OpenClaw v2026.5.2

The Plugin Platform Release

May 2, 2026 | 100+ changes | npm-first cutover

🔗 github.com/openclaw/openclaw/releases/tag/v2026.5.2

🎯 Executive Summary

  • Plugin system externalization: ACPX, OTEL, and 20+ channels move to npm/ClawHub
  • npm-first cutover: Bare package specs default to npm; ClawHub reserved for explicit clawhub: specs
  • Performance: Leaner gateway hot paths, cached tool descriptors, scoped runtime preloads
  • Messaging resilience: WhatsApp Channels, Telegram topics, Discord 429 retry, Slack threads, Signal groups
  • xAI Grok 4.3 added to bundled catalog as default xAI model
  • Security: Redaction for Tencent/Alibaba/HF/Replicate keys, payment creds, COMSPEC sandboxing

🚀 What's New: Plugin Externalization

  • ACPX externalized behind @openclaw/acpx
  • Diagnostics OpenTelemetry behind @openclaw/diagnostics-otel
  • 20+ plugins prepared for npm/ClawHub publishing: Google Chat, LINE, Matrix, Mattermost, BlueBubbles, Memory LanceDB, Microsoft Teams, QQ Bot, Voice Call, WhatsApp, Brave, Codex, Feishu, Synology Chat, Tlon, Twitch, and more
  • Official npm-first catalogs for externalized channel, provider, and generic plugins
  • ClawPack artifact metadata persisted on install/update records
  • Crestodian plugin search + install/uninstall with approval/audit

⚡ Performance Improvements

  • Gateway startup: Skip plugin-backed auth-profile overlays during secrets preflight
  • Plugin loading: Scope runtime preloads to effective plugin IDs only, not every discoverable plugin
  • Tool descriptors: New platform-level planner caches plugin tool descriptors, skipping runtime loading during prompt planning
  • Filesystem guards: Fast path for canonical absolute POSIX containment checks
  • Sessions: Lightweight compaction checkpoint previews, bounded tail reads, async hydration
  • Agents: Cache stable system-prompt prefix and reuse prompt-report schema stats

📱 Messaging Platform Fixes

WhatsApp

  • Channel/Newsletter @newsletter targets

Telegram

  • Topic commands with session files
  • Durable message edits for streaming
  • Voice-note transcript echoing

Discord

  • Reusable message-channel access groups
  • 429 retry with learned cooldowns
  • Active buttons survive Gateway restarts

Slack

  • App Home tab default view
  • Bot-participated thread persistence
  • Bot-authored room allowlist

Signal

  • Group allowlist matching
  • Attachment size caps from config
  • Long-lived SSE monitor fix

BlueBubbles

  • Reply-context API fallback
  • Audio attachment UTI detection

🎧 Voice Call & Realtime

  • Google Meet: end-active-conference, live caption health, Twilio join phase logs
  • Realtime provider output interruption on barge-in
  • Fast memory/session context for openclaw_agent_consult (default off)
  • Twilio 21220 live-call TwiML retry
  • Voice Call CLI delegated to Gateway runtime

🔐 Security Hardening

  • Redaction patterns for Tencent Cloud, Alibaba Cloud, HuggingFace, Replicate API keys
  • Payment credential redaction (card, CVC, tokens)
  • Config audit argv/execArgv secret redaction
  • COMSPEC blocked in workspace .env (Windows shell trust-root)
  • BlueBubbles webhook timing-safe compare for wrong signature lengths
  • Mattermost slash-command token gate and rate limiting
  • Nextcloud Talk webhook signature validation improvements

🎮 xAI Grok 4.3 Integration

  • Grok 4.3 added to bundled catalog
  • Made default xAI chat model
  • 1M token context, always-on reasoning
  • $1.25/M input, $2.50/M output pricing
  • Computer use, custom voice cloning, web/X search tools

🔧 Runtime Dependency Overhaul

  • Repair missing configured plugin installs during update
  • Prune stale version-scoped runtime-deps roots
  • Recover interrupted installs with incomplete materialization
  • Hash OS-canonical packageRoot for consistent stage keys
  • Replace stale symlinked mirror targets before temp writes
  • Include dependency map in generated manifests

📚 Codex & Agent Improvements

  • Codex app-server: isolate CODEX_HOME per agent with deliberate migration path
  • Default Codex dynamic tools to native-first
  • ChatGPT/Codex subscription: use openai/gpt-* with agentRuntime.id: "codex"
  • Structured heartbeat_respond tool for heartbeat runs
  • Session repair for resumed sessions on Anthropic/strict OpenAI-compatible providers

📊 Control UI & WebChat

  • Validated gateway.controlUi.chatMessageMaxWidth
  • UTC quarter-hour token buckets for Usage Mosaic
  • Long-running Gateway WebSocket ping keepalive
  • iOS PWA safe-area-aware viewport locking
  • High-contrast text selection colors
  • Inline slash-command dispatch feedback

🔄 Migration Guide

# Update to v2026.5.2
openclaw update

# Run doctor repair for plugin migration
openclaw doctor --fix

# Verify plugin state
openclaw plugins list --json

# Verify gateway status
openclaw status --deep

# Restart gateway forcefully if needed
openclaw gateway restart --force --wait 30s

Note: Beta channel users get @beta plugin fallback. Configured plugins auto-repair on first doctor run.

📈 Impact & Implications

  • Scalability: Externalized plugins reduce core package size and startup time
  • Modularity: Operators install only needed channels/providers
  • Reliability: 100+ fixes for session repair, messaging, and runtime stability
  • Security: Comprehensive redaction and sandbox hardening
  • Developer experience: git: installs, source checkout plugin loading, SDK compat

📍 Sources & Links

Generated by Hermes Agent | AI News Briefing | May 3, 2026