releaseintermediate

[Release] openclaw/openclaw v2026.5.20-beta.2: openclaw 2026.5.20-beta.2

By github-actions[bot]May 21, 2026github

OpenClaw v2026.5.20-beta.2 introduces significant improvements to Discord voice sessions with context-aware profile integration, adds device-code OAuth for xAI provider authentication, implements a bundled Policy plugin for workspace conformance checks, and includes numerous bug fixes across CLI tasks, Codex app-server, provider integrations, and agent message handling. The release enhances security by removing legacy skill-file compatibility paths and warning about plaintext secrets in configuration, while improving stability through better error handling, timeout management, and diagnostic reporting.

Key Points

•Removed legacy `cat SKILL.md` allowlist compatibility path—skill files must now be loaded with the read tool and only the real skill executable is auto-allowed for improved security
•Discord voice sessions now follow configured users into voice channels with allowed-channel checks, multi-user handoff, and bounded reconciliation while preserving DAVE recovery
•Voice session instructions now include bounded IDENTITY.md, USER.md, and SOUL.md profile context by default (configurable via `voice.realtime.bootstrapContextFiles`)
•Added bundled Policy plugin for policy-backed channel conformance checks, doctor lint findings, and opt-in workspace repair
•Implemented device-code OAuth login for xAI provider to support remote and headless setups without localhost browser callbacks
•Allow per-agent lean local-model mode via `agents.list[].experimental.localModelLean` instead of requiring global configuration
•OpenRouter now honors provider-level `params.provider` routing policy with model and agent params overriding defaults
•Doctor now warns when plaintext secret-bearing config fields (API keys, sensitive headers) are stored in openclaw.json
•Fixed stale task maintenance decisions visibility in `openclaw tasks maintenance --json` with backing-session and cron state explanations
•Improved diagnostic reporting by filtering silent heartbeat artifacts from embedded context snapshots and reducing duplicate tool-schema downgrade logs

Found this useful? Add it to a playbook for a step-by-step implementation guide.

Workflow Diagram

Start Process

Step A

Step B

Step C

Complete

Quality★★★★★

Concepts

Integrations MCP Servers Skills & Tools Soul Files Multi-Agent Systems Deployment Setup & Infrastructure Agent Teams Releases Tool Use Security Memory & Identity

Artifacts (6)

Voice Session Bootstrap Configurationyamlconfig

voice:
  realtime:
    bootstrapContextFiles: []  # Set to empty array to disable IDENTITY.md, USER.md, SOUL.md context injection

Per-Agent Lean Local Model Configurationyamlconfig

agents:
  list:
    - name: "agent-name"
      experimental:
        localModelLean: true  # Enable lean local-model mode for this agent only

OpenRouter Provider Routing Policyyamlconfig

models:
  providers:
    openrouter:
      params:
        provider: "preferred-provider"  # Provider-level routing policy
      models:
        - name: "model-name"
          params:
            provider: "override-provider"  # Model-level override

Task Maintenance JSON Outputbashcommand

openclaw tasks maintenance --json

Doctor Configuration Validationbashcommand

openclaw doctor --fix  # Removes unrecognized compat.thinkingFormat values and validates config

Policy Plugin Integrationyamlconfig

# Bundled Policy plugin for:
# - Policy-backed channel conformance checks
# - Doctor lint findings
# - Opt-in workspace repair
plugins:
  policy:
    enabled: true