- Use env var defaults for CLAWDBOT_DIR, WORKSPACE_DIR, REMOTE, BRANCH
- Export XDG_RUNTIME_DIR for systemctl --user on headless servers
- Tested on Hetzner VM with different directory layout
- Add error handling for git fetch in Phase 0
- Add error handling for pnpm install and build in Phase 1
- Fix heredoc quoting to allow variable expansion in recovery prompt
- Use time-based health check loop instead of counter-based
- Standardize changelog path to ~/.clawdbot/molt/changelog.md
- Make wake command syntax consistent (--mode now)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add detailed cron job prompts for nightly update and morning report
- Add notify.target field to config.json (use platform user IDs, not usernames)
- Add troubleshooting section for common notification issues
- Document freshness check (30h window) to avoid stale reports
- Explain message tool fallback behavior
- Fix: mkdir -p for MOLT_DIR/WORKSPACE_DIR before use
- Fix: Replace broken `source --rollback-internal` with rollback() function
- Fix: Rollback now uses git checkout + reset --hard (no detached HEAD)
- Fix: Auto-switch to expected branch if on wrong branch
- Add: Recovery attempt marker prevents infinite agent loops
- Add: Capture pnpm-install.log and pnpm-build.log for agent context
- Add: Prompt injection guardrails in agent prompts (treat logs as data)
- Remove: Unused PING_TIMEOUT variable
- Change: git diff --stat now uses head -50 instead of tail -20
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace hardcoded "Corey" references with generic "the user" and
"configured channel" so the script works for any clawdbot user.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
After a successful rollback, molt now triggers the clawdbot agent to
diagnose and fix the issue. The agent receives crash logs and context,
attempts common fixes, and reports to the user if manual intervention
is needed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Molt is a self-healing update system for self-hosted Clawdbot instances.
It handles nightly updates from upstream with automatic rollback if
something breaks.
Key features:
- Pulls from upstream, installs deps, builds, restarts gateway
- Health check with stability window (catches crash loops)
- Automatic rollback to pre-update commit on failure
- Module manifest to define what *you* care about (personalized health checks)
- Changelog generation for morning reports
- Agentic recovery philosophy: capture context, let the AI fix edge cases
Files:
- docs/molt.md: Full PRD with architecture, config schema, and rationale
- scripts/molt.sh: Reference implementation (bash)
This is an RFC seeking feedback on approach and integration strategy.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(telegram): fall back to text when voice messages forbidden
When TTS auto mode is enabled, slash commands like /status would fail
silently because sendVoice was rejected with VOICE_MESSAGES_FORBIDDEN.
The entire reply would fail without any text being sent.
This adds error handling to catch VOICE_MESSAGES_FORBIDDEN specifically
and fall back to sending the text content as a regular message instead
of failing completely.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: handle telegram voice fallback errors (#1725) (thanks @foeken)
---------
Co-authored-by: Echo <andre.foeken@Donut.local>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
When a cron job runs in isolated mode, the sessions_spawn tool now correctly
inherits the allowAgents permissions from the parent agent's config.
The fix adds a requesterAgentIdOverride parameter that flows through the
tool creation chain:
- resolveEffectiveToolPolicy() extracts the correct agentId from the session key
- This agentId is passed to sessions_spawn and agents_list tools
- The tools use this override instead of re-parsing the session key
This fixes#1767
Fixes#1765
- Extract client ID and secret from Gemini CLI's bundled oauth2.js
- Cross-platform binary lookup (no shell commands)
- Fallback to env vars for user override
- Add tests for credential extraction
The previous check used includes("win") which incorrectly matched
"darwin" (macOS) because it contains "win". This caused cmd.exe to be
used on macOS instead of /bin/sh.
* feat: audit fixes and documentation improvements
- Refactored model selection to drop legacy fallback and add warning
- Improved heartbeat content validation
- Added Skill Creation guide
- Updated CONTRIBUTING.md with roadmap
* style: fix formatting in model-selection.ts
* style: fix formatting and improve model selection logic with tests
* fix(voice-call): prevent audio overlap with TTS queue
Add a TTS queue to serialize audio playback and prevent overlapping
speech during voice calls. Previously, concurrent speak() calls could
send audio chunks simultaneously, causing garbled/choppy output.
Changes:
- Add queueTts() to MediaStreamHandler for sequential TTS playback
- Wrap playTtsViaStream() audio sending in the queue
- Clear queue on barge-in (when user starts speaking)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(voice-call): use iterative queue processing to prevent heap exhaustion
The recursive processQueue() pattern accumulated stack frames, causing
JavaScript heap out of memory errors on macOS CI. Convert to while loop
for constant stack usage regardless of queue depth.
* fix: prevent voice-call TTS overlap (#1713) (thanks @dguido)
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
The proxy configuration (`channels.telegram.proxy`) was only used for
the gateway monitor (polling), but not for outbound sends (sendMessage,
reactMessage, deleteMessage). This caused outbound messages to bypass
the configured proxy, which is problematic for users behind corporate
proxies or those who want to route all traffic through a specific proxy.
This change ensures that all three outbound functions use the same
proxy configuration as the monitor:
- sendMessageTelegram
- reactMessageTelegram
- deleteMessageTelegram
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixes#1743
The settings page was unable to scroll because .config-layout has
overflow:hidden which blocks child scrolling. Added min-height:0 and
overflow-y:auto to .config-main to enable scrolling within the grid
layout.
When installing the Gateway daemon via LaunchAgent (macOS) or systemd (Linux),
environment variables defined in config.env.vars were not being included in
the service environment. This caused API keys and other env vars configured
in clawdbot.json5 to be unavailable when the Gateway ran as a service.
The fix adds a configEnvVars parameter to buildGatewayInstallPlan() which
merges config.env.vars into the service environment. Service-specific
variables (CLAWDBOT_*, HOME, PATH) take precedence over config env vars.
Fixes the issue where users had to manually edit the LaunchAgent plist
to add environment variables like GOOGLE_API_KEY.
- Replace orange accent (#f59f4a) with signature red (#ff4d4d)
- Switch from IBM Plex/Unbounded/Work Sans to Inter/JetBrains Mono
- Replace emoji icons with Lucide-style SVG icons throughout
- Add comprehensive CSS design tokens (colors, borders, semantic states)
- Update tool-display.json to use icon names instead of emoji
- Rebuild control-ui dist bundle