Pulled from GitHub Releases

Changelog

Every release of netclaw-dev/netclaw. Pick a version from the sidebar — this page rebuilds whenever a new release is published.

v0.16.2

Netclaw 0.16.2

0.16.2 2026-04-30

Netclaw v0.16.2 — Apache 2.0 license, security hardening, and stability fixes

License

  • Migrated from AGPL v3.0 + Commons Clause to Apache License 2.0 — all source files now carry Petabridge LLC copyright headers, a new scripts/Add-FileHeaders.ps1 script manages header enforcement with a -Verify mode for CI, and the PR validation workflow includes a copyright-headers job that fails builds missing headers. (#790)

Security

  • Fixed privilege escalation bypass in ShellCommandPolicysudo, su, and doas commands now receive a categorical deny regardless of what follows, closing a bypass where prepending sudo to any denied command evaded all deny patterns because matching only operated on the first token. Closes finding S4-20 from the 2026-04-29 audit. (#830)

  • Moved SecretOutputRedactor to DispatchingToolExecutor so all tool outputs are redacted before reaching the LLM — previously only shell and background job outputs were covered. Extended redaction patterns now cover AWS access keys (AKIA...), JWT tokens, and other structured secrets. Closes finding S5-01. (#830)

  • Gated raw OAuth token values in the provider status endpoint to loopback connections only — remote paired devices now receive boolean flags instead of raw access and refresh token values. Closes finding S7-5.5. (#830)

  • Enforced SubAgentToolPolicy at spawn time and auto-granted safe-list tools — user-facing subagents are now restricted to the safe-list (attach_file, file_read, web_fetch, web_search) at tool resolution time. Safe-list tools are auto-granted in non-interactive contexts instead of being denied by the approval gate, fixing subagents that had zero usable tools. Closes #831. (#830)

Bug Fixes

  • Fixed daemon crash logs from unobserved AbruptTerminationException on actor shutdown — SessionPipelineHandle.Dispose() was disposing the materializer in PostStop while stream stage actors (children of the materializer's actor context) had already been killed by Akka's child-first shutdown, producing AbruptTerminationException as unobserved tasks that triggered DaemonCrashMonitor. Output streams now use WatchTermination, and ReminderExecutionActor / WebhookExecutionActor call a new DrainAsync() before stopping so all stream stages complete gracefully while the parent actor is still alive. (#802)

  • Fixed erratic navigation during netclaw init caused by duplicated channel picker subscriptions — ChannelPickerStepView.BuildContent() was adding new Submitted subscriptions on every re-render without disposing old ones, causing multiple AdvanceStep() calls per Enter key and erratic step navigation. Subscriptions are now cleared at the top of BuildContent() and focus state is reset before sub-step delegation. Closes #792. (#797)

Dependencies

  • Bumped Akka.Persistence.Sql.Hosting from 1.5.62 to 1.5.67 (patch update). (#799)