OpenClaw’s next operator cluster is about outbound hooks, TTS, auth locks, and fallback visibility
After beta.6, the most useful new OpenClaw cluster is a set of small fixes that all sit on the real-user path. PR #81680 makes encrypted-messaging reply delivery invoke the same `message_sending` plugin hook used by other channels, so content gates, audit hooks, and DLP filters are no longer blind to those replies. PR #81681 applies TTS transformation to `message(action=send)` tool sends, fixing `[[tts:text]]` directives that previously went out as literal text while final replies worked. PR #81679 backports the Codex OAuth refresh-spam fix and keeps quota / entitlement failures from becoming false relogin prompts. PR #81678 reclaims stale auth-profile file locks when the recorded owner process is dead. Issue #81664 asks for user or hook notification when a primary model silently falls back to a secondary model. Issue #81649 reports a real 2026.5.7 regression where the Anthropic agent harness was not registered and only six of seven expected plugins loaded across Windows, WSL2, Docker, and native installs. PR #81642 also lands the first bundled DingTalk channel core, while #81303 adds `session.maintenance.preserveKeys` so a primary WebUI session is not pruned just because retention is short.
Personal agents become trustworthy only when all send paths obey the same hooks and visibility rules. A DLP hook that misses one channel, a TTS directive sent as raw text, a stale auth lock, or a silent model fallback can all produce confusing or unsafe behavior even when the core model is fine.
- PR #81680 says the encrypted-messaging monitor called the raw send path directly and now matches Telegram's `message_sending` hook flow, including cancel and content override handling
- PR #81681 adds the existing TTS payload transformation pattern to `executeSendAction` for message-tool sends and reports 21 outbound-send-service tests passing
- PR #81679 backports Codex OAuth refresh-spam handling while preserving entitlement and usage-limit payloads as non-auth-refresh failures
- PR #81678 adds stale file-lock reclaim for auth profiles when the recorded owner PID is dead
- Issue #81664 documents that model fallback is currently silent to users except for logs/session status
- Issue #81649 reports `Requested agent harness "anthropic" is not registered` on 2026.5.7 across multiple install paths
- PR #81642 adds a bundled DingTalk channel core with basic registration, stream-mode transport, multi-account isolation, and text/media round trips
- PR #81303 adds `session.maintenance.preserveKeys` for sessions that should not be pruned
- Several fixes are open PRs or branch backports, so installed builds may not include them yet
- Hook parity needs per-channel tests because a single bypass can defeat audit or content-control plugins
- Fallback notifications must avoid spamming users while still making model changes visible enough for cost and reliability decisions