Skip to content
OpenClaw VPS
Archived update

This post is kept for reference, but it is not part of the main hosted OpenClaw VPS blog feed.

OpenClaw 2026.3.8 โ€” What Shipped (Operator Guide)

Operator-focused summary of OpenClaw 2026.3.8: what shipped, what matters for hosted bots, and what to check after upgrade.

Jason Cochran
March 9, 2026
#openclaw#release-notes#operator-guide#update

This post covers what shipped in v2026.3.8 and what it means for OpenClaw VPS operators.

What shipped

Mac assets on this release reuse the beta artifact line from v2026.3.8-beta.1.

Changes

  • CLI/backup: add openclaw backup create and openclaw backup verify for local state archives, including --only-config, --no-include-workspace, manifest/payload validation, and backup guidance in destructive flows. (#40163) thanks @shichangs.
  • macOS/onboarding: add a remote gateway token field for remote mode, preserve existing non-plaintext gateway.remote.token config values until explicitly replaced, and warn when the loaded token shape cannot be used directly from the macOS app. (#40187, supersedes #34614) Thanks @cgdusek.
  • Talk mode: add top-level talk.silenceTimeoutMs config so Talk waits a configurable amount of silence before auto-sending the current transcript, while keeping each platform's existing default pause window when unset. (#39607) Thanks @danodoesdesign. Fixes #17147.
  • TUI: infer the active agent from the current workspace when launched inside a configured agent workspace, while preserving explicit agent: session targets. (#39591) thanks @arceus77-7.
  • Tools/Brave web search: add opt-in tools.web.search.brave.mode: "llm-context" so web_search can call Brave's LLM Context endpoint and return extracted grounding snippets with source metadata, plus config/docs/test coverage. (#33383) Thanks @thirumaleshp.
  • CLI/install: include the short git commit hash in openclaw --version output when metadata is available, and keep installer version checks compatible with the decorated format. (#39712) thanks @sourman.
  • CLI/backup: improve archive naming for date sorting, add config-only backup mode, and harden backup planning, publication, and verification edge cases. (#40163) Thanks @gumadeiras.
  • ACP/Provenance: add optional ACP ingress provenance metadata and visible receipt injection (openclaw acp --provenance off|meta|meta+receipt) so OpenClaw agents can retain and report ACP-origin context with session trace IDs. (#40473) thanks @mbelinky.
  • Tools/web search: alphabetize provider ordering across runtime selection, onboarding/configure pickers, and config metadata, so provider lists stay neutral and multi-key auto-detect now prefers Grok before Kimi. (#40259) thanks @kesku.
  • Docs/Web search: restore $5/month free-credit details, replace defunct "Data for Search"/"Data for AI" plan names with current "Search" plan, and note legacy subscription validity in Brave setup docs. Follows up on #26860. (#40111) Thanks @remusao.
  • Extensions/ACPX tests: move the shared runtime fixture helper from src/runtime-internals/ to src/test-utils/ so the test-only helper no longer looks like shipped runtime code.

Fixes

  • Update/macOS launchd restart: re-enable disabled LaunchAgent services before updater bootstrap so openclaw update can recover from a disabled gateway service instead of leaving the restart step stuck.
  • macOS app/chat UI: route browser proxy through the local node browser service, preserve plain-text paste semantics, strip completed assistant trace/debug wrapper noise from transcripts, refresh permission state after returning from System Settings, and tolerate malformed cron rows in the macOS tab. (#39516) Thanks @Imhermes1.
  • Android/Play distribution: remove self-update, background location, screen.record, and background mic capture from the Android app, narrow the foreground service to dataSync only, and clean up the legacy location.enabledMode=always preference migration. (#39660) Thanks @obviyus.
  • Telegram/DM routing: dedupe inbound Telegram DMs per agent instead of per session key so the same DM cannot trigger duplicate replies when both agent:main:main and agent:main:telegram:direct:<id> resolve for one agent. Fixes #40005. Supersedes #40116. (#40519) thanks @obviyus.
  • Cron/Telegram announce delivery: route text-only announce jobs through the real outbound adapters after finalizing descendant output so plain Telegram targets no longer report delivered: true when no message actually reached Telegram. (#40575) thanks @obviyus.
  • Matrix/DM routing: add safer fallback detection for broken m.direct homeservers, honor explicit room bindings over DM classification, and preserve room-bound agent selection for Matrix DM rooms. (#19736) Thanks @derbronko.
  • Feishu/plugin onboarding: clear the short-lived plugin discovery cache before reloading the registry after installing a channel plugin, so onboarding no longer re-prompts to download Feishu immediately after a successful install. Fixes #39642. (#39752) Thanks @GazeKingNuWu.
  • Plugins/channel onboarding: prefer bundled channel plugins over duplicate npm-installed copies during onboarding and release-channel sync, preventing bundled plugins from being shadowed by npm installs with the same plugin ID. (#40092)
  • Config/runtime snapshots: keep secrets-runtime-resolved config and auth-profile snapshots intact after config writes so follow-up reads still see file-backed secret values while picking up the persisted config update. (#37313) thanks @bbblending.
  • Gateway/Control UI: resolve bundled dashboard assets through symlinked global wrappers and auto-detected package roots, while keeping configured and custom roots on the strict hardlink boundary. (#40385) Thanks @LarytheLord.
  • Browser/extension relay: add browser.relayBindHost so the Chrome relay can bind to an explicit non-loopback address for WSL2 and other cross-namespace setups, while preserving loopback-only defaults. (#39364) Thanks @mvanhorn.
  • Browser/CDP: normalize loopback direct WebSocket CDP URLs back to HTTP(S) for /json/* tab operations so local ws:// / wss:// profiles can still list, focus, open, and close tabs after the new direct-WS support lands. (#31085) Thanks @shrey150.
  • Browser/CDP: rewrite wildcard ws://0.0.0.0 and ws://[::] debugger URLs from remote /json/version responses back to the external CDP host/port, fixing Browserless-style container endpoints. (#17760) Thanks @joeharouni.
  • Browser/extension relay: wait briefly for a previously attached Chrome tab to reappear after transient relay drops before failing with tab not found, reducing noisy reconnect flakes. (#32461) Thanks @AaronWander.
  • macOS/Tailscale gateway discovery: keep Tailscale Serve probing alive when other remote gateways are already discovered, prefer direct transport for resolved .ts.net and Tailscale Serve gateways, and set TERM=dumb for GUI-launched Tailscale CLI discovery. (#40167) thanks @ngutman.
  • TUI/theme: detect light terminal backgrounds via COLORFGBG and pick a WCAG AA-compliant light palette, with OPENCLAW_THEME=light|dark override for terminals without auto-detection. (#38636) Thanks @ademczuk and @vincentkoc.
  • Agents/openai-codex: normalize gpt-5.4 fallback transport back to openai-codex-responses on chatgpt.com/backend-api when config drifts to the generic OpenAI responses endpoint. (#38736) Thanks @0xsline.
  • Models/openai-codex GPT-5.4 forward-compat: use the GPT-5.4 1,050,000-token context window and 128,000 max tokens for openai-codex/gpt-5.4 instead of inheriting stale legacy Codex limits in resolver fallbacks and model listing. (#37876) thanks @yuweuii.
  • Tools/web search: restore Perplexity OpenRouter/Sonar compatibility for legacy OPENROUTERAPIKEY, sk-or-..., and explicit perplexity.baseUrl / model setups while keeping direct Perplexity keys on the native Search API path. (#39937) Thanks @obviyus.
  • Agents/failover: detect Amazon Bedrock Too many tokens per day quota errors as rate limits across fallback, cron retry, and memory embeddings while keeping context-window too many tokens per request errors out of the rate-limit lane. (#39377) Thanks @gambletan.
  • Mattermost replies: keep root_id pinned to the existing thread root when an agent replies inside a thread, while still using reply-target threading for top-level posts. (#27744) thanks @hnykda.
  • Telegram/DM partial streaming: keep DM preview lanes on real message edits instead of native draft materialization so final replies no longer flash a second duplicate copy before collapsing back to one.
  • macOS overlays: fix VoiceWake, Talk, and Notify overlay exclusivity crashes by removing shared inout visibility mutation from OverlayPanelFactory.present, and add a repeated Talk overlay smoke test. (#39275, #39321) Thanks @fellanH.
  • macOS Talk Mode: set the speech recognition request taskHint to .dictation for mic capture, and add regression coverage for the request defaults. (#38445) Thanks @dmiv.
  • macOS release packaging: default scripts/package-mac-app.sh to universal binaries for BUILD_CONFIG=release, and clarify that scripts/package-mac-dist.sh already produces the release zip + DMG. (#33891) Thanks @cgdusek.
  • Hooks/session-memory: keep /new and /reset memory artifacts in the bound agent workspace and align saved reset session keys with that workspace when stale main-agent keys leak into the hook path. (#39875) thanks @rbutera.
  • Sessions/model switch: clear stale cached contextTokens when a session changes models so status and runtime paths recompute against the active model window. (#38044) thanks @yuweuii.
  • ACP/session history: persist transcripts for successful ACP child runs, preserve exact transcript text, record ACP spawned-session lineage, and keep spawn-time transcript-path persistence best-effort so history storage failures do not block execution. (#40137) thanks @mbelinky.
  • Docs/browser: add a layered WSL2 + Windows remote Chrome CDP troubleshooting guide, including Control UI origin pitfalls and extension-relay bind-address guidance. (#39407) Thanks @Owlock.
  • Context engine registry/bundled builds: share the registry state through a globalThis singleton so duplicated bundled module copies can resolve engines registered by each other at runtime, with regression coverage for duplicate-module imports. (#40115) thanks @jalehman.
  • Podman/setup: fix cannot chdir: Permission denied in runasuser when setup-podman.sh is invoked from a directory the target user cannot access, by wrapping user-switch calls in a subshell that cd's to /tmp with / fallback. (#39435) Thanks @langdon and @jlcbk.
  • Podman/SELinux: auto-detect SELinux enforcing/permissive mode and add :Z relabel to bind mounts in run-openclaw-podman.sh and the Quadlet template, fixing EACCES on Fedora/RHEL hosts. Supports OPENCLAWBINDMOUNT_OPTIONS override. (#39449) Thanks @langdon and @githubbzxs.
  • Agents/context-engine plugins: bootstrap runtime plugins once at embedded-run, compaction, and subagent boundaries so plugin-provided context engines and hooks load from the active workspace before runtime resolution. (#40232)
  • Docs/Changelog: correct the contributor credit for the bundled Control UI global-install fix to @LarytheLord. (#40420) Thanks @velvet-shark.
  • Telegram/media downloads: time out only stalled body reads so polling recovers from hung file downloads without aborting slow downloads that are still streaming data. (#40098) thanks @tysoncung.
  • Docker/runtime image: prune dev dependencies, strip build-only dist metadata for smaller Docker images. (#40307) Thanks @vincentkoc.
  • Gateway/restart timeout recovery: exit non-zero when restart-triggered shutdown drains time out so launchd/systemd restart the gateway instead of treating the failed restart as a clean stop. Landed from contributor PR #40380 by @dsantoreis. Thanks @dsantoreis.
  • Gateway/config restart guard: validate config before service start/restart and keep post-SIGUSR1 startup failures from crashing the gateway process, reducing invalid-config restart loops and macOS permission loss. Landed from contributor PR #38699 by @lml2468. Thanks @lml2468.
  • Gateway/launchd respawn detection: treat XPCSERVICENAME as a launchd supervision hint so macOS restarts exit cleanly under launchd instead of attempting detached self-respawn. Landed from contributor PR #20555 by @dimat. Thanks @dimat.
  • Telegram/poll restart cleanup: abort the in-flight Telegram API fetch when shutdown or forced polling restarts stop a runner, preventing stale getUpdates long polls from colliding with the replacement runner. Landed from contributor PR #23950 by @Gkinthecodeland. Thanks @Gkinthecodeland.
  • Cron/restart catch-up staggering: limit immediate missed-job replay on startup and reschedule the deferred remainder from the post-catchup clock so restart bursts do not starve the gateway or silently skip overdue recurring jobs. Landed from contributor PR #18925 by @rexlunae. Thanks @rexlunae.
  • Cron/owner-only tools: pass trusted isolated cron runs into the embedded agent with owner context so cron/gateway tooling remains available after the owner-auth hardening narrowed direct-message ownership inference.
  • Browser/SSRF: block private-network intermediate redirect hops in strict browser navigation flows and fail closed when remote tab-open paths cannot inspect redirect chains. Thanks @zpbrent.
  • MS Teams/authz: keep groupPolicy: "allowlist" enforcing sender allowlists even when a team/channel route allowlist is configured, so route matches no longer widen group access to every sender in that route. Thanks @zpbrent.
  • Security/system.run: bind approved bun and deno run script operands to on-disk file snapshots so post-approval script rewrites are denied before execution.
  • Skills/download installs: pin the validated per-skill tools root before writing downloaded archives, so rebinding the lexical tools path cannot redirect download writes outside the intended tools directory. Thanks @tdjackey.

What matters for hosted operators

  • Validate channel delivery behavior (web chat + Telegram).
  • Verify model/provider settings and fallback behavior.
  • Run a smoke test after deploy: message flow, tool call, and response quality.

Post-upgrade checklist

  1. Send/receive test messages in active channels.
  2. Confirm bot settings and auth paths still behave as expected.
  3. Check billing/usage visibility and dashboard status.
  4. Log regressions immediately and keep rollback notes.

Related reading

Start your free 7-day Pro trial

Source

  • https://github.com/openclaw/openclaw/releases/tag/v2026.3.8

Get the free guide

Get the free plain-English PDF on the 10 costly mistakes people make when hosting an AI assistant themselves, plus a few short follow-up tips.

Ready to run OpenClaw without infrastructure headaches?

Start your free 7-day Pro trial on OpenClaw VPS and get a production-ready bot online with managed hosting, updates, and support.

Start your free 7-day Pro trialWhy OpenClaw VPS
Share this post

Related Posts

OpenClaw Troubleshooting Hub: BYOK, Web Chat, Telegram, and VPS Fixes

A troubleshooting hub for the most common OpenClaw VPS setup issues, from invalid BYOK keys to Telegram replies and private access confusion.

OpenClaw Tips and Tricks: Practical Setup, Hosting, and Workflow Guide

A plain-English hub for OpenClaw setup, VPS hosting, BYOK, Telegram, web chat, private access, security, troubleshooting, release notes, and first useful workflows.

Claude Opus 4.7: What It Means for Personal AI Assistants

Claude Opus 4.7 is Anthropic's latest Opus model, built for long-running asynchronous agents and carrying forward the coding and agentic focus of Opus 4.6.

Back to Blog

Free plain-English PDF

Get the free DIY VPS checklist

Before you host an AI assistant yourself, learn the 10 common mistakes that cause downtime, lost keys, missed alerts, and painful recovery work.

Send me the free PDF

We will send the plain-English PDF on the 10 costly mistakes people make when hosting an AI assistant themselves, plus short follow-up tips. Unsubscribe anytime.