mirror of
https://github.com/qwibitai/nanoclaw.git
synced 2026-07-06 18:52:03 +08:00
1d6bba4d3f
Pass CONTAINER_CPU_LIMIT / CONTAINER_MEMORY_LIMIT through to `docker run` as --cpus / --memory in buildContainerArgs. Both default to empty, so spawn args are byte-identical to today unless an operator opts in — no risk of OOM-ing existing workloads. Caps an agent container's CPU/memory so one agent can't monopolize the host. Swap is a deployment concern (--memory is a hard cap on a swapless host); not managed here. Structural tests assert each flag is pushed and guarded by its env knob, matching the existing buildContainerArgs structural-test convention. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
18 KiB
18 KiB
Changelog
All notable changes to NanoClaw will be documented in this file.
[Unreleased]
- Optional per-container resource caps.
CONTAINER_CPU_LIMITandCONTAINER_MEMORY_LIMITpass through todocker runas--cpus/--memory(container-runner.ts). Both empty by default — no flag added, spawn args byte-identical to today — so existing installs are unaffected. Set them to cap an agent container's CPU/memory so one agent can't monopolize the host (e.g.CONTAINER_CPU_LIMIT=2,CONTAINER_MEMORY_LIMIT=8g). Swap is intentionally not managed here:--memoryis a hard cap on a swapless host. - [BREAKING] Chat SDK pinned to
4.29.0(was4.26.0via^4.24.0).chatand the@chat-adapter/*channel adapters are version-locked — the adapter'sChatInstancemust match the bridge's, so a mismatched pair fails to typecheck atcreateChatSdkBridge(...).chatis therefore pinned exactly, and the channel-adapter install pins move with it — the/add-<channel>SKILL.md steps andsetup/*.shscripts onmain, plus the adapter code on thechannelsbranch. Core installs with no channel (onlycli) are unaffected. Migration: if any channel is installed (Slack, Discord, Telegram, Teams, …), re-run its/add-<channel>skill to pull the matching4.29.0adapter. - Budget/billing-exhausted LLM turns now reach the user instead of being silently dropped. When a turn ends in a non-retryable provider error (e.g. an Anthropic
403 billing_error) with no<message>wrapping, the agent-runner delivers the provider's notice to the originating channel and stops re-nudging the failing gateway.providers/claude.tsnow surfaces the SDK'sis_errorflag (and the error subtype'serrors[]text);poll-loop.tsdelivers that text and skips the re-wrap retry. Fixes the case where a spend-limit notice produced silence plus a turn-after-turn retry loop. - [BREAKING]
@onecli-sh/sdk0.5.0 -> 2.2.1 — requires a OneCLI server with the/v1API (older servers 404 every SDK call). The sanctioned gateway and CLI versions are pinned inversions.json. The gateway is a separate component — updating NanoClaw does not upgrade it for you:/update-nanoclawupgrades it when the pin moves, otherwise upgrade manually. Migration: docs/onecli-upgrades.md. - New agent provider: Codex (OpenAI) — run
/add-codex. Full runtime viacodex app-server(planning, MCP tools, server-side history, resume). Trunk ships the seams and the skill; the payload installs from theprovidersbranch (the skill, the setup picker, or--step provider-auth codex). Auth is vault-only — no credential ever enters a container. - Setup can now select, install, and authenticate a non-default agent provider. A provider registry feeds the setup picker, an installer pulls the provider's payload from its branch, a vault auth walkthrough runs (
--step provider-auth), and the picked provider is set on the first agent (a DB property) before its first spawn. Default (Claude) installs are unaffected — picking Claude changes nothing. - Provider choice is explicit per group — no install-wide default. Provider is a DB property set via
ncl groups config update --provider+ restart; creation is provider-agnostic. - Memory migrates via
/migrate-memory, never at runtime. Each provider keeps its own store; fresh groups on a surfaces-owning provider see no staleCLAUDE.*files. See docs/provider-migration.md. - Per-exchange archiving is provider-owned — the
onExchangeCompletehook; the markdown writer ships with the codex payload. - Container boot failures now say why — the last stderr lines are logged at
warnon a non-zero exit instead of a silent crash loop. - Slash commands now interrupt an in-flight turn. A runner-handled command (
/clear,/compact,/cost, …) arriving mid-turn aborts the active stream and runs immediately instead of waiting out the turn.
[2.1.0] - 2026-06-07
- [BREAKING] Startup now requires an upgrade marker. The host refuses to boot unless
data/upgrade-state.jsonrecords that this install reached the current version through a sanctioned path (/setup,/update-nanoclaw,/migrate-nanoclaw). After this update completes — and before restarting the service — stamp the marker by runningpnpm exec tsx scripts/upgrade-state.ts set. If the host has already tripped on restart with "update did not go through the supported path", that same command clears it. See docs/upgrade-recovery.md.
[2.0.64] - 2026-05-18
ncl destinations addandremovethrough the approval flow now reach the receiver immediately. Approved destinations weren't being projected into the receiving agent's local session state, so a freshly-added destination silently failed atsend_messagewithunknown destination, and a removed destination stayed resolvable until the next container restart. Both now take effect the moment the approval executes. Direct (non-approval) calls were unaffected.
[2.0.63] - 2026-05-15
Rollup release covering v2.0.55 through v2.0.63 — everything merged since the v2.0.54 tag. Starting with this release, the goal is to publish a GitHub Release for every package.json version bump that lands on main; see RELEASING.md.
- [BREAKING] Service names are now per-install. On v2 installs the launchd label and systemd unit are slugged to your project root:
com.nanoclaw.<sha1(projectRoot)[:8]>andnanoclaw-<slug>.service. The oldcom.nanoclaw/nanoclaw.servicenames no longer match a real service — update any copy-pasted restart or status commands. Find your install's names withsource setup/lib/install-slug.sh && launchd_label(macOS) orsystemd_unit(Linux). Thencltransport-error help text and 26 skill files now use the canonical helper-driven pattern; see setup/lib/install-slug.sh. - Compaction destination reminder placement fixed. The reminder injected after SDK auto-compaction now appears at the end of the compaction summary so it isn't stripped during truncation. Replaces the placement shipped in v2.0.54.
- Stronger message-wrapping enforcement. The poll loop nudges the agent when its output lacks
<message>wrapping, andCLAUDE.mdcore instructions now require wrapping even for single-destination agents. The welcome flow no longer double-greets. - OneCLI credentials after MCP install. MCP servers added through
add_mcp_servernow inherit OneCLI gateway routing — fixes the case where the agent kept asking for API keys after installing a new server. - CLI scope hardening.
scopeFieldnow fails closed when scope is missing, andsessions getis guarded against cross-group oracle access from group-scoped agents. - gmail/gcal skills aligned with v2.
/add-gmail-tooland/add-gcal-toolnow reflect the v2 container-config model — DB-backed mounts, no deadTOOL_ALLOWLISTedits, nocontainer.jsonwrites that get clobbered on next spawn. Manual sqlite3/JSON1 invocations corrected. - Repo-rename cleanup. Remaining
qwibitai/nanoclawreferences swept tonanocoai/nanoclawacross code and docs; CI workflow guards updated so they no longer no-op after the rename. - Slack scope checklist now includes
files:readandfiles:writefor skills that read or post attachments. - The internal-tag description in destination instructions no longer mentions scratchpads (which confused agents into routing them incorrectly).
- Container startup is now graceful when the
on_wakecolumn is missing on older sessions DBs.
[2.0.54] - 2026-05-10
- Per-group model and effort overrides. Agent groups can now run a specific Claude model and effort level, set via
ncl groups config update --model <model> --effort <level>. Defaults to the host-configured model when unset. - Claude Code 2.1.128. Container claude-code bumped from 2.1.116 to 2.1.128.
- CLI help text improvements for
ncl groups configandncl groups restart.
[2.0.48] - 2026-05-09
- Container config moved to DB. Per-agent-group container runtime config (provider, model, packages, MCP servers, mounts, skills) now lives in the
container_configstable instead ofgroups/<folder>/container.json. Existing filesystem configs are backfilled automatically on startup. Managed viancl groups config get/updateandconfig add-mcp-server/remove-mcp-server/add-package/remove-package. - Explicit restart with on-wake messages. Config CLI operations no longer auto-kill containers. New
ncl groups restartcommand with--rebuildand--messageflags. On-wake messages (on_wakecolumn onmessages_in) are only picked up by a fresh container's first poll, preventing dying containers from stealing them during the SIGTERM grace period. Self-mod approval handlers (install_packages,add_mcp_server) use the same race-free mechanism. - Per-group CLI scope. New
cli_scopesetting on container config (disabled/group/global, defaultgroup). Controls what the agent can access vianclfrom inside the container.disabledexcludes CLI instructions from CLAUDE.md and blocks all requests.group(default) restricts to own-group resources with auto-filled args.globalgives unrestricted access (set automatically for owner agent groups). Includes post-handler result filtering to prevent cross-group data leaks and blockscli_scopeescalation from group-scoped agents.
[2.0.45] - 2026-05-08
- Admin CLI (
ncl). Newnclcommand for querying and modifying the central DB — agent groups, messaging groups, wirings, users, roles, members, destinations, sessions, approvals, and dropped messages. Host-side transport via Unix socket; container-side transport via session DB. Write operations from inside containers go through the approval flow.listsupports column filtering and--limit. Runncl helpfor usage. - v1 → v2 migration. Run
bash migrate-v2.shfrom the v2 checkout. Finds your v1 install (sibling directory orNANOCLAW_V1_PATH), merges.env, seeds the v2 DB fromregistered_groups, copies group folders (CLAUDE.md→CLAUDE.local.md), copies session data with conversation continuity, ports scheduled tasks, interactively selects and installs channels (clack multiselect), copies container skills, builds the agent container, and offers a service switchover to test. Hands off to Claude (/migrate-from-v1) for owner seeding, access policy, CLAUDE.md cleanup, and fork customization porting. See docs/migration-dev.md and docs/v1-to-v2-changes.md.
[2.0.0] - 2026-04-22
Major version. NanoClaw v2 is a substantial architectural rewrite. Existing forks should run /migrate-nanoclaw (clean-base replay of customizations) or /update-nanoclaw (selective cherry-pick) before resuming work.
- [BREAKING] New entity model. Users, roles (owner/admin), messaging groups, and agent groups are now tracked as separate entities, wired via
messaging_group_agents. Privilege is user-level instead of channel-level, so the old "main channel = admin" concept is retired. See docs/architecture.md and docs/isolation-model.md. - [BREAKING] Two-DB session split. Each session now has
inbound.db(host writes, container reads) andoutbound.db(container writes, host reads) with exactly one writer each. Replaces the single shared session DB and eliminates cross-mount SQLite contention. See docs/db-session.md. - [BREAKING] Install flow replaced.
bash nanoclaw.shis the new default: a scripted installer that hands off to Claude Code for error recovery and guided decisions. The/setupClaude-guided skill still works as an alternative. - [BREAKING] Channels moved to the
channelsbranch. Trunk no longer ships Discord, Slack, Telegram, WhatsApp, iMessage, Teams, Linear, GitHub, WeChat, Matrix, Google Chat, Webex, Resend, or WhatsApp Cloud. Install them per fork via/add-<channel>skills, which copy from thechannelsbranch./update-nanoclawwill re-install the channels your fork had. - [BREAKING] Alternative providers moved to the
providersbranch. OpenCode, Codex, and Ollama install via/add-opencode,/add-codex,/add-ollama-provider. Claude remains the default provider baked into trunk. - [BREAKING] Three-level channel isolation. Wire channels to their own agent (separate agent groups), share an agent with independent conversations (
session_mode: 'shared'), or merge channels into one shared session (session_mode: 'agent-shared'). Chosen per channel via/manage-channels. - [BREAKING] Apple Container removed from default setup. Still available as an opt-in via
/convert-to-apple-container. - Shared-source agent-runner. Per-group
agent-runner-src/overlays are gone; all groups mount the same agent-runner read-only. Per-group customization flows through composedCLAUDE.md(shared base + per-group fragments). - Agent-runner runtime moved from Node to Bun. Container image is self-contained; no host-side impact. Host remains on Node + pnpm.
- OneCLI Agent Vault is the sole credential path. Containers never receive raw API keys; credentials are injected at request time.
[1.2.36] - 2026-03-26
- [BREAKING] Replaced pino logger with built-in logger. WhatsApp users must re-merge the WhatsApp fork to pick up the Baileys logger compatibility fix:
git fetch whatsapp main && git merge whatsapp/main. If thewhatsappremote is not configured:git remote add whatsapp https://github.com/qwibitai/nanoclaw-whatsapp.git.
[1.2.35] - 2026-03-26
- [BREAKING] OneCLI Agent Vault replaces the built-in credential proxy. Check your runtime:
grep CONTAINER_RUNTIME_BIN src/container-runtime.ts— if it shows'container'you are on Apple Container, if'docker'you are on Docker. Docker users: run/init-oneclito install OneCLI and migrate.envcredentials to the vault. Apple Container users: re-merge the skill branch (git fetch upstream skill/apple-container && git merge upstream/skill/apple-container) then run/convert-to-apple-containerand follow all instructions (configures credential proxy networking) — do NOT run/init-onecli, it requires Docker.
[1.2.21] - 2026-03-22
- Added opt-in diagnostics via PostHog with explicit user consent (Yes / No / Never ask again)
[1.2.20] - 2026-03-21
- Added ESLint configuration with error-handling rules
[1.2.19] - 2026-03-19
- Reduced
docker stoptimeout for faster container restarts (-t 1flag)
[1.2.18] - 2026-03-19
- User prompt content no longer logged on container errors — only input metadata
- Added Japanese README translation
[1.2.17] - 2026-03-18
- Added
/capabilitiesand/statuscontainer-agent skills
[1.2.16] - 2026-03-18
- Tasks snapshot now refreshes immediately after IPC task mutations
[1.2.15] - 2026-03-16
- Fixed remote-control prompt auto-accept to prevent immediate exit
- Added
KillMode=processso remote-control survives service restarts
[1.2.14] - 2026-03-14
- Added
/remote-controlcommand for host-level Claude Code access from within containers
[1.2.13] - 2026-03-14
Breaking: Skills are now git branches, channels are separate fork repos.
- Skills live as
skill/*git branches merged viagit merge - Added Docker Sandboxes support
- Fixed setup registration to use correct CLI commands
[1.2.12] - 2026-03-08
- Added
/compactskill for manual context compaction - Enhanced container environment isolation via credential proxy
[1.2.11] - 2026-03-08
- Added PDF reader, image vision, and WhatsApp reactions skills
- Fixed task container to close promptly when agent uses IPC-only messaging
[1.2.10] - 2026-03-06
- Added
LIMITto unbounded message history queries for better performance
[1.2.9] - 2026-03-06
- Agent prompts now include timezone context for accurate time references
[1.2.8] - 2026-03-06
- Fixed misleading
send_messagetool description for scheduled tasks
[1.2.7] - 2026-03-06
- Added
/add-ollamaskill for local model inference - Added
update_tasktool and return task ID fromschedule_task
[1.2.6] - 2026-03-04
- Updated
claude-agent-sdkto 0.2.68
[1.2.5] - 2026-03-04
- CI formatting fix
[1.2.4] - 2026-03-04
- Fixed
_chatJidrename tochatJidinonMessagecallback
[1.2.3] - 2026-03-04
- Added sender allowlist for per-chat access control
[1.2.2] - 2026-03-04
- Added
/use-local-whisperskill for local voice transcription - Atomic task claims prevent scheduled tasks from executing twice
[1.2.1] - 2026-03-02
- Version bump (no functional changes)
[1.2.0] - 2026-03-02
Breaking: WhatsApp removed from core, now a skill. Run /add-whatsapp to re-add.
- Channel registry: channels self-register at startup via
registerChannel()factory pattern isMainflag replaces folder-name-based main group detectionENABLED_CHANNELSremoved — channels detected by credential presence- Prevent scheduled tasks from executing twice when container runtime exceeds poll interval
[1.1.6] - 2026-03-01
- Added CJK font support for Chromium screenshots
[1.1.5] - 2026-03-01
- Fixed wrapped WhatsApp message normalization
[1.1.4] - 2026-03-01
- Added third-party model support
- Added
/update-nanoclawskill for syncing with upstream
[1.1.3] - 2026-02-25
- Added
/add-slackskill - Restructured Gmail skill for new architecture
[1.1.2] - 2026-02-24
- Improved error handling for WhatsApp Web version fetch
[1.1.1] - 2026-02-24
- Added Qodo skills and codebase intelligence
- Fixed WhatsApp 405 connection failures
[1.1.0] - 2026-02-23
- Added
/updateskill to pull upstream changes from within Claude Code - Enhanced container environment isolation via credential proxy