22c7d8ff4f
- Introduced a new script `render_nginx.py` to generate nginx configuration and landing page HTML from templates based on environment variables. - Updated `run.sh` to handle new access modes and configure HTTPS proxy settings for the gateway. - Implemented TLS certificate generation for the built-in HTTPS proxy in `lan_https` mode. - Enhanced disk usage reporting in the landing page. - Updated translations for various languages to include new configuration options for access modes and authentication modes.
7.6 KiB
7.6 KiB
Changelog
All notable changes to the OpenClaw Assistant Home Assistant Add-on will be documented in this file.
[0.5.50] - 2026-02-23
[!WARNING!] This update contains lots of changes. It is adviced to backup before installing!
Changed
- Upgraded OpenClaw to v2026.2.22-2 — includes major gateway/auth/pairing fixes and security hardening.
- Precreate
$OPENCLAW_CONFIG_DIR/identityon startup to preventEACCESerrors on CLI commands that need device identity. - Gateway token is auto-constructed from detected LAN IP when
lan_httpsis active andgateway_public_urlis empty. - Config helper now receives the effective internal port (gateway_port + 1 in lan_https mode).
Notes — v2026.2.22 impact on this add-on
- Pairing fixes (loopback): v2026.2.22 auto-approves loopback scope-upgrade pairing requests, includes
operator.read/operator.writein default scope bundles, and treatsoperator.adminas satisfying other scopes. This greatly improveslocal_onlymode reliability. dangerouslyDisableDeviceAuthsecurity warning: v2026.2.22 now emits a startup warning when this flag is active. The warning is expected and harmless forlan_httpsmode — the flag is still required because LAN browser connections through the HTTPS proxy are not considered loopback by the gateway. Token auth remains enforced.- Gateway lock improvements: stale-lock detection now uses port reachability, reducing false "already running" errors after unclean restarts.
- Log file size cap: new
logging.maxFileBytesdefault (500 MB) prevents disk exhaustion from log storms. wss://default for remote onboarding: validates our HTTPS proxy approach as the correct direction.
Added
- Disk-space monitoring on the landing page — shows total / used / available with colour-coded indicator (🟢 / 🟡 / 🔴).
- Low-disk warning banner appears automatically when usage exceeds 90 %.
oc-cleanupterminal command — interactive helper that shows cache sizes (npm, pnpm, OpenClaw, Homebrew, pycache, tmp) and lets users reclaim space with a menu-driven cleanup.- Startup disk-space check with log warnings when the overlay is above 75 % or 90 %.
access_modepreset option — simplifies secure access configuration with one setting:custom(default, backward-compatible): use individual gateway settingslocal_only: loopback + token (Ingress/terminal only)lan_https: built-in HTTPS reverse proxy for LAN access (recommended for phones/tablets)lan_reverse_proxy: LAN bind + trusted-proxy for external reverse proxy (NPM, Caddy, Traefik)tailnet_https: Tailscale interface bind + token auth
- Built-in TLS certificate generation (
lan_httpsmode):- Auto-generates a local CA + server certificate on first startup
- Server cert is regenerated automatically when LAN IP changes
- CA certificate downloadable from the landing page for one-tap phone trust
- nginx HTTPS server block terminates TLS and proxies to the loopback gateway
- Overhauled landing page with:
- Real-time status cards (gateway health, secure context, access mode)
- Access wizard with step-by-step guidance per mode
- Error translation — maps raw errors like
1008: requires device identityto friendly messages with fixes - CA certificate download button (lan_https mode)
- Migration banner for users on
custommode recommending a preset - Collapsible reverse-proxy recipes (NPM / Caddy / Traefik / Tailscale)
- Added
opensslto Docker image for TLS certificate generation. - Translations for
access_modein all 6 languages (EN, BG, DE, ES, PL, PT-BR).
Fixed
lan_https— error 1008 "pairing required": auto-setgateway.controlUi.dangerouslyDisableDeviceAuth: trueto skip interactive device pairing (token auth remains enforced). Replaces the invalidpairingModekey that causedUnrecognized keyconfig errors.- Config helper now removes stale/invalid keys (e.g.
pairingMode) fromcontrolUion startup. - Landing page error translation now covers "pairing required" and "origin not allowed" errors with correct fix guidance.
- Dropdown translations for
access_mode,gateway_mode,gateway_bind_mode, andgateway_auth_modenow show human-readable labels in all 6 languages. lan_https— error 1008 "origin not allowed": auto-configuregateway.controlUi.allowedOriginswith the HTTPS proxy origins (LAN IP,homeassistant.local,homeassistant) so the Control UI WebSocket is accepted.
[0.5.49] - 2026-02-22
Added
- New add-on option
http_proxyfor configuring outbound HTTP/HTTPS proxy from Home Assistant settings.
Changed
- Export
HTTP_PROXY,HTTPS_PROXY,http_proxy, andhttps_proxyfrom add-on config at startup. - Add translations for the new
http_proxyoption. - Document proxy configuration in README and DOCS.
[0.5.48] - 2026-02-22
Changed
- Bump OpenClaw to 2026.2.21-2.
- Add Home Assistant
shareandmediamounts to the add-on (map: share:rw, media:rw). - Keep official OpenClaw npm release and add startup proxy shim for
HTTP_PROXY/HTTPS_PROXYsupport in undici fetch.
[0.5.47] - 2026-02-21
Added
- Add new
gateway_bind_modevalues:autoandtailnet.
Changed
- Update startup helper validation and CLI usage to support
auto|loopback|lan|tailnetbind modes. - Update add-on translations and docs for the expanded gateway bind mode options.
[0.5.46] - 2026-02-18
Added
- New add-on option
force_ipv4_dnsto enable IPv4-first DNS ordering for Node network calls (NODE_OPTIONS=--dns-result-order=ipv4first), helping Telegram connectivity on IPv6-broken networks.
Changed
- Added translations for
force_ipv4_dnsoption. - Updated docs with
force_ipv4_dnsconfiguration and Telegram network troubleshooting note. - Bump OpenClaw to 2026.2.17
[0.5.45] - 2026-02-16
Changed
- Bump OpenClaw to 2026.2.15
[0.5.44] - 2026-02-14
Changed
- Bump OpenClaw to 2026.2.13
[0.5.43] - 2026-02-13
Changed
- Bump OpenClaw to 2026.2.12
Added
- Portuguese (Brazil) translation (
pt-BR.yaml) by medeirosiago
[0.5.42] - 2026-02-12
Changed
- Change nginx ingress port from 8099 to 48099 to avoid conflicts with NextCloud and other services
- Persist Homebrew and brew-installed packages across container rebuilds (symlink to
/config/.linuxbrew/)
Added
- SECURITY.md with risk documentation and disclaimer
Improved
- Comprehensive DOCS.md overhaul (architecture, use cases, persistence, troubleshooting, FAQ)
- README.md rewritten as concise landing page with quick start guide
- New branding assets (icon.png, logo.png)
- Added Discord server link to README
[0.5.41] - 2026-02-11
Changed
- Update Dockerfile, config.yaml, and run.sh for enhancements
- Update icon and logo images for improved quality
[0.5.40] - 2026-02-11
Added
- Additional tools in Dockerfile
Changed
- Improved nginx process management in run.sh
[0.5.39] - 2026-02-10
Fixed
- Fix OpenClaw installation command in Dockerfile
[0.5.38] - 2026-02-10
Changed
- Bump OpenClaw to 2026.2.9
[0.5.37] - 2026-02-09
Added
- OpenAI API integration for Home Assistant Assist pipeline
- Updated translations
[0.5.36] - 2026-02-08
Changed
- Documentation updates
[0.5.35] - 2026-02-08
Changed
- Update Dockerfile for Homebrew installation improvements
[0.5.34] - 2026-02-08
Added
- Install pnpm globally
Changed
- Upgrade OpenClaw version to 2026.2.6-3
[0.5.33] - 2026-02-06
Changed
- Enhanced README with images and updated setup instructions
For the full commit history, see GitHub commits.