@hybridaione/hybridclaw 0.1.12 → 0.1.17

package/CHANGELOG.md

@@ -8,6 +8,80 @@
 
 ### Fixed
 
+## [0.1.17](https://github.com/HybridAIOne/hybridclaw/tree/v0.1.17)
+
+### Added
+
+- **Push-based delegation tool**: Added `delegate` side-effect orchestration so subagent tasks auto-announce on completion without parent polling.
+- **Delegation runtime manager**: Added queue-backed delegation execution with configurable concurrency, depth, and per-turn limits.
+- **Proactive active-hours policy**: Added configurable active-hours gating and optional off-hours queueing for proactive outbound messages.
+- **Container extension hooks**: Added runtime lifecycle hook points around model/tool execution with a built-in proactive security hook.
+- **Multi-mode delegation interface**: Added `delegate` modes for `single`, `parallel`, and `chain` (with `{previous}` step interpolation), plus per-task and per-run model overrides.
+- **Delegation result metadata**: Added structured delegated completion transcripts with per-task status, duration, attempts, model, and tool usage, alongside concise user-facing summaries.
+- **Automatic stale container rebuild detection**: Added startup fingerprint checks for container sources so `gateway`/`tui` can rebuild the runtime image automatically when stale.
+
+### Changed
+
+- **Prompt hook pipeline**: Added `proactivity` hook to explicitly guide autonomous memory capture, session recall, and delegation strategy.
+- **Container resilience**: HybridAI requests now use bounded exponential retry for transient API/network failures.
+- **Gateway status output**: `status` now reports live delegation queue activity.
+- **LLM delegation guidance**: Parent system prompt now includes a full subagent delegation playbook (when to delegate, when not to, anti-patterns, context checklist, and decomposition heuristics).
+- **Subagent prompt contract**: Delegated child sessions now receive explicit role/identity constraints and a required structured final output format (`Completed`, `Files Touched`, `Key Findings`, `Issues / Limits`).
+- **Depth-aware delegation capability**: Non-leaf delegated sessions can orchestrate further delegation within max depth; leaf delegates are explicitly restricted.
+- **Container startup policy**: Container readiness now defaults to `if-stale` rebuild behavior and supports env override via `HYBRIDCLAW_CONTAINER_REBUILD=if-stale|always|never`.
+
+### Fixed
+
+- **Delegation turn-budget accounting**: Depth-rejected delegations no longer consume per-turn delegation budget, preventing false limit exhaustion.
+
+## [0.1.16](https://github.com/HybridAIOne/hybridclaw/tree/v0.1.16)
+
+### Added
+
+- **Built-in browser toolset**: Added `browser_navigate`, `browser_snapshot`, `browser_click`, `browser_type`, `browser_press`, `browser_scroll`, `browser_back`, `browser_screenshot`, `browser_pdf`, and `browser_close` in the container runtime.
+- **Browser runtime module**: Added a dedicated browser tooling layer with per-session socket isolation and normalized JSON responses for tool calls.
+
+### Changed
+
+- **Preinstalled browser stack in container image**: Container build now includes `agent-browser`, `playwright`, and preinstalled Chromium/headless-shell binaries for immediate browser tool availability.
+- **Browser runtime hardening**: Browser subprocesses now use workspace-backed runtime/cache paths and explicit Playwright browser path wiring to avoid permission/cache issues across UID modes.
+- **Docs updates**: Updated README and website docs tool catalog to include browser automation capabilities and preinstall behavior.
+
+### Fixed
+
+- **Browser tool startup failures**: Resolved `npm ENOENT/EACCES` and Playwright executable-missing errors observed during runtime tool execution in persistent containers.
+
+## [0.1.15](https://github.com/HybridAIOne/hybridclaw/tree/v0.1.15)
+
+### Added
+
+### Changed
+
+### Fixed
+
+- **Program creation workflow enforcement**: Implementation requests now enforce file-first behavior (write/edit on disk before response), disallow shell-based file authoring shortcuts (`heredoc`, `echo` redirects, `sed`, `awk`), and require explicit run/offer-run behavior after file changes.
+
+## [0.1.14](https://github.com/HybridAIOne/hybridclaw/tree/v0.1.14)
+
+### Added
+
+### Changed
+
+### Fixed
+
+- **Website build timeout regression**: Increased default container request timeout from `60s` to `300s` and upgraded `bash` tool execution timeouts (configurable per call) so longer build/test commands return actionable errors instead of premature timeout failures.
+
+## [0.1.13](https://github.com/HybridAIOne/hybridclaw/tree/v0.1.13)
+
+### Added
+
+### Changed
+
+- **Release/version sync**: Bumped package and container versions to `0.1.13` after `0.1.12` npm publication.
+- **Docs alignment**: Kept README/changelog aligned with the `config.json` runtime + `.env` secrets model.
+
+### Fixed
+
 ## [0.1.12](https://github.com/HybridAIOne/hybridclaw/tree/v0.1.12)
 
 ### Added

package/README.md

@@ -24,7 +24,7 @@ hybridclaw onboarding
 
 - **Gateway service** (Node.js) — shared message/command handlers, SQLite persistence, scheduler, heartbeat, web/API, and optional Discord integration
 - **TUI client** — thin client over HTTP (`/api/chat`, `/api/command`)
-- **Container** (Docker, ephemeral) — HybridAI API client, sandboxed tool executor
+- **Container** (Docker, ephemeral) — HybridAI API client, sandboxed tool executor, and preinstalled browser automation runtime
 - Communication via file-based IPC (input.json / output.json)
 
 ## Quick start
@@ -62,7 +62,10 @@ Runtime model:
 - `hybridclaw gateway` is the core process and should run first.
 - If `DISCORD_TOKEN` is set, Discord runs inside gateway automatically.
 - `hybridclaw tui` is a thin client that connects to the gateway.
-- `hybridclaw gateway` and `hybridclaw tui` validate the container image at startup and build it automatically if missing.
+- `hybridclaw gateway` and `hybridclaw tui` validate the container image at startup.
+- If the image is missing, it is built automatically.
+- Default rebuild policy is `if-stale`: when tracked container sources changed since last build, the image is rebuilt automatically.
+- Policy override (optional): env `HYBRIDCLAW_CONTAINER_REBUILD=if-stale|always|never`.
 
 Maintainers can publish the package to npm using:
 
@@ -70,11 +73,18 @@ Maintainers can publish the package to npm using:
 npm publish --access public
 ```
 
+If npm 2FA is enabled on your account, use:
+
+```bash
+npm publish --access public --otp=<6-digit-code>
+```
+
 Best-in-class harness upgrades now in runtime:
 
 - explicit trust-model acceptance during onboarding (recorded in `config.json`)
 - typed `config.json` runtime settings with defaults, validation, and hot reload
 - formal prompt hook orchestration (`bootstrap`, `memory`, `safety`)
+- proactive runtime layer with active-hours gating, push delegation (`single`/`parallel`/`chain`), depth-aware tool policy, and retry controls
 
 ## Configuration
 
@@ -82,6 +92,7 @@ HybridClaw now uses typed runtime config in `config.json` (auto-created on first
 
 - Start from `config.example.json` (reference)
 - Runtime watches `config.json` and hot-reloads most settings (model defaults, heartbeat, prompt hooks, limits, etc.)
+- `proactive.*` controls autonomous behavior (`activeHours`, `delegation`, `autoRetry`)
 - Some settings still require restart to fully apply (for example HTTP bind host/port)
 - Default bot is configured via `hybridai.defaultChatbotId` in `config.json` (legacy `HYBRIDAI_CHATBOT_ID` values are auto-migrated on startup)
 
@@ -175,7 +186,22 @@ The agent has access to these sandboxed tools inside the container:
 - `bash` — shell command execution
 - `memory` — durable memory files (`MEMORY.md`, `USER.md`, `memory/YYYY-MM-DD.md`)
 - `session_search` — search/summarize historical sessions from transcript archives
+- `delegate` — push-based background subagent tasks (`single`, `parallel`, `chain`) with auto-announced completion (no polling)
 - `web_fetch` — fetch a URL and extract readable content (HTML → markdown/text)
+- `browser_*` (optional) — interactive browser automation (`navigate`, `snapshot`, `click`, `type`, `press`, `scroll`, `back`, `screenshot`, `pdf`, `close`)
+
+`delegate` mode examples:
+
+- single: `{ "prompt": "Audit auth middleware and list risks", "label": "auth-audit" }`
+- parallel: `{ "mode": "parallel", "label": "module-audit", "tasks": [{ "prompt": "Scan api/" }, { "prompt": "Scan ui/" }] }`
+- chain: `{ "mode": "chain", "label": "implement-flow", "chain": [{ "prompt": "Scout the payment module" }, { "prompt": "Plan changes from: {previous}" }, { "prompt": "Implement based on: {previous}" }] }`
+
+Browser tooling notes:
+
+- The shipped container image preinstalls `agent-browser` and Chromium (Playwright).
+- You can override the binary via `AGENT_BROWSER_BIN` if needed.
+- Navigation to private/loopback hosts is blocked by default (set `BROWSER_ALLOW_PRIVATE_NETWORK=true` to override).
+- Screenshot/PDF outputs are constrained to `/workspace/.browser-artifacts`.
 
 HybridClaw also supports automatic session compaction with pre-compaction memory flush:
 
@@ -187,6 +213,7 @@ System prompt assembly is handled by a formal hook pipeline:
 - `bootstrap` hook (workspace bootstrap + skills metadata)
 - `memory` hook (session summary)
 - `safety` hook (runtime guardrails / trust-model constraints)
+- `proactivity` hook (memory capture, session recall, delegation behavior)
 
 Hook toggles live in `config.json` under `promptHooks`.
 

package/config.example.json

@@ -1,5 +1,5 @@
 {
-  "version": 1,
+  "version": 2,
   "security": {
     "trustModelAccepted": false,
     "trustModelAcceptedAt": "",
@@ -24,7 +24,7 @@
     "image": "hybridclaw-agent",
     "memory": "512m",
     "cpus": "1",
-    "timeoutMs": 60000,
+    "timeoutMs": 300000,
     "additionalMounts": "",
     "maxOutputBytes": 10485760,
     "maxConcurrent": 5
@@ -57,6 +57,28 @@
   "promptHooks": {
     "bootstrapEnabled": true,
     "memoryEnabled": true,
-    "safetyEnabled": true
+    "safetyEnabled": true,
+    "proactivityEnabled": true
+  },
+  "proactive": {
+    "activeHours": {
+      "enabled": false,
+      "timezone": "",
+      "startHour": 8,
+      "endHour": 22,
+      "queueOutsideHours": true
+    },
+    "delegation": {
+      "enabled": true,
+      "maxConcurrent": 3,
+      "maxDepth": 2,
+      "maxPerTurn": 3
+    },
+    "autoRetry": {
+      "enabled": true,
+      "maxAttempts": 3,
+      "baseDelayMs": 2000,
+      "maxDelayMs": 8000
+    }
   }
 }

package/container/Dockerfile

@@ -10,11 +10,14 @@ WORKDIR /app
 
 COPY package.json tsconfig.json ./
 RUN npm install
+ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
+RUN npx playwright install --with-deps chromium
+RUN npx playwright install --with-deps --only-shell chromium
 
 COPY src/ src/
 RUN npx tsc
 
-RUN chown -R node:node /app
+RUN chown -R node:node /app /ms-playwright
 
 USER node