v1.9.0 — OKR Engine, Workspace Collaboration, Multi-Channel Expansion & Security Hardening

What's New in v1.9.0

This is a major release introducing the OKR management system, real-time workspace collaboration, new channel integrations, and critical security hardening.

---

🎯 OKR Management System

A full-featured OKR engine built on top of the multi-agent platform:

• OKR Data Model & API — Complete CRUD for Objectives and Key Results, including a company-level OKR dashboard
• Auto-provisioned OKR Agent — When a tenant enables OKR for the first time, a dedicated OKR Agent is automatically created
• Daily Collection & Reporting — The OKR Agent sends daily progress check-ins to members via A2A, aggregates responses, and generates company-level reports; automatically skips non-business days
• Nudge Members — Proactively reminds members who haven't submitted OKR updates; supports relationship-network-based member filtering
• KR Content Update Tool — Agents can directly call a tool to update KR progress content
• OKR Settings Page — New dedicated OKR tab in Enterprise Settings for toggling, cadence configuration, and report trigger management
• Missing OKR Members Panel — Displays members who haven't filled in OKRs, with source annotations

---

🤝 Agent-to-Agent (A2A) Enhancements

• Three message types — notify, consult, and task_delegate; agents automatically select the appropriate type based on semantics
• Tenant-level async toggle — a2a_async_enabled moved from Agent level to Tenant level; configure once in Enterprise Settings
• A2A session visibility — A2A replies are mirrored to shared sessions; users can view agent-to-agent conversations in the "Other Users" tab
• User-friendly notifications — Task delegation generates readable notification titles, filtering out internal jargon

---

🗂️ Workspace Collaboration

• Rich file preview — Sidebar preview for images, HTML, PDF, Markdown, and more
• Preview lock — Users can lock the current preview to prevent auto-switching when agents write files
• Streaming draft parameters — Real-time streaming display of draft parameters during tool calls
• File deletion confirmation — Confirmation prompt before deleting a previewed file
• Auto-archive generated documents — Agent-generated documents are automatically organized into corresponding folders
• Hover delete button — Workspace file list shows a delete button on hover

---

📡 New Channel Integrations

• WeChat (微信) — New WeChat Work channel integration
• WhatsApp — New WhatsApp channel integration
• Google Workspace — New Google Workspace integration with proxy configuration and UI improvements
• DingTalk rich media — Added support for image, file, audio, and video message types in DingTalk

---

🛠️ New Agent Tools

• Format conversion tools — Built-in tools for Word / Excel / PPT / PDF conversion
• Feishu document search — Agents can search Feishu document libraries via tool call
• Platform message priority routing — Messages from platform users are preferentially sent via send_platform_message

---

💬 Chat & Session Improvements

• Primary Session — Platform users now have a dedicated primary session entry with unread badge support
• Hash routing — Agent detail page supports hash anchor navigation to jump directly to a specific tab

---

🔒 Security Hardening

• 4 critical vulnerabilities patched (#246):
  • Unauthenticated API key generation endpoint
  • LLM API keys stored in plaintext — now AES-256 encrypted
  • Production startup allowed with default JWT secret — now blocked unless DEBUG=true
  • Multi-tenant isolation gaps in permission checks and Plaza API
• Stronger execute_code sandbox — Enhanced bwrap isolation for the code execution tool
• Removed plaintext credential fields — Plaintext website password fields removed from credential storage

---

⚡ Performance

• Session list N+1 query fix (#410) — Replaced 1+2N per-session queries with 3–4 bulk queries regardless of session count
• A2A wake reflection limit — Reflection sessions capped at 2 tool-call rounds to prevent resource waste

---

🐛 Bug Fixes

• Fixed backend startup hang during database bootstrap
• Fixed Feishu WebSocket duplicate connection causing "kicked by new connection" errors
• Fixed Feishu streaming cards, structured errors, and migration robustness (#444)
• Fixed approvals tab crash on non-array responses (#422)
• Fixed missing ensure_identity_provider in registration flow (#469)
• Fixed chat page scroll regression
• Fixed model configuration not taking effect in real time
• Fixed fallback LLM not activating when primary LLM errors
• Added rate-limit protection to DingTalk org sync API
• Fixed tool call message pairs (assistant + tool) being broken apart (#416)
• Fixed malformed JSON arguments in write_file tool calls (#212)
• Fixed user profile update not persisting correctly in PATCH /auth/me (#213)
• Fixed org member identity mapping for sync and SSO (#404)

---

Upgrade Guide

Database migration required. This release includes multiple schema changes. Run alembic upgrade head before starting the new version.

⚠️ Breaking Changes — Read Before Upgrading

1. a2a_async_enabled moved from Agent to Tenant level
The migration script automatically sets the tenant-level flag to FALSE. After upgrading, reconfigure in Enterprise Settings → Company Info → A2A Async if you had this enabled per-agent.

2. send_web_message tool renamed to send_platform_message
Any Agent soul.md files that reference send_web_message must be updated manually. The old name will not be recognized.

3. Plaintext credential fields removed
The website_password and related plaintext fields have been dropped from the agent_credentials table. Back up your credentials before running migrations. After upgrading, re-enter credentials through the UI.

4. JWT secret enforcement in production
If your deployment uses the default SECRET_KEY=change-me, the backend will now refuse to start unless DEBUG=true. Set a strong secret in your .env before upgrading production.

---

Docker Deployment (Recommended)

# 1. Pull latest code
git pull origin main

# 2. Run database migrations (before restarting)
docker exec clawith-backend-1 alembic upgrade head

# 3. Rebuild and restart all services
docker compose down && docker compose up -d --build

Large datasets: The chat message index migration (#411) may take several minutes on tables with millions of rows. Run it during a maintenance window and monitor progress with:

docker exec clawith-backend-1 alembic current

---

Source Deployment

# 1. Pull latest code
git pull origin main

# 2. Install new backend dependencies
cd backend && pip install -e ".[dev]"

# 3. Run database migrations
alembic upgrade head

# 4. Rebuild frontend
cd ../frontend && npm install && npm run build

# 5. Restart backend
# (use your process manager: systemd, supervisor, etc.)

---

Kubernetes (Helm)

# 1. Update chart values if needed (new env vars: see Notes below)
vim values.yaml

# 2. Run migration job before rolling out new pods
kubectl exec -n <namespace> deploy/clawith-backend -- alembic upgrade head

# 3. Roll out new image
helm upgrade clawith helm/clawith/ -f values.yaml

---

Post-Upgrade Checklist

• Verify backend starts without errors (docker logs clawith-backend-1)
• Confirm SECRET_KEY is set to a non-default value in production
• Re-enter any credentials that used plaintext fields (Agent Credentials page)
• Update Agent soul.md files: replace send_web_message → send_platform_message
• If A2A Async was in use: re-enable in Enterprise Settings → Company Info
• New channels (WeChat, WhatsApp, Google Workspace): configure credentials in Enterprise Settings → Channels
• OKR feature is off by default — enable in Enterprise Settings → OKR when ready

---

New Environment Variables

No new required environment variables. Optional additions:

Variable	Default	Description
DEBUG	false	Must be true to allow default JWT secret in dev

---

Notes

• OKR features are disabled by default. Enabling them auto-creates a dedicated OKR Agent for the tenant.
• WeChat, WhatsApp, and Google Workspace channels each require separate credential setup in Enterprise Settings before use.
• The a2a_async_enabled column on the agents table has been removed; the flag now lives on the tenants table.

v1.8.3-beta.2 — A2A Chat History Fixes

Bug Fixes

A2A Chat History Fixes

• A2A session now shows both sides of the conversation: when a target agent is woken via notify or task_delegate, its reply is now mirrored into the shared A2A chat session so the full conversation is visible in the admin Other Users tab
• Removed hardcoded 2-round tool call limit for A2A wake invocations: agents were hitting the limit before completing basic tasks; they now use their own configurable max_tool_rounds setting (default 50)
• Fixed message loading order: sessions with many messages (e.g. long-running A2A threads) were only showing the oldest 500 messages; now correctly loads the most recent 500

---

Full changelog: see RELEASE_NOTES.md

v1.8.3-beta — A2A Async Communication, Image Context & Search Tools

What's New

Agent-to-Agent (A2A) Async Communication — Beta

• Three communication modes for send_message_to_agent:
  • notify — fire-and-forget, one-way announcement
  • task_delegate — delegate work and get results back asynchronously via on_message trigger
  • consult — synchronous question-reply (original behaviour)
• Feature flag: controlled at the tenant level via Company Settings → Company Info → A2A Async toggle (default: OFF)
• When disabled, the msg_type parameter is hidden from the LLM so agents only see synchronous consult mode
• Security: chain depth protection (max 3 hops), regex filtering of internal terms, SQL injection prevention
• Performance: async wake sessions limited to 2 tool rounds

Multimodal Image Context

• Base64 image markers are now persisted to the database at write time
• Chat UI correctly strips [image_data:] markers and renders thumbnails
• Fixed chat page vertical scrolling (flexbox min-height: 0 constraint)
• Removed deprecated /agents/:id/chat route

Search Engine Tools

• New Exa Search tool — AI-powered semantic search with category filtering
• New standalone search engine tools: DuckDuckGo, Tavily, Google, Bing (each as own tool)

UI Improvements

• Drag-and-drop file upload across the application
• Chat sidebar polish: segment control, session items styling
• Agent-to-agent sessions now visible in the admin "Other Users" tab

Bug Fixes

• DingTalk org sync rate limiting to prevent API throttling
• Tool seeder: parameters_schema now correctly included in new tool INSERT
• Unified msg_type enum references across codebase
• Docker access port corrected to 3008

---

Upgrade Guide

Database migration required. Run alembic upgrade heads to add the a2a_async_enabled column.

Docker Deployment (Recommended)

git pull origin main

# Run database migration
docker exec clawith-backend-1 alembic upgrade heads

# Rebuild and restart
docker compose down && docker compose up -d --build

Source Deployment

git pull origin main

# Run database migration
alembic upgrade heads

# Rebuild frontend
cd frontend && npm install && npm run build
cd ..

# Restart services

Kubernetes (Helm)

helm upgrade clawith helm/clawith/ -f values.yaml
# Run migration job for a2a_async_enabled column

Notes

• The A2A Async feature is disabled by default. No behaviour changes until explicitly enabled.
• The a2a_async_enabled column defaults to FALSE, so existing tenants are unaffected.

v1.8.2

v1.8.2 Release Notes

What's New

Security

• Fix account takeover via username collision (#300): Prevents an attacker from creating an account with a username matching an existing SSO user's email, which could lead to unauthorized account access.
• Fix duplicate user creation on repeated SSO logins: Feishu and DingTalk SSO now correctly reuse existing accounts instead of creating duplicate users.

AgentBay — Cloud Computer & Browser Automation

• New: agentbay_file_transfer tool: Transfer files between any two environments — agent workspace, browser sandbox, cloud desktop (computer), or code sandbox — in any direction.
• Fix: Computer Take Control (TC) white screen: TC now connects to the correct environment session (computer vs. browser) based on env_type. Previously, an existing browser session could hijack the computer TC connection.
• Fix: OS-aware desktop paths: The agentbay_file_transfer tool description now automatically reflects the correct paths for the agent's configured OS type:
  • Windows: C:\Users\Administrator\Desktop\
  • Linux: /home/wuying/Desktop/
• Fix: Desktop file refresh: After uploading to the Linux desktop directory, GNOME is notified to refresh icon display.
• Multiple Take Control stability fixes: CDP polling replaced with sleep, multi-tab cleanup, 40s navigate timeout, unhashable type errors.

Feishu (Lark) — CardKit Streaming Cards

• Feishu bot responses now stream as animated typing-effect cards using the CardKit API (#287).
• Fixed SSE stream hang issues and websocket proxy bypass for system proxy conflicts.

WeCom (Enterprise WeChat) Integration

• WeCom features are currently hidden behind a prerequisites notice (pending enterprise approval setup).
• Backend: Full org sync, domain verification endpoint, dual-credential architecture for API access.
• nginx: Added WW_verify_*.txt routing for WeCom domain ownership verification.

DingTalk & Organization Sync

• Fixed DingTalk org sync permissions guide (Contact.User.Read scope).
• Fixed open_id vs employee_id user type handling in Feishu org sync.

Other Bug Fixes

• Fix: SSE stream protection — finish_reason break guard added for OpenAI and Gemini streams to prevent runaway streams.
• Fix: Duplicate tool send_feishu_message — Removed duplicate DB entry; added dedup guard in tool loading to prevent Tool names must be unique LLM errors.
• Fix: JWT token not consumed on reset-password and verify-email routes.
• Fix: NULL username/email for SSO-created users in list_users.
• Fix: Company name slug generation — Added anyascii + pypinyin for universal CJK/Latin transliteration.
• Fix: publish_page URL — Correctly generates try.clawith.ai links on source deployments.
• Fix: Agent template directory — Dynamic default for source deployments.
• Various i18n fixes (TakeControlPanel, WeCom, DingTalk guide).

---

Upgrade Guide

No database migrations required. No new environment variables.

Docker Deployment (Recommended)

git pull origin main
docker compose down && docker compose up -d --build

Important: If your server does not have Node.js/npm, the frontend must be built locally and uploaded, or installed via nvm (see note below).

Source Deployment

git pull origin main

# Install new Python dependency
pip install anyascii>=0.3.2

# Rebuild frontend
cd frontend && npm install && npm run build
cd ..

# Restart services

nginx Update Required

A new routing rule for WeCom domain verification has been added to nginx.conf. If you manage nginx separately (not via Docker), add this block inside your server {} before the WebSocket proxy section:

location ~ ^/WW_verify_[A-Za-z0-9]+\.txt$ {
    proxy_pass http://backend:8000/api/wecom-verify$request_uri;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
}

Kubernetes (Helm)

helm upgrade clawith helm/clawith/ -f values.yaml

No migration job needed.

---

Upgrade Notes — Lessons Learned (from our production upgrade)

The following issues were encountered during the v1.8.1 → v1.8.2 production upgrade and may affect other deployers:

1. Server without npm: dist.zip may be stale in git

Problem: Our production server did not have Node.js/npm installed. The frontend/dist.zip tracked in git can fall behind when frontend changes are made and committed without a corresponding build (e.g., when the build was done on a separate dev server).

Symptoms: After git pull, the dist.zip in the repo may not include the latest frontend changes, causing new features to be invisible in the UI even though the backend is updated.

Solutions:

• Option A (Recommended): Install Node.js on the deployment server via nvm (no root required):

  curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
  source ~/.nvm/nvm.sh
  nvm install 20

  Then build on the server: cd frontend && npm install && npm run build
• Option B: Build locally and upload via SCP:

  # On local machine:
  cd frontend && npm run build && cd dist && zip -r ../dist.zip .
  scp frontend/dist.zip user@server:/path/to/Clawith/frontend/dist.zip

Note: In China-based server environments, downloading from raw.githubusercontent.com may be very slow. If so, use a proxy or mirror.

2. anyascii is a new required Python dependency

Problem: Starting from this release, anyascii>=0.3.2 is required. If upgrading without rebuilding the Docker image (e.g., using docker cp to update only the app directory), this dependency must be installed separately inside the container:

docker exec clawith-backend-1 pip install anyascii>=0.3.2

For standard docker compose up --build upgrades, this is handled automatically.

v1.8.1

v1.8.1 Release Notes

Released: 2026-04-03

This is a stability and polish release built on top of v1.8.0-beta.3, covering security hardening,
Feishu reliability fixes, a redesigned tool-call visualization, new file-management tools, and
a first-class Kubernetes deployment option.

---

Highlights

Redesigned Tool-Call Visualization (AnalysisCard)

The live chat view now shows agent reasoning and tool calls in a unified AnalysisCard that
groups interleaved thinking and tool-call messages into one collapsible block. The card shows:

• A pulse LED while the agent is running, turning green on completion
• The currently-active tool name in collapsed state alongside tool-count badge
• Individual <details> rows per tool for args and result (collapsed by default)
• Italic thinking-content blocks inline for extended reasoning (deepthink) models

New File Management Tools

Three new built-in tools are available to all agents:

• edit_file — targeted line-range edits without rewriting the entire file
• search_files — substring or regex search across a workspace
• find_files — glob-pattern file lookup
• read_file now supports offset / limit for reading large files in pages

Kubernetes Deployment (Helm Chart)

A production-ready Helm chart is now included at helm/clawith/. Deploy Clawith on any
Kubernetes cluster in one command:

helm upgrade --install clawith helm/clawith/ -f values.yaml

Security Fixes

• Cross-tenant data leak — org member and department search was returning results across
  tenant boundaries. Now strictly scoped to the requesting tenant. (#security)
• Platform admin token scope — platform_admin role was not pinned to tenant_id in the
  JWT, allowing cross-tenant privilege escalation. Fixed.
• Duplicate OrgMember shell — channel users could create duplicate OrgMember rows on
  reconnect. A uniqueness guard has been added.

Feishu Integration Reliability

• feishu_doc_append intermittent failures — Markdown --- dividers were converted to
  block_type: 22 which the Feishu batch-children API rejects. They now render as a text
  separator line (────────────────────────), always accepted.
• index: -1 removed from the children API call — Feishu defaults to append-at-end when
  index is omitted, avoiding 1770001 invalid param errors.
• Stale websocket_chat import — feishu_doc_create was trying to import
  channel_feishu_sender_open_id from a deleted module, generating a visible warning. Fixed.
• Feishu streaming card stalls — ordered patch queue now correctly processes streaming
  updates for Feishu cards without stalling.
• Tool status stuck on "running" — Feishu-channel tool status now correctly transitions
  from running → done after tool completion.
• Added wiki:wiki permission to the recommended Full permission set in channel config.

Admin Chat UI

• Read-only session viewer — Admins viewing other users' sessions see a clear "Read-only ·
  username" badge at top-left (fixed overlay, never scrolls away).
• Card border — the entire chat area is now enclosed in a 12px-radius bordered card for
  visual clarity.
• Optimistic relationship deletion — relationship rows fade out immediately on delete (no wait).

Cross-Domain Tenant Switch

The ?token= query param is now consumed on app bootstrap, so users switching between tenant
instances via a generated link land directly in the correct tenant without requiring a page reload.

i18n Improvements

• All emoji removed from en.json and zh.json translation keys (project policy).
• Hardcoded "Copy", "Upload", and several status strings now properly use t().
• New i18n key agent.chat.analysing for the AnalysisCard header.
• Credential-related UI strings in zh.json completed.

---

Upgrade Guide

No breaking changes. No database migrations required.

Option A — Docker Compose

cd <clawith-dir>
git pull origin main
docker compose down && docker compose up -d --build

Or the rolling update (no downtime):

git pull origin main

# Frontend
cd frontend && npm install && npm run build
cp public/logo.png dist/ && cp public/logo.svg dist/
cd dist && zip -r ../dist.zip . && cd ../..
docker cp frontend/dist.zip clawith-frontend-1:/usr/share/nginx/html/dist.zip
docker exec clawith-frontend-1 sh -c "cd /usr/share/nginx/html && unzip -o dist.zip"
docker compose restart frontend

# Backend
docker cp backend/app clawith-backend-1:/app/
docker exec clawith-backend-1 find /app -name "__pycache__" -exec rm -rf {} + 2>/dev/null
docker compose restart backend

Option B — Source Deployment

git pull origin main
cd frontend && npm install && npm run build
cd ..
# Restart backend process (e.g. supervisorctl restart clawith-backend)

Option C — Kubernetes (Helm)

helm upgrade clawith helm/clawith/ -f values.yaml

No Alembic migration is required for this release.

---

Full Changelog

See all commits since v1.8.0-beta.3:
v1.8.0-beta.3...v1.8.1

v1.8.0-beta.3

v1.8.0-beta.3

What's Changed

New Features

• Split Code Executor into Local and E2B Cloud tools — The single "Code Executor" tool has been separated into two independent tools. The local tool shows CPU/memory/network config; the E2B Cloud tool only requires an API key. E2B errors are now surfaced explicitly instead of silently falling back to local execution.
• MCP Server credential management — New "Edit Server" UI and PUT /tools/mcp-server API endpoint for bulk-updating MCP server URLs and API keys across all tools sharing the same server.
• Feishu Wiki document creation — feishu_doc_create now supports creating documents directly inside Wiki knowledge bases, with automatic detection of Wiki node tokens.
• Feishu permission JSON UI redesign — Two-tier segmented control (Basic / Full) with i18n support for Feishu app permission configuration.
• Live Preview auto-sizing — AgentBay Live Preview panel now auto-sizes to 50% of the chat container width.

Bug Fixes

• Plaintext SMTP relay support — STARTTLS is now auto-negotiated based on server ESMTP capabilities instead of being forced on port 25/587. AUTH is skipped for unauthenticated IP-whitelisted internal relays. Password is no longer a required field in email configuration.
• Unified context window size — Introduced DEFAULT_CONTEXT_WINDOW_SIZE = 100 constant and unified all 9 communication channels (WebSocket, Feishu, Discord, WeCom, DingTalk, Teams, Slack) to use consistent fallback values.
• LLM stream retry — Added httpx.RemoteProtocolError to the stream retry logic to handle upstream connection resets.
• Tool config double-encryption — Fixed a bug where already-encrypted sensitive config fields were encrypted again on save.
• Loguru format collision — Replaced logger.error(..., exc_info=True) with logger.exception(...) across all channel handlers to prevent crashes when error messages contain special characters.
• WeCom message handler — Fixed NameError (agent vs agent_obj) and migrated user creation to channel_user_service to avoid AssociationProxy errors.
• Duplicate tool definition — Removed send_channel_message from _ALWAYS_INCLUDE_CORE to prevent "Tool names must be unique" LLM errors.
• AgentBay connection test — Fixed test image name (linux_latest) and api_key lookup in global tool config fallback.
• FastAPI route ordering — Reordered /tools/mcp-server/bulk before /tools/{tool_id} to prevent 422 validation errors on older FastAPI versions.
• Other fixes — LLM model temperature persistence, org_admin access to GitHub/ClawHub tokens, MCP tool import tenant scoping.

UI / i18n

• Context Window Size terminology — Corrected misleading "Max Rounds" / "Context Rounds" labels to industry-standard "Context Window Size" with accurate descriptions.
• MCP Server group header — Displays hostname instead of full URL for cleaner display.

Upgrade Notes

This is a drop-in upgrade from v1.8.0-beta.2. No breaking changes.

• No database migrations required
• No new dependencies
• No environment variable changes
• The new execute_code_e2b tool will be automatically created by the tool seeder on startup. It is not a default tool — agents will not have it unless explicitly added.
• The existing execute_code tool's config schema will be auto-synced (the sandbox type dropdown is removed since it's now always "subprocess").

Docker Deployment

git pull origin main
docker compose down && docker compose up -d --build

Source Deployment

git pull origin main
# Backend
pip install -r backend/requirements.txt  # no changes expected, but safe to run
# Frontend (pre-built dist.zip is included)
cd frontend && unzip -o dist.zip -d dist/
# Restart services

v1.8.0-beta.2

Learn more about the new features at: https://github.com/dataelement/Clawith/releases/tag/v1.8.0-beta

🐛 Bug Fixes

• SSO: Fixed 500 error (UnboundLocalError) when a new user scans to login via Feishu for the first time.
• SSO: Fixed SSO polling endpoint failing to redirect due to a MissingGreenlet exception during async lazy loading.
• SSO: Removed the brief No SSO providers UI flash during SSO callback processing.
• App Context: Fixed cross-session state corruption during Take Control cookie export and injection.
• App Context: Added a leading dot to cookie domains for better subdomain matching.
• Take Control: Relaxed the required agent lock permission from manage to use.

📦 Configuration

• Added PUBLIC_BASE_URL and PASSWORD_RESET_TOKEN_EXPIRE_MINUTES environment variable configurations to docker-compose.yml.

v1.8.0-beta

v1.8.0-beta Release Notes

This beta release brings major new capabilities to Clawith, including a fully redesigned identity system, AgentBay cloud computer visual control, a new email notification system, expanded Feishu integrations, platform-wide analytics, and many UX improvements.

---

What's New

1. AgentBay: Cloud Computer Visual Control

A major leap in agent-computer interaction:

• Live Preview Panel — Watch your agent in real time via a draggable sidebar that streams screenshots of the cloud browser or desktop as the agent operates.
• Vision Injection — Browser and desktop screenshots are captured ephemerally (in-memory only, no disk writes) and injected into the LLM as multimodal input, enabling visual reasoning about on-screen state.
• Take Control / Save Login State — Users can seamlessly take over the agent's remote session with keyboard and mouse for manual steps (e.g., CAPTCHA, QR code scanning). Cookie-based login state can be saved and reused by the agent.

• 16+ New AgentBay Tools — Browser extract, observe, shell commands, OTP-aware keyboard input, browser_login, agentbay_browser_screenshot, and more.
• Windows Cloud Desktop Support — Full Windows OS support for AgentBay cloud computer sessions.

2. Unified Identity System & Multi-Tenant Auth

A complete redesign of the authentication and user management architecture:

• Global Identity (cross-tenant) — A new identities table unifies credentials across organizations. One email/password works across all companies a user belongs to.
• Tenant Switcher Modal — Redesigned company switcher with inline join/create flow.
• Invitation Flow Fix — When an existing user clicks an invitation link, they are now automatically joined to the invited company after logging in.
• SSO Toggle — Per-channel SSO login enable/disable, with auto-detected subdomain and callback URL generation.

3. Platform Email System

• Password recovery via email (full reset flow with branded templates).
• Broadcast notification emails to all platform users.
• In-app SMTP configuration UI under Platform Settings → Email — no .env restart required.
• Test email button and customizable email templates.
• Auto-verify email and activate users when SMTP is not configured.

4. Feishu Integration Expansion

• **Bitable ** — List tables/fields, query/create/update/delete records, create new Bitable apps. Returns clickable links in chat.
• Drive Tools — feishu_drive_share (renamed and enhanced) + new feishu_drive_delete for automated file permission management and cleanup.
• Calendar & Approval — Full integration of Feishu Calendar scheduling and Approval submission tools.
• 403 Permission Guidance — When a Feishu API call fails due to missing permissions, the agent now provides detailed diagnostic guidance inline.

5. Platform Admin Dashboard & Analytics

• Enhanced Metrics — DAU/WAU/MAU, session counts, user retention, channel distribution, tool category breakdowns, and churn warnings.
• Token Usage Leaderboards — Per-agent, per-tenant daily/monthly token spend tracking backed by a new daily_token_usage table.
• Org Admin Email — Platform admins can view and contact organization admin email addresses.

6. LLM Engine & Tool Improvements

• Model Toggle — Enable/disable individual LLM models in Company Settings; disabled models are filtered from dropdowns and the runtime auto-falls back.
• Configurable LLM Request Timeout — New request_timeout setting for local/slow models.
• Anthropic Prompt Cache Optimization — Static and dynamic context are split to maximize cache hit rates; detailed cache metrics are logged.
• Image Generation (Multi-Provider) — generate_image tool now supports SiliconFlow, OpenAI DALL-E, and Google Vertex AI as separate configurable providers.
• Unified Tool Configuration — Secure API key management with Agent→Company priority inheritance and schema-aware decryption.
• ClawHub Integration — search_clawhub and install_skill are now seeded as built-in tools, allowing agents to self-extend from the community marketplace.
• Transliteration Search — Enterprise member search now supports pinyin input for Chinese names.

7. UX & UI Improvements

• Chat shortcut — Enter to send, Shift+Enter for newline.
• Copy Button — One-click copy on all chat messages.
• User Email Update — Users can change their own email address from Account Settings.
• org_admin Promotion/Demotion — With last-admin protection to prevent lockout.
• Collapsible Session List — Sidebars auto-collapse when the Live Preview panel is active.
• Model field — Replaced model dropdown with free-text input in LLM settings for better compatibility.

---

Upgrade Guide

Who this applies to

• Upgrading from v1.7.2 (standard release)
• Upgrading from an intermediate post-v1.7.2 state (same steps, lower risk)

Important Notes Before Upgrading

Always back up your database before upgrading.

1. Database Migrations (12 total)

This release includes 12 Alembic migrations. The most significant is user_refactor_v1, which introduces a global identities table and migrates user credentials from the users table. All migrations are idempotent — if your instance already ran some of them, they will be skipped safely.

2. Invitation Codes Reset

The multi_tenant_registration migration adds tenant_id to invitation codes and clears all legacy codes that lack this field. Existing invitation codes will be invalidated. Regenerate them from Company Settings after upgrading.

3. SMTP Configuration (for post-v1.7.2 intermediate versions only)

If you previously configured SYSTEM_SMTP_* environment variables, these are now ignored. After upgrading, go to Platform Settings → Email and re-enter your SMTP credentials via the UI. Users upgrading from v1.7.2 are unaffected (email was not available in that version).

4. New Optional Environment Variables

# Public URL used in email links and webhook callbacks.
# Recommended for production; auto-detected from request host if not set.
PUBLIC_BASE_URL=https://your-domain.com

# Password reset token lifetime in minutes (default: 30)
PASSWORD_RESET_TOKEN_EXPIRE_MINUTES=30

5. New Python Dependencies

Three new packages are required (automatically installed by Docker build):

• wuying-agentbay-sdk >= 0.18.0
• pypinyin >= 0.52.0
• Pillow >= 10.0.0

---

Option A: Docker Deployment (Recommended)

# 1. Back up your database
docker exec clawith-postgres-1 pg_dump -U clawith clawith > backup_$(date +%Y%m%d).sql

# 2. Pull the latest code
cd <your-clawith-directory>
git pull origin main

# 3. Rebuild and restart all containers
docker compose down
docker compose up -d --build

# 4. Check migration logs
docker logs clawith-backend-1 2>&1 | head -80

Post-upgrade checklist:

• Go to Platform Settings → Email and configure SMTP (if you want password recovery / broadcast emails)
• Regenerate invitation codes in Company Settings (old codes are cleared)
• Optionally set PUBLIC_BASE_URL in your .env

---

Option B: Source Deployment

# 1. Back up your database
pg_dump -U clawith clawith > backup_$(date +%Y%m%d).sql

# 2. Pull the latest code
cd <your-clawith-directory>
git pull origin main

# 3. Update Python dependencies
cd backend && pip install -e ".[dev]"

# 4. Run database migrations
alembic upgrade head

# 5. Build the frontend
cd ../frontend && npm install && npm run build

# 6. Restart your backend service

Post-upgrade checklist: Same as Option A.

---

Rollback

If something goes wrong, restore from your SQL backup:

# Docker deployment
docker compose down
docker exec clawith-postgres-1 psql -U clawith -c "DROP DATABASE clawith; CREATE DATABASE clawith;"
docker exec -i clawith-postgres-1 psql -U clawith clawith < backup_YYYYMMDD.sql
git checkout v1.7.2
docker compose up -d --build

We recommend SQL restore over alembic downgrade, as down migrations have not been fully tested.

v1.7.2

v1.7.2

Highlights

• Discord Gateway (WebSocket) — Connect Discord bots without a public IP. Configure via Channel Settings.
• Clawith Pages — Agents can publish static HTML pages with shareable /p/{short_id} URLs.
• Unified Notification System — Plaza replies, @mentions, broadcasts, and heartbeat-drain notifications with category filtering.
• Baidu (Qianfan) LLM Provider — Add Baidu models alongside OpenAI, Anthropic, and others.
• LLM Temperature Control — Set per-model temperature from the LLM management page.
• OpenClaw Settings Page — Dedicated API key management for OpenClaw integrations.
• Platform Settings Restructure — Companies page reorganized into a tabbed Platform Settings layout.
• Runtime Version Display — /api/version endpoint and sidebar footer showing the running version.

Bug Fixes

• Fix heartbeat/scheduler tool calls failing with empty arguments (empty-args guard ported from chat flow)
• Fix agent-to-agent session duplication and LLM tool confusion
• Harden A2A communication security with tenant isolation and relationship checks
• Fix A2A LLM timeout retries with jitter and error surfacing
• Fix system message always placed first for cross-model compatibility
• Fix streaming state not reset when switching sessions
• Fix trigger resurrection on restart
• Fix non-standard API streaming with JSON buffer
• Fix plaza tenant scoping and @mention navigation
• Fix OpenClaw agent replies not appearing in chat UI
• Fix chat message alignment by participant
• Improve broadcast UI and @mention dropdown (scrollable, increased limit)

Database Migrations

Three new Alembic migrations run automatically on startup:

1. add_published_pages — Creates published_pages table
2. add_notification_agent_id — Adds agent_id, sender_name columns to notifications; makes user_id nullable
3. add_llm_temperature — Adds temperature column to llm_models

All migrations are idempotent (safe to re-run).

New Dependency

• discord.py>=2.3.0 — Required for Discord Gateway mode

Infrastructure

• All Docker services now have restart: unless-stopped
• .dockerignore updated to exclude agent_data/ from build context
• entrypoint.sh removed legacy schedule-to-triggers migration (completed in v1.7.0)
• restart.sh supports external DATABASE_URL

Upgrade Instructions

Important: Users must upgrade one version at a time (e.g., v1.6.0 → v1.7.0 → v1.7.1 → v1.7.2). Skipping versions is not supported.

Option A: Docker Deployment

cd /path/to/Clawith
git pull origin main
docker compose down
docker compose up -d --build

Migrations run automatically via entrypoint.sh. The --build flag is required to install the new discord.py dependency.

Option B: Source Deployment

cd /path/to/Clawith
git pull origin main

# Install new dependency
cd backend
pip install -e .   # or: pip install .

# Run migrations
alembic upgrade head

# Restart backend
# (your restart method here)

No .env changes required.

v1.7.1

Clawith v1.7.1 Release Notes

What's New

ClawHub Skills Marketplace

• Browse and install skills directly from ClawHub (the OpenClaw skill registry)
• Import skills from any GitHub URL
• ClawHub API key configuration for authenticated access to the skill registry
• Tenant-scoped GitHub token configuration for higher API rate limits
• Skill tenant isolation — imported skills are properly scoped to the importing company

Feishu User Identity Architecture Fix

Replaced open_id (per-app, unstable) with user_id (cross-app, stable) as the primary identifier for Feishu users. This fixes:

• Duplicate user records when switching Feishu Apps or using multiple bots
• Cross-app errors when the org sync App differs from the Agent's bot App
• Session fragmentation — chat history now stays unified across App changes

All changes include open_id fallback for environments that haven't enabled user_id permissions yet.

Logging System Overhaul

• Unified logging with loguru and trace ID support for request tracing
• LLM Request ID tracking for debugging model interactions
• Improved error messages throughout the platform

Bug Fixes

• Fixed notification badge cramping for multi-digit counts
• Fixed IME composition conflict with Enter to send
• Fixed emoji-first-character handling in agent avatars
• Fixed agent creation validation error messages
• Fixed sidebar agent sorting (now by created_at descending)
• Fixed ClawHub 429 rate limit handling
• Centered agent avatars in collapsed sidebar
• Prevented ClawHub key save from clearing GitHub token

---

Upgrade Guide

Important: Users must upgrade one version at a time (e.g., v1.6.0 -> v1.7.0 -> v1.7.1). Skipping versions is not supported.

Option A: Docker Deployment (Recommended)

1. Pull the latest code:

   git pull origin main

2. Check environment variables (Optional):

   diff .env .env.example

3. Rebuild and restart services:

   docker compose down
   docker compose up -d --build

   During startup, entrypoint.sh automatically runs alembic upgrade head and data migration scripts. No manual intervention required.

4. Feishu user_id migration (Optional but recommended):

   If you use Feishu org sync, run this one-time migration to backfill user_id and clean up duplicate users:

   docker exec clawith-backend-1 python3 -m app.scripts.cleanup_duplicate_feishu_users

   Prerequisite: Your Feishu org sync App must have the contact:user.employee_id:readonly permission. Add it in the Feishu Open Platform if missing, then re-sync from Company Settings > Org Structure > Sync Now before running the script.

5. Verify: Visit the frontend and confirm the version shows 1.7.1 in the sidebar footer.

---

Option B: Source Deployment

1. Pull the latest code:

   git pull origin main

2. Run database migrations:

   cd backend
   alembic upgrade head

3. Update backend dependencies (new dependency: loguru):

   pip install -e .

4. Restart:

   bash restart.sh

5. Feishu migration (same as Docker step 4 above):

   cd backend
   python3 -m app.scripts.cleanup_duplicate_feishu_users

---

New Dependencies

Component	Dependency	Required
Backend	loguru>=0.7.0	Yes
Platform	GitHub Token (Company Settings > Skills)	Optional (raises GitHub API rate limit)
Platform	ClawHub API Key (Company Settings > Skills)	Optional (for authenticated ClawHub access)

New Database Changes (auto-applied by Alembic)

• New table: tenant_settings (per-tenant key-value configuration)
• New migration: df3da9cf3b27 (adds missing columns from Docker entrypoint to Alembic)