The OpenClaw team shipped a major release yesterday, and it’s packed with breaking changes that signal where the AI agent platform is headed. Version 2026.3.31 isn’t just incremental—it’s a restructuring of how nodes, plugins, and background work are handled, with security implications that every operator should understand.
The Node Execution Shake-Up
The biggest breaking change: nodes.run is gone. Shell execution on paired nodes now routes exclusively through exec host=node, while node-specific capabilities stay on the dedicated nodes invoke path. Node commands are also disabled until pairing is explicitly approved—device pairing alone no longer exposes declared commands.
This tightens security but requires updates to any workflows relying on the old shell wrapper. The migration is straightforward—replace nodes.run calls with exec targeting the node host—but failure to update will break automations.
Plugin SDK Deprecation
Legacy provider compatibility shims are now deprecated. The project is pushing toward openclaw/plugin-sdk/* entrypoints as the single supported path. If you’re maintaining custom plugins using older bundled provider setups, now’s the time to migrate.
More significantly, dangerous-code findings at the critical level now fail closed by default for skill and plugin installs. Previous permissive behavior silently allowed potentially risky code; now you’ll need explicit --dangerously-force-unsafe-install flags to proceed. This aligns OpenClaw with security-first defaults.
Background Tasks: From Bookkeeping to Control Plane
Background tasks have been restructured into a genuine shared control plane. ACP, subagent, cron, and CLI background execution now route through a unified SQLite-backed ledger with proper audit trails and lifecycle visibility.
The addition of openclaw flows list|show|cancel provides the first linear task flow control surface. This matters for complex multi-step automations where you need to observe and potentially interrupt long-running work without hunting through logs.
MCP: Server-Side and Remote
MCP (Model Context Protocol) server support gets two major additions: remote HTTP/SSE server configurations, and a default-off ACPX plugin-tools MCP bridge. The bridge is explicitly documented with trust boundary warnings—reflecting growing awareness that MCP servers are essentially arbitrary code execution endpoints.
On the provider side, OpenAI’s Responses API now supports configurable text verbosity, and Anthropic adaptive-thinking sessions got a bugfix preventing No BTW response generated errors.
What to Do Before Upgrading
- Audit any
nodes.runusage in your workflows and migrate toexec host=node - Verify your gateway’s
trusted-proxyconfig doesn’t rely on mixed shared-token setups - Review plugin installs for
critical-level dangerous code findings - Test background task flows in a staging environment—the new SQLite registry should be transparent but worth validating
Configuration Backup Strategy
Before applying the 2026.3.31 update, ensure you have complete configuration backups. The node execution changes fundamentally alter how shell commands are processed, and while automatic migration paths exist for most workflows, edge cases involving custom node wrappers or pre-execution hooks need manual intervention.
The SQLite-backed task registry introduces a new dependency that should be included in backup and disaster recovery planning. While the ledger is designed to be self-healing and compacted automatically, having the ability to restore task state from a known-good snapshot will save time during incident response.
Sources
- OpenClaw GitHub Releases – v2026.3.31 (March 31, 2026)
- OpenClaw GitHub Issues #57777, #57691, #56867