Resources / Archive release review

What OpenClaw 2026.5.6 Actually Changes

OpenClaw 2026.5.6 is a hotfix baseline: it undoes a 2026.5.5 doctor --fix repair that could rewrite valid Codex OAuth routes (openai-codex/*) to openai/*, breaking OAuth-only GPT-5.5 setups or silently shifting operators onto the API-key route. It also hardens plugin and web fetch handling so “it should work” requests fail less often and timed-out fetches don’t leave tool lanes stuck. Treat this as operability and recovery hygiene — not as permission to widen lanes or relax governed rollout gates.

Archive review Channels Supportability Plugin operations

New current baseline

OpenClaw 2026.5.7 is the newer conservative baseline (released May 7, 2026).
Use the current review here: What OpenClaw 2026.5.7 Actually Changes.

Upgrade notes to treat as real work

If you ran 2026.5.5 doctor --fix, re-check Codex OAuth routing: 2026.5.6 reverts a repair that could rewrite valid openai-codex/* routes to openai/*. If your default model changed, set openai-codex/gpt-5.5 again and run openclaw config validate.
Plugin fetch failures should get less weird: 2026.5.6 normalizes header dictionaries before handing them to native fetch/Headers, so symbol metadata on caller-owned objects stops breaking otherwise valid plugin requests.
Timed-out web fetches should stop leaving tool lanes stuck: guarded dispatcher cleanup is bounded after timeouts so fetch tools return errors instead of leaving “still running” lanes active.
xAI (Grok) operators still get the 2026.5.5 “stops failing live” fixes: Grok runs stop failing on unsupported reasoning-effort controls (Invalid reasoning effort) carried forward into 2026.5.6.
Discord should reconnect less noisily: heartbeat ACK timeouts are measured from the actual send, reducing false reconnect loops while the channel is still awaiting readiness.
WhatsApp reset paths should stop stalling replies: session-memory capture work is moved off the command-reply path and model-generated memory filename slugs are opt-in, reducing “/new and /reset got slow” incidents in message channels.
Approval-driven governance should get less brittle: Matrix approval delivery is retried with backoff so transient sends do not strand pending approval prompts.
Official plugin updates should drift less: host updates keep installed official plugins (Codex, Discord, WhatsApp, diagnostics) in sync even when disabled or pinned, and managed npm peer links are repaired so SDK-using plugins keep resolving openclaw/plugin-sdk/*.
Docker operators should pull the updated compose defaults: the bundled docker-compose.yml drops NET_RAW/NET_ADMIN and enables no-new-privileges, shrinking the default container capability surface.

What changed that actually matters

Codex OAuth routing stays correct after recovery: 2026.5.6 reverts a 2026.5.5 doctor --fix change that could rewrite valid openai-codex/* routes to openai/*, which can break OAuth-only GPT-5.5 setups or shift operators onto the API-key route.
Plugin requests fail less often in real environments: header objects with third-party symbol metadata are normalized before native fetch/Headers calls, so SDK and guarded/proxy fetch paths stop rejecting valid requests.
Web fetch timeouts clean up correctly: guarded dispatcher cleanup is bounded after timeouts so tool fetches return errors instead of leaving Gateway tool lanes active.
Native Grok runs stop failing on “reasoning effort”: OpenClaw no longer sends OpenAI-style reasoning-effort controls to native Grok Responses models and clamps the bundled xAI thinking profile to off, preventing a hard failure when the provider rejects unsupported fields.
Discord becomes less ambiguous to operate: heartbeat ACK timeout handling avoids false reconnect loops, plain-text control commands like /steer are routed through normal authorization/mention gates instead of being dropped, and streaming progress drafts keep useful reasoning text visible.
WhatsApp gets two “latency feels like flakiness” fixes: OpenClaw stops only verified stale local TUI clients when they degrade the event loop (instead of stopping everything), and reset-session memory capture no longer blocks message-channel command replies.
Approvals get a real retry path: Matrix approval delivery now retries with a short backoff, reducing “approval prompt vanished” incidents during transient channel failures.
Plugin installs and upgrades get less fragile: official plugin sync during host updates reduces drift, and managed npm peer link repair prevents “one plugin mutation broke other SDK-using plugins” failures.
Status and doctor output get more usable evidence: recent supervisor restart handoffs show up in deep status and doctor surfaces, and fast repeated status samples are less likely to be misclassified as event-loop degraded on CPU/utilization alone.
Docker defaults are harder to abuse: the bundled compose file drops raw-network capabilities and enables no-new-privileges, tightening the baseline for containerized rollouts.

Why operators should care

Fewer “mystery failures” during upgrades. When doctor --fix changes routing or a plugin fetch path rejects a request for non-obvious reasons, operators lose time proving whether the lane is actually unhealthy or just misconfigured. 2026.5.6 removes a sharp edge that can break OAuth-only Codex setups and hardens fetch paths that otherwise fail in ways that look like “AI quality” problems.

Channel reliability improvements translate directly into activation safety. Discord reconnect loops, WhatsApp stall behavior, and approval delivery failures show up as operator doubt and accidental widening. Treat these fixes as a reason to tighten proofs, not relax them.

Better evidence means better guardrails. When deep status and doctor output show restart handoffs and degradation more accurately, “green lights” become less misleading. That supports conservative runbooks.

What this does not change

This is not a broader memory claim: none of these fixes prove recall quality, correct retrieval, or governed write safety.
Channel “configured” still needs proof: you still need a send/receive proof step in the real channel lane (Discord, WhatsApp, Matrix, etc).
Approval retries do not replace governance design: “approval delivered reliably” is not the same as “the approval policy is safe.” Keep scope boundaries explicit.
Operational hardening is not autonomy widening: fewer flake edges should not change your file, channel, or network permission posture.

Risks and areas to watch

Recovery tools can still mutate defaults: treat doctor --fix as a repair surface that deserves a post-run validation pass (provider route, default model, config validate), not as a “press and forget” button.
Provider behavior still changes underneath you: even with the Grok reasoning-effort fix, model/provider contracts shift. Keep versioned smoke checks and “known good” pins for production lanes.
Plugin syncing is not a free upgrade: “official plugins stay in sync” reduces drift, but operators should still review what is installed, what versions are present, and what scopes they imply.
WhatsApp responsiveness fixes do not prove delivery correctness: verify outbound send success and inbound acknowledgement in the actual WhatsApp lane after upgrading.

Who should care most

If you are...	This release matters because...
running Discord, WhatsApp, Matrix approvals, or multi-channel ops	channel-operability fixes reduce false reconnect loops, stalled command replies, and stranded approvals
operating Grok models through OpenClaw	native Grok live runs stop failing on unsupported reasoning-effort controls
supporting many plugin-based installs	official plugin syncing + managed peer-link repair reduce “upgrade broke unrelated plugin” incidents
operating via Docker	the default compose hardening shrinks the container capability surface without changing your config
doing governed rollouts with tight runbooks	better doctor/status evidence helps you distinguish true degradation from transient or misclassified signals

Which CWYN product fits this release best

If the issue is channel reliability proof, plugin install/update stability, support triage, or first safe activation checks, start with the OpenClaw Native Memory Activation Kit. This release makes the “prove the lane is healthy” checklist less brittle, especially for Discord/WhatsApp/operator tooling.

If memory already works and the problem is trust tiers, scoped promotion, file-write governance, or public-action boundaries, use the OpenClaw Discernment Control Kit.

If runtime health, channels, memory, approvals, and support loops are tangled together, use the OpenClaw Memory Architecture Bundle.

The practical takeaway

OpenClaw 2026.5.6 is the safer maintenance baseline because it fixes a 2026.5.5 recovery regression that can break Codex OAuth routing and it hardens fetch behavior. You still also get the broader 2026.5.5 operability wins: fewer Grok reasoning-effort rejects, fewer Discord reconnect ambiguities, fewer WhatsApp reset stalls, fewer stranded approvals, and less plugin drift. The right response is not to widen autonomy — it is to tighten your proof checklist: version, plugin state, deep status, a real send/receive proof, and exact retrieval probes before you treat the lane as safe.

Need the checklist version?

Use the Production Safety Checklist when you need to separate gateway, model-auth, memory, approval, and rollback health before widening.

Get checklist Open selector

Need the kit update?

Start with the activation kit if the main problem is upgrade safety, channel proof, plugin/config health checks, or first safe native-memory activation.

View activation kit Back to resources

Release-eval rubric

Change type: recovery, support/diagnostics, plugin operations, fetch reliability
Operator value: high for Codex OAuth operators + plugin-heavy installs
Best-fit product: activation first
Public-safe claim: fewer “flaky lane” and recovery regressions, not broader autonomy proof

What to keep conservative

No default LanceDB migration language
No session-memory default claim
No broad Active Memory rollout claim
No channel-health claims without proofs
No autonomy widening from operability wins

Source and validation

Official OpenClaw 2026.5.6 release OpenClaw rollout path Native Memory Activation Kit Memory Architecture Bundle