chore(sync): OpenClaw v2026.5.26 upstream sync

.sync/blog-drafts/openclaw-v2026.5.26-en.json

@@ -0,0 +1,9 @@
+{
+  "title": "OpenClaw v2026.5.26: Faster Gateway, Security & Reaction Approvals",
+  "slug": "openclaw-v2026-5-26-faster-gateway-security-reaction-approvals",
+  "description": "OpenClaw v2026.5.26 ships cached gateway startup, SSRF+prompt-injection security hardening, emoji reaction approvals on WhatsApp/Signal/iMessage, and OpenTelemetry observability.",
+  "tags": ["openclaw", "release", "ai-sdr", "b2b-sales", "security", "whatsapp", "multi-channel"],
+  "author": "PulseAgent",
+  "lang": "en",
+  "content": "# OpenClaw v2026.5.26: Faster Gateway, Security Hardening & Reaction Approvals\n\n*Released May 27, 2026 · 100+ contributors*\n\nOpenClaw v2026.5.26 delivers three headline improvements for production B2B deployments: a gateway startup optimization that eliminates redundant scans, a multi-layer security model that blocks SSRF and prompt-injection attacks, and reaction-based channel approvals that let operators approve agent actions with a single emoji tap.\n\n## What's New in v2026.5.26\n\n### 1. Gateway Startup Optimization\n\nThe gateway now caches plugin metadata, package paths, and session data on first load — eliminating repeated plugin/channel/session re-discovery on every restart. For deployments running dozens of plugins or connecting to multiple sales channels simultaneously, this means faster cold-start recovery and more reliable uptime during rolling restarts.\n\n> **Key fact:** Plugin/channel/session re-discovery overhead is now paid once, not on every gateway restart — a significant improvement for high-availability deployments.\n\n### 2. Security Hardening: SSRF + Prompt Injection Prevention\n\nv2026.5.26 introduces a layered security model that enterprise B2B deployments have needed:\n\n- **SSRF policy enforcement**: Browser snapshots now honor your configured SSRF policy, preventing agents from being leveraged to probe internal infrastructure.\n- **Prompt injection prevention**: System-event text is sanitized before entering the LLM context, closing a class of injection attacks where external content could impersonate system instructions.\n- **External content boundaries**: Fetched file text is wrapped as clearly-labeled external content — models always distinguish trusted system instructions from untrusted external input.\n- **Stale device token rejection**: Push notification tokens are validated at send time; deregistered device tokens are dropped cleanly rather than accumulating silently.\n- **ClickClack sender allowlists**: Enforced sender verification on the ClickClack channel prevents unauthorized message injection.\n- **Tool-call serialization scrubbed**: Tool-call metadata is scrubbed from outbound replies to prevent information leakage.\n\nFor B2B deployments handling sensitive CRM data and prospect communications, this security layer substantially reduces your attack surface.\n\n### 3. Reaction-Based Channel Approvals\n\nSignal, iMessage, and WhatsApp now support **reaction-based approvals** — agents can present a message with reaction options, and operators approve or deny by reacting rather than typing a command.\n\nThis is a meaningful UX upgrade for sales operations: instead of requiring your sales manager to type \"approve\" in a thread, they tap a thumbs-up emoji. The approval is logged, traceable, and requires no separate dashboard.\n\n**Channels supporting reaction approvals:**\n- Signal\n- iMessage\n- WhatsApp\n- Telegram: typing/progress context preserved; forum topic threading maintained\n- Discord: voice playback improved\n\n### 4. Realtime Talk: Inspectable, Steerable & Cancellable\n\nThe Realtime Talk engine is now fully controllable from the Web UI and Discord:\n\n- **Inspectable**: See current voice session state in real time\n- **Steerable**: Redirect agent focus mid-conversation from the dashboard\n- **Cancellable**: Kill a runaway voice session without restarting the gateway\n\nWake-name handling is more tolerant of ambient speech — partial name matches in a busy office or call center no longer trigger the agent. Shared realtime turn-context tracking is synchronized across all voice SDKs for consistent cross-channel state.\n\n### 5. Observability: Activity Tab + OpenTelemetry LLM Spans\n\nA new **Activity tab** in the Web UI surfaces sanitized summaries of tool activity — what ran, what was blocked, and why. This is the single-pane-of-glass view that sales ops teams have wanted for auditing agent behavior.\n\nOpenTelemetry LLM spans are now emitted for gateway operations, giving your Datadog, Grafana, or Honeycomb stack direct visibility into model call latency and error rates.\n\nNew telemetry signals in this release:\n- Blocked tool events with reason codes\n- Failover events with context\n- Stale session warnings\n- Gateway secret-prep traces\n\n### 6. Transcript-Backed Architecture\n\nMeeting summaries and media provenance are now consolidated in a unified transcript-backed store. This is the infrastructure layer for **meeting-aware SDR**: an agent that attended a discovery call can now reference that transcript when crafting a follow-up message, without manual copy-paste.\n\n### 7. Image Processing: Sharp → Rastermill\n\nImage processing migrates from Sharp to Rastermill. For deployments processing attachments, screenshots, or product images in WhatsApp/iMessage threads, Rastermill provides more predictable memory behavior and full Alpine Linux compatibility — important for containerized production deployments.\n\n---\n\n## Upgrade Impact for B2B SDR Deployments\n\n| Feature | Before v2026.5.26 | After v2026.5.26 |\n|---|---|---|\n| Gateway restart overhead | Re-scans all plugins/sessions every time | Cached — one-time scan |\n| Channel approvals | Text commands required (approve) | Emoji reactions work |\n| SSRF protection | Not enforced on browser snapshots | Enforced by policy |\n| Prompt injection risk | System events could be spoofed | Sanitized before LLM context |\n| Tool visibility | No built-in audit view | Activity tab + OTel spans |\n| Voice session control | Limited Web UI control | Inspectable, steerable, cancellable |\n| Meeting follow-ups | Manual transcript lookup | Transcript-backed store |\n\n---\n\n## Deploy with PulseAgent\n\nPulseAgent's B2B SDR template is updated to v2026.5.26. Deploy in one command:\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/iPythoning/b2b-sdr-agent-template/main/install.sh | bash\n```\n\nThe template includes pre-wired SDR workflows across every major channel:\n\n- [WhatsApp sales automation](/solutions/whatsapp-sales-automation) — reaction approvals now work natively\n- [AI SDR for B2B export](/solutions/ai-sdr-for-b2b-export) — multi-channel pipeline with security hardening\n- [Telegram lead generation](/solutions/telegram-lead-generation) — forum topic threading preserved\n- [Multi-channel sales pipeline](/solutions/multi-channel-sales-pipeline) — unified transcript store\n- [AI sales agent for manufacturing](/solutions/ai-sales-agent-for-manufacturing) — enterprise security layer\n\n---\n\n## Frequently Asked Questions\n\n**Q: Do reaction approvals work in WhatsApp group chats?**\nA: Yes. On WhatsApp and iMessage, reaction-based approvals work in both 1:1 and group contexts. The approval is attributed to the reacting user.\n\n**Q: Do I need to update my agent config to get the security improvements?**\nA: No. SSRF policy enforcement and prompt injection sanitization are automatic. ClickClack sender allowlists require a one-time config entry only if you use that channel.\n\n**Q: Will the Sharp → Rastermill migration break my existing image workflows?**\nA: No. Rastermill is API-compatible with Sharp. Deployments on Alpine Linux will see the most improvement.\n\n**Q: What does \"transcript-backed architecture\" mean for my SDR team?**\nA: Meeting summaries are now stored in a persistent, queryable store. Your agents can reference past calls when writing follow-ups — this is the infrastructure that enables meeting-aware personalization.\n\n**Q: Where do I see what tools my agents are running?**\nA: Open the Activity tab in the OpenClaw Web UI. It shows a sanitized log of tool calls, blocked operations, and approvals — filterable by session and time range.\n\n---\n\n## Start Using v2026.5.26 Today\n\nPulseAgent keeps your B2B SDR stack on the latest stable OpenClaw automatically.\n\n[Start free on PulseAgent](https://pulseagent.io/app/login?ref=blog&utm_source=blog&utm_medium=release-post&utm_campaign=openclaw-v2026.5.26) · [View pricing](https://pulseagent.io/pricing?ref=blog&utm_source=blog&utm_medium=release-post&utm_campaign=openclaw-v2026.5.26)\n"
+}

.sync/blog-drafts/openclaw-v2026.5.26-zh.json

@@ -0,0 +1,9 @@
+{
+  "title": "OpenClaw v2026.5.26：网关加速、安全加固与多渠道表情审批",
+  "slug": "openclaw-v2026-5-26-faster-gateway-security-reaction-approvals",
+  "description": "OpenClaw v2026.5.26 带来网关启动缓存优化、SSRF+提示注入安全加固、WhatsApp/Signal/iMessage表情反应审批，以及OpenTelemetry可观测性支持，100+贡献者共同打造。",
+  "tags": ["openclaw", "发布", "AI-SDR", "B2B销售", "安全", "WhatsApp", "多渠道"],
+  "author": "PulseAgent",
+  "lang": "zh",
+  "content": "# OpenClaw v2026.5.26：网关加速、安全加固与多渠道表情审批\n\n*2026年5月27日发布 · 100+ 贡献者*\n\nOpenClaw v2026.5.26 带来三项对生产级 B2B 部署至关重要的改进：消除重复扫描的网关启动优化、阻止 SSRF 和提示注入攻击的多层安全模型，以及基于表情反应的渠道审批——操作员只需点击一个表情即可批准代理操作。\n\n## v2026.5.26 核心变化\n\n### 1. 网关启动优化\n\n网关现在会在首次加载时缓存插件元数据、包路径和会话数据，消除每次重启时的重复插件/渠道/会话扫描。对于运行数十个插件或同时连接多个销售渠道的部署，这意味着更快的冷启动恢复速度和滚动重启时更高的稳定性。\n\n> **关键指标：** 插件/渠道/会话重新发现的开销现在只需支付一次，而非每次网关重启——这对高可用性部署来说是显著改进。\n\n### 2. 安全加固：SSRF + 提示注入防护\n\nv2026.5.26 引入了企业级 B2B 部署所需的分层安全模型：\n\n- **SSRF 策略执行**：浏览器快照现在遵守配置的 SSRF 策略，防止代理被用于探测内部基础设施。\n- **提示注入防护**：系统事件文本在进入 LLM 上下文之前会被清理，关闭了外部内容冒充系统指令的注入攻击类。\n- **外部内容边界**：获取的文件文本被包装为明确标注的外部内容，模型始终能区分可信系统指令和不可信外部输入。\n- **过期设备令牌拒绝**：推送通知令牌在发送时进行验证，注销设备的令牌会被干净丢弃，不再静默堆积。\n- **ClickClack 发件人白名单**：在 ClickClack 渠道上执行发件人验证，防止未授权的消息注入。\n- **工具调用序列化清理**：工具调用元数据从出站回复中清除，防止信息泄露。\n\n对于处理敏感 CRM 数据和潜在客户通信的 B2B 部署，这一安全层显著缩小了攻击面。\n\n### 3. 基于表情反应的渠道审批\n\nSignal、iMessage 和 WhatsApp 现在支持**基于表情反应的审批**——代理可以发送带有反应选项的消息，操作员通过点击表情而非输入命令来批准或拒绝。\n\n这对销售运营来说是一次重要的用户体验升级：您的销售经理不再需要在会话中输入【批准】命令，只需点击一个拇指向上的表情。审批被记录、可追溯，并在现有渠道内运作，无需单独的控制台。\n\n**支持表情反应审批的渠道：**\n- Signal\n- iMessage\n- WhatsApp\n- Telegram：保留打字/进度上下文；论坛话题线程得以维护\n- Discord：语音播放改进\n\n### 4. 实时对话：可检查、可引导、可取消\n\n实时对话引擎现在可以从 Web UI 和 Discord 完整控制：\n\n- **可检查**：实时查看当前语音会话状态\n- **可引导**：从控制台在对话中途重定向代理焦点\n- **可取消**：无需重启网关即可终止失控的语音会话\n\n唤醒词处理对环境语音更加宽容——在繁忙的办公室或呼叫中心，部分名称匹配不再触发代理。跨语音 SDK 的共享实时轮次上下文跟踪已同步，确保跨渠道状态一致。\n\n### 5. 可观测性：活动标签页 + OpenTelemetry LLM 跨度\n\nWeb UI 中的全新**活动标签页**提供工具活动的清理摘要——运行了哪些工具、哪些被阻止、以及原因。这是销售运营团队审计代理行为所需的单一视图。\n\n网关操作现在会发出 OpenTelemetry LLM 跨度，让您的 Datadog、Grafana 或 Honeycomb 堆栈直接可见模型调用延迟和错误率。\n\n本版本新增遥测信号：\n- 带原因代码的被阻止工具事件\n- 带上下文的故障转移事件\n- 过期会话警告\n- 网关密钥准备追踪\n\n### 6. 基于转录的架构\n\n会议摘要和媒体来源现在整合在统一的基于转录的存储中。这是**会议感知 SDR** 的基础设施层：参加了发现电话的代理现在可以在撰写跟进消息时参考该转录，无需手动复制粘贴。\n\n### 7. 图像处理：Sharp → Rastermill\n\n图像处理从 Sharp 迁移到 Rastermill。对于在 WhatsApp/iMessage 线程中处理附件、截图或产品图片的部署，Rastermill 提供更可预测的内存行为和完整的 Alpine Linux 兼容性——这对容器化生产部署非常重要。\n\n---\n\n## 对 B2B SDR 部署的升级影响\n\n| 功能 | v2026.5.26 之前 | v2026.5.26 之后 |\n|---|---|---|\n| 网关重启开销 | 每次重启重新扫描所有插件/会话 | 缓存——一次性扫描 |\n| 渠道审批 | 需要文本命令（批准） | 表情反应即可 |\n| SSRF 保护 | 浏览器快照未强制执行 | 按策略强制执行 |\n| 提示注入风险 | 系统事件可被欺骗 | LLM 上下文前清理 |\n| 工具可见性 | 无内置审计视图 | 活动标签页 + OTel 跨度 |\n| 语音会话控制 | Web UI 控制有限 | 可检查、可引导、可取消 |\n| 会议跟进 | 需手动查找转录 | 基于转录的持久存储 |\n\n---\n\n## 使用 PulseAgent 部署\n\nPulseAgent 的 B2B SDR 模板已更新至 v2026.5.26。一条命令即可部署：\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/iPythoning/b2b-sdr-agent-template/main/install.sh | bash\n```\n\n该模板包含跨所有主要渠道的预配置 SDR 工作流：\n\n- [WhatsApp 销售自动化](/solutions/whatsapp-sales-automation) — 表情反应审批现已原生支持\n- [B2B 出口 AI SDR](/solutions/ai-sdr-for-b2b-export) — 多渠道管道与安全加固\n- [Telegram 线索生成](/solutions/telegram-lead-generation) — 论坛话题线程保留\n- [多渠道销售管道](/solutions/multi-channel-sales-pipeline) — 统一转录存储\n- [制造业 AI 销售代理](/solutions/ai-sales-agent-for-manufacturing) — 企业安全层\n\n---\n\n## 常见问题\n\n**Q：表情反应审批在 WhatsApp 群聊中有效吗？**\nA：有效。在 WhatsApp 和 iMessage 上，基于反应的审批在一对一和群组场景中均可使用，审批会归因到反应的用户。\n\n**Q：我需要更新代理配置才能获得安全改进吗？**\nA：不需要。SSRF 策略执行和提示注入清理是自动的。仅在您使用 ClickClack 渠道时，才需要一次性添加发件人白名单配置。\n\n**Q：Sharp → Rastermill 迁移会破坏现有的图像工作流吗？**\nA：不会。Rastermill 与 Sharp API 兼容。Alpine Linux 上的部署将获得最明显的改进。\n\n**Q：基于转录的架构对我的 SDR 团队意味着什么？**\nA：会议摘要现在存储在持久、可查询的存储中。您的代理可以在撰写跟进消息时参考过去的通话——这是实现会议感知个性化的基础设施。\n\n**Q：在哪里查看代理运行了哪些工具？**\nA：在 OpenClaw Web UI 中打开活动标签页。它显示工具调用、被阻止操作和审批的清理日志，可按会话和时间范围过滤。\n\n---\n\n## 立即开始使用 v2026.5.26\n\nPulseAgent 让您的 B2B SDR 技术栈自动保持最新稳定版 OpenClaw。\n\n[在 PulseAgent 上免费开始](https://pulseagent.io/app/login?ref=blog&utm_source=blog&utm_medium=release-post&utm_campaign=openclaw-v2026.5.26) · [查看定价](https://pulseagent.io/pricing?ref=blog&utm_source=blog&utm_medium=release-post&utm_campaign=openclaw-v2026.5.26)\n"
+}

.sync/last-release

@@ -1 +1 @@
-v2026.5.22
+v2026.5.26

.sync/sync-log.md

@@ -155,3 +155,13 @@
 - Step 0 WeChat drain: 15 items attempted, all returned HTTP 403 error code 1010 (appsecret 40125 outage ongoing)
 - Queue size unchanged: 15 pending (v2026.4.25 through v2026.5.22)
 - Action: no new blog/WeChat publish; queue committed for next run
+
+## 2026-05-27 — v2026.5.26
+
+- **Release**: v2026.5.22 → v2026.5.26
+- **Category**: RELEVANT — gateway optimization, security hardening, reaction approvals
+- **Blog EN**: https://pulseagent.io/en/blog/openclaw-v2026-5-26-faster-gateway-security-reaction-approvals (created)
+- **Blog ZH**: https://pulseagent.io/zh/blog/openclaw-v2026-5-26-faster-gateway-security-reaction-approvals (updated)
+- **WeChat**: FAILED (500) → enqueued v2026.5.26 for retry
+- **WeChat queue size**: 16 (15 prior + v2026.5.26)
+- **Step 0 drain**: 15 items → 15 items (403 Forbidden, appsecret outage ongoing)

.sync/wechat-pending.json

@@ -1 +1 @@
-{"queue": ["v2026.4.25", "v2026.4.26", "v2026.4.27", "v2026.4.29", "v2026.5.3", "v2026.5.3-1", "v2026.5.4", "v2026.5.5", "v2026.5.6", "v2026.5.7", "v2026.5.12", "v2026.5.18", "v2026.5.19", "v2026.5.20", "v2026.5.22"]}
+{"queue": ["v2026.4.25", "v2026.4.26", "v2026.4.27", "v2026.4.29", "v2026.5.3", "v2026.5.3-1", "v2026.5.4", "v2026.5.5", "v2026.5.6", "v2026.5.7", "v2026.5.12", "v2026.5.18", "v2026.5.19", "v2026.5.20", "v2026.5.22", "v2026.5.26"]}