OpenClaw dropped v2026.4.12-beta.1 late Sunday night — and while it's a pre-release, it packs a meaningful set of changes across plugin architecture, active memory, and security hardening worth knowing about before the stable drop lands.
Plugin Loading Gets Scoped Boundaries
The headline change is a significant rework of how plugins activate at runtime. Previously, plugins could load broader-than-necessary runtimes depending on how the agent was invoked. In v2026.4.12-beta.1, plugin activation is now narrowed to manifest-declared needs only.
CLI invocations, provider activations, and channel startups now load exactly what the plugin's manifest declares — nothing more. The change also centralizes manifest-owner policy so startup, command discovery, and runtime activation no longer load unrelated plugin runtimes as a side effect.
The practical benefits:
- Security: smaller activation surface means less unexpected code running per agent turn
- Performance: startup and command discovery skip unused plugin runtimes
- Predictability: plugin behavior is now fully defined by what the manifest declares
Big thanks to @vincentkoc for driving the underlying PR work across #65120, #65259, #65298, #65429, and #65459.
Active Memory QMD Recall Defaults to Search
The Active Memory plugin — introduced in v2026.4.10 — gets a notable quality-of-life improvement: QMD recall now defaults to search mode out of the box. Previously, enabling this required manual configuration; now it works predictably from a fresh install.
The fix also surfaces better search-path telemetry. When memory-backed recall behaves unexpectedly, you'll have clearer signals about what happened. Recall runs now stay on the resolved channel when wrappers like mx-claw are enabled, and lexical boosts no longer bleed into hybrid search results — meaning Active Memory finds the right memories more consistently in everyday use.
(#65068 — thanks @Takhoffman)
Gateway Credentials: Placeholder Tokens Now Block Startup
This one matters for every self-hoster. Previously, if you copied .env.example and forgot to swap out the example gateway token or password, OpenClaw would start anyway — leaving your deployment running on a publicly known credential.
In v2026.4.12-beta.1, that loophole closes. The shipped example credential is now blanked, and if OpenClaw detects a copied placeholder token or password at startup, it refuses to start with an explicit error message pointing you to fix it.
This is a meaningful hardening step for community deployments where operators may not realize the .env.example values are placeholders, not safe defaults. If you're upgrading, double-check your gateway token before restarting — you'll get a clear error if anything needs updating.
(#64586 — thanks @navarrotech and @vincentkoc)
Memory and Dreaming Fixes
Several reliability issues in the memory and dreaming stack get addressed in this release:
- Wiki Unicode slugs: Non-ASCII titles no longer collapse or overflow path limits — Unicode letters, digits, and combining marks are now preserved correctly in wiki slugs and contradiction clustering (#64742, thanks @zhouhe-xydt)
- Nested daily notes: Files nested under
memory/**/YYYY-MM-DD.mdnow feed short-term recall as expected, while dream reports undermemory/dreaming/**are correctly excluded from self-promotion (#64682) - Dreaming diary timestamps: The diary now uses the host's local timezone when
dreaming.timezoneis unset, and surfaces the timezone abbreviation so DREAMS.md and the UI are unambiguous (#65034, #65057) - Dreaming light-sleep confidence: Fixed a long-standing bug where dreaming-only entries showed
confidence: 0.00by computing staged candidate confidence from all short-term signals, not just recall counts (#64599) - Docs/memory-wiki: The recommended QMD + bridge-mode hybrid recipe plus zero-artifact troubleshooting guidance for memory-wiki bridge setups is now documented (#63165)
Platform and Infrastructure Fixes
The beta also ships targeted fixes across channels and infrastructure:
- WhatsApp: Falls back to the first
mediaUrlsentry whenmediaUrlis empty, stopping silent attachment drops on gateway media sends (#64394) - Telegram: Approval button callbacks now resolve on a separate sequencer lane, eliminating the deadlock where plugin approval clicks stalled behind a blocked agent turn (#64979)
- Matrix: Room mention gating now accepts
@displayNameMatrix URI labels, restoringrequireMentionfor non-OpenClaw Matrix clients (#64796) - Gateway/keepalive: WebSocket tick broadcasts are no longer marked as droppable, preventing slow or backpressured clients from self-disconnecting during long-running agent work (#65256, #65436)
- Agents/queueing: Orphaned user messages that arrive mid-run are now carried into the next prompt rather than being silently dropped (#65388)
- CLI/update: The self-update path now respawns from the updated entrypoint after package updates, fixing failures on stale dist chunk imports (#65471)
What to Expect Next
This is a pre-release — the stable v2026.4.12 follow-on is expected shortly. For self-hosters tracking main closely, all of these changes are now in the beta channel. As always, test in a non-production environment before upgrading gateways that handle live traffic.
Follow the full changelog and PR notes on the GitHub releases page.