OpenClaw v2026.5.20 Release Summary

OpenClaw v2026.5.20 brings significant advancements in workspace governance, real-time communication, and system stability. The centerpiece of this release is the introduction of a bundled Policy plugin, allowing operators to enforce and audit channel conformance across their workspace. Additionally, the update provides substantial improvements to Discord voice integration and a series of deep-core fixes to prevent agent hangs during context compaction and subagent handoffs.

This release also focuses on security hardening, including a new doctor warning for plaintext secrets in configuration files and a more robust allowlist evaluation for system execution.

Key Changes

Workspace Governance & Policy

• Bundled Policy Plugin: A new conformance system has been added to allow operators to define required postures in policy.jsonc. This system integrates with openclaw doctor --lint to report non-conforming settings and can optionally repair them via doctor --fix. It supports auditable attestations through policy check --json, binding policy hashes, evidence hashes, and findings into a stable audit tuple.
• Secret Security: The doctor command now warns users when openclaw.json contains plaintext secret-bearing fields (e.g., API keys or Authorization headers), directing them toward SecretRef migration via openclaw secrets configure.

Discord & Real-time Voice

• Voice User Following: Discord voice sessions can now follow configured users into voice channels. This includes support for multi-user handoff, bounded reconciliation for large user sets, and DAVE recovery preservation.
• Real-time Bootstrap Context: Discord voice sessions now include bounded profile context (IDENTITY.md, USER.md, and SOUL.md) in realtime voice session instructions by default. This can be disabled using voice.realtime.bootstrapContextFiles: [].

Agent & Subagent Orchestration

• Compaction Safety: To prevent agents from hanging indefinitely, a safety timeout has been implemented for plugin-owned context engine compaction. This ensures that a hung ContextEngine.compact() call no longer stalls the agent turn.
• Subagent Delivery Recovery: Fixed a critical issue where subagent completion announcements could fail if the requester run was stale. The system now forces a message-tool handoff when a wake probe proves stale, ensuring child work surfaces to the requester.
• Wildcard Target Constraints: The subagents.allowAgents: ["*"] wildcard now constrains targets to configured agents only, preventing the accidental creation of arbitrary agent state roots on disk.

Provider & Auth Enhancements

• xAI Device-Code OAuth: Added device-code OAuth login for xAI, enabling authorization for remote and headless setups without requiring a localhost browser callback.
• Llm-Idle Timeout: Cloud providers now honor explicit models.providers.<id>.timeoutSeconds values, removing the implicit ~120s ceiling that previously caused timeouts for long-reasoning models or large tool payloads.
• Codex Auth Alignment: The /codex account command now respects explicit auth order over lastGood heuristics, ensuring the displayed active profile matches the runtime resolver.

System Stability & CLI

• Cron Store Preservation: Fixed a P0 data-loss bug where legacy top-level array jobs.json stores were treated as empty and clobbered during upgrades. Both versioned and legacy array shapes are now supported.
• Diagnostic Event Drains: Async diagnostic drains now process a maximum of 100 events per turn, preventing high-frequency diagnostic bursts from monopolizing the gateway event loop.
• Task Maintenance: openclaw tasks maintenance --json now provides detailed diagnostics explaining why stale-running tasks are retained or reconciled.

Impact

Performance and Reliability

Users running concurrent agent/subagent workloads will notice improved gateway responsiveness due to the new diagnostic event yielding. Agents utilizing third-party compaction plugins are now protected against infinite hangs, significantly increasing the reliability of long-running sessions.

Security and Compliance

For enterprise users, the Policy plugin provides a mechanism to prove that a workspace adheres to specific security requirements (e.g., denying specific channel providers). The hardening of system.run allowlist evaluation and the new plaintext secret warnings further reduce the attack surface for configuration-based exploits.

User Experience

Discord users gain a more seamless voice experience with automated user following and better persona grounding. CLI users benefit from more stable JSON outputs (e.g., messageId in message send --json) and more accurate account status reporting in Codex.

Upgrade Guide

Breaking Changes & Migration

• Subagent Wildcards: If you previously relied on subagents.allowAgents: ["*"] to target unconfigured agent IDs, these will now be rejected. You must explicitly list any unconfigured target IDs in the allowAgents array to maintain this behavior.
• Cron Jobs: No manual action is required for cron jobs. The update automatically preserves legacy array-based jobs.json files and migrates them to the versioned format upon the next write.