v2026.6.2-beta.1

pre-release

openclaw 2026.6.2-beta.1

Jun 3, 2026 · 24d ago
GitHub →

2026.6.2

Highlights

  • Governed plugin and skill installs: the old dangerous-code scanner gives way to an operator install policy with clearer doctor, CLI, ClawHub, package, archive, source, upload, and marketplace recovery paths. (#89516) Thanks @joshavant and @vincentkoc.
  • Safer channel delivery: Telegram, Feishu, Discord, WhatsApp, and outbound sends now handle transcript mirroring, streamed finals, admin writeback, approval allowlists, poll modifiers, and setup state without corrupting delivery. (#88973, #89626, #89812, #89035, #89814, #89813, #89601) Thanks @pgondhi987, @Petru2224, @zhangguiping-xydt, @ppmuzyk, @codezz, @takhoffman, @vincentkoc, @harjothkhara, @obviyus, @glenn-agent, @kesslerio, and @leiJack-lo.
  • Steadier chat and operator UI: visible stream text, completed sends, Workboard keyboard navigation, dialog accessibility, lazy usage views, and Android companion flows retain their state through normal interaction. (#89801, #89777) Thanks @vincentkoc.
  • Stricter safety checks: config, policy, shell snapshots, exec prechecks, script limits, and Gateway startup reject malformed or unsafe input before it becomes runtime state. (#89701, #87074, #81488, #87056, #89480) Thanks @RomneyDa, @giodl73-repo, @mmaps, @drobison00, @vincentkoc, and @q1387154-spec.
  • More reliable Gateway and model sessions: session locks, abandoned Codex startup, ACP handoffs, custom-provider fanout, provider aliases, prompt caching, and memory checks recover without leaving a run wedged. (#89811, #89244) Thanks @RomneyDa, @takhoffman, @spencer2211, and @vincentkoc.

Changes

  • Plugins/security: replace dangerous-code scanner enforcement with operator install policy, install-policy context, doctor checks, install/update CLI wiring, ClawHub metadata paths, and package/archive/source/upload lifecycle coverage. (#89516) Thanks @joshavant and @vincentkoc.
  • Policy: add data-handling conformance checks and reject unsupported policy keys. (#87056, #87074) Thanks @giodl73-repo.
  • Telegram/channels: show commentary and reasoning in progress drafts, share progress draft compositors across channel plugins, and keep Telegram polling stop/reset boundaries cheaper and more reliable.
  • UI/mobile: add Workboard keyboard movement controls, tighten Workboard card operations, and improve Android companion-first shell UX. Thanks @vincentkoc.

Fixes

  • Channels/outbound: keep channel sends durable when transcript mirroring fails, stop schema-padded poll modifiers from blocking normal sends, preserve WebChat sessions_send handoffs, preserve Discord channel-label suppression while hiding internal agent failure traces, match Discord libopus error shapes, and sanitize Discord tool progress scaffolding. (#89626, #89812, #89601) Thanks @Petru2224, @codezz, @takhoffman, @harjothkhara, and @vincentkoc.
  • Telegram/Feishu: require admin rights for Telegram target writeback, keep Telegram DM exec approval allowlists working with ask:off, prevent Telegram preview duplication across streaming modes, isolate verbose status after streamed finals, cancel clean restart stop timers, slow polling restart storms, and wire Feishu setup runtime setters. (#88973, #89035, #89813, #89814) Thanks @pgondhi987, @zhangguiping-xydt, @ppmuzyk, @takhoffman, @vincentkoc, @obviyus, @kesslerio, @glenn-agent, and @leiJack-lo.
  • Feishu: preserve full streaming card content by sending the merged text on each update instead of only the latest delta, so card readers see complete output when intermediate frames are missed. (#90181) Thanks @mushuiyu886.
  • Chat/UI/Gateway: preserve visible chat stream text, clear stale stream buffers before terminal commits, reconcile completed sends, scroll pending sends into view, harden Workboard dialog accessibility, stabilize WebChat prompt-cache affinity, overlap chat catalog startup, render chat history incrementally, lazy-load usage dashboard, and report gateway health auth diagnostics. (#89337) Thanks @RomneyDa and @vincentkoc.
  • Agents/Codex/providers/models: release session write locks when prompt-release fence reads fail, retire abandoned Codex app-server startups, keep stream-to-parent ACP spawns registered, close Codex startup clients on timeout, recover bundled provider aliases, avoid custom-provider runtime fanout, preserve provider prompt-cache boundaries, forward Gemini stop sequences, and strip Kimi-incompatible Anthropic cache markers. (#89811) Thanks @takhoffman, @spencer2211, and @vincentkoc.
  • Memory/build/update: warn after startup watcher pressure checks, externalize optional Baileys image backends, restore and pin Canvas A2UI compatibility assets, keep plugin repair fetch failures nonblocking, restore Skill Workshop view switching, and keep the current chat toggle active after awaited session switches. (#89244) Thanks @RomneyDa and @vincentkoc.
  • Plugins/auth: keep Hermes migration reports pointed at SQLite auth-profile stores.
  • Plugins/CLI: avoid importing the runtime plugin loader only to clear in-process caches after short-lived plugin install, enable, disable, update, and uninstall commands refresh registry metadata.
  • Security/config/tooling: reject corrupt shell snapshots, suspicious gateway startup configs, malformed numeric limits, oversized audit responses, unsafe exec precheck env, and invalid pending-agent SQLite scaffold denials. (#89701, #89705, #89480, #81488) Thanks @RomneyDa, @mmaps, @drobison00, @vincentkoc, and @q1387154-spec.

Complete contribution record

This audited record covers the complete v2026.6.1..v2026.6.2-beta.1 history: 57 merged PRs. The generation manifest also supplies direct commits as editorial input; the grouped notes above prioritize user impact.

Pull requests

  • PR #88922 fix(google): forward stop sequences to Gemini generationConfig. Thanks @coder999999999.
  • PR #89460 fix(models): preserve provider prompt cache boundaries. Related #89386. Thanks @Enominera.
  • PR #89478 fix: restore Skill Workshop view switcher. Thanks @shakkernerd.
  • PR #76741 fix(kimi): strip anthropic cache markers. Related #76612. Thanks @BryanTegomoh and @vliuyt.
  • PR #89480 fix: recover suspicious gateway startup configs. Related #89331. Thanks @q1387154-spec.
  • PR #87056 Policy: add data handling conformance checks. Thanks @giodl73-repo.
  • PR #81488 Harden node exec approval precheck env [AI]. Thanks @mmaps and @drobison00.
  • PR #89356 Add accessible Workboard movement controls. Thanks @BunsDev.
  • PR #87074 fix(policy): reject unsupported policy keys. Thanks @giodl73-repo.
  • PR #89601 fix(outbound): stop schema-padded poll modifiers from blocking send. Thanks @codezz and @Takhoffman.
  • PR #88963 perf(telegram): avoid broad reset-boundary scan. Thanks @MonkeyLeeT.
  • PR #89125 Suppress internal agent failure traces before channel delivery. Thanks @fuller-stack-dev.
  • PR #89701 fix(exec): reject corrupt shell snapshots. Thanks @RomneyDa.
  • PR #89705 fix: allowlist pending agent sqlite scaffold. Thanks @RomneyDa.
  • PR #89704 Share channel progress draft compositor. Thanks @obviyus.
  • PR #89708 perf(control-ui): coalesce chat metadata startup. Thanks @vincentkoc.
  • PR #89337 fix: report gateway health auth diagnostics. Related #89711. Thanks @RomneyDa.
  • PR #88685 Render dashboard chat history incrementally. Related #87345. Thanks @alexzhu0 and @2xmncvcx92-dotcom.
  • PR #89740 fix(gateway): stabilize webchat prompt cache affinity. Related #89139. Thanks @vincentkoc and @Enominera.
  • PR #89191 fix(webchat): show sessions_send handoffs as forwarded. Related #89161. Thanks @849261680 and @Xj49688-lgtm.
  • PR #89723 fix(auto-reply): surface fatal channel errors. Thanks @fuller-stack-dev.
  • PR #89727 fix #87699: [Bug]: [BUG] UI shows agent "running" after conversation ends — requires manual page refresh every time. Thanks @zhangguiping-xydt and @csck-luoy.
  • PR #88786 fix #71992: [Bug]: Control UI webchat duplicates every assistant reply on 2026.4.21 — regression from #5964/#39469. Thanks @zhangguiping-xydt and @rzhnrhjr6j-cloud and @astoreyai and @kAIborg24.
  • PR #89530 fix(ui): preserve visible chat stream text. Related #67035. Thanks @osolmaz and @q7793527.
  • PR #87072 feat(telegram): opt-in interleaved progress lane. Thanks @anagnorisis2peripeteia.
  • PR #89771 perf(ui): start chat refresh before bootstrap. Thanks @vincentkoc.
  • PR #89777 perf(ui): label delayed chat sends in telemetry. Thanks @vincentkoc.
  • PR #89786 perf(gateway): overlap chat catalog startup. Thanks @vincentkoc.
  • PR #89793 test(ui): cover control chat send timing phases. Thanks @vincentkoc.
  • PR #89801 perf(ui): surface chat ACK server timing. Thanks @vincentkoc.
  • PR #89355 Harden Workboard modal and drawer accessibility. Thanks @BunsDev.
  • PR #89802 docs(web): document chat ACK timing metadata. Thanks @vincentkoc.
  • PR #89391 fix(android): improve companion-first shell UX. Thanks @Tosko4.
  • PR #89811 fix(agents): release session write lock if fence read throws on prompt release. Thanks @Takhoffman and @spencer2211.
  • PR #89808 perf(ui): trace chat send server milestones. Thanks @vincentkoc.
  • PR #89813 fix(telegram): isolate verbose status after streamed finals. Related #89540. Thanks @Takhoffman and @kesslerio.
  • PR #89814 fix(feishu): wire setup runtime setter. Related #88024. Thanks @Takhoffman and @glenn-agent and @leiJack-lo.
  • PR #85961 fix #85807: retain Telegram preview after generation race. Thanks @zhangguiping-xydt and @samson1357924.
  • PR #89035 fix #88773: [Bug]: Telegram DM exec requires approval despite allowlist + ask:off — works in webchat, not in Telegram. Thanks @zhangguiping-xydt and @obviyus and @ppmuzyk.
  • PR #88634 fix(telegram): prevent preview duplication in partial and block streaming modes. Related #87624. Thanks @jmao0001 and @tuckyapps.
  • PR #89812 fix(outbound): keep channel send durable when transcript mirror fails (#89626). Thanks @Takhoffman and @harjothkhara and @Petru2224.
  • PR #88973 fix(telegram): require admin for target writeback [AI]. Thanks @pgondhi987 and @vincentkoc.
  • PR #89449 refactor(gateway): share duplicated test helpers. Thanks @vincentkoc.
  • PR #88832 fix(telegram): slow polling restart storms. Thanks @TurboTheTurtle.
  • PR #89960 test(channels): fix guardrail regex lint. Thanks @RomneyDa.
  • PR #89244 fix(memory): warn after startup watcher pressure check. Thanks @RomneyDa.
  • PR #89516 Add operator install policy and remove dangerous-code install scanners. Thanks @joshavant.
  • PR #90024 chore(release): update appcast for 2026.6.1.
  • PR #89613 docs: document auth profile failure policy contract.
  • PR #89548 fix(agents): classify read-only shell commands as non-mutating. Thanks @Glucksberg.
  • PR #89939 fix: keep stream-to-parent spawns registered. Thanks @scotthuang.
  • PR #88964 fix(agents): repair context-engine tool-result pairing. Related #88561. Thanks @MonkeyLeeT and @Finn-jiejie.
  • PR #82219 fix(codex): accept first-party OpenAI plugin marketplaces (bundled and primary-runtime). Related #82216. Thanks @yaanfpv.
  • PR #89998 revert(codex): revert first-party marketplace allowlist. Thanks @kevinslin.
  • PR #89176 fix(browser): honor tab timeout for Chrome MCP. Related #88213. Thanks @MonkeyLeeT and @lamkan0210.
  • PR #90043 fix: restore Skill Workshop current chat toggle. Thanks @shakkernerd.
  • PR #81422 fix(update): surface plugin channel fallbacks. Thanks @BKF-Gitty.

Release verification

  • npm package: https://www.npmjs.com/package/openclaw/v/2026.6.2-beta.1
  • registry tarball: https://registry.npmjs.org/openclaw/-/openclaw-2026.6.2-beta.1.tgz
  • integrity: sha512-0lugviNlRNrTTK3Az+aJ/1f9bu7lo1WHwqHO2lkW4GJIV5LT58XhpoXXL3TKzosqJjAjvW4JXJstrK6nhZwpHg==
  • full release validation: https://github.com/openclaw/openclaw/actions/runs/26918960809
  • npm preflight: https://github.com/openclaw/openclaw/actions/runs/26918964585
  • release publish: https://github.com/openclaw/openclaw/actions/runs/26920144100
  • release checks: https://github.com/openclaw/openclaw/actions/runs/26919202085
  • CI: https://github.com/openclaw/openclaw/actions/runs/26919201946
  • plugin prerelease validation: https://github.com/openclaw/openclaw/actions/runs/26919202959
  • performance: https://github.com/openclaw/openclaw/actions/runs/26918932463
  • plugin npm publish: https://github.com/openclaw/openclaw/actions/runs/26920331316
  • plugin ClawHub publish: https://github.com/openclaw/openclaw/actions/runs/26920332148 (workflow ended with pixverse already-published race; all expected ClawHub versions verified live)
  • published package smoke: node --import tsx scripts/openclaw-npm-postpublish-verify.ts 2026.6.2-beta.1 passed
  • npm Telegram beta E2E: https://github.com/openclaw/openclaw/actions/runs/26921311123
< all OpenClaw releases