AI Agent Frameworks Release Notes
Release notes for AI agent platforms that allow you to set up and orchestrate AI agents
Products (19)
Latest AI Agent Frameworks Updates
- May 31, 2026
- Date parsed from source:May 31, 2026
- First seen by Releasebot:May 31, 2026
v1.713.0
Windmill releases 1.713.0 with flow tag preservation, per-provider OAuth sandbox URLs, and a batch of security hardening across auth, APIs, markdown, and cached hub scripts, plus CLI draft retention and public app cross-origin isolation support.
1.713.0 (2026-05-31)
Features
- flows: preserve step/subflow worker tags under a custom-tagged flow (#9375) (f0301b1)
- oauth: support per-provider sandbox URLs (#9358) (2bf11dc)
Bug Fixes
- ai: validate token_url for SSRF in OAuth credentials flow (#9385) (4b06881)
- api: authorize and harden log-file reading endpoints (#9368) (bb90f4c)
- apps: make public apps opt into cross-origin isolation via wm_coep (GIT-884) (#9374) (2c0c2c4)
- auth: enforce monotonic privilege on user token lifecycle endpoints (#9371) (2ddf93d)
- batch encryption-key rotation into one git-sync job (#9355) (04a0897)
- cli: preserve user drafts on sync push and permissioned-as (#9381) (b0c3b01)
- frontend: sanitize user markdown to prevent stored XSS (#9386) (def01b8)
- security: re-pin cached hub scripts to CVE-patched versions (+ HUB_BASE_URL override for cache mode) (#9387) (edf340c)
- May 31, 2026
- Date parsed from source:May 31, 2026
- First seen by Releasebot:May 31, 2026
All of your release notes in one feed
Join Releasebot and get updates from Windmill Labs and hundreds of other software products.
- May 31, 2026
- Date parsed from source:May 31, 2026
- First seen by Releasebot:May 31, 2026
v2026.5.30-beta.2
OpenClaw ships 2026.5.30 beta 2, continuing its latest beta release.
OpenClaw 2026.5.30 beta 2
Original source - May 31, 2026
- Date parsed from source:May 31, 2026
- First seen by Releasebot:May 31, 2026
openclaw 2026.5.30-beta.1
OpenClaw improves reliability across agents, channels, plugins, and iOS delivery while adding Skill Workshop proposal workflows, Workboard orchestration tools, and official Tokenjuice and Copilot plugins. It also tightens timeouts, retries, and CI checks for steadier releases.
Highlights
Agents and CLI-backed runtimes recover more cleanly from interrupted tool calls, stale session bindings, compaction handoffs, and media delivery retries. (#88129, #88136, #88141, #88162, #88182)
Channels and mobile delivery are steadier across Telegram, WhatsApp, iMessage, Slack, Discord, Microsoft Teams, Google Chat, Google Meet, and iOS realtime Talk. (#88096, #88105, #88183, #88231)
Provider and plugin requests now bound more timers, retries, OAuth/device-code lifetimes, media downloads, local service probes, and generated-content polling paths before they can hang a run.
Skills, session metadata, gateway runtime state, plugin metadata, and store writes do less repeated work on hot paths while keeping config and dispatch behavior stable.
Workboard, SecretRef plugin manifests, hosted iOS push relay, and external Copilot/Tokenjuice packaging add broader orchestration, integration, and plugin delivery surfaces. (#82326, #87469, #87796, #88107, #88117)
Release, CI, Docker, E2E, and diagnostics lanes now cap more logs, response bodies, readiness probes, artifact checks, and status polling so failures report bounded proof instead of stalling.
Changes
Skills: let the skill_research agent tool apply, reject, and quarantine explicit Skill Workshop proposals through the guarded proposal lifecycle. Thanks @shakkernerd.
Skills: let Skill Workshop proposals carry approved support files under standard skill folders, with scanner, hash, and rollback safeguards. Thanks @shakkernerd.
Skills: let pending Skill Workshop proposals be revised in place with versioned, dated proposal frontmatter before approval. Thanks @shakkernerd.
Skills: add Skill Workshop proposals with pending PROPOSAL.md drafts, CLI/Gateway review actions, rollback metadata, and the skill_research agent tool. Thanks @shakkernerd.
Plugins: externalize Tokenjuice as the official @openclaw/tokenjuice plugin with npm and ClawHub publish metadata.
Plugins: externalize the GitHub Copilot agent runtime as the official @openclaw/copilot plugin with npm and ClawHub publish metadata.
iOS: add hosted push relay defaults, realtime Talk playback, and a guarded WebSocket ping path for more reliable mobile sessions. (#88096, #88105, #88231)
Workboard: add orchestration primitives and agent coordination tools for multi-agent planning and run tracking. (#87469)
Code mode: add internal namespaces for scoped agent/global sessions and exact namespace tool dispatch. (#88043)
Control UI: add a Dreaming-tab agent selector and propagate the selected agent through Dreaming status, diary, and diary actions. (#78748) Thanks @stevenepalmer.
Plugins: add a SecretRef provider integration manifest contract and extract shared LLM core packages for provider/plugin reuse. (#82326, #88117)
Skills: add the core skills index and centralize skills runtime loading, status, filtering, and prompt formatting.
Fixes
CLI: keep plugins list --json on the snapshot-only path so plugin sweeps avoid loading the full runtime status graph.
Plugins: make PixVerse external-plugin ClawHub metadata explicit and keep it out of bundled dist builds.
Cron: keep SQLite cron migrations compatible with legacy run-log tables, archived job stores, diagnostic cron names, and legacy one-shot delete-after-run behavior. (#88285)
Providers: bound generated media downloads from OpenAI, Runway, xAI, MiniMax, BytePlus, DashScope-compatible, FAL, OpenRouter, Google, Vydra, and Comfy providers.
Providers: cap GitHub Copilot OAuth request timeouts before creating abort signals.
Cron: retry recurring jobs after transient model rate limits before waiting for the next scheduled slot.
Agents/Codex: keep live session locks during cleanup, recover interrupted CLI tool transcripts, preserve Codex auth and compaction session identity, clear orphan tool state, cap app-server idle timers, and keep media completion delivery retryable. (#88129, #88136, #88141, #88162, #88182)
Chat/UI: show Gateway chat failures as visible assistant messages in the Control UI instead of only setting an invisible error state.
Channels: cap Telegram, Discord, WhatsApp, Signal, Feishu, Google Chat, Microsoft Teams, QQBot, Nostr, Zalo, Zalouser, and Nextcloud-style request/retry timers; preserve SMS approval reply routes; and retry WhatsApp QR login 408 timeouts. (#88183)
Security/config parsing: reject unsafe OAuth/token lifetimes, retry-after delays, inbound timestamps, response body sizes, command timeout config, sandbox observer token TTLs, and gateway WebSocket calls after close.
Providers/media: cap local service, model, usage, queue, generated media, TTS, music, workflow polling, and provider OAuth request timers across hosted and local providers.
Release/CI/E2E: bound release candidate reads, beta smoke REST calls, changelog restore, kitchen-sink and bundled plugin readiness probes, secret-provider probes, Vitest routing, and mainline test flakes. (#88127, #88137, #88155, #88160)
Release/CI/E2E: run the secret-provider integration proof through the repo pnpm runner so native macOS and Windows validation use the hydrated package-manager shim.
Release/CI/E2E: run the Telegram desktop proof gateway through the repo pnpm runner so native macOS proof uses the hydrated package-manager shim.
Docs/CI: run Mintlify anchor checks through the repo pnpm runner so docs link validation works when pnpm is only available through the hydrated package-manager shim.
Agents: keep configured fallback model metadata typed so provider params, context-token caps, and media input limits do not break changed-gate typechecks.
Agents: accept hidden sessions_send body aliases before validation while keeping the model-facing message schema canonical. (#88229) Thanks @zhangguiping-xydt.
CI/Crabbox: keep default runner capacity spot-only and provider-neutral so OpenClaw remote validation does not silently fall back to on-demand leases or stale AWS region hints.
CI/Crabbox: route Crabbox wrapper and Testbox workflow edits to their regression tests so changed-test gates do not silently run zero specs.
CI/workflows: route workflow sanity helper edits to their guard tests and cover composite-action input interpolation checks.
CI/tooling: route CI scope, dependency, changelog, and docs helper edits to their owner tests instead of silently skipping changed-test coverage.
CI/tooling: route package, release, and install helper edits to their owner tests so changed-test gates cover publish and installer script changes.
CI/tooling: route shared script library edits through their owner tests so lock, process, safety, and scan helpers do not skip changed-test coverage.
CI/tooling: skip expensive import-graph scans once a changed diff already requires broad fallback, keeping local changed-test planning fast while still collecting explicit owner tests.
CI/tooling: route script edits through conventional owner tests when matching test/scripts or src/scripts coverage already exists.
CI/tooling: honor option terminators in the memory FD repro script so follow-on arguments are not reparsed.
Release/CI/E2E: assert plugin lifecycle runtime inspect output instead of only capturing it.
Release/CI/E2E: make gateway-network prove the advertised health RPC and retry early WebSocket closes without burning full open timeouts.
Release/CI/E2E: honor option terminators across release, Parallels smoke, plugin gauntlet, and extension-memory scripts.
Release/CI/E2E: fail plugin gateway gauntlet QA chunks when the requested suite summary is missing or invalid.
Performance: prebuild QA runtime probes with generated plugin assets but without CLI startup metadata.
Performance: skip declaration bundling for runtime-only CLI startup and gateway watch build profiles.
Performance: reuse prepared provider handles, strict tool schemas, gateway runtime metadata, session maintenance config, plugin metadata, bundled skill allowlists, package-local plugin artifacts, single-entry store writes, and validated/serialized session prompt blobs.
Release verification
npm package: https://www.npmjs.com/package/openclaw/v/2026.5.30-beta.1
registry tarball: https://registry.npmjs.org/openclaw/-/openclaw-2026.5.30-beta.1.tgz
integrity: sha512-uwbUzNsJ1NzVhlMEPSoLy3R36mGqdqcPEznpYQ3J1CGBJmMxoBjQ81i5O78QT7IfQ7DEnk4sbWWC+ckLfwtVVg==
full release CI report: https://github.com/openclaw/releases/blob/main/evidence/2026.5.30-beta.1/release-evidence.md
release publish: https://github.com/openclaw/openclaw/actions/runs/26700925470
npm preflight: https://github.com/openclaw/openclaw/actions/runs/26700348538
full release validation: https://github.com/openclaw/openclaw/actions/runs/26700348878
plugin npm publish: https://github.com/openclaw/openclaw/actions/runs/26700983136
plugin ClawHub publish: https://github.com/openclaw/openclaw/actions/runs/26700984428
OpenClaw npm publish: https://github.com/openclaw/openclaw/actions/runs/26701031698
npm Telegram beta E2E: https://github.com/openclaw/openclaw/actions/runs/26701378338
Original source - May 30, 2026
- Date parsed from source:May 30, 2026
- First seen by Releasebot:May 30, 2026
@ai-sdk/[email protected]
Vercel AI SDK adds xAI web search image search support and deprecates searchParameters for agent tools.
Patch Changes
- 23f9d72: deprecate searchParameters (xai live search) in favor of web_search/x_search agent tools
- 1dbecd7: feat(provider/xai): add enableImageSearch to the xAI Web Search tool
- The xAI Responses API supports enable_image_search on Web Search tools. xai.tools.webSearch() now accepts enableImageSearch and sends it through to the API as enable_image_search.
- May 30, 2026
- Date parsed from source:May 30, 2026
- First seen by Releasebot:May 30, 2026
@ai-sdk/[email protected]
Vercel AI SDK adds xAI Web Search image search support and deprecates searchParameters for agent tools.
Patch Changes
165d531: deprecate searchParameters (xai live search) in favor of web_search/x_search agent tools
4d53460: feat(provider/xai): add enableImageSearch to the xAI Web Search tool
The xAI Responses API supports enable_image_search on Web Search tools. xai.tools.webSearch() now accepts enableImageSearch and sends it through to the API as enable_image_search.
Original source - May 30, 2026
- Date parsed from source:May 30, 2026
- First seen by Releasebot:May 30, 2026
@ai-sdk/[email protected]
Vercel AI SDK ships a patch update with refreshed dependencies, including @ai-sdk/mcp 2.0.0-canary.56.
- May 30, 2026
- Date parsed from source:May 30, 2026
- First seen by Releasebot:May 30, 2026
@ai-sdk/[email protected]
Vercel AI SDK fixes MCP ping handling to return an empty JSON-RPC result and closes issue #6282.
Patch Changes
- dcefad3: fix(mcp): respond to ping requests with an empty result per JSON-RPC spec (closes #6282)
- May 30, 2026
- Date parsed from source:May 30, 2026
- First seen by Releasebot:May 30, 2026
@ai-sdk/[email protected]
Vercel AI SDK fixes MCP ping handling to return an empty JSON-RPC result and closes issue #6282.
Patch Changes
ec5fceb: fix(mcp): respond to ping requests with an empty result per JSON-RPC spec (closes #6282)
Original source - May 30, 2026
- Date parsed from source:May 30, 2026
- First seen by Releasebot:May 30, 2026
@ai-sdk/[email protected]
Vercel AI SDK adds Gemini embedding and new deep research preview models in a patch update.
Patch Changes
00a0f36: feat(google, google-vertex): added gemini-embedding-2, deep-research-max-preview-04-2026 and deep-research-preview-04-2026
Updated dependencies [00a0f36]
@ai-sdk/[email protected]
Original source