c16b938674
- Set default `force_ipv4_dns` to true to prevent web_fetch timeouts in HAOS VMs. - Introduced `nginx_log_level` option to control access log verbosity. - Updated translations for new configuration options.
189 lines
8.1 KiB
Markdown
189 lines
8.1 KiB
Markdown
# Changelog
|
|
|
|
All notable changes to the OpenClaw Assistant Home Assistant Add-on will be documented in this file.
|
|
|
|
## [0.5.51] - 2026-02-23
|
|
|
|
### Fixed
|
|
- **`web_fetch failed: fetch failed`**: changed `force_ipv4_dns` default to **true**. Node 22 tries IPv6 first; most HAOS VMs lack IPv6 egress, causing outbound `web_fetch` / HTTP tool calls to time out.
|
|
|
|
### Added
|
|
- **`nginx_log_level` option** (`minimal` / `full`, default `minimal`): suppresses repetitive Home Assistant health-check and polling requests (`GET /`, `GET /v1/models`, `POST /tools/invoke`) from the nginx access log.
|
|
|
|
## [0.5.50] - 2026-02-23
|
|
|
|
**[!WARNING!]**
|
|
This update contains lots of changes. It is adviced to backup before installing!
|
|
|
|
### Changed
|
|
- **Upgraded OpenClaw to v2026.2.22-2** — includes major gateway/auth/pairing fixes and security hardening.
|
|
- Precreate `$OPENCLAW_CONFIG_DIR/identity` on startup to prevent `EACCES` errors on CLI commands that need device identity.
|
|
- Gateway token is auto-constructed from detected LAN IP when `lan_https` is active and `gateway_public_url` is empty.
|
|
- Config helper now receives the effective internal port (gateway_port + 1 in lan_https mode).
|
|
|
|
### Notes — v2026.2.22 impact on this add-on
|
|
- **Pairing fixes (loopback)**: v2026.2.22 auto-approves loopback scope-upgrade pairing requests, includes `operator.read`/`operator.write` in default scope bundles, and treats `operator.admin` as satisfying other scopes. This greatly improves `local_only` mode reliability.
|
|
- **`dangerouslyDisableDeviceAuth` security warning**: v2026.2.22 now emits a startup warning when this flag is active. The warning is **expected and harmless** for `lan_https` mode — the flag is still required because LAN browser connections through the HTTPS proxy are not considered loopback by the gateway. Token auth remains enforced.
|
|
- **Gateway lock improvements**: stale-lock detection now uses port reachability, reducing false "already running" errors after unclean restarts.
|
|
- **Log file size cap**: new `logging.maxFileBytes` default (500 MB) prevents disk exhaustion from log storms.
|
|
- **`wss://` default for remote onboarding**: validates our HTTPS proxy approach as the correct direction.
|
|
|
|
### Added
|
|
- **Disk-space monitoring on the landing page** — shows total / used / available with colour-coded indicator (🟢 / 🟡 / 🔴).
|
|
- **Low-disk warning banner** appears automatically when usage exceeds 90 %.
|
|
- **`oc-cleanup` terminal command** — interactive helper that shows cache sizes (npm, pnpm, OpenClaw, Homebrew, pycache, tmp) and lets users reclaim space with a menu-driven cleanup.
|
|
- Startup disk-space check with log warnings when the overlay is above 75 % or 90 %.
|
|
- **`access_mode` preset option** — simplifies secure access configuration with one setting:
|
|
- `custom` (default, backward-compatible): use individual gateway settings
|
|
- `local_only`: loopback + token (Ingress/terminal only)
|
|
- `lan_https`: **built-in HTTPS reverse proxy for LAN access** (recommended for phones/tablets)
|
|
- `lan_reverse_proxy`: LAN bind + trusted-proxy for external reverse proxy (NPM, Caddy, Traefik)
|
|
- `tailnet_https`: Tailscale interface bind + token auth
|
|
- **Built-in TLS certificate generation** (`lan_https` mode):
|
|
- Auto-generates a local CA + server certificate on first startup
|
|
- Server cert is regenerated automatically when LAN IP changes
|
|
- CA certificate downloadable from the landing page for one-tap phone trust
|
|
- nginx HTTPS server block terminates TLS and proxies to the loopback gateway
|
|
- **Overhauled landing page** with:
|
|
- Real-time status cards (gateway health, secure context, access mode)
|
|
- Access wizard with step-by-step guidance per mode
|
|
- Error translation — maps raw errors like `1008: requires device identity` to friendly messages with fixes
|
|
- CA certificate download button (lan_https mode)
|
|
- Migration banner for users on `custom` mode recommending a preset
|
|
- Collapsible reverse-proxy recipes (NPM / Caddy / Traefik / Tailscale)
|
|
- Added `openssl` to Docker image for TLS certificate generation.
|
|
- Translations for `access_mode` in all 6 languages (EN, BG, DE, ES, PL, PT-BR).
|
|
|
|
### Fixed
|
|
- **`lan_https` — error 1008 "pairing required"**: auto-set `gateway.controlUi.dangerouslyDisableDeviceAuth: true` to skip interactive device pairing (token auth remains enforced). Replaces the invalid `pairingMode` key that caused `Unrecognized key` config errors.
|
|
- Config helper now removes stale/invalid keys (e.g. `pairingMode`) from `controlUi` on startup.
|
|
- Landing page error translation now covers "pairing required" and "origin not allowed" errors with correct fix guidance.
|
|
- Dropdown translations for `access_mode`, `gateway_mode`, `gateway_bind_mode`, and `gateway_auth_mode` now show human-readable labels in all 6 languages.
|
|
- **`lan_https` — error 1008 "origin not allowed"**: auto-configure `gateway.controlUi.allowedOrigins` with the HTTPS proxy origins (LAN IP, `homeassistant.local`, `homeassistant`) so the Control UI WebSocket is accepted.
|
|
|
|
## [0.5.49] - 2026-02-22
|
|
|
|
### Added
|
|
- New add-on option `http_proxy` for configuring outbound HTTP/HTTPS proxy from Home Assistant settings.
|
|
|
|
### Changed
|
|
- Export `HTTP_PROXY`, `HTTPS_PROXY`, `http_proxy`, and `https_proxy` from add-on config at startup.
|
|
- Add translations for the new `http_proxy` option.
|
|
- Document proxy configuration in README and DOCS.
|
|
|
|
## [0.5.48] - 2026-02-22
|
|
|
|
### Changed
|
|
- Bump OpenClaw to 2026.2.21-2.
|
|
- Add Home Assistant `share` and `media` mounts to the add-on (`map: share:rw, media:rw`).
|
|
- Keep official OpenClaw npm release and add startup proxy shim for `HTTP_PROXY/HTTPS_PROXY` support in undici fetch.
|
|
|
|
## [0.5.47] - 2026-02-21
|
|
|
|
### Added
|
|
- Add new `gateway_bind_mode` values: `auto` and `tailnet`.
|
|
|
|
### Changed
|
|
- Update startup helper validation and CLI usage to support `auto|loopback|lan|tailnet` bind modes.
|
|
- Update add-on translations and docs for the expanded gateway bind mode options.
|
|
|
|
## [0.5.46] - 2026-02-18
|
|
|
|
### Added
|
|
- New add-on option `force_ipv4_dns` to enable IPv4-first DNS ordering for Node network calls (`NODE_OPTIONS=--dns-result-order=ipv4first`), helping Telegram connectivity on IPv6-broken networks.
|
|
|
|
### Changed
|
|
- Added translations for `force_ipv4_dns` option.
|
|
- Updated docs with `force_ipv4_dns` configuration and Telegram network troubleshooting note.
|
|
- Bump OpenClaw to 2026.2.17
|
|
|
|
## [0.5.45] - 2026-02-16
|
|
|
|
### Changed
|
|
- Bump OpenClaw to 2026.2.15
|
|
|
|
## [0.5.44] - 2026-02-14
|
|
|
|
### Changed
|
|
- Bump OpenClaw to 2026.2.13
|
|
|
|
## [0.5.43] - 2026-02-13
|
|
|
|
### Changed
|
|
- Bump OpenClaw to 2026.2.12
|
|
|
|
### Added
|
|
- Portuguese (Brazil) translation (`pt-BR.yaml`) by medeirosiago
|
|
|
|
## [0.5.42] - 2026-02-12
|
|
|
|
### Changed
|
|
- Change nginx ingress port from 8099 to 48099 to avoid conflicts with NextCloud and other services
|
|
- Persist Homebrew and brew-installed packages across container rebuilds (symlink to `/config/.linuxbrew/`)
|
|
|
|
### Added
|
|
- SECURITY.md with risk documentation and disclaimer
|
|
|
|
### Improved
|
|
- Comprehensive DOCS.md overhaul (architecture, use cases, persistence, troubleshooting, FAQ)
|
|
- README.md rewritten as concise landing page with quick start guide
|
|
- New branding assets (icon.png, logo.png)
|
|
- Added Discord server link to README
|
|
|
|
## [0.5.41] - 2026-02-11
|
|
|
|
### Changed
|
|
- Update Dockerfile, config.yaml, and run.sh for enhancements
|
|
- Update icon and logo images for improved quality
|
|
|
|
## [0.5.40] - 2026-02-11
|
|
|
|
### Added
|
|
- Additional tools in Dockerfile
|
|
|
|
### Changed
|
|
- Improved nginx process management in run.sh
|
|
|
|
## [0.5.39] - 2026-02-10
|
|
|
|
### Fixed
|
|
- Fix OpenClaw installation command in Dockerfile
|
|
|
|
## [0.5.38] - 2026-02-10
|
|
|
|
### Changed
|
|
- Bump OpenClaw to 2026.2.9
|
|
|
|
## [0.5.37] - 2026-02-09
|
|
|
|
### Added
|
|
- OpenAI API integration for Home Assistant Assist pipeline
|
|
- Updated translations
|
|
|
|
## [0.5.36] - 2026-02-08
|
|
|
|
### Changed
|
|
- Documentation updates
|
|
|
|
## [0.5.35] - 2026-02-08
|
|
|
|
### Changed
|
|
- Update Dockerfile for Homebrew installation improvements
|
|
|
|
## [0.5.34] - 2026-02-08
|
|
|
|
### Added
|
|
- Install pnpm globally
|
|
|
|
### Changed
|
|
- Upgrade OpenClaw version to 2026.2.6-3
|
|
|
|
## [0.5.33] - 2026-02-06
|
|
|
|
### Changed
|
|
- Enhanced README with images and updated setup instructions
|
|
|
|
---
|
|
|
|
For the full commit history, see [GitHub commits](https://github.com/techartdev/OpenClawHomeAssistant/commits/main).
|