feat(kiloclaw): bump openclaw to version 2026.3.8 (#939)

pandemicsyn · web-flow · commit 56174c636c9b · 2026-03-10T10:52:37.000-05:00
## Summary

Bumps openclaw from `2026.3.2` to `2026.3.8` in `kiloclaw/Dockerfile`.

## Verification

- [x] Dockerfile updated with new openclaw version
- [x] Build tested locally (manual verification recommended before
merge)

## Visual Changes

N/A

## Reviewer Notes

The following changes in v2026.3.8 may be relevant to our deployment:

### Potentially impactful changes

**Docker image size reduction**
- Dev dependencies are pruned and build-only dist metadata is stripped
for smaller Docker images. This is a direct improvement for our image
build.

**Gateway restart behavior changes**
- Gateway now exits non-zero when restart-triggered shutdown drains time
out, so launchd/systemd will restart the gateway instead of treating a
failed restart as a clean stop. This changes container restart semantics
— ensure our Fly.io restart policy handles non-zero exits as expected.
- Gateway now validates config before service start/restart and keeps
post-SIGUSR1 startup failures from crashing the gateway process. This
reduces invalid-config restart loops. Our `start-openclaw.sh` config
setup should be reviewed to ensure it produces valid config before the
gateway starts.

**Config/secrets handling change**
- Secrets-runtime-resolved config and auth-profile snapshots are now
kept intact after config writes, so follow-up reads still see
file-backed secret values while picking up the persisted config update.
If `start-openclaw.sh` writes config at startup, verify that secret
resolution still works as expected.

**Security: system.run script binding**
- Approved `bun` and `deno run` script operands are now bound to on-disk
file snapshots so post-approval script rewrites are denied before
execution. This is a security hardening change — if any agent workflows
rely on modifying scripts between approval and execution, they will be
blocked.

**Browser/SSRF hardening**
- Private-network intermediate redirect hops are now blocked in strict
browser navigation flows. If any tools or integrations use browser
navigation through private network redirects, they may be affected.

**MS Teams authz change**
- `groupPolicy: "allowlist"` now enforces sender allowlists even when a
team/channel route allowlist is configured. If we have Teams
integrations with route allowlists, verify that the sender allowlist
behavior is still correct.
diff --git a/kiloclaw/Dockerfile b/kiloclaw/Dockerfile
@@ -42,7 +42,7 @@ RUN npm install -g pnpm
 
 # Install OpenClaw
 # Pin to specific version for reproducible builds
-RUN npm install -g openclaw@2026.3.2 \
+RUN npm install -g openclaw@2026.3.8 \
     && openclaw --version
 
 # Install ClawHub CLI
diff --git a/src/app/(app)/claw/components/changelog-data.ts b/src/app/(app)/claw/components/changelog-data.ts
@@ -10,6 +10,12 @@ export type ChangelogEntry = {
 
 // Newest entries first. Developers add new entries to the top of this array.
 export const CHANGELOG_ENTRIES: ChangelogEntry[] = [
+  {
+    date: '2026-03-10',
+    description: 'Updated OpenClaw to 2026.3.8.',
+    category: 'feature',
+    deployHint: 'redeploy_suggested',
+  },
   {
     date: '2026-03-09',
     description:
