chore(openclaw): 升级 OpenClaw 至 2026.5.27

[xzq-xu]

OpenClaw 版本更新

项目	值
当前版本	2026.4.8
最新版本	2026.5.27
Release	https://github.com/openclaw/openclaw/releases/tag/v2026.5.27

CHANGELOG 摘要

展开查看

Highlights

• Stronger security and content boundaries: group prompt text is kept out of the system prompt, repeated-dot hostnames are normalized, side-effecting command wrappers and unsafe Node runtime env overrides are blocked, no-auth Tailscale exposure is rejected, and node/device-role approvals now require admin authority. (#87144, #87305, #87292, #87308, #87146) Thanks @eleqtrizit and @pgondhi987.
• More reliable Codex app-server runs: Codex runtime models resolve first, workspace memory is routed through tools, shared app-server clients survive startup and spawned-helper failures, native hook relay generations survive restarts and rotate on fresh fallbacks, and false runtime live switches are avoided. (#87383, #87403, #87375, #72574, #87428) Thanks @yetval.
• Faster Gateway and reply paths: session reads, plugin metadata fingerprints, auth env snapshots, auto-enabled plugin config, tool-search catalogs, and stable metadata caches do less hot-path rediscovery while visible replies no longer inherit hidden cleanup timeouts. (#86439, #87044) Thanks @keshavbotagent.
• Better provider and model coverage: OpenAI-compatible embedding providers are core, DeepInfra catalog browsing loads the full credential-aware model set, Pixverse adds video generation and API region selection, VLLM thinking params are wired, Claude CLI OAuth overlays load for PI auth profiles, and bare direct Anthropic model ids work. (#85269, #84549, #87167) Thanks @dutifulbob, @ats3v, and @joshavant.
• Channel delivery is steadier: Telegram sendMessage actions use durable outbound delivery, iMessage suppresses duplicate native exec approval prompts and sends, Slack keeps delivered final replies during late cleanup, Matrix mention previews/finals are stricter, QQBot fallback approval buttons honor slash-command auth, Discord guild requester checks are tighter, recovered Discord tool-warning artifacts stay out of successful replies, and Google Chat stops thread sends in DMs. (#87261, #87154)

集成面检查清单

对照 ee/docs/OpenClaw集成面清单.md，逐项确认新版本兼容性：

• 配置 Schema — openclaw.json Zod strict schema 是否接受我们写入的全部字段
• 文件系统路径 — /root/.openclaw/ 目录结构是否变更
• Session 文件格式 — sessions.json / .jsonl 结构是否变更
• Channel Plugin SDK — openclaw/plugin-sdk API 是否有 breaking change
• Gateway 协议 — 端口 (18789/9721)、/healthz、认证方式是否变更
• CLI 行为 — openclaw gateway 参数是否变更
• Gene/Skill 注入 — SKILL.md 格式、extraDirs 机制是否变更
• 安全管道 — tools.exec.* 配置项、Security WebSocket 协议是否变更
• 镜像验证 — ./verify.sh <image:tag> 全部 PASS

---

此 PR 由 GitHub Actions 自动创建。

合并后请：

1. 构建新镜像：./build.sh openclaw --version 2026.5.27
2. 运行验证：./verify.sh <image:tag>
3. 在引擎版本管理中发布新版本