Skip to content

CHANGELOG.md

Latest commit

 

History

History
197 lines (161 loc) · 9.68 KB

CHANGELOG.md

File metadata and controls

197 lines (161 loc) · 9.68 KB

Changelog

All notable changes to OpenFang will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[0.5.10] - 2026-04-17

Fixed

  • Non-loopback requests with no api_key configured now return 401 by default. Opt out with OPENFANG_ALLOW_NO_AUTH=1. Fixes the B1/B2 authentication bypass from #1034.
  • Agent context.md is re-read on every turn so external updates take effect mid-session. Opt out per agent with cache_context = true on the manifest. Fixes #843.
  • openfang config get default_model.base_url now prints the configured URL instead of an empty string. Missing keys return a clear "not found" error. Fixes #905.
  • schedule_create, schedule_list, and schedule_delete tools plus the /api/schedules routes now use the kernel cron scheduler, so scheduled jobs actually fire. One-shot idempotent migration imports legacy shared-memory entries at startup. Fixes #1069.
  • Multimodal user messages now combine text and image blocks into a single message so the LLM sees both. Fixes #1043.

Added

  • openfang hand config <id> subcommand: get, set, unset, and list settings on an active hand instance. Fixes #809.
  • Optional per-channel prefix_agent_name setting (off / bracket / bold_bracket). Wraps outbound agent responses so users in multi-agent channels can see which agent replied. Default is off, byte-identical to prior behavior. Fixes #980.

Closed as invalid

  • #818 and #819. Both reference a knowledge-domain API that does not exist on main. Filed against an unmerged feature branch (plan/013-audit-remediation). Close with a note to build the proposed validation and stale-timestamp surfacing into that feature when it lands.

[0.5.9] - 2026-04-10

Changed

  • BREAKING: Dashboard password hashing switched from SHA256 to Argon2id. Existing password_hash values in config.toml must be regenerated with openfang auth hash-password. Only affects users with [auth] enabled = true.

Fixed

  • Dashboard passwords were hashed with plain SHA256 (no salt), making them vulnerable to rainbow table and GPU-accelerated brute force attacks. Now uses Argon2id with random salts.

0.1.0 - 2026-02-24

Added

Core Platform

  • 15-crate Rust workspace: types, memory, runtime, kernel, api, channels, wire, cli, migrate, skills, hands, extensions, desktop, xtask
  • Agent lifecycle management: spawn, list, kill, clone, mode switching (Full/Assist/Observe)
  • SQLite-backed memory substrate with structured KV, semantic recall, vector embeddings
  • 41 built-in tools (filesystem, web, shell, browser, scheduling, collaboration, image analysis, inter-agent, TTS, media)
  • WASM sandbox with dual metering (fuel + epoch interruption with watchdog thread)
  • Workflow engine with pipelines, fan-out parallelism, conditional steps, loops, and variable expansion
  • Visual workflow builder with drag-and-drop node graph, 7 node types, and TOML export
  • Trigger system with event pattern matching, content filters, and fire limits
  • Event bus with publish/subscribe and correlation IDs
  • 7 Hands packages for autonomous agent actions

LLM Support

  • 3 native LLM drivers: Anthropic, Google Gemini, OpenAI-compatible
  • 27 providers: Anthropic, Gemini, OpenAI, Groq, OpenRouter, DeepSeek, Together, Mistral, Fireworks, Cohere, Perplexity, xAI, AI21, Cerebras, SambaNova, Hugging Face, Replicate, Ollama, vLLM, LM Studio, and more
  • Model catalog with 130+ built-in models, 23 aliases, tier classification
  • Intelligent model routing with task complexity scoring
  • Fallback driver for automatic failover between providers
  • Cost estimation and metering engine with per-model pricing
  • Streaming support (SSE) across all drivers

Token Management & Context

  • Token-aware session compaction (chars/4 heuristic, triggers at 70% context capacity)
  • In-loop emergency trimming at 70%/90% thresholds with summary injection
  • Tool profile filtering (cuts default 41 tools to 4-10 for chat agents, saving 15-20K tokens)
  • Context budget allocation for system prompt, tools, history, and response
  • MAX_TOOL_RESULT_CHARS reduced from 50K to 15K to prevent tool result bloat
  • Default token quota raised from 100K to 1M per hour

Security

  • Capability-based access control with privilege escalation prevention
  • Path traversal protection in all file tools
  • SSRF protection blocking private IPs and cloud metadata endpoints
  • Ed25519 signed agent manifests
  • Merkle hash chain audit trail with tamper detection
  • Information flow taint tracking
  • HMAC-SHA256 mutual authentication for peer wire protocol
  • API key authentication with Bearer token
  • GCRA rate limiter with cost-aware token buckets
  • Security headers middleware (CSP, X-Frame-Options, HSTS)
  • Secret zeroization on all API key fields
  • Subprocess environment isolation
  • Health endpoint redaction (public minimal, auth full)
  • Loop guard with SHA256-based detection and circuit breaker thresholds
  • Session repair (validates and fixes orphaned tool results, empty messages)

Channels

  • 40 channel adapters: Telegram, Discord, Slack, WhatsApp, Signal, Matrix, Email, Teams, Mattermost, Google Chat, Webex, Feishu/Lark, LINE, Viber, Facebook Messenger, Mastodon, Bluesky, Reddit, LinkedIn, Twitch, IRC, XMPP, and 18 more
  • Unified bridge with agent routing, command handling, message splitting
  • Per-channel user filtering and RBAC enforcement
  • Graceful shutdown, exponential backoff, secret zeroization on all adapters

API

  • 100+ REST/WS/SSE API endpoints (axum 0.8)
  • WebSocket real-time streaming with per-agent connections
  • OpenAI-compatible /v1/chat/completions API (streaming SSE + non-streaming)
  • OpenAI-compatible /v1/models endpoint
  • WebChat embedded UI with Alpine.js
  • Google A2A protocol support (agent card, task send/get/cancel)
  • Prometheus text-format /api/metrics endpoint for monitoring
  • Multi-session management: list, create, switch, label sessions per agent
  • Usage analytics: summary, by-model, daily breakdown
  • Config hot-reload via polling (30-second interval, no restart required)

Web UI

  • Chat message search with Ctrl+F, real-time filtering, text highlighting
  • Voice input with hold-to-record mic button (WebM/Opus codec)
  • TTS audio playback inline in tool cards
  • Browser screenshot rendering in chat (inline images)
  • Canvas rendering with iframe sandbox and CSP support
  • Session switcher dropdown in chat header
  • 6-step first-run setup wizard with provider API key help (12 providers)
  • Skill marketplace with 4 tabs (Installed, ClawHub, MCP Servers, Quick Start)
  • Copy-to-clipboard on messages, message timestamps
  • Visual workflow builder with drag-and-drop canvas

Client SDKs

  • JavaScript SDK (@openfang/sdk): full REST API client with streaming, TypeScript declarations
  • Python client SDK (openfang_client): zero-dependency stdlib client with SSE streaming
  • Python agent SDK (openfang_sdk): decorator-based framework for writing Python agents
  • Usage examples for both languages (basic + streaming)

CLI

  • 14+ subcommands: init, start, agent, workflow, trigger, migrate, skill, channel, config, chat, status, doctor, dashboard, mcp
  • Daemon auto-detection via PID file
  • Shell completion generation (bash, zsh, fish, PowerShell)
  • MCP server mode for IDE integration

Skills Ecosystem

  • 60 bundled skills across 14 categories
  • Skill registry with TOML manifests
  • 4 runtimes: Python, Node.js, WASM, PromptOnly
  • FangHub marketplace with search/install
  • ClawHub client for OpenClaw skill compatibility
  • SKILL.md parser with auto-conversion
  • SHA256 checksum verification
  • Prompt injection scanning on skill content

Desktop App

  • Tauri 2.0 native desktop app
  • System tray with status and quick actions
  • Single-instance enforcement
  • Hide-to-tray on close
  • Updated CSP for media, frame, and blob sources

Session Management

  • LLM-based session compaction with token-aware triggers
  • Multi-session per agent with named labels
  • Session switching via API and UI
  • Cross-channel canonical sessions
  • Extended chat commands: /new, /compact, /model, /stop, /usage, /think

Image Support

  • ContentBlock::Image with base64 inline data
  • Media type validation (png, jpeg, gif, webp only)
  • 5MB size limit enforcement
  • Mapped to all 3 native LLM drivers

Usage Tracking

  • Per-response cost estimation with model-aware pricing
  • Usage footer in WebSocket responses and WebChat UI
  • Usage events persisted to SQLite
  • Quota enforcement with hourly windows

Interoperability

  • OpenClaw migration engine (YAML/JSON5 to TOML)
  • MCP client (JSON-RPC 2.0 over stdio/SSE, tool namespacing)
  • MCP server (exposes OpenFang tools via MCP protocol)
  • A2A protocol client and server
  • Tool name compatibility mappings (21 OpenClaw tool names)

Infrastructure

  • Multi-stage Dockerfile (debian:bookworm-slim runtime)
  • docker-compose.yml with volume persistence
  • GitHub Actions CI (check, test, clippy, format)
  • GitHub Actions release (multi-platform, GHCR push, SHA256 checksums)
  • Cross-platform install script (curl/irm one-liner)
  • systemd service file for Linux deployment

Multi-User

  • RBAC with Owner/Admin/User/Viewer roles
  • Channel identity resolution
  • Per-user authorization checks
  • Device pairing and approval system

Production Readiness

  • 1731+ tests across 15 crates, 0 failures
  • Cross-platform support (Linux, macOS, Windows)
  • Graceful shutdown with signal handling (SIGINT/SIGTERM on Unix, Ctrl+C on Windows)
  • Daemon PID file with stale process detection
  • Release profile with LTO, single codegen unit, symbol stripping
  • Prometheus metrics for monitoring
  • Config hot-reload without restart