2026-05-12 Product update Watch

OpenClaw beta 4 shifts the May 12 story to agent boundaries and channel survival

OpenClaw v2026.5.10-beta.4 supersedes beta.3 as the current prerelease. The important change is not one feature, but a broad hardening pass around always-on agent operations: per-agent message-tool policy overrides can restrict public or sandboxed agents to the current conversation and send-only actions; Codex app-server clients are retired after bounded interrupts so timed-out Discord runs do not reuse CPU-spinning processes; long session transcript scans move from whole-file reads to bounded streaming helpers, with a synthetic 200 MiB transcript dropping peak RSS delta from +252 MiB to +27 MiB; persisted secret-shaped payloads are redacted; memory promotion is capped to stay under bootstrap budget; and large Slack, Telegram, WhatsApp, Cron, voice, model-provider, Gateway, and Control UI repair lists target the practical places where channel agents fail.

ImpactEmerging Sources3 Audienceoperator · developer · team

Why it matters

The release shows OpenClaw moving from “does the agent answer?” toward “does the right agent answer, through the right channel, with the right memory and permissions, after days of runtime state?” That is the difference between a demo assistant and an operational personal-agent system. The caveat is size: a prerelease touching channels, providers, SDKs, memory, compaction, Codex, Cron, and UI needs a narrow rollout and rollback plan.

Evidence

Official v2026.5.10-beta.4 release notes were published at 2026-05-11T16:04Z, which is 2026-05-12 in Asia/Shanghai
Release notes add per-agent message cross-context/action allow overrides for sandboxed and public agents
Release notes describe bounded Codex app-server retirement after turn interrupts and native Codex tool diagnostics
Release notes replace full transcript scans with streaming helpers and cite a 200 MiB synthetic transcript memory drop from +252 MiB to +27 MiB
Release notes include persisted secret-shaped payload redaction, extra memory symlink rejection, memory promotion budget caps, and many Slack/Telegram/WhatsApp delivery fixes
Fresh issue #80698 documents remaining credential-isolation pressure: global env vars can leak GitHub tokens across agents until per-agent env scoping exists

Risk notes

This is still a prerelease with a very wide change surface
The release bundles new controls and many fixes; teams should isolate regressions by channel instead of upgrading every integration at once
Per-agent message policy is improving, but per-agent environment variable isolation remains an open request
Some adjacent fresh issues, including WhatsApp allowlist hot-reload and isolated cron announce delivery, show channel reliability still needs operator testing

Verdict

Watch

Next: Treat beta.4 as a staging upgrade candidate, not an automatic production jump. Prioritize tests for public/sandboxed agents, cross-context message sending, Discord timeout recovery, long transcript lookup/compaction, secret persistence, Slack thread and DM behavior, Telegram reply/media handling, WhatsApp hot-reload paths, and one Cron notification path. If you run multiple agents with different GitHub or cloud credentials, also track issue #80698 because per-agent environment scoping is still a requested isolation layer, not a released fix.

Products

OpenClaw

Sources

GitHub release notesGitHub issues and pull requests

github.com/openclaw/openclaw/releases/tag/v2026.5.10-beta.4 github.com/openclaw/openclaw/issues/80698 github.com/openclaw/openclaw/pull/80668 github.com/openclaw/openclaw/issues/80704

Related reading

OpenClaw issue flags an internal-planning text leak in channel output

OpenClaw’s newest risk cluster is not model quality — it is session hygiene

OpenClaw 2026.5.9 beta widens the agent runtime surface before the next stable cut