Skip to content

Releases: cmblir/lazyclaw

v4.3.0 — self-improving skills, mobile control, device gateway

02 Jun 00:34
@cmblir cmblir
v4.3.0
1ba0565

Choose a tag to compare

View all tags
v4.3.0 — self-improving skills, mobile control, device gateway Latest
Latest

What's Changed

lazyclaw 4.3.0 adds Hermes-style self-improving skills and OpenClaw-style mobile control on top of the multi-provider CLI.

✨ Added

  • Self-improving skillsagent skill-synth distils a finished task into a reusable SKILL.md (When to Use / Procedure / Pitfalls / Verification). A compact skills index is injected into agent prompts and the new read-only skill_view tool loads a full skill on demand (progressive disclosure). skills curate / skills classify age agent-authored skills active → stale (30d) → archived (90d). New per-agent skillWrite knob (default manual).
  • Mobile controltelegram listen and matrix listen inbound bridges (long-poll, zero-install, no SDK), a channel-agnostic POST /inbound relay for any other platform, and an Ed25519 device gateway on the daemon (challenge → manual approve → rotated bearer token) over HTTP + SSE: nodes pending | approve | revoke | devices.
  • Remote exec-approval — sensitive tool calls (bash/write) can be gated on a human decision pushed to a paired device over the gateway SSE stream (task tick --approve-url, POST /exec/requestPOST /gateway/exec/resolve).
  • Workspace HEARTBEAT.md for proactive routines.

🔧 Changed

  • skill_view joins the default agent tool whitelist, so new agents recall skills out of the box.
  • Reflection and skill synthesis now share one provider-adapter resolver and a shared secret-redaction module; redaction was broadened to GitHub PATs, Google API keys, JWTs, case-insensitive *key/token/secret/password assignments, and URL-embedded credentials.

🔒 Security

  • Device tokens are stored owner-only (0600), compared in constant time, and rotated on re-approval; challenge nonces are single-use with bounded, self-healing registries; pairing-request and SSE tables are capped; transcript role-label injection and prompt-injection-to-persistence vectors are closed; auto-synthesised skills never overwrite human-authored ones. Hardened across multiple adversarial-review passes.

📝 Notes

  • The device gateway runs over HTTP + SSE (no ws dependency). Expose the daemon remotely only behind a tunnel (Tailscale / Cloudflare) + TLS + --auth-token.
  • SDK-backed channels (Discord DMs, WhatsApp, Signal, Email) are not bundled — relay them through /inbound, or add them later behind an explicit dependency review on the channels/base.mjs contract.

Full Changelog: 5065304...v4.3.0

Assets 2
Loading