- Increase MentionTextarea dropdown z-index to z-[60] so it renders
above z-50 modals (was z-20, clipped by overflow-y-auto on modal)
- Replace plain textarea in broadcast section with MentionTextarea
for consistent @mention support across all text inputs
- Add hint text to broadcast placeholder about @mention usage
Fixes#172
Issue #146 — How to add workspace:
- Add Workspace Management section to README with Super Admin panel docs
- Add Super Admin API endpoints to API overview table
- Add info banner in Settings panel (admin only) linking to Super Admin
Issue #143 — Memory tab in agent view:
- Add info banner in agent Memory tab clearly distinguishing agent
working memory (DB scratchpad) from workspace memory files
- Add clickable link to Memory Browser page from agent Memory tab
- Improve subtitle text with WORKING.md storage detail
Fixes#146Fixes#143
Replace Linux-only commands (uptime -s, free -m, df --output=pcent) with
cross-platform alternatives using process.platform detection and Node.js
os module. Rename gateway client ID from control-ui to openclaw-control-ui.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(#140): enable editing of identity, sandbox, and tools in agent config UI
The ConfigTab's structured view only showed read-only displays for
Identity, Sandbox, and Tools sections even when in edit mode. Added
inline editing controls:
- Identity: emoji, name, theme/role inputs + identity content textarea
- Sandbox: mode/workspace dropdowns + network input
- Tools: allow/deny lists with add/remove buttons and Enter key support
Also added helper functions (updateIdentityField, updateSandboxField,
addTool, removeTool) and state for new tool entries.
Fixes#140
* fix: align sandbox edit values with agent schema
---------
Co-authored-by: Nyk <0xnykcd@googlemail.com>
- Fix deps stage: copy only package.json + pnpm-lock.yaml* for proper
layer caching instead of COPY . . which invalidates cache on any change
- Copy node_modules from deps into build stage separately from source
- Copy schema.sql into runtime stage (migration 001_init reads it at
runtime via process.cwd(), but standalone output omits source files)
- Remove broken public* glob COPY (no public/ dir exists; Docker COPY
fails silently with incorrect glob syntax)
- docker-compose: add container_name, configurable port via MC_PORT,
mark .env as optional to avoid startup failure if missing
Fixes#129
Add react-markdown and remark-gfm to transpilePackages in next.config.js
so Next.js transpiles these ESM-only modules correctly in all environments.
This fixes 'Module not found: Can't resolve remark-gfm' build errors.
Fixes#142
Replace dangerouslySetInnerHTML with React elements for inline
formatting (bold/italic). New renderInlineFormatting() helper returns
React nodes instead of raw HTML strings, eliminating XSS risk from
user-controlled memory content.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add src/lib/client-logger.ts and replace all 55+ console calls across 19 client files with scoped createClientLogger instances. Production suppresses debug+info. Fix variable shadowing in log-viewer-panel.tsx.
Addresses #39
- Add reusable useFocusTrap hook for modal focus management with
Escape key support and focus restoration on close
- Task board: add role=region and aria-label to kanban columns,
role=button and keyboard support (Enter/Space) to task cards,
role=alert on error display, role=status on loading spinner
- Modals: add role=dialog, aria-modal, aria-labelledby, focus
trapping, backdrop click to close, aria-label on close buttons
- Tab interface: add role=tablist/tab/tabpanel with aria-selected
and aria-controls for task detail tabs
- Forms: add htmlFor/id associations on all modal form labels
- Layout: add skip-to-content link for keyboard navigation,
id=main-content on main element
Addresses #40
- Create OfficePanel with Office floor plan and Org Chart view modes
- Desk-style cards with status glow, emoji indicators, pulse animation for busy agents
- Agent detail modal with task stats, activity, session info
- Auto-refresh every 10 seconds for real-time updates
- Status summary in header (working/idle/error/away counts)
- Add OfficeIcon and office nav item in CORE group
- Register office route in page.tsx
Closes#115
Co-authored-by: bhavikprit <petrobhakti@gmail.com>
The admin seeding function previously fell back to password 'admin' when
AUTH_PASS was unset, and accepted any value from .env.example including
the documented default 'change-me-on-first-login'. This meant a user who
copied .env.example without changing the password (or forgot to set
AUTH_PASS entirely) would have an instance running with publicly known
credentials.
The seeding function now:
- Skips seeding entirely if AUTH_PASS is not set (instead of defaulting
to 'admin')
- Checks AUTH_PASS against a blocklist of known insecure values
(admin, password, change-me-on-first-login, changeme, testpass123)
- Logs a clear warning explaining what to do in both cases
Existing instances that already have users in the database are not
affected — the seeding function only runs when the users table is empty.
Signed-off-by: Mark Liu <mark@prove.com.au>
* feat: add workspace-scoped auth sessions and core API filtering
* feat: extend workspace scoping to search status standup and messaging
* feat: scope agent connect github and alert workflows by workspace
* fix: scope status sync and session alerts by workspace
* feat: add phase2 workspace migration and scope chat pipeline alerts
* feat: add model selection for agents and cron jobs
* feat: add deterministic agent avatars to task and squad views
* feat: add read-only cron calendar and agenda views
* feat: render task descriptions with markdown
- Fix stale closure: onclose now calls connectRef.current instead of
capturing connect by value, so reconnect always uses the latest version
- Fix disconnect-reconnect race: manualDisconnectRef prevents onclose
from scheduling a new reconnect after explicit disconnect()
- Fix double-connect guard: check both OPEN and CONNECTING states
- Add SSE exponential backoff with 20-attempt cap (was flat 3s infinite)
- Add SSE error logging (was silently swallowed)
- Update README: fix stale counts (28 panels, 66 routes, 21 migrations,
148 E2E tests), add missing features (SOUL system, Ed25519, agent
messaging, update checker), document NEXT_PUBLIC_GATEWAY_TOKEN
Workspace file is now the primary source for soul.md with DB as
fallback. Reads prefer workspace → DB. Writes go to both. Config sync
imports soul.md from each agent's workspace using double resolveWithin
guard to prevent path traversal.
* fix: migrate middleware.ts to proxy.ts for Next.js 16 (#88)
Next.js 16 deprecated the `middleware` file convention in favor of
`proxy`. The proxy runs on the Node.js runtime instead of Edge, so
safeCompare now uses crypto.timingSafeEqual instead of manual XOR.
All auth logic, CSRF validation, host matching, and security headers
are preserved unchanged.
* feat: add "Update Available" banner with GitHub release check
Add a dismissible emerald banner that appears when a newer GitHub release
exists, so self-hosting users know an update is available. The banner
dismisses per-version (reappears for new releases).
- Create src/lib/version.ts as single source of truth from package.json
- Add /api/releases/check route with 1hr caching and graceful fallback
- Add UpdateBanner component mirroring LocalModeBanner pattern
- Add update state to Zustand store with localStorage persistence
- Fix hardcoded v2.0 in header-bar.tsx and 2.0.0 in websocket.ts
Bhavik Patel
nyk
fulgore
Nyk
Pete Christianson
Mark Liu
Othavio Quiliao