Skip to content

v0.5.2

Choose a tag to compare

@github-actions github-actions released this 08 May 05:50

Upgrade notes

Breaking changes

None.

Upgrade notes

v0.5.2 is a maintenance release: a security fix for admin access to personal agents, the long-standing Ollama local-provider setup bug, and several robustness improvements in Settings → Groups.

Upgrade with the standard flow:

cd /opt/pinchy
sed -i 's/PINCHY_VERSION=v0.5.1/PINCHY_VERSION=v0.5.2/' .env
docker compose pull && docker compose up -d

No database migration, no docker-compose.yml change, and no env-var changes are required.

Security: admin access scope to personal agents

Before v0.5.2, an admin could read or modify another user's personal agent by calling GET/PATCH/DELETE /api/agents/:agentId directly, even though the UI did not expose those agents. The admin fast-path in assertAgentAccess now correctly enforces the personal-agent boundary: personal agents are only accessible to their owner, regardless of role. To share an agent with the team, set its visibility to All users (or use a group), which is unaffected by this change.

No action is required on upgrade. If you relied on this behavior in scripts or integrations, switch them to use a shared agent instead.

Ollama local provider works on fresh installs

Setting up a local Ollama provider in the onboarding wizard or Settings → Providers now works without manual .env edits. Pinchy detects local Ollama base URLs (localhost, 127.0.0.1, host.docker.internal) and rewrites them to a Docker-routable hostname (ollama.local, mapped to the host gateway in docker-compose.yml) so the OpenClaw container can reach the model server on the host. The provider config also uses openai-completions with the /v1 suffix, which is what OpenClaw expects for self-hosted OpenAI-compatible endpoints. Existing deployments that already work are unaffected.

Settings → Groups: inline validation, clearer errors

Group create and edit dialogs now render field-level validation errors inline (matching Pinchy's error-display policy) and surface API failures via toasts instead of leaving the dialog in an ambiguous state. Two-step partial failures — for example, the group is created but the initial member assignment fails — are reported explicitly so you know what to retry.

What's Changed

  • fix(setup): fix Ollama local provider so chats don't fail with 'No API key found' by @clemenshelm in #293
  • fix: groups creation bug, E2E coverage, shared schema infrastructure, security fix by @clemenshelm in #294
  • docs(upgrading): prep v0.5.2 release notes + freeze stale headings by @clemenshelm in #299

Full Changelog: v0.5.1...v0.5.2