OpenClaw v2026.5.12: Leaner Installs, Resilient Telegram, and Smoother Codex

What changed, why it matters for production agents, and what to test before you upgrade.

---

The OpenClaw team shipped v2026.5.12 this week, and the headline is simple: your install just got smaller, your Telegram bots got harder to kill, and your Codex workflow got less fiddly. Underneath those headlines is a broad reliability pass across plugins, gateway security, and reply delivery that is worth the upgrade on its own.

Here is what is actually in it.

Leaner installs: only pay for what you use

The biggest structural change in this release is dependency externalization. WhatsApp, Slack, Amazon Bedrock, Anthropic Vertex, and their full dependency cones are no longer bundled in the core runtime. They install only when you add the corresponding provider or channel plugin.

If you are running a minimal OpenClaw gateway with just Discord and OpenAI, your install no longer pulls AWS SDKs, Slack client libraries, or WhatsApp Web.js. The footprint shrinks. Cold-start times drop. Attack surface narrows. And if you do need Bedrock or Slack later, adding the plugin brings in exactly what it needs, nothing more.

This is the kind of change that matters most at scale, when you are running dozens of gateway instances and every megabyte and every second of startup latency counts.

Telegram: isolated polling and durable spooling

Telegram bots got significantly more resilient. The ingress worker is now isolated from the main event loop, with a durable local spool that keeps messages flowing even when the gateway stalls. Bot API polling stays alive during main-loop stalls instead of dying silently and leaving you to discover the outage from user complaints.

Three other Telegram fixes are worth calling out. HTML and Markdown formatting is now preserved through lazy cron announce delivery, so links stay clickable instead of rendering as literal anchor tags. Group media is skipped before download when requireMention is active, avoiding wasted bandwidth and failed downloads for messages the bot should ignore anyway. And orphaned tool-progress draft bubbles are deleted before the real answer rotates in, so users no longer see stale "thinking" messages after the turn completes.

If you run production Telegram bots, this is the most reliable Telegram stack OpenClaw has shipped.

Codex: auth, MCP, and fallback behavior

The Codex integration got several quality-of-life improvements. Auth-profile-backed media tools mean Codex can use configured credentials for image and file operations without manual token juggling. MCP servers are now projected into Codex threads with proper rotation when a server is disabled, and bundle MCP injection is scoped to bundled servers only. The app-server/runtime fallback behavior is cleaner, so when the primary backend hiccups, the handoff is less likely to drop your conversation state.

A subtler but important fix: per-agent CODEX_HOME isolation no longer rewrites HOME by default. Codex-run subprocesses can still find normal user-home config, tokens, and CLI state unless you explicitly override HOME. This fixes a class of "why can't Codex find my credentials?" issues that have plagued users with non-standard home directory layouts.

Plugin installs: harder to wedge

Plugin installation and updates got more reliable. pnpm 11 is now supported. Peer dependencies are preserved through updates instead of getting silently dropped. Runtime scans are safer, limiting code safety checks to plugin-owned entrypoints rather than third-party internals. Source and git installs handle refs correctly instead of treating option-like selectors as checkout flags. And managed peer dependency pins refresh when installed plugin peer ranges change, while keeping user-owned pins intact.

If you have ever had a plugin update fail halfway through and leave your config in an inconsistent state, this release addresses most of those failure modes.

Security and provenance hardening

The release includes a broad security pass. Windows USERPROFILE is now included in sandbox blocked home roots, so credential-bearing binds under the Windows user profile are denied even when HOME points elsewhere. Provider env-var markers are no longer inferred from broad uppercase patterns, so unrelated environment variables cannot accidentally become provider credentials. Node pairing commands, capabilities, and permissions stay hidden until approval, and the approved surface refreshes live when pairings change. Malformed private-file redirect Location headers are treated as unfollowable instead of failing media downloads. And config mutations are serialized and retried centrally, so concurrent commands rebase safe changes instead of clobbering each other.

UI and reply delivery improvements

The Control UI and WebChat got a persisted auto-scroll mode selector, so you can choose near-bottom behavior, always-follow streaming, or manual New messages button control. Session history carries monotonic transcript sequence through live updates, with SSE refresh when stale sequence input would append bad incremental state. Rich presentation, interactive controls, and channel-native payload data are treated as outbound content across follow-up, heartbeat, cron, ACP, and block-streaming paths, preventing card and button replies from being dropped as empty. And Codex tools.message source replies now route to the active internal UI turn and mirror to session history, so message-tool-only replies no longer disappear in WebChat and TUI.

Everything else worth noting

• ACP fallbacks let ACP turns try configured backup runtime backends when the primary is unavailable, before any output is emitted.
• GitHub Copilot image understanding now exchanges OAuth tokens for Copilot API tokens and routes Gemini image payloads through Chat Completions.
• macOS requires system TLS trust before pinning first-use direct wss gateway certificates, with gateway.remote.tlsFingerprint as the explicit pin for remote node-mode sessions.
• Config snapshots before update-time repair and restart writes, preserving plugin install records through doctor cleanup.
• iMessage stops sending visible media:image placeholder text for media-only native image sends while keeping the internal echo key that prevents duplicate replies.
• Gateway protocol now requires v4 clients and streams explicit chat deltaText/replace frames so SDK clients can consume assistant updates without local diffing.

Bottom line

This is a maintenance release with real structural improvements. The dependency externalization alone justifies the upgrade for anyone running multiple gateway instances. The Telegram resilience fixes remove a major production risk. And the Codex and plugin reliability improvements mean less time debugging auth and install issues and more time building agents.

If you are on v2026.5.7 or earlier, test the Telegram polling behavior and plugin install path in staging, then upgrade. The changes are additive and backward-compatible, but the dependency shift is significant enough that a clean install is worth validating before you roll it out everywhere.