chore(sync): OpenClaw v2026.5.20 — Discord voice, Policy plugin, xAI OAuth

.sync/blog-drafts/openclaw-v2026.5.20-en.json

@@ -0,0 +1,8 @@
+{
+  "title": "OpenClaw v2026.5.20: Discord Voice, Policy & xAI OAuth",
+  "slug": "openclaw-v2026-5-20-discord-voice-policy-security",
+  "description": "OpenClaw v2026.5.20 ships Discord voice follow, a bundled Policy plugin, xAI device-code OAuth, and fail-closed security hardening for B2B SDR teams.",
+  "author": "PulseAgent",
+  "lang": "en",
+  "content": "# OpenClaw v2026.5.20: Discord Voice Follow, Bundled Policy Plugin, xAI OAuth & Security Hardening\n\nOpenClaw v2026.5.20 (published May 21, 2026) delivers a cluster of features that meaningfully expand where and how AI sales agents operate — from persistent voice presence on Discord to workspace-wide policy enforcement. For B2B SDR teams running always-on outreach across multiple channels, these upgrades translate directly into fewer dropped conversations and stronger compliance guardrails.\n\n## Discord Voice Follow: Your Agent Stays in the Room\n\nThe headline feature of v2026.5.20 is **Discord voice follow** — voice sessions now track configured Discord users as they move between voice channels. This sounds like a quality-of-life detail, but for sales teams using Discord as a live deal room or client collaboration space, it eliminates a persistent friction point: the agent dropping out when a rep switches channels mid-conversation.\n\n### What's included\n\n- **Allowed-channel checks** — voice follow only activates in pre-approved channels, so agents don't accidentally surface in all-hands calls or internal rooms.\n- **Multi-user handoff** — when multiple configured users are present, the agent reconciles presence across all of them with bounded logic that avoids thrashing.\n- **DAVE recovery preservation** — Discord's DAVE end-to-end encryption state is preserved across follow events, keeping secure sessions intact.\n- **Voice profile context** — IDENTITY.md, USER.md, and SOUL.md profile files are now injected into realtime voice session instructions by default, giving your agent consistent persona and customer context without manual configuration.\n\nFor teams running [WhatsApp sales automation](/solutions/whatsapp-sales-automation) alongside Discord, this release means your agent's personality and context stay coherent whether the conversation moves to voice or stays in text.\n\n## Bundled Policy Plugin: Channel Conformance Out of the Box\n\nv2026.5.20 ships a **bundled Policy plugin** that brings policy-backed channel conformance checks and workspace repair under a single CLI command: `openclaw policy`.\n\nThis matters for B2B teams operating in regulated industries or across multiple markets. Instead of writing custom validation logic, you can define channel policies once and let the agent enforce them — flagging non-conformant configurations and optionally repairing them automatically.\n\nIf you're running a [multi-channel sales pipeline](/solutions/multi-channel-sales-pipeline), the Policy plugin gives you a single pane of glass for ensuring every channel (Discord, WhatsApp, Matrix, Telegram) is configured correctly before a campaign goes live.\n\n## Per-Agent Local-Model Lean Mode\n\nLarge SDR deployments often run a mix of heavy and lightweight tasks. v2026.5.20 introduces **per-agent local-model lean mode** via `agents.list[].experimental.localModelLean`, letting you pin specific agents to lighter local models without affecting the rest of your fleet.\n\nThis is particularly useful for [AI SDR workflows targeting B2B export markets](/solutions/ai-sdr-for-b2b-export), where you might want a lean model handling initial qualification and a full model closing the loop on complex proposals.\n\n## xAI Device-Code OAuth: Authorize Without a Browser\n\nHeadless and remote deployments have always been a pain point for xAI authorization. v2026.5.20 solves this with **device-code OAuth for xAI** — agents running on servers or in containerized environments can now authorize without requiring a localhost browser callback.\n\nThis unblocks teams deploying OpenClaw on cloud infrastructure for [Telegram lead generation](/solutions/telegram-lead-generation) or other headless channel integrations, where spinning up a browser just to authenticate is impractical.\n\n## OpenRouter Routing Enhancements\n\nOpenRouter support now honors provider-level `params.provider` routing with model and agent parameter overrides. Teams using OpenRouter as a model gateway get finer-grained control over which provider handles which agent — useful for cost optimization and latency tuning across different outreach channels.\n\n## Security Hardening: Fail-Closed by Default\n\nv2026.5.20 includes a set of security fixes that deserve explicit attention:\n\n- **`tryReadSecretFileSync` is now fail-closed with symlink rejection** — any attempt to read a secret file via a symlink will fail rather than silently succeed. This closes a potential path traversal vector.\n- **Browser image sanitization limits are honored** for screenshots and snapshots, preventing oversized payloads from bypassing configured constraints.\n- **Manual `/approve` commands** are now routed through the trusted approval runtime, eliminating a bypass risk.\n- **Doctor warns** when sandbox tool policy hides configured MCP server tools — previously this was a silent misconfiguration.\n\nFor teams running [AI sales agents in manufacturing contexts](/solutions/ai-sales-agent-for-manufacturing) where data handling requirements are strict, these hardening measures reduce your attack surface without requiring any configuration changes.\n\n## v2026.5.19 vs v2026.5.20: What Changed for B2B SDR Teams\n\n| Capability | v2026.5.19 | v2026.5.20 |\n|---|---|---|\n| Discord voice presence | Static — agent stays in one channel | Dynamic — follows users across channels |\n| Channel policy enforcement | Manual / custom scripts | Bundled Policy plugin (`openclaw policy`) |\n| xAI authorization (headless) | Requires localhost browser | Device-code OAuth, no browser needed |\n| Secret file handling | Fail-open on symlink | Fail-closed, symlink rejected |\n| Agent model assignment | Fleet-wide setting | Per-agent `localModelLean` flag |\n| Voice persona context | Manual injection required | IDENTITY/USER/SOUL.md auto-injected |\n\n## Additional Fixes Worth Noting\n\n- **WhatsApp**: Baileys updated to 7.0.0-rc12 for improved stability on high-volume accounts.\n- **Cron**: scheduled work now runs on cron-owned wake lanes, preserving reply delivery context — important for timed follow-up sequences.\n- **Matrix**: `messages.queue.byChannel.matrix` queue overrides are now accepted in config.\n- **Task maintenance**: stale-running decisions are included in `openclaw tasks maintenance --json` output.\n- **Codex harness**: updated to @openai/codex 0.132.0.\n\n## Install or Upgrade\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/iPythoning/b2b-sdr-agent-template/main/install.sh | bash\n```\n\nNo breaking changes in this release — existing configurations will continue to work as-is.\n\n## Frequently Asked Questions\n\n**Q: Does Discord voice follow work with existing channel permission configurations?**\nYes. The allowed-channel check runs against your existing Discord channel list — you define which channels are eligible for voice follow, and the agent respects those boundaries.\n\n**Q: Is the Policy plugin enabled by default, or do I need to activate it?**\nThe plugin is bundled and available immediately via `openclaw policy`. You define your policies in configuration; the plugin does not enforce anything until you've set rules.\n\n**Q: Does per-agent lean mode affect response quality for outreach tasks?**\nIt depends on the task. Lean mode is designed for lightweight, high-volume tasks like qualification and routing. We recommend testing with your specific prompts before rolling out fleet-wide.\n\n**Q: Does the symlink rejection in `tryReadSecretFileSync` affect any existing integrations?**\nOnly if your setup was reading secret files via symlinks — an uncommon pattern. Standard secret file paths are unaffected.\n\n---\n\nReady to upgrade? [Start your free trial at PulseAgent](https://pulseagent.io/app/login?ref=blog&utm_source=blog&utm_medium=release-post&utm_campaign=openclaw-v2026.5.20) or [review pricing options](https://pulseagent.io/pricing?ref=blog&utm_source=blog&utm_medium=release-post&utm_campaign=openclaw-v2026.5.20) to find the plan that fits your team."
+}

.sync/blog-drafts/openclaw-v2026.5.20-zh.json

@@ -0,0 +1,8 @@
+{
+  "title": "OpenClaw v2026.5.20：Discord语音跟随、策略插件与安全加固",
+  "slug": "openclaw-v2026-5-20-discord-voice-policy-security",
+  "description": "OpenClaw v2026.5.20正式发布：Discord语音频道跟随、内置Policy插件、xAI设备码授权及多项安全加固，助力B2B销售团队稳定高效运营。",
+  "author": "PulseAgent",
+  "lang": "zh",
+  "content": "# OpenClaw v2026.5.20：Discord语音跟随、策略插件与安全加固全面升级\n\nOpenClaw v2026.5.20于2026年5月21日正式发布。这一版本围绕「智能体在哪里、就跟到哪里」的核心理念，带来了Discord语音频道跟随、开箱即用的策略合规插件、无浏览器xAI授权以及一系列安全加固措施。对于依赖多渠道自动化外联的B2B销售团队而言，这些更新直接降低了对话中断的风险，并让合规管理变得更加简单。\n\n## Discord语音跟随：智能体始终在场\n\n本次最核心的功能是 **Discord语音跟随**。过去，智能体只能固定在某个语音频道等待；现在，它能够跟随预配置的用户在不同语音频道之间移动，不再因为销售代表切换房间而断线。\n\n### 核心机制\n\n- **允许频道校验**：跟随行为仅在预先审批的频道内生效，避免智能体误入全员会议或内部讨论室。\n- **多用户切换**：当多名配置用户同时在线时，智能体会以有界协调逻辑处理跟随优先级，防止频繁抖动。\n- **DAVE加密恢复保留**：Discord端对端加密（DAVE）状态在跟随事件中得到保留，安全会话不会中断。\n- **语音人格上下文自动注入**：IDENTITY.md、USER.md、SOUL.md三个档案文件现在默认注入实时语音会话指令，智能体的人设与客户背景信息无需手动配置即可保持一致。\n\n对于同时运营[WhatsApp销售自动化](/solutions/whatsapp-sales-automation)与Discord的团队，这意味着智能体的人格和上下文在语音与文字之间切换时始终保持连贯。\n\n## 内置Policy插件：合规检查开箱即用\n\nv2026.5.20随版捆绑了 **Policy插件**，通过一条CLI命令 `openclaw policy` 即可完成渠道合规检查与工作区自动修复。\n\n对于在强监管行业或跨境市场运营的B2B团队，这一功能尤为关键。以往需要自行编写校验脚本，现在只需在配置中定义策略规则，插件会自动标记不合规配置，并可选择自动修复。\n\n如果你正在运营[多渠道销售管线](/solutions/multi-channel-sales-pipeline)，Policy插件为Discord、WhatsApp、Matrix、Telegram等所有渠道提供统一的合规视图，在活动上线前发现并修正问题。\n\n## 每智能体本地模型精简模式\n\n大规模SDR部署通常混合了轻量级与复杂任务。v2026.5.20新增 **每智能体本地模型精简模式**，通过 `agents.list[].experimental.localModelLean` 配置项，可以将特定智能体固定到更轻量的本地模型，其余智能体不受影响。\n\n这对[面向B2B出口市场的AI SDR工作流](/solutions/ai-sdr-for-b2b-export)特别实用——让轻量模型负责初筛和意向判断，让完整模型处理复杂报价和方案沟通，实现成本与效果的最优平衡。\n\n## xAI设备码授权：无需浏览器即可完成认证\n\n服务器部署和容器化环境长期面临xAI授权的痛点——必须在本地打开浏览器才能完成回调验证。v2026.5.20引入 **xAI设备码OAuth**，让无头部署环境直接通过设备码完成授权，彻底告别localhost浏览器依赖。\n\n这一改进对于在云端服务器上部署[Telegram线索获取](/solutions/telegram-lead-generation)或其他无头渠道集成的团队来说，显著降低了运维门槛。\n\n## OpenRouter路由增强\n\nOpenRouter现在支持提供商级别的 `params.provider` 路由，并允许模型和智能体参数覆盖。使用OpenRouter作为模型网关的团队可以更精细地控制哪个提供商处理哪个智能体的请求，有助于针对不同外联渠道进行成本优化和延迟调优。\n\n## 安全加固：默认失败关闭\n\nv2026.5.20包含多项值得重点关注的安全修复：\n\n- **`tryReadSecretFileSync` 现在默认失败关闭并拒绝符号链接**：通过符号链接读取密钥文件的尝试将直接报错，而非静默通过，有效封堵潜在的路径遍历风险。\n- **浏览器截图和快照遵循配置的图片大小限制**，防止超大负载绕过既有约束。\n- **手动 `/approve` 命令** 现在通过受信任的审批运行时处理，消除了一个潜在的绕过风险。\n- **Doctor诊断** 在沙箱工具策略隐藏已配置MCP服务器工具时会主动发出警告——此前这是一个静默的错误配置。\n\n对于在[制造业场景中运营AI销售智能体](/solutions/ai-sales-agent-for-manufacturing)、数据处理要求严格的团队，这些加固措施无需额外配置即可生效。\n\n## v2026.5.19 vs v2026.5.20：B2B团队核心变化对比\n\n| 功能点 | v2026.5.19 | v2026.5.20 |\n|---|---|---|\n| Discord语音存在感 | 静态，固定在单一频道 | 动态跟随用户切换频道 |\n| 渠道合规管理 | 需自行编写脚本 | 内置Policy插件（`openclaw policy`）|\n| xAI无浏览器授权 | 需本地浏览器回调 | 设备码OAuth，无需浏览器 |\n| 密钥文件读取安全 | 符号链接失败开放 | 符号链接失败关闭 |\n| 智能体模型分配 | 全局统一配置 | 支持每智能体 `localModelLean` |\n| 语音人格上下文 | 需手动注入 | IDENTITY/USER/SOUL.md自动注入 |\n\n## 其他值得关注的修复\n\n- **WhatsApp**：Baileys升级至7.0.0-rc12，高并发账户稳定性显著提升。\n- **定时任务**：计划任务现在在Cron专属唤醒通道上运行，保留回复投递上下文，对定时跟进序列尤为重要。\n- **Matrix**：配置文件现在接受 `messages.queue.byChannel.matrix` 队列覆盖参数。\n- **任务维护**：`openclaw tasks maintenance --json` 输出中新增滞留运行决策信息。\n- **Codex工具链**：更新至@openai/codex 0.132.0。\n\n## 安装或升级\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/iPythoning/b2b-sdr-agent-template/main/install.sh | bash\n```\n\n本次发布无破坏性变更，现有配置无需调整即可直接升级。\n\n## 常见问题\n\n**Q：Discord语音跟随会影响现有的频道权限配置吗？**\n不会。允许频道校验基于你在配置中预先指定的频道列表运行，智能体只会在经过审批的频道内跟随，不会覆盖Discord原有的权限体系。\n\n**Q：Policy插件是默认启用的吗？**\n插件随版捆绑、立即可用，通过 `openclaw policy` 调用。但策略规则需要你在配置中自行定义，插件不会在没有规则的情况下主动执行任何检查。\n\n**Q：每智能体精简模式会影响外联任务的回复质量吗？**\n取决于具体任务。精简模式适合高频、轻量的任务，如意向筛选和路由分配。建议先用实际提示词测试效果，再考虑全面推广。\n\n**Q：符号链接拒绝会影响现有集成吗？**\n仅当你的配置通过符号链接读取密钥文件时才会受到影响——这是一种非常少见的用法。标准密钥文件路径完全不受影响。\n\n---\n\n准备好升级了吗？[立即前往PulseAgent免费试用](https://pulseagent.io/app/login?ref=blog&utm_source=blog&utm_medium=release-post&utm_campaign=openclaw-v2026.5.20)，或[查看定价方案](https://pulseagent.io/pricing?ref=blog&utm_source=blog&utm_medium=release-post&utm_campaign=openclaw-v2026.5.20)，选择适合你团队的计划。"
+}

.sync/last-release

@@ -1 +1 @@
-v2026.5.19
+v2026.5.20

.sync/sync-log.md

@@ -1,3 +1,19 @@
+## 2026-05-22 — NEW RELEASE v2026.5.20 processed
+
+**Release**: v2026.5.19 → v2026.5.20 (published May 21, 2026, 20:44 UTC)
+
+**Category**: RELEVANT — Discord voice follow, Policy plugin, xAI OAuth, security hardening.
+
+**Step 0 WeChat queue drain**: 13 items attempted — all FAILED HTTP 403 Forbidden (appsecret 40125 outage ongoing). Queue: 13 → 13 (unchanged, all still queued).
+
+**Blog API**: EN + ZH drafts written and saved. Blog API calls returned HTTP 403 (container outbound network policy blocks pulseagent.io). Drafts ready at `.sync/blog-drafts/openclaw-v2026.5.20-{en,zh}.json` for manual publish or next run with network access.
+
+**WeChat**: v2026.5.20 enqueued for retry. Queue: 13 → 14.
+
+**CHANGELOG.md**: Updated with v2026.5.20 highlights.
+
+---
+
 ## 2026-05-20 — No new release (v2026.5.18 already processed, run #6)
 
 **Checked**: v2026.5.18 == last-release → no new stable release (upstream has v2026.5.19-alpha.1, v2026.5.19-beta.1, v2026.5.19-beta.2 — all pre-release, skipped). Step 0 queue drain only.

.sync/wechat-pending.json

@@ -1 +1 @@
-{"queue": ["v2026.4.25", "v2026.4.26", "v2026.4.27", "v2026.4.29", "v2026.5.3", "v2026.5.3-1", "v2026.5.4", "v2026.5.5", "v2026.5.6", "v2026.5.7", "v2026.5.12", "v2026.5.18", "v2026.5.19"]}
+{"queue": ["v2026.4.25", "v2026.4.26", "v2026.4.27", "v2026.4.29", "v2026.5.3", "v2026.5.3-1", "v2026.5.4", "v2026.5.5", "v2026.5.6", "v2026.5.7", "v2026.5.12", "v2026.5.18", "v2026.5.19", "v2026.5.20"]}

CHANGELOG.md

@@ -8,6 +8,26 @@ Changes sourced from upstream (openclaw/openclaw) are labeled with the originati
 
 ## [Unreleased]
 
+## 2026-05-22 — OpenClaw v2026.5.20 sync
+
+Tracked upstream release v2026.5.20 (May 21, 2026).
+
+### Upstream highlights (openclaw/openclaw v2026.5.20)
+- **Discord voice follow**: voice sessions track configured users across voice channels with allowed-channel checks, multi-user handoff, bounded reconciliation, and DAVE recovery preservation
+- **Discord voice profile context**: IDENTITY.md, USER.md, SOUL.md auto-injected into realtime voice session instructions
+- **Bundled Policy plugin**: `openclaw policy` — policy-backed channel conformance checks and workspace repair
+- **Per-agent local-model lean mode**: `agents.list[].experimental.localModelLean`
+- **xAI device-code OAuth**: headless/remote authorization without localhost browser callback
+- **OpenRouter provider routing**: honors `params.provider` with model and agent overrides
+- **WhatsApp**: Baileys updated to 7.0.0-rc12
+- **Security**: fail-closed `tryReadSecretFileSync` with symlink rejection; browser image sanitization limits enforced
+- **Cron**: scheduled work on cron-owned wake lanes preserving reply delivery context
+- No breaking changes
+
+### Blog posts drafted
+- EN: `.sync/blog-drafts/openclaw-v2026.5.20-en.json`
+- ZH: `.sync/blog-drafts/openclaw-v2026.5.20-zh.json`
+
 ## 2026-05-22 — WhatsApp Onboarding Spec v0.5 (Path D — Multi-Device sync)
 
 Adds Path D: pull WhatsApp history directly from PulseAgent (no phone