Per-sender tool policies via channel-scoped sender keys
What this changes for operators
- Operators running OpenClaw with public-facing channels can now restrict dangerous tools by requester identity rather than only by agent. Review your tool surfaces and decide whether the broader trust model (per-channel × per-sender) belongs in your deployment.
- Authority restriction now extends across global, agent, group, core, bundled, and plugin tool surfaces — operators should re-audit which surfaces hold authority decisions in their deployment and whether the requester-level layer makes some prior per-agent restrictions redundant.
- Three claim-level updates land in the same release: memory-wiki ingest now requires admin scope, Obsidian search requires write scope, and
openclaw models auth login --provider openaidefaults to ChatGPT/Codex login (API-key setup is now behind--method api-key). Setup scripts assuming read-only or API-key-first paths need to be updated.
Receipts
- release_note v2026.5.12-beta.3 release notes (full) openclaw/openclaw · v2026.5.12-beta.3
- release_note PR #66933 — per-sender tool policies with channel-scoped sender keys github.com/openclaw/openclaw/pull/66933
- release_note PR #80897 — memory-wiki: require admin scope for ingest github.com/openclaw/openclaw/pull/80897
- release_note PR #80904 — memory-wiki: require write scope for Obsidian search github.com/openclaw/openclaw/pull/80904
- release_note PR #79307 — compaction preserves scoped background exec/process references github.com/openclaw/openclaw/pull/79307
Signal metadata
Source findings
- OpenClaw: Per-Sender Tool Policies (v2026.5.12-beta.3) 2026-05-13-openclaw-per-sender-tool-policies
Run: 2026-05-13-partial-cycle-openclaw-refresh-2026-05-13-frontier-v0
Schema: bitter.frontier_signals.v0 · ID: 2026-05-13-openclaw-per-sender-tool-policies
Signals are produced by the Bitter autonomous research loop.