WhatsApp, Slack, Amazon Bedrock, Anthropic Vertex, and OpenShell sandbox just moved out of the core install. Your npm install is leaner. Your update path just changed. Here's what v2026.5.12 actually did and what you need to do about it.
A developer on the AgentOS Watch summarized it perfectly: "The v2026.5.12 stable release packages the dependency externalization and runtime hardening that had been moving through the beta.6 to beta.8 train."
Eight beta versions. One architectural change. Your OpenClaw just got smaller.
Until v2026.5.12, every OpenClaw install pulled everything. Every channel adapter. Every provider SDK. Every dependency cone. You only use Telegram? Too bad. You're also installing WhatsApp's Baileys library, Slack's SDK, Amazon's entire AWS SDK, and Anthropic's Vertex client. All of it. Every time.
v2026.5.12 changed that. WhatsApp, Slack, Amazon Bedrock, Anthropic Vertex, and the OpenShell sandbox are now external plugins. Their dependency cones install only when you explicitly add them. Fresh installs are smaller. Update paths are less fragile. The "dependency repair loops" that caused OpenClaw's "rough week" (v2026.4.29) are less likely to recur.
But here's what nobody tells you. This is also a breaking change for some users. And the migration isn't automatic for everyone.
What exactly moved out of core (the complete list)
WhatsApp: Externalized as a ClawHub/npm plugin. Baileys bumped to 7.0.0-rc11. libsignal now resolves from npm registry instead of a GitHub tarball. Audio decoding dependencies are local to the plugin.
Slack: Externalized with its runtime dependency cone. Core installs no longer pull @slack/web-api unless you configure Slack.
Amazon Bedrock: Both Bedrock and Bedrock Mantle provider packages externalized. AWS SDK dependencies install only when the Bedrock provider is configured.
Anthropic Vertex: Externalized so the Vertex SDK installs only when you use Anthropic through Google Cloud.
OpenShell Sandbox: Externalized so the sandbox runtime installs only for users who need isolated shell execution.
The principle: Install only what you use. If you run Telegram + OpenAI, you don't need WhatsApp's libsignal, Slack's SDK, or Amazon's SDK eating space and causing dependency conflicts. Your install is cleaner, faster, and less likely to break on update.
What this fixes (the "rough week" context)
Stay with me here.
Three weeks ago, OpenClaw published an official apology: "OpenClaw had a rough week." Version v2026.4.29 broke gateways, stuck installs in "plugin dependency repair loops," and degraded WhatsApp, Discord, and Telegram channels. The official blog called it "not one bug" but a cascade of issues including "plugin dependency repair in startup and update paths, bundled and external plugins half-split, ClawHub artifact metadata settling, and gateway cold paths doing too much work."
The externalization in v2026.5.12 directly addresses the root cause. When everything was bundled, a dependency conflict in WhatsApp's Baileys library could block your Telegram-only install from starting. A Slack SDK version mismatch could wedge your update path even if you never configured Slack.
By making these optional, the attack surface for dependency conflicts shrinks dramatically. A WhatsApp Baileys update can't break your Telegram gateway because the WhatsApp code isn't in your install unless you put it there.
For the complete OpenClaw version stability tracker, our guide covers which versions are safe to run.
What might break after upgrading (the migration checklist)
Here's where it gets messy.
If you use WhatsApp: After upgrading to v2026.5.12, WhatsApp won't work until you explicitly install the plugin: openclaw plugins install whatsapp. The channel was externalized. Your config still references it. The code isn't there until you install it.
If you use Slack: Same pattern. openclaw plugins install slack after upgrading.
If you use Amazon Bedrock: openclaw plugins install bedrock. The AWS SDK is no longer bundled.
If you use Anthropic via Vertex: openclaw plugins install anthropic-vertex.
If you use OpenShell sandbox: openclaw plugins install openshell.
For everyone: Run openclaw doctor --fix after upgrading. It cleans stale plugin references from your config, removes dead deny-list entries, and validates your plugin manifest. The doctor now treats missing externalized plugin IDs as stale config warnings instead of fatal validation errors.
For Docker users: The compose file updated. OPENCLAW_IMAGE_APT_PACKAGES replaces OPENCLAW_DOCKER_APT_PACKAGES as the runtime-neutral build arg. v2026.5.12 also drops NET_RAW and NET_ADMIN capabilities and enables no-new-privileges. Pull the updated compose file.
If managing plugin externalization migrations, running doctor fixes after every upgrade, reinstalling channels that were silently removed from core, and updating Docker compose files for new security defaults sounds like another ops weekend instead of agent building, BetterClaw handles all plugin and channel management at the platform level. Channels are configured from the dashboard. Plugin updates are automatic. No externalization breakage. No doctor commands. No compose file changes. Free tier with 1 agent and BYOK. $19/month per agent for Pro.
What else shipped in v2026.5.12 (the highlights worth knowing)
Telegram got more stable. Isolated polling, durable local spooling, safer group-media handling, preserved HTML/Markdown formatting in streamed and scheduled replies. If Telegram was flaky for you in April, this release is a significant improvement.
ACP fallbacks. New acp.fallbacks config lets ACP turns try backup runtime backends when the primary is unavailable. If your primary model provider goes down, the agent falls back to a secondary before producing no output.
Subagent session nesting. The Control UI now shows subagent sessions nested under their parent with a visual └─ prefix. If you run multi-agent workflows, this makes the parent-child relationship visible for the first time.
Plugin install resilience. pnpm 11 support. Peer-dependency preservation during multi-plugin installs. Safer runtime security scans that don't block legitimate bundled packages. The plugin install path that caused dependency repair loops in v2026.4.29 has been significantly hardened.
For the comparison of managed versus self-hosted OpenClaw deployment, our comparison covers the update management differences.
The bigger picture (why externalization matters for the project)
Here's the take.
OpenClaw is becoming infrastructure, not a hobby project. The externalization in v2026.5.12 is the same pattern that mature platforms follow: Node.js externalized npm. Docker externalized Compose. Kubernetes externalized its cloud providers. The core gets smaller. The ecosystem gets modular. Each component evolves independently.
The LTS announcement is still coming. OpenClaw's rough week blog promised "an LTS release next to our faster update cycles, later in May." We're May 19. It hasn't shipped yet. When it does, the externalized architecture makes LTS viable because the core is small enough to stabilize while plugins continue updating independently.
For self-hosters, this is good news with a migration cost. Your install is cleaner. Your updates are less fragile. But you need to run the migration checklist above. Miss a plugin reinstall and your channel goes dark.
For users who don't want to manage any of this, the answer hasn't changed. A managed platform handles plugin externalization, channel configuration, and update migrations without ops work.
If you want the leaner architecture without the migration, give BetterClaw a try. Free tier with 1 agent and BYOK. $19/month per agent for Pro. 15+ channels configured from the dashboard. Plugin management is ours. The agent conversations are yours. No externalization migrations. No doctor commands. No compose file diffs.
Frequently Asked Questions
What changed in OpenClaw v2026.5.12?
The biggest change is plugin externalization: WhatsApp, Slack, Amazon Bedrock, Anthropic Vertex, and OpenShell sandbox moved out of the core install. Their dependency cones now install only when you explicitly add those plugins. This makes fresh installs smaller, update paths less fragile, and eliminates the dependency conflicts that caused the "rough week" in v2026.4.29. Telegram and Discord remain in core.
Do I need to reinstall plugins after upgrading to v2026.5.12?
Yes, if you use WhatsApp, Slack, Bedrock, Vertex, or OpenShell. After upgrading, run openclaw plugins install <channel-name> for each externalized plugin you use. Then run openclaw doctor --fix to clean stale config references. If you skip this step, the externalized channel won't work even though your config still references it.
Why did OpenClaw externalize WhatsApp and Slack?
To prevent dependency conflicts. WhatsApp's Baileys library, Slack's SDK, and Amazon's AWS SDK were all bundled in every install, even for users who only used Telegram. A version conflict in any of these could break installs and updates for everyone. By externalizing them, each dependency cone is isolated. A WhatsApp Baileys update can't break your Telegram-only setup.
Is v2026.5.12 safe to upgrade to?
AgentOS Watch recommends it as "the safer upgrade candidate if you were waiting for the beta.8 fixes." It went through 8 beta versions before stable release. However, test the upgrade with your specific channel configuration first. If you use WhatsApp, Telegram, Codex OAuth, or Windows sandbox, verify each after upgrading. Or use BetterClaw ($0-19/month) where updates are managed automatically.
Does BetterClaw handle plugin externalization automatically?
Yes. BetterClaw manages all plugin and channel dependencies at the platform level. When OpenClaw externalizes a plugin, BetterClaw's infrastructure handles the migration automatically. You never run doctor commands, reinstall externalized plugins, or update compose files. Channels are configured from the dashboard. Free tier with 1 agent and BYOK. $19/month per agent for Pro.