OpenClaw 3.31 Update: Background Tasks, QQ Bot, Native Codex Search, and Safer Installs [2026]

OpenClaw v2026.3.31 is one of the most operationally important releases in the recent run. A lot of people will focus on the visible features like QQ Bot and native Codex web search, but the real story is the background task control plane. Detached work in OpenClaw is no longer treated like thin bookkeeping around ACP. It is now moving toward a first-class system with its own ledger, flows, recovery, and visibility.

If you run OpenClaw heavily, 3.31 is less about “new toys” and more about “the platform is maturing.”

Why Is OpenClaw 3.31 a Big Deal?

The release combines three themes that usually matter together in production:

• Detached work became more real. Tasks now live in a shared SQLite-backed ledger across ACP, subagents, cron, and background CLI execution.
• The surface area grew. QQ Bot landed as a bundled channel, and Pi/Codex runs gained native web search.
• The default trust model got tougher. Install scanning, auth behavior, node commands, and plugin compatibility all moved in a more defensive direction.

That mix makes 3.31 a release you should read before you upgrade. It is feature-rich, but it also changes expectations about how background work and trust boundaries behave.

What Changed for Background Tasks and Flows?

The changelog says it directly: background tasks are now a “real shared background-run control plane.” In practice, that means OpenClaw is unifying ACP, subagent, cron, and CLI background execution under one SQLite-backed ledger rather than letting each path feel like a separate universe.

Why that matters:

• task lifecycle updates can be routed through a shared executor seam,
• audit and status visibility improve,
• lost-run recovery and cleanup stop being afterthoughts,
• operators get a cleaner mental model for detached work.

3.31 also adds the first linear task-flow control surface with:

openclaw flows list
openclaw flows show
openclaw flows cancel

That is important because the system is beginning to distinguish between one-off tasks and broader orchestrated work. If you have been using background work heavily, read our background tasks guide next.

What Does the New QQ Bot Plugin Do?

QQ Bot arrives in 3.31 as a bundled channel plugin with multi-account setup, SecretRef-aware credentials, slash commands, reminders, and media send/receive support. That makes it more than a novelty channel. It is OpenClaw extending further into messaging surfaces that matter outside the usual Slack/Discord/Telegram bubble.

The practical takeaway is that QQ support is now a first-party-ish bundled path instead of a scattered community add-on. If your audience or internal users live in the Tencent ecosystem, this release makes OpenClaw much more viable there.

I would treat QQ Bot as one of the more strategically important channel additions of the year, even if it is not relevant to every English-speaking operator.

How Does Native Codex Web Search Work?

OpenClaw 3.31 adds native Codex web search support for embedded Pi runs. The key detail in the release note is not only “web search exists.” It is that OpenClaw now recognizes when native Codex search is active and suppresses overlapping managed-tool behavior.

That matters because duplicate retrieval layers are messy. If Codex already has the search capability it needs, you do not want OpenClaw piling a second search path on top unless you explicitly mean to. Native support plus managed-tool suppression gives Pi/Codex a cleaner execution path.

The release also says config, docs, and wizard coverage were added. So this is not hidden functionality that only works if you hand-edit obscure config keys; it is meant to be part of the supported setup flow now.

For the step-by-step operator view, see the Codex web search guide.

Which Breaking Changes Matter Most?

There are several 3.31 breaking changes worth flagging before production rollout:

• Dangerous install findings fail closed by default. Skills or plugins that previously installed despite critical findings may now require an explicit override.
• Trusted-proxy auth is stricter. Mixed shared-token configurations are rejected, and local-direct fallback now requires the configured token.
• Node commands stay disabled until pairing is approved. Device pairing alone is not enough anymore.
• Legacy provider compat paths are on the deprecation path. Plugin authors need to stay on the documented openclaw/plugin-sdk/* entrypoints.

All of these changes push OpenClaw toward safer defaults. That is good long-term, but it means your “upgrade and hope” habit gets riskier.

What Changed for Approvals and Remote Exec?

3.31 keeps building out the approvals story. The standout addition is native Slack approval routing and approver authorization, which lets exec approval prompts stay in Slack instead of falling back to the Web UI or terminal. The release also improves WebChat guidance and tightens approval behavior across cron, Telegram topics, and durable allow-always trust.

The important operator lesson is that approvals are no longer a thin bolt-on. They are becoming a real cross-channel control surface. If you rely on remote exec, you should read the exec approvals guide before you relax your policy assumptions.

How Should You Upgrade to 3.31?

Upgrade carefully if you have custom plugins, strict auth config, or any workflows relying on older install-time behavior.

cd ~/openclaw
docker compose pull
docker compose up -d

Then validate the following in order:

1. background task flows show sane state,
2. plugin installs still behave the way you expect under fail-closed scanning,
3. node commands and remote approvals still route correctly,
4. any Pi/Codex search workflows use the intended search path.

If you are coming from earlier March builds, it is also worth reading the 3.28 update and the 4.1 update so you understand the recent approval, Qwen, and search changes together.