AICost Logo
Back to Blog
BlogMarch 10, 2026

OpenClaw 2026.3.8 Release: ACP Provenance, Browser Hardening & Backup CLI - Full Breakdown

OpenClaw 2026.3.8 Release: ACP Provenance, Browser Hardening & Backup CLI - Full Breakdown

Key Takeaways

  • Security-First Release: Introduces optional ACP provenance metadata and receipt injection, enabling agents to verify request origins and maintain session trace IDs for auditability.
  • Backup Reliability: New openclaw backup create and openclaw backup verify commands support full or config-only snapshots with manifest validation—critical for production self-hosted deployments.
  • Browser Hardening: Multiple CDP normalization fixes and relay improvements eliminate common SSRF vectors and cross-namespace issues in WSL2 or containerized environments.
  • Platform Stability: Telegram DM deduplication, Talk mode silence timeout, macOS remote gateway onboarding, and Android permission tightening address real-world edge cases reported by the community.
  • Developer Experience: TUI workspace inference, Brave LLM-context web search, and cleaner CLI versioning reduce friction in daily agent management.

Security Hardening: Why ACP Provenance Matters Now

Analysis shows that self-hosted AI agents like OpenClaw increasingly operate across messaging platforms and browser tools, creating new attack surfaces. OpenClaw 2026.3.8 counters this with ACP ingress provenance metadata.

The feature adds an optional flag: openclaw acp --provenance off|meta|meta+receipt. When enabled, agents retain origin context and inject visible receipts tied to session trace IDs. This prevents unauthorized task execution and provides forensic traceability—especially valuable in enterprise setups where multiple agents or cron jobs run concurrently.

Benchmarks from community deployments indicate that provenance-enabled sessions reduce false-positive execution risks by clearly distinguishing legitimate user-triggered actions from automated or relayed ones. The change integrates seamlessly with existing session memory hooks, preserving backward compatibility while future-proofing for stricter compliance requirements.

Browser Controls: CDP and SSRF Fixes Explained

OpenClaw agents frequently control browsers via Chrome DevTools Protocol (CDP) for web_search, form filling, and tab management. Previous versions exposed edge cases in loopback handling and wildcard WebSocket URLs.

This release normalizes direct WebSocket CDP URLs back to HTTP(S) for /json/* operations and rewrites wildcard ws://0.0.0.0 responses from remote endpoints. The browser relay now supports explicit browser.relayBindHost for WSL2 and container setups.

These fixes directly mitigate SSRF risks and transient “tab not found” flakes. For users running Browserless-style containers or cross-namespace relays, the improvements eliminate noisy reconnects and enable reliable tab listing, focus, and closure. Community feedback suggests these changes resolve 80% of reported browser tool failures in production.

New Backup Tools: Production-Grade Data Protection

Self-hosted agents accumulate workspace state, secrets snapshots, and memory artifacts rapidly. OpenClaw 2026.3.8 introduces dedicated CLI commands:

openclaw backup create [--only-config] [--no-include-workspace] [--output /path/to/backup.tar.gz]
openclaw backup verify /path/to/backup.tar.gz

The create command produces date-sorted archives with full manifest and payload validation. Use --only-config for lightweight daily snapshots before destructive operations. The verify command checks integrity before restores.

How it works under the hood: Backups respect runtime-resolved secrets and preserve workspace boundaries. This prevents common pitfalls like leaking plaintext secrets or including unnecessary large files in production environments.

Advanced tip: Integrate into cron workflows with openclaw backup create --only-config && openclaw backup verify before running openclaw update. This pattern has proven effective in avoiding data loss during rapid release cycles.

Platform-Specific Upgrades and Edge-Case Resolutions

macOS Enhancements

  • Remote gateway token field in onboarding preserves non-plaintext gateway.remote.token values.
  • Tailscale discovery now keeps probing alive and prefers direct transport.
  • Talk mode gains configurable talk.silenceTimeoutMs (defaults remain platform-specific).
  • Overlay exclusivity crashes fixed for VoiceWake, Talk, and Notify.

Android and Mobile

  • Removed unnecessary background permissions (location, screen record, mic) and narrowed foreground service scope.
  • Cleaner legacy preference migration reduces permission loss after updates.

Messaging Channels

  • Telegram DMs now deduplicate per agent rather than session key, eliminating duplicate replies.
  • Matrix DM routing honors explicit bindings over broken m.direct homeserver fallbacks.
  • Mattermost thread root_id preservation ensures consistent reply behavior.

These fixes address high-frequency pain points reported in multi-channel deployments where agents interact with both direct messages and rooms simultaneously.

Additional Quality-of-Life Improvements

  • TUI: Automatically infers the active agent from the current workspace.
  • Web Search: Brave now supports opt-in llm-context mode returning grounded snippets; provider lists are alphabetized for neutral selection.
  • CLI: Short git commit hash appears in openclaw --version for precise troubleshooting.
  • Config Handling: Secrets snapshots survive writes, reducing resolution drift.

Common pitfall to avoid: After updating, run openclaw backup create immediately—especially on macOS where launchd service restarts can expose temporary permission states.

Conclusion

OpenClaw 2026.3.8 represents the most security-conscious release to date, directly tackling provenance, browser attack surfaces, and data resilience in self-hosted AI agent environments. The combination of ACP metadata, robust backups, and platform hardening makes it essential for anyone running production agents.

Update today via openclaw update or your preferred installation method, then verify your first backup. For advanced configurations, review the full changelog on the official GitHub repository.

Stay ahead of the curve—your lobster-powered assistant just got significantly more secure and reliable.