Skip to main content
v2.1.38
Fix
2026-07-04
  • Agent images build asynchronouslybuildAgentGroupImage swaps its blocking execSync docker build for an awaited promisified exec, so the single-threaded host stays responsive during the up-to-15-minute rebuild a package-install approval or ncl groups restart --rebuild can trigger. Timeout, buffered stdio, and non-zero-exit propagation are preserved (#2931)
v2.1.37
Maintenance
2026-07-04
  • Security docs rewritten to match the v2 perimeter — docs/SECURITY.md reworked, and the stale docs/docker-sandboxes.md and docs/APPLE-CONTAINER-NETWORKING.md removed (#2945)
  • Dead data/env/env secrets mirror removed from the setup and migrate paths — channel/setup scripts no longer write a second copy of credentials to disk (#2946)
  • Stale architecture, scheduling, provider-config, and overlay docs corrected (#2948)
v2.1.36
Fix
2026-07-04
  • Mount allowlist honors the readOnly key — the per-root readOnly flag (and the top-level nonMainReadOnly key) that /manage-mounts and setup actually write is now respected, so read-write grants are no longer silently forced read-only. The allowlist is also read and validated per call with an mtime-keyed cache instead of being parsed once for the whole process lifetime, so a parse error is no longer cached forever (#2943)
v2.1.35
Fix
2026-07-04
  • Agent-to-agent reply stamping fixed — the active batch’s in_reply_to value lived in module-level state, but the nanoclaw MCP server runs as a separate subprocess from the poll loop, so the reply stamp was always read as null and a2a replies fell back to host peer-affinity routing. The stamp now publishes through session_state in outbound.db (both processes already open it), with an updated_at staleness guard so a stamp left by a killed container isn’t reused (#2942)
  • Removed one-DB-era @deprecated shims and dead exports left over from the two-database session split (#2940)
v2.1.34
Fix
2026-07-04
  • Re-provision a missing session folder on resolve so the documented session-reset flow works instead of erroring on the recreated session (#2937)
v2.1.33
Maintenance
2026-07-04
  • Dead ncl CLI protocol vocabulary cleaned out of the command registry and framing (#2936)
  • Removed dead v1 config knobs and a broken pnpm auth script (#2935)
v2.1.32
Fix
2026-07-04
  • Security-perimeter env vars are reachable under the packaged service — egress lockdown and the per-container CPU/memory caps were read from process.env only, but the shipped launchd/systemd service sets just PATH+HOME and never loads .env into process.env, so these knobs couldn’t be turned on the supported way. They now route through the same readEnvFile path as the other config keys, keeping process.env precedence so dev-mode/nohup installs are unaffected (#2934)
v2.1.31
FeatureSkill
2026-07-04
  • Colored approval buttons — approval cards render Approve/Reject as styled buttons (Slack primary/danger) across the OneCLI, primitive, channel-approval, and sender-approval flows (#2933)
  • /add-clidash skill — a zero-dependency, read-only web dashboard that derives its tabs and tables at runtime from any CLI emitting JSON, pre-wired for ncl (agent groups, sessions, channels, users, roles) with message-activity charts, a log tail, and a read-only file viewer (#2795)
v2.1.30
Fix
2026-07-04
  • ncl positional-ID resolution fixed for generated (dashed) identifiers — the longest-registered-prefix lookup no longer mis-splits a dashed ID into command + args (#2932)
v2.1.29
Fix
2026-07-04
  • Command-gate hardening — /start is back in the host FILTERED set (a Telegram fix silently undone when host gating landed) so it’s dropped instead of reaching the agent as a normal message, and the inline admin check now calls hasAdminPrivilege instead of a hasTable('user_roles') guard that only ever masked a missing check (fail-open removed) (#2930)
v2.1.28
Feature
2026-07-04
  • OneCLI approval cards show what the agent is doing — when the hosted OneCLI gateway sends a structured summary on an approval request, the card renders Action: plus labeled fields (e.g. the To / Subject / Body of an email send) instead of the raw METHOD host/path + body-preview HTTP trace. Rendering is defensive — values are coerced and length-capped, with a running budget that keeps the card under Slack’s section-block limit and reports any omitted fields; without a summary the old body-preview fallback remains (#2929)
v2.1.27
Maintenance
2026-07-04
  • Removed the dead /workspace/global container mount and untracked leftover v1 group seed files (groups/global, groups/main CLAUDE.md) (#2928)
v2.1.26
Maintenance
2026-07-04
  • Unregistered the mock agent provider from the production container barrel so it can’t be selected at runtime (#2927)
v2.1.25
Security
2026-07-04
  • Approved CLI commands no longer run with escalated host privilege — a ncl command held for approval was re-dispatched as { caller: 'host' } when it executed, so an approved group-scoped command ran with unrestricted host scope. The approval now records the original caller context and replays the command under it, so it executes with exactly the requesting agent’s scope (#2611)
v2.1.24
Feature
2026-07-02
  • Agent templates — folder-only templates under templates/ (context/instructions.md plus optional context extras, .mcp.json, and a skills/ overlay) stamp a new group with ncl groups create --template <name>: the provider-neutral instructions are inlined at the top of CLAUDE.md/AGENTS.md every spawn, context extras are copied preserving their layout, MCP servers are written to container config, and the per-group skills overlay is installed. See docs/templates.md (#2890)
  • Guided setup now offers Slack Socket Mode as a first-class option in the Slack setup flow (#2885)
v2.1.23
Fix
2026-06-30
  • Container tooling bumps: @anthropic-ai/claude-code 2.1.170 → 2.1.197 (via the cli-tools.json manifest), Claude agent SDK ^0.3.170^0.3.197, Anthropic SDK ^0.100.0^0.108.0
v2.1.22
Fix
2026-06-30
  • Inbox symlink containment — channel-inbound attachments and agent-to-agent forwarded files are written into a session’s inbox/ through a shared host-side guard (src/inbox-safety.ts): a symlinked inbox root or per-message directory is rejected, final paths are containment-checked against the session folder, and writes use exclusive-create flags so a pre-placed symlinked file can’t be followed (security, #2828)
  • ncl messaging-groups create gained an instance column for running multiple adapters of one channel type; when --instance is omitted it defaults to the channel_type value
v2.1.21
Feature
2026-06-25
  • Reject with reason — declining a self-mod or agent-to-agent approval can now relay a one-line note back to the requesting agent (Your <action> request was rejected by admin: "<reason>"). A plain Reject is unchanged; an unanswered reason prompt finalizes as a plain reject after ~5 minutes
  • /learn skill — distill or refine a reusable skill from a directory, a URL, pasted notes, or the work just done, authored to the project’s skill guidelines
  • Clearer agent-to-agent gate approval prompt
v2.1.20
Breaking
2026-06-25
  • [BREAKING] Chat SDK pinned to 4.29.0 (was ^4.24.0) — chat and the @chat-adapter/* channel adapters are version-locked, so a mismatched pair fails to typecheck. Core installs with no channel (only cli) are unaffected. Migration: re-run each installed channel’s /add-<channel> skill to pull the matching 4.29.0 adapter
  • Per-container resource capsCONTAINER_CPU_LIMIT and CONTAINER_MEMORY_LIMIT pass through to docker run as --cpus / --memory. Both empty by default (unbounded, byte-identical spawn args to before); --memory is a hard cap on a swapless host
  • /update-skills now rebuilds the agent image when a re-applied skill changed files under container/
  • Fixes: reap dead peer service registrations whose binary is gone; allow an env-selected agent provider in setup
v2.1.19
Feature
2026-06-18
  • Per-message approval policies on agent-to-agent connections — an operator can gate one agent→agent edge so every message waits for human approval, without un-wiring it: ncl policies set --from <id> --to <id> --approver <user-id>. Directed and per-pair; operator-only. Backed by the new agent_message_policies table (migration 017)
  • Named approver — a policy pins a single required approver; only that user (or an owner) can clear a held message, recorded as approver_user_id on pending_approvals (migration 018)
  • .claude is now mirrored into .agents via symlinks
v2.1.18
Fix
2026-06-18
  • Setup parses the Claude OAuth token correctly from a wrapped PTY capture
v2.1.17
Feature
2026-06-16
  • Codex CLI installs via the container/cli-tools.json manifest instead of a hard-coded Dockerfile layer
  • /update-nanoclaw upgrades the OneCLI gateway when its pinned version moves (versions.json), walking you through docs/onecli-upgrades.md before the restart
  • Budget/billing-exhausted LLM turns (e.g. an Anthropic 403 billing_error) now reach the user instead of being silently dropped and retried
v2.1.16
Feature
2026-06-14
  • Operator-driven provider selection in setup — the installer can select, install, and authenticate a non-default agent provider, then set it on the first agent before its first spawn. A provider registry feeds the picker and a vault-only auth walkthrough; default (Claude) installs are unaffected
  • Per-group provider choice — the provider is a per-group database property, not an install-wide default: ncl groups config update --id <group-id> --provider <name> then restart. Group creation stays provider-agnostic
  • Memory migrates via /migrate-memory, never at runtime — each provider keeps its own store, so a fresh group on a different provider never inherits stale CLAUDE.* files
  • Container boot failures now log the last stderr lines at warn on a non-zero exit instead of looping silently
v2.1.15
Feature
2026-06-14
  • Container global CLIs (@anthropic-ai/claude-code, agent-browser, vercel) are now data-driven from container/cli-tools.json, each pinned to an exact version — a skill adds a CLI by appending to the manifest instead of editing the Dockerfile
v2.1.14
Breaking
2026-06-13
  • [BREAKING] @onecli-sh/sdk 0.5.0 → 2.2.1 — now requires a OneCLI gateway with the /v1 API; gateways that predate it answer 404 to every vault call. Sanctioned component versions are pinned in versions.json and the onecli setup step enforces them. Migration: docs/onecli-upgrades.md
  • Slash commands now interrupt an in-flight turn instead of waiting it out
  • New onExchangeComplete provider hook — providers whose harness keeps no on-disk transcript can archive each exchange themselves
v2.1.13
Feature
2026-06-13
  • Agent-surfaces capability seam (providesAgentSurfaces) — a provider can declare it owns the composed project doc, skill links, and state dir, and the host skips its default surfaces
v2.1.12
Feature
2026-06-13
  • Opt-in persistent memory scaffold (usesMemoryScaffold) — providers without native memory get an idempotent memory/ tree in the agent’s host-backed workspace at boot
v2.1.11
Feature
2026-06-11
  • Webhook raw-route registry — modules register non–Chat SDK webhooks (GitHub, payment providers, health checks) with registerWebhookHandler() on the shared server instead of opening a second port
v2.1.10
Fix
2026-06-11
  • Open outbound.db read-write in writeOutboundDirect so direct outbound writes aren’t blocked
v2.1.9
Feature
2026-06-11
  • Approval-resolved callback registry — modules can observe when an approval is resolved (e.g. to clear an “awaiting approval” indicator)
v2.1.8
Fix
2026-06-11
  • Grace period for freshly-woken containers with stale processing claims — skips SLA enforcement on the tick that wakes a container, preventing a spawn-kill loop
v2.1.7
Fix
2026-06-11
  • Record the acting user on resolved approval cards
v2.1.6
Fix
2026-06-11
  • Add a read side (getDeliveryAction) to the delivery action registry so module registrations can be behavior-tested
v2.1.5
Feature
2026-06-11
  • Multi-instance adapters — run several adapters of one platform at once (e.g. three Slack apps in one workspace). A new messaging_groups.instance dimension (migration 016) keys the adapter registry, per-instance Chat SDK state namespaces and webhook routes, and threads the instance through the router, delivery, and typing indicators. Single-instance installs are unchanged (instance defaults to the channel type)
  • Interactive uninstallerbash nanoclaw.sh --uninstall removes one NanoClaw copy (service, containers, data, OneCLI agents) with a scan → confirm → execute flow, --dry-run and --yes flags, and per-checkout install-slug scoping. See Uninstall NanoClaw
v2.1.1 – v2.1.4
Feature
2026-06-09
  • Egress lockdown (opt-in) — an agent group’s outbound network is forced through the OneCLI gateway, so a compromised agent can’t reach arbitrary hosts (v2.1.1). See Hardening
  • v2.1.2–v2.1.4 were rapid patch follow-ups with no user-facing changes
v2.1.0
Breaking
2026-06-07
  • [BREAKING] Startup now requires an upgrade marker. The host refuses to boot unless data/upgrade-state.json records that the install reached its version through a sanctioned path (/setup, /update-nanoclaw, /migrate-nanoclaw). Stamp it with pnpm exec tsx scripts/upgrade-state.ts set — the same command clears a tripped marker. See Upgrading
  • Skills retrofit — channel, provider, and tool skills made v2-conformant (minimal integration surface, a test per integration point); four skills broken on v2 were dropped
v2.0.65 – v2.0.76
Feature
2026-06-05
  • /upload-trace — upload a session trace to Hugging Face for sharing or debugging
  • Session-transcript rotation before resume — oversized or aged transcripts are rotated so a cold resume can’t wedge the container
  • /add-rtk token-efficient CLI-proxy skill, and a whatsapp-formatting container skill
  • Fixes: signal-cli 0.13+ listAccounts, the Photon remote-iMessage URL, channel-approval target scoping, and per-group CLAUDE.local.md loading
v2.0.64
Fix
2026-05-18
  • ncl destinations add/remove through the approval flow now reach the receiver immediately — an approved destination no longer fails send_message with unknown destination until the next container restart
v2.0.55 – v2.0.63
Breaking
2026-05-15
Rollup release covering v2.0.55–v2.0.63; per-bump GitHub Releases begin here.
  • [BREAKING] Service names are now per-install — the launchd label and systemd unit are slugged to your project root (com.nanoclaw.<sha1(projectRoot)[:8]>, nanoclaw-<slug>.service). The old com.nanoclaw / nanoclaw.service names no longer match; find yours with source setup/lib/install-slug.sh && launchd_label (macOS) or systemd_unit (Linux)
  • Stronger <message>-wrapping enforcement; MCP servers added via add_mcp_server inherit OneCLI gateway routing; CLI-scope hardening (scopeField fails closed, sessions get guarded against cross-group access); /add-gmail-tool and /add-gcal-tool aligned with the v2 container-config model; qwibitai/nanoclawnanocoai/nanoclaw swept across code and docs
v2.0.54
Feature
2026-05-10
  • Per-group model and effort overridesncl groups config update --model <model> --effort <level>, falling back to the host-configured model when unset
  • Container claude-code bumped to 2.1.128
v2.0.48 – v2.0.53
Feature
2026-05-09
  • Container config moved to the database — per-group runtime config (provider, model, packages, MCP servers, mounts, skills) lives in the container_configs table instead of groups/<folder>/container.json; filesystem configs are backfilled on startup
  • ncl groups restart with --rebuild / --message — config edits no longer auto-kill containers; on-wake messages are picked up only by a fresh container’s first poll
  • Per-group cli_scope (disabled / group / global, default group) — controls what the agent can reach via ncl from inside its container, with cross-group result filtering
v2.0.45 – v2.0.47
Feature
2026-05-08
  • The ncl admin CLI — query and modify the central DB (agent groups, messaging groups, wirings, users, roles, members, destinations, sessions, approvals, dropped messages). Host transport over a Unix socket; container-side writes go through the approval flow
  • v1 → v2 migrationbash migrate-v2.sh finds your v1 install, merges .env, seeds the v2 DB, copies group folders (CLAUDE.mdCLAUDE.local.md) and session data, ports tasks and channels, then hands off to /migrate-from-v1. See Migrate from v1
v2.0.1 – v2.0.44
Maintenance
2026-05-07
  • Post-rewrite stabilization — roughly 44 rapid patch releases over two weeks, before the per-release changelog discipline began at v2.0.63. Not individually documented upstream; see the GitHub releases for raw notes
v2.0.0
Breaking
2026-04-22
  • Ground-up architectural rewrite with new entity model (users, roles, messaging groups, agent groups, wirings)
  • Two-database session model — inbound.db (host writes) and outbound.db (container writes) eliminate cross-mount SQLite contention
  • Agent-runner moved from Node.js to Bun — runs TypeScript directly without compilation
  • Shared-source agent-runner — /app/src is a read-only bind mount, source changes never require image rebuild
  • tini as PID 1 for proper signal forwarding
  • Three-level channel isolation model with unknown_sender_policy (strict, request_approval, public)
  • Per-wiring engage modes: pattern, mention, mention-sticky
  • Sender scope enforcement per wiring (all or known)
  • Channel and sender approval flows with interactive cards
  • Tasks stored as messages_in rows with cron-based recurrence and series tracking
  • Delivery system with two-poll architecture (active 1s, sweep 60s)
  • Module system for permissions, scheduling, agent-to-agent, approvals, and self-modification
  • OneCLI Agent Vault is the sole credential path
  • Channels moved to separate branches (trunk ships no adapters)
  • Per-agent-group custom Docker images with additional packages
v1.2.53
Maintenance
2026-04-15
  • Updated token count to 43.8k tokens (22% of context window)
  • Added .claude/settings.json with default SDK configuration
  • Added ONECLI_API_KEY configuration option for OneCLI gateway authentication
v1.2.52
Fix
2026-04-05
  • Fixed Gmail OneCLI credential mode detection — properly detects when running under OneCLI Agent Vault
  • Reduced setup friction and improved diagnostics output
  • Added .npmrc with 7-day minimum release age for dependency safety
v1.2.51
Fix
2026-04-05
  • Fixed writable global memory mount for main agent — corrected the path in container CLAUDE.md
  • Fixed three issues in the Karpathy wiki skill
  • Updated init-onecli skill to use ONECLI_URL variable
v1.2.50
FeatureSkill
2026-04-05
  • Lowered auto-compact threshold to 165k tokens for better context fidelity
  • Added /add-karpathy-llm-wiki skill — persistent wiki knowledge base per group, based on Karpathy’s LLM Wiki pattern
  • Added /migrate-nanoclaw skill — intent-based upgrade that extracts customizations into a migration guide and reapplies them on a clean upstream base
  • Added /migrate-from-openclaw skill — guided migration from OpenClaw installations
  • NanoClaw now suggests /migrate-nanoclaw when the user’s fork is far behind upstream
v1.2.49
Feature
2026-04-04
  • Added automatic session artifact pruning on startup and daily — cleans up stale session JSONLs (7 days), debug logs (3 days), todo files (3 days), and telemetry (7 days) while preserving active sessions
v1.2.48
Feature
2026-04-04
  • Upgraded agent SDK to 0.2.92 with auto-compact at 165k tokens
v1.2.47
Feature
2026-04-03
  • Main agent now has direct read-write access to the SQLite database — store/ is mounted separately at /workspace/project/store so the main group can query and write data directly
  • Added requiresTrigger parameter to the register_group MCP tool (defaults to false) — controls whether messages must start with the trigger word for the group to respond
v1.2.46
FeatureChannel
2026-04-03
  • Added reply/quoted message context support — channels can now pass reply_to_message_id, reply_to_message_content, and reply_to_sender_name fields with messages
  • Reply context is rendered as <quoted_message> XML in agent prompts, giving agents full awareness of which message a user is responding to
  • Database migration adds reply context columns to the messages table (nullable for backward compatibility)
v1.2.45
SkillMaintenance
2026-04-02
  • Added /add-macos-statusbar utility skill — macOS menu bar status indicator with start/stop/restart controls
  • Added Telegram channel contributors (contributed by @cschmidt, @leonalfredbot-ship-it, @moktamd, @gurixs-carson)
v1.2.43
Fix
2026-03-29
  • Auto-recover from stale Claude Code session IDs instead of retrying infinitely — detects missing session transcripts and clears the broken session for a fresh retry
  • Removed built-in Ollama MCP server from core — Ollama integration is now exclusively available via the /add-ollama-tool skill
  • Fixed npm audit dependency errors
v1.2.42
Feature
2026-03-28
  • Setup skill now routes credential system by container runtime: Docker uses OneCLI Agent Vault, Apple Container uses native credential proxy
  • Marked Apple Container as experimental
v1.2.41
FixMaintenance
2026-03-28
  • Migrated x-integration host.ts from pino to built-in logger (follow-up to v1.2.36 cleanup)
  • Fixed stopContainer() test compatibility — mocked container-runtime so tests don’t require Docker
  • Cleared stale Telegram token from .env.example
v1.2.40
Fix
2026-03-27
  • Fixed message history overflow: when lastAgentTimestamp was missing, all 200 messages were sent to the agent instead of respecting MAX_MESSAGES_PER_PROMPT (default 10). Added cursor recovery from last bot reply.
v1.2.39
FixSecurity
2026-03-27
  • Security fixes: command injection prevention in stopContainer (name validation), mount path colon rejection, allowlist caching fix (contributed by @foxsky)
v1.2.38
Fix
2026-03-27
  • Fixed isMain flag preservation on register_group IPC updates — prevents accidental privilege stripping (contributed by @snw35)
v1.2.37
Fix
2026-03-27
  • Fixed .env parser crash on single-character values (contributed by @foxsky)
v1.2.36
MaintenanceFixBreaking
2026-03-27
  • [BREAKING] Replaced pino logger with built-in logger module — removes 2 runtime dependencies. WhatsApp users must re-merge the WhatsApp fork to pick up the Baileys logger compatibility fix: git fetch whatsapp main && git merge whatsapp/main. If the whatsapp remote is not configured: git remote add whatsapp https://github.com/nanocoai/nanoclaw-whatsapp.git
  • Removed yaml and zod dependencies — core runtime now uses only 3 packages
  • Updated Ollama skill with admin model management tools
  • Channel-formatting text-style fixes for WhatsApp and Telegram (contributed by @kenbolton)
v1.2.35
Breaking
2026-03-26
  • [BREAKING] OneCLI Agent Vault replaces the built-in credential proxy. Check your runtime: grep CONTAINER_RUNTIME_BIN src/container-runtime.ts — if it shows 'container' you are on Apple Container, if 'docker' you are on Docker. Docker users: run /init-onecli to install OneCLI and migrate .env credentials to the vault. Apple Container users: re-merge the skill branch (git fetch upstream skill/apple-container && git merge upstream/skill/apple-container) then run /convert-to-apple-container — do NOT run /init-onecli (it requires Docker). The legacy credential proxy is available as an opt-in skill via /use-native-credential-proxy.
  • Channel tokens (Telegram, Slack, Discord) remain in .env — only container-facing credentials (Anthropic, OpenAI, etc.) are migrated to the vault.
v1.2.34
FixSkillChannel
2026-03-25
  • Added /add-emacs channel skill (contributed by @kenbolton)
  • Fixed mount-allowlist preservation — /setup no longer overwrites existing mount-allowlist.json (contributed by @akasha-scheuermann)
  • Fixed Telegram migration backfill to default chats as direct messages instead of groups (contributed by @RichardCao)
  • Fixed CI workflows to skip bump-version and update-tokens on forks (contributed by @shawnyeager)
v1.2.33
Fix
2026-03-25
  • Fixed container mounts to include group folder and sessions directory (contributed by @kenbolton)
v1.2.32
FeatureSkillFix
2026-03-25
  • Added /channel-formatting skill — channel-aware text formatting for WhatsApp, Telegram, Slack, and Signal
  • Fixed per-group trigger pattern matching — each group can now define its own trigger word (contributed by @mrbob-git)
  • Fixed loginctl enable-linger so systemd user service survives SSH logout (contributed by @IYENTeam)
  • Clarified WhatsApp phone number prompt to prevent auth failures (contributed by @ingyukoh)
  • Added Telegram forum topics contributor (contributed by @flobo3)
v1.2.31
Fix
2026-03-25
  • Fixed isMain-based CLAUDE.md template selection during runtime group registration
v1.2.30
Fix
2026-03-25
  • Fixed CLAUDE.md template copy when registering groups via IPC (contributed by @ingyukoh)
  • Fixed diagnostics to use explicit Read tool directive for pickup instructions (contributed by @Koshkoshinsk)
v1.2.29
Feature
2026-03-25
  • Added task scripts — scheduled tasks can now run a pre-execution bash script that conditionally wakes the agent via wakeAgent JSON contract (contributed by @gabi-simons)
v1.2.28
Fix
2026-03-25
  • Fixed agent-runner source cache to refresh based on file modification time instead of copying once at startup
v1.2.27
Maintenance
2026-03-25
v1.2.26
Fix
2026-03-25
  • Enabled loginctl linger during setup so systemd user service survives SSH logout
  • Clarified WhatsApp phone number prompt format (digits only, no + prefix)
  • Added CLAUDE.md template copy during IPC group registration
v1.2.25
Fix
2026-03-24
  • Fixed timezone validation to prevent crash on POSIX-style TZ values — now validates IANA identifiers and falls back to UTC
  • Expanded fork sync auto-resolve patterns and added missing forks to dispatch list
v1.2.24
Fix
2026-03-24
  • Fixed diagnostics prompt not being shown to user (contributed by @Koshkoshinsk)
  • Added auto-resolve for package-lock.json, badge, and version conflicts during fork sync
v1.2.23
MaintenanceSkill
2026-03-24
  • Added /use-native-credential-proxy skill — opt-in restoration of the built-in .env-based credential proxy for users who prefer it over OneCLI
  • Removed dead src/credential-proxy.ts code (unused since v1.2.22)
  • Updated token count to 39.8k tokens (20% of context window)
  • Upgraded Zod dependency from v3 to v4 (^4.3.6)
v1.2.22
Maintenance
2026-03-24
  • Replaced credential proxy with OneCLI Agent Vault for container credential injection
  • Updated token count to 40.7k tokens (20% of context window)
v1.2.21
Feature
2026-03-22
  • Added opt-in diagnostics via PostHog — collects anonymous system info (OS, architecture, version, selected channels) during /setup and /update-nanoclaw with explicit user consent
  • Three-option prompt: Yes (send once), No (skip), Never ask again (permanently opt out)
  • No runtime telemetry — diagnostics run only in skill workflows, not in the application itself
v1.2.20
Maintenance
2026-03-21
  • Added ESLint configuration with error-handling rules across the codebase
v1.2.19
Fix
2026-03-19
  • Reduced docker stop timeout for faster container restarts (-t 1 flag — containers are stateless)
v1.2.18
SecurityChannel
2026-03-19

Security

  • User prompt content is no longer logged on container errors — only input metadata (prompt length, session ID)

Channel

  • Added Japanese README translation
v1.2.17
Feature
2026-03-18
  • Added read-only /capabilities and /status container-agent skills
v1.2.16
Fix
2026-03-18
  • Tasks snapshot now refreshes immediately after IPC task mutations (contributed by @mbravorus)
v1.2.15
Fix
2026-03-16
  • Fixed remote-control prompt auto-accept to prevent immediate exit
  • Added KillMode=process so remote-control survives service restarts (contributed by @gabi-simons)
v1.2.14
Feature
2026-03-14
  • Added /remote-control command for host-level Claude Code access from within containers
v1.2.13
FeatureBreaking
2026-03-14
Major architecture change: skills are now git branches, channels are separate fork repos.

Features

  • Skills live as skill/* git branches merged via git merge — no more marketplace or plugin system
  • Added Docker Sandboxes announcement and manual setup guide
  • Added nanoclaw-docker-sandboxes to fork dispatch list

Breaking

  • Skills are no longer installed via marketplace or plugin commands — use git merge workflow

Fixes

  • Fixed setup registration to use initDatabase/setRegisteredGroup with correct CLI commands
  • Auto-resolve package-lock conflicts when merging forks
  • Bumped claude-agent-sdk to ^0.2.76
v1.2.12
FeatureSecurity
2026-03-08

Features

  • Added /compact skill for manual context compaction

Security

  • Enhanced container environment isolation via credential proxy — API keys injected at runtime via local proxy instead of environment variables
v1.2.11
FeatureChannelFix
2026-03-08

Features

  • PDF reader skill: Read and analyze PDF attachments
  • Image vision skill: Image analysis for WhatsApp
  • WhatsApp reactions skill: Emoji reactions and status tracker

Fixes

  • Fixed task container to close promptly when agent uses IPC-only messaging
  • Fixed WhatsApp pairing code written to file for immediate access
  • Fixed WhatsApp DM-with-bot registration to use sender’s JID
v1.2.10
FixPerformance
2026-03-06
  • Added LIMIT to unbounded message history queries for better performance
v1.2.9
FeatureFix
2026-03-06

Features

  • Agent prompts now include timezone context for accurate time references

Fixes

  • Fixed voice-transcription skill dropping WhatsApp registerChannel call
v1.2.8
Fix
2026-03-06
  • Fixed misleading send_message tool description for scheduled tasks
v1.2.7
Feature
2026-03-06
  • Added /add-ollama skill for local model inference
  • Added update_task tool and return task ID from schedule_task
v1.2.6
Fix
2026-03-04
  • Updated claude-agent-sdk to 0.2.68
v1.2.5
Fix
2026-03-04
  • CI formatting fix
v1.2.4
Fix
2026-03-04
  • Fixed _chatJid rename to chatJid in onMessage callback
v1.2.3
FeatureSecurity
2026-03-04
  • Added sender allowlist for per-chat access control to restrict who can interact with the agent
v1.2.2
FeatureFix
2026-03-04

Features

  • Added /use-local-whisper skill for local voice transcription
  • Atomic task claims prevent scheduled tasks from executing twice

Fixes

  • Fixed WhatsApp messages.upsert error handling
v1.2.1
Fix
2026-03-02
  • Version bump (no functional changes)
v1.2.0
FeatureBreakingChannel
2026-03-02
Major release introducing multi-channel architecture. WhatsApp is no longer hardcoded — all channels self-register via a channel registry.

Features

  • Channel registry: Channels self-register at module load time via registerChannel() factory pattern
  • isMain flag: Explicit boolean replaces folder-name-based main group detection
  • Channel-prefixed group folders: Groups use whatsapp_main, telegram_family-chat convention to prevent cross-channel collisions
  • Unconfigured channels now emit WARN logs naming the exact missing variable

Breaking

  • WhatsApp moved to skill: No longer part of core — apply with /add-whatsapp
  • ENABLED_CHANNELS removed: Orchestrator uses getRegisteredChannelNames(); channels detected by credential presence
  • All channel skills simplified: No more *_ONLY flags — all use self-registration pattern

Fixes

  • Prevent scheduled tasks from executing twice when container runtime exceeds poll interval

Migration

Existing WhatsApp users: run /add-whatsapp in Claude Code CLI after updating.
v1.1.6
Fix
2026-03-01
  • Added CJK font support (fonts-noto-cjk) for Chromium screenshots (contributed by @neocode24)
v1.1.5
Fix
2026-03-01
  • Fixed wrapped WhatsApp message normalization before reading content
v1.1.4
Feature
2026-03-01
  • Added third-party model support — use models beyond Claude
  • Added /update-nanoclaw skill for syncing customized installs with upstream (replaces old /update)
  • Added Husky and format:fix script for consistent formatting
v1.1.3
FeatureChannel
2026-02-25
Biggest pre-1.2 release — added Slack channel, refactored Gmail, and improved CI.

Features

  • Added /add-slack skill
  • Restructured add-gmail skill for new architecture with graceful startup when credentials missing
  • Removed deterministic caching from skills engine
  • Added .nvmrc specifying Node 22
  • CI optimization, logging improvements, and codebase formatting
  • Added CONTRIBUTORS.md and CODEOWNERS

Fixes

  • Fixed WhatsApp QR data handling
  • Rebased core skills (Telegram, Discord, voice) to latest main
v1.1.2
Fix
2026-02-24
  • Improved error handling for WhatsApp Web version fetch (follow-up to v1.1.1)
v1.1.1
FeatureFix
2026-02-24

Features

  • Added official Qodo skills and codebase intelligence
  • Rewrote README for broader audience

Fixes

  • Fixed WhatsApp 405 connection failures via fetchLatestWaWebVersion
v1.1.0
FeatureSecurity
2026-02-23

Features

  • Added /update skill to pull upstream changes from within Claude Code
  • Replaced ‘ask the user’ with AskUserQuestion tool in skills

Security

  • Fixed critical skills path-remap root escape (including symlink traversal)

Fixes

  • Fixed empty messages from polling queries
  • Fixed fallback name from ‘AssistantNameMissing’ to ‘Assistant’
Last modified on July 4, 2026