npm - clawmacdo - Versions diffs - 0.32.0 → 0.34.0 - Mend

clawmacdo 0.32.0 → 0.34.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +35 -7
package/package.json +4 -4

package/README.md CHANGED Viewed

@@ -5,17 +5,31 @@
 Rust CLI tool for deploying [OpenClaw](https://openclaw.ai) to **DigitalOcean**, **AWS Lightsail**, **Tencent Cloud**, **Microsoft Azure**, or **BytePlus Cloud** — with Claude Code, Codex, and Gemini CLI pre-installed.
-## ✨ What's New in v0.32.0
+## ✨ What's New in v0.34.0
 - **`update-model` subcommand** — change the AI model on a running OpenClaw instance without redeploying (updates API keys, provider config, model settings, and restarts the gateway)
+- **`update-ip` subcommand** — refresh the IP address of a deployed instance from the cloud provider API (Lightsail, DigitalOcean, BytePlus) and update both JSON deploy record and SQLite
+- **Refresh IP button** — new "Refresh IP" button in Deployments tab queries the cloud provider and updates the IP in-place
+- **Deployments action dropdown** — deployment row actions now open in a stacked menu so controls stay readable instead of overlapping in narrow tables
+- **Deployments table fit** — deployments table now uses a tighter fixed layout with wrapped cell content to avoid left-right scrolling in the tab
+- **Funnel actions in dropdown** — the Deployments tab now handles the two-step funnel flow from the Actions menu: first toggle funnel on/off, then open the funnel URL once it becomes available
 - **Snapshot/restore progress tracking** — snapshot and restore operations are now async with step-by-step progress via SSE; the frontend can display real-time progress bars using `GET /api/deploy/{operation_id}/events`
+- **Deploy progress in Deployments tab** — running deployments show an animated progress bar with current step label, polling every 3 seconds
+- **Funnel verification** — toggling funnel ON now polls the funnel status with a progress bar before showing the Open button
+- **Docker fix: systemd user manager restart** — "Fix Agent Docker Access" now restarts the systemd user service manager so the gateway picks up the docker group
+- **`KillMode=control-group`** — gateway service now kills the entire cgroup on restart, preventing orphaned child processes from holding the port
+- **AWS credential passthrough** — web UI credentials are written to `~/.aws/credentials` so the AWS CLI uses them instead of stale local config
+- **Lightsail destroy with credentials** — destroy modal now prompts for AWS Access Key ID and Secret Access Key
+- **Lightsail snapshot listing** — credentials from the web UI are now passed through to the AWS CLI for snapshot listing
+- **Agent Docker Access warning** — deploy form shows the common Docker socket permission error with a clear fix instruction
+- **Dual license** — switched from MIT to GPLv3 (open source) + Commercial (proprietary) dual license model
+### Previous highlights (v0.25.x – v0.26.x)
 - **`do-snapshot` subcommand** — create a named DigitalOcean snapshot from an existing droplet by ID, with optional `--power-off` flag for clean shutdown/snapshot/power-on cycle
-- **BytePlus EIP cost reduction** — switched from pay-by-bandwidth to pay-by-traffic billing, reduced default bandwidth from 10 Mbps to 5 Mbps, and EIP is now created inline with the instance (`ReleaseWithInstance: true`) so it auto-releases on destroy
+- **BytePlus EIP cost reduction** — switched from pay-by-bandwidth to pay-by-traffic billing, reduced default bandwidth from 10 Mbps to 5 Mbps
 - **BytePlus spot instances** — new `--spot` flag on deploy enables `SpotAsPriceGo` strategy for up to ~80% compute cost savings
-- **`bp-snapshot` subcommand** — create a named snapshot of a BytePlus ECS instance's system disk
-- **`bp-restore` subcommand** — restore a new BytePlus ECS instance from a snapshot (creates custom image, then launches instance)
-- **`ls-snapshot` subcommand** — create a snapshot of an AWS Lightsail instance
-- **`ls-restore` subcommand** — restore a new Lightsail instance from a snapshot (direct, no intermediate image step)
+- **`bp-snapshot` / `bp-restore`** — snapshot and restore for BytePlus ECS instances
+- **`ls-snapshot` / `ls-restore`** — snapshot and restore for AWS Lightsail instances
 - **BytePlus EIP orphan cleanup** — destroy command now finds and releases unbound EIPs left behind after instance termination
 ### Previous highlights (v0.21.x – v0.23.x)
@@ -62,6 +76,19 @@ Rust CLI tool for deploying [OpenClaw](https://openclaw.ai) to **DigitalOcean**,
 - **5 cloud providers** — DigitalOcean, AWS Lightsail, Tencent Cloud, Microsoft Azure, BytePlus Cloud
 - **npm distribution** — `npm install -g clawmacdo`
+## Security Hardening
+- Privileged remote provisioning commands now run through stdin-fed shells instead of nested quoted `sudo` / `su -c` wrappers.
+- User-supplied hostnames are normalized and validated before any deploy flow uses them.
+- The web UI now only accepts backup archives from `~/.clawmacdo/backups` and SSH keys from `~/.clawmacdo/keys`.
+- Backup restore validates the local `.tar.gz` before upload and extracts remotely with `--no-same-owner` and `--no-same-permissions` into a dedicated restore directory.
+- The gateway service now reads `~/.openclaw/gateway.env` instead of the broader `.env`, so setup-only secrets such as `ANTHROPIC_SETUP_TOKEN` are not inherited by the long-running service.
+- Direct Docker-group access for `openclaw` has been removed. If sandbox mode is requested during deploy, the deploy now forces sandbox mode off until a safer non-root mediation path exists.
+- Lightsail credentials are passed only to the child AWS CLI processes instead of mutating process-global environment variables or writing `~/.aws/credentials`.
+- Tencent's optional security-group helper now takes SSH ingress from `CLAWMACDO_TENCENT_SSH_CIDR` and defaults to `127.0.0.1/32` instead of opening SSH to the world.
+See [docs/HIGH_SECURITY_FIXES.md](docs/HIGH_SECURITY_FIXES.md) for the finding-by-finding code map, rationale, and functionality impact.
 ## 🏗️ Project Structure
 ```
@@ -727,6 +754,7 @@ For licensing inquiries, contact: bunnyppl@gmail.com
 | [TanStack Progress Tracking](docs/tanstack-progress-tracking.md) | Frontend integration guide for TanStack (React Query) progress bars |
 | [Security Scan](docs/SECURITY_SCAN.md) | Security scanning CLI and vulnerability assessment |
 | [Security Flaw Evaluation](docs/EVAL_SECURITY_FLAW.md) | Security flaw evaluation report and findings |
+| [High Security Fixes](docs/HIGH_SECURITY_FIXES.md) | Code-level remediation map for all HIGH findings |
 | [Tencent Cloud Plan](docs/TENCENT_PLAN.md) | Tencent Cloud provider support plan |
 | [Repository Guidelines](docs/AGENTS.md) | Contribution guidelines and repository conventions |
@@ -737,5 +765,5 @@ See [CHANGELOG.md](CHANGELOG.md) for version history and breaking changes.
 ---
 **Last updated:** March 19, 2026
-**Current version:** 0.32.0
+**Current version:** 0.34.0
 **Architecture version:** 2.0 (modular workspace)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "clawmacdo",
-  "version": "0.32.0",
+  "version": "0.34.0",
   "description": "CLI tool for deploying OpenClaw to multiple cloud providers with pre-installed AI dev tools",
   "keywords": [
     "openclaw",
@@ -30,8 +30,8 @@
     "node": ">=16"
   },
   "optionalDependencies": {
-    "@clawmacdo/darwin-arm64": "0.32.0",
-    "@clawmacdo/linux-x64": "0.32.0",
-    "@clawmacdo/win32-x64": "0.32.0"
+    "@clawmacdo/darwin-arm64": "0.34.0",
+    "@clawmacdo/linux-x64": "0.34.0",
+    "@clawmacdo/win32-x64": "0.34.0"
   }
 }