Augmi logoAugmi
Back to Blog
AI

OpenClaw's ContextEngine just changed how AI agents remember everything

OpenClaw v2026.3.7 introduces the ContextEngine plugin interface with 7 lifecycle hooks, the lossless-claw plugin that never forgets (74.8 vs 70.3 on OOLONG), and patches the ClawJacked vulnerability. Here's what it means for builders.

Augmi Team|
openclawai-agentscontextenginelossless-clawmemorypluginssecurityaugmi
OpenClaw's ContextEngine just changed how AI agents remember everything

OpenClaw’s ContextEngine just changed how AI agents remember everything

Developers waited six months for this. One comment on the GitHub issue – “been waiting for this interface for almost half a year” – racked up 100+ likes in seconds. That tells you how badly the community wanted pluggable context management in OpenClaw.

On March 8, OpenClaw v2026.3.7 shipped. 89 commits, 200+ bug fixes, a critical security patch, and at its center, the ContextEngine plugin interface that makes AI agent memory swappable.

If you run OpenClaw agents – especially on Augmi – you need to understand this update.

The problem: hardcoded memory, lossy by default

Before v2026.3.7, OpenClaw’s context management was hardcoded into core. Every agent used the same sliding-window compaction strategy: once the conversation got long enough, older messages were compressed and summarized. Information was lost. The longer a session ran, the more your agent forgot.

For agents handling complex multi-step tasks, maintaining channel conversations over days, or managing persistent workflows – lossy compression means dropped context and broken continuity. The agent forgets what you told it three hours ago. It loses the thread.

And if you wanted a different strategy? You had to fork the framework.

ContextEngine: 7 hooks that open up memory management

The ContextEngine is a slot-based plugin system covering the entire context management lifecycle. Seven hooks, each representing a stage where plugins can intercept and transform how your agent handles memory:

  • bootstrap – initialize storage and connections on startup
  • ingest – process incoming messages as they arrive
  • assemble – build the final prompt sent to the model
  • compact – compress older conversation history
  • afterTurn – post-conversation processing and cleanup
  • prepareSubagentSpawn – set up context for sub-agent creation
  • onSubagentEnded – handle context when a sub-agent completes

Without any ContextEngine plugin installed, OpenClaw falls back to LegacyContextEngine and behaves exactly like previous versions. Zero breaking changes. But with a plugin installed, you can completely replace how your agent thinks about conversation history.

lossless-claw: the plugin that proves the architecture

The first ContextEngine plugin shipped alongside the release, and it already has people rethinking agent memory.

lossless-claw, built by Martian Engineering, replaces the default sliding-window compaction with a DAG-based (directed acyclic graph) summarization system. The key difference: it never throws anything away. Every message is persisted in SQLite. Older chunks get summarized hierarchically, forming a graph of condensed knowledge the agent can traverse and expand on demand.

In practice:

  1. All messages are stored in SQLite, organized by conversation
  2. Older message chunks are summarized using your configured LLM
  3. Summaries form a DAG structure as they accumulate, creating layers of condensed context
  4. Each turn combines relevant summaries with recent raw messages
  5. Three retrieval tools – lcm_grep, lcm_describe, and lcm_expand – let the agent search and drill into compacted history

On the OOLONG benchmark, lossless-claw scored 74.8 compared to Claude Code’s 70.3 using the same model. The gap widens as context length increases. Josh Lehman, the PR author, ran it for a week on OpenClaw before publishing: “To say it works well would be an understatement.”

The tagline: “It feels like talking to an agent that never forgets. Because it doesn’t.”

For Augmi users, this matters because our agents run on Fly.io with persistent 1GB volumes at /data. lossless-claw’s SQLite storage maps directly onto that persistent volume – your agent’s memory survives restarts, redeployments, and infrastructure changes without extra configuration.

ClawJacked: the vulnerability that made this release urgent

This update patches a high-severity security vulnerability that every OpenClaw user needs to take seriously.

ClawJacked, disclosed by Oasis Security on February 26, works like this: a victim visits a malicious website. Hidden JavaScript opens a WebSocket connection to the local OpenClaw gateway. Browsers don’t block WebSocket connections to localhost. The script then brute-forces the gateway password at hundreds of attempts per second – and the gateway’s rate limiter exempted localhost connections entirely.

Once authenticated, the attacker silently registers as a trusted device. Full control: interact with the AI agent, dump configuration, read logs, steal API keys, execute arbitrary commands.

Over 40,000 vulnerable OpenClaw instances were found exposed on the public internet. Chinese government agencies issued official security alerts on March 8 and 10 – the first formal government warnings about an AI agent platform.

The fix shipped in v2026.2.25, and v2026.3.7 includes it. If you haven’t updated yet, this alone is reason enough.

250K stars and counting

OpenClaw surpassed React on GitHub on March 3, crossing 250,000 stars. Fastest-growing open-source project in history. Founder Peter Steinberger announced joining OpenAI while keeping OpenClaw as an independent foundation. Tencent, Alibaba, and Baidu all rushed to offer deployment options in China. About 1,000 people lined up at Tencent’s Shenzhen headquarters on a single day seeking free OpenClaw installations.

196 contributors. A framework that started as experimental software is now production infrastructure for always-on AI agents.

What this means for Augmi users

Augmi hosts OpenClaw agents as always-on Fly.io machines with persistent storage. Here’s what v2026.3.7 changes for you:

Install lossless-claw on your Augmi-hosted agent and its memory persists across restarts on your existing /data volume. No infrastructure changes needed.

Discord and Telegram connections now survive restarts without manual rebinding. This was a real pain point for always-on agents – it just works now.

GPT-5.4 and Gemini 3.1 Flash support with automatic fallback means your agent stays responsive even when one provider hits rate limits.

All Augmi-hosted agents running the latest image include the ClawJacked fix. If you’re self-hosting, update immediately.

We’re also thinking about what the ContextEngine plugin architecture means for a plugin marketplace on Augmi – one-click install of memory strategies and agent capabilities. The architecture supports it.

Update now

If you’re running OpenClaw agents on Augmi, your agents will pick up the latest version on next deployment. For self-hosted instances:

openclaw update
openclaw doctor
openclaw plugins install @martian-engineering/lossless-claw
openclaw gateway restart

One breaking change to watch: if you have both gateway.auth.token and gateway.auth.password configured, you must explicitly set gateway.auth.mode before upgrading.

The ContextEngine is where OpenClaw goes from “agent framework” to “agent operating system.” Pluggable memory was the missing piece. Now it’s here.

Deploy your first agent on Augmi and try it out.

0 views