Highlights

• Web search: web_search/web_fetch tools (Brave API) + first-time setup in onboarding/configure.
• Browser control: Chrome extension relay takeover mode + remote browser control via clawdbot browser serve.
• Plugins: channel plugins (gateway HTTP hooks) + Zalo plugin + onboarding install flow. (#854) — thanks @longmaba.
• Security: expanded clawdbot security audit (+ --fix), detect-secrets CI scan, and a SECURITY.md reporting policy.

Changes

Web Tools

• Tools: add web_search/web_fetch (Brave API), including helpful setup hints when the key is missing.
• Tools: enable web_fetch by default (unless explicitly disabled in config).
• CLI/Docs: add clawdbot configure --section web for storing Brave API keys and update onboarding tips.

Browser / Control UI

• Browser: add Chrome extension relay takeover mode (toolbar button) + clawdbot browser serve remote control + browser.controlToken.
• Browser: ship a built-in chrome profile for extension relay and start the relay automatically when running locally.
• Browser: default browser.defaultProfile to chrome (existing Chrome takeover mode).
• Browser: add clawdbot browser extension install/path and copy extension path to clipboard.
• Browser: add snapshot refs=aria (Playwright aria-ref ids) for self-resolving refs across snapshot → act.
• Browser: profile="chrome" now defaults to host control and returns clearer “attach a tab” errors.
• Browser: extension mode recovers when only one tab is attached (stale targetId fallback).
• Control UI: show raw any-map entries in config views; move Docs link into the left nav.

Plugins

• Plugins: add plugin HTTP hooks + loader updates to support channel plugins. (#854) — thanks @longmaba.
• Plugins: add onboarding plugin install flow. (#854) — thanks @longmaba.
• Channels: add Matrix plugin (external) with docs + onboarding hooks.
• Voice Call: add Plivo provider (no SDK dependency). (#846) — thanks @vrknetha.

Security

• Security: expand clawdbot security audit checks and publish a SECURITY.md reporting policy.
• Security: extend clawdbot security audit --fix to tighten more sensitive state paths.
• Security: add detect-secrets CI scan and baseline guidance. (#227) — thanks @Hyaxia.

Onboarding / Daemon

• Onboarding: add a security checkpoint prompt (docs link + sandboxing hint); require --accept-risk for --non-interactive.
• Daemon: support profile-aware service names for multi-gateway setups. (#671) — thanks @bjesuiter.

Auth / Usage / Config

• Usage: add MiniMax coding plan usage tracking.
• Auth: label Claude Code CLI auth options. (#915) — thanks @SeanZoR.
• Agents: add optional auth-profile copy prompt on agents add and improve auth error messaging.
• Auth: add dynamic template variables to messages.responsePrefix. (#928) — thanks @sebslight.
• Config: add channels..configWrites gating for channel-initiated config writes; migrate Slack channel IDs.

Channels

• Telegram: add message delete action in the message tool. (#903) — thanks @sleontenko.
• WhatsApp: add channels.whatsapp.sendReadReceipts to disable auto read receipts. (#882) — thanks @chrisrodz.

Docs

• Docs: clarify per-agent auth stores, sandboxed skill binaries, and elevated semantics.
• Docs: add FAQ entries for missing provider auth after adding agents and Gemini thinking signature errors.
• Docs: expand gateway security hardening guidance and incident response checklist.
• Docs: document DM history limits for channel DMs. (#883) — thanks @pkrmf.
• Docs: standardize Claude Code CLI naming across docs and prompts. (follow-up to #915)
• Docs: add per-command CLI doc pages and link them from clawdbot --help.
• Docs: add multi-gateway guide (sidebar + nav).

Fixes

Gateway / Daemon / Sessions

• Gateway: forward termination signals to respawned CLI child processes to avoid orphaned systemd runs. (#933) — thanks @roshanasingh4.
• Gateway/UI: ship session defaults in the hello snapshot so the Control UI canonicalizes main session keys (no bare main alias).
• Agents: skip thinking/final tag stripping inside Markdown code spans. (#939) — thanks @ngutman.
• Browser: add tests for snapshot labels/efficient query params and labeled image responses.
• Browser: persist role snapshot refs per CDP target so snapshot → act clicks work even if Playwright returns a different Page instance.
• macOS: ensure launchd log directory exists with a test-only override. (#909) — thanks @roshanasingh4.
• macOS: format ConnectionsStore config to satisfy SwiftFormat lint. (#852) — thanks @mneves75.
• Packaging: run pnpm build on prepack so npm publishes include fresh dist/ output.
• Telegram: register dock native commands with underscores to avoid BOT_COMMAND_INVALID (#929, fixes #901) — thanks @grp06.
• Google: downgrade unsigned thinking blocks before send to avoid missing signature errors.
• Agents: make user time zone and 24-hour time explicit in the system prompt. (#859) — thanks @CashWilliams.
• Agents: strip downgraded tool call text without eating adjacent replies and filter thinking-tag leaks. (#905) — thanks @erikpr1994.
• Agents: cap tool call IDs for OpenAI/OpenRouter to avoid request rejections. (#875) — thanks @j1philli.
• Doctor: avoid re-adding WhatsApp config when only legacy ack reactions are set. (#927, fixes #900) — thanks @grp06.
• Agents: scrub tuple items schemas for Gemini tool calls. (#926, fixes #746) — thanks @grp06.
• Agents: stabilize sub-agent announce status from runtime outcomes and normalize Result/Notes. (#835) — thanks @roshanasingh4.
• Apps: use canonical main session keys from gateway defaults across macOS/iOS/Android to avoid creating bare main sessions.
• Embedded runner: suppress raw API error payloads from replies. (#924) — thanks @grp06.
• Auth: normalize Claude Code CLI profile mode to oauth and auto-migrate config. (#855) — thanks @sebslight.
• Daemon: clear persisted launchd disabled state before bootstrap (fixes daemon install after uninstall). (#849) — thanks @ndraiman.
• Sessions: return deep clones (structuredClone) so cached session entries can't be mutated. (#934) — thanks @ronak-guliani.
• Heartbeat: keep updatedAt monotonic when restoring heartbeat sessions. (#934) — thanks @ronak-guliani.
• Agent: clear run context after CLI runs (clearAgentRunContext) to avoid runaway contexts. (#934) — thanks @ronak-guliani.
• Gateway/Dev: ensure pnpm gateway:dev always uses the dev profile config + state (~/.clawdbot-dev).

CLI / Onboarding

• Onboarding: show web search setup at the end (not the beginning).
• Onboarding: show daemon install/restart progress (avoid “blinking cursor”) and fix daemon install output formatting.
• Health: colorize “not configured” provider lines for easier scanning.

Control UI / TUI

• Control UI: load cron run history on job selection and clarify empty-state messaging. (#866)
• UI: use application-defined WebSocket close code and fix dashboard auth query items. (#918) — thanks @rahthakor.
• UI: always apply ?token= from URL (fixes unauthorized after re-onboard).
• Browser: add tests for snapshot labels/efficient query params and labeled image responses.
• TUI: render picker overlays via the overlay stack so /models and /settings display. (#921) — thanks @grizzdank.
• TUI: add a bright spinner + elapsed time in the status line for send/stream/run states.
• TUI: show LLM error messages (rate limits, auth, etc.) instead of (no output).

Agents / Auth / Tools / Sandbox

• Agents: make user time zone and 24-hour time explicit in the system prompt. (#859) — thanks @CashWilliams.
• Agents: strip downgraded tool call text without eating adjacent replies and filter thinking-tag leaks. (#905) — thanks @erikpr1994.
• Agents: cap tool call IDs for OpenAI/OpenRouter to avoid request rejections. (#875) — thanks @j1philli.
• Agents: scrub tuple items schemas for Gemini tool calls. (#926, fixes #746) — thanks @grp06.
• Agents: stabilize sub-agent announce status from runtime outcomes and normalize Result/Notes. (#835) — thanks @roshanasingh4.
• Auth: normalize Claude Code CLI profile mode to oauth and auto-migrate config. (#855) — thanks @sebslight.
• Embedded runner: suppress raw API error payloads from replies. (#924) — thanks @grp06.
• Logging: tolerate EIO from console writes to avoid gateway crashes. (#925, fixes #878) — thanks @grp06.
• Sandbox: restore docker.binds config validation and preserve configured PATH for docker exec. (#873) — thanks @akonyer.
• Google: downgrade unsigned thinking blocks before send to avoid missing signature errors.

macOS / Apps

• macOS: ensure launchd log directory exists with a test-only override. (#909) — thanks @roshanasingh4.
• macOS: format ConnectionsStore config to satisfy SwiftFormat lint. (#852) — thanks @mneves75.
• macOS: pass auth token/password to dashboard URL for authenticated access. (#918) — thanks @rahthakor.
• macOS: reuse launchd gateway auth and skip wizard when gateway config already exists. (#917)
• Apps: use canonical main session keys from gateway defaults across macOS/iOS/Android to avoid creating bare main sessions.
• macOS: fix cron preview/testing payload to use channel key. (#867) — thanks @wes-davis.
• macOS: update cron testing channel arg. (#896) — thanks @ngutman.

Channels / Messaging

• Slack: isolate thread history and avoid inheriting channel transcripts for new threads by default. (#758)
• Slack: respect channels.slack.requireMention default when resolving channel mention gating. (#850) — thanks @evalexpr.
• Slack: drop Socket Mode events with mismatched api_app_id/team_id. (#889) — thanks @roshanasingh4.
• Commands: add native command argument menus across Discord/Slack/Telegram. (#936) — thanks @thewilloftheshadow.
• Discord: isolate autoThread thread context. (#856) — thanks @davidguttman.
• Telegram: honor channels.telegram.timeoutSeconds for grammY API requests. (#863) — thanks @Snaver.
• Telegram: aggregate split inbound messages into one prompt (reduces “one reply per fragment”).
• Telegram: let control commands bypass per-chat sequentialization; always allow abort triggers.
• Telegram: split long captions into media + follow-up text messages. (#907) — thanks @jalehman.
• Telegram: migrate group config when supergroups change chat IDs. (#906) — thanks @sleontenko.
• Telegram: register dock native commands with underscores to avoid BOT_COMMAND_INVALID (#929, fixes #901) — thanks @grp06.
• Messaging: unify markdown formatting + format-first chunking for Slack/Telegram/Signal. (#920) — thanks @TheSethRose.
• iMessage: prefer handle routing for direct-message replies; include imsg RPC error details. (#935)
• WhatsApp: fix context isolation using wrong ID (was bot's number, now conversation ID). (#911) — thanks @tristanmanchester.
• WhatsApp: normalize user JIDs with device suffix for allowlist checks in groups. (#838) — thanks @peschee.
• WhatsApp: harden owner command auth.
• Auto-reply: treat trailing NO_REPLY tokens as silent replies.

Config / Doctor / Packaging

• Config: prevent partial config writes from clobbering unrelated settings (base hash guard + merge patch for connection saves).
• Config/Doctor: remove legacy Clawdis env fallbacks and config/service migrations (Clawdbot-only).
• Doctor: avoid re-adding WhatsApp config when only legacy ack reactions are set. (#927, fixes #900) — thanks @grp06.
• Packaging: run pnpm build on prepack so npm publishes include fresh dist/ output.

View full changelog

Fixes

• Packaging: include dist/memory/** in the npm tarball (fixes ERR_MODULE_NOT_FOUND for dist/memory/index.js).

View full changelog

Fixes

• CLI: avoid top-level await warnings in the entrypoint on fresh installs.
• CLI: show a commit hash in the banner for npm installs (package.json gitHead fallback).

View full changelog