GoClaw v3.9.2

What's Changed

• Fix/desktop lite edition cmd exec failure by @steelstring in #961
• fix(tools): clean up Windows exec merge leftovers + expand credentialed env by @viettranx in #963
• fix(tts): make ElevenLabs voice picker selectable with portaled dropdown by @dbmizrahi in #960
• feat(ui): a11y + toggle + viewport-close for voice picker by @viettranx in #964
• fix(vault): prevent vault_read id-namespace collision by @nguyennguyenit in #959

New Contributors

• @dbmizrahi made their first contribution in #960

Full Changelog: v3.9.0...v3.9.2

GoClaw v3.9.1

Full Changelog: v3.9.0...v3.9.1

GoClaw v3.9.0

What's Changed

• fix(providers): use DB name for Anthropic/ClaudeCLI in HTTP onboarding by @mrgoonie in #942
• fix(tests): resolve integration test compile errors by @vanducng in #939
• fix(providers): strip Gemma 4 reasoning leak by @badgerbees in #933
• fix(tts): restore per-tenant config compatibility and fail closed on save errors by @shaun0927 in #938
• fix(http): validate tts test-connection api_base with provider SSRF guard by @shaun0927 in #937
• fix(security): close auth bypass + default-permit RBAC (issue #866) by @thieung in #950
• fix(docker): exclude node deps and dist from build context by @thieung in #949
• fix(acp): Gemini ACP protocol fixes and multi-session architecture by @codebit0 in #901
• fix(skills): avoid false invalid ZIP uploads by @raihan0824 in #893

New Contributors

• @shaun0927 made their first contribution in #938
• @codebit0 made their first contribution in #901
• @raihan0824 made their first contribution in #893

Full Changelog: v3.8.5...v3.9.0

GoClaw Lite v3.9.0

What's Changed

• fix(providers): use DB name for Anthropic/ClaudeCLI in HTTP onboarding by @mrgoonie in #942
• fix(tests): resolve integration test compile errors by @vanducng in #939
• fix(providers): strip Gemma 4 reasoning leak by @badgerbees in #933
• fix(tts): restore per-tenant config compatibility and fail closed on save errors by @shaun0927 in #938
• fix(http): validate tts test-connection api_base with provider SSRF guard by @shaun0927 in #937
• fix(security): close auth bypass + default-permit RBAC (issue #866) by @thieung in #950
• fix(docker): exclude node deps and dist from build context by @thieung in #949
• fix(acp): Gemini ACP protocol fixes and multi-session architecture by @codebit0 in #901
• fix(skills): avoid false invalid ZIP uploads by @raihan0824 in #893

New Contributors

• @shaun0927 made their first contribution in #938
• @codebit0 made their first contribution in #901
• @raihan0824 made their first contribution in #893

Full Changelog: v3.8.5...lite-v3.9.0

GoClaw v3.8.5

Full Changelog: v3.8.3...v3.8.5

GoClaw v3.8.3

Full Changelog: v3.8.1...v3.8.3

GoClaw v3.8.1

What's Changed

• fix(mcp): wire per-user MCP tool discovery into agent pipeline by @therichardngai-code in #910
• fix(vault): handle empty delete responses by @badgerbees in #913
• Fix/setting save change failure desktop lite by @steelstring in #897
• feat(teams): inline rename for team name + description (#571) by @mrgoonie in #906
• feat(channels): Pancake comment reply fix + platform select + UI improvements by @nguyennguyenit in #904
• fix(pancake): demote hot-path webhook log + guard commentID before echo by @viettranx in #916
• fix(skills): add missing AS alias for COALESCE in embedding search query by @primadonna-gpters in #896
• feat(pancake): add comment auto-react (like) on Facebook by @nguyennguyenit in #919
• fix(zalo): correct json field mappings by @utafrali in #924
• feat(packages): GitHub Releases binary installer by @mrgoonie in #898
• fix(backup): harden tenant restore preview and lookup handling by @badgerbees in #920
• Release: Hooks System, Audio/TTS Refactor, MCP Security & UI Improvements by @viettranx in #929

New Contributors

• @steelstring made their first contribution in #897
• @primadonna-gpters made their first contribution in #896
• @utafrali made their first contribution in #924

Full Changelog: v3.7.1...v3.8.1

GoClaw v3.8.0

GoClaw v3.8.0

This release introduces the Agent Lifecycle Hooks System — a powerful extensibility framework that lets you intercept, transform, and control agent behavior at every stage of the conversation pipeline.

---

🎯 Highlights

🪝 Agent Lifecycle Hooks System (Major Feature)

A complete hooks framework enabling custom logic injection at critical agent lifecycle points:

Hook Types

Type	Description
Script Handler	JavaScript (ES5.1) sandbox powered by goja with deny-all security model
Prompt Handler	LLM-driven transformation with per-turn token budget
Builtin Hooks	Pre-packaged handlers (PII redactor ships as exemplar)

Architecture

User Input → [pre_input hooks] → Agent Processing → [pre_response hooks] → Response
                    ↓                                        ↓
              Transform/Block                         Transform/Enrich

Key Capabilities

• Fail-closed blocking semantics — hooks can halt execution on policy violations
• Per-tenant budget tracking — token spend monitoring and limits
• Source-tier gating — restrict script execution by subscription tier
• SSRF-safe HTTP client — secure external API calls from scripts
• Auto-migration — legacy command hooks disabled on Standard boot

Full Management UI

• Hook list with status indicators
• Monaco-powered script editor with syntax highlighting
• Execution history viewer with filtering
• Interactive test panel with tool combobox and JSON auto-fill
• Beta explainer modal for new users

---

✨ New Features

Context Pruning Engine

• Faithful port of TypeScript context pruning algorithm
• Intelligent conversation compaction preserving semantic coherence
• Backfill migration for existing conversations
• config.defaults RPC exposing SSoT pruning values

Text-to-Speech / Speech-to-Text

• Consolidated TTS Config UI — unified provider-aware picker components
• Test Connection Endpoint — validate TTS provider credentials before saving
• Hot-reload Support — TTS config changes apply without restart
• Telegram Voice Messages — send audio responses in Telegram chats
• STT Integration — Scribe STT with unified audio.Manager
• Desktop Voice Picker — ported from web with full i18n support

Channels & Integrations

• Pancake Facebook: Comment auto-react (like) functionality
• Pancake: Comment reply fixes + platform selector improvements
• GitHub Releases Installer: Binary package installation from releases

RBAC & Permissions

• Role Propagation: RBAC role flows through dispatch chain
• Admin File Writer Bypass: Admins skip file-writer grant checks
• ActorIDFromContext: Tenant-merge-aware identity resolution
• Acting Sender Preservation: Correct identity across tool chain

UI/UX Improvements

• Persist page size preference across all list pages
• Compact hook overview metadata in inline single-card layout
• Inline rename for team name + description
• Extended cron run history page size to 200
• Hook test panel with tool combobox + JSON auto-fill
• Heartbeat delivery Select full-width + popper positioning

Security Enhancements

• MCP Validation: Request validation + hooks context isolation
• SSRF Protection: Safe HTTP client for hook scripts
• Source-tier Forge Protection: Prevent tier spoofing in hooks

---

🐛 Bug Fixes

Critical

• MCP: Unified grant revocation with per-agent tool group isolation
• Store: Close permission fail-open on synthetic senders in group chats
• Gateway: Override synthetic senders with MetaOriginSenderID

Provider Compatibility

• Gemini: Forward thinking_level via reasoning_effort parameter
• Gemini: Include name on tool role messages (400 error fix)
• Gemini: Disable thinking + raise max_tokens for title generation
• Pipeline: Treat Gemini tool_calls+empty-args as truncation retry

Desktop

• Vite Config: Add path alias for @/ imports (build fix)
• i18n: Desktop TTS namespace + STT form keys

Other

• Skills: Widen ListAccessible + ownership match for actor/user/sender
• Vault: Include shared docs in agent read paths
• Backup: Harden tenant restore preview and lookup handling
• Zalo: Correct JSON field mappings
• Pancake: Demote hot-path webhook log to Debug

---

📝 Documentation

• ACTOR vs SCOPE pattern documentation
• Hooks user guide with example configurations
• Changelog entries for all major changes

---

🙏 New Contributors

• @steelstring made their first contribution
• @primadonna-gpters made their first contribution
• @utafrali made their first contribution

---

Full Changelog: v3.7.1...v3.8.0

Docker Images: ghcr.io/nextlevelbuilder/goclaw:v3.8.0 | digitop/goclaw:v3.8.0

GoClaw Lite v3.8.0

What's Changed

• fix(mcp): wire per-user MCP tool discovery into agent pipeline by @therichardngai-code in #910
• fix(vault): handle empty delete responses by @badgerbees in #913
• Fix/setting save change failure desktop lite by @steelstring in #897
• feat(teams): inline rename for team name + description (#571) by @mrgoonie in #906
• feat(channels): Pancake comment reply fix + platform select + UI improvements by @nguyennguyenit in #904
• fix(pancake): demote hot-path webhook log + guard commentID before echo by @viettranx in #916
• fix(skills): add missing AS alias for COALESCE in embedding search query by @primadonna-gpters in #896
• feat(pancake): add comment auto-react (like) on Facebook by @nguyennguyenit in #919
• fix(zalo): correct json field mappings by @utafrali in #924
• feat(packages): GitHub Releases binary installer by @mrgoonie in #898
• fix(backup): harden tenant restore preview and lookup handling by @badgerbees in #920
• Release: Hooks System, Audio/TTS Refactor, MCP Security & UI Improvements by @viettranx in #929

New Contributors

• @steelstring made their first contribution in #897
• @primadonna-gpters made their first contribution in #896
• @utafrali made their first contribution in #924

Full Changelog: lite-v3.7.1...lite-v3.8.0

GoClaw v3.7.1

Full Changelog: v3.7.0...v3.7.1