chore(openclaw): 升级 OpenClaw 至 2026.5.20

[xzq-xu]

OpenClaw 版本更新

项目	值
当前版本	2026.4.8
最新版本	2026.5.20
Release	https://github.com/openclaw/openclaw/releases/tag/v2026.5.20

CHANGELOG 摘要

展开查看

Changes

• Exec approvals: remove the old cat SKILL.md && printf ... && <skill-wrapper> allowlist compatibility path so skill files must be loaded with the read tool and only the real skill executable is auto-allowed.
• Discord: let voice sessions follow configured Discord users into voice channels, with allowed-channel checks, multi-user handoff, bounded reconciliation, and DAVE recovery preservation. (#84264) Thanks @fuller-stack-dev.
• Discord/voice: include bounded IDENTITY.md, USER.md, and SOUL.md profile context in realtime voice session instructions by default, with voice.realtime.bootstrapContextFiles: [] available to disable it. (#84499) Thanks @fuller-stack-dev.
• Dependencies: bump the bundled Codex harness to @openai/codex 0.132.0 and refresh the app-server model-list docs for the new catalog.
• CLI/policy: add the bundled Policy plugin for policy-backed channel conformance checks, doctor lint findings, and opt-in workspace repair. (#80407) Thanks @giodl73-repo.
• Agents/config: allow agents.list[].experimental.localModelLean so lean local-model mode can be enabled for one configured agent instead of globally.
• Providers/xAI: add device-code OAuth login so remote and headless setups can authorize xAI without a localhost browser callback. (#84005) Thanks @fuller-stack-dev.
• Providers/OpenRouter: honor provider-level params.provider routing policy for OpenRouter requests, with model and agent params overriding the defaults. Thanks @amknight.

Fixes

• CLI/tasks: include stale-running task maintenance decisions in openclaw tasks maintenance --json so retained and reconcile candidates explain backing-session, cron, CLI, and wedged-subagent state. (#84691) Thanks @efpiva.
• Codex app-server: keep system-prompt reports working when bootstrap hooks provide workspace files with only a path and content, so hook-supplied SOUL/IDENTITY/TOOLS/USER context still reports injected characters correctly. (#84736) Thanks @JARVIS-Glasses.
• P

集成面检查清单

对照 ee/docs/OpenClaw集成面清单.md，逐项确认新版本兼容性：

• 配置 Schema — openclaw.json Zod strict schema 是否接受我们写入的全部字段
• 文件系统路径 — /root/.openclaw/ 目录结构是否变更
• Session 文件格式 — sessions.json / .jsonl 结构是否变更
• Channel Plugin SDK — openclaw/plugin-sdk API 是否有 breaking change
• Gateway 协议 — 端口 (18789/9721)、/healthz、认证方式是否变更
• CLI 行为 — openclaw gateway 参数是否变更
• Gene/Skill 注入 — SKILL.md 格式、extraDirs 机制是否变更
• 安全管道 — tools.exec.* 配置项、Security WebSocket 协议是否变更
• 镜像验证 — ./verify.sh <image:tag> 全部 PASS

---

此 PR 由 GitHub Actions 自动创建。

合并后请：

1. 构建新镜像：./build.sh openclaw --version 2026.5.20
2. 运行验证：./verify.sh <image:tag>
3. 在引擎版本管理中发布新版本