead of losing early progress updates. (#83115, #88749)
  • Discord: bound REST entity cache growth and keep recovered tool warning output mention-inert.
  • Channels: cap Telegram, Discord, WhatsApp, Signal, Feishu, Google Chat, Microsoft Teams, QQBot, Nostr, Zalo, Zalouser, and Nextcloud-style request/retry timers; preserve SMS approval reply routes; and retry WhatsApp QR login 408 timeouts. (#88183)
  • Security/config parsing: reject unsafe OAuth/token lifetimes, retry-after delays, inbound timestamps, response body sizes, command timeout config, sandbox observer token TTLs, and gateway WebSocket calls after close.
  • Gateway/security: rate-limit bootstrap-token verification, guard direct session display names, and add Tailscale Serve service-name support without weakening gateway exposure checks.
  • Providers/media: cap local service, model, usage, queue, generated media, TTS, music, workflow polling, and provider OAuth request timers across hosted and local providers.
  • Plugins/install: add npm README coverage for channel providers and pin WhatsApp media decoding to Baileys' supported peer range so external WhatsApp installs do not fail npm peer resolution.
  • Release/CI/E2E: bound release candidate reads, beta smoke REST calls, changelog restore, kitchen-sink and bundled plugin readiness probes, secret-provider probes, Vitest routing, and mainline test flakes. (#88127, #88137, #88155, #88160)
  • Release/CI/E2E: keep Kitchen Sink live plugin MCP probes resolving source-checkout workspace packages and align the live gauntlet with current Kitchen Sink diagnostics.
  • Release/CI/E2E: refresh pinned Node Docker image digests and keep pairing challenge assertions aligned with fenced approval commands. (#84981, #84988) Thanks @LibraHo.
  • Release/CI/E2E: run the secret-provider integration proof through the repo pnpm runner so native macOS and Windows validation use the hydrated package-manager shim.
  • Release/CI/E2E: run the Telegram desktop proof gateway through the repo pnpm runner so native macOS proof uses the hydrated package-manager shim.
  • Docs/CI: run Mintlify anchor checks through the repo pnpm runner so docs link validation works when pnpm is only available through the hydrated package-manager shim.
  • Agents: keep configured fallback model metadata typed so provider params, context-token caps, and media input limits do not break changed-gate typechecks.
  • Agents: accept hidden sessions_send body aliases before validation while keeping the model-facing message schema canonical. (#88229) Thanks @zhangguiping-xydt.
  • Chat/UI: preserve startup chat sends during history loading, unblock the initial Control UI chat send, stream chat deltas incrementally, skip markdown parsing while streaming, honor Chromium executable overrides, and detect system Chromium for E2E.
  • Channels: preserve long Feishu streaming replies, send visible fallbacks when accepted Feishu turns produce no final reply, tolerate iMessage self-chat timestamp skew, decode Nostr npub allowlists correctly, and suppress raw provider errors during channel delivery. (#87896)
  • Config/status/doctor: skip unresolved shell references in state-dir dotenv files, resolve gateway auth secrets during deep status audits, respect explicit PI runtime policy, report runtime tool-schema errors, and keep post-upgrade JSON stable. (#88288)
  • Gateway/session state: list commands from the Gateway plugin registry, harden MCP loopback tool schemas, hide phantom agent-store rows from sessions.list, make task persistence failures explicit, and carry session UUIDs on interactive dispatch events.
  • OpenAI/TTS: handle speed directives for OpenAI TTS voices. (#74089)
  • CI/Crabbox: keep default runner capacity on the Azure credit-backed on-demand D4 lane with the Azure SSH port and a Git-independent full check job, so broad validation avoids low-priority spot quota stalls, hydrate port mismatches, non-Git hydrated workspaces, and stale AWS region hints.
  • CI/Crabbox: route Crabbox wrapper and Testbox workflow edits to their regression tests so changed-test gates do not silently run zero specs.
  • CI/workflows: route workflow sanity helper edits to their guard tests and cover composite-action input interpolation checks.
  • CI/tooling: route CI scope, dependency, changelog, and docs helper edits to their owner tests instead of silently skipping changed-test coverage.
  • CI/tooling: route package, release, and install helper edits to their owner tests so changed-test gates cover publish and installer script changes.
  • CI/tooling: route shared script library edits through their owner tests so lock, process, safety, and scan helpers do not skip changed-test coverage.
  • CI/tooling: skip expensive import-graph scans once a changed diff already requires broad fallback, keeping local changed-test planning fast while still collecting explicit owner tests.
  • CI/tooling: route script edits through conventional owner tests when matching test/scripts or src/scripts coverage already exists.
  • CI/tooling: honor option terminators in the memory FD repro script so follow-on arguments are not reparsed.
  • Release/CI/E2E: assert plugin lifecycle runtime inspect output instead of only capturing it.
  • Release/CI/E2E: make gateway-network prove the advertised health RPC and retry early WebSocket closes without burning full open timeouts.
  • Release/CI/E2E: honor option terminators across release, Parallels smoke, plugin gauntlet, and extension-memory scripts.
  • Release/CI/E2E: fail plugin gateway gauntlet QA chunks when the requested suite summary is missing or invalid.
  • Performance: prebuild QA runtime probes with generated plugin assets but without CLI startup metadata.
  • Performance: skip declaration bundling for runtime-only CLI startup and gateway watch build profiles.
  • Performance: reuse prepared provider handles, strict tool schemas, gateway runtime metadata, session maintenance config, plugin metadata, bundled skill allowlists, package-local plugin artifacts, single-entry store writes, and validated/serialized session prompt blobs.
Check out latest releases or
releases around openclaw 2026.5.31-beta.4

Don't miss a new openclaw release

NewReleases is sending notifications on new releases.

Get notifications