New GET /api/agents/[id]/diagnostics endpoint enabling agents to
query their own performance data for self-optimization.
Sections (selectable via ?section= query param):
- summary: KPIs (throughput, error rate, activity count)
- tasks: completion breakdown by status/priority, throughput/day
- errors: error frequency by type, recent error details
- activity: activity breakdown with hourly timeline
- trends: current vs previous period comparison with auto-alerts
- tokens: token usage by model with cost totals
Features:
- Scoped to requesting agent only (no cross-agent data access)
- Configurable time window via ?hours= param (1-720h)
- Automatic trend alerts for error spikes, throughput drops, stalls
- Works with existing activities, tasks, and token_usage tables
Fixes#163
* fix(#140): enable editing of identity, sandbox, and tools in agent config UI
The ConfigTab's structured view only showed read-only displays for
Identity, Sandbox, and Tools sections even when in edit mode. Added
inline editing controls:
- Identity: emoji, name, theme/role inputs + identity content textarea
- Sandbox: mode/workspace dropdowns + network input
- Tools: allow/deny lists with add/remove buttons and Enter key support
Also added helper functions (updateIdentityField, updateSandboxField,
addTool, removeTool) and state for new tool entries.
Fixes#140
* fix: align sandbox edit values with agent schema
---------
Co-authored-by: Nyk <0xnykcd@googlemail.com>
- Fix deps stage: copy only package.json + pnpm-lock.yaml* for proper
layer caching instead of COPY . . which invalidates cache on any change
- Copy node_modules from deps into build stage separately from source
- Copy schema.sql into runtime stage (migration 001_init reads it at
runtime via process.cwd(), but standalone output omits source files)
- Remove broken public* glob COPY (no public/ dir exists; Docker COPY
fails silently with incorrect glob syntax)
- docker-compose: add container_name, configurable port via MC_PORT,
mark .env as optional to avoid startup failure if missing
Fixes#129
Add react-markdown and remark-gfm to transpilePackages in next.config.js
so Next.js transpiles these ESM-only modules correctly in all environments.
This fixes 'Module not found: Can't resolve remark-gfm' build errors.
Fixes#142
Replace dangerouslySetInnerHTML with React elements for inline
formatting (bold/italic). New renderInlineFormatting() helper returns
React nodes instead of raw HTML strings, eliminating XSS risk from
user-controlled memory content.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add src/lib/client-logger.ts and replace all 55+ console calls across 19 client files with scoped createClientLogger instances. Production suppresses debug+info. Fix variable shadowing in log-viewer-panel.tsx.
Addresses #39
- Add reusable useFocusTrap hook for modal focus management with
Escape key support and focus restoration on close
- Task board: add role=region and aria-label to kanban columns,
role=button and keyboard support (Enter/Space) to task cards,
role=alert on error display, role=status on loading spinner
- Modals: add role=dialog, aria-modal, aria-labelledby, focus
trapping, backdrop click to close, aria-label on close buttons
- Tab interface: add role=tablist/tab/tabpanel with aria-selected
and aria-controls for task detail tabs
- Forms: add htmlFor/id associations on all modal form labels
- Layout: add skip-to-content link for keyboard navigation,
id=main-content on main element
Addresses #40
- Create OfficePanel with Office floor plan and Org Chart view modes
- Desk-style cards with status glow, emoji indicators, pulse animation for busy agents
- Agent detail modal with task stats, activity, session info
- Auto-refresh every 10 seconds for real-time updates
- Status summary in header (working/idle/error/away counts)
- Add OfficeIcon and office nav item in CORE group
- Register office route in page.tsx
Closes#115
Co-authored-by: bhavikprit <petrobhakti@gmail.com>
The admin seeding function previously fell back to password 'admin' when
AUTH_PASS was unset, and accepted any value from .env.example including
the documented default 'change-me-on-first-login'. This meant a user who
copied .env.example without changing the password (or forgot to set
AUTH_PASS entirely) would have an instance running with publicly known
credentials.
The seeding function now:
- Skips seeding entirely if AUTH_PASS is not set (instead of defaulting
to 'admin')
- Checks AUTH_PASS against a blocklist of known insecure values
(admin, password, change-me-on-first-login, changeme, testpass123)
- Logs a clear warning explaining what to do in both cases
Existing instances that already have users in the database are not
affected — the seeding function only runs when the users table is empty.
Signed-off-by: Mark Liu <mark@prove.com.au>
* feat: add workspace-scoped auth sessions and core API filtering
* feat: extend workspace scoping to search status standup and messaging
* feat: scope agent connect github and alert workflows by workspace
* fix: scope status sync and session alerts by workspace
* feat: add phase2 workspace migration and scope chat pipeline alerts
* feat: add model selection for agents and cron jobs
* feat: add deterministic agent avatars to task and squad views
* feat: add read-only cron calendar and agenda views
* feat: render task descriptions with markdown
- Fix stale closure: onclose now calls connectRef.current instead of
capturing connect by value, so reconnect always uses the latest version
- Fix disconnect-reconnect race: manualDisconnectRef prevents onclose
from scheduling a new reconnect after explicit disconnect()
- Fix double-connect guard: check both OPEN and CONNECTING states
- Add SSE exponential backoff with 20-attempt cap (was flat 3s infinite)
- Add SSE error logging (was silently swallowed)
- Update README: fix stale counts (28 panels, 66 routes, 21 migrations,
148 E2E tests), add missing features (SOUL system, Ed25519, agent
messaging, update checker), document NEXT_PUBLIC_GATEWAY_TOKEN
Workspace file is now the primary source for soul.md with DB as
fallback. Reads prefer workspace → DB. Writes go to both. Config sync
imports soul.md from each agent's workspace using double resolveWithin
guard to prevent path traversal.
* fix: migrate middleware.ts to proxy.ts for Next.js 16 (#88)
Next.js 16 deprecated the `middleware` file convention in favor of
`proxy`. The proxy runs on the Node.js runtime instead of Edge, so
safeCompare now uses crypto.timingSafeEqual instead of manual XOR.
All auth logic, CSRF validation, host matching, and security headers
are preserved unchanged.
* feat: add "Update Available" banner with GitHub release check
Add a dismissible emerald banner that appears when a newer GitHub release
exists, so self-hosting users know an update is available. The banner
dismisses per-version (reappears for new releases).
- Create src/lib/version.ts as single source of truth from package.json
- Add /api/releases/check route with 1hr caching and graceful fallback
- Add UpdateBanner component mirroring LocalModeBanner pattern
- Add update state to Zustand store with localStorage persistence
- Fix hardcoded v2.0 in header-bar.tsx and 2.0.0 in websocket.ts
- Wire task board panel into Zustand store for real-time SSE updates
instead of local useState; add useSmartPoll fallback when SSE disconnects
- Fix priority enum mismatch: UI now uses 'critical' matching the Zod
validation schema instead of 'urgent'
- Add 'task.status_changed' to webhook EVENT_MAP so external consumers
receive status transition events
- Auto-advance task to 'done' column when aegis quality review approves,
broadcasting task.status_changed for real-time UI update
- Parallelize broadcast loop with Promise.allSettled so N agents execute
concurrently (~10s) instead of serially (N×10s)
Closes#73
Move page.tsx to [[...panel]] optional catch-all route so each panel
gets its own URL (e.g. /tasks, /agents, /settings). URL is the source
of truth — synced into Zustand via usePathname on every navigation.
Enables bookmarking, refresh persistence, deep-linking, and browser
back/forward.
Deduplicate gateway sessions server-side using sessionId as primary key,
falling back to agent:key composite for sessions without sessionId. This
prevents duplicate React keys when OpenClaw tracks cron runs under the
same session ID as the parent session.
Also adds EditTaskModal to the task board panel with inline edit button
in the task detail modal, and improves CreateTaskModal error handling.
Cherry-picked and adapted from PR #77 by @arana198.
Closes#80
Bhavikprit
nyk
Nyk
Pete Christianson
Mark Liu
Othavio Quiliao