Remote OpenClaw

Remote OpenClaw Blog

OpenClaw 3.28 Update: Qwen Model Studio Migration, x_search, Plugin Approvals, and apply_patch [2026]

By ·4 min read
Published: ·Last Updated:

What should operators know about OpenClaw 3.28 Update: Qwen Model Studio Migration, x_search, Plugin Approvals, and apply_patch [2026]?

Answer: OpenClaw v2026.3.28 is the kind of release that looks like a feature bundle until you notice how many operator workflows it quietly changes. The obvious items are the Qwen migration, xAI x_search , and new plugin approval hooks. The deeper story is that OpenClaw is standardizing around clearer auth, tighter approval surfaces, and a more capable built-in coding.

Updated: · Author: Zac Frulloni

OpenClaw v2026.3.28 removes old Qwen portal auth, adds x_search, plugin approval hooks, and enables apply_patch by default for OpenAI and Codex.

Marketplace

Free skills and AI personas for OpenClaw — deploy a pre-built agent in 15 minutes.

Browse the Marketplace →

Join the Community

Join 1k+ OpenClaw operators sharing deployment guides, security configs, and workflow automations.

Join the Community →

OpenClaw v2026.3.28 is the kind of release that looks like a feature bundle until you notice how many operator workflows it quietly changes. The obvious items are the Qwen migration, xAI x_search, and new plugin approval hooks. The deeper story is that OpenClaw is standardizing around clearer auth, tighter approval surfaces, and a more capable built-in coding loop.

If you use Qwen, Grok, or Codex-style editing workflows, 3.28 is one of the most important March updates to understand.

What Changed in OpenClaw 3.28?

The 3.28 release combines one breaking provider migration with several high-leverage operator features:

  • deprecated Qwen portal OAuth was removed,
  • xAI moved to the Responses API and gained first-class x_search,
  • plugins can now request approval before tool execution,
  • apply_patch is enabled by default for OpenAI and Codex models,
  • very old config migrations stop auto-healing forever.

That mix affects setup, retrieval, and day-to-day development loops all at once.

Why Does the Qwen Model Studio Migration Matter?

OpenClaw 3.28 removes the deprecated qwen-portal-auth OAuth flow for portal.qwen.ai. The supported path now is Model Studio API-key auth. That means operators using the older portal-based setup cannot keep punting the migration.

The practical command the release notes give is:

openclaw onboard --auth-choice modelstudio-api-key

This is important for two reasons. First, it makes Qwen support less dependent on a brittle legacy auth surface. Second, it aligns OpenClaw with the provider path Qwen itself is clearly prioritizing going forward.

If you have an old config that has been quietly surviving on automatic rewrite behavior, 3.28 is a wake-up call. OpenClaw doctor is intentionally less willing to rescue ancient config keys forever. That is good for cleanliness, but it means you need to clean up your stack proactively.

Use the dedicated migration guide if you want the step-by-step flow.

Marketplace

4 AI personas and 7 free skills — browse the marketplace.

Browse Marketplace →

What Is x_search and How Is It Different?

The bundled xAI provider now uses the Responses API and adds first-class x_search. The important shift is that OpenClaw is not treating Grok-style search as a custom workaround anymore. It is wiring it into the provider path properly and auto-enabling the bundled xAI plugin when owned web search and tool config require it.

For operators, that means fewer hidden toggles and less glue logic around search. If you want Grok-backed search, 3.28 makes the setup much more coherent.

This also matters for cost and simplicity. When search lives naturally in the provider path, you can reason about retrieval and model behavior together instead of juggling separate search systems with overlapping permissions.

How Do the New Plugin Approval Hooks Work?

Before 3.28, approvals were mostly associated with exec. In 3.28, plugins gain an async requireApproval path inside before_tool_call hooks. That means a plugin can pause tool execution and force explicit user approval through the right surface: exec approval overlay, Telegram buttons, Discord interactions, or the shared /approve command.

This is a substantial change because it moves approvals closer to the real trust boundary. Instead of assuming every plugin tool call is equivalent, OpenClaw can now stop the risky ones before they run.

It also means the /approve command is more important than before. It is not just for exec now; it is becoming a shared control plane for multiple approval types.

Why Does apply_patch by Default Matter?

3.28 enables apply_patch by default for OpenAI and OpenAI Codex models and aligns the access model with write permissions. For people using OpenClaw as a coding agent, that is a real workflow improvement.

In practice, it means the model can use the patch-based edit path without the old setup friction. That tends to make edits cleaner, narrower, and easier to reason about than raw text replacement. If you use OpenClaw with Codex-style development loops, this is one of the most immediately noticeable improvements in the release.

The bigger takeaway is that OpenClaw is getting more comfortable as a real coding harness, not just a messaging-first assistant.

How Should You Upgrade to 3.28?

Upgrade with extra care if you use Qwen or long-lived legacy config.

cd ~/openclaw
docker compose pull
docker compose up -d

Then do these checks:

  1. migrate Qwen auth to Model Studio if you still depend on the old portal flow,
  2. run openclaw doctor and fix any legacy keys instead of hoping they auto-rewrite,
  3. test a plugin flow that should require approval,
  4. test a Codex or OpenAI editing session that uses apply_patch.

3.28 is one of those releases where “it starts” is not enough validation. You want to know that the new trust and provider behavior is actually doing what you think.