What's new for you
Unified SQLite background-task ledger for ACP, subagents, cron, and detached CLI; first-class `openclaw flows` for task-flow control; new QQ Bot channel plugin; major Matrix upgrades (streaming, proxy, history, threads); remote HTTP/SSE MCP servers; stricter plugin and skill install scans; plus breaking security changes for node execution, trusted-proxy auth, and node command gating.
- Background tasks — single ledger and executor seam for detached runs, cleanup, recovery, and status visibility
- CLI — `openclaw flows list|show|cancel` with doctor hints for orphaned or broken flow/task links
- Channels — QQ Bot bundled plugin (multi-account, SecretRef, slash commands, media)
- Matrix — draft streaming, `channels.matrix.proxy`, `historyLimit` for triggers, per-DM `threadReplies`
- MCP — `mcp.servers` URL configs for remote HTTP/SSE with auth headers and safer credential redaction
- Install safety — critical dangerous-code findings on plugin/skill installs fail closed unless explicitly overridden
- Breaking — `nodes.run` wrapper removed; use `exec host=node` for shell on nodes
- Breaking — trusted-proxy mixed shared-token configs rejected; node commands require approval after pairing
Release highlights
| Feature | Details |
|---|---|
| Unified task ledger | SQLite-backed control plane for ACP, subagent, cron, and detached CLI background runs. |
| openclaw flows | list|show|cancel for linear task flows; doctor recovery for broken linkage. |
| QQ Bot channel | Bundled QQ Bot plugin: accounts, SecretRef credentials, slash commands, reminders, media. |
| Matrix upgrades | Draft streaming, HTTP(S) proxy, optional room history for triggers, thread reply overrides. |
| MCP remote HTTP/SSE | Remote mcp.servers URLs with auth headers and safer redaction in logs. |
| Install safety (fail closed) | Critical dangerous-code findings fail plugin/skill installs unless explicitly overridden. |
| Nodes & exec migration | Remove nodes.run wrapper; exec host=node; gateway/node command and trusted-proxy changes. |
⚠️ Breaking changes
Shell on nodes: the duplicated `nodes.run` wrapper is removed — use `exec host=node` (see deep dive). Plugin/skill installs can fail closed on critical scan findings — use the documented dangerous override only if you accept the risk. Gateway: `trusted-proxy` no longer allows mixed shared-token setups; local-direct callers must present the configured token. Node commands stay off until pairing is explicitly approved, not merely paired.
Feature deep dives
Learn more about the changes that matter most. Bug fixes and minor improvements are listed on GitHub.
Unified background task ledger
One SQLite-backed ledger unifies ACP, subagent, cron, and detached CLI runs with better lifecycle, recovery, and visibility.
Read more →openclaw flows CLI
list|show|cancel for task flows; doctor surfaces hints when flow/task linkage looks broken.
Read more →QQ Bot channel plugin
Bundled QQ Bot support with multi-account setup, SecretRef-aware credentials, slash commands, and media.
Read more →Matrix channel upgrades
Draft streaming, proxy config, optional room history for group triggers, and per-DM thread reply behavior.
Read more →Remote MCP HTTP/SSE servers
Configure remote mcp.servers with URL, optional streamable-http transport, auth headers, and safer redaction.
Read more →Install safety: fail closed
Plugin and skill installs fail by default when install-time scans report critical dangerous-code findings.
Read more →Nodes & exec migration
nodes.run shell wrapper removed — use exec host=node; trusted-proxy and node-command gating hardened.
Read more →Full release notes
The complete changelog with all changes, fixes, and technical details is on the official GitHub release page.
Open v2026.3.31 on GitHub →