@hybridaione/hybridclaw 0.9.6 → 0.9.7

package/AGENTS.md

@@ -21,7 +21,7 @@ HybridClaw is a personal AI assistant bot for Discord, powered by HybridAI.
 Enterprise-grade Node.js 22 application with gateway service, TUI client, and
 Docker-sandboxed container runtime.
 
-**Version:** 0.7.1  |  **Package:** `@hybridaione/hybridclaw`
+**Version:** 0.9.7  |  **Package:** `@hybridaione/hybridclaw`
  |  **License:** see `LICENSE`
 
 Architecture: gateway (core runtime, SQLite persistence, REST API, Discord

package/CHANGELOG.md

@@ -2,6 +2,61 @@
 
 ## [Coming up]
 
+## [0.9.7](https://github.com/HybridAIOne/hybridclaw/tree/v0.9.7)
+
+### Added
+
+- **Mistral provider support**: Added
+  `hybridclaw auth login|status|logout mistral`, support for
+  `mistral/...` model ids in selection commands, runtime credential handling
+  for Mistral requests, discovered model catalog entries with canonical-name,
+  context-window, and vision metadata, and recommended-model coverage in
+  selectors and status output.
+- **ATIF-compatible trace export**: Added `export trace [sessionId|all|--all]`
+  across gateway, TUI, and chat command surfaces so operators can export
+  structured debug trace JSONL with tool calls, token usage, git context,
+  attribution metadata, and compatibility fields for downstream trace tooling.
+- **HybridClaw docs and help retrieval**: Added a searchable `/docs` browser
+  docs shell, raw-markdown `/docs/agents.md`, the bundled
+  `hybridclaw-help` skill, and prompt-hook routing that fetches public docs
+  before answering HybridClaw product questions.
+- **Obsidian bundled skill**: Added a first-party `obsidian` skill plus agent
+  metadata for vault-aware note search, creation, moves, and link-preserving
+  edits.
+
+### Changed
+
+- **Web chat streaming and replay UX**: Simplified stream frame state and
+  replay reuse, added NDJSON fallback handling plus decoder-tail flushing,
+  batched DOM updates, and preserved scroll position during streaming so the
+  built-in web chat behaves more smoothly under live output.
+- **Session previews and export UX**: Shared conversation-preview helpers
+  across sessions and agent cards, added clearer timestamp/snippet output in
+  `/sessions`, and exposed the new `export session` and `export trace`
+  subcommands consistently in help text and slash menus.
+- **Docker images and publish pipeline**: Reworked the gateway and agent
+  Dockerfiles into clearer multi-stage builds, added the agent `runtime-lite`
+  target plus `HYBRIDCLAW_CONTAINER_TARGET`, and added CI Docker preflight
+  builds plus explicit runtime targets in publish workflows.
+- **Public docs routing and landing pages**: Moved the browsable docs shell to
+  `/docs`, kept the legacy `/development` entry as a redirect, refreshed the
+  static docs assets, and added a HybridClaw Cloud callout across the public
+  landing page.
+
+### Fixed
+
+- **Local iMessage self-chat fallback**: Skipped attributed-body-only
+  self-chat rows that look like replayed history or control commands so local
+  iMessage polling no longer injects stale self-chat content.
+- **Trace export and secret redaction hardening**: Expanded redaction coverage
+  for GitHub/npm tokens, emails, IPs, phone numbers, SSNs, credit cards, and
+  high-entropy strings, anonymized runner-home paths in trace exports, and
+  restored paused TTY state after hidden secret prompts.
+- **Mistral discovery and container build polish**: Tightened canonical and
+  deprecated Mistral model handling plus availability checks, and fixed
+  container/gateway Docker builds around native addons, dependency pruning,
+  runtime targets, and npm prune failure modes.
+
 ## [0.9.6](https://github.com/HybridAIOne/hybridclaw/tree/v0.9.6)
 
 ### Changed

package/README.md

@@ -44,6 +44,8 @@ hybridclaw onboarding
 Prerequisites: Node.js 22. Docker is recommended when you want the default
 container sandbox. The published install bootstraps the packaged container
 runtime dependencies during `npm install -g`.
+The current release tag is
+[v0.9.7](https://github.com/HybridAIOne/hybridclaw/releases/tag/v0.9.7).
 Release notes live in [CHANGELOG.md](./CHANGELOG.md), and the browsable
 operator and maintainer manual lives under
 [docs/development/README.md](./docs/development/README.md).
@@ -125,18 +127,21 @@ hybridclaw auth login hybridai --browser
 hybridclaw auth login hybridai --base-url http://localhost:5000
 hybridclaw auth login codex --import
 hybridclaw auth login openrouter anthropic/claude-sonnet-4 --api-key sk-or-...
+hybridclaw auth login mistral mistral-large-latest --api-key mistral_...
 hybridclaw auth login huggingface meta-llama/Llama-3.1-8B-Instruct --api-key hf_...
 hybridclaw auth login local ollama llama3.2
 hybridclaw auth login msteams --app-id 00000000-0000-0000-0000-000000000000 --tenant-id 11111111-1111-1111-1111-111111111111 --app-password secret
 hybridclaw auth status hybridai
 hybridclaw auth status codex
 hybridclaw auth status openrouter
+hybridclaw auth status mistral
 hybridclaw auth status huggingface
 hybridclaw auth status local
 hybridclaw auth status msteams
 hybridclaw auth logout hybridai
 hybridclaw auth logout codex
 hybridclaw auth logout openrouter
+hybridclaw auth logout mistral
 hybridclaw auth logout huggingface
 hybridclaw auth logout local
 hybridclaw auth logout msteams
@@ -155,6 +160,7 @@ hybridclaw local configure ollama llama3.2
 - `hybridclaw auth login hybridai` auto-selects browser login on local GUI machines and a manual/headless API-key flow on SSH, CI, and container shells. `--import` copies the current `HYBRIDAI_API_KEY` from your shell into `~/.hybridclaw/credentials.json`, and `--base-url` updates `hybridai.baseUrl` before login.
 - `hybridclaw auth login codex` auto-selects browser PKCE on local GUI machines and device code on headless or remote shells.
 - `hybridclaw auth login openrouter` accepts `--api-key`, falls back to `OPENROUTER_API_KEY`, or prompts you to paste the key, then enables the provider and can set the global default model.
+- `hybridclaw auth login mistral` accepts `--api-key`, falls back to `MISTRAL_API_KEY`, or prompts you to paste the key, then enables the provider and can set the global default model.
 - `hybridclaw auth login huggingface` accepts `--api-key`, falls back to `HF_TOKEN`, or prompts you to paste the token, then enables the provider and can set the global default model.
 - `hybridclaw auth login local` configures Ollama, LM Studio, or vLLM in `~/.hybridclaw/config.json`.
 - `hybridclaw auth login msteams` enables Microsoft Teams, stores `MSTEAMS_APP_PASSWORD` in `~/.hybridclaw/credentials.json`, and can prompt for the app id, app password, and optional tenant id.
@@ -162,9 +168,9 @@ hybridclaw local configure ollama llama3.2
 - `hybridclaw auth logout local` disables configured local backends and clears any saved vLLM API key.
 - `hybridclaw auth logout msteams` clears the stored Teams app password and disables the Teams integration in config.
 - `hybridclaw auth whatsapp reset` clears linked WhatsApp Web auth without starting a new pairing session.
-- HybridAI, OpenRouter, Hugging Face, Discord, email, Teams, and BlueBubbles iMessage secrets are stored in `~/.hybridclaw/credentials.json`. Codex OAuth credentials are stored separately in `~/.hybridclaw/codex-auth.json`.
+- HybridAI, OpenRouter, Mistral, Hugging Face, Discord, email, Teams, and BlueBubbles iMessage secrets are stored in `~/.hybridclaw/credentials.json`. Codex OAuth credentials are stored separately in `~/.hybridclaw/codex-auth.json`.
 - Only one running HybridClaw process should own `~/.hybridclaw/credentials/whatsapp` at a time. If WhatsApp Web shows duplicate Chrome/Ubuntu linked devices or reconnect/auth drift starts, stop the extra process, run `hybridclaw auth whatsapp reset`, then pair again with `hybridclaw channels whatsapp setup`.
-- Use `hybridclaw help`, `hybridclaw help auth`, `hybridclaw help openrouter`, `hybridclaw help huggingface`, or `hybridclaw help local` for CLI-specific reference output.
+- Use `hybridclaw help`, `hybridclaw help auth`, `hybridclaw help openrouter`, `hybridclaw help mistral`, `hybridclaw help huggingface`, or `hybridclaw help local` for CLI-specific reference output.
 
 ## Setting Up MS Teams
 
@@ -188,7 +194,7 @@ See [docs/imessage.md](./docs/imessage.md) for the full setup flow, including:
 
 ## Model Selection
 
-Codex models use the `openai-codex/` prefix. OpenRouter models use the `openrouter/` prefix. Hugging Face router models use the `huggingface/` prefix. The default shipped Codex model is `openai-codex/gpt-5-codex`.
+Codex models use the `openai-codex/` prefix. OpenRouter models use the `openrouter/` prefix. Mistral models use the `mistral/` prefix. Hugging Face router models use the `huggingface/` prefix. The default shipped Codex model is `openai-codex/gpt-5-codex`.
 
 Examples:
 
@@ -198,6 +204,8 @@ Examples:
 /model default openai-codex/gpt-5-codex
 /model list openrouter
 /model set openrouter/anthropic/claude-sonnet-4
+/model list mistral
+/model set mistral/mistral-large-latest
 /model list huggingface
 /model set huggingface/meta-llama/Llama-3.1-8B-Instruct
 /model clear
@@ -206,13 +214,15 @@ Examples:
 /model default openrouter/anthropic/claude-sonnet-4
 ```
 
-- `hybridai.defaultModel` in `~/.hybridclaw/config.json` can point at a HybridAI model, an `openai-codex/...` model, an `openrouter/...` model, a `huggingface/...` model, or a local backend model such as `ollama/...`.
+- `hybridai.defaultModel` in `~/.hybridclaw/config.json` can point at a HybridAI model, an `openai-codex/...` model, an `openrouter/...` model, a `mistral/...` model, a `huggingface/...` model, or a local backend model such as `ollama/...`.
 - `codex.models` in runtime config controls the allowed Codex model list shown in selectors and status output.
 - `openrouter.models` in runtime config controls the allowed OpenRouter model list shown in selectors and status output.
+- `mistral.models` in runtime config controls the allowed Mistral model list shown in selectors and status output.
 - `huggingface.models` in runtime config controls the allowed Hugging Face model list shown in selectors and status output.
 - HybridAI model lists are refreshed from the configured HybridAI base URL (`/models`, then `/v1/models` as a compatibility fallback), and discovered `context_length` values feed status and model-info output when the API exposes them.
 - When the selected model starts with `openai-codex/`, HybridClaw resolves OAuth credentials through the Codex provider instead of `HYBRIDAI_API_KEY`.
 - When the selected model starts with `openrouter/`, HybridClaw resolves credentials through `OPENROUTER_API_KEY`.
+- When the selected model starts with `mistral/`, HybridClaw resolves credentials through `MISTRAL_API_KEY`.
 - When the selected model starts with `huggingface/`, HybridClaw resolves credentials through `HF_TOKEN`.
 - `/model set <name>` is a session-only override.
 - `/model clear` removes the session override and falls back to the current agent model or the global default.
@@ -565,7 +575,7 @@ CLI runtime commands:
 - `hybridclaw tui --resume <sessionId>` / `hybridclaw --resume <sessionId>` — Resume an earlier TUI session by canonical session id
 - `hybridclaw onboarding` — Run trust-model acceptance plus interactive provider onboarding
 - `hybridclaw auth login [provider] ...` — Namespaced provider setup/login entrypoint
-- `hybridclaw auth status <provider>` — Show provider status for `hybridai`, `codex`, `openrouter`, `local`, or `msteams`
+- `hybridclaw auth status <provider>` — Show provider status for `hybridai`, `codex`, `openrouter`, `mistral`, `huggingface`, `local`, or `msteams`
 - `hybridclaw auth logout <provider>` — Clear provider credentials or disable local backends/Teams
 - `hybridclaw config`, `check`, `reload`, `set <key> <value>` — Inspect, validate, hot-reload, or edit the local runtime config file
 - `hybridclaw auth login msteams [--app-id <id>] [--app-password <secret>] [--tenant-id <id>]` — Enable Microsoft Teams, persist the app secret, and print webhook next steps
@@ -578,7 +588,7 @@ CLI runtime commands:
 - `hybridclaw local status` — Show current local backend config and default model
 - `hybridclaw local configure <backend> <model-id> [--base-url <url>] [--api-key <key>] [--no-default]` — Enable and configure a local backend
 - `hybridclaw hybridai ...`, `hybridclaw codex ...`, and `hybridclaw local ...` — Legacy aliases for the older provider-specific command surface
-- `hybridclaw help` / `hybridclaw help auth` / `hybridclaw help openrouter` — Print CLI reference for the unified provider commands
+- `hybridclaw help` / `hybridclaw help auth` / `hybridclaw help openrouter` / `hybridclaw help mistral` — Print CLI reference for the unified provider commands
 - `hybridclaw doctor [--fix|--json|<component>]` — Diagnose runtime, gateway, config, credentials, database, providers, local backends, Docker, channels, skills, security, and disk state
 - `hybridclaw skill list` — Show skills and any declared installer options
 - `hybridclaw skill enable <skill-name> [--channel <kind>]`, `disable`, `toggle` — Manage global and per-channel skill availability
@@ -615,6 +625,7 @@ In Discord, use `!claw help` or the slash commands. Key ones:
 - `!claw audit approvals [n] [--denied]` — Show policy approval decisions
 - `!claw usage [summary|daily|monthly|model [daily|monthly] [agentId]]` — Show token/cost aggregates
 - `!claw export session [sessionId]` — Export session snapshot as JSONL
+- `!claw export trace [sessionId|all]` — Export ATIF-compatible trace JSONL for one session or every session
 - `!claw mcp list` — List configured MCP servers
 - `!claw mcp add <name> <json>` — Add or update an MCP server config
 - `!claw schedule add "<cron>" <prompt>` — Add cron scheduled task

package/config.example.json

@@ -191,6 +191,11 @@
     "baseUrl": "https://openrouter.ai/api/v1",
     "models": ["openrouter/anthropic/claude-sonnet-4"]
   },
+  "mistral": {
+    "enabled": false,
+    "baseUrl": "https://api.mistral.ai/v1",
+    "models": ["mistral/mistral-large-latest"]
+  },
   "huggingface": {
     "enabled": false,
     "baseUrl": "https://router.huggingface.co/v1",

package/container/.dockerignore

@@ -14,3 +14,5 @@ yarn-error.log*
 *.sqlite
 *.db
 *.log
+*.md
+scripts/

package/container/Dockerfile

@@ -1,42 +1,70 @@
-FROM node:20-slim
+# --- Build stage ---
+FROM node:22-slim@sha256:80fdb3f57c815e1b638d221f30a826823467c4a56c8f6a8d7aa091cd9b1675ea AS builder
+WORKDIR /app
+COPY package.json package-lock.json ./
+RUN --mount=type=cache,target=/root/.npm \
+    npm ci
+COPY tsconfig.json ./
+COPY shared/ shared/
+COPY src/ src/
+RUN npx tsc
+
+# --- Runtime base (no LibreOffice) ---
+FROM node:22-slim@sha256:80fdb3f57c815e1b638d221f30a826823467c4a56c8f6a8d7aa091cd9b1675ea AS runtime-lite
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    ripgrep git curl python3 python3-pip poppler-utils qpdf pandoc \
-    libreoffice-calc libreoffice-impress libreoffice-writer \
-    && rm -rf /var/lib/apt/lists/*
+LABEL org.opencontainers.image.source="https://github.com/HybridAIOne/hybridclaw"
+LABEL org.opencontainers.image.description="HybridClaw sandboxed agent runtime"
 
-RUN python3 -m pip install --no-cache-dir --break-system-packages \
-    uv \
+RUN --mount=type=cache,target=/var/cache/apt \
+    --mount=type=cache,target=/var/lib/apt/lists \
+    apt-get update && apt-get install -y --no-install-recommends \
+    ripgrep git curl python3 python3-pip poppler-utils qpdf pandoc
+
+RUN --mount=type=cache,target=/root/.cache/pip \
+    python3 -m pip install --break-system-packages \
     pypdf==5.4.0 \
     pdfplumber==0.11.6 \
     pdf2image==1.17.0 \
     reportlab==4.4.4 \
     pillow==11.3.0
 
-RUN npm install -g \
+RUN --mount=type=cache,target=/root/.npm \
+    npm install -g \
     docx@9.5.1 \
     pptxgenjs@4.0.1 \
     csv-parse@6.1.0 \
     iconv-lite@0.7.0 \
     xlsx-populate@1.21.0
-ENV NODE_PATH=/usr/local/lib/node_modules:/app/node_modules
 
-WORKDIR /app
-
-COPY package.json tsconfig.json ./
-RUN npm install
+ENV NODE_PATH=/usr/local/lib/node_modules:/app/node_modules
 ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
-RUN npx playwright install --with-deps chromium
-RUN npx playwright install --with-deps --only-shell chromium
 
-COPY shared/ shared/
-COPY src/ src/
-RUN npx tsc
+WORKDIR /app
 
-RUN chown -R node:node /app /ms-playwright
+COPY --link --from=builder /app/package.json /app/package-lock.json ./
+RUN --mount=type=cache,target=/root/.npm \
+    npm ci --omit=dev
 
+# System deps need root; browser installed as node user so /ms-playwright stays owned by node:node
+RUN npx playwright install-deps chromium \
+    && mkdir -p /ms-playwright \
+    && chown -R node:node /app /ms-playwright
 USER node
+RUN npx playwright install --only-shell chromium
 
-WORKDIR /workspace
+COPY --link --from=builder /app/dist/ dist/
+COPY --link --from=builder /app/shared/ shared/
 
+STOPSIGNAL SIGTERM
+WORKDIR /workspace
 ENTRYPOINT ["node", "/app/dist/index.js"]
+
+# --- Full runtime (with LibreOffice) ---
+FROM runtime-lite AS runtime
+
+USER root
+RUN --mount=type=cache,target=/var/cache/apt \
+    --mount=type=cache,target=/var/lib/apt/lists \
+    apt-get update && apt-get install -y --no-install-recommends \
+    libreoffice-calc libreoffice-impress libreoffice-writer
+USER node

package/container/dist/approval-policy.js

@@ -27,6 +27,7 @@ const DEFAULT_POLICY = {
         { paths: ['~/.ssh/**', '/etc/**', '.env*'] },
         { tools: ['force_push'] },
     ],
+    trustedNetworkHosts: ['hybridclaw.io'],
     workspaceFence: true,
     maxPendingApprovals: 3,
     approvalTimeoutSecs: 120,
@@ -264,6 +265,10 @@ function parsePolicyYaml(raw) {
             if (key === 'workspace_fence') {
                 policy.workspaceFence = parseBool(rawValue, DEFAULT_POLICY.workspaceFence);
             }
+            else if (key === 'trusted_network_hosts') {
+                policy.trustedNetworkHosts =
+                    parseInlineList(rawValue).length > 0 ? parseInlineList(rawValue) : [];
+            }
             else if (key === 'max_pending_approvals') {
                 policy.maxPendingApprovals = Math.max(1, parseIntStrict(rawValue, DEFAULT_POLICY.maxPendingApprovals));
             }
@@ -310,6 +315,10 @@ function loadPolicyFromDisk(policyPath) {
         pinnedRed: Array.isArray(filePolicy.pinnedRed) && filePolicy.pinnedRed.length > 0
             ? filePolicy.pinnedRed
             : DEFAULT_POLICY.pinnedRed,
+        trustedNetworkHosts: Array.isArray(filePolicy.trustedNetworkHosts) &&
+            filePolicy.trustedNetworkHosts.length > 0
+            ? filePolicy.trustedNetworkHosts.map(normalizeHostScope)
+            : DEFAULT_POLICY.trustedNetworkHosts.map(normalizeHostScope),
         workspaceFence: typeof filePolicy.workspaceFence === 'boolean'
             ? filePolicy.workspaceFence
             : DEFAULT_POLICY.workspaceFence,
@@ -767,6 +776,10 @@ export class TrustedCoworkerApprovalRuntime {
         return (this.fullAutoNeverApprove.has(normalizedTool) ||
             this.fullAutoNeverApprove.has(normalizedAction));
     }
+    isTrustedNetworkHost(host) {
+        const normalized = normalizeHostScope(host);
+        return this.loadedPolicy.trustedNetworkHosts.includes(normalized);
+    }
     reloadPolicyIfNeeded(force = false) {
         let mtimeMs = -1;
         try {
@@ -1232,15 +1245,19 @@ export class TrustedCoworkerApprovalRuntime {
                 }
             })();
             const primaryHost = providerHosts[0] || 'web-search';
-            const unseen = providerHosts.filter((host) => !this.seenNetworkHosts.has(host));
+            const unseen = providerHosts.filter((host) => !this.isTrustedNetworkHost(host) && !this.seenNetworkHosts.has(host));
+            const allTrusted = providerHosts.length > 0 &&
+                providerHosts.every((host) => this.isTrustedNetworkHost(host));
             return {
-                tier: unseen.length > 0 ? 'red' : 'yellow',
+                tier: allTrusted ? 'green' : unseen.length > 0 ? 'red' : 'yellow',
                 actionKey: `network:${primaryHost}`,
                 intent: `search the web via ${provider || 'configured providers'}`,
                 consequenceIfDenied: 'I will avoid external search providers and continue with local context only.',
-                reason: unseen.length > 0
-                    ? 'this would contact a new external host'
-                    : 'this is an external network action',
+                reason: allTrusted
+                    ? 'this host is allowlisted in approval policy'
+                    : unseen.length > 0
+                        ? 'this would contact a new external host'
+                        : 'this is an external network action',
                 commandPreview: normalizePreview(JSON.stringify(args)),
                 pathHints: [],
                 hostHints: providerHosts,
@@ -1255,15 +1272,19 @@ export class TrustedCoworkerApprovalRuntime {
             const rawUrl = normalizeText(args.url);
             const hostScopes = extractHostScopes(extractHostsFromUrlLikeText(rawUrl));
             const primaryHost = hostScopes[0] || 'unknown-host';
-            const unseen = hostScopes.filter((host) => !this.seenNetworkHosts.has(host));
+            const unseen = hostScopes.filter((host) => !this.isTrustedNetworkHost(host) && !this.seenNetworkHosts.has(host));
+            const allTrusted = hostScopes.length > 0 &&
+                hostScopes.every((host) => this.isTrustedNetworkHost(host));
             return {
-                tier: unseen.length > 0 ? 'red' : 'yellow',
+                tier: allTrusted ? 'green' : unseen.length > 0 ? 'red' : 'yellow',
                 actionKey: `network:${primaryHost}`,
                 intent: `access ${primaryHost}`,
                 consequenceIfDenied: 'I will avoid contacting that host and use existing local context only.',
-                reason: unseen.length > 0
-                    ? 'this would contact a new external host'
-                    : 'this is an external network action',
+                reason: allTrusted
+                    ? 'this host is allowlisted in approval policy'
+                    : unseen.length > 0
+                        ? 'this would contact a new external host'
+                        : 'this is an external network action',
                 commandPreview: normalizePreview(rawUrl),
                 pathHints: [],
                 hostHints: hostScopes,