[Release] openclaw/openclaw v2026.5.28-beta.3: openclaw 2026.5.28-beta.3

OpenClaw v2026.5.28-beta.3 delivers significant stability and safety improvements across agent runtime recovery, channel delivery, mobile/chat surfaces, and input validation. Key enhancements include steadier subagent workspace separation, safer session identity handling across multiple channels (Matrix, Slack, Discord, Teams, etc.), expanded provider coverage (Claude Opus 4.8, Fal Krea, NVIDIA models), and stricter input validation for browser tools, gateways, and automation. The release also improves CLI/auth paths, reduces repeated work in plugin/gateway hot paths, and strengthens QA/E2E validation.

Key Points

• •Agent runtime recovery improved: subagents maintain cwd/workspace separation, hook context stays prompt-local, session locks release on timeout, stale continuations avoided, and Codex failures don't tear down shared state
• •Channel delivery safety enhanced across Matrix (room IDs), iMessage (reactions), Slack (final replies), Discord (tool warnings), WhatsApp (auth roots), Telegram (polling), and Teams (service URL trust)
• •Mobile and chat UI refresh: iOS Pro UI, Gateway chat transport, onboarding, Talk permissions, WebChat reconnect delivery, and session picker preserve state across reconnects
• •Stricter input validation: Browser tool timeouts, viewport/tab indices, Gateway ports, cron retry handling, Discord component IDs, schema array refs reject malformed values earlier
• •Provider coverage expands: Claude Opus 4.8, Fal Krea image schemas, NVIDIA featured models, MiniMax streaming music, encrypted PDF extraction, GitHub Copilot agent runtime, Codex Supervisor plugin
• •CLI/auth/doctor improvements: malformed numeric/version options rejected, workspace dotenv credentials ignored, OAuth requests bounded, legacy api_key profiles migrated, restart guidance actionable
• •Performance optimization: Plugin and Gateway hot paths reduce repeated work while preserving cache correctness for install records, config parsing, tool search, session stores, and assets
• •QA/E2E validation strengthened: log, artifact, harness, and cross-OS waits bounded to prevent hanging or false-positive test results
• •Policy and security enhancements: policy comparison, ingress-channel conformance, sandbox-posture checks, phone-control mutation authorization, directive persistence authorization
• •Documentation expanded: Codex computer-use setup, paste-token stdin auth, macOS gateway sleep troubleshooting, native Codex hook relay recovery, container model auth, deployment cards

Workflow Diagram

Concepts