Rolling weekly report. New releases append below as detected.

Week label: 2026-W20 First detection: 2026-05-13T01:40:53.832750+00:00

---

openclaw v2026.5.12-beta.3 — 2026-05-12T23:38:26Z

Repo: https://github.com/OpenClaw/openclaw Release: https://github.com/openclaw/openclaw/releases/tag/v2026.5.12-beta.3 Detected: 2026-05-13T01:40:53.832750+00:00 Borrowable ideas: 1

Release Review: openclaw v2026.5.12-beta.3

Executive Summary

• Fixes: mostly infrastructure (auth-profile plumbing, build metadata, UI nesting). No blockbuster features.
• Subagent heartbeat dedup + error surfacing touch Luci concerns. Neither critical, both useful.
• Changelog truncated — final "Changes" section cut mid-sentence.

---

Load-Bearing Fixes

Fix	Worth borrowing?	Why
Subagent session nesting UI (#77628)	No	MC already shows ticket → worker mapping. Visual hierarchy doesn't exist in MC (no nested sessions in current dashboard). Cosmetic only.
Heartbeat wake-up dedup (agents/exec, #66748)	Probably	If heartbeat.py tick or subagent exec spawns spurious LLM invocations on parent sessions, this pattern matters. Check if Luci's mc_pickup.py dispatch sees duplicate wakeups on ticket → worker completion.
Auto-reply error surfacing (#80917)	Yes	Luci sends agent-generated Telegram replies. Silent failures (model backend fails, fallback silent) hide real errors from Telegram visibility. Worth adopting: distinguish "side-effect only" (no reply, intended) from "backend died, no fallback" (alert Elmar).
Provider error rewriting (support request IDs, #49401)	Maybe	Luci handles Kimi/GLM/Gemini/Opus failures via scheduler task error handling. If scheduler task logging doesn't already rewrite generic errors → human-friendly "transient, will retry" copy, worth lifting. Check scheduler.py error logging.

---

Skip (Not relevant to Luci)

• Codex harness auth-profile — Larry-only, not Luci
• WhatsApp/pnpm libsignal — no WhatsApp integration
• memory-wiki scoping (admin/write) — not used
• Build metadata skipping — build-time, not runtime
• Provider stream draining — internal plumbing; only matters if Luci observes stalled streams in task logs (unlikely)

---

Action

• Audit scheduler.py error logging for #49401 pattern (provider errors → user-friendly transient copy)
• Check mc_pickup.py → subagent dispatch for spurious heartbeat wakeups on ticket completion
• Defer auto-reply error surfacing unless Luci's Telegram delivery shows silent failures this week

openclaw v2026.5.12-beta.4 — 2026-05-13T04:52:38Z

Repo: https://github.com/OpenClaw/openclaw Release: https://github.com/openclaw/openclaw/releases/tag/v2026.5.12-beta.4 Detected: 2026-05-13T05:00:45.723628+00:00 Borrowable ideas: 2

openclaw v2026.5.12-beta.4 Review

Executive Summary

• Security hardening across multiple platforms with improved permission validation and tool restriction inheritance
• Enhanced Telegram gateway with HTML rendering support for more natural communication
• Link understanding improvements with SSRF guard protection for safer external content processing

Features New to openclaw

• Telegram HTML rendering for streamed and durable replies
• Link fetching through SSRF guard before CLI summarization
• Auth-profile secret key directory mounting for Docker
• Codex runtime SDK helper integration
• Enhanced permission validation and tool restrictions

Worth Borrowing into MC/Luci?

• YES: Telegram HTML rendering - ccgram gateway would benefit from better message formatting
• YES: SSRF guard for link fetching - improves security when processing external links in session memory
• NO: Codex runtime features - Luci doesn't appear to use OpenAI/Codex integration
• MAYBE: Auth-profile mounting - depends on Luci's containerization strategy
• NO: Enterprise permission controls - Luci is single-agent, not multi-team

Skip

• Multi-team permission systems and scope enforcement
• Enterprise rate limiting for webhooks (Google Chat, Feishu)
• Plugin approval workflows
• Node device token management
• Memory-wiki integration
• Gateway command scope validation

The release focuses on security hardening and enterprise features that don't align well with Luci's single-agent architecture. The most valuable items are the Telegram HTML rendering and security improvements to link processing.

openclaw v2026.5.12-beta.6 — 2026-05-13T21:00:40Z

Repo: https://github.com/OpenClaw/openclaw Release: https://github.com/openclaw/openclaw/releases/tag/v2026.5.12-beta.6 Detected: 2026-05-14T05:00:51.376895+00:00 Borrowable ideas: 4

## Release Review: openclaw v2026.5.12-beta.6

### Executive Summary
- Enhanced agent session creation and gateway communication protocols improve system reliability
- Centralized config serialization prevents race conditions in concurrent configuration changes
- Streamlined device pairing and session scope management strengthen security and efficiency

### Features New to openclaw
- Agent session creation before first `sessions_send` to prevent target agent startup failures
- Gateway v4 client requirements with explicit chat streaming for real-time updates
- Centralized config serialization with retry logic for concurrent mutations
- Talk session scope passing to AI resolver
- Approval-required device pairing
- Plugin dependency management optimization

### Worth Borrowing into MC/Luci?
- **Agent session creation**: YES - prevents agent-to-agent message failures in mc_pickup
- **Config serialization**: YES - eliminates race conditions in MC ticket operations  
- **Session scope passing**: YES - enhances session-memory-extractor accuracy
- **Device pairing approval**: YES - improves security for Luci access control

### Skip
- iMessage/WhatsApp/Line media handling - multi-platform messaging irrelevant
- Gateway protocol v4 requirements - client-side changes
- GitHub Copilot integration - third-party unrelated
- Node pairing/peer dependencies - enterprise deployment features
- Docker path pinning - container-specific infrastructure
- Plugin code scanning - plugin security optimization

goose v1.34.0 — 2026-05-13T18:19:29Z

Repo: https://github.com/block/goose Release: https://github.com/aaif-goose/goose/releases/tag/v1.34.0 Detected: 2026-05-14T05:01:32.168128+00:00 Borrowable ideas: 5

Goose v1.34.0 Review Report

Executive Summary

• Automation-first release with hooks support, agent CRUD, and MCP app integration for improved extensibility
• Provider ecosystem expansion including auto-updating plugins, custom providers, and Google model inventory support
• Core infrastructure improvements with SQLite foreign key enforcement, ACP spec compliance, and better session management

Features New to Goose

• Hooks support for customizable agent behavior
• Agents CRUD operations
• Projects as backend sources with system prompt injection
• Auto-updating for plugins
• ACP streamable HTTP spec compliance
• MCP Apps: hydrate/replay app payloads and translate capabilities
• Group consecutive tool calls into summarized chain cards
• Skills in chat composer
• Mergeable configs

Worth Borrowing into MC/Luci?

Feature	Borrow?	Rationale
Hooks support	Yes	Similar to dev-loop extensibility, allows custom agent behavior
Agents CRUD	Yes	Replace manual agent management with systematic operations
Projects as sources	Yes	Leverage existing scheduler tasks for project-based configuration
Auto-updating plugins	Yes	Complements auto-skill-evolver for automated maintenance
ACP spec compliance	Yes	Improves integration with existing ACP infrastructure
MCP Apps integration	Yes	Enhances mc_pickup dispatcher capabilities
Tool chain grouping	Yes	Better conversation flow for session-memory-extractor
Skills in composer	Yes	Extends existing skill system to chat interface
Mergeable configs	Yes	Improves vault.db configuration management

Skip

• Platform-specific artifacts (Linux Vulkan, Windows CUDA)
• UI/UX improvements (modal headers, compact layouts)
• Onboarding flows (multi-team, enterprise focus)
• Provider catalog management (redundant with MC provider system)

openclaw v2026.5.14-beta.1 — 2026-05-14T21:31:15Z

Repo: https://github.com/OpenClaw/openclaw Release: https://github.com/openclaw/openclaw/releases/tag/v2026.5.14-beta.1 Detected: 2026-05-15T05:00:50.197336+00:00 Borrowable ideas: 3

openclaw v2026.5.14-beta.1 Review

Executive Summary

• Significant modernization including dependency cleanup, Codex backend migration, and enhanced message lifecycle tracking across multiple platforms
• Improved developer tooling with automated code review skills and dependency management enforcement
• Enhanced user experience with text scaling, Mini App buttons, and comprehensive validation lanes

Features New to openclaw

• StatusReactionController with emoji-based lifecycle tracking (WhatsApp/Telegram/Discord)
• Subagent task delivery visible in message turns instead of system prompts
• Browser-local text size scaling in control UI
• Codex-review skill for automated PR closeout reviews
• Package dependency patch validation in CI
• Telegram Mini App web_app button support
• Startup trace attribution for auth/plugin loading

Worth Borrowing into MC/Luci?

• StatusReactionController: No - MC doesn't need multi-platform emoji lifecycle tracking
• Subagent task visibility: Yes - Improves auditability of mc_pickup spawned tasks without duplicating tokens
• Text scaling: Yes - Addresses mobile focus-zoom issues in ccgram interface
• Codex-review skill: No - Current auto-skill-evolver handles issue resolution differently
• Dependency patch validation: No - MC's dependency management workflow is distinct
• Mini App buttons: No - ccgram doesn't need Telegram-specific UI components
• Startup trace attribution: Yes - Would improve observability in plugin loading and auth flows

Skip

• Multi-team enterprise features, billing, i18n reporting, maintainer-specific tooling, heavy check lock configuration, Docker validation lanes

goose v1.34.1 — 2026-05-15T00:06:22Z

Repo: https://github.com/block/goose Release: https://github.com/aaif-goose/goose/releases/tag/v1.34.1 Detected: 2026-05-15T05:01:13.530454+00:00 Borrowable ideas: 0

Looking at the goose v1.34.1 release, this appears to be primarily a build infrastructure update rather than functional changes. Let me analyze this:

Release Report: goose v1.34.1

Executive Summary

• Single infrastructure update: builds non-Vulkan Linux variants using Ubuntu 22.04
• No functional features or API changes introduced
• Primarily addresses build system requirements for different hardware configurations

Features New to goose

Build System Update: Non-Vulkan Linux variants now built using Ubuntu 22.04 base image

Worth Borrowing into MC/Luci?

No - This is build infrastructure configuration that doesn't affect the core functionality of MC/Luci systems (tickets, mc_pickup, scheduler, ccgram, etc.)

Skip

Build system changes - Infrastructure updates for different hardware build configurations are not relevant to the core product functionality

The v1.34.1 release contains no functional changes that would impact MC/Luci operations. The update is purely about build system configuration for supporting non-Vulkan Linux environments, which has no bearing on the existing MC/Luci architecture or capabilities.

openclaw v2026.5.16-beta.1 — 2026-05-16T01:33:34Z

Repo: https://github.com/OpenClaw/openclaw Release: https://github.com/openclaw/openclaw/releases/tag/v2026.5.16-beta.1 Detected: 2026-05-16T05:00:40.906159+00:00 Borrowable ideas: 4

openclaw v2026.5.16-beta.1 Review

Executive Summary - Core improvements to skill caching, config validation, and error handling - Enhanced MCP scoping and multi-language support for onboarding - Several security and reliability fixes for media handling and token reporting

Features New to openclaw - Skill caching across warm gateway turns with config-keyed reuse - MCP server scoping per agent id with default tools approval modes - Telegram group chat ambient turns handling with "room_event" mode - OpenAI token clamping and total token reconstruction

Worth Borrowing into MC/Luci? - Skills caching (yes) - Would improve mc_pickup performance by reducing redundant skill snapshot builds - MCP scoping (yes) - Enhances security for MC's existing MCP server integration with agent-specific access - Token handling (yes) - Fixes token calculation issues in ccgram and dev-loop response processing
- Config validation (yes) - Strengthens vault.db validation against malformed entries - Media sniffing (no) - MC doesn't handle untrusted file uploads directly - Hook wait budgets (no) - Not applicable to MC's simpler architecture

Skip - Localization features (English/Chinese wizard flows - UI polish only) - Plugin release metadata (enterprise tooling not relevant) - Trajectory export (support bundle feature) - Config doctor allowFrom fixes (addressed differently in MC)

hermes-agent v2026.5.16 — 2026-05-16T18:55:27Z

Repo: https://github.com/NousResearch/hermes-agent Release: https://github.com/NousResearch/hermes-agent/releases/tag/v2026.5.16 Detected: 2026-05-17T05:00:26.341894+00:00 Borrowable ideas: 3

```markdown

Hermes Agent v0.14.0 Review for MC/Luci

Executive Summary

• Major performance optimizations: 19s cold-start reduction, 180x faster browser CDP calls
• Simplified architecture: lazy installation, debloating, supply-chain safety scanning
• Expanded authentication: OAuth proxy, 1M context Grok, end-to-end Microsoft Teams

New Load-Bearing Features

1. OpenAI-compatible local proxy - yes, enables MC tools (Aider/Codex) to use existing OAuth auth without API keys
2. Debloating + tiered installation - yes, reduces installation overhead aligns with MC's lightweight principle
3. Microsoft Teams end-to-end - no, MC doesn't need Teams integration, ccgram handles messaging
4. x_search Twitter tool - no, MC doesn't require social media search capabilities
5. Cross-session 1h prompt caching - no, session-memory-extractor handles persistence needs
6. computer_use cua-driver backend - no, MC doesn't need computer control integration
7. Unified pluggable video_generate - no, outside MC's scope of agent operations
8. Supply-chain safety scanning - yes, valuable for dependency security in dev-loop
9. OpenRouter Pareto Code router - no, auto-skill-evolver handles code routing needs

Skip (Not Relevant)

• xAI Grok integration (third-party model dependency)
• LINE + SimpleX Chat messaging platforms (exceeds ccgram scope)
• 9 new optional skills (skills handled by existing auto-skill-evolver)
• Zed ACP Registry integration (editor-specific, not core MC)
• LSP semantic diagnostics (development tooling, not agent logic) ``

openclaw v2026.5.16-beta.4 — 2026-05-17T04:22:09Z

Repo: https://github.com/OpenClaw/openclaw Release: https://github.com/openclaw/openclaw/releases/tag/v2026.5.16-beta.4 Detected: 2026-05-17T05:01:00.724675+00:00 Borrowable ideas: 4

openclaw v2026.5.16-beta.4 Release Review

Executive Summary

• Security audit suppressions improve compliance workflow management
• Enhanced agent task delegation with review handoffs streamlines complex workflows
• Async media generation task lifecycle standardizes AI provider interaction patterns

Features New to openclaw

• Security/audit: suppressions for accepted audit findings
• Agents/subagents: delegated task completion with parent review handoffs
• Providers/media: fal and OpenRouter music-generation providers
• Control UI: provider quota usage tracking
• Agents/media: async task lifecycle for image_generate
• Agents/skills: resolvedSkills caching across gateway turns
• Group chat: core inbound event classification
• Codex/context: thread-bootstrap projection epoch binding

Worth Borrowing into MC/Luci?

• Security audit suppressments - YES - MC ticket system could track accepted audit findings
• Agent task delegation handoffs - YES - mc_pickup could implement review workflows for complex tasks
• Provider quota tracking - YES - MC could monitor API usage across different providers
• Skills caching - YES - auto-skill-evolver could cache resolved skills to reduce rebuild overhead
• Async media lifecycle - NO - MC doesn't handle media generation
• Group chat classification - NO - ccgram handles messaging but not this classification
• Context engine binding - NO - Not applicable to MC architecture

Skip

• Mac app remote setup (client-specific functionality)
• xAI Grok OAuth (provider-specific auth)
• CLI/cron --wait (CLI tooling)
• Maintainer tooling (devops infrastructure)
• Onboarding localization (UX polish)