v1.9.2

v1.9.2 — Workspace Governance, Tool UX & Token Cache Accounting

What's New

Enterprise Info & Workspace Governance

• Shared enterprise_info/ workspace area now appears as tenant-level company context for agents and users.
• Agent-side enterprise info is read-only: agents can list and read company context, but cannot create, edit, or delete shared enterprise files.
• Admin-managed enterprise knowledge base: platform and org admins can update enterprise info while regular users and agents are protected from accidental modification.
• Legacy task files no longer appear in new agent workspaces: new agents no longer receive todo.json / tasks.json; existing tasks.json files remain supported as legacy snapshots.
• Workspace file handling polish improves preview/download behavior for shared enterprise files and preserves read-only boundaries.

Agent Management & Permissions

• Company admins can manage company-visible agents even when those agents were created by regular users.
• Private user-only agents remain private to their creator.
• Agent permission APIs now return effective management capability, so the UI can distinguish creator ownership from admin management rights.
• Start, stop, and permission update actions now use effective manager permission instead of creator-only checks.

Tool Management Experience

• Agent and company tool lists now share a cleaner grouped UI with category headers, search, status filters, counts, and bulk toggles.
• Tool categories are easier to scan and can be expanded only when needed, reducing very long tool-list pages.
• Per-tool emoji icons were removed from the main list in favor of calmer category icons and compact labels.
• Update Objective is now a global default tool, so newly created employees have the OKR objective update capability enabled by default.
• Tool loading now avoids exposing disabled or agent-only tools to the LLM fallback path.

Chat & Agent UX

• New and existing chat sessions focus the composer automatically, so users can type immediately after opening a session.
• Existing sessions open at the latest message more reliably.
• Expanded tool chains now keep following the bottom only while appropriate: if the user scrolls up intentionally, new tool updates no longer force the viewport back down.
• Duplicate assistant avatars after a tool-chain block were removed for a cleaner transcript.
• Tool-chain copy was refined from "Ran X agents" to clearer activity language.
• Agent expiry quick-renew buttons now show selected state.
• The dashboard's secondary "New Digital Employee" button was removed; creation remains available from the sidebar entry point.

Token Accounting & Cache Visibility

• Token usage tracking now records input, output, estimated, cache-read, and cache-creation token counters.
• Agent stats expose cache hit information for providers that return cache usage.
• Qwen / Alibaba Bailian compatible calls now support provider-specific prompt cache control while preserving stable prompt prefixes.
• Daily and monthly token reset logic now resets cache counters alongside total token counters.

Prompting, Webpage Generation & Tool Reliability

• Default webpage/rich-document style guidance moved into the system prompt, reducing repeated tool-description text while keeping generated pages visually consistent.
• Agent-facing reply guidelines now discourage emoji-heavy normal replies.
• Web search instructions now refer to currently enabled tools instead of hardcoding unavailable tool names.
• Tool-call execution now blocks disabled tool names and asks the model to retry malformed JSON tool arguments cleanly.
• HTML-to-PDF and HTML-to-PPT conversion descriptions and parameters were expanded for higher-fidelity Chrome-based rendering.
• Restart script now starts backend and frontend as detached daemons, avoiding local dev servers exiting after the restart command completes.

Upgrade Guide

Database migration required. Run alembic upgrade heads before restarting application services.

This release adds or updates schema/data defaults for:

• agent cache token counters
• daily token usage input/output/cache/estimated counters
• default agent TTL changing to permanent (0)
• default daily LLM call limit changing to 1000

Docker Deployment

git pull origin main

# Run database migrations
docker exec clawith-backend-1 alembic upgrade heads

# Rebuild and restart services
docker compose down && docker compose up -d --build

Source Deployment

git pull origin main

# Run database migrations
cd backend && alembic upgrade heads
cd ..

# Rebuild frontend
cd frontend && npm install && npm run build
cd ..

# Restart backend / frontend services

Kubernetes / Helm

helm upgrade clawith helm/clawith/ -f values.yaml
# Run migration job / command: alembic upgrade heads

Notes

• enterprise_info/ is now shared tenant context. Review who has platform or org admin roles, because only admins should update those shared files.
• New agents are permanent by default. If your deployment requires expiring agents, set tenant/user TTL defaults explicitly after migration.
• Token cache counters depend on provider usage payloads. Providers that do not return cache fields will continue to show zero cache usage.
• Existing legacy tasks.json files are preserved, but new agents will not get todo.json or tasks.json automatically.
• If you run from source, use the updated restart.sh or your own process manager to keep frontend/backend processes detached.

---

v1.9.1

v1.9.1 — Talent Market, Per-User Onboarding & Template Automation

What's New

Talent Market & Agent Templates

• Talent Market added to the hiring flow, letting teams browse, compare, and hire curated agents directly from the product UI
• Folder-based template loader for agent templates, making template packaging and rollout more maintainable
• 19 new curated templates across business, engineering, content, and trading scenarios, including:
  • backend architect, chief of staff, code reviewer, content creator, devops automator, frontend developer, growth hacker, rapid prototyper, SEO specialist, TikTok strategist, LinkedIn content creator
  • macro watcher, market intel aggregator, technical analyst, pre-market briefer, watchlist monitor, risk manager, trading journal coach, tilt-bias coach, COT report analyst, earnings/filings analyst
• Trading-focused built-in skills added for market data and financial calendar workflows
• Post-hire settings now supported, so newly hired agents can be configured immediately after creation

Per-User Onboarding & Default Model Experience

• Per-(user, agent) onboarding introduced, so onboarding runs once per user-agent relationship instead of once per agent globally
• Two-turn onboarding ritual added for newly hired or newly contacted agents: a focused introduction followed by an immediate deliverable
• Onboarding backfill logic prevents historical agent-user pairs from being re-onboarded after upgrade
• Tenant default LLM model support added, including backend APIs and frontend selection flows
• Model switcher UI added and refined to better reflect tenant and agent defaults during chat

Template Automation & MCP Provisioning

• Template-defined default MCP servers can now auto-install when an agent is created
• Template default skills merging improved so agent creation preserves template-defined skills alongside platform defaults
• Template bootstrap metadata added, including capability bullets and bootstrap content for richer cards and onboarding prompts

Chat, Workspace & UX Improvements

• Workspace switcher added to agent chat and detail flows for faster context switching
• Clawith-styled modal and toast system replaces native browser dialogs in key frontend flows
• Agent chat and workspace interactions polished for smoother file and panel operations
• Agent creation flow improved with better structure and clearer template-driven setup
• Company logo settings added to the admin/company experience
• Company region picker added to enterprise settings
• Agent detail, layout, enterprise settings, and admin company pages received usability and visual refinements

Localization & Marketplace Readiness

• Locale-aware greeting behavior added for hired agents
• Chinese translations and template localization expanded across Talent Market and onboarding experiences
• Hardcoded English copy removed from key hire/onboarding paths to improve multilingual consistency

Platform & Integration Enhancements

• WeChat channel support completed in the mainline release path
• Webpage tools enhanced for richer browsing and page interaction workflows
• Smithery/MCP tool discovery and invocation made more resilient with live schema override behavior and improved request headers

Optimizations & Fixes

• Onboarding performance optimization: the greeting turn now skips the full tool list, significantly reducing prompt size on first contact
• Onboarding stability fixes: prevents ritual leakage into later sessions and avoids duplicate/late onboarding triggers
• Model picker fixes: better default syncing, improved dropdown positioning, and clipping fixes
• Channel user identity reuse and outbound routing fixed for more reliable cross-channel delivery
• Agent creation fixes: template skills and auto-installed MCP tools now attach more consistently
• Migration graph fixes: release migrations were stabilized and merged to avoid broken multi-head upgrade paths
• UI polish fixes across chat panels, dialogs, agent cards, and company branding

---

v1.9.1 — Upgrade Guide

Database migration required. Run alembic upgrade heads before restarting application services.

This release introduces new schema changes in the v1.9.0..main range, including:

• tenants.default_model_id
• agent_user_onboardings
• agent_templates.capability_bullets
• agent_templates.bootstrap_content
• agent_templates.default_mcp_servers
• release-head merge migration cleanup

Docker Deployment (Recommended)

git pull origin main

# Run database migrations
docker exec clawith-backend-1 alembic upgrade heads

# Rebuild and restart services
docker compose down && docker compose up -d --build

Source Deployment

git pull origin main

# Run database migrations
cd backend && alembic upgrade heads
cd ..

# Rebuild frontend
cd frontend && npm install && npm run build
cd ..

# Restart backend / frontend services

Kubernetes (Helm)

helm upgrade clawith helm/clawith/ -f values.yaml
# Run migration job / command: alembic upgrade heads

Notes

• Existing user-agent pairs are automatically backfilled into agent_user_onboardings, so established conversations should not be re-onboarded after upgrade.
• If your deployment provisions agents from templates, review any template metadata that now uses bootstrap_content, capability_bullets, or default_mcp_servers.
• If you rely on tenant-scoped model management, validate the new default model selection in Company / Enterprise settings after migration.
• New template-driven MCP auto-install flows require a valid Smithery/system MCP configuration in environments that use those templates.

v1.9.0 — OKR Engine, Workspace Collaboration, Multi-Channel Expansion & Security Hardening

What's New in v1.9.0

This is a major release introducing the OKR management system, real-time workspace collaboration, new channel integrations, and critical security hardening.

---

🎯 OKR Management System

A full-featured OKR engine built on top of the multi-agent platform:

• OKR Data Model & API — Complete CRUD for Objectives and Key Results, including a company-level OKR dashboard
• Auto-provisioned OKR Agent — When a tenant enables OKR for the first time, a dedicated OKR Agent is automatically created
• Daily Collection & Reporting — The OKR Agent sends daily progress check-ins to members via A2A, aggregates responses, and generates company-level reports; automatically skips non-business days
• Nudge Members — Proactively reminds members who haven't submitted OKR updates; supports relationship-network-based member filtering
• KR Content Update Tool — Agents can directly call a tool to update KR progress content
• OKR Settings Page — New dedicated OKR tab in Enterprise Settings for toggling, cadence configuration, and report trigger management
• Missing OKR Members Panel — Displays members who haven't filled in OKRs, with source annotations

---

🤝 Agent-to-Agent (A2A) Enhancements

• Three message types — notify, consult, and task_delegate; agents automatically select the appropriate type based on semantics
• Tenant-level async toggle — a2a_async_enabled moved from Agent level to Tenant level; configure once in Enterprise Settings
• A2A session visibility — A2A replies are mirrored to shared sessions; users can view agent-to-agent conversations in the "Other Users" tab
• User-friendly notifications — Task delegation generates readable notification titles, filtering out internal jargon

---

🗂️ Workspace Collaboration

• Rich file preview — Sidebar preview for images, HTML, PDF, Markdown, and more
• Preview lock — Users can lock the current preview to prevent auto-switching when agents write files
• Streaming draft parameters — Real-time streaming display of draft parameters during tool calls
• File deletion confirmation — Confirmation prompt before deleting a previewed file
• Auto-archive generated documents — Agent-generated documents are automatically organized into corresponding folders
• Hover delete button — Workspace file list shows a delete button on hover

---

📡 New Channel Integrations

• WeChat (微信) — New WeChat Work channel integration
• WhatsApp — New WhatsApp channel integration
• Google Workspace — New Google Workspace integration with proxy configuration and UI improvements
• DingTalk rich media — Added support for image, file, audio, and video message types in DingTalk

---

🛠️ New Agent Tools

• Format conversion tools — Built-in tools for Word / Excel / PPT / PDF conversion
• Feishu document search — Agents can search Feishu document libraries via tool call
• Platform message priority routing — Messages from platform users are preferentially sent via send_platform_message

---

💬 Chat & Session Improvements

• Primary Session — Platform users now have a dedicated primary session entry with unread badge support
• Hash routing — Agent detail page supports hash anchor navigation to jump directly to a specific tab

---

🔒 Security Hardening

• 4 critical vulnerabilities patched (#246):
  • Unauthenticated API key generation endpoint
  • LLM API keys stored in plaintext — now AES-256 encrypted
  • Production startup allowed with default JWT secret — now blocked unless DEBUG=true
  • Multi-tenant isolation gaps in permission checks and Plaza API
• Stronger execute_code sandbox — Enhanced bwrap isolation for the code execution tool
• Removed plaintext credential fields — Plaintext website password fields removed from credential storage

---

⚡ Performance

• Session list N+1 query fix (#410) — Replaced 1+2N per-session queries with 3–4 bulk queries regardless of session count
• A2A wake reflection limit — Reflection sessions capped at 2 tool-call rounds to prevent resource waste

---

🐛 Bug Fixes

• Fixed backend startup hang during database bootstrap
• Fixed Feishu WebSocket duplicate connection causing "kicked by new connection" errors
• Fixed Feishu streaming cards, structured errors, and migration robustness (#444)
• Fixed approvals tab crash on non-array responses (#422)
• Fixed missing ensure_identity_provider in registration flow (#469)
• Fixed chat page scroll regression
• Fixed model configuration not taking effect in real time
• Fixed fallback LLM not activating when primary LLM errors
• Added rate-limit protection to DingTalk org sync API
• Fixed tool call message pairs (assistant + tool) being broken apart (#416)
• Fixed malformed JSON arguments in write_file tool calls (#212)
• Fixed user profile update not persisting correctly in PATCH /auth/me (#213)
• Fixed org member identity mapping for sync and SSO (#404)

---

Upgrade Guide

Database migration required. This release includes multiple schema changes. Run alembic upgrade head before starting the new version.

⚠️ Breaking Changes — Read Before Upgrading

1. a2a_async_enabled moved from Agent to Tenant level
The migration script automatically sets the tenant-level flag to FALSE. After upgrading, reconfigure in Enterprise Settings → Company Info → A2A Async if you had this enabled per-agent.

2. send_web_message tool renamed to send_platform_message
Any Agent soul.md files that reference send_web_message must be updated manually. The old name will not be recognized.

3. Plaintext credential fields removed
The website_password and related plaintext fields have been dropped from the agent_credentials table. Back up your credentials before running migrations. After upgrading, re-enter credentials through the UI.

4. JWT secret enforcement in production
If your deployment uses the default SECRET_KEY=change-me, the backend will now refuse to start unless DEBUG=true. Set a strong secret in your .env before upgrading production.

---

Docker Deployment (Recommended)

# 1. Pull latest code
git pull origin main

# 2. Run database migrations (before restarting)
docker exec clawith-backend-1 alembic upgrade head

# 3. Rebuild and restart all services
docker compose down && docker compose up -d --build

Large datasets: The chat message index migration (#411) may take several minutes on tables with millions of rows. Run it during a maintenance window and monitor progress with:

docker exec clawith-backend-1 alembic current

---

Source Deployment

# 1. Pull latest code
git pull origin main

# 2. Install new backend dependencies
cd backend && pip install -e ".[dev]"

# 3. Run database migrations
alembic upgrade head

# 4. Rebuild frontend
cd ../frontend && npm install && npm run build

# 5. Restart backend
# (use your process manager: systemd, supervisor, etc.)

---

Kubernetes (Helm)

# 1. Update chart values if needed (new env vars: see Notes below)
vim values.yaml

# 2. Run migration job before rolling out new pods
kubectl exec -n <namespace> deploy/clawith-backend -- alembic upgrade head

# 3. Roll out new image
helm upgrade clawith helm/clawith/ -f values.yaml

---

Post-Upgrade Checklist

• Verify backend starts without errors (docker logs clawith-backend-1)
• Confirm SECRET_KEY is set to a non-default value in production
• Re-enter any credentials that used plaintext fields (Agent Credentials page)
• Update Agent soul.md files: replace send_web_message → send_platform_message
• If A2A Async was in use: re-enable in Enterprise Settings → Company Info
• New channels (WeChat, WhatsApp, Google Workspace): configure credentials in Enterprise Settings → Channels
• OKR feature is off by default — enable in Enterprise Settings → OKR when ready

---

New Environment Variables

No new required environment variables. Optional additions:

Variable	Default	Description
DEBUG	false	Must be true to allow default JWT secret in dev

---

Notes

• OKR features are disabled by default. Enabling them auto-creates a dedicated OKR Agent for the tenant.
• WeChat, WhatsApp, and Google Workspace channels each require separate credential setup in Enterprise Settings before use.
• The a2a_async_enabled column on the agents table has been removed; the flag now lives on the tenants table.

v1.8.3-beta.2 — A2A Chat History Fixes

Bug Fixes

A2A Chat History Fixes

• A2A session now shows both sides of the conversation: when a target agent is woken via notify or task_delegate, its reply is now mirrored into the shared A2A chat session so the full conversation is visible in the admin Other Users tab
• Removed hardcoded 2-round tool call limit for A2A wake invocations: agents were hitting the limit before completing basic tasks; they now use their own configurable max_tool_rounds setting (default 50)
• Fixed message loading order: sessions with many messages (e.g. long-running A2A threads) were only showing the oldest 500 messages; now correctly loads the most recent 500

---

Full changelog: see RELEASE_NOTES.md

v1.8.3-beta — A2A Async Communication, Image Context & Search Tools

What's New

Agent-to-Agent (A2A) Async Communication — Beta

• Three communication modes for send_message_to_agent:
  • notify — fire-and-forget, one-way announcement
  • task_delegate — delegate work and get results back asynchronously via on_message trigger
  • consult — synchronous question-reply (original behaviour)
• Feature flag: controlled at the tenant level via Company Settings → Company Info → A2A Async toggle (default: OFF)
• When disabled, the msg_type parameter is hidden from the LLM so agents only see synchronous consult mode
• Security: chain depth protection (max 3 hops), regex filtering of internal terms, SQL injection prevention
• Performance: async wake sessions limited to 2 tool rounds

Multimodal Image Context

• Base64 image markers are now persisted to the database at write time
• Chat UI correctly strips [image_data:] markers and renders thumbnails
• Fixed chat page vertical scrolling (flexbox min-height: 0 constraint)
• Removed deprecated /agents/:id/chat route

Search Engine Tools

• New Exa Search tool — AI-powered semantic search with category filtering
• New standalone search engine tools: DuckDuckGo, Tavily, Google, Bing (each as own tool)

UI Improvements

• Drag-and-drop file upload across the application
• Chat sidebar polish: segment control, session items styling
• Agent-to-agent sessions now visible in the admin "Other Users" tab

Bug Fixes

• DingTalk org sync rate limiting to prevent API throttling
• Tool seeder: parameters_schema now correctly included in new tool INSERT
• Unified msg_type enum references across codebase
• Docker access port corrected to 3008

---

Upgrade Guide

Database migration required. Run alembic upgrade heads to add the a2a_async_enabled column.

Docker Deployment (Recommended)

git pull origin main

# Run database migration
docker exec clawith-backend-1 alembic upgrade heads

# Rebuild and restart
docker compose down && docker compose up -d --build

Source Deployment

git pull origin main

# Run database migration
alembic upgrade heads

# Rebuild frontend
cd frontend && npm install && npm run build
cd ..

# Restart services

Kubernetes (Helm)

helm upgrade clawith helm/clawith/ -f values.yaml
# Run migration job for a2a_async_enabled column

Notes

• The A2A Async feature is disabled by default. No behaviour changes until explicitly enabled.
• The a2a_async_enabled column defaults to FALSE, so existing tenants are unaffected.

v1.8.2

v1.8.2 Release Notes

What's New

Security

• Fix account takeover via username collision (#300): Prevents an attacker from creating an account with a username matching an existing SSO user's email, which could lead to unauthorized account access.
• Fix duplicate user creation on repeated SSO logins: Feishu and DingTalk SSO now correctly reuse existing accounts instead of creating duplicate users.

AgentBay — Cloud Computer & Browser Automation

• New: agentbay_file_transfer tool: Transfer files between any two environments — agent workspace, browser sandbox, cloud desktop (computer), or code sandbox — in any direction.
• Fix: Computer Take Control (TC) white screen: TC now connects to the correct environment session (computer vs. browser) based on env_type. Previously, an existing browser session could hijack the computer TC connection.
• Fix: OS-aware desktop paths: The agentbay_file_transfer tool description now automatically reflects the correct paths for the agent's configured OS type:
  • Windows: C:\Users\Administrator\Desktop\
  • Linux: /home/wuying/Desktop/
• Fix: Desktop file refresh: After uploading to the Linux desktop directory, GNOME is notified to refresh icon display.
• Multiple Take Control stability fixes: CDP polling replaced with sleep, multi-tab cleanup, 40s navigate timeout, unhashable type errors.

Feishu (Lark) — CardKit Streaming Cards

• Feishu bot responses now stream as animated typing-effect cards using the CardKit API (#287).
• Fixed SSE stream hang issues and websocket proxy bypass for system proxy conflicts.

WeCom (Enterprise WeChat) Integration

• WeCom features are currently hidden behind a prerequisites notice (pending enterprise approval setup).
• Backend: Full org sync, domain verification endpoint, dual-credential architecture for API access.
• nginx: Added WW_verify_*.txt routing for WeCom domain ownership verification.

DingTalk & Organization Sync

• Fixed DingTalk org sync permissions guide (Contact.User.Read scope).
• Fixed open_id vs employee_id user type handling in Feishu org sync.

Other Bug Fixes

• Fix: SSE stream protection — finish_reason break guard added for OpenAI and Gemini streams to prevent runaway streams.
• Fix: Duplicate tool send_feishu_message — Removed duplicate DB entry; added dedup guard in tool loading to prevent Tool names must be unique LLM errors.
• Fix: JWT token not consumed on reset-password and verify-email routes.
• Fix: NULL username/email for SSO-created users in list_users.
• Fix: Company name slug generation — Added anyascii + pypinyin for universal CJK/Latin transliteration.
• Fix: publish_page URL — Correctly generates try.clawith.ai links on source deployments.
• Fix: Agent template directory — Dynamic default for source deployments.
• Various i18n fixes (TakeControlPanel, WeCom, DingTalk guide).

---

Upgrade Guide

No database migrations required. No new environment variables.

Docker Deployment (Recommended)

git pull origin main
docker compose down && docker compose up -d --build

Important: If your server does not have Node.js/npm, the frontend must be built locally and uploaded, or installed via nvm (see note below).

Source Deployment

git pull origin main

# Install new Python dependency
pip install anyascii>=0.3.2

# Rebuild frontend
cd frontend && npm install && npm run build
cd ..

# Restart services

nginx Update Required

A new routing rule for WeCom domain verification has been added to nginx.conf. If you manage nginx separately (not via Docker), add this block inside your server {} before the WebSocket proxy section:

location ~ ^/WW_verify_[A-Za-z0-9]+\.txt$ {
    proxy_pass http://backend:8000/api/wecom-verify$request_uri;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
}

Kubernetes (Helm)

helm upgrade clawith helm/clawith/ -f values.yaml

No migration job needed.

---

Upgrade Notes — Lessons Learned (from our production upgrade)

The following issues were encountered during the v1.8.1 → v1.8.2 production upgrade and may affect other deployers:

1. Server without npm: dist.zip may be stale in git

Problem: Our production server did not have Node.js/npm installed. The frontend/dist.zip tracked in git can fall behind when frontend changes are made and committed without a corresponding build (e.g., when the build was done on a separate dev server).

Symptoms: After git pull, the dist.zip in the repo may not include the latest frontend changes, causing new features to be invisible in the UI even though the backend is updated.

Solutions:

• Option A (Recommended): Install Node.js on the deployment server via nvm (no root required):

  curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
  source ~/.nvm/nvm.sh
  nvm install 20

  Then build on the server: cd frontend && npm install && npm run build
• Option B: Build locally and upload via SCP:

  # On local machine:
  cd frontend && npm run build && cd dist && zip -r ../dist.zip .
  scp frontend/dist.zip user@server:/path/to/Clawith/frontend/dist.zip

Note: In China-based server environments, downloading from raw.githubusercontent.com may be very slow. If so, use a proxy or mirror.

2. anyascii is a new required Python dependency

Problem: Starting from this release, anyascii>=0.3.2 is required. If upgrading without rebuilding the Docker image (e.g., using docker cp to update only the app directory), this dependency must be installed separately inside the container:

docker exec clawith-backend-1 pip install anyascii>=0.3.2

For standard docker compose up --build upgrades, this is handled automatically.

v1.8.1

v1.8.1 Release Notes

Released: 2026-04-03

This is a stability and polish release built on top of v1.8.0-beta.3, covering security hardening,
Feishu reliability fixes, a redesigned tool-call visualization, new file-management tools, and
a first-class Kubernetes deployment option.

---

Highlights

Redesigned Tool-Call Visualization (AnalysisCard)

The live chat view now shows agent reasoning and tool calls in a unified AnalysisCard that
groups interleaved thinking and tool-call messages into one collapsible block. The card shows:

• A pulse LED while the agent is running, turning green on completion
• The currently-active tool name in collapsed state alongside tool-count badge
• Individual <details> rows per tool for args and result (collapsed by default)
• Italic thinking-content blocks inline for extended reasoning (deepthink) models

New File Management Tools

Three new built-in tools are available to all agents:

• edit_file — targeted line-range edits without rewriting the entire file
• search_files — substring or regex search across a workspace
• find_files — glob-pattern file lookup
• read_file now supports offset / limit for reading large files in pages

Kubernetes Deployment (Helm Chart)

A production-ready Helm chart is now included at helm/clawith/. Deploy Clawith on any
Kubernetes cluster in one command:

helm upgrade --install clawith helm/clawith/ -f values.yaml

Security Fixes

• Cross-tenant data leak — org member and department search was returning results across
  tenant boundaries. Now strictly scoped to the requesting tenant. (#security)
• Platform admin token scope — platform_admin role was not pinned to tenant_id in the
  JWT, allowing cross-tenant privilege escalation. Fixed.
• Duplicate OrgMember shell — channel users could create duplicate OrgMember rows on
  reconnect. A uniqueness guard has been added.

Feishu Integration Reliability

• feishu_doc_append intermittent failures — Markdown --- dividers were converted to
  block_type: 22 which the Feishu batch-children API rejects. They now render as a text
  separator line (────────────────────────), always accepted.
• index: -1 removed from the children API call — Feishu defaults to append-at-end when
  index is omitted, avoiding 1770001 invalid param errors.
• Stale websocket_chat import — feishu_doc_create was trying to import
  channel_feishu_sender_open_id from a deleted module, generating a visible warning. Fixed.
• Feishu streaming card stalls — ordered patch queue now correctly processes streaming
  updates for Feishu cards without stalling.
• Tool status stuck on "running" — Feishu-channel tool status now correctly transitions
  from running → done after tool completion.
• Added wiki:wiki permission to the recommended Full permission set in channel config.

Admin Chat UI

• Read-only session viewer — Admins viewing other users' sessions see a clear "Read-only ·
  username" badge at top-left (fixed overlay, never scrolls away).
• Card border — the entire chat area is now enclosed in a 12px-radius bordered card for
  visual clarity.
• Optimistic relationship deletion — relationship rows fade out immediately on delete (no wait).

Cross-Domain Tenant Switch

The ?token= query param is now consumed on app bootstrap, so users switching between tenant
instances via a generated link land directly in the correct tenant without requiring a page reload.

i18n Improvements

• All emoji removed from en.json and zh.json translation keys (project policy).
• Hardcoded "Copy", "Upload", and several status strings now properly use t().
• New i18n key agent.chat.analysing for the AnalysisCard header.
• Credential-related UI strings in zh.json completed.

---

Upgrade Guide

No breaking changes. No database migrations required.

Option A — Docker Compose

cd <clawith-dir>
git pull origin main
docker compose down && docker compose up -d --build

Or the rolling update (no downtime):

git pull origin main

# Frontend
cd frontend && npm install && npm run build
cp public/logo.png dist/ && cp public/logo.svg dist/
cd dist && zip -r ../dist.zip . && cd ../..
docker cp frontend/dist.zip clawith-frontend-1:/usr/share/nginx/html/dist.zip
docker exec clawith-frontend-1 sh -c "cd /usr/share/nginx/html && unzip -o dist.zip"
docker compose restart frontend

# Backend
docker cp backend/app clawith-backend-1:/app/
docker exec clawith-backend-1 find /app -name "__pycache__" -exec rm -rf {} + 2>/dev/null
docker compose restart backend

Option B — Source Deployment

git pull origin main
cd frontend && npm install && npm run build
cd ..
# Restart backend process (e.g. supervisorctl restart clawith-backend)

Option C — Kubernetes (Helm)

helm upgrade clawith helm/clawith/ -f values.yaml

No Alembic migration is required for this release.

---

Full Changelog

See all commits since v1.8.0-beta.3:
v1.8.0-beta.3...v1.8.1

v1.8.0-beta.3

v1.8.0-beta.3

What's Changed

New Features

• Split Code Executor into Local and E2B Cloud tools — The single "Code Executor" tool has been separated into two independent tools. The local tool shows CPU/memory/network config; the E2B Cloud tool only requires an API key. E2B errors are now surfaced explicitly instead of silently falling back to local execution.
• MCP Server credential management — New "Edit Server" UI and PUT /tools/mcp-server API endpoint for bulk-updating MCP server URLs and API keys across all tools sharing the same server.
• Feishu Wiki document creation — feishu_doc_create now supports creating documents directly inside Wiki knowledge bases, with automatic detection of Wiki node tokens.
• Feishu permission JSON UI redesign — Two-tier segmented control (Basic / Full) with i18n support for Feishu app permission configuration.
• Live Preview auto-sizing — AgentBay Live Preview panel now auto-sizes to 50% of the chat container width.

Bug Fixes

• Plaintext SMTP relay support — STARTTLS is now auto-negotiated based on server ESMTP capabilities instead of being forced on port 25/587. AUTH is skipped for unauthenticated IP-whitelisted internal relays. Password is no longer a required field in email configuration.
• Unified context window size — Introduced DEFAULT_CONTEXT_WINDOW_SIZE = 100 constant and unified all 9 communication channels (WebSocket, Feishu, Discord, WeCom, DingTalk, Teams, Slack) to use consistent fallback values.
• LLM stream retry — Added httpx.RemoteProtocolError to the stream retry logic to handle upstream connection resets.
• Tool config double-encryption — Fixed a bug where already-encrypted sensitive config fields were encrypted again on save.
• Loguru format collision — Replaced logger.error(..., exc_info=True) with logger.exception(...) across all channel handlers to prevent crashes when error messages contain special characters.
• WeCom message handler — Fixed NameError (agent vs agent_obj) and migrated user creation to channel_user_service to avoid AssociationProxy errors.
• Duplicate tool definition — Removed send_channel_message from _ALWAYS_INCLUDE_CORE to prevent "Tool names must be unique" LLM errors.
• AgentBay connection test — Fixed test image name (linux_latest) and api_key lookup in global tool config fallback.
• FastAPI route ordering — Reordered /tools/mcp-server/bulk before /tools/{tool_id} to prevent 422 validation errors on older FastAPI versions.
• Other fixes — LLM model temperature persistence, org_admin access to GitHub/ClawHub tokens, MCP tool import tenant scoping.

UI / i18n

• Context Window Size terminology — Corrected misleading "Max Rounds" / "Context Rounds" labels to industry-standard "Context Window Size" with accurate descriptions.
• MCP Server group header — Displays hostname instead of full URL for cleaner display.

Upgrade Notes

This is a drop-in upgrade from v1.8.0-beta.2. No breaking changes.

• No database migrations required
• No new dependencies
• No environment variable changes
• The new execute_code_e2b tool will be automatically created by the tool seeder on startup. It is not a default tool — agents will not have it unless explicitly added.
• The existing execute_code tool's config schema will be auto-synced (the sandbox type dropdown is removed since it's now always "subprocess").

Docker Deployment

git pull origin main
docker compose down && docker compose up -d --build

Source Deployment

git pull origin main
# Backend
pip install -r backend/requirements.txt  # no changes expected, but safe to run
# Frontend (pre-built dist.zip is included)
cd frontend && unzip -o dist.zip -d dist/
# Restart services

v1.8.0-beta.2

Learn more about the new features at: https://github.com/dataelement/Clawith/releases/tag/v1.8.0-beta

🐛 Bug Fixes

• SSO: Fixed 500 error (UnboundLocalError) when a new user scans to login via Feishu for the first time.
• SSO: Fixed SSO polling endpoint failing to redirect due to a MissingGreenlet exception during async lazy loading.
• SSO: Removed the brief No SSO providers UI flash during SSO callback processing.
• App Context: Fixed cross-session state corruption during Take Control cookie export and injection.
• App Context: Added a leading dot to cookie domains for better subdomain matching.
• Take Control: Relaxed the required agent lock permission from manage to use.

📦 Configuration

• Added PUBLIC_BASE_URL and PASSWORD_RESET_TOKEN_EXPIRE_MINUTES environment variable configurations to docker-compose.yml.

v1.8.0-beta

v1.8.0-beta Release Notes

This beta release brings major new capabilities to Clawith, including a fully redesigned identity system, AgentBay cloud computer visual control, a new email notification system, expanded Feishu integrations, platform-wide analytics, and many UX improvements.

---

What's New

1. AgentBay: Cloud Computer Visual Control

A major leap in agent-computer interaction:

• Live Preview Panel — Watch your agent in real time via a draggable sidebar that streams screenshots of the cloud browser or desktop as the agent operates.
• Vision Injection — Browser and desktop screenshots are captured ephemerally (in-memory only, no disk writes) and injected into the LLM as multimodal input, enabling visual reasoning about on-screen state.
• Take Control / Save Login State — Users can seamlessly take over the agent's remote session with keyboard and mouse for manual steps (e.g., CAPTCHA, QR code scanning). Cookie-based login state can be saved and reused by the agent.

• 16+ New AgentBay Tools — Browser extract, observe, shell commands, OTP-aware keyboard input, browser_login, agentbay_browser_screenshot, and more.
• Windows Cloud Desktop Support — Full Windows OS support for AgentBay cloud computer sessions.

2. Unified Identity System & Multi-Tenant Auth

A complete redesign of the authentication and user management architecture:

• Global Identity (cross-tenant) — A new identities table unifies credentials across organizations. One email/password works across all companies a user belongs to.
• Tenant Switcher Modal — Redesigned company switcher with inline join/create flow.
• Invitation Flow Fix — When an existing user clicks an invitation link, they are now automatically joined to the invited company after logging in.
• SSO Toggle — Per-channel SSO login enable/disable, with auto-detected subdomain and callback URL generation.

3. Platform Email System

• Password recovery via email (full reset flow with branded templates).
• Broadcast notification emails to all platform users.
• In-app SMTP configuration UI under Platform Settings → Email — no .env restart required.
• Test email button and customizable email templates.
• Auto-verify email and activate users when SMTP is not configured.

4. Feishu Integration Expansion

• **Bitable ** — List tables/fields, query/create/update/delete records, create new Bitable apps. Returns clickable links in chat.
• Drive Tools — feishu_drive_share (renamed and enhanced) + new feishu_drive_delete for automated file permission management and cleanup.
• Calendar & Approval — Full integration of Feishu Calendar scheduling and Approval submission tools.
• 403 Permission Guidance — When a Feishu API call fails due to missing permissions, the agent now provides detailed diagnostic guidance inline.

5. Platform Admin Dashboard & Analytics

• Enhanced Metrics — DAU/WAU/MAU, session counts, user retention, channel distribution, tool category breakdowns, and churn warnings.
• Token Usage Leaderboards — Per-agent, per-tenant daily/monthly token spend tracking backed by a new daily_token_usage table.
• Org Admin Email — Platform admins can view and contact organization admin email addresses.

6. LLM Engine & Tool Improvements

• Model Toggle — Enable/disable individual LLM models in Company Settings; disabled models are filtered from dropdowns and the runtime auto-falls back.
• Configurable LLM Request Timeout — New request_timeout setting for local/slow models.
• Anthropic Prompt Cache Optimization — Static and dynamic context are split to maximize cache hit rates; detailed cache metrics are logged.
• Image Generation (Multi-Provider) — generate_image tool now supports SiliconFlow, OpenAI DALL-E, and Google Vertex AI as separate configurable providers.
• Unified Tool Configuration — Secure API key management with Agent→Company priority inheritance and schema-aware decryption.
• ClawHub Integration — search_clawhub and install_skill are now seeded as built-in tools, allowing agents to self-extend from the community marketplace.
• Transliteration Search — Enterprise member search now supports pinyin input for Chinese names.

7. UX & UI Improvements

• Chat shortcut — Enter to send, Shift+Enter for newline.
• Copy Button — One-click copy on all chat messages.
• User Email Update — Users can change their own email address from Account Settings.
• org_admin Promotion/Demotion — With last-admin protection to prevent lockout.
• Collapsible Session List — Sidebars auto-collapse when the Live Preview panel is active.
• Model field — Replaced model dropdown with free-text input in LLM settings for better compatibility.

---

Upgrade Guide

Who this applies to

• Upgrading from v1.7.2 (standard release)
• Upgrading from an intermediate post-v1.7.2 state (same steps, lower risk)

Important Notes Before Upgrading

Always back up your database before upgrading.

1. Database Migrations (12 total)

This release includes 12 Alembic migrations. The most significant is user_refactor_v1, which introduces a global identities table and migrates user credentials from the users table. All migrations are idempotent — if your instance already ran some of them, they will be skipped safely.

2. Invitation Codes Reset

The multi_tenant_registration migration adds tenant_id to invitation codes and clears all legacy codes that lack this field. Existing invitation codes will be invalidated. Regenerate them from Company Settings after upgrading.

3. SMTP Configuration (for post-v1.7.2 intermediate versions only)

If you previously configured SYSTEM_SMTP_* environment variables, these are now ignored. After upgrading, go to Platform Settings → Email and re-enter your SMTP credentials via the UI. Users upgrading from v1.7.2 are unaffected (email was not available in that version).

4. New Optional Environment Variables

# Public URL used in email links and webhook callbacks.
# Recommended for production; auto-detected from request host if not set.
PUBLIC_BASE_URL=https://your-domain.com

# Password reset token lifetime in minutes (default: 30)
PASSWORD_RESET_TOKEN_EXPIRE_MINUTES=30

5. New Python Dependencies

Three new packages are required (automatically installed by Docker build):

• wuying-agentbay-sdk >= 0.18.0
• pypinyin >= 0.52.0
• Pillow >= 10.0.0

---

Option A: Docker Deployment (Recommended)

# 1. Back up your database
docker exec clawith-postgres-1 pg_dump -U clawith clawith > backup_$(date +%Y%m%d).sql

# 2. Pull the latest code
cd <your-clawith-directory>
git pull origin main

# 3. Rebuild and restart all containers
docker compose down
docker compose up -d --build

# 4. Check migration logs
docker logs clawith-backend-1 2>&1 | head -80

Post-upgrade checklist:

• Go to Platform Settings → Email and configure SMTP (if you want password recovery / broadcast emails)
• Regenerate invitation codes in Company Settings (old codes are cleared)
• Optionally set PUBLIC_BASE_URL in your .env

---

Option B: Source Deployment

# 1. Back up your database
pg_dump -U clawith clawith > backup_$(date +%Y%m%d).sql

# 2. Pull the latest code
cd <your-clawith-directory>
git pull origin main

# 3. Update Python dependencies
cd backend && pip install -e ".[dev]"

# 4. Run database migrations
alembic upgrade head

# 5. Build the frontend
cd ../frontend && npm install && npm run build

# 6. Restart your backend service

Post-upgrade checklist: Same as Option A.

---

Rollback

If something goes wrong, restore from your SQL backup:

# Docker deployment
docker compose down
docker exec clawith-postgres-1 psql -U clawith -c "DROP DATABASE clawith; CREATE DATABASE clawith;"
docker exec -i clawith-postgres-1 psql -U clawith clawith < backup_YYYYMMDD.sql
git checkout v1.7.2
docker compose up -d --build

We recommend SQL restore over alembic downgrade, as down migrations have not been fully tested.