OpenClaw ships 3.5x RTT tests and Clawpatch guardrails for coding agents

• openclaw's latency post said the latest OpenClaw release is about 3.5x faster in end-to-end Telegram RTT tests, with the attached table showing recent p50 latencies near 990 ms versus 7.5 s to 17.9 s on older builds.
• openclaw's security roadmap paired that speed push with four audit-oriented controls, fs-safe, Proxyline, ClawHub trust evidence, and smarter command approvals, while the security post frames them as the next guardrail layer.
• steipete's clawpatch launch introduced Clawpatch as a separate review tool that maps repos into semantic feature slices, logs explicit fix attempts, and validates them, with the product site at clawpatch.ai.
• arcprize's leaderboard post put OpenClaw on the ARC-AGI-3 community board at 5.2% for $2.9K using long-term memory and code execution, while arcprize's replay note showed a concrete failure mode: fixation on the progress bar later in a run.
• dangtony98's credential-brokering thread and altryne's minimum-age guide thread turned the week into a mini hardening sprint around agents, with credential brokers on one side and package-age gates on the other.

You can skim the v2026.5.12 release notes, read the security roadmap, inspect the new OpenAI provider docs, and browse both the ARC community leaderboard and OpenClaw's scorecard. There is also a fresh Agent Vault tutorial, plus altryne's minimum-age package-manager matrix, which reads like the ops appendix this whole category was missing.

The most concrete change this week was measurement. openclaw's latency post says the team now runs end-to-end RTT checks against every published npm release every six hours over real message channels, using Telegram bot-to-bot communication, instead of relying on lighter synthetic checks.

That testing harness landed alongside a release built around failure recovery. According to openclaw's runtime thread, ACP can try fallback runtimes before emitting output, stalled providers can rotate through fallback profiles, and silent backend failures now surface as visible errors.

The same release tightened the channel path. openclaw's Telegram thread says polling now runs in an isolated worker with a durable local spool, while openclaw's WebChat thread adds manual and always-follow scroll modes plus a recovery panel for blank app loads.

A separate provider change also makes the default OpenAI path more opinionated. openclaw's OpenAI setup thread says setup now starts with ChatGPT and Codex login by default, and the linked provider docs document that flow.

OpenClaw's security story now has four named pieces:

• fs-safe: a root-bounded filesystem layer, according to openclaw's security roadmap.
• Proxyline: policy-driven network egress, again per openclaw's security roadmap.
• ClawHub trust evidence: provenance signals for packages and components, as listed by openclaw's security roadmap.
• Smarter command approvals: more selective execution gating, also from openclaw's security roadmap.

Some of that hardening already showed up in the prior release. openclaw's security pass thread says Windows home roots are blocked in sandbox binds, provider credentials now resolve through structured SecretRefs, setup and browser pairing got stricter, and transcript redaction is more consistent.

The Proxyline piece is its own dependency cleanup too. In steipete's Proxyline release post, steipete said Proxyline 0.2.0 replaced a heavier global-agent approach and removed 12 sub-dependencies, with the details in the Proxyline release.

Clawpatch is the week's clearest example of the OpenClaw stack escaping the main product. steipete's clawpatch launch describes it as a tool that maps a codebase into semantic feature slices, reviews those slices for bugs and quality issues, then records explicit fix attempts with validation.

That slots into a much bigger internal workflow inventory. In steipete's AI spend thread, steipete said the team runs about 100 Codex instances in the cloud across PR review, stale-issue closure, security review, issue deduping, performance benchmarking, meeting-driven PR creation, and comment moderation.

The same thread names two supporting tools that make those loops plausible:

• clawsweeper for finding old issues that are already fixed, per steipete's AI spend thread.
• crabbox for recreating environments, logging into apps like Telegram, and generating before-and-after videos on PRs, again per steipete's AI spend thread and the Crabbox 0.13.0 release.

This is also where OpenClaw starts to look less like one agent and more like a harness for many narrow ones.

The ARC-AGI-3 result is small in absolute terms and still useful as harness telemetry. arcprize's leaderboard post says OpenClaw, running Anthropic Opus 4.7, scored 5.2% on the 25-game public demo set at a cost of $2.9K, using long-term memory and code execution.

Arc Prize explicitly framed the board as a harness leaderboard rather than a verified model ranking. arcprize's community-board caveat says the community table highlights harness innovations and that these scores are not verified.

The more interesting part is the failure trace. arcprize's replay note says OpenClaw often ignored the progress bar in early levels, then became overly fixated on it later, and the linked replay shows the run degrading into a loop.

That makes the accompanying scorecard more valuable than the topline score. It is one of the cleaner public snapshots of what long-horizon agent failure looks like when memory and tool use are turned on.

The strongest outside contribution this week was a security pattern, not a benchmark. dangtony98's credential-brokering thread argues agents like OpenClaw or Hermes should not hold raw API keys directly, and points instead to a broker that attaches credentials only when forwarding requests upstream.

That thread links to the Agent Vault tutorial, while dangtony98's follow-up post calls the broker a new infrastructure category for AI agents. The pitch is narrow and concrete: the agent gets service access without getting the secret itself.

A second hardening pattern came from supply-chain defense. altryne's minimum-age guide thread recommends package-manager minimum-age gates so newly published versions cannot install immediately, and the screenshot breaks out native support across npm, pnpm, Yarn Berry, Deno, and Bun.

That same thread also points to shaiscan, a scanner for the Mini-Shai Hulud worm, while altryne's migration post says at least part of the ThursdAI crew had already moved from OpenClaw to Hermes and Codex amid the security churn.