OpenClaw 2026.5.12 Beta 4: Codex Fixes, Gemini 3.1 Preview Normalization, and Safer Tool Policies
OpenClaw released v2026.5.12-beta.4 on May 13, 2026, and while it is a pre-release rather than a stable tag, the changelog is still meaningful for operators tracking where the framework is heading next.
According to the official GitHub release, this beta focuses on three practical themes:
- Codex and OpenAI runtime cleanup
- safer agent and tool policies
- steady reliability work across channels, providers, and the Control UI
That makes this update less about one flashy feature and more about tightening the core runtime for teams already running OpenClaw in production-like setups.
What Shipped in OpenClaw 2026.5.12 Beta 4
The May 13 release notes list a broad set of fixes, but a few stand out immediately.
Codex and OpenAI Fixes
The beta fixes a MODULE_NOT_FOUND issue for the official installed @openclaw/codex package during migrated OpenAI and Codex beta runs. It also preserves auth-profile-backed media tools like image_generate when OpenAI auth lives in an agent auth-profile store instead of environment variables.
There is another meaningful change in the CLI auth flow: the release notes say openclaw models auth login --provider openai now starts the ChatGPT/Codex account login path by default, while --method api-key remains the explicit API-key setup path.
That is a notable UX direction because it makes subscription-backed or app-backed OpenAI/Codex auth feel more native inside OpenClaw instead of secondary to direct API-key setup.
For readers following earlier OpenAI-adjacent changes, this fits naturally with OpenClaw 2026.5.6, where Codex OAuth route recovery was the central issue.
Gemini 3.1 Preview Normalization
Another recurring theme in the release notes is Google model normalization. OpenClaw says it now normalizes retired Gemini 3 Pro Preview IDs across multiple auth and config paths so emitted configs use google/gemini-3.1-pro-preview for Gemini 3.1 testing.
This may sound minor, but model-ID cleanup matters in real agent systems. A lot of runtime friction comes from stale provider identifiers, mismatched defaults, or config paths that drift over time. Small normalization work like this often prevents confusing setup failures later.
Safer Tool Policies by Sender
One of the more strategically important changes is a new policy layer for tools. The release adds per-sender tool policies with canonical channel-scoped sender keys, so operators can restrict dangerous tools by requester identity across global, agent, group, core, bundled, and plugin tool surfaces.
That is an important step for real-world deployments. As agent frameworks spread across chat surfaces, shared channels, and larger teams, the question is not just what a tool can do. The question is who is allowed to trigger it.
This aligns with broader governance patterns we have already covered in The Collaborative Frontier and OpenClaw Security Best Practices.
Other High-Value Reliability Changes
The beta also includes several focused improvements that operators will appreciate:
openclaw cron get <id>and direct cron get support for inspecting a stored cron job by ID- session lineage metadata exposed through ACP session listings and session info snapshots so clients can render subagent graphs
- subagent sessions nested visually under parent sessions in the Control UI session picker
- Telegram now preserves supported HTML tags in visible replies and durable mirrors instead of degrading them into escaped text
- provider streams now keep OpenAI-compatible SSE and JSON fallback streams draining across split chunks
- auto-reply now surfaces visible errors when the configured backend fails and no visible reply is produced
There are also fixes for WhatsApp socket shutdown behavior, Fly Machines container detection, and blank dashboard recovery handling.
Why This OpenClaw Beta Matters
This is not a marketing-heavy release. It is a runtime-hardening release.
What makes it interesting is how it tightens the exact surfaces that become painful at scale:
- authentication path ambiguity
- provider model-ID drift
- sender-specific safety controls
- subagent visibility
- stream reliability
- formatting integrity across channels
That matters because modern agent systems are no longer judged only on what they can do in a demo. They are judged on whether they keep working across messy, persistent, multi-channel environments.