OpenClaw turns the beta.8 dependency cleanup into a stable release, then opens a new beta with auditability and channel UX work
OpenClaw’s latest official movement is bigger than a normal patch cycle. The v2026.5.12 stable release packages the dependency externalization and runtime hardening that had been moving through the beta.6–beta.8 train: leaner installs for Slack, WhatsApp, Bedrock, Vertex, and sandbox dependency cones; isolated Telegram polling with local spooling; Codex/OpenAI auth-profile and fallback repairs; plugin install/update resilience; Windows sandbox and SecretRef credential tightening; and UI/history/reply delivery fixes. The new v2026.5.14-beta.1 then adds a fresh operator-facing layer: WhatsApp gets status reactions for queued, thinking, tool, done, error, and compaction lifecycle states; Telegram presentation payloads can render Mini App `web_app` buttons; subagent tasks are delivered as the child session’s first visible message instead of hidden only in a system prompt; mid-turn prompts can steer active runs by default; Telnyx realtime voice calls enter the release notes; heartbeat event payloads gain an explicit marker; Codex CLI sessions can be listed and bound from a paired node; and release validation now includes installed-package Docker user journeys, dependency evidence, and npm advisory gates. Nearby PRs keep the risk story concrete: #81880 requires canonical node platform IDs before applying desktop command defaults, #81451 caches hydrated skills without putting raw secrets into cache keys, and #68597 blocks symlink escapes in memory reads.
The stable release matters because it converts several days of channel, credential, and dependency hardening into a package operators can actually install. The beta matters because it shifts attention from raw runtime repair toward auditability, richer channel controls, and release supply-chain hygiene — the areas that decide whether agents can be trusted in chat-driven operations.
- v2026.5.12 highlights leaner installs, Telegram isolated polling/spooling, Codex auth-profile repairs, safer plugin updates, Windows sandbox blocks, SecretRef credential handling, and UI/reply delivery fixes
- v2026.5.14-beta.1 release notes add WhatsApp status reactions, Telegram Web App buttons, visible subagent task delivery, mid-turn steering, Telnyx realtime voice calls, heartbeat metadata, Codex CLI session binding, Docker user-journey validation, and dependency/advisory gates
- PR #81880 says noncanonical node platform labels no longer receive desktop host command defaults
- PR #81451 caches resolved skills across warm turns while using redacted config fingerprints rather than raw secret values
- PR #68597 resolves memory target paths and allowed roots to real paths before reading, blocking intermediate symlink escapes
- v2026.5.14-beta.1 is a pre-release; use it to evaluate UX and auditability changes rather than as an automatic production upgrade
- Status reactions and steering alter live chat behavior, so channel-specific noise and interruption semantics need real user testing
- Node-backed Codex binding and realtime calls expand operational surface area; review auth, logging, and fallback behavior before rollout