OpenClaw kills Chrome extension relay in biggest break yet

OpenClaw v2026.3.22 shipped March 23, 2026 with a sweeping set of breaking changes — and two packaging bugs that landed in production before anyone could run openclaw doctor --fix. The release is the most consequential infrastructure overhaul the platform has seen in recent memory: the plugin install path flips to ClawHub-first, the legacy Chrome extension relay is gone, the SDK surface is rewritten with no compatibility shim, and the sandbox layer now supports pluggable backends including a new OpenShell option.

The headline changes are real. Plugin authors should treat this as a migration deadline, not a suggestion.

ClawHub is now the default install source

Starting in v2026.3.22, bare openclaw plugins install prefers ClawHub before npm for npm-safe package names. npm is still in the resolution chain — it kicks in as a fallback when ClawHub doesn't have the package or version. But the default order has flipped, which means any internal or community plugin that wasn't indexed on ClawHub may silently resolve differently than before. Plugin authors who maintain install scripts should audit resolution behavior before users upgrade. The OpenClaw documentation covers the new flow.

Chrome extension relay is gone

The changelog removes the legacy Chrome extension relay path, bundled extension assets, driver: "extension", and browser.relayBindHost. This is a clean break from the original browser automation path that pre-dated the Chrome DevTools Protocol (CDP) integration. Users on host-local browser configs need to run openclaw doctor --fix, which migrates to the existing-session / user mode. Docker, headless, sandbox, and remote browser flows are unaffected — they already used raw CDP. The browser documentation covers the new path.

This is the one where "just run the doctor" is the right answer, but it's also the change most likely to silently break unattended deployments. If you have OpenClaw running as a service on a machine where someone also uses Chrome manually, this upgrade will flip the browser integration. Check your setup before you deploy.

Plugin SDK is rewritten — extension-api is gone, compat layer is deprecated

The most architecturally significant change: openclaw/extension-api is removed with no compatibility shim, and the old openclaw/plugin-sdk/compat re-export layer is deprecated (it still works at runtime, but will be removed in the next major release). Plugins that depend on the removed openclaw/extension-api surface or the message-discovery methods it exposed will break immediately on upgrade. The new public surface is openclaw/plugin-sdk/*, with each subpath being a small, self-contained module. Bundled plugins must now use injected runtime for host-side operations — for example api.runtime.agent.runEmbeddedPiAgent instead of importing runEmbeddedPiAgent directly from openclaw/extension-api.

The SDK migration guide maps every deprecated import to its modern equivalent. There's a full import path reference table. This is a genuine API rewrite, not a rename — the old surface had problems with slow startup (one import loaded dozens of unrelated modules), circular dependencies, and no clear distinction between stable and internal exports.

Community plugins still using extension-api or the removed message-discovery methods will break on next upgrade. Plugins built against the deprecated plugin-sdk/compat shim still run today but are on borrowed time — the migration window is now, not later.

Sandbox layer goes pluggable — OpenShell is the new option

The Docker-only sandbox assumption is gone. v2026.3.22 introduces pluggable sandbox backends with an OpenShell backend shipping at alpha quality — supporting mirror and remote workspace modes. SSH sandbox backend support is also added, with secret-backed key, certificate, and known_hosts inputs. This is infrastructure that matters for agent deployments where Docker isn't the right answer: edge devices, restricted CI environments, or cases where users want a lighter isolation layer than a full container.

Two bugs shipped in the release

The packaging side wasn't clean. Users installing or upgrading to v2026.3.22 via npm encounter a broken Control UI — the dist/control-ui/ directory is missing from the published tarball. The gateway serves a 503 with the message "Control UI assets not found." The issue is tracked as #52808 and independently reported as #52996. The workaround — downgrading to v2026.3.13 or manually copying dist/control-ui/ from a prior install — is not ideal for automated deployments. Notably, the pnpm ui:build workaround also fails since scripts/ui.js is absent from the npm package too.

Separately, WhatsApp, ACPX, and four other optional bundled plugins are absent from the npm package because the OPENCLAW_INCLUDE_OPTIONAL_BUNDLED environment variable was not set in the release workflow. This isn't a code problem — the plugins exist — but the release automation dropped them from the published artifact. As noted by contributors on GitHub, the fix is a workflow configuration change, not a code fix.

Both issues are live in the current release. The 503 on fresh installs is the more user-visible problem. Anyone automating OpenClaw deployment via npm install -g openclaw will hit it.

Other notable changes

Exa, Tavily, and Firecrawl join as bundled web-search plugins — no manual install required. Each has its own config namespace, so users can run multiple search providers in the same agent. Anthropic Vertex support is now native, routing Claude calls through Google Vertex AI with core GCP auth and discovery handled at the platform level. The default OpenAI model switches to openai/gpt-5.4, with Codex staying on openai-codex/gpt-5.4.

A new /btw command handles side questions without polluting session context — useful for long research or coding sessions where you want a sanity check without derailing the agent's working memory.

Legacy compatibility cleanup is complete: CLAWDBOT_ and MOLTBOT_ env vars are gone, .moltbot state directory auto-detection is removed. Any Docker configs or shell scripts still referencing those variables will silently break.

The bottom line

This is a cleanup release with a migration tax. The architectural direction is sound — a leaner SDK, a real plugin marketplace, and a sandbox abstraction that doesn't assume Docker. But the packaging bugs in v2026.3.22 are real friction on top of what was already a significant breaking-change load. Plugin authors who haven't migrated to the new SDK surface should treat this as the deadline. Users on automated npm-based deployments should hold until the Control UI fix is out, or budget time to run openclaw doctor --fix and work around the missing dist/control-ui.

The release notes and migration documentation are at github.com/openclaw/openclaw/releases/tag/v2026.3.22. The SDK migration guide is at docs.openclaw.ai/plugins/sdk-migration.