OpenClaw tests plugin SDK refactor before a major release

• OpenClaw is pushing users onto the dev channel for a pre-release shakeout: maintainer onusoz asked testers to run openclaw update --channel dev, restart, and exercise their normal workflows because a “huge openclaw release” is targeted for tonight, though “no promises” testing request.
• The biggest known compatibility risk is plugins: onusoz said the “plugin SDK is being refactored,” warned that plugins “will have to be refactored,” and asked testers to report only native regressions for now SDK refactor thread repeat.
• Release-readiness work is also happening in CI: steipete said OpenClaw’s test harness now runs in “around 2 minutes,” down from “closer to 10 mins” earlier this week harness speed.
• Plugin capabilities are already expanding faster than the safety story: a recent Lossless Claw demo showed layered summaries backed by SQLite, cross-session search, Telegram-topic organization, and live Chrome control, while a parallel Hacker News thread argued that least-privilege permissions and account isolation are still the critical deployment boundary LCM demo HN security thread.

The immediate change is a release candidate pushed through OpenClaw’s dev channel, with users explicitly asked to update in place and, if needed, fall back to cloning and rebuilding from the main branch. According to onusoz’s testing request, the goal is to “break as little as possible” before a large release lands tonight.

The concrete breaking change is the plugin layer. Onusoz said the plugin SDK is being refactored and that plugins “will have to be refactored to use the new SDK,” which narrows the current testing target to core product behavior rather than third-party extensions SDK refactor. That matters because plugin compatibility is no longer incidental here; it is the one class of breakage the maintainer is pre-declaring.

The clearest operational signal is faster validation. Steipete said the test harness now finishes in “around 2 minutes,” versus “closer to 10 mins” earlier in the week harness speed. For a project about to ship a broad SDK refactor, that kind of turnaround changes how many regressions can be caught before release and how often maintainers can iterate on fixes.

At the same time, the plugin surface is getting more ambitious. RayFernando’s LCM demo walks through the Lossless Claw plugin, which replaces flat compaction with “a layered summary system built on a DAG,” keeps raw messages in SQLite, and lets the agent “drill into any compacted section” instead of losing detail. The same demo shows Telegram-topic organization, cross-session search, and OpenClaw’s Chrome integration with live browser control demo video. That is useful context for the SDK refactor: plugins are not cosmetic add-ons anymore; they are where memory, retrieval, and browser automation are increasingly being implemented.

A broader plugin and tool ecosystem raises the stakes on permission design. In the Hacker News discussion summarized in the security thread, commenters argued for “least-privilege tool access,” account isolation, and scanning for injection patterns before content enters the context window. One cited concern was that “each tool has per-function permissions” that should be revocable rather than granted wholesale least-privilege comment.

Those concerns line up directly with this release’s fault line. If the SDK refactor changes how plugins integrate, then the practical question is not just whether old plugins still load, but whether memory plugins, browser control, and other agent actions keep the right boundaries as the interface shifts. The current maintainer request is scoped to native breakage testing request, but the surrounding discussion shows why SDK changes will be judged on permission boundaries as much as on feature velocity security concerns.