v3.6.0 - fine-grained per-user permissions (first 3.x release)
First GitHub release of the 3.x line — the single-host manager grew into a front-facing control plane with real access control. Both VPSes track main and self-update; these tagged releases are for downloaders. Full history: Changelog.
Headlines of 3.x
- Live Control Surface — a per-bot cockpit (
/control?inst=<name>): every module, a world map, vitals, and a command runner, in three themes. - Access control — shareable scoped guest links; named user accounts with roles (view / operate / config / admin) + per-bot scopes and one-time invite links; and fine-grained per-user permissions (which modules they can use/configure, the free-form console, bot start/stop) enforced server-side.
- Public sharing — give the dashboard a public HTTPS address from a menu of providers ABM installs for you: Cloudflare Quick Tunnel (no account), Tailscale Funnel (userspace, no root), ngrok, a named Cloudflare tunnel, or your own reverse proxy.
In v3.6.0
- Fine-grained per-user permissions (Users -> Permissions): per-module use/config, the free-form console, and start/stop/restart — owner-controlled, enforced on the server, applied live. Restricts within a role; admins/owner bypass.
- Fix: bot Start / Stop / Restart buttons (per-bot + "all") had thrown a 500 since v3.4.0 (a shadowed
restart); fixed. Bots themselves were never affected.
Install / upgrade: see the Installation wiki (existing boxes: abm selfupdate). Read Security before exposing the dashboard.