v0.6.0

ComfyUI-OpenClaw v0.6.0

This release focuses on assist UX improvements, runtime/operations hardening, admin query robustness, and API contract maturity. It also adds a generated OpenAPI spec and opt-in structured logging for better integration and observability workflows.

Highlights

• Optional streaming Assist UX for Planner/Refiner with incremental preview and safe fallback
• Runtime guardrails diagnostics and safer config/runtime contract handling
• Crypto lifecycle drill automation with machine-readable evidence output
• Compatibility matrix governance checks and refresh workflow
• Hardened admin query pagination and bounded scans for deterministic behavior
• Graceful shutdown/reset consistency hooks for runtime state
• Opt-in structured JSON logging for core execution paths
• Generated OpenAPI spec (docs/openapi.yaml) for integrator tooling

Added / Improved

Assist UX and Frontend Reliability

• Added optional streaming assist paths for Planner/Refiner
• Added frontend live preview updates with staged progress events
• Added capability-gated streaming enablement with automatic fallback to non-stream endpoints
• Added idempotent fetch-wrapper composition guard to prevent duplicate wrapper stacking during frontend bootstrap/setup

Automation and Operator UX

• Added admin-only automation payload composer endpoint for safe trigger/webhook draft generation
• Added server-side validation/normalization for draft payloads
• Added tool-calling schema support for automation payload composition
• Improved Parameter Lab UX with dynamic dimension picker hardening and expanded E2E coverage

Reliability and Operability Hardening

Runtime Lifecycle Consistency

• Added graceful shutdown/reset consistency hooks for scheduler/failover runtime state
• Improved runtime state flush/reset determinism
• Added atomic writes for runtime state files to reduce partial-write corruption risk

Management Query Robustness

• Hardened /events and /approvals pagination normalization
• Added bounded scans and deterministic malformed-input handling
• Improved cursor/scan diagnostics for admin-facing query paths

Helper Consolidation

• Consolidated shared frontend helper logic (cancellation / JSON parsing paths)
• Consolidated backend import-fallback helper logic
• Reduced duplicated compatibility code and maintenance risk across environments

Security and Governance

Runtime Guardrails

• Added runtime-only guardrail diagnostics visibility
• Prevented runtime-only safety limits from being persisted back into config

Crypto Lifecycle Drill Automation

• Added scripted drills for:
  • planned rotation
  • emergency revocation
  • key-loss recovery
  • token compromise
• Outputs machine-readable evidence for audit/verification workflows

Compatibility Matrix Governance

• Added machine-readable metadata to compatibility matrix documentation
• Added refresh workflow tooling
• Added operator-doctor freshness/drift checks

API and Integration Maturity

OpenAPI Spec Generation

• Added generated OpenAPI spec at docs/openapi.yaml
• Added generator workflow from docs/release/api_contract.md
• Improves integration review, tooling, and contract drift checks

Naming and Compatibility Cleanup

• Continued OpenClaw naming unification across UI/API/session surfaces
• Preserved core legacy compatibility routes while aligning canonical OpenClaw paths/selectors

Logging and Diagnostics

• Added opt-in structured JSON logging for selected core paths (queue submit and LLM client)
• Default logging remains plain text unless enabled:
  • OPENCLAW_LOG_FORMAT=json
  • or OPENCLAW_STRUCTURED_LOGS=1

Verification

This release scope was validated through the project SOP gates, including:

• detect-secrets
• pre-commit --all-files
• backend unit test suites
• frontend Playwright E2E

Upgrade Notes

• Streaming Assist is optional and capability-gated; frontend falls back automatically when unavailable
• Generated OpenAPI spec is now available at docs/openapi.yaml
• Structured JSON logging is opt-in only (no default log format change)
• Legacy /moltbot/* compatibility remains supported for core routes; /openclaw/* is the recommended path

v0.5.5

Highlights

• Completed Slack support closeout with secure Events API integration, no-skip R124/R125 gates, and synchronized docs/roadmap.

• Completed post-wave E closeout across three bundles:

  • Bundle A: route-plane governance and MAE invariant-gated validation.
  • Bundle B: safe_io egress convergence and CI/local preflight parity.
  • Bundle C: adversarial gate parity, dual-lane retry partition, and SOP/pre-push alignment.

Security and Reliability

• Fixed local LLM loopback SSRF regression and unified outbound pre-check/request-time validation.
• Added R123 real-backend model-list SSRF parity lane and enforced no-skip CI/SOP/full-gate checks.
• Enforced MAE no-skip CI gates and added key/token lifecycle SOP coverage (rotation/revocation/DR).
• Added R122 real-backend low-mock E2E lane for stronger backend-path coverage.
• Hardened R118 mutation gate with explicit module baseline, non-zero fail semantics, and stale-report/bytecode guards.

CI and Test Infrastructure

• Resolved CI failures caused by missing cryptography:

  • install required dependency in CI/pre-push flows
  • add requirements.txt baseline
  • harden no-crypto fallback behavior for registry signature and secret store tests.

Documentation and Operations

• Updated deployment/runtime/env-var docs to match current S56/S62 and SSRF posture.
• Replaced sidecar.md with a deprecated stub to preserve legacy links while redirecting to current guidance.

v0.5.0

Highlights

• Completed Control Plane Split baseline and external control-plane reliability contract.
• Closed remaining identity/ingress/MAE/supply-chain risks from Wave D Bundle B.
• Completed Wave E Bundles A/B/C end-to-end: deployment gates, verification hardening, policy-as-code, and security telemetry.
• Significantly expanded security verification depth: matrix contracts, mock-to-contract parity, skip-budget governance, triple-assert contracts, fuzz harness, and mutation baseline.

Security Hardening

• Enforced Control Plane Split for public posture, with high-risk embedded surfaces blocked by policy.
• Added external control-plane adapter with versioned contract, timeout/retry/backoff, idempotency propagation, circuit-breaker behavior, and deterministic degrade modes.
• Added startup deployment profile gate (fail-closed) for lan/public posture validation before route/worker registration.
• Delivered secrets-at-rest v2 with encryption-backed storage path (cryptography-based).
• Implemented bridge token lifecycle v2: issue/expiry/rotation/revoke/overlap-window with auditability.
• Enforced webhook mapping privilege clamp with post-map schema gate.
• Enforced public MAE route-plane segmentation and route-surface policy checks.
• Replaced placeholder registry signature checks with trust-root based verification and revocation-aware key governance.
• Added threat-intel policy gate (OFF/AUDIT/STRICT) and provider resilience contracts.
• Added signed, versioned policy posture bundles (stage/activate/rollback with fail-closed verification path).
• Added bounded security anomaly telemetry contract (SEC-001 to SEC-004) with audit emission.
• Fixed Security Doctor SSRF posture to honor canonical callback allow-host keys with legacy fallback and regression coverage.

Reliability, Operator Experience, and DX

• Added deployment self-check CLI: check_deployment_profile.py (local/lan/public, JSON output, strict warnings mode).
• Added security_deployment_guide.md with profile-based hardening templates.
• Improved split-mode UX continuity with clearer blocked/degraded behavior signaling.
• Added live backend parity E2E coverage for critical operator paths (submit/status/results/degraded).
• Added implementation-record linting and strengthened pre-push/full-gate test orchestration.

Verification and Test Hardening

• Added security state-matrix contract tests (token/mapping/route/signature).
• Added mock-to-contract parity tests for critical security paths.
• Added skip-budget governance and no-skip policy enforcement for critical suites.
• Added triple-assert security contracts (status + machine code + audit event).
• Added defect-first implementation-record lint gate.
• Added deterministic adversarial fuzz harness and mutation baseline tooling.
• Added broad new test coverage across deployment gates, control-plane split, bridge token lifecycle, webhook mapping clamp, MAE segmentation, registry signature verification, policy posture, and telemetry.

Breaking / Upgrade Notes

• cryptography>=41.0 is now required (pyproject.toml) for secrets-at-rest v2 paths.

• Public posture deployments should be validated for split control-plane readiness to avoid fail-closed startup gating.

• Recommended after upgrade:

  1. check_deployment_profile.py --profile <local|lan|public> --strict-warnings
  2. Confirm required tokens/proxy/callback allow-hosts/bridge mTLS settings for your deployment profile.

v0.4.0

Security Hardening - Wave A, B, C

• Hardened runtime startup posture: runtime profile gates, module capability boot boundaries, and bridge protocol handshake checks.
• Added startup hard-stop for unsafe non-loopback exposure to prevent insecure boot.
• Added scoped RBAC + multi-token least-privilege model for sensitive endpoints.
• Added canonical endpoint inventory drift guard to prevent auth coverage regressions on routes.
• Added non-repudiation audit trail coverage for sensitive actions.
• Upgraded external tools to true sandbox-style isolation; removed insecure fallback paths; strengthened tool path resolution against realpath/symlink bypass.
• Enforced durable replay/idempotency storage for webhook and bridge strict paths.
• Enforced stricter outbound endpoint policy for callback + LLM egress (scheme/port policy hardening).
• Fixed pack path traversal vectors (install, uninstall, and path resolution flows).
• Added strict input validation for pack API route handlers.
• Added pack manifest completeness enforcement (reject unlisted payload files).
• Added pack archive canonicalization hardening (zip-slip, drive-relative path, Unicode normalization bypass resistance).
• Added bridge/connector mTLS + device binding hardening.
• Added global DoS governance controls (quotas + lifecycle/storage protections).
• Added release provenance verification workflow (generation + verification scripts, checklist integration).
• Added connector semantic guardrails and command firewall controls to reduce prompt-injection/unsafe-command risk.
• Expanded Security Doctor contract and diagnostics; added fail-closed posture on transform runtime unavailability.
• Closed prior “implemented but pending validation” security items with full TEST_SOP acceptance evidence.

v0.3.0

v0.3.0 Features

KakaoTalk output hardening

• Added strict QuickReply limits (max 10) with safe truncation.
• Added empty-output fallback text to prevent invalid platform payloads.
• Improved deterministic output shaping and sanitization behavior.

WeChat Official Account protocol parity

• Added encrypted webhook support (encrypt_type=aes) with signature verification and AES decrypt flow.
• Expanded event normalization for subscribe, unsubscribe, CLICK, VIEW, and SCAN.
• Added deterministic replay dedupe for event payloads without MsgId.
• Enforced 5-second ACK discipline with deferred reply fallback for slow handlers.

Sidecar worker runtime alignment

• Added worker-facing bridge endpoints for polling jobs, submitting results, and heartbeats.
• Aligned client routing to contract-defined endpoints (removed hardcoded endpoint paths).
• Added idempotency headers for result submission and standardized timeout/header behavior.

Bridge/API robustness

• Route registration now follows contract-defined paths for both server-facing and worker-facing endpoints.
• Worker endpoint auth/scope checks are enforced with deterministic behavior.

Test and dependency support

• Added optional AES dependency profile for WeChat encrypted mode.
• Improved Windows full-test automation to auto-install crypto dependency when needed.
• Added dedicated worker E2E coverage and expanded regression coverage for WeChat/Kakao/bridge paths.

v0.2.9

Security Hardening: Auth/Observability boundaries, connector command controls, registry trust policy, transform isolation, integrity checks, and safe tooling controls

• Delivered observability tier hardening with explicit sensitivity split:
  • Public-safe: /openclaw/health
  • Observability token: /openclaw/config, /openclaw/events, /openclaw/events/stream
  • Admin-only: /openclaw/logs/tail, /openclaw/trace/{prompt_id}, /openclaw/secrets/status, /openclaw/security/doctor
• Delivered constrained transform isolation hardening:
  • process-boundary execution via TransformProcessRunner
  • timeout/output caps and network-deny worker posture
  • feature-gated default-off behavior for safer rollout
• Delivered approval/checkpoint integrity hardening:
  • canonical JSON + SHA-256 integrity envelopes
  • tamper detection and fail-closed handling on integrity violations
  • migration-safe loading behavior for legacy persistence files
• Delivered external tooling execution policy:
  • allowlist-driven tool definitions (data/tools_allowlist.json)
  • strict argument validation, bounded timeout/output, and redacted output handling
  • gated by OPENCLAW_ENABLE_EXTERNAL_TOOLS plus admin access policy
• Extended security doctor coverage with wave-2 checks:
  • validates transform isolation posture
  • reports external tooling posture
  • verifies integrity module availability
• Auth-coverage contract tests were updated to include new tool routes and prevent future route-auth drift regressions.
• Added connector command authorization hardening:
  • separates command visibility from command execution privileges
  • centralizes per-command access checks to reduce cross-platform auth drift
  • supports explicit allow-list policy controls for sensitive command classes
  • adds operator-configurable command policy controls via OPENCLAW_COMMAND_OVERRIDES and OPENCLAW_COMMAND_ALLOW_FROM_{PUBLIC|RUN|ADMIN}
• Added registry anti-abuse controls for remote distribution paths:
  • bounded request-rate controls and deduplication windows reduce abuse and accidental hot loops
  • stale anti-abuse state pruning keeps long-running deployments stable
• Added registry preflight and trust-policy hardening:
  • static package safety checks are enforced before activation paths
  • policy-driven signature/trust posture supports audit and strict enforcement modes
  • registry trust mode is operator-controlled via OPENCLAW_REGISTRY_POLICY and preflight verification enforces fail-closed file-path requirements