clawmacdo 0.32.0 → 0.33.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +32 -7
- package/package.json +4 -4
package/README.md
CHANGED
|
@@ -5,17 +5,28 @@
|
|
|
5
5
|
|
|
6
6
|
Rust CLI tool for deploying [OpenClaw](https://openclaw.ai) to **DigitalOcean**, **AWS Lightsail**, **Tencent Cloud**, **Microsoft Azure**, or **BytePlus Cloud** — with Claude Code, Codex, and Gemini CLI pre-installed.
|
|
7
7
|
|
|
8
|
-
## ✨ What's New in v0.
|
|
8
|
+
## ✨ What's New in v0.33.0
|
|
9
9
|
|
|
10
10
|
- **`update-model` subcommand** — change the AI model on a running OpenClaw instance without redeploying (updates API keys, provider config, model settings, and restarts the gateway)
|
|
11
|
+
- **`update-ip` subcommand** — refresh the IP address of a deployed instance from the cloud provider API (Lightsail, DigitalOcean, BytePlus) and update both JSON deploy record and SQLite
|
|
12
|
+
- **Refresh IP button** — new "Refresh IP" button in Deployments tab queries the cloud provider and updates the IP in-place
|
|
11
13
|
- **Snapshot/restore progress tracking** — snapshot and restore operations are now async with step-by-step progress via SSE; the frontend can display real-time progress bars using `GET /api/deploy/{operation_id}/events`
|
|
14
|
+
- **Deploy progress in Deployments tab** — running deployments show an animated progress bar with current step label, polling every 3 seconds
|
|
15
|
+
- **Funnel verification** — toggling funnel ON now polls the funnel status with a progress bar before showing the Open button
|
|
16
|
+
- **Docker fix: systemd user manager restart** — "Fix Agent Docker Access" now restarts the systemd user service manager so the gateway picks up the docker group
|
|
17
|
+
- **`KillMode=control-group`** — gateway service now kills the entire cgroup on restart, preventing orphaned child processes from holding the port
|
|
18
|
+
- **AWS credential passthrough** — web UI credentials are written to `~/.aws/credentials` so the AWS CLI uses them instead of stale local config
|
|
19
|
+
- **Lightsail destroy with credentials** — destroy modal now prompts for AWS Access Key ID and Secret Access Key
|
|
20
|
+
- **Lightsail snapshot listing** — credentials from the web UI are now passed through to the AWS CLI for snapshot listing
|
|
21
|
+
- **Agent Docker Access warning** — deploy form shows the common Docker socket permission error with a clear fix instruction
|
|
22
|
+
- **Dual license** — switched from MIT to GPLv3 (open source) + Commercial (proprietary) dual license model
|
|
23
|
+
|
|
24
|
+
### Previous highlights (v0.25.x – v0.26.x)
|
|
12
25
|
- **`do-snapshot` subcommand** — create a named DigitalOcean snapshot from an existing droplet by ID, with optional `--power-off` flag for clean shutdown/snapshot/power-on cycle
|
|
13
|
-
- **BytePlus EIP cost reduction** — switched from pay-by-bandwidth to pay-by-traffic billing, reduced default bandwidth from 10 Mbps to 5 Mbps
|
|
26
|
+
- **BytePlus EIP cost reduction** — switched from pay-by-bandwidth to pay-by-traffic billing, reduced default bandwidth from 10 Mbps to 5 Mbps
|
|
14
27
|
- **BytePlus spot instances** — new `--spot` flag on deploy enables `SpotAsPriceGo` strategy for up to ~80% compute cost savings
|
|
15
|
-
- **`bp-snapshot`
|
|
16
|
-
- **`
|
|
17
|
-
- **`ls-snapshot` subcommand** — create a snapshot of an AWS Lightsail instance
|
|
18
|
-
- **`ls-restore` subcommand** — restore a new Lightsail instance from a snapshot (direct, no intermediate image step)
|
|
28
|
+
- **`bp-snapshot` / `bp-restore`** — snapshot and restore for BytePlus ECS instances
|
|
29
|
+
- **`ls-snapshot` / `ls-restore`** — snapshot and restore for AWS Lightsail instances
|
|
19
30
|
- **BytePlus EIP orphan cleanup** — destroy command now finds and releases unbound EIPs left behind after instance termination
|
|
20
31
|
|
|
21
32
|
### Previous highlights (v0.21.x – v0.23.x)
|
|
@@ -62,6 +73,19 @@ Rust CLI tool for deploying [OpenClaw](https://openclaw.ai) to **DigitalOcean**,
|
|
|
62
73
|
- **5 cloud providers** — DigitalOcean, AWS Lightsail, Tencent Cloud, Microsoft Azure, BytePlus Cloud
|
|
63
74
|
- **npm distribution** — `npm install -g clawmacdo`
|
|
64
75
|
|
|
76
|
+
## Security Hardening
|
|
77
|
+
|
|
78
|
+
- Privileged remote provisioning commands now run through stdin-fed shells instead of nested quoted `sudo` / `su -c` wrappers.
|
|
79
|
+
- User-supplied hostnames are normalized and validated before any deploy flow uses them.
|
|
80
|
+
- The web UI now only accepts backup archives from `~/.clawmacdo/backups` and SSH keys from `~/.clawmacdo/keys`.
|
|
81
|
+
- Backup restore validates the local `.tar.gz` before upload and extracts remotely with `--no-same-owner` and `--no-same-permissions` into a dedicated restore directory.
|
|
82
|
+
- The gateway service now reads `~/.openclaw/gateway.env` instead of the broader `.env`, so setup-only secrets such as `ANTHROPIC_SETUP_TOKEN` are not inherited by the long-running service.
|
|
83
|
+
- Direct Docker-group access for `openclaw` has been removed. If sandbox mode is requested during deploy, the deploy now forces sandbox mode off until a safer non-root mediation path exists.
|
|
84
|
+
- Lightsail credentials are passed only to the child AWS CLI processes instead of mutating process-global environment variables or writing `~/.aws/credentials`.
|
|
85
|
+
- Tencent's optional security-group helper now takes SSH ingress from `CLAWMACDO_TENCENT_SSH_CIDR` and defaults to `127.0.0.1/32` instead of opening SSH to the world.
|
|
86
|
+
|
|
87
|
+
See [docs/HIGH_SECURITY_FIXES.md](docs/HIGH_SECURITY_FIXES.md) for the finding-by-finding code map, rationale, and functionality impact.
|
|
88
|
+
|
|
65
89
|
## 🏗️ Project Structure
|
|
66
90
|
|
|
67
91
|
```
|
|
@@ -727,6 +751,7 @@ For licensing inquiries, contact: bunnyppl@gmail.com
|
|
|
727
751
|
| [TanStack Progress Tracking](docs/tanstack-progress-tracking.md) | Frontend integration guide for TanStack (React Query) progress bars |
|
|
728
752
|
| [Security Scan](docs/SECURITY_SCAN.md) | Security scanning CLI and vulnerability assessment |
|
|
729
753
|
| [Security Flaw Evaluation](docs/EVAL_SECURITY_FLAW.md) | Security flaw evaluation report and findings |
|
|
754
|
+
| [High Security Fixes](docs/HIGH_SECURITY_FIXES.md) | Code-level remediation map for all HIGH findings |
|
|
730
755
|
| [Tencent Cloud Plan](docs/TENCENT_PLAN.md) | Tencent Cloud provider support plan |
|
|
731
756
|
| [Repository Guidelines](docs/AGENTS.md) | Contribution guidelines and repository conventions |
|
|
732
757
|
|
|
@@ -737,5 +762,5 @@ See [CHANGELOG.md](CHANGELOG.md) for version history and breaking changes.
|
|
|
737
762
|
---
|
|
738
763
|
|
|
739
764
|
**Last updated:** March 19, 2026
|
|
740
|
-
**Current version:** 0.
|
|
765
|
+
**Current version:** 0.33.0
|
|
741
766
|
**Architecture version:** 2.0 (modular workspace)
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "clawmacdo",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.33.0",
|
|
4
4
|
"description": "CLI tool for deploying OpenClaw to multiple cloud providers with pre-installed AI dev tools",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"openclaw",
|
|
@@ -30,8 +30,8 @@
|
|
|
30
30
|
"node": ">=16"
|
|
31
31
|
},
|
|
32
32
|
"optionalDependencies": {
|
|
33
|
-
"@clawmacdo/darwin-arm64": "0.
|
|
34
|
-
"@clawmacdo/linux-x64": "0.
|
|
35
|
-
"@clawmacdo/win32-x64": "0.
|
|
33
|
+
"@clawmacdo/darwin-arm64": "0.33.0",
|
|
34
|
+
"@clawmacdo/linux-x64": "0.33.0",
|
|
35
|
+
"@clawmacdo/win32-x64": "0.33.0"
|
|
36
36
|
}
|
|
37
37
|
}
|