14 KiB
14 KiB
Changelog
All notable changes to the OpenClaw Assistant Home Assistant Add-on will be documented in this file.
[0.5.61] - 2026-03-10
Fixed
- Gateway restart loop (issue #95):
openclaw gateway runspawnsopenclaw-gatewayas the actual long-running daemon; the launcher wrapper exits immediately. The old self-restart detection usedpgrep -f "openclaw.*(gateway|node).*run"which never matched the live daemon name, so the supervisor always fell through to the restart path, found the port occupied, and looped forever with "already listening". Fixed by using the patternopenclaw.*(gateway|node)(without.*run) which correctly matchesopenclaw-gateway. Additionally, the loopback relay (tailnet mode) is now stopped before restarting the gateway and restarted after, preventing it from holding the port during supervisor-initiated restarts.
[0.5.60] - 2026-03-10
Fixed
- Session lock cleanup ignored non-default agents:
cleanup_session_lockswas hardcoded toagents/main/sessions, skipping stale locks for any agent with a customforcedAgentId. Stale locks could block the gateway from opening sessions for those agents, causing silent fallback tomain. Cleanup now scans allagents/*/sessions/directories.
[0.5.59] - 2026-03-10
- Remote mode URL not propagated (issue #93):
start_openclaw_runtimewas readinggateway.remote.urlback viaopenclaw config get, which can time out (2 s limit at startup) or return an empty/redacted result. The function now uses$GATEWAY_REMOTE_URLdirectly from the already-parsed add-on options, which is the same value the config helper writes toopenclaw.json. - Terminal CLI unreachable in tailnet mode (issue #90): when
gateway_bind_mode=tailnet(oraccess_mode=tailnet_https), the gateway binds only to the Tailscale IP. The local CLI always connects viaws://127.0.0.1:PORT, causing "Gateway not running" inside the add-on terminal. A lightweight loopback relay (Node.js) is now started automatically to forward127.0.0.1:PORT → TAILSCALE_IP:PORT, making all terminal CLI commands work normally. Token auth is still enforced end-to-end by the gateway. - Session lock cleanup ignored non-default agents:
cleanup_session_lockswas hardcoded toagents/main/sessions, skipping stale locks for any agent with a customforcedAgentId. Stale locks could block the gateway from opening sessions for those agents, causing silent fallback tomain. Cleanup now scans allagents/*/sessions/directories.
Added
- MCP auto-configuration for Home Assistant: new option
auto_configure_mcp(default:false). When enabled andhomeassistant_tokenis set, the add-on automatically registers Home Assistant as an MCP server (mcporter config add HA ...) on startup. Auto-detects the HA API URL (supervisor proxy or localhost:8123). Re-configures only when the token changes. - Landing page: new collapsible MCP setup section with automatic and manual setup instructions, post-upgrade refresh command, and model tips.
- DOCS: new MCP Integration guide covering automatic/manual setup, verification, model requirements, and troubleshooting.
Changed
- Bump OpenClaw to 2026.3.9.
[0.5.58] - 2026-03-08
Changed
- Bump OpenClaw to 2026.3.7.
[0.5.57] - 2026-03-07
Added
- New add-on option
controlui_disable_device_auth(default:true) to control whethergateway.controlUi.dangerouslyDisableDeviceAuthis enabled inlan_httpsmode.
Changed
set-control-ui-originshelper now accepts an explicit device-auth toggle and appliesdangerouslyDisableDeviceAuthaccordingly instead of forcing it on.run.shnow forwards the add-on option to the config helper.- Control UI guidance text and docs were updated to explain when device-pairing bypass should be ON vs OFF.
Fixed
- Docker build stability: replaced NodeSource
setup_22.x | bashinstaller with explicit keyring + apt source configuration for Node.js 22, avoiding intermittentapt-get install nodejsexit code 100 failures.
Translations
- Added
controlui_disable_device_authlabels/descriptions to:en,bg,de,es,pl,pt-BR.
[0.5.55] - 2026-03-04
Changed
- Bump OpenClaw to 2026.3.2.
[0.5.54] - 2026-02-25
Changed
- Added startup guidance when
gateway_auth_mode=trusted-proxyis enabled to clarify why direct local CLI gateway calls can showtrusted_proxy_user_missing/unauthorized. - Bump OpenClaw to 2026.2.24.
Added
- New add-on option
gateway_additional_allowed_originsfor extra Control UI origins inlan_httpsmode. - Custom SANs in TLS certificate (
lan_httpsmode): hostnames and IPs fromgateway_additional_allowed_originsandgateway_public_urlare now included in the server certificate's Subject Alternative Name. The certificate auto-regenerates when SANs change.
Fixed
- Gateway token on landing page: read token directly from
openclaw.jsoninstead of viaopenclaw config getwhich redacts secrets since OpenClaw v2026.2.22+ (fixes "Open Gateway Web UI" button sendingopenclaw_redactedas the token). - Token retrieval instructions: all "get your token" references in the landing page and DOCS now use
jq -r '.gateway.auth.token' /config/.openclaw/openclaw.jsonwith a note explaining why the oldopenclaw config getcommand no longer works. lan_httpsstartup no longer overwritesgateway.controlUi.allowedOriginswith defaults only.- Control UI origins are now merged as: built-in defaults + existing config values +
gateway_additional_allowed_origins(deduplicated). - In
lan_reverse_proxyand other non-lan_httpssetups, Control UI origins now also include the origin derived fromgateway_public_url. gateway.controlUi.allowedOriginsconfiguration is now consistently applied via merge logic (defaults + existing values + user extras), reducing manualopenclaw.jsonedits after upgrades.- Add-on no longer exits/restarts when OpenClaw runtime process is restarted during onboarding or config changes.
run.shnow supervises the OpenClaw runtime (openclaw gateway run/openclaw node run) and auto-restarts it while keeping nginx + terminal alive.
[0.5.53] - 2026-02-24
- Bump OpenClaw to 2026.2.23.
[0.5.52] - 2026-02-23
Added
- New add-on option
gateway_env_varsthat accepts a list of{name, value}objects from Home Assistant UI and safely injects values into the gateway process at startup (max 50 vars, key <=255 chars, value <=10000 chars). - Guard
gateway_env_varsfrom overriding reserved runtime/proxy/OPENCLAW_*keys. - Keep legacy string/object input formats for backward compatibility.
[0.5.51] - 2026-02-23
Fixed
web_fetch failed: fetch failed: changedforce_ipv4_dnsdefault to true. Node 22 tries IPv6 first; most HAOS VMs lack IPv6 egress, causing outboundweb_fetch/ HTTP tool calls to time out.
Added
nginx_log_leveloption (minimal/full, defaultminimal): suppresses repetitive Home Assistant health-check and polling requests (GET /,GET /v1/models,POST /tools/invoke) from the nginx access log.
[0.5.50] - 2026-02-23
[!WARNING!] This update contains lots of changes. It is adviced to backup before installing!
Changed
- Upgraded OpenClaw to v2026.2.22-2 — includes major gateway/auth/pairing fixes and security hardening.
- Precreate
$OPENCLAW_CONFIG_DIR/identityon startup to preventEACCESerrors on CLI commands that need device identity. - Gateway token is auto-constructed from detected LAN IP when
lan_httpsis active andgateway_public_urlis empty. - Config helper now receives the effective internal port (gateway_port + 1 in lan_https mode).
Notes — v2026.2.22 impact on this add-on
- Pairing fixes (loopback): v2026.2.22 auto-approves loopback scope-upgrade pairing requests, includes
operator.read/operator.writein default scope bundles, and treatsoperator.adminas satisfying other scopes. This greatly improveslocal_onlymode reliability. dangerouslyDisableDeviceAuthsecurity warning: v2026.2.22 now emits a startup warning when this flag is active. The warning is expected and harmless forlan_httpsmode — the flag is still required because LAN browser connections through the HTTPS proxy are not considered loopback by the gateway. Token auth remains enforced.- Gateway lock improvements: stale-lock detection now uses port reachability, reducing false "already running" errors after unclean restarts.
- Log file size cap: new
logging.maxFileBytesdefault (500 MB) prevents disk exhaustion from log storms. wss://default for remote onboarding: validates our HTTPS proxy approach as the correct direction.
Added
- Disk-space monitoring on the landing page — shows total / used / available with colour-coded indicator (🟢 / 🟡 / 🔴).
- Low-disk warning banner appears automatically when usage exceeds 90 %.
oc-cleanupterminal command — interactive helper that shows cache sizes (npm, pnpm, OpenClaw, Homebrew, pycache, tmp) and lets users reclaim space with a menu-driven cleanup.- Startup disk-space check with log warnings when the overlay is above 75 % or 90 %.
access_modepreset option — simplifies secure access configuration with one setting:custom(default, backward-compatible): use individual gateway settingslocal_only: loopback + token (Ingress/terminal only)lan_https: built-in HTTPS reverse proxy for LAN access (recommended for phones/tablets)lan_reverse_proxy: LAN bind + trusted-proxy for external reverse proxy (NPM, Caddy, Traefik)tailnet_https: Tailscale interface bind + token auth
- Built-in TLS certificate generation (
lan_httpsmode):- Auto-generates a local CA + server certificate on first startup
- Server cert is regenerated automatically when LAN IP changes
- CA certificate downloadable from the landing page for one-tap phone trust
- nginx HTTPS server block terminates TLS and proxies to the loopback gateway
- Overhauled landing page with:
- Real-time status cards (gateway health, secure context, access mode)
- Access wizard with step-by-step guidance per mode
- Error translation — maps raw errors like
1008: requires device identityto friendly messages with fixes - CA certificate download button (lan_https mode)
- Migration banner for users on
custommode recommending a preset - Collapsible reverse-proxy recipes (NPM / Caddy / Traefik / Tailscale)
- Added
opensslto Docker image for TLS certificate generation. - Translations for
access_modein all 6 languages (EN, BG, DE, ES, PL, PT-BR).
Fixed
lan_https— error 1008 "pairing required": auto-setgateway.controlUi.dangerouslyDisableDeviceAuth: trueto skip interactive device pairing (token auth remains enforced). Replaces the invalidpairingModekey that causedUnrecognized keyconfig errors.- Config helper now removes stale/invalid keys (e.g.
pairingMode) fromcontrolUion startup. - Landing page error translation now covers "pairing required" and "origin not allowed" errors with correct fix guidance.
- Dropdown translations for
access_mode,gateway_mode,gateway_bind_mode, andgateway_auth_modenow show human-readable labels in all 6 languages. lan_https— error 1008 "origin not allowed": auto-configuregateway.controlUi.allowedOriginswith the HTTPS proxy origins (LAN IP,homeassistant.local,homeassistant) so the Control UI WebSocket is accepted.
[0.5.49] - 2026-02-22
Added
- New add-on option
http_proxyfor configuring outbound HTTP/HTTPS proxy from Home Assistant settings.
Changed
- Export
HTTP_PROXY,HTTPS_PROXY,http_proxy, andhttps_proxyfrom add-on config at startup. - Add translations for the new
http_proxyoption. - Document proxy configuration in README and DOCS.
[0.5.48] - 2026-02-22
Changed
- Bump OpenClaw to 2026.2.21-2.
- Add Home Assistant
shareandmediamounts to the add-on (map: share:rw, media:rw). - Keep official OpenClaw npm release and add startup proxy shim for
HTTP_PROXY/HTTPS_PROXYsupport in undici fetch.
[0.5.47] - 2026-02-21
Added
- Add new
gateway_bind_modevalues:autoandtailnet.
Changed
- Update startup helper validation and CLI usage to support
auto|loopback|lan|tailnetbind modes. - Update add-on translations and docs for the expanded gateway bind mode options.
[0.5.46] - 2026-02-18
Added
- New add-on option
force_ipv4_dnsto enable IPv4-first DNS ordering for Node network calls (NODE_OPTIONS=--dns-result-order=ipv4first), helping Telegram connectivity on IPv6-broken networks.
Changed
- Added translations for
force_ipv4_dnsoption. - Updated docs with
force_ipv4_dnsconfiguration and Telegram network troubleshooting note. - Bump OpenClaw to 2026.2.17
[0.5.45] - 2026-02-16
Changed
- Bump OpenClaw to 2026.2.15
[0.5.44] - 2026-02-14
Changed
- Bump OpenClaw to 2026.2.13
[0.5.43] - 2026-02-13
Changed
- Bump OpenClaw to 2026.2.12
Added
- Portuguese (Brazil) translation (
pt-BR.yaml) by medeirosiago
[0.5.42] - 2026-02-12
Changed
- Change nginx ingress port from 8099 to 48099 to avoid conflicts with NextCloud and other services
- Persist Homebrew and brew-installed packages across container rebuilds (symlink to
/config/.linuxbrew/)
Added
- SECURITY.md with risk documentation and disclaimer
Improved
- Comprehensive DOCS.md overhaul (architecture, use cases, persistence, troubleshooting, FAQ)
- README.md rewritten as concise landing page with quick start guide
- New branding assets (icon.png, logo.png)
- Added Discord server link to README
[0.5.41] - 2026-02-11
Changed
- Update Dockerfile, config.yaml, and run.sh for enhancements
- Update icon and logo images for improved quality
[0.5.40] - 2026-02-11
Added
- Additional tools in Dockerfile
Changed
- Improved nginx process management in run.sh
[0.5.39] - 2026-02-10
Fixed
- Fix OpenClaw installation command in Dockerfile
[0.5.38] - 2026-02-10
Changed
- Bump OpenClaw to 2026.2.9
[0.5.37] - 2026-02-09
Added
- OpenAI API integration for Home Assistant Assist pipeline
- Updated translations
[0.5.36] - 2026-02-08
Changed
- Documentation updates
[0.5.35] - 2026-02-08
Changed
- Update Dockerfile for Homebrew installation improvements
[0.5.34] - 2026-02-08
Added
- Install pnpm globally
Changed
- Upgrade OpenClaw version to 2026.2.6-3
[0.5.33] - 2026-02-06
Changed
- Enhanced README with images and updated setup instructions
For the full commit history, see GitHub commits.