@axonflow/openclaw 2.0.7 → 2.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +36 -0
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,41 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [2.0.8] - 2026-05-02 — Drop tarball arg; v0.12.0 only supports folder upload
|
|
4
|
+
|
|
5
|
+
v2.0.7 attempted CLI pin v0.12.0 + tarball arg and got `Error: Path must be a folder` from the publisher — tarball-arg support is a v0.12.1+ feature. The publish-clawhub job failed; v2.0.7 is on npm but never registered on ClawHub.
|
|
6
|
+
|
|
7
|
+
Falling back to the v2.0.4 baseline: CLI v0.12.0 + folder upload (Legacy ZIP). This is the only proven-working combination on ClawHub right now. Re-introduces the "Legacy ZIP" badge on the install page; install path works.
|
|
8
|
+
|
|
9
|
+
### Changed
|
|
10
|
+
|
|
11
|
+
- **`.github/workflows/publish.yml` `publish-clawhub` step uses folder upload** (`clawhub package publish .`). Identical to the v2.0.4 publish step; CLI pin from v2.0.7 retained.
|
|
12
|
+
|
|
13
|
+
### Carried forward (unchanged from v2.0.7)
|
|
14
|
+
|
|
15
|
+
- `clawhub@0.12.0` pin in `Install ClawHub CLI` step
|
|
16
|
+
- `verify-clawhub-install` CI smoke job
|
|
17
|
+
- `@anthropic-ai/sdk` `>=0.91.1` override
|
|
18
|
+
- `permissions: contents: read` on heartbeat-real-stack workflow
|
|
19
|
+
|
|
20
|
+
### Upstream regression and follow-up
|
|
21
|
+
|
|
22
|
+
The underlying issue is in `clawhub` CLI v0.12.1+: published artifacts register as `npm-pack (tgz)` with bytes that don't match the recorded SHA-256, which breaks `openclaw plugins install` regardless of whether you upload a folder or a tarball. We've reproduced the failure across both upload modes on v0.12.1 and confirmed v0.12.0 still works for folder uploads. Once ClawHub addresses the v0.12.1+ regression upstream, we'll revisit the ClawPack tarball publish path and drop the Legacy ZIP badge.
|
|
23
|
+
|
|
24
|
+
### Registry-state asymmetry
|
|
25
|
+
|
|
26
|
+
The release train this afternoon left npm and ClawHub in slightly different states:
|
|
27
|
+
|
|
28
|
+
- **npm** has `2.0.5`, `2.0.6`, `2.0.7`, `2.0.8` (each version's `publish` job succeeded; npm publish is independent of ClawHub publish).
|
|
29
|
+
- **ClawHub** has `2.0.5`, `2.0.6`, `2.0.8` (v2.0.7's `publish-clawhub` job failed mid-workflow with `Error: Path must be a folder`, so v2.0.7 was never registered on ClawHub).
|
|
30
|
+
|
|
31
|
+
For most users on `@latest` this is invisible — both registries point at v2.0.8. Anyone explicitly pinning `clawhub:@axonflow/openclaw@2.0.7` will hit "version not found"; in that case, either pin to `2.0.8` or drop the version pin entirely.
|
|
32
|
+
|
|
33
|
+
### Upgrade
|
|
34
|
+
|
|
35
|
+
`openclaw plugins install @axonflow/openclaw@latest`. If you tried v2.0.5, v2.0.6, or v2.0.7 and hit any install error, retry — v2.0.8 should resolve cleanly.
|
|
36
|
+
|
|
37
|
+
---
|
|
38
|
+
|
|
3
39
|
## [2.0.7] - 2026-05-02 — Pin ClawHub CLI to v0.12.0 + restore ClawPack publish + add ClawHub install smoke
|
|
4
40
|
|
|
5
41
|
v2.0.6 reverted to folder upload to escape v2.0.5's broken-install state but the install was **still broken** with a different error (`ClawHub archive contents do not match files[] metadata for "@axonflow/openclaw@2.0.6": missing "package.json"`). Both broken versions used `clawhub` CLI v0.12.1, which was published 2026-05-02 20:50 UTC — about two hours before our v2.0.5 ship.
|
package/dist/index.d.ts
CHANGED
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
* for async hook support.
|
|
26
26
|
*/
|
|
27
27
|
/** Plugin version — update before each release. */
|
|
28
|
-
export declare const VERSION = "2.0.
|
|
28
|
+
export declare const VERSION = "2.0.8";
|
|
29
29
|
export { AxonFlowClient } from "./axonflow-client.js";
|
|
30
30
|
export type { AxonFlowPluginConfig } from "./config.js";
|
|
31
31
|
export { resolveConfig, shouldGovernTool } from "./config.js";
|
package/dist/index.js
CHANGED
|
@@ -35,7 +35,7 @@ import { bootstrapCommunitySaas } from "./community-saas-bootstrap.js";
|
|
|
35
35
|
import { resetMetrics } from "./metrics.js";
|
|
36
36
|
import { runPluginVersionCheck } from "./plugin-version-check.js";
|
|
37
37
|
/** Plugin version — update before each release. */
|
|
38
|
-
export const VERSION = "2.0.
|
|
38
|
+
export const VERSION = "2.0.8";
|
|
39
39
|
// Re-export for external consumers
|
|
40
40
|
export { AxonFlowClient } from "./axonflow-client.js";
|
|
41
41
|
export { resolveConfig, shouldGovernTool } from "./config.js";
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axonflow/openclaw",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.8",
|
|
4
4
|
"description": "Policy enforcement, approval gates, and audit trails for OpenClaw — govern tool inputs before execution, scan outbound messages for PII/secrets, and record agent activity for review and compliance",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|