Skip to content

HybridClaw v0.18.0

Choose a tag to compare

View all tags
@furukama furukama released this 13 May 17:44
· 649 commits to main since this release
v0.18.0
9315860

Release Date: May 13, 2026

The release-readiness and governed integration release — GA4 reporting, Hermes3000 manuscript workflows, HeyGen video-from-script jobs, self-host Firecrawl, per-agent authenticated SearXNG, reviewed skill unblocking, Camofox stealth allowlisting, and clearer HybridAI auth diagnostics.

Highlights

  • Production analytics and writing skills — Added ga4 for read-only Google Analytics 4 Data API reporting and hermes3000-writing for portal-backed long-form writing projects, consistency memory, and DOCX/PDF/EPUB/HTML exports.
  • Script-to-avatar video workflow — Added video.from-script for approved HeyGen avatar videos with planning, guarded render start, status polling, MP4 download, and explicit credit-spend approval gates.
  • Sovereign crawl and search controls — Firecrawl can target managed or self-hosted origins, while SearXNG can be configured per agent with gateway-injected bearer SecretRefs that stay out of model context.

Changed

  • Reviewed skill recovery — Blocked skills are visible in CLI, gateway, and Admin Skills surfaces, and local operators can record a reviewed scanner-bypass marker with skill unblock.
  • Camofox stealth is policy-gated — Stealth browser mode is deny-by-default and must be allowlisted per host through workspace browser.stealth.rules.
  • SecretRef handling is store-first — New secret-bearing configuration uses encrypted store SecretRefs; legacy Browser Use Cloud env refs are migrated to stored refs, and malformed refs fail clearly.
  • Web chat stays readable during live output — Chat scrolling respects pinned reader position and provides a jump-to-latest affordance when new messages arrive below the viewport.
  • Release and auth diagnostics are tighter — Node 22 preflight files guard source checkouts, HybridAI provider diagnostics distinguish auth/config/upstream failures, and trace-judge live CI no longer blocks main pushes on missing live secrets.

Fixed

  • SearXNG bearer handling — Bearer tokens are injected by the gateway HTTP proxy instead of being forwarded through runtime environment variables.
  • Browser credential boundaries — SecretRef-backed browser fills now require resolvable page URLs and calling skill names so host, selector, skill, and agent policy can be evaluated.
  • Console model provider types — The chat model switcher no longer depends on broader gateway provider types outside the console UI contract.

Contributors

Core

  • @furukama — GA4, Hermes3000, video-from-script, Firecrawl self-hosting, SearXNG bearer routing, skill unblock controls, Camofox stealth policy, release documentation, and release packaging
  • @maxnoller — pin-aware web chat scrolling and trace-judge CI resilience

All Contributors

@furukama, @maxnoller

Full Changelog: v0.17.0...v0.18.0

Contributors

furukama and maxnoller
Assets 2
Loading