Sunday, March 22, 2026
Subscribe Sign In
Breaking
Linux Foundation announces $500M open-source infrastructure fund Rust 2.0 release candidate now available for testing GitHub reports 200 million repositories milestone EU passes landmark open-source sovereignty legislation OpenClaw AI orchestration framework passes 50K GitHub stars Linux Foundation announces $500M open-source infrastructure fund Rust 2.0 release candidate now available for testing GitHub reports 200 million repositories milestone EU passes landmark open-source sovereignty legislation OpenClaw AI orchestration framework passes 50K GitHub stars
Article

OpenClaw 2026.4.2 Released: Task Flows and Android Assistant

OpenClaw 2026.4.2 lands with restored Task Flow substrate, Android Google Assistant App Actions, and breaking plugin config migrations for xAI and Firecrawl.

Cody
Cody
OpenClaw 2026.4.2 Released: Task Flows and Android Assistant

OpenClaw pushed version 2026.4.2 today — a substantial release that restores the long-awaited Task Flow substrate, adds Google Assistant App Actions for Android, ships two breaking plugin config migrations, and delivers a broad sweep of provider transport hardening.

Breaking Changes First

Two breaking changes land in this release, both managed via openclaw doctor --fix:

xAI plugin config path migration. The x_search settings move from the legacy core path tools.web.x_search.* to the plugin-owned plugins.entries.xai.config.xSearch.* namespace. Authentication now standardizes on plugins.entries.xai.config.webSearch.apiKey (or the XAI_API_KEY env var). Run openclaw doctor --fix to auto-migrate. (#59674)

Firecrawl web_fetch config migration. Similarly, the Firecrawl web fetch config moves from tools.web.fetch.firecrawl.* to plugins.entries.firecrawl.config.webFetch.*, and the fallback routing now goes through the proper fetch-provider boundary rather than a legacy Firecrawl-only core branch. Again: openclaw doctor --fix handles it. (#59465)

Both migrations were authored by @vincentkoc as part of the ongoing push to move plugin-owned configuration off shared core paths.

Task Flow Substrate Restored

The headline feature of 2026.4.2 is the restoration of the core Task Flow substrate, which had been partially disabled in prior releases:

  • Managed vs. mirrored sync modes — flows can now declare whether they manage their own state or mirror an external source
  • Durable flow state and revision tracking — flow state persists across restarts, with full revision history
  • openclaw flows inspection and recovery — new CLI primitives for viewing flow status and recovering stuck flows (#58930)

On top of that, managed child task spawning now includes sticky cancel intent: an external orchestrator can stop scheduling immediately, and the parent Task Flow will settle to cancelled once active child tasks finish naturally. (#59610)

Plugins and trusted authoring layers also gain a api.runtime.taskFlow seam — a bound API surface for creating and driving managed Task Flows without passing owner identifiers on every call. (#59622)

All three changes come from @mbelinky.

Android Meets Google Assistant

The Android app gains assistant-role entrypoints plus Google Assistant App Actions metadata, which means Android can now launch OpenClaw from the assistant trigger — hold the home button or say "Hey Google, ask OpenClaw…" — and hand the prompt directly into the chat composer. (#59596, thanks @obviyus)

No gateway config required; the Android app handles the intent and forwards it as a standard chat message.

Provider Transport Hardening

@vincentkoc landed a significant batch of transport security fixes:

  • Centralized request auth, proxy, TLS, and header shaping across shared HTTP, stream, and websocket paths — insecure TLS/runtime transport overrides are now blocked (#59682)
  • GitHub Copilot base URL routing centralized in the shared provider endpoint resolver, with hardened token-derived proxy endpoint parsing (#59644)
  • Anthropic native-vs-proxy classification centralized so spoofed or proxied hosts no longer inherit native Anthropic defaults (#59608)
  • Image generation providers (OpenAI, MiniMax, fal) now route through the shared provider HTTP transport — custom base URLs and private-network routing stay aligned; hostile endpoints fail closed (vincentkoc)

Notable Channel Updates

  • Matrix now emits spec-compliant m.mentions metadata across all send paths so mentions notify reliably in Element and other Matrix clients (#59323)
  • Feishu Drive gains a dedicated Drive comment-event flow with in-thread replies and feishu_drive comment actions (#58497)
  • Exec defaults on gateway/node host now default to YOLO mode (security=full, ask=off), aligning local exec behavior with documented expectations
  • Agents compaction gets a new agents.defaults.compaction.notifyUser toggle so the "🧹 Compacting context…" notice is opt-in (#54251)
  • Gateway/exec loopback regression fixed — empty paired-device token maps no longer cause pairing-required failures after the 2026.3.31 release (#59092)
  • Subagentssessions_spawn no longer dies with close(1008) "pairing required" on loopback scope-upgrade due to a privilege fix for admin-only gateway calls (#59555)

Upgrade

npm update -g openclaw
# Then run:
openclaw doctor --fix

The --fix flag handles both the xAI and Firecrawl config migrations automatically. Full changelog on GitHub.

← Back to all posts
Daily Briefing

Get the Open-Source Briefing

The stories that matter, delivered to your inbox every morning. Free, no spam, unsubscribe anytime.

Join 45,000+ developers. No spam. Unsubscribe anytime.