OpenClaw v2026.5.4 Release: Enhanced Realtime Voice, Windows Stability, and Core Hardening

OpenClaw v2026.5.4 is now available, bringing a suite of enhancements focused on real-time voice interactions, core platform stability, and robust security. This release addresses critical issues, particularly for Windows users, while also delivering performance boosts and refining the developer experience. Our commitment to a snappier, more reliable, and secure agent platform is evident in the breadth of changes introduced.

This update is crucial for users seeking improved performance and stability, especially those leveraging OpenClaw's voice capabilities or operating on Windows environments. It also strengthens the platform's security posture and streamlines plugin management, ensuring a smoother experience for all.

Key Changes

Real-time Voice Agent Enhancements

A major highlight of v2026.5.4 is the significant upgrade to the OpenClaw voice agent experience, particularly for Google Meet and Voice Call integrations. The system now features a much snappier agent, thanks to a real-time Gemini voice bridge. This includes paced audio streaming, backpressure-aware buffering, and immediate barge-in queue clearing, eliminating TwiML fallback during real-time speech. This ensures Meet participants experience a fluid and responsive voice agent.

Google Meet/Voice Call: make Twilio dial-in joins speak through the realtime Gemini voice bridge with paced audio streaming, backpressure-aware buffering, barge-in queue clearing, and no TwiML fallback during realtime speech, giving Meet participants a much snappier OpenClaw voice agent. (#77064)

Windows Platform Stability and Security

This release brings crucial fixes and hardening specifically for Windows users.

• Gateway HTTP Server Hang Fix: A critical bug where the Gateway HTTP server would hang indefinitely on Windows has been resolved. This was due to libuv's dual-stack IPv6 ::1 binding behavior conflicting with 127.0.0.1. The Gateway now binds only to 127.0.0.1 on Windows, ensuring reliable HTTP request handling. (#69701, fixes #69674)
• Sandbox Binding for Windows Paths: Custom Docker bind mounts on Windows using drive-absolute paths (e.g., D:/path) are now correctly recognized by sandbox security validation, resolving false errors that previously made this feature unusable. (PR #42174)
• System Root Path Hardening: Multiple security vulnerabilities related to workspace .env files overriding critical Windows system root paths (SystemRoot, WINDIR, LOCALAPPDATA) have been patched. This prevents attackers from redirecting system binaries like reg.exe, icacls.exe, and whoami.exe to malicious executables. (PR #74454, #74458, #77470, #77472)
• Media File Durability: Fixed EPERM errors during fsync operations on Windows when saving attachment temporary files, ensuring WebChat and chat.send media offloads complete successfully. (#76593)
• Temporary Directory Resolution: OpenClaw now correctly skips POSIX /tmp/openclaw on Windows, directing log and TTS temp files to %TEMP%\openclaw-<uid>. (Fixes #60713)

Plugin Management, Performance, and Reliability

Significant work has gone into improving the plugin ecosystem:

• Optimized Plugin Metadata Scanning: Agent and plugin performance is boosted by passing resolved workspace and reusing current workspace-scoped plugin metadata snapshots, avoiding repeated cold plugin metadata scans on hot control-plane paths. (#77519, #77532)
• External Plugin SecretRef Resolution: A regression introduced in 2026.5.2, where externalized channel plugins (like Discord, BlueBubbles) failed to resolve SecretRef-backed tokens at runtime, has been fixed. A generic channel secret-contract loader now ensures these credentials are correctly materialized. (PR #76449, fixes #76335, #76369, #76371, #76416)
• Plugin Skill Discovery: Plugin-declared skills are now correctly published through the generated plugin skills directory, ensuring agent file-based discovery paths find SKILL.md files and inactive plugin links are cleaned up. (PR #77328, fixes #77296)
• Robust Plugin Updates: Package upgrades now cleanly swap pnpm/npm-prefix installs, repair missing openclaw peer links, and handle CalVer correction versions (e.g., 2026.5.3-1) correctly for API range compatibility. (PR #77544, #77450, fixes #77293)
• Install Hints and Auto-Enablement: The system now emits catalog-backed install hints when plugins.entries or plugins.allow references an official external plugin that is not installed. Auto-allowlisting configured channels now prefers the claiming plugin manifest ID over built-in channel aliases. (#77483)

Agent and Tooling Enhancements

• New openclaw models auth list Command: Users can now inspect saved per-agent auth profiles without dumping secrets.
• Improved Tool Loop Detection: A post-compaction loop guard in pi-embedded-runner aborts runs when an agent emits the same (tool, args, result) triple repeatedly, preventing infinite tool-call loops. (Refs #77474; carries forward #21597)
• Sandbox Registry Sharding: Sandbox container and browser registry entries are now stored as per-runtime shard files, reducing session lock contention during operations like openclaw doctor --fix. (PR #74831)
• Shell Command Explainer: An internal web-tree-sitter-backed shell command explainer has been added for future approval and command-review surfaces, capable of reporting top-level commands, nested commands, and risk markers. (PR #75004)
• DeepSeek V4 Pro on OpenRouter Fix: Corrected an issue where DeepSeek V4 Pro on OpenRouter failed with a 400 Invalid option for reasoning_effort. Stale max thinking overrides are now mapped to xhigh. (PR #77423, fixes #77350)
• web_search in Sub-agents: Fixed web_search failing in sub-agent sessions with bundled providers by ensuring the bundled-provider lookup is config-driven and not session-registry-scoped. (Fixes #76416 via PR #76449)

Channel-Specific Improvements

• Discord Stability: Enhanced Discord transport and gateway event-loop starvation signals are now surfaced in openclaw channels status and openclaw status --deep. Discord REST and gateway WebSocket startup paths now prefer IPv4, resolving stalls on IPv4-only networks. (PR #76327, fixes #75346, #77398)
• Telegram Features: Interactive reply buttons are now rendered through Telegram delivery, enabling plugin approval payloads to show inline buttons. Improved handling of inbound media placeholders and streaming for long text replies. (PR #76238, fixes #77137, #69793)
• WhatsApp Channel/Newsletter Support: Explicit @newsletter outbound message targets are now supported with channel session metadata. (Fixes #13417)
• ZaloUser Security: zalouser startup name matching is now gated by dangerouslyAllowNameMatching, ensuring display-name resolution only occurs when explicitly opted in. (PR #77411)

Control UI and User Experience

• Improved Chat UI: The chat session picker now has an agent-first filter, controls are responsive across device widths, and consecutive duplicate text messages are collapsed.
• Collapsible New Job Sidebar: The New Job sidebar in the Control UI is now collapsible, reclaiming space for the jobs list.
• Clearer Diagnostics: Browser long animation frame/task entries are recorded in the debug event log, making slow dashboard renders easier to attribute. Talk startup errors are now dismissible and clear stale state.

Developer Experience and Diagnostics

• Plugin SDK Enhancements: The Plugin SDK now includes bounded before_agent_finalize retry instructions, SessionEntry slot projection, scoped trusted-policy session extension reads (PR #75609), and registerIfAbsent for atomic keyed-store dedupe claims.
• TUI Improvements: The TUI's stale-response watchdog notice has been simplified to user-facing copy, and the long-token sanitizer no longer injects spaces inside inline code spans or identifiers. (PR #77120, fixes #48432, #39505, #1296)
• Doctor Tool Refinements: openclaw doctor --fix now better repairs legacy group chat configs, clears stale session routing state, and correctly installs official external plugins that are configured but not yet loaded. (Fixes #77400, #77155, #76095)
• CLI sessions Output Capping: openclaw sessions output is now capped to the newest 100 rows by default, with --limit <n> or --limit all for more, preventing unbounded work on large session stores. (Fixes #77500)

Impact

This release significantly enhances the OpenClaw platform across several critical dimensions:

• Stability and Reliability: Addressing fundamental issues like Windows gateway hangs, Discord channel disconnections, and various promise rejections ensures a more robust and continuously available agent experience. The fixes for SecretRef resolution in external plugins prevent silent failures and crashes, making channel integrations more dependable.
• Performance: Optimizations in plugin metadata loading, agent execution, and sandbox registry management translate directly into faster agent responses and a more fluid user experience, especially in complex or high-volume scenarios.
• Security: The extensive security hardening, particularly on Windows, mitigates critical risks associated with environment variable manipulation and unauthorized command execution. This reinforces OpenClaw's commitment to protecting user environments from untrusted sources.
• User Experience: From snappier real-time voice interactions in Google Meet to more responsive and informative Control UI elements, users will notice a tangible improvement in the day-to-day usability and clarity of the OpenClaw platform.
• Developer Productivity: The enriched Plugin SDK, improved diagnostic tools, and more reliable plugin update mechanisms empower developers to build, test, and deploy extensions with greater confidence and efficiency.

Upgrade Guide

This release includes several changes that may require attention during upgrade:

• Sandbox Registry Migration: If you have legacy monolithic sandbox registry files (e.g., containers.json or browsers.json in ~/.openclaw/sandbox/), run openclaw doctor --fix after upgrading. This will migrate valid entries to the new sharded format and quarantine invalid legacy files. (PR #74831)
• ZaloUser Name Matching: zalouser configurations that use display names for allowFrom, groupAllowFrom, or groups in startup now explicitly require dangerouslyAllowNameMatching: true. If this flag is not enabled, these entries will not be resolved at startup. Stable ID entries are unaffected. (PR #77411)
• Plugin Configuration Hints: If your openclaw.json contains plugins.entries or plugins.allow entries for official external plugins that are not currently installed, the system will now emit catalog-backed install hints. This helps guide operators to openclaw plugins install <spec> rather than suggesting removal of valid configuration.
• Bundled Plugin Discovery Default: For new configurations, the default plugins.bundledDiscovery is now more restrictive. Existing configurations will be migrated by doctor --fix to plugins.bundledDiscovery: "compat" to preserve current behavior.
• openclaw sessions Output Limit: The openclaw sessions command now defaults to showing the newest 100 rows. To view more, use --limit <n> or --limit all. (Fixes #77500)
• Windows Update Process: The openclaw update process on Windows has been made more robust, particularly regarding npm package replacement and post-core plugin work. While this is a stability improvement, users experiencing issues with openclaw update on Windows should retry after this upgrade.
• DeepSeek V4 Pro on OpenRouter: If you were experiencing 400 Invalid option errors for reasoning_effort with DeepSeek V4 Pro on OpenRouter, this has been resolved. The system now correctly maps max thinking overrides to xhigh. No manual configuration change is typically needed, but ensure your thinkingDefault is set to an OpenRouter-supported value. (PR #77423, fixes #77350)

For all other changes, the upgrade should be backward compatible without specific migration steps. As always, it is recommended to back up your ~/.openclaw directory before performing a major upgrade.