Netclaw 0.16.2
0.16.2 2026-04-30
Netclaw v0.16.2 — Apache 2.0 license, security hardening, and stability fixes
License
- Migrated from AGPL v3.0 + Commons Clause to Apache License 2.0 — all source files now carry Petabridge LLC copyright headers, a new
scripts/Add-FileHeaders.ps1script manages header enforcement with a-Verifymode for CI, and the PR validation workflow includes acopyright-headersjob that fails builds missing headers. (#790)
Security
Fixed privilege escalation bypass in
ShellCommandPolicy—sudo,su, anddoascommands now receive a categorical deny regardless of what follows, closing a bypass where prependingsudoto any denied command evaded all deny patterns because matching only operated on the first token. Closes finding S4-20 from the 2026-04-29 audit. (#830)Moved
SecretOutputRedactortoDispatchingToolExecutorso all tool outputs are redacted before reaching the LLM — previously only shell and background job outputs were covered. Extended redaction patterns now cover AWS access keys (AKIA...), JWT tokens, and other structured secrets. Closes finding S5-01. (#830)Gated raw OAuth token values in the provider status endpoint to loopback connections only — remote paired devices now receive boolean flags instead of raw access and refresh token values. Closes finding S7-5.5. (#830)
Enforced
SubAgentToolPolicyat spawn time and auto-granted safe-list tools — user-facing subagents are now restricted to the safe-list (attach_file,file_read,web_fetch,web_search) at tool resolution time. Safe-list tools are auto-granted in non-interactive contexts instead of being denied by the approval gate, fixing subagents that had zero usable tools. Closes #831. (#830)
Bug Fixes
Fixed daemon crash logs from unobserved
AbruptTerminationExceptionon actor shutdown —SessionPipelineHandle.Dispose()was disposing the materializer inPostStopwhile stream stage actors (children of the materializer's actor context) had already been killed by Akka's child-first shutdown, producingAbruptTerminationExceptionas unobserved tasks that triggeredDaemonCrashMonitor. Output streams now useWatchTermination, andReminderExecutionActor/WebhookExecutionActorcall a newDrainAsync()before stopping so all stream stages complete gracefully while the parent actor is still alive. (#802)Fixed erratic navigation during
netclaw initcaused by duplicated channel picker subscriptions —ChannelPickerStepView.BuildContent()was adding newSubmittedsubscriptions on every re-render without disposing old ones, causing multipleAdvanceStep()calls per Enter key and erratic step navigation. Subscriptions are now cleared at the top ofBuildContent()and focus state is reset before sub-step delegation. Closes #792. (#797)
Dependencies
- Bumped
Akka.Persistence.Sql.Hostingfrom 1.5.62 to 1.5.67 (patch update). (#799)