feat(kiloclaw): bump openclaw to version 2026.6.10

[kilo-code-bot]

Summary

Bumps the packaged OpenClaw version in the KiloClaw image from 2026.6.8 to 2026.6.10: the
Dockerfile pin, the bundled plugin peer and dev deps, the lockfile, the e2e runbook version,
and a changelog entry. Prepared by automation.

Verification

Validate per the kiloclaw-openclaw-upgrade skill before marking this PR ready:

• Run the local upgrade validation (one command): bash services/kiloclaw/scripts/tests/openclaw-upgrade-validate.sh — builds + keyless checks + grype CVE scan, then the credentialed live smoke (set KILOCODE_API_KEY for the smoke).
• Run the skill's final submission gates (typecheck, tests, lint) and review plugin diagnostics.
• Record the upgrade evidence (before and after versions, smoke result, any diagnostics) in this PR.
• Mark this PR ready once the above pass.

Visual Changes

N/A

Reviewer Notes

Automated upgrade assessment

Scores: Breaking changes Medium; Security Medium; Deployment Medium; Behavior High; Span Low

Span: 2 releases over 2 days (2026.6.9 and 2026.6.10).

Recommendation: Review carefully

This span looks routine on the surface but carries a very large amount of change. The 2026.6.9 tag is a catch-up release that folds in the full history since 2026.6.8, which is 422 merged pull requests. The 2026.6.10 tag is small and focused on model routing, fast mode, and session and channel state.

No release body declared a breaking change and neither body contained injected instructions, so this does not meet the bar for Hold. The recommendation stays at Review carefully because merging starts the first production image build and because the volume of change touches areas our controller depends on.

Risk flags an engineer should confirm during the build and live smoke:

• Storage and state moves. 2026.6.9 moves setup state out of the workspace dot directory, imports default agent auth profiles into SQLite, and lands a database first memory and proxy alignment. Our controller seeds config, exec approvals, and migrates legacy auth profile keys during onboard and doctor, so confirm the persisted root replaces cleanly and that auth profiles survive the first boot on an existing volume.
• Provider plugin loading. Official provider plugins are now standalone npm packages and externally installed channel plugins load at gateway startup. Confirm the controller managed KiloCode provider entry still loads and that live model discovery still runs.
• SQLite on network filesystems. 2026.6.9 disables write ahead logging on network filesystems and changes reindex sidecar handling. Low impact for local machine storage but worth a glance during the smoke.
• Security posture. 2026.6.9 redacts secrets in debug and config output, blocks internal HTTP session overrides, and adds security event diagnostics. These are positive but change observable output, so verify nothing the controller parses changed shape.
• Behavior breadth. The sheer number of agent runtime, channel, and reply changes means the live smoke is the real gate here, not the release notes.