OpenClaw Change log & Dev Experience
Weekly Claw Ep. 17
Two stable releases, 1,265 commits, and a week mostly spent tightening the runtime boundaries.
- v2026.6.5 on June 9
- v2026.6.6 on June 12
- June 5 to June 12, 2026
- Security surfaces fail closed more often
- Channels survive restarts more cleanly
- Release proof got stricter
OpenClaw Weekly Dev Experience · slide 1 / 15
June 12, 2026
The week in raw signal
Throughput
A fix-heavy, test-heavy week with broad contribution and two stable releases.
- 1,265 commits
- 131 authors
- 187 release issue refs across 6.5 and 6.6
- 794 fixes
- 191 tests
- 117 docs
- 30 features
- Vincent Koc 525
- Shakker 172
- Peter Steinberger 118
- Ayaan Zaidi 55
- joshavant 52
OpenClaw Weekly Dev Experience · slide 2 / 15
June 12, 2026
Two stable releases, one hardening arc
6.5 + 6.6
The release train split into two useful stories: richer provider/channel support in 6.5, then tighter boundaries in 6.6.
- 70 release bullets
- 83 issue refs
- QQBot reasoning cleanup
- Parallel web search provider
- Auth and plugin install durability
- 34 release bullets
- 104 issue refs
- Security boundary hardening
- Telegram and iMessage recovery
- Control UI startup speed
OpenClaw Weekly Dev Experience · slide 3 / 15
June 12, 2026
Boundaries got tighter, and they fail closed
Runtime safety
The largest 6.6 theme was reducing silent trust leaks across transcripts, tools, channels, and delegated runtimes.
- Transcript and image redaction tightened
- Sandbox binds and host env inheritance restricted
- MCP stdio and loopback tools hardened
- Codex HTTP and native search policies narrowed
- Exec approvals fail closed on timeout
- Elevated sender checks improved
- Deleted-agent ACP bypass closed
- Discord moderation and Teams group actions bounded
OpenClaw Weekly Dev Experience · slide 4 / 15
June 12, 2026
Delivery that survives restarts
Channel durability
Messaging reliability moved from best effort toward durable routing, dedupe, and restart recovery.
- Account-scoped topics route to the right agent
- Streamed text survives tool calls
- Generic ingress supports /compact
- Durable dispatch dedupe moved into the SDK
- iMessage always-on inbound restart
- WhatsApp replies attach to the successor controller
- Feishu rate limits retry
- Mattermost thread replies preserved
OpenClaw Weekly Dev Experience · slide 5 / 15
June 12, 2026
Real sessions, safer edges
Connectivity
Browser and MCP integrations gained reach without turning every tool boundary into a trust fall.
- Existing-session CDP support
- Discovered WebSocket validation
- Default-profile cdpUrl handling
- Browser output boundaries tightened
- Streamable HTTP loopback transport
- OAuth and SSE authorization corrected
- Richer tool results coerced before provider calls
- Lease and timestamp handling got stricter
OpenClaw Weekly Dev Experience · slide 6 / 15
June 12, 2026
Startup got faster, first replies got visible
Latency
The UI work was not cosmetic. It attacked startup wait, first-event mystery, and model catalog churn.
- Cached model metadata at startup
- Startup catalog wait removed
- Slash commands load lazily
- TUI runtime plugins prewarm
- First-assistant-event traces
- Slow-reply warnings
- Active connection host visible in TUI
- Derived-registry rescan storms reduced
OpenClaw Weekly Dev Experience · slide 7 / 15
June 12, 2026
More providers, fewer weird failures
Model surface
Provider support expanded while reasoning replay, compaction ownership, and local-model behavior got cleaner.
- OpenRouter OAuth onboarding
- Claude Fable 5 adaptive thinking
- Parallel bundled as web_search
- Google Vertex ADC rows and runtime resolution restored
- Codex compaction ownership preserved
- Local models skip guardian review
- Gemma 4 reasoning replay preserved
- Provider cooldown recovery improved
OpenClaw Weekly Dev Experience · slide 8 / 15
June 12, 2026
Jobs and installs left better receipts
Lifecycle
Scheduled runs, plugin installs, and ClawHub flows became harder to fake-green.
- Active task runs cancel cleanly
- Terminal timeout state is preserved
- No-deliver tool warnings recover
- Legacy cron JSON stores migrate during doctor preflight
- Dry runs skip publish approval
- Trusted hooks can be declared
- Managed plugin drift is reported
- Official npm plugin pins stay intact
OpenClaw Weekly Dev Experience · slide 9 / 15
June 12, 2026
Release proof got stricter
Evidence lanes
The release system now fails louder when proof is missing, oversized, or impossible to inspect.
- Beta pages stay draft until npm and plugin proof pass
- QA Lab requires runtime tool-call evidence
- Resource ceilings are enforced, not only logged
- Docker and E2E diagnostics are bounded
- npm package and tarball integrity
- Release SHA and CI run links
- Full evidence reports for 6.5 and 6.6
- Plugin publish proof separated from core publish proof
OpenClaw Weekly Dev Experience · slide 10 / 15
June 12, 2026
The week through a builder's eyes
Dev Experience
Builders got faster starts, safer installs, and fewer channel ghosts. Still not glamorous. Correctly so.
- Faster Control UI startup
- First replies are easier to diagnose
- OpenRouter OAuth reduces setup drag
- Dry-run plugin flows avoid noisy approvals
- Approvals fail closed
- Releases carry verifiable evidence
- Tool output boundaries are stricter
- Local model paths avoid unnecessary review
OpenClaw Weekly Dev Experience · slide 11 / 15
June 12, 2026
Build the thing that builds the thing
Peter Steinberger · BRK245
Peter's talk is the missing through-line for Week 17: OpenClaw is not only shipping features; it is building the feedback loops that let agents ship safely.
- Build tools for agent feedback, not just faster human coding
- Close the loop with screenshots, tests, video, and maintainer receipts
- Treat issues and PRs as prompt requests that can be triaged repeatedly
- Use project invariants and vision files so fresh agents know the rules
- Week 17 hardened approvals, channels, cron, plugins, and release evidence
- The talk names the same bar: autonomy with proof, not autonomy by vibes
- Crab Box, Mantis, Auto Review, and prompt provenance map directly to the DX story
Source: “Build the thing that builds the thing” / BRK245 · slide 12 / 15
June 12, 2026
The community is testing the edges
Signal
The busiest labels and release notes point to the same pattern: session state, proof, compatibility, and maintainer review pressure.
- Session-state issues stayed prominent
- Compatibility risk labels stayed loud
- Proof supplied and proof sufficient both showed up heavily
- Maintainer review queues remained visible
- A fix-heavy week is not stagnation
- It means real users are finding seams
- The runtime is being forced to explain itself
OpenClaw Weekly Dev Experience · slide 13 / 15
June 12, 2026
Where to watch next
Next bar
The next useful work is not more surface area. It is clearer state, safer defaults, and receipts that survive handoff.
- Provider onboarding and OAuth failure clarity
- Channel delivery after restarts
- Cron no-deliver and timeout reporting
- Plugin install trust and rollback paths
- Can a new builder explain the failure state?
- Can maintainers audit the run without logs archaeology?
- Can every risky action show its boundary?
- Can proof stay small enough to inspect?
OpenClaw Weekly Dev Experience · slide 14 / 15
OpenClaw is becoming operational infrastructure
Close
Week 17 was not a shiny-feature week. It was better: the runtime got stricter about who can act, what can leak, how channels recover, and what proof must exist before a release ships.
- Two stable releases
- 1,265 commits
- Security and delivery hardening
- A clearer path from agent demos to agent operations
OpenClaw Weekly Dev Experience · slide 15 / 15