Netclaw 0.19.0
0.19.0 2026-05-19
Netclaw v0.19.0 — Streaming tool-call execution, Discord proactive posting, isolated channel failures, and durable approval recovery
Features
Streaming tool-call execution — tool execution now yields an
IAsyncEnumerable<ToolCallUpdate>stream monitored by a per-call, two-phase inactivity watchdog, replacing the flat per-attempt timeout. Aspawn_agentsub-agent making progress is no longer killed mid-run by an uncoordinated ~90s timeout, while a genuinely stalled tool call is still caught. All existing tools inherit a single-completion-item default unchanged. (#1045)send_discord_messageproactive-post tool — the agent can now start a new Discord conversation for channel-targeted reminder delivery and cross-channel outreach, at parity withsend_slack_message. The posted message becomes the thread root, and user replies in the created thread route back to a live session. Discord reminder delivery is hardened to explicit channel targets only (channel:<id>or<#id>); DM, user, and bare-snowflake targets are rejected. Closes #953. (#1026)Service identity on operational webhook alerts — operational webhook alerts now carry OpenTelemetry
service.*resource attributes (service.name,service.namespace,service.instance.id,service.version), so alerts from multiple Netclaw instances posting to the same Slack channel or endpoint can be told apart. Service identity is sourced purely from the standard OpenTelemetry environment variables (OTEL_SERVICE_NAME,OTEL_RESOURCE_ATTRIBUTES); the short-livedTelemetry:ServiceNameconfig property from 0.18.2 is removed in favor of this standard configuration. (#1078)Expanded safe-verb auto-allow list — trivially read-only verbs (
date,whoami,uname,ps, read-onlygit/ghquery subcommands likegit describeandgh pr view) no longer hit the interactive approval gate, cutting the dominant fixable source of approval-prompt spam. Command-prefixing and mutating/network-writing verbs remain excluded. (#1071)
Bug Fixes
Tool-approval recovery is now journal-backed — a tool-approval prompt that outlived its session via idle passivation, turn failure, or daemon restart is now recovered from the event journal rather than snapshot-only state. Pending approvals, approval resolution, requester identity, and trust context all survive a cold re-drive, and already-completed sibling calls are no longer replayed in a recovered mixed batch. (#1044)
Channel connection failures are contained — a misconfigured channel (such as a Discord bot missing the Message Content privileged intent) previously took the whole daemon down by escalating into a full Akka coordinated shutdown. Discord and Slack channels now fail in isolation: fatal gateway close codes are classified and reported via the existing
channel.disconnpath instead of rethrowing and aborting the host. (#1033, #1083)spawn_agentroutes through its streaming override —SpawnAgentTool.ExecuteStreamAsyncwas an unreachable orphan method, sospawn_agentcollapsed to the non-streaming path and a healthy, actively-streaming sub-agent was still killed at the flat 90s timeout. The streaming override is now compiler-enforced through the whole tool hierarchy, so this class of bug cannot recur silently. (#1080)file_edit/file_writeno longer lose updates — concurrentfile_editcalls against the same file in one assistant turn each read the same original content, and the last write clobbered the others while every call still reported success — a lost-update race present sincefile_editwas introduced. A new process-wide, per-path serialization gate routes the read-modify-write through, so disjoint same-file edits all compose and apply. (#1062)Shell timeout countdown starts after process spawn —
shell_executecharged process-spawn overhead against the command's timeout budget, so a configured or requested timeout now means "the command gets N seconds" rather than "N seconds minus shell-spawn overhead." (#1074)Release notes deduplicated — a separate lowercase
release_notes.mdintroduced in the 0.18.2 release collided with the canonicalRELEASE_NOTES.mdon case-insensitive filesystems; the 0.18.2 entry is now folded into the cumulative changelog and the duplicate file removed. (#1082)
Build/CI
Native cross-platform smoke harness — the smoke-testing suite was restructured across multiple phases: a native cross-platform harness replaces the Docker-based one, with screenshot-regression mode, an MCP-integration scenario and test server, a macOS smoke leg with a
netclaw doctorcheck, and a split Linux/macOS CI cadence. (#1047, #1048, #1049, #1051, #1054, #1056, #1061, #1067, #1076)Canonical publish script — the
dotnet publishflags for shipped self-contained binaries are now consolidated into a singlepublish-binaries.shscript shared by the release and image-build callers. Single-file compression is disabled forosx-arm64, which corrupted memory on Apple Silicon during single-file self-extract. (#1047)Fixed a mislabeled "Upload Linux install script" CI step and stabilized flaky reminder and shell timeout tests. (#1050, #1053, #1066)
Dependencies