@hybridaione/hybridclaw 0.15.0 → 0.17.0

package/CHANGELOG.md

@@ -2,6 +2,186 @@
 
 ## Unreleased
 
+## [0.17.0](https://github.com/HybridAIOne/hybridclaw/tree/v0.17.0) - 2026-05-12
+
+### Added
+
+- **Native media generation tools**: The container runtime now exposes
+  `image_generate` and `video_generate` with provider adapters, managed output
+  persistence, reference-media validation, usage metering, and bundled
+  `image-generation` / `video-generation` skills. Image generation supports GPT
+  Image, Gemini/Nano Banana, Grok, and FLUX families where configured; video
+  generation supports OpenAI Sora and Google Veo families where configured.
+- **New business and research skills**: Bundled skills now cover Airtable base
+  and record work, FastBill invoicing, Firecrawl scrape/crawl/map/extract
+  workflows, HeyGen avatar video generation and translation, Google Ads
+  campaign operations, and SearXNG-backed `search.web`, `search.news`, and
+  `search.images` workflows.
+- **Threema Gateway channel**: HybridClaw can send outbound Threema Basic-mode
+  text messages with setup docs, CLI configuration, doctor/status visibility,
+  prompt hints, target validation, and delivery tests.
+- **Camofox browser provider**: Browser automation can use a Camofox-backed
+  provider with persistent profile support and the same provider factory path
+  as local Playwright and Browser Use Cloud.
+- **A2A inbound and trust surfaces**: JSON-RPC Agent Card inbound delivery,
+  additional delegation envelope fields, a public-key trust ledger, and an
+  admin A2A trust route extend the federation substrate.
+- **Remote policy authority**: Signed remote policy updates can flow over the
+  federation path with validation, audit records, and targeted tests.
+- **Board card store**: The gateway now has a persisted card-store substrate
+  for future admin work-board and agent-team coordination surfaces.
+- **Trace-judge and anomaly evaluation path**: Skill trace judging gained a
+  subscriber pattern, an offline eval gate, and a behavioral anomaly reranker
+  for tool-call sequences.
+
+### Changed
+
+- **Admin console polish and performance**: Admin pages moved toward a shared
+  `Card` primitive, the Usage rollup gained skeleton and metric loading states,
+  live channel transport status is shown through toasts, the `/` command panel
+  was rebuilt for better keyboard/a11y behavior, and expensive all-session
+  scans/config fetches were removed from hot paths.
+- **Vitest configuration is project-based**: Unit, integration, e2e, and live
+  test configuration now share one project-aware Vitest setup instead of
+  separate config files.
+- **Browser credential handling is narrower**: Browser form fills now route
+  through SecretRef injection gates rather than exposing credential material to
+  the model or broad browser action context.
+- **A2A delegation bearer auth**: Outbound A2A uses signed delegation JWTs as
+  the HTTP bearer credential. `bearerTokenRef` remains a required explicit
+  opt-in gate for non-loopback peer URLs, but its secret value is not sent on
+  the wire.
+- **NPM supply-chain controls are stricter**: Workspace install and release
+  flows now enforce newer npm behavior, harden CI setup, and keep package-lock
+  metadata aligned with the release pipeline.
+
+### Fixed
+
+- **A2A delegation revocation cleanup**: Expired delegation-token revocation
+  records are pruned when new revocations are written, preventing stale
+  short-lived token revocations from accumulating indefinitely.
+- **Skill blocking is visible**: Blocked skills are surfaced instead of being
+  hidden behind silent resolution failures.
+- **Media path display-prefix handling**: Host paths that merely share a
+  display prefix are no longer remapped as if they were inside the sandboxed
+  media root.
+- **Context ring source accuracy**: The web chat context ring reads usage from
+  the correct source after session and UI routing changes.
+- **Auxiliary model token limits**: Auxiliary provider calls honor configured
+  max-token limits.
+- **Console IME composition safety**: Chat composer key handling ignores IME
+  composition events so slash/submit shortcuts do not interrupt text entry.
+- **Release publish compatibility**: Release workflows invoke npm 11 on Node
+  22 so npm package promotion uses the expected toolchain.
+
+## [0.16.0](https://github.com/HybridAIOne/hybridclaw/tree/v0.16.0) - 2026-05-07
+
+### Added
+
+- **macOS desktop wrapper**: Source builds can run `npm run desktop` for a
+  native Electron shell around the existing `/chat` experience, with menu
+  access to `/admin`, automatic local-gateway startup, packaged runtime
+  preparation, and DMG build scripts.
+- **Browser provider substrate**: Browser automation can run through a local
+  persistent Playwright profile or Browser Use Cloud CDP sessions. Browser Use
+  Cloud reads `BROWSER_USE_API_KEY` from the encrypted secret store, records
+  usage/audit events, rejects unsafe local profile hints, and reports setup
+  problems through `hybridclaw doctor browser-use`.
+- **Cloudflare Tunnel provider**: Local gateways can use
+  `deployment.tunnel.provider=cloudflare` with `CLOUDFLARE_TUNNEL_TOKEN` or
+  certificate credentials from encrypted runtime secrets, plus a dedicated
+  setup guide and admin tunnel status.
+- **A2A outbound delivery**: Agent-to-agent envelopes can be delivered through
+  JSON-RPC Agent Card peers or signed webhook peers with an outbox processor,
+  retry/backoff, audit events, secret-backed bearer tokens, and operator
+  escalation when delivery cannot continue safely.
+- **A2A webhook inbound endpoint**: Gateways accept signed envelopes from
+  trusted non-A2A peers at `POST /a2a/webhook/:peerId` with HMAC-SHA256
+  verification, replay-window enforcement, per-peer SecretRef-backed shared
+  secrets, sender/recipient validation against local agents, configurable
+  per-peer rate limiting (default 60/min → 429), and structured audit events
+  for every inbound POST.
+- **Monthly invoice harvester skill**: The bundled
+  `download-platform-invoices` skill collects official SaaS invoice PDFs and
+  normalized records across Stripe, Google Ads, AWS, Azure, GCP, browser-driven
+  SaaS portals, and DATEV Unternehmen Online handoff flows.
+- **Warehouse SQL skill**: The bundled `warehouse-sql` skill reviews and runs
+  read-only natural-language SQL against cached warehouse schemas, with a
+  deterministic SQLite eval fixture and optional connector-backed execution for
+  production warehouses.
+- **Google OAuth secret routes**: `hybridclaw secret route ...` and
+  `/secret route ...` can map URL prefixes to stored secrets or short-lived
+  Google OAuth access tokens for direct `http_request` calls such as Google Ads
+  API access.
+- **Interactive escalation handoff**: Runtime middleware can pause for
+  operator-facing escalation, collect resumable interaction context, and expose
+  browser controls for continuing or resolving pending approvals.
+- **AI-generated session titles**: `auxiliaryModels.session_title` can use an
+  auxiliary model to title recent sessions from the first user message while
+  preserving the local preview fallback when disabled.
+- **Canonical identity discovery**: User and agent identities now have shared
+  parsers, local instance-id allocation, and DNS-style TXT discovery records
+  that map canonical identities to peer URLs and public keys for federation.
+- **Per-agent liveness surface**: Gateway status now includes agent liveness
+  metadata for admin and health surfaces.
+- **Workflow definition schema**: YAML workflow definitions can declare
+  agent-owned steps, transitions, and `stakes_threshold` escalation hints with
+  validation coverage.
+- **Classifier middleware contract**: Agent middleware can classify, warn,
+  transform, block, or escalate pre-send and post-receive content, giving
+  plugins such as `brand-voice` and confidential leak checks a shared runtime
+  surface.
+- **Console skill ZIP overwrite control**: The admin Skills page can upload a
+  skill ZIP with an explicit `--force` overwrite option while preserving the
+  existing skill if the replacement copy fails.
+
+### Changed
+
+- **Approval policy rule pipeline**: Container approval evaluation now runs
+  through a hook-fed, policy-orderable rule pipeline, preserving the existing
+  trust-store layout while giving plugins pre/post tool-use visibility.
+- **Provider fallback chains**: `HYBRIDAI_FALLBACK_CHAIN` can route model calls
+  to alternate providers on auth and rate-limit failures, with primary-provider
+  cooldowns and streaming-safe retry gates.
+- **A2A retry classification is shared**: Outbound A2A delivery and transport
+  error handling use common retry classifications so transient failures,
+  permanent failures, and escalation paths stay consistent.
+- **Web chat sessions are easier to resume**: Recent-session history has clearer
+  titles/snippets, agent switching is more stable, and active-session routing is
+  less prone to stale agent state after UI changes.
+- **Browser tooling is stricter and more capable**: Browser tools share
+  navigation/profile guards, support reusable browser login state across host
+  and container runtimes, and handle download-heavy invoice flows more
+  predictably.
+- **TUI activity rendering is calmer**: Tool activity rows stack and de-dupe
+  more cleanly, repeated activity lines are suppressed, and `Esc` stops the
+  active run instead of leaving the session running in the background.
+- **Secret-bearing tool calls are narrower**: Gateway-side secret injection
+  resolves non-LLM credentials and Google OAuth tokens at request time instead
+  of exposing long-lived credentials to agent context.
+- **Provider discovery errors are clearer**: Shared discovery-error helpers and
+  normalized OpenRouter fallback hints keep model selection output less noisy.
+- **IMAP polling failures stay local**: Email transport timeouts are contained
+  to the IMAP connection path instead of leaking into broader gateway state.
+- **Release automation is stricter**: Release workflows validate promoted image
+  tags, pin newer checkout/setup actions, tolerate build-cache export failures,
+  and enforce the Node engine during npm installs.
+
+### Fixed
+
+- **Gateway transport timeout resilience**: Host/container transport timeouts no
+  longer bring down the gateway; affected runs fail locally while the gateway
+  stays available for subsequent work.
+- **Google Ads invoice harvesting**: Google Ads invoice discovery and PDF
+  downloads use the correct InvoiceService and GoogleAdsService paths,
+  including accessible-customer, manager-client, and billing-setup discovery.
+- **TUI stop behavior**: Pressing `Esc` reliably stops the in-flight TUI
+  session run.
+- **TUI tool activity duplication**: Repeated and stacked tool rows no longer
+  produce noisy duplicate output.
+- **OpenRouter fallback hints**: HybridAI-prefixed model hints are stripped
+  before OpenRouter fallback resolution.
+
 ## [0.15.0](https://github.com/HybridAIOne/hybridclaw/tree/v0.15.0) - 2026-04-29
 
 ### Added

package/README.md

@@ -5,7 +5,7 @@
 [![npm](https://img.shields.io/npm/v/@hybridaione/hybridclaw)](https://www.npmjs.com/package/@hybridaione/hybridclaw)
 [![Node](https://img.shields.io/badge/node-22.x-5FA04E?logo=node.js&logoColor=white)](https://nodejs.org/en/download)
 [![License](https://img.shields.io/github/license/HybridAIOne/hybridclaw)](https://github.com/HybridAIOne/hybridclaw/blob/main/LICENSE)
-[![Docs](https://img.shields.io/badge/docs-hybridclaw.io-blue)](https://www.hybridclaw.io/docs/)
+[![Docs](https://img.shields.io/badge/docs-GitHub%20Pages-blue)](https://hybridaione.github.io/hybridclaw/docs/)
 [![Powered by HybridAI](https://img.shields.io/badge/powered%20by-HybridAI-blueviolet)](https://hybridai.one)
 [![Discord](https://img.shields.io/badge/Discord-join%20chat-5865F2?logo=discord&logoColor=white)](https://discord.gg/jsVW4vJw27)
 
@@ -23,22 +23,22 @@ Connect it to Discord, Slack, Signal, WhatsApp, Telegram, Microsoft Teams,
 email, Twilio voice, or the web. Run it locally, deploy it for business
 workflows, and keep your agents, secrets, and data under your control.
 
-[Quick Start](https://www.hybridclaw.io/docs/getting-started/quickstart) ·
-[Installation](https://www.hybridclaw.io/docs/getting-started/installation) ·
-[Configuration](https://www.hybridclaw.io/docs/reference/configuration) ·
-[Migration](https://www.hybridclaw.io/docs/reference/commands#migration) ·
+[Quick Start](https://hybridaione.github.io/hybridclaw/docs/getting-started/quickstart) ·
+[Installation](https://hybridaione.github.io/hybridclaw/docs/getting-started/installation) ·
+[Configuration](https://hybridaione.github.io/hybridclaw/docs/reference/configuration) ·
+[Migration](https://hybridaione.github.io/hybridclaw/docs/reference/commands#migration) ·
 [Contributing](./CONTRIBUTING.md) ·
 [Support](./SUPPORT.md)
 
 ## Pick your path
 
 - Want the shortest path to a running assistant? Start with
-  [Quick Start](https://www.hybridclaw.io/docs/getting-started/quickstart).
+  [Quick Start](https://hybridaione.github.io/hybridclaw/docs/getting-started/quickstart).
 - Want the full setup flow with providers, channels, and admin surfaces? Start
-  with [Installation](https://www.hybridclaw.io/docs/getting-started/installation)
-  and [Authentication](https://www.hybridclaw.io/docs/getting-started/authentication).
+  with [Installation](https://hybridaione.github.io/hybridclaw/docs/getting-started/installation)
+  and [Authentication](https://hybridaione.github.io/hybridclaw/docs/getting-started/authentication).
 - Want to migrate from OpenClaw or Hermes? Start with the
-  [migration commands](https://www.hybridclaw.io/docs/reference/commands#migration).
+  [migration commands](https://hybridaione.github.io/hybridclaw/docs/reference/commands#migration).
 - Want to contribute from source? Start with [CONTRIBUTING.md](./CONTRIBUTING.md)
   and the maintainer docs under [docs/content/README.md](./docs/content/README.md).
 
@@ -84,9 +84,21 @@ Open locally:
 
 Requirement: Node.js 22 (Docker recommended for sandbox)
 
+Desktop wrapper from source:
+
+```bash
+npm install
+npm run desktop
+```
+
+The Electron workspace opens the existing `/chat` surface in a native macOS
+window, exposes `/admin` from the app menu, reuses a running local gateway when
+available, and starts the bundled gateway automatically when it is not already
+listening on `http://127.0.0.1:9090`.
+
 Release notes live in [CHANGELOG.md](./CHANGELOG.md), and the browsable
 operator and maintainer manual lives at
-[hybridclaw.io/docs](https://www.hybridclaw.io/docs/).
+[hybridaione.github.io/hybridclaw/docs](https://hybridaione.github.io/hybridclaw/docs/).
 
 ## See it in Action
 
@@ -96,7 +108,8 @@ Once the gateway is running, open HybridClaw locally:
 - Web Chat keeps a recent-session sidebar and can search conversation titles
   with contextual snippets before you reopen an older browser session
 - Web Chat shows live context-window usage, accepts `/context`, and lets you
-  switch the active agent and model from the composer
+  switch the active agent and model from the composer; active agent switching is
+  preserved across session reloads and UI route changes
 - Web Chat accepts `/btw <question>` side questions while a primary run is
   active, so you can ask an ephemeral follow-up without interrupting the
   current run
@@ -124,6 +137,8 @@ Once the gateway is running, open HybridClaw locally:
   browser.
 - `/admin/statistics` reports message, session, token, cost, and channel trends
   across a selected date range.
+- The Usage rollup surfaces loading skeletons, cost metrics, and per-model
+  spend summaries without scanning every stored session on page load.
 - `/admin/agent-scoreboard` ranks agents by observed skill scores, reliability,
   timing, best skills, and CV links.
 - `hybridclaw agent config` accepts generated JSON payloads to upsert agent
@@ -133,6 +148,10 @@ Once the gateway is running, open HybridClaw locally:
   Signal QR linking, Twilio voice settings, and per-channel instructions that
   are injected into prompts at runtime.
 - `/admin/approvals` manages approval policies from the browser.
+- Approval policy evaluation runs through a hook-fed rule pipeline, so
+  workspace policy ordering and plugin tool-use hooks share one approval path.
+- `/admin/a2a-trust` shows the local A2A public-key trust ledger for paired
+  peer instances.
 - `/admin/gateway` reloads runtime config and refreshes secrets from the
   browser, and shows public URL plus tunnel status, without tearing down the
   enclosing workspace container; keep `hybridclaw gateway restart` for
@@ -144,14 +163,18 @@ Once the gateway is running, open HybridClaw locally:
   share when that split is configured.
 - `deployment.mode`, `deployment.public_url`, `deployment.tunnel.provider`, and
   `deployment.tunnel.health_check_interval_ms` describe local/cloud exposure
-  and tunnel health cadence. The built-in ngrok and Tailscale Funnel providers
-  read `NGROK_AUTHTOKEN` and `TS_AUTHKEY` from the encrypted runtime secret
-  store.
+  and tunnel health cadence. The built-in ngrok, Tailscale Funnel, and
+  Cloudflare Tunnel providers read `NGROK_AUTHTOKEN`, `TS_AUTHKEY`,
+  `CLOUDFLARE_TUNNEL_TOKEN`, and Cloudflare certificate credentials from the
+  encrypted runtime secret store.
 - `container.warmPool` keeps a bounded adaptive pool of idle host/container
   runtimes for recently active agents when low cold-start latency matters.
 - `container.persistBashState` controls whether bash tool calls share shell
   state (`cd`, exported env vars, aliases) across turns in the same active
   runtime session; `/admin/config` exposes the same setting as `Persistent bash state`.
+- `security.confidentialRedactionEnabled` controls whether optional
+  `.confidential.yml` rules redact prompts and block matching outbound text;
+  `/admin/config` exposes the same setting as `Confidential leak guard`.
 - `hybridclaw audit scan-leaks` scans historical audit logs against optional
   `.confidential.yml` rules for NDA-class client, project, person, keyword,
   and regex matches.
@@ -159,9 +182,12 @@ Once the gateway is running, open HybridClaw locally:
   exposes a custom workspace display root such as `/app`.
 - `hybridclaw tui` includes live delegate progress, pulsing tool rows,
   completion checkmarks, a keyboard-driven approval picker, and a ready-to-run
-  `hybridclaw tui --resume <sessionId>` command on exit.
+  `hybridclaw tui --resume <sessionId>` command on exit. Pressing `Esc` stops
+  the active run and returns control to the prompt.
 - `hybridclaw doctor` checks runtime health including resource hygiene
-  maintenance for stale gateway artifacts.
+  maintenance for stale gateway artifacts. `hybridclaw doctor browser-use`
+  checks the local Playwright browser automation substrate and can install
+  missing Chromium support with `--fix`.
 - `hybridclaw onboarding` and related local setup flows can restore the last
   known-good saved config snapshot or roll back to a tracked revision when
   `config.json` becomes invalid.
@@ -198,9 +224,19 @@ Once the gateway is running, open HybridClaw locally:
 - Brave, Perplexity, and Tavily web-search credentials can live in the
   encrypted runtime secret store and are passed into host or container agent
   runtimes from the active config.
+- Web search can also target a self-hosted SearXNG instance through
+  `web.search.searxngBaseUrl` or `SEARXNG_BASE_URL`; bundled `search.web`,
+  `search.news`, and `search.images` skills prefer that sovereign search path.
 - Google OAuth credentials for Workspace skills live in the encrypted runtime
   secret store; agent runtimes receive short-lived access tokens for `gog` and
   `gws` instead of long-lived refresh tokens.
+- Canonical user and agent identities use stable lowercase IDs and DNS-style
+  discovery records so A2A peers can resolve remote URLs and public keys.
+- `hybridclaw secret route ...` and `/secret route ...` can attach stored
+  secrets or Google OAuth access tokens to matching `http_request` URL
+  prefixes, including Google Ads API calls.
+- `HYBRIDAI_FALLBACK_CHAIN` can route auth and rate-limit provider failures to
+  alternate models/providers with cooldowns before retrying the primary.
 - Skills can be enabled or disabled globally or per channel from
   `hybridclaw skill enable|disable`, TUI `/skill config`, or the admin
   `Skills` page.
@@ -208,7 +244,17 @@ Once the gateway is running, open HybridClaw locally:
   credentials, supported channels, and per-agent autonomy policy.
 - Bundled skills include API-backed Google Workspace workflows (`gog`, `gws`),
   Salesforce inspection, GitHub issue queue processing (`gh-issues`),
-  brand-voice drafting, and editable Excalidraw diagram creation.
+  monthly SaaS invoice harvesting (`download-platform-invoices`), Airtable,
+  FastBill, Firecrawl, Google Ads, HeyGen, natural-language warehouse SQL
+  (`warehouse-sql`), brand-voice drafting, and editable Excalidraw diagram
+  creation.
+- Native media tools generate images and videos through configured providers,
+  persist the resulting artifacts, and expose the same capability through the
+  bundled `image-generation` and `video-generation` skills.
+- Browser automation can use local persistent Playwright profiles, Camofox
+  profiles, or Browser Use Cloud sessions with encrypted `BROWSER_USE_API_KEY`
+  storage, usage metering, shared navigation guards, and SecretRef-gated
+  credential fills.
 - The repo-shipped `brand-voice` plugin can flag, rewrite, or block final
   responses that violate configured voice rules before they reach users.
 - Built-in office skills handle longer PDF creation flows cleanly: the bundled
@@ -271,66 +317,67 @@ Once the gateway is running, open HybridClaw locally:
 
 ## Architecture
 
-- **Gateway service** (Node.js) — shared message/command handlers, SQLite persistence (KV + semantic + knowledge graph + canonical sessions + usage events), scheduler, heartbeat, web/API, loopback OpenAI-compatible API, and channel integrations for Discord, Slack, Signal, Microsoft Teams, Telegram, iMessage, WhatsApp, Twilio voice, and email
+- **Gateway service** (Node.js) — shared message/command handlers, SQLite persistence (KV + semantic + knowledge graph + canonical sessions + usage events), scheduler, heartbeat, web/API, loopback OpenAI-compatible API, A2A peer trust, board-card storage, and channel integrations for Discord, Slack, Signal, Threema, Microsoft Teams, Telegram, iMessage, WhatsApp, Twilio voice, and email
 - **TUI client** — thin client over HTTP (`/api/chat`, `/api/command`) with
   a structured startup banner that surfaces model, sandbox, gateway, and
   chatbot context before the first prompt, live delegate status/progress,
   an interactive approval picker for pending approvals, and an exit summary
   with a ready-to-run resume command
-- **Container** (Docker, ephemeral) — HybridAI API client, sandboxed tool executor, and preinstalled browser automation runtime with cursor-aware snapshots for JS-heavy custom UI
+- **Container** (Docker, ephemeral) — HybridAI API client, sandboxed tool executor, native media-generation tools, web/search adapters, and preinstalled browser automation runtime with cursor-aware snapshots for JS-heavy custom UI
 - Communication via file-based IPC (input.json / output.json)
 
 ## Documentation
 
 Browse the full manual at
-[hybridclaw.io/docs](https://www.hybridclaw.io/docs/).
+[hybridaione.github.io/hybridclaw/docs](https://hybridaione.github.io/hybridclaw/docs/).
 
 - Getting started:
-  [Installation](https://www.hybridclaw.io/docs/getting-started/installation),
-  [Authentication](https://www.hybridclaw.io/docs/getting-started/authentication), and
-  [Quick Start](https://www.hybridclaw.io/docs/getting-started/quickstart)
+  [Installation](https://hybridaione.github.io/hybridclaw/docs/getting-started/installation),
+  [Authentication](https://hybridaione.github.io/hybridclaw/docs/getting-started/authentication), and
+  [Quick Start](https://hybridaione.github.io/hybridclaw/docs/getting-started/quickstart)
 - Enterprise deployment:
-  [Runtime Internals](https://www.hybridclaw.io/docs/developer-guide/runtime) and
-  [Architecture](https://www.hybridclaw.io/docs/developer-guide/architecture)
+  [Runtime Internals](https://hybridaione.github.io/hybridclaw/docs/developer-guide/runtime) and
+  [Architecture](https://hybridaione.github.io/hybridclaw/docs/developer-guide/architecture)
 - Operations:
-  [Remote Access](https://www.hybridclaw.io/docs/guides/remote-access)
+  [Remote Access](https://hybridaione.github.io/hybridclaw/docs/guides/remote-access)
 - Security:
   [SECURITY.md](./SECURITY.md) and [TRUST_MODEL.md](./TRUST_MODEL.md)
 - Migration:
-  [Commands: Migration](https://www.hybridclaw.io/docs/reference/commands#migration) and
-  [FAQ](https://www.hybridclaw.io/docs/reference/faq#can-i-migrate-an-existing-openclaw-or-hermes-agent-home)
+  [Commands: Migration](https://hybridaione.github.io/hybridclaw/docs/reference/commands#migration) and
+  [FAQ](https://hybridaione.github.io/hybridclaw/docs/reference/faq#can-i-migrate-an-existing-openclaw-or-hermes-agent-home)
 - Channels:
-  [Connect Your First Channel](https://www.hybridclaw.io/docs/getting-started/first-channel),
-  [Overview](https://www.hybridclaw.io/docs/channels/overview),
-  [Twilio Voice](https://www.hybridclaw.io/docs/guides/twilio-voice),
-  [Discord](https://www.hybridclaw.io/docs/channels/discord),
-  [Slack](https://www.hybridclaw.io/docs/channels/slack),
-  [Telegram](https://www.hybridclaw.io/docs/channels/telegram),
-  [Signal](https://www.hybridclaw.io/docs/channels/signal),
-  [Email](https://www.hybridclaw.io/docs/channels/email),
-  [WhatsApp](https://www.hybridclaw.io/docs/channels/whatsapp),
-  [iMessage](https://www.hybridclaw.io/docs/channels/imessage), and
-  [Microsoft Teams](https://www.hybridclaw.io/docs/channels/msteams)
+  [Connect Your First Channel](https://hybridaione.github.io/hybridclaw/docs/getting-started/first-channel),
+  [Overview](https://hybridaione.github.io/hybridclaw/docs/channels/overview),
+  [Twilio Voice](https://hybridaione.github.io/hybridclaw/docs/guides/twilio-voice),
+  [Discord](https://hybridaione.github.io/hybridclaw/docs/channels/discord),
+  [Slack](https://hybridaione.github.io/hybridclaw/docs/channels/slack),
+  [Telegram](https://hybridaione.github.io/hybridclaw/docs/channels/telegram),
+  [Signal](https://hybridaione.github.io/hybridclaw/docs/channels/signal),
+  [Threema](https://hybridaione.github.io/hybridclaw/docs/channels/threema),
+  [Email](https://hybridaione.github.io/hybridclaw/docs/channels/email),
+  [WhatsApp](https://hybridaione.github.io/hybridclaw/docs/channels/whatsapp),
+  [iMessage](https://hybridaione.github.io/hybridclaw/docs/channels/imessage), and
+  [Microsoft Teams](https://hybridaione.github.io/hybridclaw/docs/channels/msteams)
 - Tutorials:
-  [Practical Workflows](https://www.hybridclaw.io/docs/tutorials) for owner,
+  [Practical Workflows](https://hybridaione.github.io/hybridclaw/docs/tutorials) for owner,
   GTM, marketing, sales, DevRel, content, invoicing, webinar, and release
   launch workflows
 - Skills and plugins:
-  [Extensibility](https://www.hybridclaw.io/docs/extensibility),
-  [Bundled Skills](https://www.hybridclaw.io/docs/guides/bundled-skills),
-  [Plugin System](https://www.hybridclaw.io/docs/extensibility/plugins),
-  [Memory Plugins](https://www.hybridclaw.io/docs/extensibility/memory-plugins),
-  [ByteRover Memory Plugin](https://www.hybridclaw.io/docs/extensibility/byterover-memory-plugin),
-  [GBrain Plugin](https://www.hybridclaw.io/docs/extensibility/gbrain-plugin),
-  [Mem0 Memory Plugin](https://www.hybridclaw.io/docs/extensibility/mem0-memory-plugin),
-  [Honcho Memory Plugin](https://www.hybridclaw.io/docs/extensibility/honcho-memory-plugin), and
-  [MemPalace Memory Plugin](https://www.hybridclaw.io/docs/extensibility/mempalace-memory-plugin)
+  [Extensibility](https://hybridaione.github.io/hybridclaw/docs/extensibility),
+  [Bundled Skills](https://hybridaione.github.io/hybridclaw/docs/guides/bundled-skills),
+  [Plugin System](https://hybridaione.github.io/hybridclaw/docs/extensibility/plugins),
+  [Memory Plugins](https://hybridaione.github.io/hybridclaw/docs/extensibility/memory-plugins),
+  [ByteRover Memory Plugin](https://hybridaione.github.io/hybridclaw/docs/extensibility/byterover-memory-plugin),
+  [GBrain Plugin](https://hybridaione.github.io/hybridclaw/docs/extensibility/gbrain-plugin),
+  [Mem0 Memory Plugin](https://hybridaione.github.io/hybridclaw/docs/extensibility/mem0-memory-plugin),
+  [Honcho Memory Plugin](https://hybridaione.github.io/hybridclaw/docs/extensibility/honcho-memory-plugin), and
+  [MemPalace Memory Plugin](https://hybridaione.github.io/hybridclaw/docs/extensibility/mempalace-memory-plugin)
 - Configuration:
-  [Configuration Reference](https://www.hybridclaw.io/docs/reference/configuration)
+  [Configuration Reference](https://hybridaione.github.io/hybridclaw/docs/reference/configuration)
 - CLI reference:
-  [Commands](https://www.hybridclaw.io/docs/reference/commands),
-  [Diagnostics](https://www.hybridclaw.io/docs/reference/diagnostics), and
-  [FAQ](https://www.hybridclaw.io/docs/reference/faq)
+  [Commands](https://hybridaione.github.io/hybridclaw/docs/reference/commands),
+  [Diagnostics](https://hybridaione.github.io/hybridclaw/docs/reference/diagnostics), and
+  [FAQ](https://hybridaione.github.io/hybridclaw/docs/reference/faq)
 
 ## Contributing
 

package/SECURITY.md

@@ -148,6 +148,56 @@ Verification command:
 hybridclaw audit verify <sessionId>
 ```
 
+### 6) npm Supply-Chain Controls
+
+HybridClaw treats npm lockfiles and package-manager configuration as security
+controls:
+
+- `.npmrc` enforces exact saves, strict engines, and a seven-day minimum release
+  age.
+- `package.json` requires npm 11.10+ because older npm versions do not enforce
+  the release-age policy.
+- CI upgrades to the pinned npm version before running `npm ci`, so pull
+  requests and release publishes use the same install policy as local
+  development.
+- Docker builds install the pinned npm version before npm install steps. The
+  gateway image copies the repository `.npmrc` before `npm ci`; the agent image
+  materializes the same safe npm config inside its isolated Docker context.
+- CI runs `npm audit signatures` after installs to verify npm registry
+  signatures and available provenance attestations for installed packages.
+- Release publishing uses npm provenance through the trusted-publishing-capable
+  npm CLI. The npm package should be configured on npmjs.com to use trusted
+  publishing and to disallow token-based publishes after the OIDC workflow is
+  verified.
+
+Dependency updates should use `npm ci` for verification and keep
+`package-lock.json` changes reviewable. Avoid unconstrained interactive or
+ad-hoc `npm update` runs; use the lockfile-only update script below so npm's
+configured release-age gate applies and the resulting diff can be reviewed. Do
+not add git, tarball, or non-registry dependencies without a specific security
+review. The current WhatsApp channel dependency chain includes a pinned GitHub
+dependency from `@whiskeysockets/baileys` to `libsignal`; replacing that
+dependency with a registry-only package should be prioritized before enabling
+npm's `allow-git` restriction.
+
+Recommended dependency update workflow:
+
+```bash
+npm install --global npm@11.10.0 --no-audit --fund=false
+npm run deps:update-lockfile
+git diff -- package.json package-lock.json container/package.json container/package-lock.json
+npm run deps:verify
+npm run typecheck
+npm run test:unit
+```
+
+`deps:update-lockfile` regenerates the root/workspace lockfile and the standalone
+container lockfile through npm's configured seven-day release-age filter.
+`deps:verify` then performs clean installs from those lockfiles and verifies npm
+registry signatures. Review lockfile diffs before merging; unexpected new
+maintainers, new install scripts, git/tarball URLs, or large transitive churn
+should be treated as security review triggers.
+
 ## Incident Response
 
 If compromise is suspected:
@@ -157,6 +207,8 @@ If compromise is suspected:
 3. Review mount allowlist, workspace files, and `sessionRouting.identityLinks`.
 4. Inspect denied/authorization events with `hybridclaw audit approvals --denied`.
 5. Validate audit integrity with `hybridclaw audit verify`.
+6. If compromise may involve npm install-time malware, rotate npm, GitHub, SSH,
+   cloud, and registry credentials reachable from the affected host or runner.
 
 ## Reporting A Vulnerability
 

package/config.example.json

@@ -1,10 +1,11 @@
 {
-  "version": 26,
+  "version": 28,
   "security": {
     "trustModelAccepted": false,
     "trustModelAcceptedAt": "",
     "trustModelVersion": "",
-    "trustModelAcceptedBy": ""
+    "trustModelAcceptedBy": "",
+    "confidentialRedactionEnabled": false
   },
   "deployment": {
     "mode": "local",
@@ -14,6 +15,27 @@
       "health_check_interval_ms": 30000
     }
   },
+  "browser": {
+    "provider": "local",
+    "local": {
+      "profileRoot": "",
+      "headed": false
+    },
+    "camofox": {
+      "profileRoot": "",
+      "headed": false,
+      "launchOptions": {}
+    },
+    "browserUseCloud": {
+      "apiKeyRef": {
+        "source": "env",
+        "id": "BROWSER_USE_API_KEY"
+      },
+      "baseUrl": "",
+      "browser": {},
+      "pricing": {}
+    }
+  },
   "skills": {
     "extraDirs": [],
     "disabled": [],
@@ -23,6 +45,7 @@
       "signal": [],
       "slack": [],
       "telegram": [],
+      "threema": [],
       "voice": [],
       "whatsapp": [],
       "email": []
@@ -38,6 +61,7 @@
     "signal": "",
     "slack": "",
     "telegram": "",
+    "threema": "",
     "voice": "This is a live phone call. Produce plain spoken text only.\nKeep each reply short and conversational, usually one or two short sentences.\nAbsolutely no markdown, bullets, numbered lists, headings, code fences, tables, JSON, or decorative formatting.\nDo not narrate internal reasoning, planning, tool usage, or stage directions. Say only what the caller should hear.\nDo not spell punctuation, formatting marks, or raw URLs unless the caller explicitly asks for exact characters.",
     "whatsapp": "",
     "email": "",
@@ -184,6 +208,16 @@
     "reconnectIntervalMs": 5000,
     "outboundDelayMs": 350
   },
+  "threema": {
+    "enabled": false,
+    "apiBaseUrl": "https://msgapi.threema.ch",
+    "identity": "",
+    "secret": "",
+    "dmPolicy": "allowlist",
+    "allowFrom": [],
+    "textChunkLimit": 3500,
+    "outboundDelayMs": 350
+  },
   "whatsapp": {
     "dmPolicy": "pairing",
     "groupPolicy": "disabled",
@@ -398,6 +432,11 @@
       "provider": "auto",
       "model": "",
       "maxTokens": 0
+    },
+    "session_title": {
+      "provider": "auto",
+      "model": "",
+      "maxTokens": 0
     }
   },
   "container": {