let5see/clawdbot

Fork 0

Files

Peter Steinberger e0c19607b7 fix: allow MEDIA local paths with spaces

2026-01-22 07:51:09 +00:00

92 KiB

Raw Blame History

Changelog

Docs: https://docs.clawd.bot

2026.1.22

Changes

Highlight: Lobster optional plugin tool for typed workflows + approval gates. https://docs.clawd.bot/tools/lobster
Agents: add identity avatar config support and Control UI avatar rendering. (#1329, #1424) Thanks @dlauer.
Memory: prevent CLI hangs by deferring vector probes, adding sqlite-vec/embedding timeouts, and showing sync progress early.
Docs: add troubleshooting entry for gateway.mode blocking gateway start. https://docs.clawd.bot/gateway/troubleshooting
Docs: add /model allowlist troubleshooting note. (#1405)
Docs: add per-message Gmail search example for gog. (#1220) Thanks @mbelinky.
UI: show per-session assistant identity in the Control UI. (#1420) Thanks @robbyczgw-cla.
Onboarding: remove the run setup-token auth option (paste setup-token or reuse CLI creds instead).
Signal: add typing indicators and DM read receipts via signal-cli.
MSTeams: add file uploads, adaptive cards, and attachment handling improvements. (#1410) Thanks @Evizero.
CLI: add clawdbot update wizard for interactive channel selection and restart prompts. https://docs.clawd.bot/cli/update

Breaking

BREAKING: Envelope and system event timestamps now default to host-local time (was UTC) so agents don’t have to constantly convert.

Fixes

Media: accept MEDIA paths with spaces/tilde and prefer the message tool hint for image replies.
Config: avoid stack traces for invalid configs and log the config path.
CLI: read Codex CLI account_id for workspace billing. (#1422) Thanks @aj47.
Doctor: avoid recreating WhatsApp config when only legacy routing keys remain. (#900)
Doctor: warn when gateway.mode is unset with configure/config guidance.
OpenCode Zen: route models to the Zen API shape per family so proxy endpoints are used. (#1416)
Browser: suppress Chrome restore prompts for managed profiles. (#1419) Thanks @jamesgroat.
Logs: align rolling log filenames with local time and fall back to latest file when today's log is missing. (#1343)
Models: inherit session model overrides in thread/topic sessions (Telegram topics, Slack/Discord threads). (#1376)
macOS: keep local auto bind loopback-first; only use tailnet when bind=tailnet.
macOS: include Textual syntax highlighting resources in packaged app to prevent chat crashes. (#1362)
macOS: keep chat pinned to bottom during streaming replies. (#1279)
Cron: cap reminder context history to 10 messages and honor contextMessages. (#1103) Thanks @mkbehr.
Exec approvals: treat main as the default agent + migrate legacy default allowlists. (#1417) Thanks @czekaj.
Exec: avoid defaulting to elevated mode when elevated is not allowed.
Exec approvals: align node/gateway allowlist prechecks and approval gating; avoid null optional params in approval requests. (#1425) Thanks @czekaj.
UI: refresh debug panel on route-driven tab changes. (#1373) Thanks @yazinsai.

2026.1.21

Changes

Heartbeat: allow running heartbeats in an explicit session key. (#1256) Thanks @zknicker.
CLI: default exec approvals to the local host, add gateway/node targeting flags, and show target details in allowlist output.
CLI: exec approvals mutations render tables instead of raw JSON.
Exec approvals: support wildcard agent allowlists (*) across all agents.
Exec approvals: allowlist matches resolved binary paths only, add safe stdin-only bins, and tighten allowlist shell parsing.
Nodes: expose node PATH in status/describe and bootstrap PATH for node-host execution.
CLI: flatten node service commands under clawdbot node and remove service node docs.
CLI: move gateway service commands under clawdbot gateway and add gateway probe for reachability.
Sessions: add per-channel reset overrides via session.resetByChannel. (#1353) Thanks @cash-echo-bot.

Breaking

BREAKING: Control UI now rejects insecure HTTP without device identity by default. Use HTTPS (Tailscale Serve) or set gateway.controlUi.allowInsecureAuth: true to allow token-only auth. https://docs.clawd.bot/web/control-ui#insecure-http

Fixes

Nodes/macOS: prompt on allowlist miss for node exec approvals, persist allowlist decisions, and flatten node invoke errors. (#1394) Thanks @ngutman.
Gateway: keep auto bind loopback-first and add explicit tailnet binding to avoid Tailscale taking over local UI. (#1380)
Agents: enforce 9-char alphanumeric tool call ids for Mistral providers. (#1372) Thanks @zerone0x.
Embedded runner: persist injected history images so attachments aren’t reloaded each turn. (#1374) Thanks @Nicell.
Nodes tool: include agent/node/gateway context in tool failure logs to speed approval debugging.
macOS: exec approvals now respect wildcard agent allowlists (*).
macOS: allow SSH agent auth when no identity file is set. (#1384) Thanks @ameno-.
Gateway: prevent multiple gateways from sharing the same config/state at once (singleton lock).
UI: remove the chat stop button and keep the composer aligned to the bottom edge.
Typing: start instant typing indicators at run start so DMs and mentions show immediately.
Configure: restrict the model allowlist picker to OAuth-compatible Anthropic models and preselect Opus 4.5.
Configure: seed model fallbacks from the allowlist selection when multiple models are chosen.
Model picker: list the full catalog when no model allowlist is configured.
Discord: honor wildcard channel configs via shared match helpers. (#1334) Thanks @pvoo.
BlueBubbles: resolve short message IDs safely and expose full IDs in templates. (#1387) Thanks @tyler6204.
Infra: preserve fetch helper methods when wrapping abort signals. (#1387)
macOS: default distribution packaging to universal binaries. (#1396) Thanks @JustYannicc.

2026.1.20

Changes

Control UI: add copy-as-markdown with error feedback. (#1345) https://docs.clawd.bot/web/control-ui
Control UI: drop the legacy list view. (#1345) https://docs.clawd.bot/web/control-ui
TUI: add syntax highlighting for code blocks. (#1200) https://docs.clawd.bot/tui
TUI: session picker shows derived titles, fuzzy search, relative times, and last message preview. (#1271) https://docs.clawd.bot/tui
TUI: add a searchable model picker for quicker model selection. (#1198) https://docs.clawd.bot/tui
TUI: add input history (up/down) for submitted messages. (#1348) https://docs.clawd.bot/tui
ACP: add clawdbot acp for IDE integrations. https://docs.clawd.bot/cli/acp
ACP: add clawdbot acp client interactive harness for debugging. https://docs.clawd.bot/cli/acp
Skills: add download installs with OS-filtered options. https://docs.clawd.bot/tools/skills
Skills: add the local sherpa-onnx-tts skill. https://docs.clawd.bot/tools/skills
Memory: add hybrid BM25 + vector search (FTS5) with weighted merging and fallback. https://docs.clawd.bot/concepts/memory
Memory: add SQLite embedding cache to speed up reindexing and frequent updates. https://docs.clawd.bot/concepts/memory
Memory: add OpenAI batch indexing for embeddings when configured. https://docs.clawd.bot/concepts/memory
Memory: enable OpenAI batch indexing by default for OpenAI embeddings. https://docs.clawd.bot/concepts/memory
Memory: allow parallel OpenAI batch indexing jobs (default concurrency: 2). https://docs.clawd.bot/concepts/memory
Memory: render progress immediately, color batch statuses in verbose logs, and poll OpenAI batch status every 2s by default. https://docs.clawd.bot/concepts/memory
Memory: add --verbose logging for memory status + batch indexing details. https://docs.clawd.bot/concepts/memory
Memory: add native Gemini embeddings provider for memory search. (#1151) https://docs.clawd.bot/concepts/memory
Browser: allow config defaults for efficient snapshots in the tool/CLI. (#1336) https://docs.clawd.bot/tools/browser
Nostr: add the Nostr channel plugin with profile management + onboarding defaults. (#1323) https://docs.clawd.bot/channels/nostr
Matrix: migrate to matrix-bot-sdk with E2EE support, location handling, and group allowlist upgrades. (#1298) https://docs.clawd.bot/channels/matrix
Slack: add HTTP webhook mode via Bolt HTTP receiver. (#1143) https://docs.clawd.bot/channels/slack
Telegram: enrich forwarded-message context with normalized origin details + legacy fallback. (#1090) https://docs.clawd.bot/channels/telegram
Discord: fall back to /skill when native command limits are exceeded. (#1287)
Discord: expose /skill globally. (#1287)
Zalouser: add channel dock metadata, config schema, setup wiring, probe, and status issues. (#1219) https://docs.clawd.bot/plugins/zalouser
Plugins: require manifest-embedded config schemas with preflight validation warnings. (#1272) https://docs.clawd.bot/plugins/manifest
Plugins: move channel catalog metadata into plugin manifests. (#1290) https://docs.clawd.bot/plugins/manifest
Plugins: align Nextcloud Talk policy helpers with core patterns. (#1290) https://docs.clawd.bot/plugins/manifest
Plugins/UI: let channel plugin metadata drive UI labels/icons and cron channel options. (#1306) https://docs.clawd.bot/web/control-ui
Agents/UI: add agent avatar support in identity config, IDENTITY.md, and the Control UI. (#1329) https://docs.clawd.bot/gateway/configuration
Plugins: add plugin slots with a dedicated memory slot selector. https://docs.clawd.bot/plugins/agent-tools
Plugins: ship the bundled BlueBubbles channel plugin (disabled by default). https://docs.clawd.bot/channels/bluebubbles
Plugins: migrate bundled messaging extensions to the plugin SDK and resolve plugin-sdk imports in the loader.
Plugins: migrate the Zalo plugin to the shared plugin SDK runtime. https://docs.clawd.bot/channels/zalo
Plugins: migrate the Zalo Personal plugin to the shared plugin SDK runtime. https://docs.clawd.bot/plugins/zalouser
Plugins: allow optional agent tools with explicit allowlists and add the plugin tool authoring guide. https://docs.clawd.bot/plugins/agent-tools
Plugins: auto-enable bundled channel/provider plugins when configuration is present.
Plugins: sync plugin sources on channel switches and update npm-installed plugins during clawdbot update.
Plugins: share npm plugin update logic between clawdbot update and clawdbot plugins update.
Gateway/API: add /v1/responses (OpenResponses) with item-based input + semantic streaming events. (#1229)
Gateway/API: expand /v1/responses to support file/image inputs, tool_choice, usage, and output limits. (#1229)
Usage: add /usage cost summaries and macOS menu cost charts. https://docs.clawd.bot/reference/api-usage-costs
Security: warn when <=300B models run without sandboxing while web tools are enabled. https://docs.clawd.bot/cli/security
Exec: add host/security/ask routing for gateway + node exec. https://docs.clawd.bot/tools/exec
Exec: add /exec directive for per-session exec defaults (host/security/ask/node). https://docs.clawd.bot/tools/exec
Exec approvals: migrate approvals to ~/.clawdbot/exec-approvals.json with per-agent allowlists + skill auto-allow toggle, and add approvals UI + node exec lifecycle events. https://docs.clawd.bot/tools/exec-approvals
Nodes: add headless node host (clawdbot node start) for system.run/system.which. https://docs.clawd.bot/cli/node
Nodes: add node daemon service install/status/start/stop/restart. https://docs.clawd.bot/cli/node
Bridge: add skills.bins RPC to support node host auto-allow skill bins.
Sessions: add daily reset policy with per-type overrides and idle windows (default 4am local), preserving legacy idle-only configs. (#1146) https://docs.clawd.bot/concepts/session
Sessions: allow sessions_spawn to override thinking level for sub-agent runs. https://docs.clawd.bot/tools/subagents
Channels: unify thread/topic allowlist matching + command/mention gating helpers across core providers. https://docs.clawd.bot/concepts/groups
Models: add Qwen Portal OAuth provider support. (#1120) https://docs.clawd.bot/providers/qwen
Onboarding: add allowlist prompts and username-to-id resolution across core and extension channels. https://docs.clawd.bot/start/onboarding
Docs: clarify allowlist input types and onboarding behavior for messaging channels. https://docs.clawd.bot/start/onboarding
Docs: refresh Android node discovery docs for the Gateway WS service type. https://docs.clawd.bot/platforms/android
Docs: surface Amazon Bedrock in provider lists and clarify Bedrock auth env vars. (#1289) https://docs.clawd.bot/bedrock
Docs: clarify WhatsApp voice notes. https://docs.clawd.bot/channels/whatsapp
Docs: clarify Windows WSL portproxy LAN access notes. https://docs.clawd.bot/platforms/windows
Docs: refresh bird skill install metadata and usage notes. (#1302) https://docs.clawd.bot/tools/browser-login
Agents: add local docs path resolution and include docs/mirror/source/community pointers in the system prompt.
Agents: clarify node_modules read-only guidance in agent instructions.
Config: stamp last-touched metadata on write and warn if the config is newer than the running build.
macOS: hide usage section when usage is unavailable instead of showing provider errors.
Android: migrate node transport to the Gateway WebSocket protocol with TLS pinning support + gateway discovery naming.
Android: send structured payloads in node events/invokes and include user-agent metadata in gateway connects.
Android: remove legacy bridge transport code now that nodes use the gateway protocol.
Android: bump okhttp + dnsjava to satisfy lint dependency checks.
Build: update workspace + core/plugin deps.
Build: use tsgo for dev/watch builds by default (opt out with CLAWDBOT_TS_COMPILER=tsc).
Repo: remove the Peekaboo git submodule now that the SPM release is used.
macOS: switch PeekabooBridge integration to the tagged Swift Package Manager release.
macOS: stop syncing Peekaboo in postinstall.
Swabble: use the tagged Commander Swift package release.

Breaking

BREAKING: Reject invalid/unknown config entries and refuse to start the gateway for safety. Run clawdbot doctor --fix to repair, then update plugins (clawdbot plugins update) if you use any.

Fixes

Discovery: shorten Bonjour DNS-SD service type to _clawdbot-gw._tcp and update discovery clients/docs.
Diagnostics: export OTLP logs, correct queue depth tracking, and document message-flow telemetry.
Diagnostics: emit message-flow diagnostics across channels via shared dispatch. (#1244)
Diagnostics: gate heartbeat/webhook logging. (#1244)
Gateway: strip inbound envelope headers from chat history messages to keep clients clean.
Gateway: clarify unauthorized handshake responses with token/password mismatch guidance.
Gateway: allow mobile node client ids for iOS + Android handshake validation. (#1354)
Gateway: clarify connect/validation errors for gateway params. (#1347)
Gateway: preserve restart wake routing + thread replies across restarts. (#1337)
Gateway: reschedule per-agent heartbeats on config hot reload without restarting the runner.
Gateway: require authorized restarts for SIGUSR1 (restart/apply/update) so config gating can't be bypassed.
Cron: auto-deliver isolated agent output to explicit targets without tool calls. (#1285)
Agents: preserve subagent announce thread/topic routing + queued replies across channels. (#1241)
Agents: propagate accountId into embedded runs so sub-agent announce routing honors the originating account. (#1058)
Agents: avoid treating timeout errors with "aborted" messages as user aborts, so model fallback still runs. (#1137)
Agents: sanitize oversized image payloads before send and surface image-dimension errors.
Sessions: fall back to session labels when listing display names. (#1124)
Compaction: include tool failure summaries in safeguard compaction to prevent retry loops. (#1084)
Config: log invalid config issues once per run and keep invalid-config errors stackless.
Config: allow Perplexity as a web_search provider in config validation. (#1230)
Config: allow custom fields under skills.entries.<name>.config for skill credentials/config. (#1226)
Doctor: clarify plugin auto-enable hint text in the startup banner.
Doctor: canonicalize legacy session keys in session stores to prevent stale metadata. (#1169)
Docs: make docs:list fail fast with a clear error if the docs directory is missing.
Plugins: add Nextcloud Talk manifest for plugin config validation. (#1297)
Plugins: surface plugin load/register/config errors in gateway logs with plugin/source context.
CLI: preserve cron delivery settings when editing message payloads. (#1322)
CLI: keep clawdbot logs output resilient to broken pipes while preserving progress output.
CLI: avoid duplicating --profile/--dev flags when formatting commands.
CLI: centralize CLI command registration to keep fast-path routing and program wiring in sync. (#1207)
CLI: keep banners on routed commands, restore config guarding outside fast-path routing, and tighten fast-path flag parsing while skipping console capture for extra speed. (#1195)
CLI: skip runner rebuilds when dist is fresh. (#1231)
CLI: add WSL2/systemd unavailable hints in daemon status/doctor output.
Status: route native /status to the active agent so model selection reflects the correct profile. (#1301)
Status: show both usage windows with reset hints when usage data is available. (#1101)
UI: keep config form enums typed, preserve empty strings, protect sensitive defaults, and deepen config search. (#1315)
UI: preserve ordered list numbering in chat markdown. (#1341)
UI: allow Control UI to read gatewayUrl from URL params for remote WebSocket targets. (#1342)
UI: prevent double-scroll in Control UI chat by locking chat layout to the viewport. (#1283)
UI: enable shell mode for sync Windows spawns to avoid pnpm ui:build EINVAL. (#1212)
TUI: keep thinking blocks ordered before content during streaming and isolate per-run assembly. (#1202)
TUI: align custom editor initialization with the latest pi-tui API. (#1298)
TUI: show generic empty-state text for searchable pickers. (#1201)
TUI: highlight model search matches and stabilize search ordering.
Configure: hide OpenRouter auto routing model from the model picker. (#1182)
Memory: show total file counts + scan issues in clawdbot memory status.
Memory: fall back to non-batch embeddings after repeated batch failures.
Memory: apply OpenAI batch defaults even without explicit remote config.
Memory: index atomically so failed reindex preserves the previous memory database. (#1151)
Memory: avoid sqlite-vec unique constraint failures when reindexing duplicate chunk ids. (#1151)
Memory: retry transient 5xx errors (Cloudflare) during embedding indexing.
Memory: parallelize embedding indexing with rate-limit retries.
Memory: split overly long lines to keep embeddings under token limits.
Memory: skip empty chunks to avoid invalid embedding inputs.
Memory: split embedding batches to avoid OpenAI token limits during indexing.
Memory: probe sqlite-vec availability in clawdbot memory status.
Exec approvals: enforce allowlist when ask is off.
Exec approvals: prefer raw command for node approvals/events.
Tools: show exec elevated flag before the command and keep it outside markdown in tool summaries.
Tools: return a companion-app-required message when node exec is requested with no paired node.
Tools: return a companion-app-required message when system.run is requested without a supporting node.
Exec: default gateway/node exec security to allowlist when unset (sandbox stays deny).
Exec: prefer bash when fish is default shell, falling back to sh if bash is missing. (#1297)
Exec: merge login-shell PATH for host=gateway exec while keeping daemon PATH minimal. (#1304)
Streaming: emit assistant deltas for OpenAI-compatible SSE chunks. (#1147)
Discord: make resolve warnings avoid raw JSON payloads on rate limits.
Discord: process message handlers in parallel across sessions to avoid event queue blocking. (#1295)
Discord: stop reconnecting the gateway after aborts to prevent duplicate listeners.
Discord: only emit slow listener warnings after 30s.
Discord: inherit parent channel allowlists for thread slash commands and reactions. (#1123)
Telegram: honor pairing allowlists for native slash commands.
Telegram: preserve hidden text_link URLs by expanding entities in inbound text. (#1118)
Slack: resolve Bolt import interop for Bun + Node. (#1191)
Web search: infer Perplexity base URL from API key source (direct vs OpenRouter).
Web fetch: harden SSRF protection with shared hostname checks and redirect limits. (#1346)
Browser: register AI snapshot refs for act commands. (#1282)
Voice call: include request query in Twilio webhook verification when publicUrl is set. (#864)
Anthropic: default API prompt caching to 1h with configurable TTL override.
Anthropic: ignore TTL for OAuth.
Auth profiles: keep auto-pinned preference while allowing rotation on failover. (#1138)
Auth profiles: user pins stay locked. (#1138)
Model catalog: avoid caching import failures, log transient discovery errors, and keep partial results. (#1332)
Tests: stabilize Windows gateway/CLI tests by skipping sidecars, normalizing argv, and extending timeouts.
Tests: stabilize plugin SDK resolution and embedded agent timeouts.
Windows: install gateway scheduled task as the current user.
Windows: show friendly guidance instead of failing on access denied.
macOS: load menu session previews asynchronously so items populate while the menu is open.
macOS: use label colors for session preview text so previews render in menu subviews.
macOS: suppress usage error text in the menubar cost view.
macOS: Doctor repairs LaunchAgent bootstrap issues for Gateway + Node when listed but not loaded. (#1166)
macOS: avoid touching launchd in Remote over SSH so quitting the app no longer disables the remote gateway. (#1105)
macOS: bundle Textual resources in packaged app builds to avoid code block crashes. (#1006)
Daemon: include HOME in service environments to avoid missing HOME errors. (#1214)

Thanks @AlexMikhalev, @CoreyH, @John-Rood, @KrauseFx, @MaudeBot, @Nachx639, @NicholaiVogel, @RyanLisse, @ThePickle31, @VACInc, @Whoaa512, @YuriNachos, @aaronveklabs, @abdaraxus, @alauppe, @ameno-, @artuskg, @austinm911, @bradleypriest, @cheeeee, @dougvk, @fogboots, @gnarco, @gumadeiras, @jdrhyne, @joelklabo, @longmaba, @mukhtharcm, @odysseus0, @oscargavin, @rhjoh, @sebslight, @sibbl, @sleontenko, @steipete, @suminhthanh, @thewilloftheshadow, @tyler6204, @vignesh07, @visionik, @ysqander, @zerone0x.

2026.1.16-2

Changes

CLI: stamp build commit into dist metadata so banners show the commit in npm installs.
CLI: close memory manager after memory commands to avoid hanging processes. (#1127) — thanks @NicholasSpisak.

2026.1.16-1

Highlights

Hooks: add hooks system with bundled hooks, CLI tooling, and docs. (#1028) — thanks @ThomsenDrake. https://docs.clawd.bot/hooks
Media: add inbound media understanding (image/audio/video) with provider + CLI fallbacks. https://docs.clawd.bot/nodes/media-understanding
Plugins: add Zalo Personal plugin (@clawdbot/zalouser) and unify channel directory for plugins. (#1032) — thanks @suminhthanh. https://docs.clawd.bot/plugins/zalouser
Models: add Vercel AI Gateway auth choice + onboarding updates. (#1016) — thanks @timolins. https://docs.clawd.bot/providers/vercel-ai-gateway
Sessions: add session.identityLinks for cross-platform DM session li nking. (#1033) — thanks @thewilloftheshadow. https://docs.clawd.bot/concepts/session
Web search: add country/language parameters (schema + Brave API) and docs. (#1046) — thanks @YuriNachos. https://docs.clawd.bot/tools/web

Breaking

BREAKING: clawdbot message and message tool now require target (dropping to/channelId for destinations). (#1034) — thanks @tobalsan.
BREAKING: Channel auth now prefers config over env for Discord/Telegram/Matrix (env is fallback only). (#1040) — thanks @thewilloftheshadow.
BREAKING: Drop legacy chatType: "room" support; use chatType: "channel".
BREAKING: remove legacy provider-specific target resolution fallbacks; target resolution is centralized with plugin hints + directory lookups.
BREAKING: clawdbot hooks is now clawdbot webhooks; hooks live under clawdbot hooks. https://docs.clawd.bot/cli/webhooks
BREAKING: clawdbot plugins install <path> now copies into ~/.clawdbot/extensions (use --link to keep path-based loading).

Changes

Plugins: ship bundled plugins disabled by default and allow overrides by installed versions. (#1066) — thanks @ItzR3NO.
Plugins: add bundled Antigravity + Gemini CLI OAuth + Copilot Proxy provider plugins. (#1066) — thanks @ItzR3NO.
Tools: improve web_fetch extraction using Readability (with fallback).
Tools: add Firecrawl fallback for web_fetch when configured.
Tools: send Chrome-like headers by default for web_fetch to improve extraction on bot-sensitive sites.
Tools: Firecrawl fallback now uses bot-circumvention + cache by default; remove basic HTML fallback when extraction fails.
Tools: default exec exit notifications and auto-migrate legacy tools.bash to tools.exec.
Tools: add exec PTY support for interactive sessions. https://docs.clawd.bot/tools/exec
Tools: add tmux-style process send-keys and bracketed paste helpers for PTY sessions.
Tools: add process submit helper to send CR for PTY sessions.
Tools: respond to PTY cursor position queries to unblock interactive TUIs.
Tools: include tool outputs in verbose mode and expand verbose tool feedback.
Skills: update coding-agent guidance to prefer PTY-enabled exec runs and simplify tmux usage.
TUI: refresh session token counts after runs complete or fail. (#1079) — thanks @d-ploutarchos.
Status: trim /status to current-provider usage only and drop the OAuth/token block.
Directory: unify clawdbot directory across channels and plugin channels.
UI: allow deleting sessions from the Control UI.
Memory: add sqlite-vec vector acceleration with CLI status details.
Memory: add experimental session transcript indexing for memory_search (opt-in via memorySearch.experimental.sessionMemory + sources).
Skills: add user-invocable skill commands and expanded skill command registration.
Telegram: default reaction level to minimal and enable reaction notifications by default.
Telegram: allow reply-chain messages to bypass mention gating in groups. (#1038) — thanks @adityashaw2.
iMessage: add remote attachment support for VM/SSH deployments.
Messages: refresh live directory cache results when resolving targets.
Messages: mirror delivered outbound text/media into session transcripts. (#1031) — thanks @TSavo.
Messages: avoid redundant sender envelopes for iMessage + Signal group chats. (#1080) — thanks @tyler6204.
Media: normalize Deepgram audio upload bytes for fetch compatibility.
Cron: isolated cron jobs now start a fresh session id on every run to prevent context buildup.
Docs: add /help hub, Node/npm PATH guide, and expand directory CLI docs.
Config: support env var substitution in config values. (#1044) — thanks @sebslight.
Health: add per-agent session summaries and account-level health details, and allow selective probes. (#1047) — thanks @gumadeiras.
Hooks: add hook pack installs (npm/path/zip/tar) with clawdbot.hooks manifests and clawdbot hooks install/update.
Plugins: add zip installs and --link to avoid copying local paths.

Fixes

macOS: drain subprocess pipes before waiting to avoid deadlocks. (#1081) — thanks @thesash.
Verbose: wrap tool summaries/output in markdown only for markdown-capable channels.
Tools: include provider/session context in elevated exec denial errors.
Tools: normalize exec tool alias naming in tool error logs.
Logging: reuse shared ANSI stripping to keep console capture lint-clean.
Logging: prefix nested agent output with session/run/channel context.
Telegram: accept tg/group/telegram prefixes + topic targets for inline button validation. (#1072) — thanks @danielz1z.
Telegram: split long captions into follow-up messages.
Config: block startup on invalid config, preserve best-effort doctor config, and keep rolling config backups. (#1083) — thanks @mukhtharcm.
Sub-agents: normalize announce delivery origin + queue bucketing by accountId to keep multi-account routing stable. (#1061, #1058) — thanks @adam91holt.
Sessions: include deliveryContext in sessions.list and reuse normalized delivery routing for announce/restart fallbacks. (#1058)
Sessions: propagate deliveryContext into last-route updates to keep account/channel routing stable. (#1058)
Sessions: preserve overrides on /new reset.
Memory: prevent unhandled rejections when watch/interval sync fails. (#1076) — thanks @roshanasingh4.
Memory: avoid gateway crash when embeddings return 429/insufficient_quota (disable tool + surface error). (#1004)
Gateway: honor explicit delivery targets without implicit accountId fallback; preserve lastAccountId for implicit routing.
Gateway: avoid reusing last-to/accountId when the requested channel differs; sync deliveryContext with last route fields.
Build: allow @lydell/node-pty builds on supported platforms.
Repo: fix oxlint config filename and move ignore pattern into config. (#1064) — thanks @connorshea.
Messages: /stop now hard-aborts queued followups and sub-agent runs; suppress zero-count stop notes.
Messages: honor message tool channel when deduping sends.
Messages: include sender labels for live group messages across channels, matching queued/history formatting. (#1059)
Sessions: reset compactionCount on /new and /reset, and preserve sessions.json file mode (0600).
Sessions: repair orphaned user turns before embedded prompts.
Sessions: hard-stop sessions.delete cleanup.
Channels: treat replies to the bot as implicit mentions across supported channels.
Channels: normalize object-format capabilities in channel capability parsing.
Security: default-deny slash/control commands unless a channel computed CommandAuthorized (fixes accidental “open” behavior), and ensure WhatsApp + Zalo plugin channels gate inline /… tokens correctly. https://docs.clawd.bot/gateway/security
Security: redact sensitive text in gateway WS logs.
Tools: cap pending exec process output to avoid unbounded buffers.
CLI: speed up clawdbot sandbox-explain by avoiding heavy plugin imports when normalizing channel ids.
Browser: remote profile tab operations prefer persistent Playwright and avoid silent HTTP fallbacks. (#1057) — thanks @mukhtharcm.
Browser: remote profile tab ops follow-up: shared Playwright loader, Playwright-based focus, and more coverage (incl. opt-in live Browserless test). (follow-up to #1057) — thanks @mukhtharcm.
Browser: refresh extension relay tab metadata after navigation so /json/list stays current. (#1073) — thanks @roshanasingh4.
WhatsApp: scope self-chat response prefix; inject pending-only group history and clear after any processed message.
WhatsApp: include linked field in describeAccount.
Agents: drop unsigned Gemini tool calls and avoid JSON Schema format keyword collisions.
Agents: hide the image tool when the primary model already supports images.
Agents: avoid duplicate sends by replying with NO_REPLY after message tool sends.
Auth: inherit/merge sub-agent auth profiles from the main agent.
Gateway: resolve local auth for security probe and validate gateway token/password file modes. (#1011, #1022) — thanks @ivanrvpereira, @kkarimi.
Signal/iMessage: bound transport readiness waits to 30s with periodic logging. (#1014) — thanks @Szpadel.
iMessage: avoid RPC restart loops.
OpenAI image-gen: handle URL + b64_json responses and remove deprecated response_format (use URL downloads).
CLI: auto-update global installs when installed via a package manager.
Routing: migrate legacy accountID bindings to accountId and remove legacy fallback lookups. (#1047) — thanks @gumadeiras.
Discord: truncate skill command descriptions to 100 chars for slash command limits. (#1018) — thanks @evalexpr.
Security: bump tar to 7.5.3.
Models: align ZAI thinking toggles.
iMessage/Signal: include sender metadata for non-queued group messages. (#1059)
Discord: preserve whitespace when chunking long lines so message splits keep spacing intact.
Skills: fix skills watcher ignored list typing (tsc).

2026.1.15

Highlights

Plugins: add provider auth registry + clawdbot models auth login for plugin-driven OAuth/API key flows.
Browser: improve remote CDP/Browserless support (auth passthrough, wss upgrade, timeouts, clearer errors).
Heartbeat: per-agent configuration + 24h duplicate suppression. (#980) — thanks @voidserf.
Security: audit warns on weak model tiers; app nodes store auth tokens encrypted (Keychain/SecurePrefs).

Breaking

BREAKING: iOS minimum version is now 18.0 to support Textual markdown rendering in native chat. (#702)
BREAKING: Microsoft Teams is now a plugin; install @clawdbot/msteams via clawdbot plugins install @clawdbot/msteams.
BREAKING: Channel auth now prefers config over env for Discord/Telegram/Matrix (env is fallback only). (#1040) — thanks @thewilloftheshadow.

Changes

UI/Apps: move channel/config settings to schema-driven forms and rename Connections → Channels. (#1040) — thanks @thewilloftheshadow.
CLI: set process titles to clawdbot-<command> for clearer process listings.
CLI/macOS: sync remote SSH target/identity to config and let gateway status auto-infer SSH targets (ssh-config aware).
Telegram: scope inline buttons with allowlist default + callback gating in DMs/groups.
Telegram: default reaction notifications to own.
Tools: improve web_fetch extraction using Readability (with fallback).
Heartbeat: tighten prompt guidance + suppress duplicate alerts for 24h. (#980) — thanks @voidserf.
Repo: ignore local identity files to avoid accidental commits. (#1001) — thanks @gerardward2007.
Sessions/Security: add session.dmScope for multi-user DM isolation and audit warnings. (#948) — thanks @Alphonse-arianee.
Plugins: add provider auth registry + clawdbot models auth login for plugin-driven OAuth/API key flows.
Onboarding: switch channels setup to a single-select loop with per-channel actions and disabled hints in the picker.
TUI: show provider/model labels for the active session and default model.
Heartbeat: add per-agent heartbeat configuration and multi-agent docs example.
UI: show gateway auth guidance + doc link on unauthorized Control UI connections.
UI: add session deletion action in Control UI sessions list. (#1017) — thanks @Szpadel.
Security: warn on weak model tiers (Haiku, below GPT-5, below Claude 4.5) in clawdbot security audit.
Apps: store node auth tokens encrypted (Keychain/SecurePrefs).
Daemon: share profile/state-dir resolution across service helpers and honor CLAWDBOT_STATE_DIR for Windows task scripts.
Docs: clarify multi-gateway rescue bot guidance. (#969) — thanks @bjesuiter.
Agents: add Current Date & Time system prompt section with configurable time format (auto/12/24).
Tools: normalize Slack/Discord message timestamps with timestampMs/timestampUtc while keeping raw provider fields.
macOS: add system.which for prompt-free remote skill discovery (with gateway fallback to system.run).
Docs: add Date & Time guide and update prompt/timezone configuration docs.
Messages: debounce rapid inbound messages across channels with per-connector overrides. (#971) — thanks @juanpablodlc.
Messages: allow media-only sends (CLI/tool) and show Telegram voice recording status for voice notes. (#957) — thanks @rdev.
Auth/Status: keep auth profiles sticky per session (rotate on compaction/new), surface provider usage headers in /status and clawdbot models status, and update docs.
CLI: add --json output for clawdbot daemon lifecycle/install commands.
Memory: make node-llama-cpp an optional dependency (avoid Node 25 install failures) and improve local-embeddings fallback/errors.
Browser: add snapshot refs=aria (Playwright aria-ref ids) for self-resolving refs across snapshot → act.
Browser: profile="chrome" now defaults to host control and returns clearer “attach a tab” errors.
Browser: prefer stable Chrome for auto-detect, with Brave/Edge fallbacks and updated docs. (#983) — thanks @cpojer.
Browser: increase remote CDP reachability timeouts + add remoteCdpTimeoutMs/remoteCdpHandshakeTimeoutMs.
Browser: preserve auth/query tokens for remote CDP endpoints and pass Basic auth for CDP HTTP/WS. (#895) — thanks @mukhtharcm.
Telegram: add bidirectional reaction support with configurable notifications and agent guidance. (#964) — thanks @bohdanpodvirnyi.
Telegram: allow custom commands in the bot menu (merged with native; conflicts ignored). (#860) — thanks @nachoiacovino.
Discord: allow allowlisted guilds without channel lists to receive messages when groupPolicy="allowlist". — thanks @thewilloftheshadow.
Discord: allow emoji/sticker uploads + channel actions in config defaults. (#870) — thanks @JDIVE.

Fixes

Messages: make /stop clear queued followups and pending session lane work for a hard abort.
Messages: make /stop abort active sub-agent runs spawned from the requester session and report how many were stopped.
WhatsApp: report linked status consistently in channel status. (#1050) — thanks @YuriNachos.
Sessions: keep per-session overrides when /new resets compaction counters. (#1050) — thanks @YuriNachos.
Skills: allow OpenAI image-gen helper to handle URL or base64 responses. (#1050) — thanks @YuriNachos.
WhatsApp: default response prefix only for self-chat, using identity name when set.
Signal/iMessage: bound transport readiness waits to 30s with periodic logging. (#1014) — thanks @Szpadel.
iMessage: treat missing imsg rpc support as fatal to avoid restart loops.
Auth: merge main auth profiles into per-agent stores for sub-agents and document inheritance. (#1013) — thanks @marcmarg.
Agents: avoid JSON Schema format collisions in tool params by renaming snapshot format fields. (#1013) — thanks @marcmarg.
Fix: make clawdbot update auto-update global installs when installed via a package manager.
Fix: list model picker entries as provider/model pairs for explicit selection. (#970) — thanks @mcinteerj.
Fix: align OpenAI image-gen defaults with DALL-E 3 standard quality and document output formats. (#880) — thanks @mkbehr.
Fix: persist gateway.mode=local after selecting Local run mode in clawdbot configure, even if no other sections are chosen.
Daemon: fix profile-aware service label resolution (env-driven) and add coverage for launchd/systemd/schtasks. (#969) — thanks @bjesuiter.
Agents: avoid false positives when logging unsupported Google tool schema keywords.
Agents: skip Gemini history downgrades for google-antigravity to preserve tool calls. (#894) — thanks @mukhtharcm.
Status: restore usage summary line for current provider when no OAuth profiles exist.
Fix: guard model fallback against undefined provider/model values. (#954) — thanks @roshanasingh4.
Fix: refactor session store updates, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.
Fix: clean up suspended CLI processes across backends. (#978) — thanks @Nachx639.
Fix: support MiniMax coding plan usage responses with model_remains/current_interval_* payloads.
Fix: honor message tool channel for duplicate suppression (prefer NO_REPLY after message tool sends). (#1053) — thanks @sashcatanzarite.
Fix: suppress WhatsApp pairing replies for historical catch-up DMs on initial link. (#904)
Browser: extension mode recovers when only one tab is attached (stale targetId fallback).
Browser: fix tab not found for extension relay snapshots/actions when Playwright blocks newCDPSession (use the single available Page).
Browser: upgrade ws → wss when remote CDP uses https (fixes Browserless handshake).
Telegram: skip message_thread_id=1 for General topic sends while keeping typing indicators. (#848) — thanks @azade-c.
Fix: sanitize user-facing error text + strip <final> tags across reply pipelines. (#975) — thanks @ThomsenDrake.
Fix: normalize pairing CLI aliases, allow extension channels, and harden Zalo webhook payload parsing. (#991) — thanks @longmaba.
Fix: allow local Tailscale Serve hostnames without treating tailnet clients as direct. (#885) — thanks @oswalpalash.
Fix: reset sessions after role-ordering conflicts to recover from consecutive user turns. (#998)

2026.1.14-1

Highlights

Web search: web_search/web_fetch tools (Brave API) + first-time setup in onboarding/configure.
Browser control: Chrome extension relay takeover mode + remote browser control via clawdbot browser serve.
Plugins: channel plugins (gateway HTTP hooks) + Zalo plugin + onboarding install flow. (#854) — thanks @longmaba.
Security: expanded clawdbot security audit (+ --fix), detect-secrets CI scan, and a SECURITY.md reporting policy.

Changes

Docs: clarify per-agent auth stores, sandboxed skill binaries, and elevated semantics.
Docs: add FAQ entries for missing provider auth after adding agents and Gemini thinking signature errors.
Agents: add optional auth-profile copy prompt on agents add and improve auth error messaging.
Security: expand clawdbot security audit checks (model hygiene, config includes, plugin allowlists, exposure matrix) and extend --fix to tighten more sensitive state paths.
Security: add SECURITY.md reporting policy.
Channels: add Matrix plugin (external) with docs + onboarding hooks.
Plugins: add Zalo channel plugin with gateway HTTP hooks and onboarding install prompt. (#854) — thanks @longmaba.
Onboarding: add a security checkpoint prompt (docs link + sandboxing hint); require --accept-risk for --non-interactive.
Docs: expand gateway security hardening guidance and incident response checklist.
Docs: document DM history limits for channel DMs. (#883) — thanks @pkrmf.
Security: add detect-secrets CI scan and baseline guidance. (#227) — thanks @Hyaxia.
Tools: add web_search/web_fetch (Brave API), auto-enable web_fetch for sandboxed sessions, and remove the brave-search skill.
CLI/Docs: add a web tools configure section for storing Brave API keys and update onboarding tips.
Browser: add Chrome extension relay takeover mode (toolbar button), plus clawdbot browser extension install/path and remote browser control via clawdbot browser serve + browser.controlToken.

Fixes

Sessions: refactor session store updates to lock + mutate per-entry, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.
Browser: add tests for snapshot labels/efficient query params and labeled image responses.
Google: downgrade unsigned thinking blocks before send to avoid missing signature errors.
Doctor: avoid re-adding WhatsApp config when only legacy ack reactions are set. (#927, fixes #900) — thanks @grp06.
Agents: scrub tuple items schemas for Gemini tool calls. (#926, fixes #746) — thanks @grp06.
Agents: harden Antigravity Claude history/tool-call sanitization. (#968) — thanks @rdev.
Agents: stabilize sub-agent announce status from runtime outcomes and normalize Result/Notes. (#835) — thanks @roshanasingh4.
Embedded runner: suppress raw API error payloads from replies. (#924) — thanks @grp06.
Auth: normalize Claude Code CLI profile mode to oauth and auto-migrate config. (#855) — thanks @sebslight.
Daemon: clear persisted launchd disabled state before bootstrap (fixes daemon install after uninstall). (#849) — thanks @ndraiman.
Logging: tolerate EIO from console writes to avoid gateway crashes. (#925, fixes #878) — thanks @grp06.
Sandbox: restore docker.binds config validation for custom bind mounts. (#873) — thanks @akonyer.
Sandbox: preserve configured PATH for docker exec so custom tools remain available. (#873) — thanks @akonyer.
Slack: respect channels.slack.requireMention default when resolving channel mention gating. (#850) — thanks @evalexpr.
Telegram: aggregate split inbound messages into one prompt (reduces “one reply per fragment”).
Auto-reply: treat trailing NO_REPLY tokens as silent replies.
Config: prevent partial config writes from clobbering unrelated settings (base hash guard + merge patch for connection saves).

2026.1.14

Changes

Usage: add MiniMax coding plan usage tracking.
Auth: label Claude Code CLI auth options. (#915) — thanks @SeanZoR.
Docs: standardize Claude Code CLI naming across docs and prompts. (follow-up to #915)
Telegram: add message delete action in the message tool. (#903) — thanks @sleontenko.
Config: add channels.<provider>.configWrites gating for channel-initiated config writes; migrate Slack channel IDs.

Fixes

Mac: pass auth token/password to dashboard URL for authenticated access. (#918) — thanks @rahthakor.
UI: use application-defined WebSocket close code (browser compatibility). (#918) — thanks @rahthakor.
TUI: render picker overlays via the overlay stack so /models and /settings display. (#921) — thanks @grizzdank.
TUI: add a bright spinner + elapsed time in the status line for send/stream/run states.
TUI: show LLM error messages (rate limits, auth, etc.) instead of (no output).
Gateway/Dev: ensure pnpm gateway:dev always uses the dev profile config + state (~/.clawdbot-dev).

Agents / Auth / Tools / Sandbox

Agents: make user time zone and 24-hour time explicit in the system prompt. (#859) — thanks @CashWilliams.
Agents: strip downgraded tool call text without eating adjacent replies and filter thinking-tag leaks. (#905) — thanks @erikpr1994.
Agents: cap tool call IDs for OpenAI/OpenRouter to avoid request rejections. (#875) — thanks @j1philli.
Agents: scrub tuple items schemas for Gemini tool calls. (#926, fixes #746) — thanks @grp06.
Agents: stabilize sub-agent announce status from runtime outcomes and normalize Result/Notes. (#835) — thanks @roshanasingh4.
Auth: normalize Claude Code CLI profile mode to oauth and auto-migrate config. (#855) — thanks @sebslight.
Embedded runner: suppress raw API error payloads from replies. (#924) — thanks @grp06.
Logging: tolerate EIO from console writes to avoid gateway crashes. (#925, fixes #878) — thanks @grp06.
Sandbox: restore docker.binds config validation and preserve configured PATH for docker exec. (#873) — thanks @akonyer.
Google: downgrade unsigned thinking blocks before send to avoid missing signature errors.

macOS / Apps

macOS: ensure launchd log directory exists with a test-only override. (#909) — thanks @roshanasingh4.
macOS: format ConnectionsStore config to satisfy SwiftFormat lint. (#852) — thanks @mneves75.
macOS: pass auth token/password to dashboard URL for authenticated access. (#918) — thanks @rahthakor.
macOS: reuse launchd gateway auth and skip wizard when gateway config already exists. (#917)
macOS: prefer the default bridge tunnel port in remote mode for node bridge connectivity; document macOS remote control + bridge tunnels. (#960, fixes #865) — thanks @kkarimi.
Apps: use canonical main session keys from gateway defaults across macOS/iOS/Android to avoid creating bare main sessions.
macOS: fix cron preview/testing payload to use channel key. (#867) — thanks @wes-davis.
Telegram: honor channels.telegram.timeoutSeconds for grammY API requests. (#863) — thanks @Snaver.
Telegram: split long captions into media + follow-up text messages. (#907) - thanks @jalehman.
Telegram: migrate group config when supergroups change chat IDs. (#906) — thanks @sleontenko.
Messaging: unify markdown formatting + format-first chunking for Slack/Telegram/Signal. (#920) — thanks @TheSethRose.
Slack: drop Socket Mode events with mismatched api_app_id/team_id. (#889) — thanks @roshanasingh4.
Discord: isolate autoThread thread context. (#856) — thanks @davidguttman.
WhatsApp: fix context isolation using wrong ID (was bot's number, now conversation ID). (#911) — thanks @tristanmanchester.
WhatsApp: normalize user JIDs with device suffix for allowlist checks in groups. (#838) — thanks @peschee.

2026.1.13

Fixes

Postinstall: treat already-applied pnpm patches as no-ops to avoid npm/bun install failures.
Packaging: pin @mariozechner/pi-ai to 0.45.7 and refresh patched dependency to match npm resolution.

2026.1.12-2

Fixes

Packaging: include dist/memory/** in the npm tarball (fixes ERR_MODULE_NOT_FOUND for dist/memory/index.js).
Agents: persist sub-agent registry across gateway restarts and resume announce flow safely. (#831) — thanks @roshanasingh4.
Agents: strip invalid Gemini thought signatures from OpenRouter history to avoid 400s. (#841, #845) — thanks @MatthieuBizien.

2026.1.12-1

Fixes

Packaging: include dist/channels/** in the npm tarball (fixes ERR_MODULE_NOT_FOUND for dist/channels/registry.js).

2026.1.12

Highlights

BREAKING: rename chat “providers” (Slack/Telegram/WhatsApp/…) to channels across CLI/RPC/config; legacy config keys auto-migrate on load (and are written back as channels.*).
Memory: add vector search for agent memories (Markdown-only) with SQLite index, chunking, lazy sync + file watch, and per-agent enablement/fallback.
Plugins: restore full voice-call plugin parity (Telnyx/Twilio, streaming, inbound policies, tools/CLI).
Models: add Synthetic provider plus Moonshot Kimi K2 0905 + turbo/thinking variants (with docs). (#811) — thanks @siraht; (#818) — thanks @mickahouan.
Cron: one-shot schedules accept ISO timestamps (UTC) with optional delete-after-run; cron jobs can target a specific agent (CLI + macOS/Control UI).
Agents: add compaction mode config with optional safeguard summarization and per-agent model fallbacks. (#700) — thanks @thewilloftheshadow; (#583) — thanks @mitschabaude-bot.

New & Improved

Memory: add custom OpenAI-compatible embedding endpoints; support OpenAI/local node-llama-cpp embeddings with per-agent overrides and provider metadata in tools/CLI. (#819) — thanks @mukhtharcm.
Memory: new clawdbot memory CLI plus memory_search/memory_get tools with snippets + line ranges; index stored under ~/.clawdbot/memory/{agentId}.sqlite with watch-on-by-default.
Agents: strengthen memory recall guidance; make workspace bootstrap truncation configurable (default 20k) with warnings; add default sub-agent model config.
Tools/Sandbox: add tool profiles + group shorthands; support tool-policy groups in tools.sandbox.tools; drop legacy memory shorthand; allow Docker bind mounts via docker.binds. (#790) — thanks @akonyer.
Tools: add provider/model-specific tool policy overrides (tools.byProvider) to trim tool exposure per provider.
Tools: add browser scrollintoview action; allow Claude/Gemini tool param aliases; allow thinking xhigh for GPT-5.2/Codex with safe downgrades. (#793) — thanks @hsrvc; (#444) — thanks @grp06.
Gateway/CLI: add Tailscale binary discovery, custom bind mode, and probe auth retry; add clawdbot dashboard auto-open flow; default native slash commands to "auto" with per-provider overrides. (#740) — thanks @jeffersonwarrior.
Auth/Onboarding: add Chutes OAuth (PKCE + refresh + onboarding choice); normalize API key inputs; default TUI onboarding to deliver: false. (#726) — thanks @FrieSei; (#791) — thanks @roshanasingh4.
Providers: add discord.allowBots; trim legacy MiniMax M2 from default catalogs; route MiniMax vision to the Coding Plan VLM endpoint (also accepts @/path/to/file.png inputs). (#802) — thanks @zknicker.
Gateway: allow Tailscale Serve identity headers to satisfy token auth; rebuild Control UI assets when protocol schema is newer. (#823) — thanks @roshanasingh4; (#786) — thanks @meaningfool.
Heartbeat: default ackMaxChars to 300 so short HEARTBEAT_OK replies stay internal.

Installer

Install: run clawdbot doctor --non-interactive after git installs/updates and nudge daemon restarts when detected.

Fixes

Doctor: warn on pnpm workspace mismatches, missing Control UI assets, and missing tsx binaries; offer UI rebuilds.
Tools: apply global tool allow/deny even when agent-specific tool policy is set.
Models/Providers: treat credential validation failures as auth errors to trigger fallback; normalize ${ENV_VAR} apiKey values and auto-fill missing provider keys; preserve explicit GitHub Copilot provider config + agent-dir auth profiles. (#822) — thanks @sebslight; (#705) — thanks @TAGOOZ.
Auth: drop invalid auth profiles from ordering so environment keys can still be used for providers like MiniMax.
Gemini: normalize Gemini 3 ids to preview variants; strip Gemini CLI tool call/response ids; downgrade missing thought_signature; strip Claude msg_* thought_signature fields to avoid base64 decode errors. (#795) — thanks @thewilloftheshadow; (#783) — thanks @ananth-vardhan-cn; (#793) — thanks @hsrvc; (#805) — thanks @marcmarg.
Agents: auto-recover from compaction context overflow by resetting the session and retrying; propagate overflow details from embedded runs so callers can recover.
MiniMax: strip malformed tool invocation XML; include MiniMax-VL-01 in implicit provider for image pairing. (#809) — thanks @latitudeki5223.
Onboarding/Auth: honor CLAWDBOT_AGENT_DIR / PI_CODING_AGENT_DIR when writing auth profiles (MiniMax). (#829) — thanks @roshanasingh4.
Anthropic: handle overloaded_error with a friendly message and failover classification. (#832) — thanks @danielz1z.
Anthropic: merge consecutive user turns (preserve newest metadata) before validation to avoid incorrect role errors. (#804) — thanks @ThomsenDrake.
Messaging: enforce context isolation for message tool sends; keep typing indicators alive during tool execution. (#793) — thanks @hsrvc; (#450, #447) — thanks @thewilloftheshadow.
Auto-reply: /status allowlist behavior, reasoning-tag enforcement on fallback, and system-event enqueueing for elevated/reasoning toggles. (#810) — thanks @mcinteerj.
System events: include local timestamps when events are injected into prompts. (#245) — thanks @thewilloftheshadow.
Auto-reply: resolve ambiguous /model matches; fix streaming block reply media handling; keep >300 char heartbeat replies instead of dropping.
Discord/Slack: centralize reply-thread planning; fix autoThread routing + add per-channel autoThread; avoid duplicate listeners; keep reasoning italics intact; allow clearing channel parents via message tool. (#800, #807) — thanks @davidguttman; (#744) — thanks @thewilloftheshadow.
Telegram: preserve forum topic thread ids, persist polling offsets, respect account bindings in webhook mode, and show typing indicator in General topics. (#727, #739) — thanks @thewilloftheshadow; (#821) — thanks @gumadeiras; (#779) — thanks @azade-c.
Slack: accept slash commands with or without leading / for custom command configs. (#798) — thanks @thewilloftheshadow.
Cron: persist disabled jobs correctly; accept jobId aliases for update/run/remove params. (#205, #252) — thanks @thewilloftheshadow.
Gateway/CLI: honor CLAWDBOT_LAUNCHD_LABEL / CLAWDBOT_SYSTEMD_UNIT overrides; agents.list respects explicit config; reduce noisy loopback WS logs during tests; run clawdbot doctor --non-interactive during updates. (#781) — thanks @ronyrus.
Onboarding/Control UI: refuse invalid configs (run doctor first); quote Windows browser URLs for OAuth; keep chat scroll position unless the user is near the bottom. (#764) — thanks @mukhtharcm; (#794) — thanks @roshanasingh4; (#217) — thanks @thewilloftheshadow.
Tools/UI: harden tool input schemas for strict providers; drop null-only union variants for Gemini schema cleanup; treat maxChars: 0 as unlimited; keep TUI last streamed response instead of "(no output)". (#782) — thanks @AbhisekBasu1; (#796) — thanks @gabriel-trigo; (#747) — thanks @thewilloftheshadow.
Connections UI: polish multi-account account cards. (#816) — thanks @steipete.

Maintenance

Dependencies: bump Pi packages to 0.45.3 and refresh patched pi-ai.
Testing: update Vitest + browser-playwright to 4.0.17.
Docs: add Amazon Bedrock provider notes and link from models/FAQ.

2026.1.11

Highlights

Plugins are now first-class: loader + CLI management, plus the new Voice Call plugin.
Config: modular $include support for split config files. (#731) — thanks @pasogott.
Agents/Pi: reserve compaction headroom so pre-compaction memory writes can run before auto-compaction.
Agents: automatic pre-compaction memory flush turn to store durable memories before compaction.

Changes

CLI/Onboarding: simplify MiniMax auth choice to a single M2.1 option.
CLI: configure section selection now loops until Continue.
Docs: explain MiniMax vs MiniMax Lightning (speed vs cost) and restore LM Studio example.
Docs: add Cerebras GLM 4.6/4.7 config example (OpenAI-compatible endpoint).
Onboarding/CLI: group model/auth choice by provider and label Z.AI as GLM 4.7.
Onboarding/Docs: add Moonshot AI (Kimi K2) auth choice + config example.
CLI/Onboarding: prompt to reuse detected API keys for Moonshot/MiniMax/Z.AI/Gemini/Anthropic/OpenCode.
Auto-reply: add compact /model picker (models + available providers) and show provider endpoints in /model status.
Control UI: add Config tab model presets (MiniMax M2.1, GLM 4.7, Kimi) for one-click setup.
Plugins: add extension loader (tools/RPC/CLI/services), discovery paths, and config schema + Control UI labels (uiHints).
Plugins: add clawdbot plugins install (path/tgz/npm), plus list|info|enable|disable|doctor UX.
Plugins: voice-call plugin now real (Twilio/log), adds start/status RPC/CLI/tool + tests.
Docs: add plugins doc + cross-links from tools/skills/gateway config.
Docs: add beginner-friendly plugin quick start + expand Voice Call plugin docs.
Tests: add Docker plugin loader + tgz-install smoke test.
Tests: extend Docker plugin E2E to cover installing from local folders (plugins.load.paths) and file: npm specs.
Tests: add coverage for pre-compaction memory flush settings.
Tests: modernize live model smoke selection for current releases and enforce tools/images/thinking-high coverage. (#769) — thanks @steipete.
Agents/Tools: add apply_patch tool for multi-file edits (experimental; gated by tools.exec.applyPatch; OpenAI-only).
Agents/Tools: rename the bash tool to exec (config alias maintained). (#748) — thanks @myfunc.
Agents: add pre-compaction memory flush config (agents.defaults.compaction.*) with a soft threshold + system prompt.
Config: add $include directive for modular config files. (#731) — thanks @pasogott.
Build: set pnpm minimum release age to 2880 minutes (2 days). (#718) — thanks @dan-dr.
macOS: prompt to install the global clawdbot CLI when missing in local mode; install via clawd.bot/install-cli.sh (no onboarding) and use external launchd/CLI instead of the embedded gateway runtime.
Docs: add gog calendar event color IDs from gog calendar colors. (#715) — thanks @mjrussell.
Cron/CLI: add --model flag to cron add/edit commands. (#711) — thanks @mjrussell.
Cron/CLI: trim model overrides on cron edits and document main-session guidance. (#711) — thanks @mjrussell.
Skills: bundle skill-creator to guide creating and packaging skills.
Providers: add per-DM history limit overrides (dmHistoryLimit) with provider-level config. (#728) — thanks @pkrmf.
Discord: expose channel/category management actions in the message tool. (#730) — thanks @NicholasSpisak.
Docs: rename README “macOS app” section to “Apps”. (#733) — thanks @AbhisekBasu1.
Gateway: require client.id in WebSocket connect params; use client.instanceId for presence de-dupe; update docs/tests.
macOS: remove the attach-only gateway setting; local mode now always manages launchd while still attaching to an existing gateway if present.

Installer

Postinstall: replace git apply with builtin JS patcher (works npm/pnpm/bun; no git dependency) plus regression tests.
Postinstall: skip pnpm patch fallback when the new patcher is active.
Installer tests: add root+non-root docker smokes, CI workflow to fetch clawd.bot scripts and run install sh/cli with onboarding skipped.
Installer UX: support CLAWDBOT_NO_ONBOARD=1 for non-interactive installs; fix npm prefix on Linux and auto-install git.
Installer UX: add install.sh --help with flags/env and git install hint.
Installer UX: add --install-method git|npm and auto-detect source checkouts (prompt to update git checkout vs migrate to npm).

Fixes

Models/Onboarding: configure MiniMax (minimax.io) via Anthropic-compatible /anthropic endpoint by default (keep minimax-api as a legacy alias).
Models: normalize Gemini 3 Pro/Flash IDs to preview names for live model lookups. (#769) — thanks @steipete.
CLI: fix guardCancel typing for configure prompts. (#769) — thanks @steipete.
Gateway/WebChat: include handshake validation details in the WebSocket close reason for easier debugging; preserve close codes.
Gateway/Auth: send invalid connect responses before closing the handshake; stabilize invalid-connect auth test.
Gateway: tighten gateway listener detection.
Control UI: hide onboarding chat when configured and guard the mobile chat sidebar overlay.
Auth: read Codex keychain credentials and make the lookup platform-aware.
macOS/Release: avoid bundling dist artifacts in relay builds and generate appcasts from zip-only sources.
Doctor: surface plugin diagnostics in the report.
Plugins: treat plugins.load.paths directory entries as package roots when they contain package.json + clawdbot.extensions; load plugin packages from config dirs; extract archives without system tar.
Config: expand ~ in CLAWDBOT_CONFIG_PATH and common path-like config fields (including plugins.load.paths); guard invalid $include paths. (#731) — thanks @pasogott.
Agents: stop pre-creating session transcripts so first user messages persist in JSONL history.
Agents: skip pre-compaction memory flush when the session workspace is read-only.
Auto-reply: ignore inline /status directives unless the message is directive-only.
Auto-reply: align /think default display with model reasoning defaults. (#751) — thanks @gabriel-trigo.
Auto-reply: flush block reply buffers on tool boundaries. (#750) — thanks @sebslight.
Auto-reply: allow sender fallback for command authorization when SenderId is empty (WhatsApp self-chat). (#755) — thanks @juanpablodlc.
Auto-reply: treat whitespace-only sender ids as missing for command authorization (WhatsApp self-chat). (#766) — thanks @steipete.
Heartbeat: refresh prompt text for updated defaults.
Agents/Tools: use PowerShell on Windows to capture system utility output. (#748) — thanks @myfunc.
Docker: tolerate unset optional env vars in docker-setup.sh under strict mode. (#725) — thanks @petradonka.
CLI/Update: preserve base environment when passing overrides to update subprocesses. (#713) — thanks @danielz1z.
Agents: treat message tool errors as failures so fallback replies still send; require to + message for action=send. (#717) — thanks @theglove44.
Agents: preserve reasoning items on tool-only turns.
Agents/Subagents: wait for completion before announcing, align wait timeout with run timeout, and make announce prompts more emphatic.
Agents: route subagent transcripts to the target agent sessions directory and add regression coverage. (#708) — thanks @xMikeMickelson.
Agents/Tools: preserve action enums when flattening tool schemas. (#708) — thanks @xMikeMickelson.
Gateway/Agents: canonicalize main session aliases for store writes and add regression coverage. (#709) — thanks @xMikeMickelson.
Agents: reset sessions and retry when auto-compaction overflows instead of crashing the gateway.
Providers/Telegram: normalize command mentions for consistent parsing. (#729) — thanks @obviyus.
Providers: skip DM history limit handling for non-DM sessions. (#728) — thanks @pkrmf.
Sandbox: fix non-main mode incorrectly sandboxing the main DM session and align /status runtime reporting with effective sandbox state.
Sandbox/Gateway: treat agent:<id>:main as a main-session alias when session.mainKey is customized (backwards compatible).
Auto-reply: fast-path allowlisted slash commands (inline /help//commands//status//whoami stripped before model).

2026.1.10

Highlights

CLI: clawdbot status now table-based + shows OS/update/gateway/daemon/agents/sessions; status --all adds a full read-only debug report (tables, log tails, Tailscale summary, and scan progress via OSC-9 + spinner).
CLI Backends: add Codex CLI fallback with resume support (text output) and JSONL parsing for new runs, plus a live CLI resume probe.
CLI: add clawdbot update (safe-ish git checkout update) + --update shorthand. (#673) — thanks @fm1randa.
Gateway: add OpenAI-compatible /v1/chat/completions HTTP endpoint (auth, SSE streaming, per-agent routing). (#680).

Changes

Onboarding/Models: add first-class Z.AI (GLM) auth choice (zai-api-key) + --zai-api-key flag.
CLI/Onboarding: add OpenRouter API key auth option in configure/onboard. (#703) — thanks @mteam88.
Agents: add human-delay pacing between block replies (modes: off/natural/custom, per-agent configurable). (#446) — thanks @tony-freedomology.
Agents/Browser: add browser.target (sandbox/host/custom) with sandbox host-control gating via agents.defaults.sandbox.browser.allowHostControl, allowlists for custom control URLs/hosts/ports, and expand browser tool docs (remote control, profiles, internals).
Onboarding/Models: add catalog-backed default model picker to onboarding + configure. (#611) — thanks @jonasjancarik.
Agents/OpenCode Zen: update fallback models + defaults, keep legacy alias mappings. (#669) — thanks @magimetal.
CLI: add clawdbot reset and clawdbot uninstall flows (interactive + non-interactive) plus docker cleanup smoke test.
Providers: move provider wiring to a plugin architecture. (#661).
Providers: unify group history context wrappers across providers with per-provider/per-account historyLimit overrides (fallback to messages.groupChat.historyLimit). Set 0 to disable. (#672).
Gateway/Heartbeat: optionally deliver heartbeat Reasoning: output (agents.defaults.heartbeat.includeReasoning). (#690)
Docker: allow optional home volume + extra bind mounts in docker-setup.sh. (#679) — thanks @gabriel-trigo.

Fixes

Auto-reply: suppress draft/typing streaming for NO_REPLY (silent system ops) so it doesn’t leak partial output.
CLI/Status: expand tables to full terminal width; clarify provider setup vs runtime warnings; richer per-provider detail; token previews in status while keeping status --all redacted; add troubleshooting link footer; keep log tails pasteable; show gateway auth used when reachable; surface provider runtime errors (Signal/iMessage/Slack); harden tailscale status --json parsing; make status --all scan progress determinate; and replace the footer with a 3-line “Next steps” recommendation (share/debug/probe).
CLI/Gateway: clarify that clawdbot gateway status reports RPC health (connect + RPC) and shows RPC failures separately from connect failures.
CLI/Update: gate progress spinner on stdout TTY and align clean-check step label. (#701) — thanks @bjesuiter.
Telegram: add /whoami + /id commands to reveal sender id for allowlists; allow @username and prefixed ids in allowFrom prompts (with stability warning).
Heartbeat: strip markup-wrapped HEARTBEAT_OK so acks don’t leak to external providers (e.g., Telegram).
Control UI: stop auto-writing telegram.groups["*"] and warn/confirm before enabling wildcard groups.
WhatsApp: send ack reactions only for handled messages and ignore legacy messages.ackReaction (doctor copies to whatsapp.ackReaction). (#629) — thanks @pasogott.
Sandbox/Skills: mirror skills into sandbox workspaces for read-only mounts so SKILL.md stays accessible.
Terminal/Table: ANSI-safe wrapping to prevent table clipping/color loss; add regression coverage.
Docker: allow optional apt packages during image build and document the build arg. (#697) — thanks @gabriel-trigo.
Gateway/Heartbeat: deliver reasoning even when the main heartbeat reply is HEARTBEAT_OK. (#694) — thanks @antons.
Agents/Pi: inject config temperature/maxTokens into streaming without replacing the session streamFn; cover with live maxTokens probe. (#732) — thanks @peschee.
macOS: clear unsigned launchd overrides on signed restarts and warn via doctor when attach-only/disable markers are set. (#695) — thanks @jeffersonwarrior.
Agents: enforce single-writer session locks and drop orphan tool results to prevent tool-call ID failures (MiniMax/Anthropic-compatible APIs).
Docs: make clawdbot status the first diagnostic step, clarify status --deep behavior, and document /whoami + /id.
Docs/Testing: clarify live tool+image probes and how to list your testable provider/model ids.
Tests/Live: make gateway bash+read probes resilient to provider formatting while still validating real tool calls.
WhatsApp: detect @lid mentions in groups using authDir reverse mapping + resolve self JID E.164 for mention gating. (#692) — thanks @peschee.
Gateway/Auth: default to token auth on loopback during onboarding, add doctor token generation flow, and tighten audio transcription config to Whisper-only.
Providers: dedupe inbound messages across providers to avoid duplicate LLM runs on redeliveries/reconnects. (#689) — thanks @adam91holt.
Agents: strip <thought>/<antthinking> tags from hidden reasoning output and cover tag variants in tests. (#688) — thanks @theglove44.
macOS: save model picker selections as normalized provider/model IDs and keep manual entries aligned. (#683) — thanks @benithors.
Agents: recognize "usage limit" errors as rate limits for failover. (#687) — thanks @evalexpr.
CLI: avoid success message when daemon restart is skipped. (#685) — thanks @carlulsoe.
Commands: disable /config + /debug by default; gate via commands.config/commands.debug and hide from native registration/help output.
Agents/System: clarify that sub-agents remain sandboxed and cannot use elevated host access.
Gateway: disable the OpenAI-compatible /v1/chat/completions endpoint by default; enable via gateway.http.endpoints.chatCompletions.enabled=true.
macOS: stabilize bridge tunnels, guard invoke senders on disconnect, and drain stdout/stderr to avoid deadlocks. (#676) — thanks @ngutman.
Agents/System: clarify sandboxed runtime in system prompt and surface elevated availability when sandboxed.
Auto-reply: prefer RawBody for command/directive parsing (WhatsApp + Discord) and prevent fallback runs from clobbering concurrent session updates. (#643) — thanks @mcinteerj.
WhatsApp: fix group reactions by preserving message IDs and sender JIDs in history; normalize participant phone numbers to JIDs in outbound reactions. (#640) — thanks @mcinteerj.
WhatsApp: expose group participant IDs to the model so reactions can target the right sender.
Cron: wakeMode: "now" waits for heartbeat completion (and retries when the main lane is busy). (#666) — thanks @roshanasingh4.
Agents/OpenAI: fix Responses tool-only → follow-up turn handling (avoid standalone reasoning items that trigger 400 “required following item”) and replay reasoning items in Responses/Codex Responses history for tool-call-only turns.
Sandbox: add clawdbot sandbox explain (effective policy inspector + fix-it keys); improve “sandbox jail” tool-policy/elevated errors with actionable config key paths; link to docs.
Hooks/Gmail: keep Tailscale serve path at / while preserving the public path. (#668) — thanks @antons.
Hooks/Gmail: allow Tailscale target URLs to preserve internal serve paths.
Auth: update Claude Code keychain credentials in-place during refresh sync; share JSON file helpers; add CLI fallback coverage.
Auth: throttle external CLI credential syncs (Claude/Codex), reduce Keychain reads, and skip sync when cached credentials are still fresh.
CLI: respect CLAWDBOT_STATE_DIR for node pairing + voice wake settings storage. (#664) — thanks @azade-c.
Onboarding/Gateway: persist non-interactive gateway token auth in config; add WS wizard + gateway tool-calling regression coverage.
Gateway/Control UI: make chat.send non-blocking, wire Stop to chat.abort, and treat /stop as an out-of-band abort. (#653)
Gateway/Control UI: allow chat.abort without runId (abort active runs), suppress post-abort chat streaming, and prune stuck chat runs. (#653)
Gateway/Control UI: sniff image attachments for chat.send, drop non-images, and log mismatches. (#670) — thanks @cristip73.
macOS: force restart-mac.sh --sign to require identities and keep bundled Node signed for relay verification. (#580) — thanks @jeffersonwarrior.
Gateway/Agent: accept image attachments on agent (multimodal message) and add live gateway image probe (CLAWDBOT_LIVE_GATEWAY_IMAGE_PROBE=1).
CLI: clawdbot sessions now includes elev:* + usage:* flags in the table output.
CLI/Pairing: accept positional provider for pairing list|approve (npm-run compatible); update docs/bot hints.
Branding: normalize user-facing “ClawdBot”/“CLAWDBOT” → “Clawdbot” (CLI, status, docs).
Auto-reply: fix native /model not updating the actual chat session (Telegram/Slack/Discord). (#646)
Doctor: offer to run clawdbot update first on git installs (keeps doctor output aligned with latest).
Doctor: avoid false legacy workspace warning when install dir is ~/clawdbot. (#660)
iMessage: fix reasoning persistence across DMs; avoid partial/duplicate replies when reasoning is enabled. (#655) — thanks @antons.
Models/Auth: allow MiniMax API configs without models.providers.minimax.apiKey (auth profiles / MINIMAX_API_KEY). (#656) — thanks @mneves75.
Agents: avoid duplicate replies when the message tool sends. (#659) — thanks @mickahouan.
Agents: harden Cloud Code Assist tool ID sanitization (toolUse/toolCall/toolResult) and scrub extra JSON Schema constraints. (#665) — thanks @sebslight.
Agents: sanitize tool results + Cloud Code Assist tool IDs at context-build time (prevents mid-run strict-provider request rejects).
Agents/Tools: resolve workspace-relative Read/Write/Edit paths; align bash default cwd. (#642) — thanks @mukhtharcm.
Discord: include forwarded message snapshots in agent session context. (#667) — thanks @rubyrunsstuff.
Telegram: add telegram.draftChunk to tune draft streaming chunking for streamMode: "block". (#667) — thanks @rubyrunsstuff.
Tests/Agents: add regression coverage for workspace tool path resolution and bash cwd defaults.
iOS/Android: enable stricter concurrency/lint checks; fix Swift 6 strict concurrency issues + Android lint errors (ExifInterface, obsolete SDK check). (#662) — thanks @KristijanJovanovski.
Auth: read Codex CLI keychain tokens on macOS before falling back to ~/.codex/auth.json, preventing stale refresh tokens from breaking gateway live tests.
iOS/macOS: share AsyncTimeout, require explicit bridgeStableID on connect, and harden tool display defaults (avoids missing-resource label fallbacks).
Telegram: serialize media-group processing to avoid missed albums under load.
Signal: handle dataMessage.reaction events (signal-cli SSE) to avoid broken attachment errors. (#637) — thanks @neist.
Docs: showcase entries for ParentPay, R2 Upload, iOS TestFlight, and Oura Health. (#650) — thanks @henrino3.
Agents: repair session transcripts by dropping duplicate tool results across the whole history (unblocks Anthropic-compatible APIs after retries).
Tests/Live: reset the gateway session between model runs to avoid cross-provider transcript incompatibilities (notably OpenAI Responses reasoning replay rules).

2026.1.9

Highlights

Microsoft Teams provider: polling, attachments, outbound CLI send, per-channel policy.
Models/Auth expansion: OpenCode Zen + MiniMax API onboarding; token auth profiles + auth order; OAuth health in doctor/status.
CLI/Gateway UX: message subcommands, gateway discover/status/SSH, /config + /debug, sandbox CLI.
Provider reliability sweep: WhatsApp contact cards/targets, Telegram audio-as-voice + streaming, Signal reactions, Slack threading, Discord stability.
Auto-reply + status: block-streaming controls, reasoning handling, usage/cost reporting.
Control UI/TUI: queued messages, session links, reasoning view, mobile polish, logs UX.

Breaking

CLI: clawdbot message now subcommands (message send|poll|...) and requires --provider unless only one provider configured.
Commands/Tools: /restart and gateway restart tool disabled by default; enable with commands.restart=true.

New Features and Changes

Models/Auth: OpenCode Zen onboarding (#623) — thanks @magimetal; MiniMax Anthropic-compatible API + hosted onboarding (#590, #495) — thanks @mneves75, @tobiasbischoff.
Models/Auth: setup-token + token auth profiles; clawdbot models auth order {get,set,clear}; per-agent auth candidates in /model status; OAuth expiry checks in doctor/status.
Agent/System: claude-cli runner; session_status tool (and sandbox allow); adaptive context pruning default; system prompt messaging guidance + no auto self-update; eligible skills list injection; sub-agent context trimmed.
Commands: /commands list; /models alias; /usage alias; /debug runtime overrides + effective config view; /config chat updates + /config get; config --section.
CLI/Gateway: unified message tool + message subcommands; gateway discover (local + wide-area DNS-SD) with JSON/timeout; gateway status human-readable + JSON + SSH loopback; wide-area records include gatewayPort/sshPort/cliPath + tailnet DNS fallback.
CLI UX: logs output modes (pretty/plain/JSONL) + colorized health/daemon output; global --no-color; lobster palette in onboarding/config.
Dev ergonomics: gateway --dev/--reset + dev profile auto-config; C-3PO dev templates; dev gateway/TUI helper scripts.
Sandbox/Workspace: sandbox list/recreate commands; sync skills into sandbox workspace; sandbox browser auto-start.
Config/Onboarding: inline env vars; OpenAI API key flow to shared ~/.clawdbot/.env; Opus 4.5 default prompt for Anthropic auth; QuickStart auto-install gateway (Node-only) + provider picker tweaks + skip-systemd flags; TUI bootstrap prompt (tui --message); remove Bun runtime choice.
Providers: Microsoft Teams provider (polling, attachments, outbound sends, requireMention, config reload/DM policy). (#404) — thanks @onutc
Providers: WhatsApp broadcast groups for multi-agent replies (#547) — thanks @pasogott; inbound media size cap configurable (#505) — thanks @koala73; identity-based message prefixes (#578) — thanks @p6l-richard.
Providers: Telegram inline keyboard buttons + callback payload routing (#491) — thanks @azade-c; cron topic delivery targets (#474/#478) — thanks @mitschabaude-bot, @nachoiacovino; [[audio_as_voice]] tag support (#490) — thanks @jarvis-medmatic.
Providers: Signal reactions + notifications with allowlist support.
Status/Usage: /status cost reporting + /cost lines; auth profile snippet; provider usage windows.
Control UI: mobile responsiveness (#558) — thanks @carlulsoe; queued messages + Enter-to-send (#527) — thanks @YuriNachos; session links (#471) — thanks @HazAT; reasoning view; skill install feedback (#445) — thanks @pkrmf; chat layout refresh (#475) — thanks @rahthakor; docs link + new session button; drop explicit ui:install.
TUI: agent picker + agents list RPC; improved status line.
Doctor/Daemon: audit/repair flows, permissions checks, supervisor config audits; provider status probes + warnings for Discord intents and Telegram privacy; last activity timestamps; gateway restart guidance.
Docs: Hetzner Docker VPS guide + cross-links (#556/#592) — thanks @Iamadig; Ansible guide (#545) — thanks @pasogott; provider troubleshooting index; hook parameter expansion (#532) — thanks @mcinteerj; model allowlist notes; OAuth deep dive; showcase refresh.
Apps/Branding: refreshed iOS/Android/macOS icons (#521) — thanks @fishfisher.

Fixes

Packaging: include MS Teams send module in npm tarball.
Sandbox/Browser: auto-start CDP endpoint; proxy CDP out of container for attachOnly; relax Bun fetch typing; align sandbox list output with config images.
Agents/Runtime: gate heartbeat prompt to default sessions; /stop aborts between tool calls; require explicit system-event session keys; guard small context windows; fix model fallback stringification; sessions_spawn inherits provider; failover on billing/credits; respect auth cooldown ordering; restore Anthropic OAuth tool dispatch + tool-name bypass; avoid OpenAI invalid reasoning replay; harden Gmail hook model defaults.
Agent history/schema: strip/skip empty assistant/error blocks to prevent session corruption/Claude 400s; scrub unsupported JSON Schema keywords + sanitize tool call IDs for Cloud Code Assist; simplify Gemini-compatible tool/session schemas; require raw for config.apply.
Auto-reply/Streaming: default audioAsVoice false; preserve audio_as_voice propagation + buffer audio blocks + guard voice notes; block reply ordering (timeout) + forced-block fence-safe; avoid chunk splits inside parentheses + fence-close breaks + invalid UTF-16 truncation; preserve inline directive spacing + allow whitespace in reply tags; filter NO_REPLY prefixes + normalize routed replies; suppress leakage with separate Reasoning; block streaming defaults (off by default, minChars/idle tuning) + coalesced blocks; dedupe followup queue; restore explicit responsePrefix default.
Status/Commands: provider prefix in /status model display; usage filtering + provider mapping; auth label + usage snapshots (claude-cli fallback + optional claude.ai); show Verbose/Elevated only when enabled; compact usage/cost line + restore emoji-rich status; /status in directive-only + multi-directive handling; mention-bypass elevated handling; surface provider usage errors; wire /usage to /status; restore hidden gateway-daemon alias; fallback /model list when catalog unavailable.
WhatsApp: vCard/contact cards (prefer FN, include numbers, show all contacts, keep summary counts, better empty summaries); preserve group JIDs + normalize targets; resolve @lid mappings/JIDs (Baileys/auth-dir) + inbound mapping; route queued replies to sender; improve web listener errors + remove provider name from errors; record outbound activity account id; fix web media fetch errors; broadcast group history consistency.
Telegram: keep streamMode draft-only; long-poll conflict retries + update dedupe; grammY fetch mismatch fixes + restrict native fetch to Bun; suppress getUpdates stack traces; include user id in pairing; audio_as_voice handling fixes.
Discord/Slack: thread context helpers + forum thread starters; avoid category parent overrides; gateway reconnect logs + HELLO timeout + stop provider after reconnect exhaustion; DM recipient parsing for numeric IDs; remove incorrect limited warning; reply threading + mrkdwn edge cases; remove ack reactions after reply; gateway debug event visibility.
Signal: reaction handling safety; own-reaction matching (uuid+phone); UUID-only senders accepted; ignore reaction-only messages.
MS Teams: download image attachments reliably; fix top-level replies; stop on shutdown + honor chunk limits; normalize poll providers/deps; pairing label fixes.
iMessage: isolate group-ish threads by chat_id.
Gateway/Daemon/Doctor: atomic config writes; repair gateway service entrypoint + install switches; non-interactive legacy migrations; systemd unit alignment + KillMode=process; node bridge keepalive/pings; Launch at Login persistence; bundle ClawdbotKit resources + Swift 6.2 compat dylib; relay version check + remove smoke test; regen Swift GatewayModels + keep agent provider string; cron jobId alias + channel alias migration + main session key normalization; heartbeat Telegram accountId resolution; avoid WhatsApp fallback for internal runs; gateway listener error wording; serveBaseUrl param; honor gateway --dev; fix wide-area discovery updates; align agents.defaults schema; provider account metadata in daemon status; refresh Carbon patch for gateway fixes; restore doctor prompter initialValue handling.
Control UI/TUI: persist per-session verbose off + hide tool cards; logs tab opens at bottom; relative asset paths + landing cleanup; session labels lookup/persistence; stop pinning main session in recents; start logs at bottom; TUI status bar refresh + timeout handling + hide reasoning label when off.
Onboarding/Configure: QuickStart single-select provider picker; avoid Codex CLI false-expiry warnings; clarify WhatsApp owner prompt; fix Minimax hosted onboarding (agents.defaults + msteams heartbeat target); remove configure Control UI prompt; honor gateway --dev flag.

Maintenance

Dependencies: bump pi-* stack to 0.42.2.
Dependencies: Pi 0.40.0 bump (#543) — thanks @mcinteerj.
Build: Docker build cache layer (#605) — thanks @zknicker.
Auth: enable OAuth token refresh for Claude Code CLI credentials (anthropic:claude-cli) with bidirectional sync back to Claude Code storage (file on Linux/Windows, Keychain on macOS). This allows long-running agents to operate autonomously without manual re-authentication (#654 — thanks @radek-paclt).

2026.1.8

Highlights

Security: DMs locked down by default across providers; pairing-first + allowlist guidance.
Sandbox: per-agent scope defaults + workspace access controls; tool/session isolation tuned.
Agent loop: compaction, pruning, streaming, and error handling hardened.
Providers: Telegram/WhatsApp/Discord/Slack reliability, threading, reactions, media, and retries improved.
Control UI: logs tab, streaming stability, focus mode, and large-output rendering fixes.
CLI/Gateway/Doctor: daemon/logs/status, auth migration, and diagnostics significantly expanded.

Breaking

SECURITY (update ASAP): inbound DMs are now locked down by default on Telegram/WhatsApp/Signal/iMessage/Discord/Slack.
- Previously, if you didn’t configure an allowlist, your bot could be open to anyone (especially discoverable Telegram bots).
- New default: DM pairing (dmPolicy="pairing" / discord.dm.policy="pairing" / slack.dm.policy="pairing").
- To keep old “open to everyone” behavior: set dmPolicy="open" and include "*" in the relevant allowFrom (Discord/Slack: discord.dm.allowFrom / slack.dm.allowFrom).
- Approve requests via clawdbot pairing list <provider> + clawdbot pairing approve <provider> <code>.
Sandbox: default agent.sandbox.scope to "agent" (one container/workspace per agent). Use "session" for per-session isolation; "shared" disables cross-session isolation.
Timestamps in agent envelopes are now UTC (compact YYYY-MM-DDTHH:mmZ); removed messages.timestampPrefix. Add agent.userTimezone to tell the model the user’s local time (system prompt only).
Model config schema changes (auth profiles + model lists); doctor auto-migrates and the gateway rewrites legacy configs on startup.
Commands: gate all slash commands to authorized senders; add /compact to manually compact session context.
Groups: whatsapp.groups, telegram.groups, and imessage.groups now act as allowlists when set. Add "*" to keep allow-all behavior.
Auto-reply: removed autoReply from Discord/Slack/Telegram channel configs; use requireMention instead (Telegram topics now support requireMention overrides).
CLI: remove update, gateway-daemon, gateway {install|uninstall|start|stop|restart|daemon status|wake|send|agent}, and telegram commands; move login/logout to providers login/logout (top-level aliases hidden); use daemon for service control, send/agent/wake for RPC, and nodes canvas for canvas ops.

Fixes

CLI/Gateway/Doctor: daemon runtime selection + improved logs/status/health/errors; auth/password handling for local CLI; richer close/timeout details; auto-migrate legacy config/sessions/state; integrity checks + repair prompts; --yes/--non-interactive; --deep gateway scans; better restart/service hints.
Agent loop + compaction: compaction/pruning tuning, overflow handling, safer bootstrap context, and per-provider threading/confirmations; opt-in tool-result pruning + compact tracking.
Sandbox + tools: per-agent sandbox overrides, workspaceAccess controls, session tool visibility, tool policy overrides, process isolation, and tool schema/timeout/reaction unification.
Providers (Telegram/WhatsApp/Discord/Slack/Signal/iMessage): retry/backoff, threading, reactions, media groups/attachments, mention gating, typing behavior, and error/log stability; long polling + forum topic isolation for Telegram.
Gateway/CLI UX: clawdbot logs, cron list colors/aliases, docs search, agents list/add/delete flows, status usage snapshots, runtime/auth source display, and /status/commands auth unification.
Control UI/Web: logs tab, focus mode polish, config form resilience, streaming stability, tool output caps, windowed chat history, and reconnect/password URL auth.
macOS/Android/TUI/Build: macOS gateway races, QR bundling, JSON5 config safety, Voice Wake hardening; Android EXIF rotation + APK naming/versioning; TUI key handling; tooling/bundling fixes.
Packaging/compat: npm dist folder coverage, Node 25 qrcode-terminal import fixes, Bun/Playwright/WebSocket patches, and Docker Bun install.
Docs: new FAQ/ClawdHub/config examples/showcase entries and clarified auth, sandbox, and systemd docs.

Maintenance

Skills additions (Himalaya email, CodexBar, 1Password).
Dependency refreshes (pi-* stack, Slack SDK, discord-api-types, file-type, zod, Biome, Vite).
Refactors: centralized group allowlist/mention policy; lint/import cleanup; switch tsx → bun for TS execution.

2026.1.5

Highlights

Models: add image-specific model config (agent.imageModel + fallbacks) and scan support.
Agent tools: new image tool routed to the image model (when configured).
Config: default model shorthands (opus, sonnet, gpt, gpt-mini, gemini, gemini-flash).
Docs: document built-in model shorthands + precedence (user config wins).
Bun: optional local install/build workflow without maintaining a Bun lockfile (see docs/bun.md).

Fixes

Control UI: render Markdown in tool result cards.
Control UI: prevent overlapping action buttons in Discord guild rules on narrow layouts.
Android: tapping the foreground service notification brings the app to the front. (#179) — thanks @Syhids
Cron tool uses id for update/remove/run/runs (aligns with gateway params). (#180) — thanks @adamgall
Control UI: chat view uses page scroll with sticky header/sidebar and fixed composer (no inner scroll frame).
macOS: treat location permission as always-only to avoid iOS-only enums. (#165) — thanks @Nachx639
macOS: make generated gateway protocol models Sendable for Swift 6 strict concurrency. (#195) — thanks @andranik-sahakyan
macOS: bundle QR code renderer modules so DMG gateway boot doesn't crash on missing qrcode-terminal vendor files.
macOS: parse JSON5 config safely to avoid wiping user settings when comments are present.
WhatsApp: suppress typing indicator during heartbeat background tasks. (#190) — thanks @mcinteerj
WhatsApp: mark offline history sync messages as read without auto-reply. (#193) — thanks @mcinteerj
Discord: avoid duplicate replies when a provider emits late streaming text_end events (OpenAI/GPT).
CLI: use tailnet IP for local gateway calls when bind is tailnet/auto (fixes #176).
Env: load global $CLAWDBOT_STATE_DIR/.env (~/.clawdbot/.env) as a fallback after CWD .env.
Env: optional login-shell env fallback (opt-in; imports expected keys without overriding existing env).
Agent tools: OpenAI-compatible tool JSON Schemas (fix browser, normalize union schemas).
Onboarding: when running from source, auto-build missing Control UI assets (bun run ui:build).
Discord/Slack: route reaction + system notifications to the correct session (no main-session bleed).
Agent tools: honor agent.tools allow/deny policy even when sandbox is off.
Discord: avoid duplicate replies when OpenAI emits repeated message_end events.
Commands: unify /status (inline) and command auth across providers; group bypass for authorized control commands; remove Discord /clawd slash handler.
CLI: run clawdbot agent via the Gateway by default; use --local to force embedded mode.

92 KiB Raw Blame History Unescape Escape

Changelog

2026.1.22

Changes

Breaking

Fixes

2026.1.21

Changes

Breaking

Fixes

2026.1.20

Changes

Breaking

Fixes

2026.1.16-2

Changes

2026.1.16-1

Highlights

Breaking

Changes

Fixes

2026.1.15

Highlights

Breaking

Changes

Fixes

2026.1.14-1

Highlights

Changes

Fixes

2026.1.14

Changes

Fixes

Agents / Auth / Tools / Sandbox

macOS / Apps

2026.1.13

Fixes

2026.1.12-2

Fixes

2026.1.12-1

Fixes

2026.1.12

Highlights

New & Improved

Installer

Fixes

Maintenance

2026.1.11

Highlights

Changes

Installer

Fixes

2026.1.10

Highlights

Changes

Fixes

2026.1.9

Highlights

Breaking

New Features and Changes

Fixes

Maintenance

2026.1.8

Highlights

Breaking

Fixes

Maintenance

2026.1.5

Highlights

Fixes

92 KiB

Raw Blame History