feat(kiloclaw): bump openclaw to version 2026.5.28

[kilo-code-bot]

Summary

Bumps the pinned OpenClaw version in services/kiloclaw/Dockerfile from 2026.5.22 to 2026.5.28.

Also updates the version reference in the bundled plugin stage-root comment and increments the build cache bust label/echo value to force layer invalidation.

Verification

• Build the image locally and confirm openclaw --version reports 2026.5.28.
• Run scripts/controller-openclaw-upgrade-smoke-test.sh to validate the persisted-root live upgrade path.
• Confirm the two Dockerfile patch guards still fire correctly (KiloCode DISCOVERY_TIMEOUT_MS and actionRequiresTarget patches).

Visual Changes

N/A

Reviewer Notes

Release notes review — potential deployment concerns

Patch guard risk — verify both guards still apply:

1. DISCOVERY_TIMEOUT_MS = 5e3 patch (KiloCode provider-models chunk): The release notes mention provider model catalog changes (NVIDIA featured models, MiniMax, voice model catalogs, Claude Opus 4.8). If OpenClaw restructured the KiloCode provider-models chunk, the provider-models-*.js file pattern or the DISCOVERY_TIMEOUT_MS = 5e3 constant may have moved or changed. The Dockerfile guard will fail the build (ERROR: expected exactly 1 KiloCode DISCOVERY_TIMEOUT_MS = 5e3 occurrence) if so — this is intentional fail-closed behavior, but worth checking before merging.

2. actionRequiresTarget patch (channel-target-*.js): The release notes include significant channel delivery changes (outbound hooks, Matrix, iMessage, Slack, Discord, Teams). If channel-target-*.js was restructured, this patch may need adaptation.

Plugin bundled runtime deps: The release notes mention new plugins being externalized (GitHub Copilot, Tokenjuice) and runtime workspace templates being packaged. The bundled plugin dep bake step (jq dist/extensions/*/package.json) should still work, but the dep list may have grown. Worth confirming the bake step completes without errors.

resolveExternalBundledRuntimeDepsInstallRoot() interface: The release notes note performance improvements around plugin dist entries and install-record caching. If the function signature or the hash algorithm changed between 2026.5.22 and 2026.5.28, the pre-baked stage dir may not be found at runtime (openclaw would fall back to a live npm install on first boot rather than failing hard). Confirm the hash path is still valid after upgrade.

Cron/automation behavior change: The fix retry recurring jobs after transient model rate limits before waiting for the next scheduled slot changes scheduling behavior for rate-limited agents. This could affect KiloClaw instances running scheduled agents if they hit rate limits.

Session lock behavior change: release session locks on timeout abort and runtime teardown without deleting live OpenClaw-owned locks during cleanup is a meaningful change to how session locks are released. If there are any in-flight sessions during the image rollout, this may affect lock cleanup behavior during machine restarts.

[kilo-code-bot]

Code Review Summary

Status: 3 Issues Found | Recommendation: Address before merge

Executive Summary

Plugin package.json peer/dev dependency versions and the e2e testing doc still reference the old OpenClaw pin (2026.5.22), leaving the image build inconsistent with compile-time plugin dependencies.

Overview

Severity	Count
CRITICAL	0
WARNING	3
SUGGESTION	0

Issue Details (click to expand)

WARNING

File	Line	Issue
services/kiloclaw/plugins/kilo-chat/package.json	33-34	peerDependencies and devDependencies still pin openclaw@2026.5.22 — should be updated to 2026.5.28 to match the Dockerfile pin
services/kiloclaw/plugins/kiloclaw-morning-briefing/package.json	26-27	peerDependencies and devDependencies still pin openclaw@2026.5.22 — should be updated to 2026.5.28
services/kiloclaw/e2e/docker-image-testing.md	144	Expected version comment still shows # 2026.5.22 — should reflect 2026.5.28 so the manual testing runbook stays accurate

CHANGELOG NOTE

No changelog entry for 2026.5.28 has been added to apps/web/src/app/(app)/claw/components/changelog-data.ts. The most recent entry is for 2026.5.22 (dated 2026-05-28). Per the validation checklist, a new entry should be added at the top.

Other Observations (not in diff)

Issues found in unchanged code that cannot receive inline comments:

File	Line	Issue
services/kiloclaw/plugins/kilo-chat/package.json	33-34	peerDependencies/devDependencies: openclaw@2026.5.22 should be 2026.5.28
services/kiloclaw/plugins/kiloclaw-morning-briefing/package.json	26-27	peerDependencies/devDependencies: openclaw@2026.5.22 should be 2026.5.28
services/kiloclaw/e2e/docker-image-testing.md	144	Version comment in docker run example still says 2026.5.22
apps/web/src/app/(app)/claw/components/changelog-data.ts	top	No changelog entry for 2026.5.28 (last entry is for 2026.5.22)

Files Reviewed (5 files)

• services/kiloclaw/Dockerfile - version bump correct, build cache bust incremented, comment updated
• services/kiloclaw/plugins/kilo-chat/package.json - 1 issue (peer/dev dep still at 2026.5.22)
• services/kiloclaw/plugins/kiloclaw-morning-briefing/package.json - 1 issue (peer/dev dep still at 2026.5.22)
• services/kiloclaw/e2e/docker-image-testing.md - 1 issue (expected version comment not updated)
• apps/web/src/app/(app)/claw/components/changelog-data.ts - no new changelog entry for 2026.5.28

Fix these issues in Kilo Cloud

---

_{Reviewed by claude-4.6-sonnet-20260217 · 1,394,010 tokens}

_{Review guidance: REVIEW.md from base branch main}