Tools registered via ExtensionAPI.registerTool() (TypeBox schemas):
- jail_status: structured jail list from bastille-list (not raw text)
- system_health: composite — jails + ZFS + PF in one call
- skills_search: fuzzy search library.yaml, returns SKILL.md content inline
- skills_content: get full SKILL.md for a known skill id
- task_create: create controlplane task for specialist delegation
- task_status: check task status or list recent tasks
- hostd: privileged op passthrough (15 ops, safety rules apply)
Also adds @sinclair/typebox@0.34.49 (matches pi's bundled version) and a
tsconfig for the extension directory to resolve the global pi package.
Pre-existing type errors in original index.ts (ctx.ui) left untouched.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
Build: pass | Tests: pass — Tests 942 passed (942)
---
Build: pass | Tests: FAIL — Tests 40 failed | 766 passed (806)
Replace better-sqlite3 with pg Pool for all operational data (chats,
messages, tasks, sessions, router_state, registered_groups). New
OPS_DB_URL config drives a dedicated ops database alongside the
existing memory and skills databases.
All db.ts functions are now async. Callers in src/, setup/, and tests
updated accordingly. Tests use a mock pool (src/test-helpers.ts) so
they run without a live Postgres connection.
---
Build: pass | Tests: not run (Linux)
## Headline Features
- Setup wizard: FreeBSD bsdinstall-style TUI for first-time setup
- Project-relative tmp/: No more /tmp usage
- Infrastructure as code: Ansible reads all IPs from .env
- Password-protected-site: Auto-generated htpasswd during wizard
## Attribution
This release was made possible with assistance from:
AI Systems: Openclaw, NanoClaw, z.ai, Anthropic Claude, OpenAI Codex, OpenRouter, Deepseek, Groq, Ollama, pi-tui
Human: Peter Steinberger
Replace all hardcoded IPs (192.168.100.x) and domains (clawdie.si)
with configurable placeholders. Real values now live exclusively in
.env (gitignored).
Network: code defaults to 10.0.0.x, configurable via WARDEN_SUBNET_BASE,
WARDEN_GATEWAY, WARDEN_CONTROL_PLANE_IP env vars in jail-config.ts.
Domain: code defaults to clawdie.local, configurable via CLAWDIE_DOMAIN
env var. Subdomain scheme: controlplane/db/cms/gui.{domain}.
Also includes PGVector Phase 0 prep:
- Created ai_brain database with pgvector extensions
- Added pg + @types/pg npm packages
- Added CLAWDIE_DB_URL to .env
- Renamed db from 'clawdie' to 'ai_brain' across Ansible and docs
- Resolved embedding model: OpenRouter text-embedding-3-large at 1536d
- Added docs/pgvector-install-log.md
Renamed ai.clawdie.si → controlplane.{domain} (more descriptive).
Renamed vm.clawdie.si → gui.{domain}.
76 files updated across source, tests, skills, docs, Ansible, and scripts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: multi-channel infrastructure with explicit channel/is_group tracking
- Add channels[] array and findChannel() routing in index.ts, replacing
hardcoded whatsapp.* calls with channel-agnostic callbacks
- Add channel TEXT and is_group INTEGER columns to chats table with
COALESCE upsert to protect existing values from null overwrites
- is_group defaults to 0 (safe: unknown chats excluded from groups)
- WhatsApp passes explicit channel='whatsapp' and isGroup to onChatMetadata
- getAvailableGroups filters on is_group instead of JID pattern matching
- findChannel logs warnings instead of silently dropping unroutable JIDs
- Migration backfills channel/is_group from JID patterns for existing DBs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: skills engine v0.1 — deterministic skill packages with rerere resolution
Three-way merge engine for applying skill packages on top of a core
codebase. Skills declare which files they add/modify, and the engine
uses git merge-file for conflict detection with git rerere for
automatic resolution of previously-seen conflicts.
Key components:
- apply: three-way merge with backup/rollback safety net
- replay: clean-slate replay for uninstall and rebase
- update: core version updates with deletion detection
- rebase: bake applied skills into base (one-way)
- manifest: validation with path traversal protection
- resolution-cache: pre-computed rerere resolutions
- structured: npm deps, env vars, docker-compose merging
- CI: per-skill test matrix with conflict detection
151 unit tests covering merge, rerere, backup, replay, uninstall,
update, rebase, structured ops, and edge cases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Discord and Telegram skill packages
Skill packages for adding Discord and Telegram channels to NanoClaw.
Each package includes:
- Channel implementation (add/src/channels/)
- Three-way merge targets for index.ts, config.ts, routing.test.ts
- Intent docs explaining merge invariants
- Standalone integration tests
- manifest.yaml with dependency/conflict declarations
Applied via: npx tsx scripts/apply-skill.ts .claude/skills/add-discord
These are inert until applied — no runtime impact.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* remove unused docs (skills-system-status, implementation-guide)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Replace inline SKILL.md instructions with executable shell scripts
for each setup phase (environment check, deps, container, auth,
groups, channels, mounts, service, verify). Scripts emit structured
status blocks for reliable parsing.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Telegram channel with agent swarm support
Add Telegram as a messaging channel that can run alongside WhatsApp
or standalone (TELEGRAM_ONLY mode). Includes bot pool support for
agent swarms where each subagent appears as a different bot identity
in the group.
- Add grammy dependency for Telegram Bot API
- Route messages through tg: JID prefix convention
- Add storeMessageDirect for non-Baileys channels
- Add sender field to IPC send_message for swarm identity
- Support TELEGRAM_BOT_TOKEN, TELEGRAM_ONLY, TELEGRAM_BOT_POOL config
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add index.ts refactor plan
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: extract channel abstraction, IPC, and router from index.ts
Break the 1088-line monolith into focused modules:
- src/channels/whatsapp.ts: WhatsAppChannel class implementing Channel interface
- src/ipc.ts: IPC watcher and task processing with dependency injection
- src/router.ts: message formatting, outbound routing, channel lookup
- src/types.ts: Channel interface, OnInboundMessage, OnChatMetadata types
Also adds regression test suite (98 tests), updates all documentation
and skill files to reflect the new architecture.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ci: add test workflow for PRs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: remove accidentally committed pool-bot assets
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(ci): remove grammy from base dependencies
Grammy is installed by the /add-telegram skill, not a base dependency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix potential memory DoS via unbounded container output
Add CONTAINER_MAX_OUTPUT_SIZE (default 10MB) to limit accumulated
stdout/stderr from container processes. Without this limit, a malicious
or buggy container could emit huge output leading to host memory
exhaustion.
Changes:
- Add configurable CONTAINER_MAX_OUTPUT_SIZE in config.ts
- Implement size-limited output buffering in runContainerAgent
- Log warnings when truncation occurs
- Include truncation status in container logs
https://claude.ai/code/session_01TjVDwwaGwbcFDdmrFF2y8B
* Update package-lock.json
https://claude.ai/code/session_01TjVDwwaGwbcFDdmrFF2y8B
---------
Co-authored-by: Claude <noreply@anthropic.com>
- Custom nanoclaw MCP server with scheduling tools (schedule_task,
list_tasks, get_task, update_task, pause/resume/cancel_task, send_message)
- Tasks run as full agents in their group's context
- Support for cron, interval, and one-time schedules
- Task run logging with duration and results
- Main channel has Bash access for admin tasks (query DB, manage groups)
- Other groups restricted to file operations only
- Updated docs and requirements
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add src/auth.ts for interactive QR code authentication
- Add `npm run auth` script
- Update setup skill for current Node.js architecture
- Daemon (src/index.ts) now only uses stored credentials
Auth is run during setup; daemon assumes credentials exist and
shows macOS notification if re-auth is needed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The daemon should never show interactive QR codes. If auth is needed,
send a macOS notification alerting the user to run /setup, then exit.
Also removes unused qrcode-terminal dependency.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
A minimal Node.js application that connects Claude Agent SDK to WhatsApp
using baileys. Features per-group memory via CLAUDE.md files, session
continuity, scheduled tasks, and Gmail integration via MCP.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
