chore: release v2.0.1
This commit is contained in:
Nyk
parent
8517d5e896
commit
4ddb4d0268
73
CHANGELOG.md
73
CHANGELOG.md
|
|
@ -6,16 +6,73 @@ All notable changes to Mission Control are documented in this file.
|
|||
|
||||
## [Unreleased]
|
||||
|
||||
### Fixed
|
||||
- SQLite `SQLITE_BUSY` contention — added `busy_timeout` pragma and guarded build-phase eager DB initialisation (#337)
|
||||
- Skill registry path traversal and SSRF — extended `SECURITY_RULES` with directory traversal patterns and private-IP/metadata URL detection (#338, #336)
|
||||
|
||||
### Tests
|
||||
- Vitest coverage threshold enforcement — added coverage for pure utility modules to satisfy the 60% global threshold; threshold now passes in CI (#339)
|
||||
|
||||
---
|
||||
|
||||
## [2.0.1] - 2026-03-13
|
||||
## [2.0.1] - 2026-03-18
|
||||
|
||||
Mission Control 2.0.1 is the first patch release after the v2 launch. It rolls up the full set of fixes and follow-on features that landed after `v2.0.0`, including HTTP/Tailscale login hardening, zero-config onboarding, internationalization, gateway/runtime stability fixes, deeper task-routing automation, and the latest OpenClaw compatibility updates.
|
||||
|
||||
### Added
|
||||
- First-time setup wizard and zero-config startup flow for fresh installs
|
||||
- Full i18n coverage across the application with 10 language packs and panel-level translations
|
||||
- Trusted reverse proxy and header-auth support for more flexible self-hosted deployments
|
||||
- Gateway health history logging and timeline visibility
|
||||
- Port-based Tailscale Serve proxy detection and stronger public websocket URL handling
|
||||
- Task implementation-target persistence, session targeting, and complexity-based model-tier routing
|
||||
- GNAP sync for git-native task persistence
|
||||
- Hybrid dashboard mode for simultaneous gateway and local session visibility
|
||||
- Workspace skill root discovery, filtering, and per-agent skill-root display
|
||||
- Windows PowerShell installer support
|
||||
- `awaiting_owner` task status detection
|
||||
|
||||
### Changed
|
||||
- Node runtime policy now accepts all versions `>=22` instead of a narrow allowlist
|
||||
- CSP and browser-security helpers were factored into dedicated modules for clearer hardening boundaries
|
||||
- Docker/image release automation now supports the official Docker Hub image when repository secrets are configured
|
||||
- Release metadata and docs now point to the Builderz Labs repository as the canonical source
|
||||
|
||||
### Fixed
|
||||
- HTTP and Tailscale login regressions caused by unconditional HTTPS redirects and CSP nonce propagation gaps
|
||||
- Fresh HTTP Docker installs failing login because secure-cookie behavior did not follow the actual request protocol
|
||||
- Gateway auth and credential detection for mixed token/password setups
|
||||
- Task dispatch using display names instead of gateway agent IDs
|
||||
- Docker and gateway-optional regressions across Compose startup, health probes, public assets, `OPENCLAW_HOME`, and read-only config handling
|
||||
- SQLite `SQLITE_BUSY` contention by adding `busy_timeout` and guarding build-phase eager initialization
|
||||
- Doctor banner dismissal persistence, cron panel crash handling, and null-safe model config editing
|
||||
- Gateway connectivity and onboarding probe issues, including POST-based wizard health checks and explicit public websocket URL preference
|
||||
- Notification refresh timing, agent empty-state UX, duplicate task-title/delete handling, and several panel/runtime regressions
|
||||
- Memory diagnostics scoping, gateway notification delivery, session labels, and multiple i18n namespace gaps
|
||||
- Password generation now uses a CSPRNG in the Windows installer
|
||||
- Reagraph CSP rendering regression caused by nonce handling in `style-src`
|
||||
- `/api/spawn` now supports OpenClaw agents that rely on configured default models instead of requiring a runtime `model`
|
||||
- Gateway dashboard registration now has explicit regression coverage preserving device-auth posture
|
||||
|
||||
### Security
|
||||
- Removed `unsafe-inline` in favor of nonce-based CSP handling
|
||||
- Strengthened skill-registry SSRF and path-traversal detection rules
|
||||
- Stopped forcing `dangerouslyDisableDeviceAuth` during Mission Control gateway registration
|
||||
|
||||
### Tests
|
||||
- Coverage for pure utility modules to keep the Vitest threshold passing in CI
|
||||
- Gateway health history E2E and supporting utility tests
|
||||
- Docker-mode integration coverage for gateway connectivity regressions
|
||||
- Regression coverage for spawn-schema compatibility and gateway dashboard registration behavior
|
||||
|
||||
### Contributors
|
||||
- @0xNyk
|
||||
- @Brixyy
|
||||
- @clintbaxley
|
||||
- @dk-blackfuel
|
||||
- @firefloc-nox
|
||||
- @HonzysClawdbot
|
||||
- @hectorse.88
|
||||
- @jonathan-squaredlemons
|
||||
- @jonboirama
|
||||
- @joshua-mo-143
|
||||
- @jrrcdev
|
||||
- @lucascr
|
||||
- @RazorFin
|
||||
- @topshelfmedia
|
||||
|
||||
### Fixed
|
||||
- HTTP and Tailscale login broken by unconditional HTTPS redirect — replaced with opt-in `NEXT_PUBLIC_FORCE_HTTPS=1` (#309)
|
||||
|
|
|
|||
|
|
@ -690,7 +690,7 @@ Trend alerts in the `trends.alerts` response are derived from current-vs-previou
|
|||
|
||||
## Roadmap
|
||||
|
||||
See [open issues](https://github.com/builderz-labs/mission-control/issues) for planned work and the [v2.0.0 release notes](docs/releases/2.0.0.md) for the latest major release summary.
|
||||
See [open issues](https://github.com/builderz-labs/mission-control/issues) for planned work and the [v2.0.1 release notes](docs/releases/2.0.1.md) for the latest release summary.
|
||||
|
||||
**Completed:**
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,94 @@
|
|||
# Mission Control 2.0.1
|
||||
|
||||
Released: 2026-03-18
|
||||
|
||||
Mission Control 2.0.1 is the patch release that consolidates everything shipped after the `v2.0.0` launch. It includes the operational fixes that stabilized HTTP/Tailscale deployments, a zero-config first-run path, full application internationalization, broader task-routing automation, and the latest OpenClaw compatibility updates needed for current self-hosted installs.
|
||||
|
||||
## Highlights
|
||||
|
||||
### HTTP, Tailscale, and gateway stability
|
||||
- Login now works reliably on HTTP Docker installs and Tailscale-served deployments.
|
||||
- CSP handling was tightened so SSR nonces, theme bootstrapping, and inline script policy stay aligned during login and chunk loading.
|
||||
- Public websocket URL selection and Tailscale Serve detection were hardened for proxied gateway setups.
|
||||
- Gateway startup and runtime checks now better tolerate read-only configs, missing `OPENCLAW_HOME`, and container health-probe requirements.
|
||||
|
||||
### Better first-run setup
|
||||
- A first-time setup wizard now guides fresh installs through bootstrap and initial configuration.
|
||||
- Zero-config startup paths reduce the amount of manual environment setup needed for local and Docker-based installs.
|
||||
- Doctor and onboarding follow-ups are more resilient, including banner persistence and safer health-check behavior.
|
||||
|
||||
### Stronger task and automation flow
|
||||
- Task routing now preserves implementation metadata, targets the correct gateway session/agent identifiers, and can classify complexity for model-tier routing.
|
||||
- GNAP sync landed for git-native task persistence.
|
||||
- `awaiting_owner` state detection and other dispatch/runtime fixes improve workflow accuracy after the v2 cut.
|
||||
|
||||
### Broader self-hosted platform support
|
||||
- Full app localization now ships across 10 languages.
|
||||
- Windows setup improved with a PowerShell installer and stronger password-generation behavior.
|
||||
- Workspace skill-root discovery and filtering are now surfaced throughout the app for operators running mixed local/gateway environments.
|
||||
- The Docker/image pipeline now supports publishing the official image to Docker Hub when release secrets are configured.
|
||||
|
||||
## Full Changelog
|
||||
|
||||
### Added
|
||||
- First-time setup wizard and zero-config startup flow
|
||||
- Full i18n across the app with 10 language packs
|
||||
- Trusted reverse proxy/header-auth support
|
||||
- Gateway health history timeline
|
||||
- Port-based Tailscale Serve proxy detection
|
||||
- Task implementation-target persistence, session targeting, and complexity-based model-tier routing
|
||||
- GNAP sync for git-native task persistence
|
||||
- Hybrid gateway/local dashboard mode
|
||||
- Workspace skill-root discovery and per-agent display
|
||||
- Windows PowerShell installer
|
||||
- `awaiting_owner` task status detection
|
||||
|
||||
### Changed
|
||||
- Node runtime support is now `>=22`
|
||||
- CSP/browser-security helpers were split into dedicated modules
|
||||
- Release automation now supports Docker Hub publishing when configured
|
||||
- Repository/release metadata now consistently points at `builderz-labs/mission-control`
|
||||
|
||||
### Fixed
|
||||
- HTTP/Tailscale login and CSP nonce regressions
|
||||
- Fresh HTTP Docker login failures caused by secure-cookie mismatch
|
||||
- Gateway auth/token detection in mixed runtime setups
|
||||
- Task dispatch using display names instead of gateway IDs
|
||||
- Docker/runtime regressions around Compose, assets, probes, `OPENCLAW_HOME`, and read-only configs
|
||||
- SQLite `SQLITE_BUSY` contention during build/runtime crossover
|
||||
- Doctor banner persistence, cron panel crash handling, and null-safe model config editing
|
||||
- Public websocket URL preference and onboarding gateway health probe handling
|
||||
- Notification refresh timing, agent empty-state UX, delete handling, and duplicate task-title behavior
|
||||
- Memory diagnostics scoping, gateway notification delivery, session labels, and missing i18n namespaces
|
||||
- Windows installer password generation via CSPRNG
|
||||
- Reagraph CSP regression from `style-src` nonce handling
|
||||
- OpenClaw spawn compatibility when agents use configured default models
|
||||
- Regression coverage for gateway dashboard registration preserving device-auth posture
|
||||
|
||||
### Security
|
||||
- Removed `unsafe-inline` in favor of nonce-based CSP
|
||||
- Added stronger SSRF/path-traversal detection in the skill registry
|
||||
- Stopped forcing `dangerouslyDisableDeviceAuth` when registering Mission Control as a dashboard
|
||||
|
||||
### Tests
|
||||
- Utility coverage improvements to satisfy the Vitest coverage threshold
|
||||
- Gateway health history E2E coverage
|
||||
- Docker-mode integration coverage for gateway connectivity regressions
|
||||
- Regression tests for spawn compatibility and gateway registration behavior
|
||||
|
||||
## Contributors
|
||||
|
||||
- @0xNyk
|
||||
- @Brixyy
|
||||
- @clintbaxley
|
||||
- @dk-blackfuel
|
||||
- @firefloc-nox
|
||||
- @HonzysClawdbot
|
||||
- @hectorse.88
|
||||
- @jonathan-squaredlemons
|
||||
- @jonboirama
|
||||
- @joshua-mo-143
|
||||
- @jrrcdev
|
||||
- @lucascr
|
||||
- @RazorFin
|
||||
- @topshelfmedia
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "mission-control",
|
||||
"version": "2.0.0",
|
||||
"version": "2.0.1",
|
||||
"description": "OpenClaw Mission Control — open-source agent orchestration dashboard",
|
||||
"scripts": {
|
||||
"verify:node": "node scripts/check-node-version.mjs",
|
||||
|
|
|
|||
Loading…
Reference in New Issue