HybridClaw v0.14.0

Release Date: April 28, 2026

The operations and trust release — Signal support, confidential-info redaction and audit leak scanning, admin statistics, agent scoreboards, packaged skill lifecycle management, context-window visibility, model spend reporting, deployment tunnel config, and new packaging paths for Nix and Homebrew.

---

Highlights

• Signal as a first-class channel — Added Signal DMs and groups through a signal-cli compatible daemon, including private-by-default allowlists, outbound pacing, reconnect handling, and admin QR linking.
• Confidential-info protection — Added .confidential.yml rules for NDA-class client, project, person, keyword, and regex redaction before model calls, plus hybridclaw audit scan-leaks for retrospective audit-log review.
• Operator analytics in the admin console — Added statistics and agent-scoreboard pages for message/session trends, token and cost rollups, channel breakdowns, skill scores, reliability, timing, and CV links.
• Packaged business skill lifecycle — Added versioned skill manifests, supported-channel enforcement, audited install/upgrade/uninstall flows, revision listings, and rollback snapshots.
• Context and model-spend visibility — Added /context, the web chat context ring, model metadata, pricing discovery, monthly usage rollups, and richer admin Models sorting.
• Deployment and packaging groundwork — Added deployment mode/tunnel config, an ngrok provider backed by encrypted NGROK_AUTHTOKEN, a multi-arch Nix flake, NixOS module, dev shell, and a preview Homebrew formula.

Changed

• Browser chat flow — Reworked chat around session-id driven navigation, richer recent-session snippets, composer agent switching, stable slash-result streams, and shared context-ring data.
• Agent terminology and track records — Standardized agent naming across UI and persistence, added owner/role/CV metadata, and surfaced performance history through the scoreboard.
• Provider discovery and model status — Shifted model status toward runtime-discovered metadata, merged pinned and discovered catalogs, and removed stale static pricing assumptions.
• Approval policy foundations — Generalized policy evaluation, added skill autonomy and stakes-classifier foundations, and tightened validation for invalid policy thresholds and regexes.
• Diagnostics and TUI reporting — Added local model-response debug capture, quieter proactive polling, preserved streamed TUI text, cleaner transient tool lines, and TTFT/tokens-per-second status metrics.

Fixed

• SSRF protection for web fetch — Hardened plain HTTP retrieval before browser escalation.
• Headful browser reliability — Visible browser control now requires a system Chrome executable instead of falling back to unstable headed macOS launches.
• Voice relay continuity — Preserved active Twilio voice turns across relay reconnects.
• Chat streaming and history — Fixed result-only slash streams, tool-call sentinel storage, regenerated reply metadata, context-ring visibility, and /chat.html query preservation.
• Skill lifecycle safety — Validated managed skill snapshots, capped restored file modes, required installed status records, rejected invalid upgrades, and preserved unknown deployment tunnel providers.
• Channel shutdown behavior — Tightened WhatsApp, voice, and Signal shutdown/delivery paths and kept send tools scoped to active transports.

Contributors

Core

• @furukama — release coordination, Signal channel, confidential redaction and leak scanning, skill lifecycle, autonomy/stakes policy, deployment config, model usage metadata, docs, and release packaging.
• @maxnoller — console chat session routing, query-cache reliability, chat history fixes, shared router test utilities, and supporting console cleanup.

All Contributors

@furukama, @maxnoller

---

Full Changelog: v0.13.1...v0.14.0