v0.6.0 — Fan-out Cron, Skill Templates, Command Registry

Three Hermes-inspired capabilities ported to OpenFang's Rust architecture. Each wired end-to-end: backend + API + dashboard + (where applicable) TUI. 51 new tests, zero clippy warnings, zero regressions across 2460+ workspace tests.

Features

Multi-destination cron delivery

Cron jobs fan out results to multiple targets in one declaration:

• Channel — any of the 40 existing channel adapters (Telegram, Slack, Discord, WhatsApp, Matrix, Teams, …)
• Webhook — POST JSON {job, output, timestamp} with optional Authorization header
• LocalFile — path + append/overwrite flag
• Email — with subject template support

Per-target failures log but never abort the job. Edit targets through the Scheduler dashboard page or the new PUT /api/schedules/{id} endpoint.

Skill config injection

Skills are now templates. Declare config vars in SKILL.md frontmatter:

config:
  github_token:
    description: GitHub personal access token
    env: GITHUB_TOKEN
    required: true
  default_branch:
    description: Default branch name
    default: main
    required: false

Resolver order per var: user config.toml → env var → default → error if required missing. Secrets auto-redacted in the rendered skill prompt (*_token, *_key, *_secret, password). Manage through the new Skills page Configure modal, or [skills.<name>] in config.toml.

Unified slash command registry

All 32 slash commands live in one source of truth with categories, aliases, and per-surface filtering (CLI / Channel / Web). Auto-generated help, autocomplete, and the new GET /api/commands endpoint for dashboard consumption. Prevents command drift across CLI, web chat, Telegram, Slack, Discord, and 37 other channels.

API additions

• GET /api/commands?surface=web|cli|channel|all
• GET/POST/PUT /api/schedules now round-trip delivery_targets
• GET /api/schedules/{id}/delivery-log
• GET /api/skills/{id}/config
• PUT /api/skills/{id}/config
• DELETE /api/skills/{id}/config/{var_name}

Improvements

• Atomic config.toml writer (tempfile + rename) prevents corruption on crash
• Kernel skill_config_overrides enables live config updates without restart
• Fixed 4 pre-existing clippy warnings (manual_contains)
• Tauri desktop config bumped so .dmg / .msi filenames now match the release version (no more OpenFang_0.5.9_… on a 0.6.0 release)

Testing

• 51 new tests (cron_delivery 16, commands 18, config_injection 10, API integration 7)
• All 2460+ workspace tests pass
• cargo clippy --workspace --all-targets -- -D warnings — zero warnings
• Live daemon integration verified for each feature

Full diff: v0.5.10...v0.6.0

v0.5.10

Follow-up patch to v0.5.9. Seven real bugs off the tracker.

Security

Auth fail-closed. When no api_key is configured, non-loopback requests are rejected with 401 by default. Loopback still goes through with no config so single user local setups keep the zero-config UX. To run a no-auth server on a LAN address, set OPENFANG_ALLOW_NO_AUTH=1. The startup log now prints loudly which mode the server is in. Closes the B1 and B2 findings on #1034.

Runtime

Agent context.md is re-read on every turn. If a cron job rewrites context.md with fresh market data, trading agents pick it up on the next message instead of waiting for a session restart. Opt back into the old cache-at-start behavior per agent with cache_context = true in the manifest. Closes #843.

Multimodal user messages now combine text and attached image blocks into a single user_with_blocks message. The old path dropped the text when images were attached, so vision models received images with no prompt. Closes #1043.

Scheduler

Schedule tools and HTTP routes now actually fire. schedule_create, schedule_list, schedule_delete, and the matching /api/schedules* endpoints were writing to a shared memory key that no executor read. They now go through the kernel cron scheduler that the tick loop already uses. A one-shot idempotent migration at startup imports legacy entries from the old key, marks the migration done, and never writes to the old key again. Closes #1069.

CLI

openfang config get default_model.base_url prints the configured URL again. The lookup was extracted into a pure function pinned by 8 new unit tests, so a regression on any scalar under [default_model] is caught. Missing keys now return a clear "not found" error instead of an empty line. Closes #905.

openfang hand config <id> is wired up. The docs promised it, the command did not exist. Now supports --get, --set KEY=VALUE (repeatable), --unset KEY, and --list. Empty keys are rejected loudly, settings persist across daemon restarts. Closes #809.

Channels

Optional per-channel agent name prefix on outbound messages. Set prefix_agent_name = "bracket" or "bold_bracket" in a channel override and responses are wrapped with [agent] so multi-agent channels show who replied. Default is off, byte identical to prior output. Idempotent, never double wraps. Closes #980.

Housekeeping

Two issues closed as invalid. #818 and #819 referenced a knowledge-domain API that does not live on main, filed against an unmerged feature branch. The proposed source path validation and stale-timestamp surfacing are still the right shape and should be built into that feature when it lands.

Numbers

7 fixes. 7 PRs merged. 9 issues closed. 17 new unit tests on scheduler alone. All gated by cargo check, cargo test, cargo clippy --all-targets -- -D warnings, and cargo fmt --check on every affected crate.

Full Changelog: v0.5.9...v0.5.10

v0.5.9

The zero-bug release. Every open bug on the tracker has been fixed.

Config persistence finally works

Dashboard changes to agent model, provider, fallback chain, system prompt, and identity settings now write back to agent.toml on disk. Your config survives daemon restarts. This was the single most reported pain point across Discord and GitHub.

Security

PowerShell command bypass closed. When the outer command is a shell wrapper (powershell, cmd, bash), OpenFang now extracts and validates the inner commands against the exec allowlist. powershell -Command "Remove-Item ..." is blocked when Remove-Item is not in allowed_commands.

Dashboard auth upgraded to Argon2id with random salts, replacing the old SHA-256 hash. New openfang auth hash-password CLI command for migration.

Stability

WebSocket 404 race condition fixed. The upgrade handler now retries agent lookup up to 5 times before giving up, handling the spawn-to-register timing gap.

Feishu webhook panic paths eliminated. Poisoned mutex recovery, regex fallback, bounds-checked indexing, and malformed paragraph skip.

rustls CryptoProvider initialized at kernel boot. Fixes TLS panics on Discord, Mattermost, and Feishu WebSocket connections.

Revolt adapter now supports self-hosted instances with configurable ws_url and allowed_channels.

Community contributions

Copilot OAuth device flow by @dmbutko. Full token lifecycle with persistence, refresh rotation, and HTTPS validation.

AWS Bedrock provider by @smitb. Native Converse API with bearer auth and streaming.

Russian localization by @AlexZander85. Complete i18n framework with English and Russian out of the box.

SearXNG search provider by @norci. Self-hosted metasearch with category validation and pagination.

Gemini compatibility improvements by @nldhuyen0047. History ordering fix and array schema injection.

Novita AI provider by @Alex-wuhu. armv7 target by @Myshkouski.

Signal defaults to plain text. New agents use your configured model instead of hardcoded Groq. Cron jobs preserved across Hand reactivation. Intermediate tool text no longer dropped. UTF-8 boundary panics fixed. Alpine SVG rendering errors resolved. Dozens of UI polish fixes from @lc-soft.

Numbers

45 bugs fixed. 86 issues closed. 85 PRs merged. 55 PRs rejected after strict security audit. 8 releases shipped. Zero open bugs remaining.

Full Changelog: v0.5.8...v0.5.9

v0.5.8

Dozens of community contributions merged in this release. Every PR was audited for correctness, security, and code quality before landing.

What's new

GitHub Copilot OAuth rewrite by @dmbutko. Full device flow authentication with token persistence, refresh rotation, and HTTPS validation. Replaces the old PAT-based auth that stopped working.

Russian localization by @AlexZander85. Complete i18n framework with language detection, localStorage persistence, and textContent-only rendering (no innerHTML, no XSS surface). English and Russian ship out of the box.

AWS Bedrock provider by @smitb. Native Converse API driver with bearer token auth, streaming support, and proper error mapping.

WeCom Stream mode by @felix307253927. WebSocket long-connection channel adapter with protobuf framing, heartbeat, and dedup.

Session interaction endpoints by @miguelangarano. Target specific agent sessions for messaging, enabling per-user conversation isolation in multi-tenant setups.

Gemini embedding driver by @chethanuk. Native batch embedding with automatic fallback to single-document mode.

SearXNG improvements by @norci. Simplified config, new list_searxng_categories tool, better error handling.

armv7 target by @Myshkouski. Raspberry Pi and embedded ARM board support in CI releases.

Bug fixes

WebSocket auth (#962). API keys with +/=/ characters now work for streaming. The server URL-decodes the token query parameter before comparison.

Moonshot Kimi K2.5 (#970). Kimi models now route to api.moonshot.cn/v1 instead of the legacy .ai domain.

Nextcloud chat polling (#987). Corrected from api/v4/room/{token}/chat to api/v1/chat/{token}/.

Docker build (#983). Added perl and make to the builder stage for openssl-sys compilation.

Clippy lint (#939). Fixed bool comparison in web_fetch tests.

Gemini compatibility. History now starts with a user turn after context trimming (#1011). Array parameters get default items schema (#1010). Alpine SVG rendering errors in cost charts fixed (#1004).

Cron job preservation (#1019). Jobs no longer silently disappear when a Hand is reactivated.

Signal output (#1020). Defaults to plain text since Signal doesn't render Markdown.

New agent defaults (#968). Agents created from the dashboard now use your configured provider instead of hardcoded Groq.

Intermediate tool text (#989). Text from tool_use iterations is no longer silently dropped.

Copilot OAuth (#1017). Device flow replaces broken PAT auth.

UI fixes. Modal centering (#1027), bar chart styles (#1022), baseUrl undefined (#1006), duplicate message keys (#1002), UTF-8 char boundary safety (#1029), Nix perl build input (#966).

PRs closed

13 duplicate or stale PRs closed. 10 approved PRs waiting on contributor rebases. 2 dependabot bumps (wasmtime, hmac) flagged for testing before merge.

Full Changelog: v0.5.7...v0.5.8

v0.5.7 — Multi-Instance Hands + Critical Fixes

Headline: Multi-Instance Hands

Customer ask (thank you to the Discord community + issue #878): you can now run multiple instances of the same hand type. Just pass an optional instance_name when activating.

Web UI: new "Instance name (optional)" field in the Setup wizard.
CLI: openfang hand activate clip --name clip-youtube
API: POST /api/hands/clip/activate with {"instance_name": "clip-youtube", "config": {}}

Each named instance gets a unique stable agent id derived from hand_instance_{instance_id}. Activating the same (hand_id, instance_name) pair twice is rejected. Unnamed activations keep the legacy one-per-hand behavior.

openfang hand activate clip --name clip-youtube
openfang hand activate clip --name clip-tiktok
# Both running in parallel, each with its own agent

Critical bug fixes

• #919 [SECURITY] rm bypass in Allowlist mode closed. The process_start tool previously skipped validate_command_allowlist, letting LLMs delete files even when rm wasn't in allowed_commands. Both command and args are now validated for metacharacters and allowlist membership. 5 regression tests added.

• #1013 Moonshot session repair. session_repair::validate_and_repair now runs deduplicate_tool_results BEFORE insert_synthetic_results. Fixes Moonshot's non-unique function_name:index tool_call_id format — orphaned ToolUse blocks get synthetic results after dedup.

• #1003 Global [[fallback_providers]] actually used at runtime. resolve_driver now wraps the primary in a FallbackDriver with the full fallback chain at driver-creation time. Network errors (connection refused, timeout) escalate to fallback instead of looping on the dead primary. Two new regression tests.

• #937 Discord gateway heartbeat. Discord adapter now spawns a heartbeat task after HELLO, tracks the sequence number, handles HEARTBEAT_ACK (op 11), detects zombie connections via an ACK gate, and force-closes the socket to reconnect when the server stops ACKing. Credits @hello-world-bfree for PR #938 that flagged the root cause.

• #935 System prompt no longer leaks in Web UI. GET /api/agents/:id/session now filters Role::System messages by default (opt-in debug via ?include_system=true). Defense-in-depth client-side filter in chat.js too. Integration test asserts the system prompt literal does not appear in the default JSON body.

• #984 Custom hands persist across daemon restart. openfang hand install ./path now copies the hand to ~/.openfang/hands/<hand_id>/, and the kernel scans that directory on startup to reload custom hands. New load_workspace_hands method mirrors the load_workspace_skills pattern.

• #884 Version stamp fixed. Workspace version bumped to 0.5.7. CLI openfang --version and API /api/health both correctly report 0.5.7. Previous releases were stamped with the pre-bump 0.5.5.

Cleanup

• rmcp 1.3 builder API adopted for StreamableHttpClientTransportConfig. Cleaner than field-assignment-after-default. Credits @jefflower (PR #986) and @varpress (PR #927).
• Task tracking and live daemon verification integrated into the fix workflow — every fix verified with real HTTP + Groq calls before ship.

Verified end-to-end

Before shipping, each fix was verified against a real daemon running with Groq:

• openfang --version → openfang 0.5.7 ✅
• /api/health → {"status":"ok","version":"0.5.7"} ✅
• Two clip instances (clip-youtube + clip-tiktok) active simultaneously with different agent_ids ✅
• Third activation of clip-tiktok correctly rejected with "Hand already active" ✅
• Groq round-trip say PONG → PONG ✅

Stats

• 22 files changed, 1315 insertions, 154 deletions
• Full workspace test suite (1800+ tests) green
• Five reviewer agents audited all overlapping community PRs before merge

Full Changelog: v0.5.6...v0.5.7

v0.5.6

Critical Fix

• Version sync: Desktop app and workspace version now correctly report v0.5.5+. Users stuck on v0.5.1 should be able to update. Tauri config was hardcoded at 0.1.0 since initial commit.

New Features

• SSRF allowlist: Self-hosted/K8s users can now configure ssrf_allowed_hosts in config.toml to allow agents to reach internal services. Metadata endpoints (169.254.169.254, etc.) remain unconditionally blocked.

  [tools.web_fetch]
  ssrf_allowed_hosts = ["*.olares.com", "10.0.0.0/8"]

• Expanded embedding auto-detection: Now probes 6 API key providers (OpenAI, Groq, Mistral, Together, Fireworks, Cohere) before falling back to local providers (Ollama, vLLM, LM Studio). Clear warning when no embedding provider is available.

Bug Fixes

• Ollama context window: Discovered models now default to 128K context / 16K output (was 32K/4K). Better reflects modern models like Qwen 3.5.

Full Changelog: v0.5.5...v0.5.6

v0.5.5

Bug Fixes

• #771 Qwen/OpenAI-compat tool_calls orphaning after context overflow. Smart drain boundaries + streaming repair.
• #811 LINE webhook signature validation. Raw bytes for HMAC, secret trimming, debug logging.
• #752 Local skill install: TUI parsing fix, hot-reload via /api/skills/reload, ClawHub reload.
• #772 exec_policy mode=full now bypasses approval gate for shell_exec.
• #661 Chat streaming interrupts (closed as resolved by v0.5.3 reactivity fixes).

Full Changelog: v0.5.4...v0.5.5

v0.5.4

Bug Fixes

• #875 Install script now correctly fetches latest release version
• #872 Session endpoint returns full tool results (removed 2000-char truncation)
• #867 agent_send/agent_spawn timeout increased to 600s (was 120s)
• #824 Doctor correctly counts workspace skills that override bundled skills
• #833 Model switching respects explicit provider via find_model_for_provider()
• #766 Closed as resolved by heartbeat fixes

Stats

• All tests passing
• Live tested with daemon

Full Changelog: v0.5.3...v0.5.4

v0.5.3 — 19 Bug Fixes (3 rounds)

What's Changed

This release resolves 19 bugs across runtime, kernel, CLI, Web UI, and hands — all verified with live daemon testing.

Runtime & Drivers

• #834 Remove 3 decommissioned Groq models (gemma2-9b-it, llama-3.2-1b/3b-preview)
• #805 Ollama streaming parser handles both reasoning_content and reasoning fields
• #845 Model fallback chain retries with fallback_models on ModelNotFound (404)
• #785 Gemini streaming SSE parser handles \r\n line endings — fixes infinite empty retry loop
• #774 tool_use.input always normalized to JSON object — fixes Anthropic API "invalid dictionary" errors
• #856 Custom model names preserved — user-defined models take priority over builtins (vLLM, etc.)

Kernel & Heartbeat

• #844 Heartbeat skips idle agents that never received a message — no more crash-recover loops
• #848 Hand continuous interval changed from 60s to 3600s — prevents credit waste
• #851/#808 Global ~/.openfang/skills/ loaded for all agents; workspace skills properly override globals

CLI

• #826 openfang doctor reports all_ok=false when provider key is rejected (401/403)
• #823 doctor --json outputs clean JSON to stdout, tracing to stderr, BrokenPipe handled
• #825 Doctor surfaces blocked workspace skills count in injection scan (no more false "all clean")
• #828 skill install detects Git URLs (https://, git@) and clones before installing

Web Dashboard

• #767 Workflows page scrollable (flex layout fix)
• #802 Model dropdown handles object options — no more [object Object] for Ollama
• #816 Spawn wizard provider dropdown loads dynamically from /api/providers (43 providers)
• #770 Chat streaming renders in real-time (Alpine.js splice reactivity + stale WS guard)

WebSocket & API

• #836 Tool events include id field for concurrent call correlation

Hands

• #820 Browser Hand checks python3 before python — works on modern Linux distros

Stats

• 2,186+ tests passing, zero clippy warnings
• All fixes verified with live daemon testing

Full Changelog: v0.5.1...v0.5.3

v0.5.2 — 12 Bug Fixes

What's Changed

Bug Fixes (12 issues resolved)

Runtime & Drivers

• #834 Remove 3 decommissioned Groq models (gemma2-9b-it, llama-3.2-1b-preview, llama-3.2-3b-preview)
• #805 Ollama streaming parser now handles both reasoning_content and reasoning fields for thinking models (Qwen 3.5, etc.)
• #845 Model fallback chain now retries with configured fallback_models on ModelNotFound (404) instead of panicking

Kernel & Heartbeat

• #844 Heartbeat monitor skips idle agents that never received a message — no more infinite crash-recover loops
• #848 Hand continuous mode interval changed from 60s to 3600s to prevent credit waste on idle polling

CLI (Doctor)

• #826 openfang doctor now reports all_ok=false when a provider key is rejected (401/403)
• #823 openfang doctor --json outputs clean JSON to stdout (tracing goes to stderr), BrokenPipe handled gracefully

Web Dashboard

• #767 Workflows list page is now scrollable (flex layout fix)
• #802 Model dropdown no longer renders [object Object] for Ollama models
• #816 Agent spawn wizard provider dropdown loads dynamically from /api/providers (43 providers, was hardcoded 18)
• #836 WebSocket tool events now include tool call ID for correct concurrent call correlation

Hands

• #820 Browser Hand requirements check now tries python3 before python, fixing detection on modern Linux distros

Stats

• All 829+ tests passing
• Zero clippy warnings
• Live tested with daemon

Full Changelog: v0.5.1...v0.5.2