Clawdbot

2026.1.21

Thu, 22 Jan 2026 12:22:35 +0000

Clawdbot 2026.1.21

Highlights

Lobster optional plugin tool for typed workflows + approval gates. https://docs.clawd.bot/tools/lobster
Custom assistant identity + avatars in the Control UI. https://docs.clawd.bot/cli/agents https://docs.clawd.bot/web/control-ui
Cache optimizations: cache-ttl pruning + defaults reduce token spend on cold requests. https://docs.clawd.bot/concepts/session-pruning
Exec approvals + elevated ask/full modes. https://docs.clawd.bot/tools/exec-approvals https://docs.clawd.bot/tools/elevated
Signal typing/read receipts + MSTeams attachments. https://docs.clawd.bot/channels/signal https://docs.clawd.bot/channels/msteams
/models UX refresh + clawdbot update wizard. https://docs.clawd.bot/cli/models https://docs.clawd.bot/cli/update

Changes

Highlight: Lobster optional plugin tool for typed workflows + approval gates. https://docs.clawd.bot/tools/lobster (#1152) Thanks @vignesh07.
Agents/UI: add identity avatar config support and Control UI avatar rendering. (#1329, #1424) Thanks @dlauer. https://docs.clawd.bot/gateway/configuration https://docs.clawd.bot/cli/agents
Control UI: add custom assistant identity support and per-session identity display. (#1420) Thanks @robbyczgw-cla. https://docs.clawd.bot/web/control-ui
CLI: add clawdbot update wizard with interactive channel selection + restart prompts, plus preflight checks before rebasing. https://docs.clawd.bot/cli/update
Models/Commands: add /models, improve /model listing UX, and expand clawdbot models paging. (#1398) Thanks @vignesh07. https://docs.clawd.bot/cli/models
CLI: move gateway service commands under clawdbot gateway, flatten node service commands under clawdbot node, and add gateway probe for reachability. https://docs.clawd.bot/cli/gateway https://docs.clawd.bot/cli/node
Exec: add elevated ask/full modes, tighten allowlist gating, and render approvals tables on write. https://docs.clawd.bot/tools/elevated https://docs.clawd.bot/tools/exec-approvals
Exec approvals: default to local host, add gateway/node targeting + target details, support wildcard agent allowlists, and tighten allowlist parsing/safe bins. https://docs.clawd.bot/cli/approvals https://docs.clawd.bot/tools/exec-approvals
Heartbeat: allow explicit session keys and active hours. (#1256) Thanks @zknicker. https://docs.clawd.bot/gateway/heartbeat
Sessions: add per-channel idle durations via sessions.channelIdleMinutes. (#1353) Thanks @cash-echo-bot.
Nodes: run exec-style, expose PATH in status/describe, and bootstrap PATH for node-host execution. https://docs.clawd.bot/cli/node
Cache: add cache.ttlPrune mode and auth-aware defaults for cache TTL behavior.
Queue: add per-channel debounce overrides for auto-reply. https://docs.clawd.bot/concepts/queue
Discord: add wildcard channel config support. (#1334) Thanks @pvoo. https://docs.clawd.bot/channels/discord
Signal: add typing indicators and DM read receipts via signal-cli. https://docs.clawd.bot/channels/signal
MSTeams: add file uploads, adaptive cards, and attachment handling improvements. (#1410) Thanks @Evizero. https://docs.clawd.bot/channels/msteams
Onboarding: remove the run setup-token auth option (paste setup-token or reuse CLI creds instead).
macOS: refresh Settings (location access in Permissions, connection mode in menu, remove CLI install UI).
Diagnostics: add cache trace config for debugging. (#1370) Thanks @parubets.
Docs: Lobster guides + org URL updates, /model allowlist troubleshooting, Gmail message search examples, gateway.mode troubleshooting, prompt injection guidance, npm prefix/node CLI notes, control UI dev gatewayUrl note, tool_use FAQ, showcase video, and sharp/node-gyp workaround. (#1427, #1220, #1405) Thanks @vignesh07, @mbelinky.

Breaking

BREAKING: Control UI now rejects insecure HTTP without device identity by default. Use HTTPS (Tailscale Serve) or set gateway.controlUi.allowInsecureAuth: true to allow token-only auth. https://docs.clawd.bot/web/control-ui#insecure-http
BREAKING: Envelope and system event timestamps now default to host-local time (was UTC) so agents don’t have to constantly convert.

Fixes

Streaming/Typing/Media: keep reply tags across streamed chunks, start typing indicators at run start, and accept MEDIA paths with spaces/tilde while preferring the message tool hint for image replies.
Agents/Providers: drop unsigned thinking blocks for Claude models (Google Antigravity) and enforce alphanumeric tool call ids for strict providers (Mistral/OpenRouter). (#1372) Thanks @zerone0x.
Exec approvals: treat main as the default agent, align node/gateway allowlist prechecks, validate resolved paths, avoid allowlist resolve races, and avoid null optional params. (#1417, #1414, #1425) Thanks @czekaj.
Exec/Windows: resolve Windows exec paths with extensions and handle safe-bin exe names.
Nodes/macOS: prompt on allowlist miss for node exec approvals, persist allowlist decisions, and flatten node invoke errors. (#1394) Thanks @ngutman.
Gateway: prevent multiple gateways from sharing the same config/state (singleton lock), keep auto bind loopback-first with explicit tailnet binding, and improve SSH auth handling. (#1380)
Control UI: remove the chat stop button, keep the composer aligned to the bottom edge, stabilize session previews, and refresh the debug panel on route-driven tab changes. (#1373) Thanks @yazinsai.
UI/config: export SECTION_META for config form modules. (#1418) Thanks @MaudeBot.
macOS: keep chat pinned during streaming replies, include Textual resources, respect wildcard exec approvals, allow SSH agent auth, and default distribution builds to universal binaries. (#1279, #1362, #1384, #1396) Thanks @ameno-, @JustYannicc.
BlueBubbles: resolve short message IDs safely, expose full IDs in templates, and harden short-id fetch wrappers. (#1369, #1387) Thanks @tyler6204.
Models/Configure: inherit session model overrides in threads/topics, map OpenCode Zen models to the correct APIs, narrow Anthropic OAuth allowlist handling, seed allowlist fallbacks, list the full catalog when no allowlist is set, and limit /model list output. (#1376, #1416)
Memory: prevent CLI hangs by deferring vector probes, add sqlite-vec/embedding timeouts, and make session memory indexing async.
Cron: cap reminder context history to 10 messages and honor contextMessages. (#1103) Thanks @mkbehr.
Cache: restore the 1h cache TTL option and reset the pruning window.
Zalo Personal: tolerate ANSI/log-prefixed JSON output from zca. (#1379) Thanks @ptn1411.
Browser: suppress Chrome restore prompts for managed profiles. (#1419) Thanks @jamesgroat.
Infra: preserve fetch helper methods/preconnect when wrapping abort signals and normalize Telegram fetch aborts.
Config/Doctor: avoid stack traces for invalid configs, log the config path, avoid WhatsApp config resurrection, and warn when gateway.mode is unset. (#900)
CLI: read Codex CLI account_id for workspace billing. (#1422) Thanks @aj47.
Logs/Status: align rolling log filenames with local time and report sandboxed runtime in clawdbot status. (#1343)
Embedded runner: persist injected history images so attachments aren’t reloaded each turn. (#1374) Thanks @Nicell.
Nodes/Subagents: include agent/node/gateway context in tool failure logs and ensure subagent list uses the command session.

View full changelog

2026.1.21

Wed, 21 Jan 2026 08:18:22 +0000

2026.1.15

Fri, 16 Jan 2026 10:31:53 +0000

Clawdbot 2026.1.15

Highlights

Plugins: add provider auth registry + clawdbot models auth login for plugin-driven OAuth/API key flows.
Browser: improve remote CDP/Browserless support (auth passthrough, wss upgrade, timeouts, clearer errors).
Heartbeat: per-agent configuration + 24h duplicate suppression. (#980) — thanks @voidserf.
Security: audit warns on weak model tiers; app nodes store auth tokens encrypted (Keychain/SecurePrefs).

Breaking

BREAKING: iOS minimum version is now 18.0 to support Textual markdown rendering in native chat. (#702)
BREAKING: Microsoft Teams is now a plugin; install @clawdbot/msteams via clawdbot plugins install @clawdbot/msteams.

Changes

CLI: set process titles to clawdbot- for clearer process listings.
CLI/macOS: sync remote SSH target/identity to config and let gateway status auto-infer SSH targets (ssh-config aware).
Heartbeat: tighten prompt guidance + suppress duplicate alerts for 24h. (#980) — thanks @voidserf.
Sessions/Security: add session.dmScope for multi-user DM isolation and audit warnings. (#948) — thanks @Alphonse-arianee.
Plugins: add provider auth registry + clawdbot models auth login for plugin-driven OAuth/API key flows.
Onboarding: switch channels setup to a single-select loop with per-channel actions and disabled hints in the picker.
TUI: show provider/model labels for the active session and default model.
Heartbeat: add per-agent heartbeat configuration and multi-agent docs example.
UI: show gateway auth guidance + doc link on unauthorized Control UI connections.
Security: warn on weak model tiers (Haiku, below GPT-5, below Claude 4.5) in clawdbot security audit.
Apps: store node auth tokens encrypted (Keychain/SecurePrefs).
Daemon: share profile/state-dir resolution across service helpers and honor CLAWDBOT_STATE_DIR for Windows task scripts.
Docs: clarify multi-gateway rescue bot guidance. (#969) — thanks @bjesuiter.
Agents: add Current Date & Time system prompt section with configurable time format (auto/12/24).
Tools: normalize Slack/Discord message timestamps with timestampMs/timestampUtc while keeping raw provider fields.
macOS: add system.which for prompt-free remote skill discovery (with gateway fallback to system.run).
Docs: add Date & Time guide and update prompt/timezone configuration docs.
Messages: debounce rapid inbound messages across channels with per-connector overrides. (#971) — thanks @juanpablodlc.
Messages: allow media-only sends (CLI/tool) and show Telegram voice recording status for voice notes. (#957) — thanks @rdev.
Auth/Status: keep auth profiles sticky per session (rotate on compaction/new), surface provider usage headers in /status and clawdbot models status, and update docs.
CLI: add --json output for clawdbot daemon lifecycle/install commands.
Memory: make node-llama-cpp an optional dependency (avoid Node 25 install failures) and improve local-embeddings fallback/errors.
Browser: add snapshot refs=aria (Playwright aria-ref ids) for self-resolving refs across snapshot → act.
Browser: profile="chrome" now defaults to host control and returns clearer “attach a tab” errors.
Browser: prefer stable Chrome for auto-detect, with Brave/Edge fallbacks and updated docs. (#983) — thanks @cpojer.
Browser: increase remote CDP reachability timeouts + add remoteCdpTimeoutMs/remoteCdpHandshakeTimeoutMs.
Browser: preserve auth/query tokens for remote CDP endpoints and pass Basic auth for CDP HTTP/WS. (#895) — thanks @mukhtharcm.
Telegram: add bidirectional reaction support with configurable notifications and agent guidance. (#964) — thanks @bohdanpodvirnyi.
Telegram: allow custom commands in the bot menu (merged with native; conflicts ignored). (#860) — thanks @nachoiacovino.
Discord: allow allowlisted guilds without channel lists to receive messages when groupPolicy="allowlist". — thanks @thewilloftheshadow.
Discord: allow emoji/sticker uploads + channel actions in config defaults. (#870) — thanks @JDIVE.

Fixes

Fix: list model picker entries as provider/model pairs for explicit selection. (#970) — thanks @mcinteerj.
Fix: align OpenAI image-gen defaults with DALL-E 3 standard quality and document output formats. (#880) — thanks @mkbehr.
Fix: persist gateway.mode=local after selecting Local run mode in clawdbot configure, even if no other sections are chosen.
Daemon: fix profile-aware service label resolution (env-driven) and add coverage for launchd/systemd/schtasks. (#969) — thanks @bjesuiter.
Agents: avoid false positives when logging unsupported Google tool schema keywords.
Agents: skip Gemini history downgrades for google-antigravity to preserve tool calls. (#894) — thanks @mukhtharcm.
Status: restore usage summary line for current provider when no OAuth profiles exist.
Fix: guard model fallback against undefined provider/model values. (#954) — thanks @roshanasingh4.
Fix: refactor session store updates, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.
Fix: clean up suspended CLI processes across backends. (#978) — thanks @Nachx639.
Fix: support MiniMax coding plan usage responses with model_remains/current_interval_* payloads.
Fix: suppress WhatsApp pairing replies for historical catch-up DMs on initial link. (#904)
Browser: extension mode recovers when only one tab is attached (stale targetId fallback).
Browser: fix tab not found for extension relay snapshots/actions when Playwright blocks newCDPSession (use the single available Page).
Browser: upgrade ws → wss when remote CDP uses https (fixes Browserless handshake).
Telegram: skip message_thread_id=1 for General topic sends while keeping typing indicators. (#848) — thanks @azade-c.
Fix: sanitize user-facing error text + strip tags across reply pipelines. (#975) — thanks @ThomsenDrake.
Fix: normalize pairing CLI aliases, allow extension channels, and harden Zalo webhook payload parsing. (#991) — thanks @longmaba.
Fix: allow local Tailscale Serve hostnames without treating tailnet clients as direct. (#885) — thanks @oswalpalash.
Fix: reset sessions after role-ordering conflicts to recover from consecutive user turns. (#998)

View full changelog