OpenClaw 2026.3.28 adds 9 MCP tools and Responses API support

• OpenClaw 2026.3.28 turns its channel layer into an MCP server surface with nine tools, including messages_send, messages_read, events_poll, and conversations_list, which collapses a lot of custom bridge code into normal MCP config Chomsky on the MCP shift.
• The release also moved the bundled xAI provider to the Responses API, added first-class x_search, and exposed that setup during onboarding OpenClaw on xAI support.
• Plugins can now pause a tool call and request approval through the exec overlay, Telegram buttons, Discord interactions, or /approve, a much cleaner human-in-the-loop path than ad hoc guardrails OpenClaw on plugin approvals.
• The bridge is still local stdio today, and OpenClaw's own MCP docs say the live event queue only exists while the MCP session stays connected, which keeps this release useful but not quite cloud-native yet Chomsky on what is still missing.

You can read the full release notes, skim the new MCP bridge docs, and the roadmap items Chomsky called out are already visible in merged work for SSE transport and MCP signing. There is also a same-day browser regression report, which is very on-brand for a release that touched a lot of plumbing.

The important change is architectural. OpenClaw used to be both the agent wrapper and the messaging transport. In 2026.3.28, openclaw mcp serve exposes the transport layer as a standard MCP server, so Claude Code, Codex, Cursor, or any other MCP client can talk to the same routed conversations directly Chomsky on separating the brain from transport.

The new docs page lists the nine tools:

1. conversations_list
2. conversation_get
3. messages_read
4. attachments_fetch
5. events_poll
6. events_wait
7. messages_send
8. permissions_list_open
9. permissions_respond

That surface is narrower than “all of OpenClaw as MCP,” but it is enough to list conversations, read transcripts, poll for live events, send replies back through the recorded route, and resolve approval requests.

The xAI update is smaller, but it matters because it lines OpenClaw up with the API shape other agent tooling is already moving toward. The release swaps the bundled xAI provider over to the Responses API, adds first-class x_search, and auto-enables the xAI plugin from owned web-search and tool config so Grok search flows work without extra plugin toggles in the common path.

According to the release notes, onboarding also gained optional x_search setup during openclaw onboard and openclaw configure --section web, including a model picker that reuses the same xAI key.

The security feature in this release is requireApproval on before_tool_call hooks. A plugin can now stop a tool invocation, ask the user for permission, and continue only after an allow or deny response comes back.

The release notes say those approval prompts can flow through the exec approval overlay, Telegram buttons, Discord interactions, or the /approve command on any channel. The MCP bridge docs add two matching tools, permissions_list_open and permissions_respond, so approval state is part of the MCP surface too.

The first version of the bridge is still a stdio process owned by the client. OpenClaw's docs are explicit about the boundary: the live queue starts when the bridge connects, older history has to be read with messages_read, and approval state is only tracked in memory for the current bridge session.

That is why Chomsky singled out PR #50396, which adds HTTP/SSE transport for remote MCP servers, and PR #49182, which adds optional cryptographic signing for MCP messages. Same day, users also opened a browser regression issue reporting unknown method: browser.request after upgrading to 2026.3.28. Even with that rough edge, the release already looks like a pivot from OpenClaw-as-wrapper to OpenClaw-as-transport.