OpenClaw’s next operator cluster makes approvals readable, scoped, and less likely to poison later runs
The most useful OpenClaw updates in the first Beijing May 15 window are about making real operators understand and trust what the agent is about to do. PR #81864 adds configurable plain-language plugin approval prompts so chat approvals can show a short summary, step list, risk line, and choices instead of a raw dump of command text, tool IDs, session keys, expiry, and `/approve` syntax. PR #81380 binds approval list and resolve paths to stored requester metadata, reducing the chance that one requester can see or resolve another requester’s pending approval. PR #80922 routes POSIX allowlists and allow-always persistence through a Tree-sitter command authorization planner, replacing the legacy chain/pipeline/heredoc parser and producing clearer enforced command renderings. The same window also fixes operational drift: PR #75270 stops temporary fallback models from becoming sticky after the primary model recovers, #81868 keeps exact-command cron turns from loading heavyweight bootstrap/memory context by default, #81870 forwards auth stores into image/video/music generation so OAuth-backed Codex tokens can refresh, and #81764 makes Telegram HTML parse fallback produce readable text with preserved links. PR #81851 is notable but experimental: a Claude CLI interactive backend streams reasoning through a local TLS proxy, so treat it as a sensitive preview rather than a default path.
Approval UX is not cosmetic when agents operate over chat: users need to understand what they are approving, and the gateway needs to prove that approval records are scoped to the right requester. The runtime fixes matter because fallback, cron, auth, and delivery bugs quietly turn a working agent into a confusing one hours later.
- PR #81864 adds `approvals.plugin.language` modes and a plain-English approval renderer for plugin/Codex command approvals
- PR #81380 filters approval lookup/list/resolve paths by requester metadata and stamps plugin approval requests with that metadata
- PR #80922 moves POSIX allowlist evaluation, allow-always persistence, approval summaries, and enforced shell rendering to a Tree-sitter planner
- PR #75270 says successful fallback candidates were persisted into session override state, pinning later turns to the fallback model
- PR #81868 defaults command-style cron payloads to lightweight bootstrap context unless explicitly disabled
- PR #81870 forwards `authProfileStore` into media generation tools so expired OAuth access tokens can refresh
- PR #81764 derives readable plain text from rejected Telegram HTML and preserves anchor targets as `label (url)`
- Most items were still PRs when reviewed, so production builds may not include them yet
- Plain-language approvals must not hide the exact command/script; operators should keep raw or hybrid details available for risky actions
- The experimental local TLS proxy for Claude CLI reasoning is sensitive and should be evaluated for trust, certificate, and audit implications before use