Skip to content

HybridClaw v0.16.0

Choose a tag to compare

View all tags
@furukama furukama released this 07 May 21:35
· 719 commits to main since this release
v0.16.0
82c90cf

Release Date: May 7, 2026

The federation, desktop, and operational-control release: a macOS wrapper, Browser Use Cloud and local browser profiles, A2A delivery over Agent Card JSON-RPC and signed webhooks, Cloudflare Tunnel support, direct Google OAuth secret routes, invoice harvesting, warehouse SQL, and a cleaner approval/middleware substrate.

Highlights

  • macOS desktop wrapper — Source builds can launch a native Electron shell around the local chat UI with gateway reuse/startup, admin menu access, packaged runtime preparation, and DMG build scripts.
  • Browser automation substrate — Browser automation can run through local persistent Playwright profiles or Browser Use Cloud CDP sessions, with encrypted BROWSER_USE_API_KEY lookup, audit/usage events, profile guards, and hybridclaw doctor browser-use diagnostics.
  • A2A federation transport — Agent-to-agent envelopes now support JSON-RPC Agent Card peers and signed webhook peers with a retrying audited outbox, inbound HMAC verification, replay protection, per-peer limits, canonical identity allocation, and DNS-style identity discovery.
  • Cloud and credential routing — Local deployments can use the Cloudflare Tunnel provider, while hybridclaw secret route and /secret route can inject stored secrets or short-lived Google OAuth tokens into direct http_request calls.
  • Business workflow skills — Added download-platform-invoices for monthly SaaS invoice PDFs and DATEV handoff flows, plus warehouse-sql for reviewed read-only natural-language SQL over cached warehouse schemas.

Changed

  • Approval and middleware substrate — Container approval evaluation now runs through a hook-fed, policy-orderable rule pipeline, and classifier middleware gives plugins and skills a shared pre-send/post-receive decision surface.
  • Provider fallback and discoveryHYBRIDAI_FALLBACK_CHAIN can route auth and rate-limit failures to alternate providers with primary cooldowns, while provider discovery errors and OpenRouter fallback hints are less noisy.
  • Web chat and TUI flow — Recent-session history has clearer titles/snippets, active-agent switching is more stable across resumed sessions, tool activity rendering is calmer, and Esc stops the active TUI run.
  • Secret-bearing tool calls — Gateway-side secret injection resolves non-LLM credentials and Google OAuth tokens at request time instead of exposing long-lived credentials to agent context.
  • Release automation — Release workflows validate promoted image tags, pin newer checkout/setup actions, tolerate build-cache export failures, and enforce the Node engine during npm installs.

Fixed

  • Gateway transport timeout resilience — Host/container transport timeouts fail the affected run locally without taking down the gateway for subsequent work.
  • Google Ads invoice harvesting — Invoice discovery and PDF downloads use the correct InvoiceService and GoogleAdsService paths, including accessible-customer, manager-client, and billing-setup discovery.
  • TUI activity and stop behavior — Repeated/stacked tool rows no longer produce noisy duplicate output, and pressing Esc reliably stops the in-flight session run.
  • OpenRouter fallback hints — HybridAI-prefixed model hints are stripped before OpenRouter fallback resolution.
  • IMAP polling failures — Email transport timeouts stay contained to the IMAP connection path instead of leaking into broader gateway state.

Contributors

Core

  • @furukama — desktop app, A2A/webhook transport work, browser provider substrate, approval and middleware pipeline, business skills, credential routing, release hardening, documentation, and reliability fixes

All Contributors

@furukama, Max, Stephan Noller

Full Changelog: v0.15.0...v0.16.0

Contributors

furukama
Assets 2
Loading