chore(deps): bump openclaw from 2026.5.28 to 2026.6.6 in /agent

[dependabot]

Bumps openclaw from 2026.5.28 to 2026.6.6.

Release notes

Sourced from openclaw's releases.

openclaw 2026.6.6

Highlights

• Security boundaries are substantially tighter across transcripts, sandbox binds, host environment inheritance, MCP stdio, Codex HTTP access, native search policy, elevated sender checks, deleted-agent ACP bypasses, loopback tools, Discord moderation, and Teams group actions; exec approvals now fail closed on timeout. (#91529, #91618, #91615, #91619, #91741, #91745, #91746, #91748, #91749, #91750, #91751, #91752, #91763, #89938) Thanks @​joshavant, @​pgondhi987, @​mmaps, @​eleqtrizit, @​shakkernerd, and @​drobison00.
• Telegram delivery is safer and more coherent: account-scoped topics route to the right agent, streamed text survives tool calls, /compact works on generic ingress, callback handling uses concrete APIs, draft chunking is shared, durable dispatch dedupe moved into the SDK, and unauthorized DM text stays out of cache and prompt context. (#91189, #88682, #89588, #90212, #91876, #91874, #91904, #91478, #91915) Thanks @​codysai001, @​alexzhu0, @​joelnishanth, @​snowzlm, @​obviyus, and @​sallyom.
• iMessage recovery and delivery now cover always-on inbound restart, durable echo markers, block streaming, idle approval discovery, hardened outbound transport, and actionable inbound startup diagnostics. (#91335, #91449, #88969, #88530, #91783, #91785) Thanks @​omarshahine, @​jmissig, and @​colmbrogan.
• Browser and MCP connectivity gained existing-session CDP support, discovered WebSocket validation, default-profile cdpUrl handling, safer browser-output boundaries, Streamable HTTP loopback transport, corrected OAuth/SSE authorization handling, and broader schema compatibility. (#91422, #89851, #91736, #91747, #91451, #80143) Thanks @​pgondhi987, @​anagnorisis2peripeteia, @​lifuyue, @​eleqtrizit, @​LiuwqGit, and @​HemantSudarshan.
• Control UI startup and first-reply latency are lower through cached model metadata, removal of the startup catalog wait, lazy slash-command loading, and first-event tracing with slow-reply diagnostics. (#91531, #91538, #91568, #91583, #91598)
• Provider support expands with OpenRouter OAuth onboarding and Claude Fable 5 adaptive thinking, while Codex sessions keep correct compaction ownership, local models skip guardian review, dynamic tool progress normalizes cleanly, and Gemma 4 reasoning replay is preserved. (#91830, #91882, #91590, #88630, #88768, #91696) Thanks @​Patrick-Erichsen, @​joshavant, @​bdjben, and @​Coder-Wangyankun.

Changes

• CLI progress: emit Claude CLI commentary progress events and bridge inter-tool commentary into channel progress without exposing internal protocol scaffolding. (#89834, #90883) Thanks @​anagnorisis2peripeteia.
• Observability: allow trusted diagnostics channels to capture tool input/output content, add first-assistant-event traces, and warn on slow initial replies. (#91256, #91568, #91583) Thanks @​amknight.
• Plugins/ClawHub: dogfood reusable package publishing, let dry runs skip publish approval, allow declared installed trusted hooks, report managed plugin version drift, and warn instead of failing on retired Skill Workshop configuration. (#91574, #91591, #90004, #90927, #90838) Thanks @​Patrick-Erichsen, @​brokemac79, and @​lonexreb.
• Memory/providers: move the local llama.cpp runtime into its provider plugin, batch embeddings across files, persist the agent model catalog cache, and keep QMD JSON search one-shot while filtering stale REM recall previews. (#91324, #89138, #90457, #91837, #91851) Thanks @​osolmaz, @​mushuiyu886, @​ai-hpc, and @​TurboTheTurtle.
• Channels/mobile: add the QQBot group mention toggle, improve iPad and iPhone control surfaces, and expose the active connection host in the TUI footer. (#91423, #91557, #89909) Thanks @​cxyhhhhh, @​Solvely-Colin, and @​baskduf.
• Performance: prewarm TUI runtime plugins, deduplicate plugin auto-enable fanout, stop /models derived-registry rescan storms, trim dense text-delta snapshots, and reuse prepared startup model metadata. (#90782, #89978, #92127, #91580, #91531) Thanks @​RomneyDa, @​obuchowski, and @​ai-hpc.

Fixes

• Agent/session recovery: drop stale approval follow-ups after session rebind, remove drained reply-queue items by identity, recover stale main and visible replies, preserve Codex context-engine compaction ownership, project thinking catalog compatibility through SDK sessions, retry same-model assistant calls across short rate-limit windows, lower the default compaction timeout to 180 seconds while respecting explicit configuration, and keep provider-failure terminal lifecycle state correct. (#85679, #91450, #91566, #91840, #91590, #91911, #91361, #91895) Thanks @​openperf, @​yetval, @​joshavant, @​lanzhi-lee, @​wangmiao0668000666, and @​TurboTheTurtle.
• User-visible content boundaries: suppress Codex/Harmony protocol artifacts, neutralize browser and LanceDB memory media directives, redact transcript images, and preserve native /compact replies through source suppression. (#89151, #91422, #91425, #91529, #90212) Thanks @​joelnishanth, @​pgondhi987, @​joshavant, and @​snowzlm.
• Channel delivery: keep WhatsApp captured replies attached to the successor controller after restart, retry Feishu rate limits, preserve Mattermost thread replies, canonicalize LINE webhook paths, restore Discord reply hydration and runtime timeout exports, and show OpenAI Realtime WebRTC assistant transcripts. (#85823, #89659, #91684, #91649, #90263, #91686, #90426) Thanks @​itsuzef, @​ladygege, @​jacobtomlinson, @​fuller-stack-dev, and @​shushushv.
• Cron: cancel active task runs cleanly, preserve terminal timeout/cancel state, and recover no-deliver tool warnings instead of silently losing the outcome. (#90666, #90678) Thanks @​ai-hpc.
• Gateway/config/auth: share the approval runtime socket token, replace arrays explicitly in config.patch, keep indexed replacePaths consent from widening to whole arrays, reject malformed Gateway RPC timeout inputs, skip the deleted-agent guard only for valid ACP harness sessions, surface headless LaunchAgent state, verify SQLite auth migration before cleanup, and arm QMD startup maintenance. (#87105, #91551, #91966, #54646, #40953, #91219, #91614, #91740, #91978) Thanks @​fuller-stack-dev, @​yetval, @​ruanrrn, @​comeran, and @​scotthuang.
• Providers/Codex: clarify quota errors, restore the Codex synthetic usage line, canonicalize Codex protocol assets, require API-key auth for realtime voice, normalize ACP model refs, preserve Gemma 4 reasoning_content, honor Ollama's provider-declared thinking default in SDK sessions, and avoid guardian review for local models. (#91390, #91709, #91507, #91567, #88630, #91657, #91696) Thanks @​hxy91819, @​brokemac79, @​RomneyDa, @​joshavant, @​openperf, and @​Coder-Wangyankun.
• Updates/builds: recover package Gateway restarts after refresh failure, expose plugin convergence repair, fall back to Corepack in PATH-less pnpm environments, seed the correct Docker store packages, keep ClawHub dry-run and publish paths reusable, and keep beta GitHub release pages draft until OpenClaw npm, dependency evidence, postpublish verification, and required plugin publishes pass. (#91581, #91599, #91547, #91591) Thanks @​fuller-stack-dev, @​sallyom, and @​Patrick-Erichsen.
• UI: require explicit user intent before opening chat sessions and drain restored chat queues after session switches. (#91480) Thanks @​TurboTheTurtle.
• Android: avoid the dataSync foreground-service type for persistent nodes. (#80082) Thanks @​davelutztx.
• Native hooks: bound relay lifetimes so abandoned native hook connections cannot linger indefinitely. (#91550) Thanks @​joshavant.

Release verification

• npm package: https://www.npmjs.com/package/openclaw/v/2026.6.6
• registry tarball: https://registry.npmjs.org/openclaw/-/openclaw-2026.6.6.tgz
• integrity: sha512-oMYoQ8a7zummw1tD+AX98yYLzqoq0tQmYWHG65AA0ZivgzmOb2oD0cVdhcWP9IT3opkHdJ5vBdWywUe6xWQXtw==
• release SHA: 8c802aa683510c7f7503597b54c3021733245e59
• full release CI report: https://github.com/openclaw/releases/blob/main/evidence/2026.6.6/release-evidence.md
• release publish: https://github.com/openclaw/openclaw/actions/runs/27411250030
• npm preflight: https://github.com/openclaw/openclaw/actions/runs/27396521799
• full release validation: https://github.com/openclaw/openclaw/actions/runs/27396520911
• plugin npm publish: https://github.com/openclaw/openclaw/actions/runs/27411419408
• plugin ClawHub publish: dispatched separately, not awaited by this proof: https://github.com/openclaw/openclaw/actions/runs/27411423316
• OpenClaw npm publish: https://github.com/openclaw/openclaw/actions/runs/27411547994
• npm Telegram beta E2E: not supplied

openclaw 2026.6.6-beta.2

... (truncated)

Commits

• 8c802aa fix(codex): stabilize app-server release tests
• de16f57 chore(release): prepare 2026.6.6 stable
• cdd3943 chore(scripts): remove stale proof helpers
• 04420cc fix(release): use trusted publishing for plugin npm
• 3129eed fix(docs): prune unavailable ClawHub format page
• ed12eee fix(docs): remove stale ClawHub nav page
• 4275b2f fix(release): refresh beta shrinkwraps
• 7a0131b fix(release): refresh llama-cpp shrinkwrap
• 68ef57a chore(release): prepare 2026.6.6 beta.2
• 79d7def test(ci): relax docker signal wait
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.