@hybridaione/hybridclaw 0.27.1 → 0.27.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +9 -0
- package/README.md +2 -2
- package/console/package.json +1 -1
- package/container/npm-shrinkwrap.json +2 -2
- package/container/package-lock.json +2 -2
- package/container/package.json +1 -1
- package/dist/gateway/gateway-http-server.js +1 -1
- package/dist/gateway/gateway-http-server.js.map +1 -1
- package/docs/content/README.md +3 -0
- package/docs/content/channels/admin-console.md +2 -0
- package/npm-shrinkwrap.json +5 -5
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,15 @@
|
|
|
2
2
|
|
|
3
3
|
## Unreleased
|
|
4
4
|
|
|
5
|
+
## [0.27.2](https://github.com/HybridAIOne/hybridclaw/tree/v0.27.2) - 2026-07-06
|
|
6
|
+
|
|
7
|
+
### Fixed
|
|
8
|
+
|
|
9
|
+
- **Console PDF previews**: Console pages now allow `blob:` iframe sources in
|
|
10
|
+
the defensive Content Security Policy, so browser-backed PDF previews render
|
|
11
|
+
instead of being blocked by the `default-src 'self'` fallback. Gateway HTTP
|
|
12
|
+
server tests cover the `frame-src 'self' blob:` directive.
|
|
13
|
+
|
|
5
14
|
## [0.27.1](https://github.com/HybridAIOne/hybridclaw/tree/v0.27.1) - 2026-07-06
|
|
6
15
|
|
|
7
16
|
### Added
|
package/README.md
CHANGED
|
@@ -162,7 +162,7 @@ npm run desktop
|
|
|
162
162
|
surface.
|
|
163
163
|
- **Operator visibility**: `/admin` covers channels, connectors, approvals,
|
|
164
164
|
audit, statistics, output guard, secrets, fleet topology, A2A inbox/trust,
|
|
165
|
-
and
|
|
165
|
+
distillation, and browser PDF previews without requiring shell access.
|
|
166
166
|
- **Business-ready extension model**: packaged skills, plugins, MCP servers,
|
|
167
167
|
and SecretRef-backed HTTP tools share the same approval and credential
|
|
168
168
|
boundaries.
|
|
@@ -236,7 +236,7 @@ Core pieces:
|
|
|
236
236
|
| Build desktop releases | [Desktop Release Builds](https://hybridaione.github.io/hybridclaw/docs/developer-guide/desktop-release) |
|
|
237
237
|
| Contribute | [CONTRIBUTING.md](./CONTRIBUTING.md), [docs/content/README.md](./docs/content/README.md) |
|
|
238
238
|
|
|
239
|
-
Latest release: [v0.27.
|
|
239
|
+
Latest release: [v0.27.2](https://github.com/HybridAIOne/hybridclaw/releases/tag/v0.27.2).
|
|
240
240
|
Release notes: [CHANGELOG.md](./CHANGELOG.md)
|
|
241
241
|
|
|
242
242
|
## Development
|
package/console/package.json
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "hybridclaw-agent",
|
|
3
|
-
"version": "0.27.
|
|
3
|
+
"version": "0.27.2",
|
|
4
4
|
"lockfileVersion": 3,
|
|
5
5
|
"requires": true,
|
|
6
6
|
"packages": {
|
|
7
7
|
"": {
|
|
8
8
|
"name": "hybridclaw-agent",
|
|
9
|
-
"version": "0.27.
|
|
9
|
+
"version": "0.27.2",
|
|
10
10
|
"dependencies": {
|
|
11
11
|
"@modelcontextprotocol/sdk": "1.29.0",
|
|
12
12
|
"@mozilla/readability": "0.6.0",
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "hybridclaw-agent",
|
|
3
|
-
"version": "0.27.
|
|
3
|
+
"version": "0.27.2",
|
|
4
4
|
"lockfileVersion": 3,
|
|
5
5
|
"requires": true,
|
|
6
6
|
"packages": {
|
|
7
7
|
"": {
|
|
8
8
|
"name": "hybridclaw-agent",
|
|
9
|
-
"version": "0.27.
|
|
9
|
+
"version": "0.27.2",
|
|
10
10
|
"dependencies": {
|
|
11
11
|
"@modelcontextprotocol/sdk": "1.29.0",
|
|
12
12
|
"@mozilla/readability": "0.6.0",
|
package/container/package.json
CHANGED
|
@@ -2015,7 +2015,7 @@ function serveConsoleFile(filePath, res, options) {
|
|
|
2015
2015
|
'Cross-Origin-Opener-Policy': 'same-origin',
|
|
2016
2016
|
...(isIndex
|
|
2017
2017
|
? {
|
|
2018
|
-
'Content-Security-Policy': "default-src 'self'; base-uri 'none'; object-src 'none'; frame-ancestors 'none'; form-action 'self'; img-src 'self' data: blob:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; script-src 'self'; connect-src 'self' ws: wss:",
|
|
2018
|
+
'Content-Security-Policy': "default-src 'self'; base-uri 'none'; object-src 'none'; frame-ancestors 'none'; form-action 'self'; img-src 'self' data: blob:; media-src 'self' blob:; frame-src 'self' blob:; style-src 'self' 'unsafe-inline'; script-src 'self'; connect-src 'self' ws: wss:",
|
|
2019
2019
|
}
|
|
2020
2020
|
: {}),
|
|
2021
2021
|
});
|