Releases

• Ground-up architectural rewrite with new entity model (users, roles, messaging groups, agent groups, wirings)
• Two-database session model — inbound.db (host writes) and outbound.db (container writes) eliminate cross-mount SQLite contention
• Agent-runner moved from Node.js to Bun — runs TypeScript directly without compilation
• Shared-source agent-runner — /app/src is a read-only bind mount, source changes never require image rebuild
• tini as PID 1 for proper signal forwarding
• Three-level channel isolation model with unknown_sender_policy (strict, request_approval, public)
• Per-wiring engage modes: pattern, mention, mention-sticky
• Sender scope enforcement per wiring (all or known)
• Channel and sender approval flows with interactive cards
• Tasks stored as messages_in rows with cron-based recurrence and series tracking
• Delivery system with two-poll architecture (active 1s, sweep 60s)
• Module system for permissions, scheduling, agent-to-agent, approvals, and self-modification
• OneCLI Agent Vault is the sole credential path
• Channels moved to separate branches (trunk ships no adapters)
• Per-agent-group custom Docker images with additional packages

• Updated token count to 43.8k tokens (22% of context window)
• Added .claude/settings.json with default SDK configuration
• Added ONECLI_API_KEY configuration option for OneCLI gateway authentication

• Fixed Gmail OneCLI credential mode detection — properly detects when running under OneCLI Agent Vault
• Reduced setup friction and improved diagnostics output
• Added .npmrc with 7-day minimum release age for dependency safety

• Fixed writable global memory mount for main agent — corrected the path in container CLAUDE.md
• Fixed three issues in the Karpathy wiki skill
• Updated init-onecli skill to use ONECLI_URL variable

• Lowered auto-compact threshold to 165k tokens for better context fidelity
• Added /add-karpathy-llm-wiki skill — persistent wiki knowledge base per group, based on Karpathy’s LLM Wiki pattern
• Added /migrate-nanoclaw skill — intent-based upgrade that extracts customizations into a migration guide and reapplies them on a clean upstream base
• Added /migrate-from-openclaw skill — guided migration from OpenClaw installations
• NanoClaw now suggests /migrate-nanoclaw when the user’s fork is far behind upstream

• Added automatic session artifact pruning on startup and daily — cleans up stale session JSONLs (7 days), debug logs (3 days), todo files (3 days), and telemetry (7 days) while preserving active sessions

• Upgraded agent SDK to 0.2.92 with auto-compact at 165k tokens

• Main agent now has direct read-write access to the SQLite database — store/ is mounted separately at /workspace/project/store so the main group can query and write data directly
• Added requiresTrigger parameter to the register_group MCP tool (defaults to false) — controls whether messages must start with the trigger word for the group to respond

• Added reply/quoted message context support — channels can now pass reply_to_message_id, reply_to_message_content, and reply_to_sender_name fields with messages
• Reply context is rendered as <quoted_message> XML in agent prompts, giving agents full awareness of which message a user is responding to
• Database migration adds reply context columns to the messages table (nullable for backward compatibility)

• Added /add-macos-statusbar utility skill — macOS menu bar status indicator with start/stop/restart controls
• Added Telegram channel contributors (contributed by @cschmidt, @leonalfredbot-ship-it, @moktamd, @gurixs-carson)

• Auto-recover from stale Claude Code session IDs instead of retrying infinitely — detects missing session transcripts and clears the broken session for a fresh retry
• Removed built-in Ollama MCP server from core — Ollama integration is now exclusively available via the /add-ollama-tool skill
• Fixed npm audit dependency errors

• Setup skill now routes credential system by container runtime: Docker uses OneCLI Agent Vault, Apple Container uses native credential proxy
• Marked Apple Container as experimental

• Migrated x-integration host.ts from pino to built-in logger (follow-up to v1.2.36 cleanup)
• Fixed stopContainer() test compatibility — mocked container-runtime so tests don’t require Docker
• Cleared stale Telegram token from .env.example

• Fixed message history overflow: when lastAgentTimestamp was missing, all 200 messages were sent to the agent instead of respecting MAX_MESSAGES_PER_PROMPT (default 10). Added cursor recovery from last bot reply.

• Security fixes: command injection prevention in stopContainer (name validation), mount path colon rejection, allowlist caching fix (contributed by @foxsky)

• Fixed isMain flag preservation on register_group IPC updates — prevents accidental privilege stripping (contributed by @snw35)

• Fixed .env parser crash on single-character values (contributed by @foxsky)

• [BREAKING] Replaced pino logger with built-in logger module — removes 2 runtime dependencies. WhatsApp users must re-merge the WhatsApp fork to pick up the Baileys logger compatibility fix: git fetch whatsapp main && git merge whatsapp/main. If the whatsapp remote is not configured: git remote add whatsapp https://github.com/qwibitai/nanoclaw-whatsapp.git
• Removed yaml and zod dependencies — core runtime now uses only 3 packages
• Updated Ollama skill with admin model management tools
• Channel-formatting text-style fixes for WhatsApp and Telegram (contributed by @kenbolton)

• [BREAKING] OneCLI Agent Vault replaces the built-in credential proxy. Check your runtime: grep CONTAINER_RUNTIME_BIN src/container-runtime.ts — if it shows 'container' you are on Apple Container, if 'docker' you are on Docker. Docker users: run /init-onecli to install OneCLI and migrate .env credentials to the vault. Apple Container users: re-merge the skill branch (git fetch upstream skill/apple-container && git merge upstream/skill/apple-container) then run /convert-to-apple-container — do NOT run /init-onecli (it requires Docker). The legacy credential proxy is available as an opt-in skill via /use-native-credential-proxy.
• Channel tokens (Telegram, Slack, Discord) remain in .env — only container-facing credentials (Anthropic, OpenAI, etc.) are migrated to the vault.

• Added /add-emacs channel skill (contributed by @kenbolton)
• Fixed mount-allowlist preservation — /setup no longer overwrites existing mount-allowlist.json (contributed by @akasha-scheuermann)
• Fixed Telegram migration backfill to default chats as direct messages instead of groups (contributed by @RichardCao)
• Fixed CI workflows to skip bump-version and update-tokens on forks (contributed by @shawnyeager)

• Fixed container mounts to include group folder and sessions directory (contributed by @kenbolton)

• Added /channel-formatting skill — channel-aware text formatting for WhatsApp, Telegram, Slack, and Signal
• Fixed per-group trigger pattern matching — each group can now define its own trigger word (contributed by @mrbob-git)
• Fixed loginctl enable-linger so systemd user service survives SSH logout (contributed by @IYENTeam)
• Clarified WhatsApp phone number prompt to prevent auth failures (contributed by @ingyukoh)
• Added Telegram forum topics contributor (contributed by @flobo3)

• Fixed isMain-based CLAUDE.md template selection during runtime group registration

• Fixed CLAUDE.md template copy when registering groups via IPC (contributed by @ingyukoh)
• Fixed diagnostics to use explicit Read tool directive for pickup instructions (contributed by @Koshkoshinsk)

• Added task scripts — scheduled tasks can now run a pre-execution bash script that conditionally wakes the agent via wakeAgent JSON contract (contributed by @gabi-simons)

• Fixed agent-runner source cache to refresh based on file modification time instead of copying once at startup

• Removed accidentally merged Telegram channel code from main
• Removed Grammy dependency and pinned better-sqlite3@11.10.0 and cron-parser@5.5.0
• Removed auto-sync GitHub Actions

• Enabled loginctl linger during setup so systemd user service survives SSH logout
• Clarified WhatsApp phone number prompt format (digits only, no + prefix)
• Added CLAUDE.md template copy during IPC group registration

• Fixed timezone validation to prevent crash on POSIX-style TZ values — now validates IANA identifiers and falls back to UTC
• Expanded fork sync auto-resolve patterns and added missing forks to dispatch list

• Fixed diagnostics prompt not being shown to user (contributed by @Koshkoshinsk)
• Added auto-resolve for package-lock.json, badge, and version conflicts during fork sync

• Added /use-native-credential-proxy skill — opt-in restoration of the built-in .env-based credential proxy for users who prefer it over OneCLI
• Removed dead src/credential-proxy.ts code (unused since v1.2.22)
• Updated token count to 39.8k tokens (20% of context window)
• Upgraded Zod dependency from v3 to v4 (^4.3.6)

• Replaced credential proxy with OneCLI Agent Vault for container credential injection
• Updated token count to 40.7k tokens (20% of context window)

• Added opt-in diagnostics via PostHog — collects anonymous system info (OS, architecture, version, selected channels) during /setup and /update-nanoclaw with explicit user consent
• Three-option prompt: Yes (send once), No (skip), Never ask again (permanently opt out)
• No runtime telemetry — diagnostics run only in skill workflows, not in the application itself

• Added ESLint configuration with error-handling rules across the codebase

• Reduced docker stop timeout for faster container restarts (-t 1 flag — containers are stateless)

​

Security

• User prompt content is no longer logged on container errors — only input metadata (prompt length, session ID)

​

Channel

• Added Japanese README translation

• Added read-only /capabilities and /status container-agent skills

• Tasks snapshot now refreshes immediately after IPC task mutations (contributed by @mbravorus)

• Fixed remote-control prompt auto-accept to prevent immediate exit
• Added KillMode=process so remote-control survives service restarts (contributed by @gabi-simons)

• Added /remote-control command for host-level Claude Code access from within containers

​

Features

• Skills live as skill/* git branches merged via git merge — no more marketplace or plugin system
• Added Docker Sandboxes announcement and manual setup guide
• Added nanoclaw-docker-sandboxes to fork dispatch list

​

Breaking

• Skills are no longer installed via marketplace or plugin commands — use git merge workflow

​

Fixes

• Fixed setup registration to use initDatabase/setRegisteredGroup with correct CLI commands
• Auto-resolve package-lock conflicts when merging forks
• Bumped claude-agent-sdk to ^0.2.76

​

Features

• Added /compact skill for manual context compaction

​

Security

• Enhanced container environment isolation via credential proxy — API keys injected at runtime via local proxy instead of environment variables

​

Features

• PDF reader skill: Read and analyze PDF attachments
• Image vision skill: Image analysis for WhatsApp
• WhatsApp reactions skill: Emoji reactions and status tracker

​

Fixes

• Fixed task container to close promptly when agent uses IPC-only messaging
• Fixed WhatsApp pairing code written to file for immediate access
• Fixed WhatsApp DM-with-bot registration to use sender’s JID

• Added LIMIT to unbounded message history queries for better performance

​

Features

• Agent prompts now include timezone context for accurate time references

​

Fixes

• Fixed voice-transcription skill dropping WhatsApp registerChannel call

• Fixed misleading send_message tool description for scheduled tasks

• Added /add-ollama skill for local model inference
• Added update_task tool and return task ID from schedule_task

• Updated claude-agent-sdk to 0.2.68

• CI formatting fix

• Fixed _chatJid rename to chatJid in onMessage callback

• Added sender allowlist for per-chat access control to restrict who can interact with the agent

​

Features

• Added /use-local-whisper skill for local voice transcription
• Atomic task claims prevent scheduled tasks from executing twice

​

Fixes

• Fixed WhatsApp messages.upsert error handling

• Version bump (no functional changes)

​

Features

• Channel registry: Channels self-register at module load time via registerChannel() factory pattern
• isMain flag: Explicit boolean replaces folder-name-based main group detection
• Channel-prefixed group folders: Groups use whatsapp_main, telegram_family-chat convention to prevent cross-channel collisions
• Unconfigured channels now emit WARN logs naming the exact missing variable

​

Breaking

• WhatsApp moved to skill: No longer part of core — apply with /add-whatsapp
• ENABLED_CHANNELS removed: Orchestrator uses getRegisteredChannelNames(); channels detected by credential presence
• All channel skills simplified: No more *_ONLY flags — all use self-registration pattern

​

Fixes

• Prevent scheduled tasks from executing twice when container runtime exceeds poll interval

​

Migration

• Added CJK font support (fonts-noto-cjk) for Chromium screenshots (contributed by @neocode24)

• Fixed wrapped WhatsApp message normalization before reading content

• Added third-party model support — use models beyond Claude
• Added /update-nanoclaw skill for syncing customized installs with upstream (replaces old /update)
• Added Husky and format:fix script for consistent formatting

​

Features

• Added /add-slack skill
• Restructured add-gmail skill for new architecture with graceful startup when credentials missing
• Removed deterministic caching from skills engine
• Added .nvmrc specifying Node 22
• CI optimization, logging improvements, and codebase formatting
• Added CONTRIBUTORS.md and CODEOWNERS

​

Fixes

• Fixed WhatsApp QR data handling
• Rebased core skills (Telegram, Discord, voice) to latest main

• Improved error handling for WhatsApp Web version fetch (follow-up to v1.1.1)

​

Features

• Added official Qodo skills and codebase intelligence
• Rewrote README for broader audience

​

Fixes

• Fixed WhatsApp 405 connection failures via fetchLatestWaWebVersion

​

Features

• Added /update skill to pull upstream changes from within Claude Code
• Replaced ‘ask the user’ with AskUserQuestion tool in skills

​

Security

• Fixed critical skills path-remap root escape (including symlink traversal)

​

Fixes

• Fixed empty messages from polling queries
• Fixed fallback name from ‘AssistantNameMissing’ to ‘Assistant’