[Release] openclaw/openclaw v2026.5.12-beta.7: openclaw 2026.5.12-beta.7

OpenClaw v2026.5.12-beta.7 introduces significant improvements to dependency management by externalizing AWS SDK and plugin dependencies, enhances user experience with persistent auto-scroll controls and ACP fallback backends, and fixes critical issues across Telegram polling, security sandboxing, provider authentication, media handling, and session management. The release addresses 30+ bugs and improvements spanning CLI, gateway, plugins, and multiple integrations while maintaining backward compatibility through deprecated package aliases.

Key Points

• •Externalize AWS Bedrock, Slack, OpenShell, and Anthropic Vertex dependencies so core installations only pull required SDKs when those providers/plugins are explicitly installed
• •Add persistent auto-scroll mode selector in Control UI/WebChat allowing users to follow streaming output, maintain near-bottom behavior, or manually control scrolling with New messages button
• •Implement ACP fallbacks feature enabling configured backup runtime backends when primary backend is unavailable, preventing output emission before fallback attempts
• •Fix Telegram Bot API polling by moving ingress to isolated worker with durable local spool to survive main event-loop stalls
• •Strengthen security by blocking Windows USERPROFILE in sandbox and restricting provider API key inference to structured env SecretRefs instead of broad environment variable patterns
• •Resolve session history issues by carrying monotonic transcript message sequences through live updates and refreshing stale SSE history to prevent bad incremental state
• •Optimize media fetch by skipping buffer allocation for bodyless responses (HEAD probes, 204 empty bodies) to reduce heap waste
• •Preserve rich presentation, interactive controls, and channel-native payloads across all delivery paths (follow-up, heartbeat, cron, ACP, block-streaming) preventing card/button-only replies from being dropped
• •Fix macOS companion TLS trust by requiring system validation before certificate pinning and honoring explicit gateway.remote.tlsFingerprint configuration for remote sessions
• •Classify ACP spawn-child sessions correctly in session status output and report accurate agentRuntime.id with proper source attribution instead of implicit fallbacks

Workflow Diagram

Concepts