OpenClaw's 2026.3.28 update switched xAI integration to the Responses API and added plugin prompts that can request user permission during behavior. One user reported a /v1/models failure after upgrading with a missing operator.write scope, so teams should check auth changes before deploying.
/v1/models with a forbidden error for "missing scope: operator.write."The headline change is an xAI integration swap. OpenClaw's reposted maintainer note says 2026.3.28 now uses the Responses API, framing it as a long-requested update rather than a brand-new integration path. Separately, OpenClaw's security feature note says plugins can now request user approval "during the behavior," which narrows plugin access behind an explicit permission prompt instead of assuming the action should proceed.
A Reddit user reported a concrete regression immediately after upgrading: /v1/models started returning {'ok': False, 'error': {'type': 'forbidden', 'message': 'missing scope: operator.write'}}, and they said rolling back to 3.24 restored the prior behavior. That does not establish a general release-wide bug, but it does suggest 3.28 may change auth or scope expectations in some setups; the only corroborating community reply was a blunt warning not to touch "a perfectly working setup" without expecting fallout thread discussion.
I worked on the xAI update in @openclaw 2026.3.28 to use the Responses API which users have been asking for since an issue in the 6000s (at 50k+ now). Honestly though I’m not perfectly happy with it yet. I’m working on improving the selection of when to use the built in X Show more
OpenClaw 2026.3.28 🦞 🛡️ Plugin approval hooks — any tool can pause for your OK ⚡ xAI Responses API + x_search 💬 ACP bind here: Discord/iMessage 🩹WhatsApp echo loop, Telegram splitting, Discord reconnect fixes Tokyo pre-ClawCon drop 🇯🇵github.com/openclaw/openc…
