chore(deps): bump openclaw from 2026.5.28 to 2026.6.8 in /agent

[dependabot]

Bumps openclaw from 2026.5.28 to 2026.6.8.

Release notes

Sourced from openclaw's releases.

openclaw 2026.6.8

2026.6.8

Highlights

• Richer channel delivery: Telegram and WhatsApp are less brittle: Telegram renders structured text with tables, lists, expandable blockquotes, preserved intentional line breaks, and CLI-backed replies, while WhatsApp now honors configured ACP bindings. (#92679, #93164, #84082, #89421, #92513) Thanks @​obviyus, @​vincentkoc, @​jzakirov, @​spacegeologist, @​TurboTheTurtle, @​mcaxtr, @​myrzka, and @​dmorn.
• More reliable agent runs: account-scoped DM sends, generated media completions, auto-reply message-tool final replies, reset archive fallback reads, restart shutdown aborts, yielded subagent pauses, and session identity prompts all stay on the correct recovery path. (#92788, #91246, #92879, #91357, #92631, #92468) Thanks @​yetval, @​TurboTheTurtle, @​masatohoshino, @​CadanHu, @​vincentkoc, @​ooiuuii, @​openperf, @​zhangguiping-xydt, @​QQSHI13, @​kumaxs, and @​aleps001.
• Safer model routing: new GLM-5.2 and Claude Haiku 4.5 catalog support arrives with normalized provider IDs, managed SecretRef auth, bounded model browsing, and safer OpenAI/Anthropic tool-schema recovery. (#92796, #90116, #92627, #90686, #92247, #92941) Thanks @​arkyu2077, @​liuhao1024, @​lijenhsin, @​rohitjavvadi, @​samson910022, @​maaron34, @​syfvb, and @​samson1357924.
• Useful usage footers: /usage and reply payload hooks now have a native full footer renderer, default template, fixed-decimal formatting, credential-aware limits, better partial-count handling, and warnings for broken templates instead of silent bad output. (#92657, #89835, #89629) Thanks @​Marvinthebored.
• Predictable web search defaults: key-free providers such as Parallel Free, DuckDuckGo, Ollama, and Codex Hosted Search remain explicit opt-ins rather than surprising automatic fallbacks. (#93616) Thanks @​davemorin and @​vincentkoc.
• Calmer UI and mobile sessions: workspace files start collapsed, WebChat backscroll survives streaming, the desktop session picker remains interactive, reset arguments survive dispatch, and iOS reconnects stale foreground Gateways. (#92779, #92622, #92705, #91353, #92552) Thanks @​shakkernerd, @​TurboTheTurtle, @​NianJiuZst, @​zhouhe-xydt, @​Solvely-Colin, @​MaBeitian, @​vincentkoc, @​Chang2020618, and @​DrtyMorty.
• Resilient memory and state: oversized OpenAI embedding batches split before 431s, QMD search stays available in transient mode, SQLite avoids WAL on NFS volumes, and full reindexes preserve rollback/cache recovery. (#92650, #92618, #92639, #91247, #92881) Thanks @​mushuiyu886, @​BrettHamlin, @​zhbcher, @​TurboTheTurtle, @​Takhoffman, @​849261680, @​TSHOGX, @​vincentkoc, and @​AFabyTWE.

Changes

• Providers/models: add GLM-5.2 support and Claude Haiku 4.5 catalog entries while keeping provider-qualified model IDs normalized across OpenRouter and Google Vertex paths. (#92796, #90116, #92627, #91218) Thanks @​arkyu2077, @​liuhao1024, @​bymle, @​maaron34, @​lijenhsin, @​davemorin, and @​vincentkoc.
• Web search: keep key-free providers such as Parallel Free, DuckDuckGo, Ollama, and Codex Hosted Search as explicit opt-ins instead of selecting them automatically when no API-backed provider is configured. (#93616) Thanks @​davemorin and @​vincentkoc.
• Channel plugins: ship Telegram rich-message delivery and WhatsApp ACP binding support, including preserved intentional line breaks, rich prompt handoff to CLI backends, and transport fixtures for richer drafts. (#92679, #93164, #92513) Thanks @​obviyus, @​TurboTheTurtle, @​vincentkoc, @​mcaxtr, and @​dmorn.
• Agent commands: support /btw in CLI-backed sessions and keep CLI usage-error exits classified as usage failures instead of successful runs. (#92669, #92162) Thanks @​joshavant, @​Pandah97, @​marcospaulo, @​davemorin, and @​vincentkoc.
• Usage hooks: add built-in full footer rendering, default footer templates, per-turn usage state, credential-aware limits, and fixed-decimal formatting for usage-bar templates. (#92657, #89835, #89629) Thanks @​Marvinthebored.

Fixes

• Channels and delivery: preserve account-scoped DM channel send policy, intentional rich-message line breaks in Telegram and status output, rich Telegram final replies, rich Telegram tables and lists, Telegram thread-create CLI remapping, Feishu dynamic-agent routes after persisted binding reuse, Slack outbound message_sent hooks, contributed message-tool schema optionality, same-channel generated media completions, and channel chunking around surrogate pairs and Infinity limits. (#92788, #93164, #92679, #89421, #89943, #42837, #92814, #91137, #91246, #92735) Thanks @​yetval, @​obviyus, @​spacegeologist, @​rishitamrakar, @​liuhao1024, @​lundog, @​TurboTheTurtle, @​yhterrance, @​vincentkoc, @​myrzka, @​cwlong163-afk, @​kumaxs, @​shakkernerd, and @​RewardsPal.
• Gemini CLI: use the selected OpenClaw OAuth/API-key auth profile in an isolated Gemini CLI runtime home, preventing ambient Google machine credentials from overriding the chosen profile. (#88748) Thanks @​jason-allen-oneal and @​shakkernerd.
• Discord: give generated auto-thread titles a 60-second timeout and 4,096-token reasoning-model output budget, clamped to the selected model output cap. (#64734) Thanks @​hanamizuki.
• Agent, cron, and Gateway runtime: mark active main sessions before restart shutdown aborts, pause yielded subagent runs whose terminal also signals abort, clamp trusted subagent thinking overrides through provider/model fallback, preserve yielded media completions, deliver channel message-tool final replies through auto-reply while hiding internal delivery hints, restore reset archive fallback reads when active async transcripts are missing, de-duplicate main-session heartbeat events, expose session identity in runtime prompts, reject unknown OpenAI agent selectors, keep generated media completions, slash-command block replies, and trajectory export commands in WebChat, and require admin privileges for HTTP session/model override surfaces. (#91357, #92631, #92412, #92146, #92879, #91287, #92468, #92510, #91246, #92651, #92646) Thanks @​ooiuuii, @​openperf, @​IWhatsskill, @​masatohoshino, @​CadanHu, @​ZengWen-DT, @​zhangguiping-xydt, @​TurboTheTurtle, @​oiGaDio, @​aleps001, @​vincentkoc, @​GSL-R, @​QQSHI13, @​ryanhelms, @​kumaxs, @​steipete-oai, @​hxy91819, @​davemorin, and @​nailujac.
• Providers and model replay: preserve storeless OpenAI Responses replay compatibility, recover invalid OpenAI reasoning signatures and genericized Anthropic thinking-signature replay errors, route OAuth image defaults through Codex for eligible OpenAI profiles, avoid eager tool streaming for Claude 4.5 in Copilot, quarantine unreadable and post-hook OpenAI/Anthropic-family tool schemas without broadening allowed tool choices, deliver explicit thinking-off requests to LM Studio binary-thinking models, honor profile auth for SecretRef model entries, bound model browsing, strip provider prefixes where runtimes need bare IDs, and surface nested embedding fetch failures. (#90706, #92941, #92201, #92916, #92824, #75393, #92908, #92921, #92928, #92002, #90686, #92247, #92627, #91218, #92628) Thanks @​snowzlm, @​mmyzwl, @​CarlCapital, @​bek91, @​Kailigithub, @​vincentkoc, @​rohitjavvadi, @​samson910022, @​nxmxbbd, @​liuhao1024, @​bymle, @​mushuiyu886, @​finchinslc, @​syfvb, @​lijenhsin, @​crsnpalmer-art, @​samson1357924, @​shakkernerd, and @​mlaihk.
• Memory, state, diagnostics, and config: split header-too-large embedding batches, keep QMD memory search enabled in transient mode, avoid SQLite WAL on NFS volumes, preserve recovery scheduling outside stuck-session warning backoff, preserve full-reindex rollback/cache recovery, and treat raw Memory Wiki source pages as source evidence. (#92650, #92618, #92639, #91247, #92752, #92881, #59137, #92876) Thanks @​mushuiyu886, @​TurboTheTurtle, @​849261680, @​gnanam1990, @​TSHOGX, @​vincentkoc, @​arlen8411, @​BrettHamlin, @​zhbcher, @​Takhoffman, @​AFabyTWE, @​davemorin, and @​zhuyankarl.
• UI/mobile/TUI: preserve dashboard session parent lineage, WebChat backscroll, reset soft command args, sidebar session picker interactivity, collapsed workspace files, resolved /model confirmation refs, stale foreground iOS Gateway reconnects, and paused setup-parent stdin after inherited-stdio child exit. (#90658, #92622, #91353, #92705, #92779, #92773, #92552, #93159) Thanks @​luoyanglang, @​TurboTheTurtle, @​zhouhe-xydt, @​NianJiuZst, @​shakkernerd, @​NarahariRaghava, @​Solvely-Colin, @​fuller-stack-dev, @​lily-oc, @​MaBeitian, @​vincentkoc, @​obviyus, @​DrtyMorty, and @​Chang2020618.
• Plugins and updates: repair missing required platform packages during managed plugin installs and updates, including omitted Codex platform binaries. Thanks @​vincentkoc.
• Dependencies: update Hono to 4.12.25 so published OpenClaw and ACPX packages use the patched runtime. Thanks @​vincentkoc.
• Updates: avoid a false downgrade prompt when the latest tag cannot resolve. (#92911) Thanks @​Andy312432 and @​vincentkoc.

Complete contribution record

This audited record covers the complete v2026.6.6..v2026.6.8 history: 192 merged PRs. The generation manifest also supplies direct commits as editorial input; the grouped notes above prioritize user impact.

Pull requests

• PR #92144 fix(cron): report SQLite storage path in cron.status instead of legacy jobs.json. Related #91766. Thanks @​liuhao1024 and @​AaronFaby.
• PR #92175 fix(channel): harden local setup trust. Thanks @​hxy91819.
• PR #91528 fix #73837: stop after failed Node package installs. Thanks @​mushuiyu886 and @​ItsMeForLua.
• PR #91561 fix(wizard): report keyless web_search providers as ready, not missing a key. Thanks @​NormallyGaussian.
• PR #92073 fix: handle explicit silent assistant replies. Related #92038. Thanks @​sallyom and @​vultusv.
• PR #91311 Allow Skill Workshop apply through trusted skill symlinks. Thanks @​abnershang.
• PR #88245 refactor(whatsapp): introduce inbound message contexts. Thanks @​mcaxtr.
• PR #92212 refactor: move workspace skill writes to lifecycle. Thanks @​shakkernerd.
• PR #92248 Remove ClawHub owner preflight. Thanks @​Patrick-Erichsen.
• PR #91617 test(sqlite): add state perf query plan harness. Related #91616. Thanks @​galiniliev.

... (truncated)

Commits

• 844f405 docs(changelog): note patched Hono runtime
• 71fbd3e fix(deps): update Hono security pin
• 6a49346 docs(changelog): refresh 2026.6.8 notes
• 94c72ac Keep key-free web search providers opt-in (#93616)
• 6af6e1e fix(ci): require billable Anthropic release key
• 6c375c7 fix(ci): prefer Anthropic OAuth in live validation
• b1e925f fix(ci): support Anthropic OAuth release validation
• cf9dea7 fix(release): satisfy retry delay lint
• 780373f chore(release): prepare 2026.6.8 stable
• 11af11a fix(release): tolerate npm propagation after publish
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.