3.22 cracked the lobster open and rebuilt the engine. 3.23 kept the stitches from bursting. 3.24 got it walking again — faster than before the operation.
3.28: the lobster grows a new shell.
Not the soft, translucent thing that comes right after a molt. A proper shell. Dense, layered, battle-tested. With new claws to match.
Two breaking changes. Twenty-one features. Ninety-something fixes. The usual advice: production lobsters, upgrade with care.
Breaking Changes
Two. Both clean cuts.
Qwen Portal OAuth is gone. The deprecated \qwen-portal-auth\ integration for portal.qwen.ai has been removed. Migrate to Model Studio: \openclaw onboard --auth-choice modelstudio-api-key\. (#52709) Thanks @pomelo-nwu.
Config auto-migration has an expiry date. \openclaw doctor\ no longer rewrites config keys older than two months. Ancient configs will now fail validation instead of being silently rewritten. Update your configs.
New Claws: Models and Providers
MiniMax Image Generation
MiniMax joins as an image generation provider with the \image-01\ model. Generate from text prompts. Edit existing images with image-to-image. Control aspect ratios. (#54487) Thanks @liyuan97.
This is the first dedicated image generation provider in OpenClaw. Your lobster can now see — and create.
The MiniMax model catalog has also been trimmed: M2.7 only, with legacy M2, M2.1, M2.5, and VL-01 models removed. Lean and focused.
xAI Goes Full Responses API
The bundled xAI provider moves to the Responses API with first-class \x_search\ support. The xAI plugin auto-enables from owned web-search and tool config — no more manual plugin toggles for bundled Grok flows. (#56048) Thanks @huntharo.
During onboarding, \openclaw onboard\ and \openclaw configure --section web\ now offer optional x_search setup, including a model picker with the shared xAI key.
CLI Backend Expansion
Bundled Claude CLI, Codex CLI, and Gemini CLI inference defaults move onto the plugin surface. Gemini CLI gets bundled backend support. The \--cli-backend-logs\ flag replaces \--claude-cli-logs\ (old flag kept as alias). Auto-loading means configured bundled channels load without manual \plugins.allow\ entries.
New Reflexes: Async Tool Approval
This is the headline feature for plugin developers.
\before_tool_call\ hooks now support async \requireApproval\ — plugins can pause tool execution mid-flight and prompt the user for approval. The approval surface is flexible: exec approval overlay, Telegram buttons, Discord interactions, or the \/approve\ command on any channel. (#55339) Thanks @vaclavbelak and @joshavant.
The \/approve\ command now handles both exec and plugin approvals with automatic fallback. One command, two approval paths.
What this means in practice: a plugin can watch for destructive tool calls — file deletions, database drops, production deploys — and gate them behind human approval. Your AI assistant gets a safety interlock. The cyber-secretary wears a bulletproof vest.
New Shell: Security and Hardening
Web search key audit expanded. The security audit now recognizes Gemini, Grok/xAI, Kimi, Moonshot, and OpenRouter credentials via a boundary-safe bundled-web-search registry shim. (#56540)
ACP agent registry hardened. OpenClaw's ACPX built-in agent mirror aligns with the latest \openclaw/acpx\ command defaults, pins versioned npx built-ins to exact versions, and stops unknown ACP agent IDs from falling through to raw \--agent\ command execution on the MCP-proxy path. (#28321) Thanks @m0nkmaster and @vincentkoc.
OpenAI apply_patch enabled by default for OpenAI and Codex models, with sandbox policy aligned to write permissions.
Channel Upgrades
ACP conversation binds. \/acp spawn codex --bind here\ can now turn the current Discord, BlueBubbles, or iMessage chat into a Codex-backed workspace without creating a child thread.
Slack upload-file. An explicit upload-file action routes file uploads through Slack's transport with optional filename/title/comment overrides for channels and DMs.
Unified file sends. Microsoft Teams, Google Chat, and BlueBubbles get explicit \upload-file\ support, starting to unify file-first sends across channels.
Matrix voice bubbles. Auto-TTS replies on Matrix now send as native voice bubbles instead of generic audio attachments. (#37080) Thanks @Matthew19990919.
Infrastructure
Podman simplified. Container setup consolidated around the current rootless user. Launch helper installs under \~/.local/bin\. The workflow is now \openclaw --container <name> ...\ from the host CLI.
\openclaw config schema\ prints the generated JSON schema for \openclaw.json\. (#54523) Thanks @kvokka.
Memory plugin contract. Pre-compaction memory flush moves behind the active memory plugin contract — \memory-core\ owns flush prompts and target-path policy instead of hardcoded core logic.
Plugin heartbeat. \runHeartbeatOnce\ exposed in the plugin runtime system namespace for single heartbeat cycles with delivery target overrides. (#40299) Thanks @loveyana.
Tavily attribution. Outbound API requests now carry \X-Client-Source: openclaw\ so Tavily can attribute OpenClaw-originated traffic. (#55335) Thanks @lakshyaag-tavily.
Selected Fixes
From 90+ fixes across the release:
Agents/Anthropic: Unhandled provider stop reasons (e.g. \sensitive\) now recover as structured assistant errors instead of crashing the agent run. (#56639)
Google/Gemini 3.1: Pro, flash, and flash-lite resolve correctly for all Google provider aliases. Flash-lite prefix ordering fixed. (#56567)
WhatsApp echo loop: Self-chat DM mode no longer creates infinite echo loops where the bot re-processes its own outbound replies. (#54570) Thanks @joelnishanth.
Telegram message splitting: Long messages now split at word boundaries instead of mid-word, with graceful degradation when tag overhead exceeds the limit. (#56595)
Discord reconnect: Stale gateway sockets get drained, cached resume state cleared before forced reconnects. Recovery stops looping on poisoned resume state. (#54697) Thanks @ngutman.
Agents/cooldowns: Rate-limit cooldowns are now scoped per model — one 429 no longer blocks every model on the same auth profile. Stepped 30s/1min/5min ladder replaces the old exponential escalation. (#49834) Thanks @kiranvk-2011.
Matrix E2EE thumbnails: Encrypted image events now encrypt thumbnails with \thumbnail_file\ while keeping unencrypted-room previews on \thumbnail_url\. (#54711) Thanks @frischeDaten.
GitHub Copilot auth: Large \expires_at\ values are treated as seconds epochs, clamping far-future timers to prevent setTimeout overflow hot loops. (#55360) Thanks @michael-abdo.
Mistral: OpenAI-compatible request flags normalized so official Mistral API runs no longer fail with \422 status code (no body)\ errors.
iMessage: Inline \[[reply_to:...]]\ tags no longer leak into delivered text — \reply_to\ sends as RPC metadata. (#39512) Thanks @mvanhorn.
Contributors
This release carries contributions from over 50 individuals.
@huntharo delivered the xAI Responses API migration, Telegram pairing fixes, and plugin inbound claims — owning one of the biggest feature transitions in the release.
@ngutman landed Discord reconnect recovery, two rounds of sandbox improvements, and the Carbon beta update — systematic, defense-in-depth work.
@neeravmakwana fixed OpenAI Codex image tools, agents/status context windows, gateway plugin reuse, and CLI plugin auto-loading — four fixes spanning four subsystems.
@joelnishanth tackled WhatsApp echo loops, two Discord gateway shutdown edge cases, and Matrix E2EE crypto loading — quiet, thorough channel hardening that keeps things running.
@xaeon2026 fixed OpenAI-compatible tool call deduplication, WebSocket reasoning replay, agents/status, and Codex fallback — deep agent infrastructure work.
@shakkernerd shipped three TUI improvements: onboarding gateway messaging, chat log system message pruning, and activation argument validation.
Thanks to @pomelo-nwu, @liyuan97, @vaclavbelak, @joshavant, @kvokka, @velvet-shark, @lakshyaag-tavily, @Matthew19990919, @loveyana, @gumadeiras, @schumilin, @scoootscooob, @BruceMacD, @gumclaw, @vincentkoc, @m0nkmaster, @mvanhorn, @kiranvk-2011, @michael-abdo, @frischeDaten, @bugkill3r, @erhhung, @sahancava, @danhdoan, @dongzhenye, @gregretkowski, @afurm, @jared596, @wbxl2000, @xieyongliang, @adzendo, @frankbuild, @alberthild, @nikus-pan, @felear2022, @markojak, @infichen, @bottenbenny, @mcaxtr, @MiloStack, @SnowSky1, @lurebat, @private-peter, @sallyom, @MonkeyLeeT, @oliviareid-svg, @chen-zhang-cs-code, @Nanako0129, @mbelinky, @nickludlam, @kakahu2015, @mathiasnagler, @NickHood1984, @esrehmki, @aquaright1, @xujingchen1996, @lml2468, @sparkyrider, @KevInTheCloud5617, @cosmicnet, @hongsw, @Takhoffman, @ysfbsf, @glitch418x, @Kimbo7870, @w-sss, and everyone else who filed issues, tested pre-releases, or helped in Discord.
---
3.22 opened the lobster up. 3.23 kept it alive. 3.24 got it running.
3.28: the new shell has hardened. New claws for creating images. New reflexes for intercepting danger. New armor, forged from ninety fixes and the work of fifty contributors.
The lobster is suited up. Time to hunt.
