OpenClaw 2026.3.8: Gateway Restart Fixes, Backup Commands, and Platform Hardening

OpenClaw 2026.3.8 dropped today. It's a chunky release — new backup commands, gateway restart hardening, Podman/SELinux support, and over two dozen fixes across every platform. No breaking changes.

New: local backup and restore

The headline addition is openclaw backup create and openclaw backup verify — local state archives with --only-config and --no-include-workspace flags. Before 3.8, backing up your OpenClaw config meant manually copying files. Now there's a proper CLI for it.

Other new features include configurable Talk mode silence timeout (talk.silenceTimeoutMs), Brave web search LLM context mode (tools.web.search.brave.mode: "llm-context"), and ACP provenance metadata for multi-agent tracing.

Gateway restart hardening

The fixes that matter most for server operators are three gateway reliability improvements:

• Restart timeout recovery. When a restart-triggered shutdown drains too long, the gateway now exits non-zero so launchd/systemd actually restarts it instead of treating the failed restart as a clean stop.
• Config restart guard. Validates config before service start/restart and prevents post-SIGUSR1 startup failures from crashing the gateway process. Reduces invalid-config restart loops.
• Launchd respawn detection. Treats XPC_SERVICE_NAME as a launchd supervision hint so macOS restarts exit cleanly under launchd instead of attempting detached self-respawn.

These three fixes together mean gateway restarts are significantly more reliable across both Linux (systemd) and macOS (launchd).

Platform-specific fixes

• macOS launchd restart recovery. If something disabled the OpenClaw LaunchAgent service, the restart flow now re-enables it instead of failing silently. Previously you'd need to manually launchctl enable the service.

• Android Play permissions cleanup. Removed self-update, background-location, screen.record, and background mic permissions that were flagged in Play Store reviews. None of these were actually used by OpenClaw.

• browser.relayBindHost for WSL2. The Chrome relay can now bind to a non-loopback address, which fixes browser tool access from WSL2 environments. Set browser.relayBindHost in your config if you need this.

• Podman/SELinux auto-detect. Container setups on SELinux hosts now automatically add the :Z volume relabel flag. No more manual --security-opt workarounds.

• TUI light terminal detection. The text UI now reads COLORFGBG to detect light terminals and adjusts colors accordingly. Override with OPENCLAW_THEME=dark or OPENCLAW_THEME=light if it guesses wrong.

• Telegram DM deduplication. Duplicate messages per agent in Telegram DMs are now filtered.

Why ClawCloud users benefit automatically

The gateway restart bugs are the kind of thing that burns hours on self-hosted setups. Your gateway crashes overnight, systemd tries to restart it, but the shutdown drain times out and systemd thinks it stopped cleanly. You wake up to a dead bot with no obvious cause. The self-hosting pain points are real, and 3.8 closes several of them.

ClawCloud instances get 3.8 via auto-updates — no action needed on your end. The gateway restart hardening means fewer silent failures overnight, and the config restart guard prevents bad config edits from taking down the whole service.

If you're running OpenClaw on your own VPS, update to 3.8 now. The gateway restart fixes alone are worth it.

For the full release notes, see the OpenClaw 2026.3.8 release on GitHub. To check your current version, run openclaw --version in your terminal. For getting started on ClawCloud with auto-updates built in, see the 101 guide.