OpenClawRelease2026March 3, 202611 min read

OpenClaw 2026.3.2 Release Guide: What Changed and How to Use It

OpenClaw 2026.3.2 landed with production-grade secrets management, a native PDF tool, a unified channel adapter, safer defaults for new installs, and new plugin hooks. Here is a practical breakdown of every change that matters and how to use it in your agent workflows.

What This Release Is About

Version 2026.3.2 is not a minor patch. It touches secrets management, document processing, channel infrastructure, security defaults, and the plugin system. If you run OpenClaw agents in production or connect them to real services, this release changes how you handle credentials, process documents, and ship to messaging platforms.

Below is every significant change, with config examples and practical use cases. If you just want the highlights, here are the six headlines: production-grade SecretRef system, native PDF tool, unified sendPayload adapter, safer tool defaults, new plugin hooks, and first-class MiniMax model support.

1. Secrets System Is Finally Production-Grade

SecretRef support now covers 64 credential targets. That includes everything from Stripe to Slack to GitHub to custom OAuth tokens. The biggest behavioral change: unresolved refs now fail fast instead of silently breaking things mid-run.

Before this release, if you had a typo in a secret reference or forgot to set a credential, the agent would start normally and then fail at some random point during execution. Now OpenClaw catches missing refs at startup and tells you exactly what is wrong.

The workflow for auditing and reloading secrets no longer requires a full gateway restart:

# Audit all secret references
openclaw secrets audit

# Fix missing secrets
openclaw secrets set STRIPE_KEY sk_live_xxx
openclaw secrets set SLACK_TOKEN xoxb-xxx

# Reload without restarting the gateway
openclaw secrets reload

If you have been hesitant to hook OpenClaw into real accounts because of scattered .env files, this is the release that makes credential management actually manageable.

Practical tip: Run openclaw secrets audit right after updating. It will list every unresolved SecretRef across all your agents, so you can fix them before anything breaks.

2. First-Class PDF Tool

Native PDF support for Anthropic and Google models, with an extraction fallback for everything else. Configurable page limits and file size limits are built in. Before this release, passing PDFs to an agent was unreliable. Now it is a proper tool with routing, validation, and provider-specific optimizations.

Here is how to configure the PDF tool in your agent's config:

# config.yaml
tools:
  pdf:
    enabled: true
    max_pages: 50
    max_size_mb: 25
    provider: auto  # Uses native for Anthropic/Google, fallback for others

Use cases that are now practical:

  • -Drop a contract in and get obligations summarized by party
  • -Stack multiple research papers and ask for a methodology comparison
  • -Feed an RFP and get a structured response outline
  • -Process invoices and extract line items into structured data

Here is a SOUL.md snippet for a contract analysis agent that uses the PDF tool:

## Role
Contract Analysis Agent

## Rules
- When a user sends a PDF, extract all obligations grouped by party
- Highlight any indemnification clauses or liability caps
- Flag renewal terms and termination conditions
- Output a structured summary with section references

## Skills
- pdf_extraction
- document_summarization

## Model
anthropic/claude-sonnet-4-20250514

Note: The native PDF path works best with Anthropic (Claude) and Google (Gemini) models. For Ollama or OpenAI, the extraction fallback converts the PDF to text first. Complex layouts and embedded images may not transfer perfectly through the fallback path.

3. Unified Outbound Adapter Across All Channels

Discord, Slack, WhatsApp, Zalo, and Telegram now share a single sendPayload adapter. Before this release, each channel had its own output formatting logic. That meant inconsistent message formatting, different error handling, and channel-specific bugs.

The unified adapter standardizes how agents send messages across platforms. Write your agent's output logic once, and it works everywhere.

Another important change: Telegram streaming switched from off to partial by default. New setups now get live typing previews out of the box with zero config.

# Telegram streaming is now partial by default
# To keep the old behavior (no streaming), set explicitly:
openclaw config set telegram.streaming off

# Or enable full streaming:
openclaw config set telegram.streaming full

What this means: If you build a multi-channel agent that sends to Telegram, Slack, and Discord simultaneously, you no longer need to handle platform-specific formatting. The sendPayload adapter handles the translation for each platform automatically.

4. Safer Defaults for New Installs

This is the change that matters most if you are setting up OpenClaw for the first time or onboarding someone onto your team. Three defaults changed:

  • 1.tools.profile defaults to messaging - New installs no longer have filesystem or shell access unless you explicitly opt in. Previously, new installs had broad tool access by default, which was a significant security risk.
  • 2.ACP dispatch is on by default - Agent Communication Protocol dispatch enables structured agent-to-agent messaging. Multi-agent setups now work without manually enabling this.
  • 3.Plugin HTTP routes require explicit auth - Plugin-exposed HTTP endpoints are no longer open by default. You must configure authentication for any routes your plugins expose.

If you need broader tool access for an agent, set it explicitly:

# Default for new installs (messaging only, no filesystem/shell)
openclaw config set tools.profile messaging

# Full tool access (filesystem, shell, browser, etc.)
openclaw config set tools.profile full

# Custom profile with specific tools
openclaw config set tools.profile custom
openclaw config set tools.allowed "messaging,browser,http"

Existing users: These defaults only affect new installations. Your current tools.profile setting is preserved during the update. You do not need to change anything unless you want to.

5. New Hooks and APIs for Plugin Builders

If you build custom plugins or skills for OpenClaw, this release cleans up a lot of glue code. Here are the new capabilities:

Session Hooks Now Include sessionKey

The session_start and session_end hooks now pass the sessionKey in their payload. This means you can track sessions across hooks without maintaining your own state:

// Plugin hook handler
export function onSessionStart({ sessionKey, agentId, channel }) {
  console.log(`Session ${sessionKey} started for ${agentId} on ${channel}`);
  // Track session start in your analytics
}

export function onSessionEnd({ sessionKey, agentId, duration }) {
  console.log(`Session ${sessionKey} ended after ${duration}ms`);
  // Log session metrics
}

New Hook Events: message:transcribed and message:preprocessed

Two new hook events let you intercept messages at different stages of processing:

  • -message:transcribed fires after voice-to-text conversion, before the message reaches the model
  • -message:preprocessed fires after all preprocessing (language detection, intent classification, etc.) but before model inference

Audio Transcription API

A new runtime API lets you transcribe local audio files through your configured speech-to-text providers:

// Transcribe a local audio file
const result = await api.runtime.stt.transcribeAudioFile("/path/to/audio.mp3");
console.log(result.text);
// "Hey, can you check the latest sales numbers for Q1?"

channelRuntime on ChannelGatewayContext

The channelRuntime is now exposed on ChannelGatewayContext. If you are building a custom channel integration, you no longer need to import internal modules. Everything you need is available through the context object:

// Building a custom channel plugin
export function handleIncoming(ctx: ChannelGatewayContext, message: string) {
  const { channelRuntime, agentId, sessionKey } = ctx;

  // Use channelRuntime to send responses
  // No need for internal imports
  channelRuntime.send({
    text: "Processing your request...",
    channel: ctx.channelId,
  });
}

6. Other Notable Changes

Config Validation with JSON Output

A new command lets you lint your configuration before startup. This is especially useful for multi-agent setups where a bad config on one agent can cascade:

# Validate config and get JSON output (great for CI/CD)
openclaw config validate --json

# Example output:
{
  "valid": false,
  "errors": [
    {
      "path": "agents.radar.model",
      "message": "Model 'gpt-5-turbo' not found in providers"
    }
  ],
  "warnings": [
    {
      "path": "gateway.port",
      "message": "Port 80 requires root privileges"
    }
  ]
}

MiniMax-M2.5-highspeed as First-Class Model

MiniMax-M2.5-highspeed is now a first-class model option. It is cheaper and faster than most alternatives, making it a good choice for rote tasks like data formatting, simple lookups, or template filling where you do not need a full-powered model:

# Set MiniMax as the model for a specific agent
openclaw config set agents.formatter.model minimax/m2.5-highspeed

# Use it for the fast/cheap slot in a multi-model setup
openclaw config set models.fast minimax/m2.5-highspeed
openclaw config set models.smart anthropic/claude-sonnet-4-20250514

Ollama Embeddings for Memory Search

Long-term memory search now works with Ollama embeddings. This means your agent's memory system can stay fully local with zero API costs for the embedding step:

# Configure Ollama for memory embeddings
openclaw config set memory.embeddings.provider ollama
openclaw config set memory.embeddings.model nomic-embed-text

# Make sure the embedding model is pulled
ollama pull nomic-embed-text

Diff Tool PDF Export

The diff tool can now export comparisons as PDF with quality and scale controls. This is better than sending images through messaging channels that compress them:

# Export diff as PDF
openclaw diff --format pdf --quality high --scale 2x

# Useful for sharing code reviews through Telegram/Slack
# without losing detail to image compression

Upgrade Checklist

Here is a step-by-step checklist for upgrading to 2026.3.2 without breaking your existing setup:

  1. 01Update OpenClaw: npm install -g openclaw@latest
  2. 02Validate your config: openclaw config validate --json
  3. 03Audit secrets: openclaw secrets audit
  4. 04Fix any unresolved SecretRefs from the audit output
  5. 05Reload secrets: openclaw secrets reload
  6. 06If you use plugins with HTTP routes, add auth configuration
  7. 07Check Telegram streaming behavior (now partial by default)
  8. 08Restart the gateway

Skip the Config Files. Build Your Agent Visually.

OpenClaw 2026.3.2 has powerful features, but the setup is still config files and terminal commands. CrewClaw lets you design agents in a visual playground, test them with real AI, and export a production-ready Docker package. SOUL.md, docker-compose.yml, Telegram bot, and integrations included.

Try the Agent Playground

FAQ

How do I update to OpenClaw 2026.3.2?

Run npm install -g openclaw@latest or yarn global add openclaw@latest. If you installed from source, pull the latest from the main branch and rebuild. After updating, run openclaw config validate --json to check your existing configuration for any issues before restarting the gateway.

Will the new safer defaults break my existing setup?

No. The safer defaults only apply to fresh installs. Existing installations keep their current tools.profile setting. If you want to adopt the new messaging-only default, you can manually set it with openclaw config set tools.profile messaging. But if your agents need filesystem or shell access, keep your current profile.

Does the PDF tool work with local models through Ollama?

The PDF tool has native support for Anthropic (Claude) and Google (Gemini) models. For other providers including Ollama, it uses an extraction fallback that converts PDF content to text before sending it to the model. The extraction path works but does not support complex layouts or embedded images as well as the native providers.

What is ACP dispatch and why is it on by default now?

ACP (Agent Communication Protocol) dispatch enables structured agent-to-agent communication. With it on by default, new multi-agent setups work out of the box without manually enabling inter-agent messaging. Existing setups are not affected.

Can I use Ollama embeddings for memory search on any hardware?

Yes. Ollama embeddings for memory search work on any machine that can run Ollama, including Raspberry Pi, Mac Mini, and standard Linux servers. This means long-term agent memory can stay fully local with zero API costs for the embedding step.

Build Your AI Agent Now

Design, test with real AI, and export a production-ready deploy package. Docker, Telegram, Discord & Slack bots included.

Open Agent Designer

Free to design. No credit card required.