OpenClaw ships 2026.5.4 with faster Gateway startup

• openclaw's release post frames 2026.5.4 as a reliability release, and the linked GitHub release notes show the concrete work went into plugin installs, Gateway startup, doctor repairs, and Windows transport fixes.
• Plugin migrations got more explicit: when config references an official external plugin that is not installed, openclaw's plugin thread says OpenClaw now points users to the right install command, which matches the plugin docs' fail-closed repair flow in Plugins docs.
• Startup work hit the hot path directly. According to openclaw's Gateway thread, the release cuts cold plugin scans and lazy-load churn, and the release notes say Gateway startup also moved test helpers and schema construction out of import-time paths in the v2026.5.4 changelog.
• Repair tooling got sharper in two places: openclaw's doctor thread says SecretRefs now survive cleanup and stale plugin config gets repaired instead of misread, while the Doctor docs show those fixes land inside the existing --repair, --fix, and non-interactive maintenance flows.
• Windows users got one especially concrete fix. As openclaw's Windows thread notes, the default loopback bind now avoids the ::1 and libuv trap, which the release notes describe as a fix for localhost HTTP requests wedging on Windows in the release notes.

You can skim the full release notes, jump straight to the plugin CLI docs, and check the Gateway diagnostics page if startup is your pain point. The odd extra in this supposedly boring release is a new models auth command that inspects per-agent profiles without probing providers, plus openclaw's Meet thread slips in Twilio dial-in support through the realtime Gemini voice bridge.

The main plugin change is migration hygiene, not a new feature surface. The v2026.5.4 notes say OpenClaw now emits catalog-backed hints when plugins.entries or plugins.allow names an official external plugin that is missing, so upgraded configs point to openclaw plugins install ... instead of nudging users to delete valid config.

That follows the model already documented in Plugins docs: invalid plugin config fails closed, openclaw doctor --fix is the repair path, and the narrow exception is bundled-plugin recovery for plugins that explicitly opt into invalid-config recovery. In practice, 2026.5.4 looks like the release where external plugins stop feeling half-detached from the core install path.

Startup tuning in 2026.5.4 is unusually specific. The release notes call out moving model-catalog test helpers, run-session lookup code, QR pairing helpers, and TypeBox memory-tool schema construction out of hot startup import paths, plus reusing workspace-compatible plugin metadata snapshots so hot control-plane reads do not keep triggering cold scans.

The docs already expose the observability hooks for this work. The Gateway page documents OPENCLAW_GATEWAY_STARTUP_TRACE for phase timing and OPENCLAW_DIAGNOSTICS=timeline for JSONL startup traces, which makes the release's emphasis on phase diagnostics a lot more concrete than the tweet summary alone.

Three fixes here stand out because they resolve real failure modes instead of polishing wording:

• Secret scrubbing now preserves keyRef and tokenRef metadata, according to the v2026.5.4 notes, so canonical SecretRef data survives cleanup without leaking plaintext.
• Doctor can repair stale plugin config instead of misreading it, which fits the existing Doctor docs model of safe migrations, backups, and non-interactive repair.
• Windows now binds the default loopback listener to 127.0.0.1, per the release notes, to avoid libuv dual-stack behavior on ::1 wedging localhost HTTP requests.

Discord also got a quieter honesty fix. openclaw's Windows thread says startup and status now report degraded transport more accurately, which lands a day after steipete's Discord outage post and before openclaw's outage follow-up confirmed the community server was back online.

The smallest new command in the release might be the handiest one for debugging installs across agents. The release notes add openclaw models auth list [--provider] [--json], and the Models docs say the auth view is derived from local profile metadata, env markers, configured keys, and plugin synthetic-auth metadata. It does not load provider runtimes, read keychain secrets, or fire live API probes.

Two more channel-side additions round out the release:

• openclaw's chat channels thread says Slack threading, Telegram preview cleanup, WhatsApp Newsletter targeting, and Discord final-send error reporting all got paper-cut fixes.
• openclaw's Meet thread says Twilio dial-ins can now speak through the realtime Gemini voice bridge with paced audio, bounded queues, and barge-in clearing.
• The Google Meet plugin docs add the operational detail: Twilio takes a dial-in number plus optional PIN or DTMF, cannot dial a Meet URL directly, and can be preflighted with openclaw meet setup --json against --transport twilio before an agent tries it.