- Add stale task watchdog (requeueStaleTasks) to scheduler — detects
in_progress tasks with offline agents and requeues or fails them
- Fix Aegis rejection loop: rejected tasks now requeue to 'assigned'
instead of staying in 'in_progress', with max 3 retries before failing
- Track dispatch_attempts on tasks (migration 044) to prevent infinite
retry loops — tasks fail after 5 dispatch attempts
- Include error_message and reason in SSE event broadcasts so UI can
show why a task reverted
- Atomic task queue claim: replace SELECT-then-UPDATE race with single
UPDATE...RETURNING statement
- Gateway agent auto-registration: POST/PUT /api/gateways accepts
optional 'agents' array to upsert agents (k8s sidecar support)
- Document k8s sidecar deployment in docs/deployment.md
Fixes: tasks stuck in assigned, Aegis rejection loops, agents invisible
in k8s sidecar deployments
FR-D1: Add least-privilege auth guidance to SECURITY-HARDENING.md
- Agent-scoped keys vs global API key comparison
- Auth hierarchy table (scoped key > global key > session > proxy)
- CLI examples for creating scoped keys
- Monitoring guidance for global key usage
FR-D2: Log security event when global admin API key is used
- Emits 'global_api_key_used' event to audit trail
- Hints toward agent-scoped keys for least-privilege
FR-D3: Add durable spawn history persistence
- New migration 043_spawn_history with indexed table
- spawn-history.ts with recordSpawnStart/Finish, getSpawnHistory,
getSpawnStats functions
- Replaces log-scraping fallback with DB-backed tracking
FR-D4: Document rate-limit backend strategy
- Current in-memory Map approach documented
- Pluggable backend plan for multi-instance (Redis, SQLite WAL)
- Per-agent rate limiter details documented
Also fixes MCP test type annotation (content: string → any).
Zero-dependency TUI using raw ANSI escape codes. Shows:
- System health status with connection indicator
- Agents panel (sorted by status, with last heartbeat)
- Tasks panel (recent tasks with status and assignee)
- Token costs summary (24h)
Keyboard controls:
- r: refresh now
- a: focus agents panel
- t: focus tasks panel
- w: wake first sleeping agent
- q/Esc: quit
Auto-refreshes every 5s (configurable with --refresh flag).
Uses same profile/auth system as CLI and MCP server.
Run with: pnpm mc:tui
- Debug panel now probes both legacy (/api/status, /api/health) and current
OpenClaw routes (/healthz, /health, /ready) with automatic fallback.
Returns probedPath in response so admins know which route succeeded.
- POST proxy allowlist updated to include current gateway health routes.
- Path validation relaxed from /api/ prefix to / prefix (health routes
don't use /api/).
- Dockerfile: chmod 755 entrypoint (was +x/711, shell needs read permission)
and chmod -R a+rX on public/ and src/ for nextjs user access.
- Hash session tokens (SHA-256) before storing in DB; migration for existing tokens
- Enforce 12-char password minimum on self-service change (was 8, creation was 12)
- Increase scrypt cost N=16384→65536 with progressive rehash on login
- Add MC_PROXY_AUTH_TRUSTED_IPS to restrict proxy auth header spoofing
- Enable HSTS by default in production (opt-out via MC_DISABLE_HSTS=1)
- Restrict debug endpoint to allowlisted gateway API paths (SSRF prevention)
- Default session cookie secure=true in production
- Gate MC_DISABLE_RATE_LIMIT on NODE_ENV !== 'production'
- Remove password value from insecure-default log warning
- chmod 600 generated secrets file in Docker entrypoint
- add bounded timeout+retry helper for /api/setup checks
- show actionable setup error state with Retry button
- avoid blank-screen fallback when setup status check fails
- add unit tests for retry helper
Fixes#456
* feat: add system monitor panel with live CPU, memory, disk, and GPU metrics
New btop-inspired monitoring page in the OBSERVE sidebar group.
Polls /api/system-monitor every 2s and renders rolling Recharts area
charts for CPU/memory/GPU and progress bars for disk usage.
* feat: add network I/O monitoring to system monitor panel
Add live network throughput (rx/tx bytes/sec) as a dual area chart.
API returns cumulative byte counters per interface (stateless), frontend
computes rates from deltas between 2s polls. Supports Linux (/proc/net/dev)
and macOS (netstat -ib).
* feat: add top processes list to system monitor
Shows top 8 processes by CPU usage in a compact table with CPU%, Mem%,
and RSS columns. Color-codes high usage values. Uses ps on both Linux
and macOS with fallback for platforms without --sort support.
* fix: normalize process CPU% to 0-100 and filter out ps itself
CPU% from ps is per-core (e.g. 200% on 4 cores), now divided by core
count to show total system percentage. Also filters out the ps command
that briefly appears while collecting process data.
---------
Co-authored-by: Dan <github@bookkept.com.au>
Add ability to hide agents from the dashboard without deleting them.
Hidden agents still receive heartbeats and exist in the DB — they are
purely hidden from the default UI view.
- Migration 042: adds `hidden` column to agents table
- API: POST/DELETE /api/agents/[id]/hide to toggle visibility
- GET /api/agents filters hidden by default, ?show_hidden=true to include
- UI: "Show hidden" toggle in panel header, Hide/Unhide button on cards
Co-authored-by: Dan <github@bookkept.com.au>
Add min-h-0 to the kanban board flex container and its column children
so that overflow-y-auto on column bodies can actually trigger. Without
this, flexbox min-height:auto causes containers to grow unbounded
instead of constraining height and enabling scroll.
Fixes#376
Co-authored-by: Dan <github@bookkept.com.au>
- make /api/spawn compatible with gateway-managed default models
- add regression coverage for gateway dashboard registration
- publish official multi-arch images to Docker Hub when configured
Add awaiting_owner column to task board with keyword-based detection
for tasks requiring human action. Tasks matching keywords like
"waiting for", "needs human", "approval needed" are automatically
placed in a dedicated column with orange styling.
Supersedes #397
Add a CSS-only Dunk It button to task cards with a 4-phase state
machine (idle, success, error, dismissing). Uses inline CSS
transitions for animations with no external dependencies.
Supersedes #373
Dynamically scan workspace-* directories under the openclaw state dir
to discover per-agent skill roots. Display them in the Skills Hub with
agent-specific labels and violet badge styling.
Closes#412
Supersedes #413
Replace style-src nonce directive with unsafe-inline to support
reagraph's runtime <style> injection. Add style-src-elem and
style-src-attr directives for CSP Level 3 compliance. Extend
fitNodesInView retries from 2 to 4 for more reliable canvas sizing.
Closes#414
Supersedes #415
Adds install.ps1 — a PowerShell port of install.sh for Windows users. Supports local and Docker deployment modes with secure credential generation, standalone server setup, and OpenClaw fleet checks. Adds Windows install section to README.
Adds 70 missing translation keys across 3 namespaces (logViewer, pipeline, debug) to messages/en.json. These namespaces are referenced by existing components but were absent, causing raw keys to render.\n\nFixes #416
Fixes#410 — getSkillRoots() in skill-sync.ts was not updated when #408 added workspace support to route.ts, causing the scheduler sync to never populate workspace skills (always showing 0).
- Add `workspace` skill root (~/.openclaw/workspace/skills) for
workspace-local skill discovery alongside the existing 5 roots
- Make group cards clickable to filter the installed skills list by root
- Add `workspace` as valid target for skill creation and registry install
- Add `showAllRoots` i18n key to all 10 locale files
Closes#364
Replace all `runClawdbot(['-c', ...])` invocations with
`callOpenClawGateway()` RPC calls in session control, spawn, and delete
routes. This eliminates the deprecated CLI dependency and uses the
structured gateway protocol instead.
Also add `formatSessionLabel()` helper and `useAgentSessions()` hook to
task-board-panel for better session dropdown display labels.
Closes#401, closes#406
Implements Phase 1 of GNAP (Git-Native Agent Protocol) integration:
- SQLite stays primary, GNAP repo is an optional sync target
- Push task create/update/delete to .gnap/tasks/{id}.json with git commits
- Status/priority mapping between MC and GNAP formats
- Management API at /api/gnap (status, init, manual sync)
- GNAP badge in task board header with click-to-sync
- 15 unit tests covering mapping, init, push, remove, pull, and status
Enable with GNAP_ENABLED=true in .env. Follows the same fire-and-forget
pattern as the existing GitHub sync engine.
Closes#374
Supersedes #389
Always merge both gateway and local (Claude Code, Codex, Hermes) sessions
in the sessions API instead of gating on `include_local`. The conversation
list now renders all sources unconditionally, using each session's `source`
field for display logic rather than the global `dashboardMode`.
- Add `localSessionsAvailable` store flag, set from capabilities `claudeHome`
- Remove `include_local` query param and early-return in sessions API
- Remove source-based filter and `dashboardMode` branching in conversation list
- Show both gateway and local active/recent groups when data exists
* fix(gateway): probe /api/health instead of root URL for health checks (#390)
The server-side gateway health probe was fetching the root URL (/)
which returns HTTP 400 on OpenClaw 2026.3.13 gateways. The gateway
exposes a dedicated /api/health endpoint that returns 200 with status
info.
The WebSocket ping RPC 'unknown method' issue is already handled —
websocket.ts detects the INVALID_REQUEST and falls back to passive
heartbeat mode. The actual bug was this HTTP probe hitting the wrong
endpoint.
Fixes#390
* fix(gateway): ensure gateways table exists before health probe
The gateways table is created lazily by the gateways API (ensureTable).
The health route was querying it directly without CREATE IF NOT EXISTS,
causing SqliteError: no such table: gateways in fresh databases (E2E tests,
Docker first-boot).
Add ensureGatewaysTable() inline to mirror the pattern in route.ts.
* fix: update health-utils test to match /api/health probe path
The test file has its own copy of buildGatewayProbeUrl — update it to
append /api/health instead of / to match the route.ts change.
---------
Co-authored-by: Nyk <0xnykcd@googlemail.com>
* feat: add task session targeting - dispatch tasks to specific agent sessions (#395)
When assigning a task to an agent, users can now optionally select an
existing session to dispatch the task to instead of creating a new one.
Changes:
- task-dispatch.ts: When target_session is set in task metadata, use
gateway chat.send to dispatch to that specific session instead of
creating a new one via call agent
- task-board-panel.tsx: Add session selector dropdown in both Create
and Edit task modals that appears when an agent is selected and has
active sessions
- store/index.ts: Add agent and channel fields to Session interface
Closes#395
* fix(gateway): ensure gateways table exists before health probe
The gateways table is created lazily by the gateways API (ensureTable).
The health route was querying it directly without CREATE IF NOT EXISTS,
causing SqliteError: no such table: gateways in fresh databases (E2E tests,
Docker first-boot).
Add ensureGatewaysTable() inline to mirror the pattern in route.ts.
* fix: reduce server memory footprint across session parsing, caching, and rate limiting
- Stream-parse Claude JSONL session files instead of loading entire files into memory
- Add 50MB file size cap to skip oversized session transcripts
- Add 30s TTL cache to getAllGatewaySessions() to avoid redundant disk reads per scheduler tick
- Cap rate limiter maps at 10,000 entries with oldest-first eviction
- Add request.signal abort listener to SSE route for defense-in-depth cleanup
- Add test for rate limiter maxEntries eviction behavior
* fix: address audit findings across all memory-fix files
claude-sessions.ts:
- Wrap readline loop in try/finally to ensure rl.close() on error paths
- Guard statSync in file loop to handle files deleted between readdir and stat
- Fix variable shadowing: rename inner `now` to `nowSec` to avoid confusion
- Update throttle timestamp on empty scan results (prevents repeated disk scans)
- Skip sidechain-only sessions (zero user+assistant messages)
sessions.ts:
- Decouple `active` flag from cache — compute at read time to prevent stale data
- Remove activeWithinMs from cache key to eliminate cache thrashing between
callers using different windows (Infinity vs default)
- Add invalidateSessionCache() and call it after pruneGatewaySessionsOlderThan
events/route.ts:
- Null out cleanup after first call to prevent double-invoke
- Remove unnecessary `if (request.signal)` guard (always defined on NextRequest)
rate-limit.test.ts:
- Rewrite eviction test with maxRequests=1 to actually prove eviction occurred
- Add assertion that non-evicted entries remain tracked
- Remove duplicate title check from POST /api/tasks (closes#368)\n- Scope recurring tasks duplicate check by project_id\n- Fix task deletion error handling — show errors to user (closes#369)\n- Enable vertical scrolling on Kanban board (closes#376)\n- Refactor nodes route to use RPC via callOpenClawGateway\n- Handle read-only filesystem in gateway config registration\n- Add screenshot-drift CI workflow and guide\n- Docker compose: add host-gateway for reaching host gateway
Switches notification delivery from sessions_send to gateway call agent command. No longer requires session_key — uses agent name (recipient) directly. Timeout increased 10s to 30s.
When memoryAllowedPrefixes is configured, scan only those subdirectories instead of the entire MEMORY_PATH. Falls back to full scan if no prefixes are set.\n\nCloses #366
- Remove unconditional `dangerouslyDisableDeviceAuth = true` from MC
origin registration. MC should only add its origin to allowedOrigins,
not silently downgrade the gateway's device auth security posture.
- Replace invalid `sandbox` value with `allowlist` in security scan
and auto-fix for `tools.exec.security`. Current OpenClaw validates
only: deny, allowlist, full. The old `sandbox` value was rejected.
Closes#357, closes#356
Nyk
nyk
danielaustralia1
Lucas Wiessel
Brixyy
Jonathan Gill
HonzysClawdbot
Héctor Arriola