OpenClaw v2026.3.31 unifies four background execution contexts under one SQLite ledger, solving an audit trail problem that anyone running ACP agents, subagents, cron jobs, and background CLI tasks in the same deployment had been working around with custom tooling.
The change lands in OpenClaw 2026.3.31, released March 31. Previously, those four execution contexts each maintained their own task bookkeeping. ACP runs, subagent spawns, cron-triggered automations, and background CLI processes all had separate state tracking, which meant no unified place to see what was running, no single recovery path for orphaned jobs, and no CLI surface to cancel a specific workflow without building it yourself. The JSON file that backed this (tasks/runs.json) was internal state — scripts that read it directly were depending on OpenClaw internals with no guarantee of stability.
The SQLite store replaces that. It also introduces openclaw flows list|show|cancel — the first linear task flow control surface in the CLI. The changelog describes the intent as turning background tasks into "a real shared background-run control plane instead of ACP-only bookkeeping."
This matters for anyone running OpenClaw at scale. The four-context split was a consequence of how the system grew rather than an architectural decision, and the practical result was that operators either built their own coordination layer or accepted blind spots in automation state.
The release also hardens security in ways that matter to multi-tenant and enterprise deployments. Plugin and skill installs now fail closed by default when the built-in dangerous-code scanner finds critical issues; an explicit --dangerously-force-unsafe-install flag overrides this. Node commands require explicit pairing approval in addition to device pairing, so device pairing alone no longer suffices to expose declared node commands. Node-originated runs are restricted to a safe tool allowlist: canvas, image, pdf, tts, web_fetch, and web_search. The gateway auth layer tightens too: trusted-proxy now rejects mixed shared-token configurations, and local-direct fallback requires the configured token rather than implicitly authenticating same-host callers.
The release notes list six breaking changes. The nodes.run shell wrapper is removed from the CLI. The Plugin SDK deprecates legacy provider compat subpaths and older bundled provider setup and channel-runtime compatibility shims. Scripts or plugins depending on those internals will break.
The openclaw flows command is the user-facing part. The SQLite ledger is what makes it possible, and its implications extend beyond the CLI: a shared control plane for background tasks means operators finally have a single source of truth for agent activity across all execution contexts. That is the kind of plumbing that does not get announced in release headlines but makes deployments substantially more maintainable.
