OpenClaw v2026.5.10-beta.4 Release Summary
Key Changes
Plugin SDK & Workflow Enhancements
OpenClaw has significantly expanded its Plugin SDK to support complex agent workflows. The new host-hook foundation allows plugins to define typed session actions, send session-bound attachments through host-owned delivery, and schedule future session turns via cron-compatible plumbing. Additionally, plugins can now request bounded agent-finalize retries, enabling a "repair" phase before a reply is finalized.
Memory & Context Management
To prevent unbounded growth of MEMORY.md files during dreaming promotions, a new bounded compaction step has been introduced. The system now drops the oldest auto-promoted sections by date to keep the file size under a default 10,000-character budget, while unconditionally preserving user-authored notes.
Other context improvements include:
- Context Treemaps: A new
/context mapcommand provides a visual treemap image of current session context contributors. - Execution Persistence: Background
execprocess references now survive embedded compaction, ensuring subagents can continue polling or logging long-running tasks after a context reset.
Provider & Model Updates
- Codex Integration: The Codex app-server now emits diagnostic events for native tool completions (e.g.,
bash,web), preventing the watchdog from aborting long-running native tools as stale embedded runs. - OpenRouter & Model Aliases: Support for nested provider labels in Telegram (e.g.,
openrouter/openai/gpt-5.4-mini) ensures labels match configured refs. Additionally,moonshotai/is now accepted as a direct-API alias for themoonshotprovider. - Llama.cpp Support: Self-hosted OpenAI-compatible providers now opportunistically discover the actual runtime context window (
n_ctx) via the/propsendpoint, ensuring session budgeting reflects the loaded context rather than just the training ceiling.
Channel & Integration Fixes
- Slack: Improvements include support for
reply_broadcastin thread replies, a newallowBots: "mentions"mode for parity with Discord, and the ability to fetch fresh download URLs viafiles.infofor DM attachments that omit them in the event payload. - Telegram: The bot now honors the
--force-documentflag for video media, routing them throughsendDocumentto avoid compression. Legacy message cache recovery has also been fixed to handle mixed JSON-array and line-delimited entries. - Matrix: Allowlist resolution is now hardened; name-based matching now requires an explicit opt-in via
channels.matrix.dangerouslyAllowNameMatchingto prevent mutable display-name spoofing.
Impact
Performance & Reliability
- Gateway Efficiency: Streaming event envelopes are now shared across WebSocket and node subscribers, reducing redundant JSON serialization on the hot path.
- Memory Safety: The Gateway now rejects malformed encoded session-kill HTTP paths with a
400 invalid_request_error, preventing them from falling through to later handlers. - OOM Prevention: Scoped session resolution now loads only the requested agent's store rather than all agent stores simultaneously, significantly reducing heap pressure in multi-agent deployments.
Security & Diagnostics
- Secret Redaction: A new shared structured payload redaction boundary has been applied to config audits, trajectory events, and session transcripts to prevent plaintext credentials from reaching persistent sinks.
- Doctor Improvements:
openclaw doctornow detects GitHub CLI authentication mismatches when the agentHOMEdiffers from the operator'sghconfig directory, providing a clearGH_CONFIG_DIRfix hint.
Upgrade Guide
Breaking Changes & Migration
- Matrix Allowlists: If your Matrix configuration relies on display names in
allowFromorgroupAllowFrom, these will be ignored by default. You must either replace them with full Matrix user IDs (e.g.,@user:server) or setchannels.matrix.dangerouslyAllowNameMatching: truein your config. - Build Tooling: The workspace has been upgraded to pnpm 11. Users installing from source should ensure they are using pnpm 11. Project settings have moved to
pnpm-workspace.yaml.