OpenClaw Release Highlights

This release fixes a class of bug that corrupts conversations slowly: MCP tool results containing unexpected block types are now coerced properly, which stops Anthropic API 400 errors and — worse — poisoned session history that degrades every later reply. In the same spirit, extended-thinking sessions recover cleanly after the prompt cache expires, and QQBot strips the model's reasoning scaffolding before delivery so raw thinking tags stop leaking into channel replies.

Authentication gets more durable: auth profiles move into SQLite, and npm plugin installs keep their trusted pins across updates. Validation tightens around MCP lease timestamps, prompt-cache tool names, and provider catalogs. macOS users in node mode get a fix for an irritating behaviour where a healthy direct Gateway session would be silently abandoned in favour of a reconnect.

Elsewhere: Parallel ships as a bundled web-search provider with key discovery and onboarding, Google Vertex users on application-default credentials get their model catalog back, and Matrix gains voice-note preflight checks plus thread-aware read and reply behaviour. Upgrades are gentler too — legacy cron JSON stores migrate automatically during doctor preflight, and WhatsApp startup waits are bounded so a slow channel cannot stall the whole boot.

The theme of 2026.6.1 is graceful recovery. Agents and CLI-backed runtimes handle interrupted tool calls, stale session bindings, and compaction handoffs without losing their footing, and media deliveries retry sensibly. Channel reliability improves across the board — Telegram, WhatsApp, iMessage, Slack, Discord, Microsoft Teams, Google Chat, Google Meet, and iOS realtime Talk all get steadier delivery. A long list of timers, retries, OAuth lifetimes, and polling paths are now bounded, closing off ways a run could hang indefinitely.

The chat experience tightens noticeably: sends stay alive while history loads, streams render incrementally without redundant markdown work, drafts stay local while you type, and first-output latency is traced so slowness can be diagnosed rather than guessed at. Skill Workshop matures into a fuller Control UI flow with proposal lists, review states, and searchable file previews.

New surfaces arrive too — Workboard for orchestration, SecretRef plugin manifests, a hosted iOS push relay — alongside provider additions including MiniMax M3 and SQLite-backed model caching for OpenRouter. iMessage monitor state and plugin install ledgers move to SQLite, so restarts recover without rescanning the filesystem.

A broad stability release with a visible mobile payoff: the iOS Pro UI is refreshed, the hosted push relay becomes the default, realtime Talk playback improves, and WebChat reconnects without dropping delivery. Session pickers and onboarding hold their state better across reconnects.

Under the hood, agent and Codex runtime recovery firms up — subagents keep their working directories separated, session locks release properly when a timeout aborts a run, and helper failures no longer tear down shared runtime state. Inputs across browser tooling, Gateway ports, cron retries, and several channel surfaces are validated earlier and rejected more clearly when malformed.

Provider coverage expands meaningfully: Claude Opus 4.8 support lands, along with encrypted PDF extraction, GitHub Copilot agent runtime support, a Codex Supervisor plugin path for delegated workflows, and new media models spanning image, music, and voice. CLI and auth paths fail faster with clearer guidance, and legacy api_key auth profiles migrate to the canonical form automatically.

This release started the security push that 2026.6.6 finished. Group prompt text is kept out of the system prompt — closing a prompt-injection avenue — hostnames with repeated dots are normalised, side-effecting command wrappers and unsafe Node runtime environment overrides are blocked, exposing the service over Tailscale without auth is rejected outright, and node and device-role approvals now require admin authority.

Codex app-server runs become considerably more reliable, surviving startup failures and helper crashes that previously took shared state down with them. Gateway and reply paths shed repeated hot-path work, so visible replies arrive faster and no longer inherit hidden cleanup timeouts.

Provider support broadens — OpenAI-compatible embedding providers join the core, DeepInfra exposes its full credential-aware catalog, Pixverse adds video generation, and bare Anthropic model ids resolve correctly. Channel delivery is steadier across Telegram, iMessage, Slack, Matrix, QQBot, Discord, and Google Chat, with duplicate approval prompts and misdirected thread sends among the casualties. Release and CI pipelines get harder to wedge, which matters indirectly: it is why stable versions like this one ship on a weekly cadence.