- Move screenshot to standard docs/images location
- Update control-ui.md to reference correct image path
- Improve screenshot script with better click fallbacks
- Remove duplicate screenshot from docs/gateway/images
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Analytics section to Control UI docs explaining quota and usage features
- Add screenshot script with dynamic token loading from config
- Update screenshot showing the analytics dashboard
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When using Claude Code OAuth tokens (which lack user:profile scope),
display a helpful message directing users to check their usage at
claude.ai instead of showing an error.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix analytics loading bug where client.request returns payload directly
- Add plan quota section showing usage against plan limits (5h, weekly windows)
- Display provider errors when OAuth token lacks required scopes
- Add helpful message when no quota data is available
- Add screenshot script with dynamic Playwright chromium detection
- Update tests for quota state and parallel data fetching
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add resumeArgs to DEFAULT_CLAUDE_BACKEND for proper --resume flag usage
- Fix gateway not preserving cliSessionIds/claudeCliSessionId in nextEntry
- Add test for CLI session ID preservation in gateway agent handler
- Update docs with new resumeArgs default
* fix(gateway): prevent auth bypass when behind unconfigured reverse proxy
When proxy headers (X-Forwarded-For, X-Real-IP) are present but
gateway.trustedProxies is not configured, the gateway now treats
connections as non-local. This prevents a scenario where all proxied
requests appear to come from localhost and receive automatic trust.
Previously, running behind nginx/Caddy without configuring trustedProxies
would cause isLocalClient=true for all external connections, potentially
bypassing authentication and auto-approving device pairing.
The gateway now logs a warning when this condition is detected, guiding
operators to configure trustedProxies for proper client IP detection.
Also adds documentation for reverse proxy security configuration.
* fix: harden reverse proxy auth (#1795) (thanks @orlyjamie)
---------
Co-authored-by: orlyjamie <orlyjamie@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* feat: audit fixes and documentation improvements
- Refactored model selection to drop legacy fallback and add warning
- Improved heartbeat content validation
- Added Skill Creation guide
- Updated CONTRIBUTING.md with roadmap
* style: fix formatting in model-selection.ts
* style: fix formatting and improve model selection logic with tests
Add documentation for running Clawdbot in a sandboxed macOS VM
using Lume. This provides an alternative to buying dedicated
hardware or using cloud instances.
The guide covers:
- Installing Lume on Apple Silicon Macs
- Creating and configuring a macOS VM
- Installing Clawdbot inside the VM
- Running headlessly for 24/7 operation
- iMessage integration via BlueBubbles
- Saving golden images for easy reset