@hybridaione/hybridclaw 0.25.0 → 0.25.1

package/CHANGELOG.md

@@ -2,6 +2,15 @@
 
 ## Unreleased
 
+## [0.25.1](https://github.com/HybridAIOne/hybridclaw/tree/v0.25.1) - 2026-06-20
+
+### Fixed
+
+- **HybridAI cloud admin sessions**: HybridAI-launched sessions without scoped
+  RBAC claims are treated as full admin sessions for compatibility, explicit
+  scoped sessions remain restricted, and cookie-authenticated admin mutations
+  respect forwarded public origins behind the cloud proxy.
+
 ## [0.25.0](https://github.com/HybridAIOne/hybridclaw/tree/v0.25.0) - 2026-06-20
 
 ### Added

package/README.md

@@ -220,7 +220,7 @@ Core pieces:
 | Build desktop releases | [Desktop Release Builds](https://hybridaione.github.io/hybridclaw/docs/developer-guide/desktop-release) |
 | Contribute | [CONTRIBUTING.md](./CONTRIBUTING.md), [docs/content/README.md](./docs/content/README.md) |
 
-Latest release: [v0.25.0](https://github.com/HybridAIOne/hybridclaw/releases/tag/v0.25.0).
+Latest release: [v0.25.1](https://github.com/HybridAIOne/hybridclaw/releases/tag/v0.25.1).
 Release notes: [CHANGELOG.md](./CHANGELOG.md)
 
 ## Development

package/console/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@hybridaione/hybridclaw-console",
   "private": true,
-  "version": "0.25.0",
+  "version": "0.25.1",
   "type": "module",
   "scripts": {
     "build": "tsc --noEmit && vite build",

package/container/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "hybridclaw-agent",
-  "version": "0.25.0",
+  "version": "0.25.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "hybridclaw-agent",
-      "version": "0.25.0",
+      "version": "0.25.1",
       "dependencies": {
         "@modelcontextprotocol/sdk": "1.29.0",
         "@mozilla/readability": "0.6.0",

package/container/package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "hybridclaw-agent",
-  "version": "0.25.0",
+  "version": "0.25.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "hybridclaw-agent",
-      "version": "0.25.0",
+      "version": "0.25.1",
       "dependencies": {
         "@modelcontextprotocol/sdk": "1.29.0",
         "@mozilla/readability": "0.6.0",

package/container/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hybridclaw-agent",
-  "version": "0.25.0",
+  "version": "0.25.1",
   "type": "module",
   "main": "dist/index.js",
   "packageManager": "npm@11.10.0",

package/dist/gateway/gateway-http-server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"gateway-http-server.d.ts","sourceRoot":"","sources":["../../src/gateway/gateway-http-server.ts"],"names":[],"mappings":"AA4zNA,MAAM,WAAW,iBAAiB;IAChC,iBAAiB,EAAE,MAAM,IAAI,CAAC;IAC9B,QAAQ,EAAE,MAAM,IAAI,CAAC;CACtB;AAED,wBAAgB,sBAAsB,IAAI,iBAAiB,CAk3B1D"}
+{"version":3,"file":"gateway-http-server.d.ts","sourceRoot":"","sources":["../../src/gateway/gateway-http-server.ts"],"names":[],"mappings":"AAqzNA,MAAM,WAAW,iBAAiB;IAChC,iBAAiB,EAAE,MAAM,IAAI,CAAC;IAC9B,QAAQ,EAAE,MAAM,IAAI,CAAC;CACtB;AAED,wBAAgB,sBAAsB,IAAI,iBAAiB,CAk3B1D"}

package/dist/gateway/gateway-http-server.js

@@ -1381,18 +1381,11 @@ function requestUsesHttps(req) {
         return forwardedProto === 'https';
     return req.socket.encrypted === true;
 }
-function resolveRequestOriginForAuth(req) {
-    const host = String(req.headers.host || '').trim();
-    if (!host)
-        return null;
-    const protocol = requestUsesHttps(req) ? 'https' : 'http';
-    return `${protocol}://${host}`;
-}
 function hasSameGatewayOrigin(req) {
     const origin = String(req.headers.origin || '').trim();
     if (!origin)
         return false;
-    return origin === resolveRequestOriginForAuth(req);
+    return origin === resolveRequestOrigin(req);
 }
 function hasApiAuth(req, url, opts) {
     const authHeader = req.headers.authorization || '';