chore(deps): update ghcr.io/openclaw/openclaw docker tag to v2026.5.6 #29
No reviewers
Labels
No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
les_clankeurs/openclaw-image-2!29
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "renovate/docker-images"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
2026.5.3→2026.5.6Release Notes
openclaw/openclaw (ghcr.io/openclaw/openclaw)
v2026.5.6: openclaw 2026.5.6Compare Source
2026.5.6
Fixes
doctor --fixrepair that rewrote validopenai-codex/*ChatGPT/Codex OAuth routes toopenai/*, which could break OAuth-only GPT-5.5 setups or accidentally move users onto the OpenAI API-key route. If 2026.5.5 already changed your default model, runopenclaw models set openai-codex/gpt-5.5 && openclaw config validateto switch the default agent back to the Codex OAuth PI route. Fixes #78407.fetchorHeaders, so SDK and guarded/proxy fetch paths do not reject otherwise valid plugin requests. Fixes #77846. Thanks @shakkernerd.Recovery docs: https://docs.openclaw.ai/providers/openai#check-and-recover-codex-oauth-routing
v2026.5.5: openclaw 2026.5.5Compare Source
2026.5.5
Fixes
dmPolicy: "open"configs without wildcardallowFromso webhook DMs fail validation instead of being acknowledged and silently blocked before inbound processing. Fixes #78316.xai/grok-4.3no longer fails live Docker/Gateway runs withInvalid reasoning effort.offso live Gateway runs cannot send unsupported reasoning levels to native Grok Responses models./steerthrough the normal authorization and mention gate instead of silently dropping them before an agent session can see them. Fixes #78080. Thanks @ramitrkar-hash.N Checkpoint(s)disclosure and show expanded session-level details with modern checkpoint history cards across responsive table layouts. Thanks @BunsDev./newcommand and lifecycle hooks only for explicit Control UI session creation, restoring session-memory and custom hook capture without changing SDK parent-session creates. Fixes #76957. Thanks @BunsDev.exec-approvals.json, while preserving symlink, hard-link, and owner-only permission safeguards. Fixes #77785. (#77907) Thanks @Alex-Alaniz and @MilleniumGenAI.unknown error.ws://connects for private LAN and.localgateways while keeping Tailscale/public routes onwss://, and prefer explicit gateway passwords over stale bootstrap tokens in mixed-auth reconnects. Fixes #47887; carries forward #65185. Thanks @draix and @BunsDev.openclaw-tuiprocesses on first boot. Thanks @vincentkoc.doctor --fixcan repair instances already stuck onagent:main:mainheartbeat history. Thanks @vincentkoc.Reasoningstatus line.OPENCLAW_GATEWAY_TOKENwould shadow a different activegateway.auth.tokensource for local CLI commands, while avoiding false positives when config points at the same env token. Fixes #74271. Thanks @yelog./v1/chat/completionsclients with a bodyless 200 response until their idle timeout fires.LocalMediaAccessErrorwhile keeping Codex home out of the display allowlist. Thanks @frankekn.openclaw doctor --deep, using the installed service environment when available so service-managed clean exits are visible in guided diagnostics. Thanks @shakkernerd.openclaw gateway status --deep, including JSON details, so clean service-managed restarts are reported as restart handoffs instead of opaque stopped-service diagnostics. Thanks @shakkernerd.thinking: disabled, so manual model switches do not send Fireworks-rejectedreasoning*parameters. Refs #74289. Thanks @frankekn.openclawpeer packages before plugin installs, so beta-channel official plugin updates are not downgraded by old core package-lock state. Thanks @vincentkoc.openclawpeer links after shared-root npm installs, updates, and uninstalls, so mutating one plugin does not leave previously installed SDK-using plugins unable to resolveopenclaw/plugin-sdk/*./newor/resetcaptures in the same minute do not overwrite the earlier session archive. Thanks @vincentkoc.mainagent dir helper from runtime paths; model, auth, gateway, bundled plugin, and test helpers now resolve default/session agent dirs throughagents.list/agent-scope helpers while plugin SDK keeps a deprecated compatibility export.openclaw statussession rows so terminal status matches the/statusruntime line. Thanks @vincentkoc.sessions cleanup, so gateway restart or crash orphans do not accumulate indefinitely outsidesessions.json. Fixes #77608. Thanks @slideshow-dingo.openai-codex/*routes in primary models, fallbacks, heartbeat/subagent/compaction overrides, hooks, channel overrides, and stale session pins to canonicalopenai/*, selectingagentRuntime.id: "codex"only when the Codex plugin is installed, enabled, contributes thecodexharness, and has usable OAuth; otherwise selectagentRuntime.id: "pi". Thanks @vincentkoc.720Pto MiniMax's supported768P, and stop sending GooglegenerateAudioon Gemini video requests so provider fallback can recover from model-specific parameter differences. Thanks @vincentkoc./status, making restart and host-lifetime checks visible from chat. Thanks @vincentkoc.llmSlug: true, so/newand/resetno longer block WhatsApp and other message-channel reset replies on hook housekeeping or a nested model call. Thanks @vincentkoc.openclaw agentfrom falling back to embedded mode after gateway request/auth failures, so parent help commands exit cleanly and scoped delivery probes surface the real Gateway error immediately. Thanks @vincentkoc./newor/resetcaptures in the same minute do not overwrite the earlier session archive. Thanks @vincentkoc.openclaw-tuiprocesses on first boot. Thanks @vincentkoc.doctor --fixcan repair instances already stuck onagent:main:mainheartbeat history. Thanks @vincentkoc.ShutdownResultwhile preserving lifecycle hook hardening. Carries forward #41296. Thanks @edenfunf.openclaw update --channel devno longer walks back otherwise-good main commits when Ubuntu hosts OOM-kill or fail parallel oxlint shards. Thanks @vincentkoc.openclaw channelsparent-help command, so it exits promptly after printing help instead of loading configured channel plugins. Thanks @vincentkoc.openclaw statussession rows so terminal status matches the/statusruntime line. Thanks @vincentkoc.openclaw sessionstable so terminal output matches the runtime visibility already present in JSON/status surfaces. Thanks @vincentkoc.NET_RAWandNET_ADMINcapabilities and enablingno-new-privilegesin the bundleddocker-compose.yml. Thanks @VintageAyu.v2026.5.4: openclaw 2026.5.4Compare Source
2026.5.4
Highlights
Changes
127.0.0.1on Windows so libuv's dual-stack::1behavior cannot wedge localhost HTTP requests. (#69701, fixes #69674) Thanks @SARAMALI15792.plugins.entriesorplugins.allowreferences an official external plugin that is not installed, so upgraded configs point operators toopenclaw plugins install <spec>instead of telling them to remove valid plugin config. (#77483) Thanks @hclsys.keyRefandtokenReffields when scrubbing provider-target secrets, so the canonical SecretRef metadata survivessecrets applywithout keeping plaintext values. Thanks @Beandon13.:when resolving the recall subagent's channel, so QQ c2c agent IDs (e.g.c2c:10D4F7C2…) and other scoped conversation IDs do not reach bundled-plugindirNamevalidation and crash the recall run. The same guard already applied to explicitchannelIdparams (#76704); this extends it to store-derived channels. (#77396) Thanks @hclsys.<rootDir>/dist/when resolving thesecret-contract-apisidecar, so npm-published externalized channel plugins (e.g.@openclaw/discordsince 2026.5.2) whose compiled artifacts live underdist/actually contribute their channel SecretRef contracts to the runtime snapshot. Without this, env-backedchannels.discord.tokenSecretRefs silently failed to resolve at gateway start on 2026.5.3, leaving the channelnot configuredeven though #76449 had landed the generic external-contract loader. Thanks @mogglemoss.openclaw models auth list [--provider <id>] [--json]so users can inspect saved per-agent auth profiles without dumping secrets or hitting the old “too many arguments” path. Thanks @vincentkoc.streaming.progress.render: "rich"for Block Kit progress drafts backed by structured progress line data./verboseand progress drafts by default, withagents.defaults.toolProgressDetail: "raw"and per-agent overrides for debugging raw command/detail output.jition native-loadable plugin startup paths, so compiled bundled plugin surfaces do not pay source-transform loader cost unless fallback loading is actually needed.pnpm gateway:watchso slow Gateway turns are easier to attribute from logs and stability diagnostics..jsmodule as a source-transform fallback miss. Thanks @vincentkoc.pnpm openclaw qa mantis slack-desktop-smoketo run Slack live QA inside a Crabbox VNC desktop, open Slack Web, and capture desktop screenshots beside the Slack QA artifacts.tbx_...lease ids from desktop smoke warmup, so provider overrides do not fail before inspect/run. Thanks @vincentkoc.realtime.introMessage: ""so realtime Chrome joins can stay silent instead of restoring the default spoken intro. Thanks @vincentkoc.before_agent_finalizeretry instructions so workflow plugins can request one more model pass. Thanks @100yenadmin.openclaw channels status,openclaw status --deep, and fetch-timeout logs so intermittent socket resets do not look like a healthy running channel. (#76327) Thanks @joshavant.X-OpenRouter-Cache,X-OpenRouter-Cache-TTL, and cache-clear headers only on verified OpenRouter routes. Thanks @vincentkoc.@newsletteroutbound message targets with channel session metadata instead of DM routing. Fixes #13417; carries forward the narrow outbound target idea from #13424. Thanks @vincentkoc and @agentz-manfred.openclaw doctor --fixmigrates legacy monolithic registry files. (#74831) Thanks @luckylhb90.RateLimit-Reset/Retry-Afterand append aSign in for higher rate limits.hint when the request was unauthenticated, so users can see when downloads will recover and how to lift the cap. Thanks @romneyda.registerIfAbsentfor atomic keyed-store dedupe claims that return whether a plugin successfully claimed a key without overwriting an existing live value. Thanks @amknight.SessionEntryslot projection and scoped trusted-policy session extension reads. (#75609; replaces part of #73384/#74483) Thanks @100yenadmin.Fixes
@betawhile keeping persistent install records on the catalog default. Thanks @vincentkoc.whatsapp:inputs, so personal-phone allowlists match WhatsApp Web sender ids after setup. Thanks @vincentkoc.message.sendcalls in the originating Slack thread when ambient session thread context is present, and suppress successful silent child completion rows from follow-up findings. Thanks @bek91./tmp/openclawpreferred path on Windows inresolvePreferredOpenClawTmpDirso log files, TTS temp files, and other writes land in%TEMP%\openclaw-<uid>instead ofC:\tmp\openclaw. Fixes #60713. Thanks @juan-flores077.chat.sendmedia offloads no longer fail with EPERM during durability flush. (#76593) Thanks @qq230849622-a11y.update_plan,browser,x_search, channel login tools, orgroup:pluginsno longer start with missing tools or unrelated bootstrap work. (#77519, #77532)experimentalApibridge compatible with latest Codex while preserving formatter gates.photoshape, so non-image and mixed attachments no longer reach the model as<media:image>. Fixes #69793. Thanks @aspalagin.agent modelstartup log line, defaulting unset startup thinking tomediumwithout mixing in reasoning visibility.pi-embedded-runnerthat arms after auto-compaction-retry and aborts the run withcompaction_loop_persistedwhen the agent emits the same(tool, args, result)triplewindowSizetimes (default 3) within that window. Disable via existingtools.loopDetection.enabled; tune viatools.loopDetection.postCompactionGuard.windowSize. Targets the failure mode where context-overflow + compaction does not break a tool-call loop. Refs #77474; carries forward #21597. Thanks @efpiva.pnpm gateway:watch --benchmarkunless explicitly requested, so CPU profiling no longer floods the terminal with stack traces.json5in the memory-core plugin runtime dependency set so packagedmemory_searchsandboxes can resolve generated OpenClaw runtime chunks that parse JSON5 config. Fixes #77461.spawn git ENOENT, and document the WhatsApp plugin's Git-on-PATH requirement for Baileys/libsignal installs.openclawpeer links before skipping unchanged npm plugin updates, so current external Codex installs can recoveropenclaw/plugin-sdk/*resolution during OTA repair. (#77544) Thanks @ProspectOre./model ... --runtime ...targets a blocked model, and make Telegram's model picker say that it changes only the session model while leaving the runtime unchanged. Thanks @vincentkoc./oc_model <provider/model> --runtime <runtime>. Thanks @vincentkoc.auth.profilesmetadata intact whendoctor --fixstrips stale secret fields from configs, repairing legacy<provider>:defaultAPI-key profile metadata when model fallbacks or explicitmodel@profilerefs still depend on it. Fixes #77400.plugins.allow-only official plugin ids in the release configured-plugin repair set, sodoctor --fixinstalls official external plugins that are configured but not yet loaded instead of removing them as stale allow entries. Fixes #77155. Thanks @hclsys.doctor --fixsees plugin-owned model/runtime/auth/session bindings outside the current configured route, while leaving explicit user model choices for manual review. Refs #68615.--tag main. Fixes #77530. Thanks @PeterTremonti.@openclaw/diagnostics-prometheuscan emit metrics without broadening the capability to arbitrary global plugins. Fixes #76628. Thanks @RayWoo.chat.sendcalls no longer tripReplyRunAlreadyActiveErrorevery other request. Fixes #77485. Thanks @bws14email.MEDIA:directive.openclaw sessionsoutput to the newest 100 rows by default and add--limit <n|all>plus JSON pagination metadata, so repeated machine polling of large session stores cannot fan out into unbounded per-row enrichment/output work. Fixes #77500. Thanks @Kaotic3.routing.allowFrom,routing.groupChat.*, andchannels.telegram.requireMentionso upgrades keep WhatsApp, Telegram, and iMessage group mention gates and history settings instead of leaving configs invalid or silently blocked. Thanks @scoootscooob.2026.5.3-1as satisfying base plugin API ranges, so correction builds can install plugins that require the base runtime API. Fixes #77293. (#77450) Thanks @p3nchan.sessions.listand native approval readiness failures until sidecars recover, and preserve component-only Discord payloads when final reply scrubbing removes all text. (#77478) Thanks @NikolaFC.reasoning_efforton OpenRouter-supported values, mapping stalemaxthinking overrides toxhighsoopenrouter/deepseek/deepseek-v4-prono longer fails with OpenRouter's invalid-effort 400. Fixes #77350. (#77423) Thanks @krllagent, @mushuiyu886, and @sallyom./thinklevels by passing Claude Code's session-scoped--effortflag through the CLI backend seam, so chat bridges no longer show an inert thinking control. Fixes #77303. Thanks @Petr1t.memory-coreormemory-lancedb) is loaded, so active-memory with no memory backend no longer produces misleading "No callable tools remain" warnings in the gateway log. Fixes #77506. Thanks @hclsys.corpus=allsearches while backfilling unused result capacity, so memory hits are not starved by numerically higher wiki integer scores. Fixes #77337. Thanks @hclsys.OPENCLAW_CONFIG_DIRandOPENCLAW_WORKSPACE_DIRon both gateway and CLI services so the host paths written into.envbyscripts/docker/setup.sh(used as Compose bind-mount sources) cannot leak into runtime code via theenv_fileimport. Fixes regressions on macOS Docker setups where the first agent reply died withEACCES: permission denied, mkdir '/Users'because the host-style workspace path got persisted intoagents.defaults.workspace. Fixes #77436. Thanks @lonexreb.Surfacing...tool-status bubbles do not linger when no matching final preview arrives. Thanks @BunsDev.unknown errorinstead ofundefinedin socket-mode startup retry logs and label the retry reason explicitly.requireMentionsettings override persisted/activateand/deactivatestate, so per-topic mention gates work consistently. Fixes #49864. Thanks @Panniantong.cron show, status, and run history when requested tools are unavailable, so blocked cron runs report the actual tool-policy failure instead of a misleading green result. Fixes #75763. Thanks @RyanSandoval.chat.sendresolves so pressing Esc during the gap before the first gateway event aborts the run instead of repeatedly printingno active run. Fixes #1296. Thanks [@LukaConfiguration
📅 Schedule: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.