agentscope-ai/hiclaw v1.1.0 on GitHub

Highlights

What's New

Kubernetes-Native Architecture — HiClaw now runs on a Kubernetes-native control plane. The hiclaw-controller replaces the legacy single-container model with a proper controller-reconciler architecture: a lightweight embedded kube-apiserver + kine backs CRD storage, and the controller reconciles Worker/Team/Manager/Human CRs into containers, Matrix rooms, and gateway routes. In embedded mode (hiclaw-controller container + separate hiclaw-manager container), no external Kubernetes cluster is required. For enterprise deployments, the same controller runs inside a real Kubernetes cluster via the official Helm chart (helm/hiclaw/), with leader election for HA, RBAC, PVC-backed storage, and pod-template overlays for nodeSelector/tolerations/imagePullSecrets.
Hermes Worker Runtime (Autonomous Coding Agent) — HiClaw now supports hermes-agent as a first-class Worker runtime for autonomous coding tasks. Hermes Workers bring the full power of a self-directed coding agent: terminal sandbox execution, multi-file code generation, debugging, vision-based analysis, and native mautrix Matrix integration — all running inside an isolated container. Unlike the agent (Node.js) and QwenPaw (Python) runtimes that handle conversation and tool calls, Hermes operates as an autonomous coding agent that can independently plan, execute, and iterate on complex software tasks. The installer offers all three runtimes interactively, and workers can switch runtime in place via hiclaw update worker --runtime hermes (container is recreated; Matrix account, rooms, credentials, and MinIO data are preserved). Multi-agent collaboration is fully supported — Hermes Workers participate in team projects alongside agent and QwenPaw Workers, with cross-runtime m.mentions message delivery and autonomous YOLO mode for unattended execution.
Enterprise-Grade Kubernetes Deployment (Helm Chart) — First-class Helm chart for deploying HiClaw on production Kubernetes clusters. The chart provisions Tuwunel (Matrix homeserver), MinIO (object storage), Element Web (IM client), and the hiclaw-controller as separate Deployments/StatefulSets with proper Service, RBAC, and Secret resources. Key enterprise features:
- Leader Election: Controller supports multi-replica HA with lease-based leader election — only one instance reconciles at a time, failover is automatic.
- Agent Pod Template: Inject cluster-specific concerns (nodeSelectors, tolerations, imagePullSecrets, annotations, sysctls) into agent Pods via a ConfigMap overlay, without modifying controller code.
- Multi-Tenancy: Pluggable credential provider sidecar (hiclaw-credential-provider) for gateway and storage backends. Per-worker accessEntries in CRDs scope object-storage paths, supporting tenant isolation.
- CRD-Based Resource Management: kubectl / hiclaw CLI interchangeable — Workers, Teams, Humans, and Managers are all standard CRDs with short names (wk, tm, hm, mgr), kubectl get workers works natively.
Pluggable Gateway & Storage Providers — The controller now delegates gateway (Higress) and storage (MinIO/OSS) operations through provider interfaces, with a new hiclaw-credential-provider sidecar that handles STS token issuance, secret rotation, and per-worker access-policy enforcement. Deployments can plug in Alibaba Cloud OSS, AWS S3, or any S3-compatible backend without changing controller code.
Multi-Container Architecture — The Manager image no longer bundles Higress, Tuwunel, MinIO, or Element Web. Infrastructure services run exclusively in the hiclaw-embedded image (controller container), and the Manager is a lightweight agent-only container (~1.7 GB smaller). This enables independent scaling, restart isolation, and clean separation of concerns.
OpenClaw 2026.4.x Upgrade & 1.7 GB Image Shrink — Upgraded the bundled OpenClaw engine to hiclaw-2026.4.14, bringing Matrix private-network SSRF fixes, structured Matrix debug logging (HICLAW_MATRIX_DEBUG=1), and the gateway Control UI port unification. The openclaw-base image was rebased from higress/all-in-one (~1.79 GB) onto higress/ubuntu:24.04 (~103 MB), shrinking every downstream image (manager, worker, copaw-worker, hermes-worker) by approximately 1.7 GB. Key compatibility fixes included: pinning gateway.bind = "lan" for cross-container access, autoJoin = "always" for reliable Matrix room joins, and dangerouslyAllowPrivateNetwork = true for the embedded homeserver's FQDN-over-loopback setup.
Auto-Migrate from v1.0.9 — Upgrading from v1.0.9 automatically migrates workers-registry.json data to CRD resources. Worker runtime, model, skills, MCP servers, and team membership are all preserved. The controller detects legacy state on first boot and creates matching Worker/Team CRs.
hiclaw CLI in Controller Container — The hiclaw CLI is pre-installed and auto-authenticated inside the controller container. Admins can docker exec -it hiclaw-controller hiclaw get workers to inspect or manage resources without going through the Manager Agent. Supports create, get, update, delete, apply, worker wake/sleep/status, status, and version commands.
Declarative Worker Lifecycle (spec.state) — Workers now support spec.state: running | stopped in their CRD. Setting state: stopped (or hiclaw worker sleep) gracefully stops the container while preserving all state; setting state: running (or hiclaw worker wake) restarts it. The Manager uses this for idle-timeout auto-sleep and on-demand wake.
First-Boot Welcome Prompt — Fresh installs now deliver a welcome/onboarding prompt to the Admin DM automatically, even in embedded mode. The controller gates delivery on both Matrix room membership and LLM auth readiness (end-to-end probe), so the Manager never receives a message it cannot answer. The installer blocks until the welcome is delivered, providing a seamless first-run experience.
Installer Improvements — Interactive Hermes runtime selection, masked secret input, version selection, uninstall subcommand (hiclaw-install.sh uninstall), and fail-fast on missing embedded image (no more silent fallback to broken legacy path).

Bug Fixes

Fixed controller rotating Matrix access tokens and gateway secrets on every 5-minute reconcile, which triggered agent gateway restarts and dropped in-flight messages. Tokens are now persisted and reused across reconciles.
Fixed YOLO mode not propagating across the controller→manager boundary in embedded mode, causing multi-worker project creation to stall waiting for unreachable admin confirmation.
Fixed hiclaw create worker / hiclaw apply worker ignoring the admin's install-time default model (HICLAW_DEFAULT_MODEL), silently overriding it with qwen3.5-plus for every spawned Worker.
Fixed HICLAW_DEFAULT_WORKER_RUNTIME being dead code — CRD schema-level defaults caused the API server to fill spec.runtime=openclaw before the controller ever saw the empty value. Removed CRD defaults and introduced proper env-var fallback resolution.
Fixed CoPaw Manager's create-worker DM reply blocking for >5 minutes due to runtime-aware post-creation flow. CoPaw now uses --no-wait + deferred heartbeat drain for reliable acknowledgment.
Fixed Hermes workers not joining their Matrix room — the controller now issues a server-side JoinRoom after room creation, independent of runtime-specific auto-accept behavior.
Fixed hiclaw apply worker --zip ignoring the worker runtime from manifest.json, always defaulting to openclaw.
Fixed AI-route allowedConsumers being wiped on controller restart, transiently locking Manager/Workers out with 403s.
Fixed stale AGENTS.md / SOUL.md / HEARTBEAT.md being re-pushed by the mirror during reconcile, overwriting correctly-merged versions. These files are now excluded from the mirror and managed by their dedicated authoritative writers.
Fixed Higress WASM plugin-server not starting, causing LLM requests to return 404 from the backend.
Fixed OpenClaw Control UI inaccessible at port 18888 after the openclaw 2026.4.x upgrade (port unification, bind exposure, and browser auth gate changes).
Fixed openclaw matrix channel restart race when groupAllowFrom was updated concurrently with outbound sends (e.g., during worker provisioning).
Fixed matrix.autoJoin defaulting to "off" in openclaw 2026.4.x, causing agents to sit in invite state forever and never process room events.
Fixed uninstall not removing the hiclaw-controller container, leaving the Docker volume occupied and old state persisting across reinstalls.
Fixed team workers losing their runtime during v1.0.9→CR migration, silently restarting as openclaw regardless of original runtime.
Fixed Hermes worker multi-agent collaboration: outbound m.mentions.user_ids for cross-runtime message delivery, HERMES_YOLO_MODE=1 for autonomous container execution, and MATRIX_HOME_CHANNEL=disabled to suppress noise.
Fixed Manager openclaw.json using userId=@default instead of userId=@manager, silently dropping all admin DM messages.
Fixed Manager image size by rebasing openclaw-base from higress/all-in-one:2.2.1 (~1.79 GB) to higress/ubuntu:24.04 (~103 MB), shrinking all downstream images by ~1.7 GB.

新增功能

Kubernetes 原生架构 — HiClaw 现在运行在 Kubernetes 原生控制平面之上。hiclaw-controller 取代了旧版单容器模式，采用标准的 Controller-Reconciler 架构：内嵌轻量级 kube-apiserver + kine 存储 CRD 数据，Controller 将 Worker/Team/Manager/Human CR 协调为容器、Matrix 房间和网关路由。在 Embedded 模式下（hiclaw-controller 容器 + 独立 hiclaw-manager 容器），无需外部 Kubernetes 集群。对于企业级部署，同一 Controller 可通过官方 Helm Chart（helm/hiclaw/）运行在真正的 Kubernetes 集群中，支持 Leader Election 高可用、RBAC、PVC 持久化存储以及 Pod 模板叠加。
Hermes Worker 运行时（自主编程 Agent） — HiClaw 现在支持将 hermes-agent 作为一等公民的 Worker 运行时，用于自主编程任务。Hermes Worker 具备完整的自主编程 Agent 能力：终端沙箱执行、多文件代码生成、调试、视觉分析以及原生 mautrix Matrix 集成 — 全部运行在隔离容器中。与处理对话和工具调用的 agent（Node.js）和 QwenPaw（Python）运行时不同，Hermes 是一个自主编程 Agent，可以独立规划、执行和迭代复杂的软件任务。安装器提供三种运行时的交互式选择，Worker 可原地切换运行时：hiclaw update worker --runtime hermes（容器重建，Matrix 账号、房间、凭据和 MinIO 数据保留）。同时支持多 Agent 协作 — Hermes Worker 可以与 agent 和 QwenPaw Worker 一起参与团队项目，支持跨运行时 m.mentions 消息投递和无人值守的 YOLO 模式自主执行。
企业级 Kubernetes 部署（Helm Chart） — 提供生产级 Helm Chart，用于在 Kubernetes 集群上部署 HiClaw。Chart 将 Tuwunel（Matrix 服务器）、MinIO（对象存储）、Element Web（IM 客户端）和 hiclaw-controller 部署为独立的 Deployment/StatefulSet，配备完整的 Service、RBAC 和 Secret 资源。关键企业特性：
- Leader Election（高可用）：Controller 支持多副本部署，基于 Lease 的 Leader Election 确保同一时间只有一个实例执行协调，故障时自动切换。
- Agent Pod 模板：通过 ConfigMap 叠加向 Agent Pod 注入集群特定配置（nodeSelector、tolerations、imagePullSecrets、annotations、sysctls），无需修改 Controller 代码。
- 多租户支持：可插拔凭证提供者 Sidecar（hiclaw-credential-provider）对接网关和存储后端。CRD 中的 per-worker accessEntries 限定对象存储路径，支持租户隔离。
- CRD 化资源管理：kubectl / hiclaw CLI 可互换操作 — Worker、Team、Human、Manager 均为标准 CRD，支持短名称（wk、tm、hm、mgr），kubectl get workers 可直接使用。
可插拔网关与存储 Provider — Controller 现在通过 Provider 接口委托网关（Higress）和存储（MinIO/OSS）操作，新增 hiclaw-credential-provider Sidecar 负责 STS Token 签发、密钥轮转和 per-worker 访问策略执行。可对接阿里云 OSS、AWS S3 或任意 S3 兼容后端，无需修改 Controller 代码。
多容器架构 — Manager 镜像不再打包 Higress、Tuwunel、MinIO 和 Element Web。基础设施服务专属于 hiclaw-embedded 镜像（Controller 容器），Manager 是轻量级的纯 Agent 容器（减小约 1.7 GB）。这实现了独立扩缩容、重启隔离和清晰的职责分离。
OpenClaw 2026.4.x 升级 & 镜像瘦身 1.7 GB — 内置 OpenClaw 引擎升级至 hiclaw-2026.4.14，带来 Matrix 私有网络安全修复、结构化 Matrix 调试日志（HICLAW_MATRIX_DEBUG=1）以及网关 Control UI 端口统一。openclaw-base 基础镜像从 higress/all-in-one（~1.79 GB）重置为 higress/ubuntu:24.04（~103 MB），所有下游镜像（manager、worker、copaw-worker、hermes-worker）缩减约 1.7 GB。关键兼容性修复包括：设置 gateway.bind = "lan" 以支持跨容器访问、autoJoin = "always" 确保 Matrix 房间可靠加入、dangerouslyAllowPrivateNetwork = true 适配内嵌 homeserver 的 FQDN-over-loopback 方案。
从 v1.0.9 自动迁移 — 从 v1.0.9 升级时自动将 workers-registry.json 数据迁移为 CRD 资源。Worker 的运行时、模型、技能、MCP Server 和团队成员关系全部保留。Controller 在首次启动时检测旧版状态并创建对应的 Worker/Team CR。
Controller 容器内 hiclaw CLI — hiclaw CLI 预装并自动认证在 Controller 容器内。管理员可通过 docker exec -it hiclaw-controller hiclaw get workers 直接查询或管理资源，无需通过 Manager Agent。支持 create、get、update、delete、apply、worker wake/sleep/status、status、version 等命令。
声明式 Worker 生命周期（spec.state） — Worker CRD 现在支持 spec.state: running | stopped。设置 state: stopped（或 hiclaw worker sleep）优雅停止容器并保留所有状态；设置 state: running（或 hiclaw worker wake）重新启动。Manager 使用此机制实现空闲自动休眠和按需唤醒。
首次启动欢迎提示 — 全新安装后自动向管理员私信发送欢迎/引导提示，即使在 Embedded 模式下也能正常工作。Controller 在发送前同时验证 Matrix 房间成员身份和 LLM 认证就绪状态（端到端探测），确保 Manager 不会收到无法回复的消息。安装脚本会等待欢迎消息发送完成，提供流畅的首次使用体验。
安装器改进 — 交互式 Hermes 运行时选择、密钥输入脱敏显示、版本选择、卸载子命令（hiclaw-install.sh uninstall）、embedded 镜像缺失时快速失败（不再静默回退到已失效的旧架构路径）。

Bug 修复

修复 Controller 每 5 分钟协调周期轮转 Matrix 访问令牌和网关密钥，导致 Agent 网关重启和在途消息丢失。令牌现在跨协调周期持久化复用。
修复 YOLO 模式未能跨 Controller→Manager 边界传播（Embedded 模式），导致多 Worker 项目创建卡在等待不可达的管理员确认。
修复 hiclaw create worker / hiclaw apply worker 忽略管理员安装时设定的默认模型（HICLAW_DEFAULT_MODEL），所有新建 Worker 静默使用 qwen3.5-plus。
修复 HICLAW_DEFAULT_WORKER_RUNTIME 实际不生效 — CRD schema 层级默认值导致 API Server 在 Controller 看到空值之前就填充了 spec.runtime=openclaw。移除 CRD 默认值并引入正确的环境变量回退解析。
修复 CoPaw Manager 创建 Worker 后 DM 回复阻塞超过 5 分钟。CoPaw 现在使用 --no-wait + 心跳延迟处理实现可靠的确认回复。
修复 Hermes Worker 未加入 Matrix 房间 — Controller 现在在创建房间后执行服务端 JoinRoom，不再依赖运行时的自动接受邀请行为。
修复 hiclaw apply worker --zip 忽略 manifest.json 中的 Worker 运行时，始终默认为 openclaw。
修复 Controller 重启时 AI 路由 allowedConsumers 被清空，导致 Manager/Worker 临时收到 403 错误。
修复协调过程中 AGENTS.md / SOUL.md / HEARTBEAT.md 的旧版本被 mirror 重新推送，覆盖正确合并的版本。这些文件现已排除在 mirror 之外，由各自的权威写入者管理。
修复 Higress WASM 插件服务未启动，导致 LLM 请求返回后端 404。
修复 openclaw 2026.4.x 升级后 OpenClaw Control UI 在 18888 端口不可访问（端口统一、绑定地址和浏览器认证变更）。
修复 openclaw Matrix 通道在 groupAllowFrom 更新与消息发送并发时的重启竞态（如 Worker 创建过程中）。
修复 openclaw 2026.4.x 中 matrix.autoJoin 默认为 "off"，导致 Agent 永远停留在 invite 状态不处理房间事件。
修复 uninstall 未删除 hiclaw-controller 容器，导致 Docker 卷被占用、旧状态跨重装保留。
修复 v1.0.9→CR 迁移时团队 Worker 丢失运行时信息，不论原始运行时均静默重启为 openclaw。
修复 Hermes Worker 多 Agent 协作：跨运行时消息的出站 m.mentions.user_ids、容器内自主执行的 HERMES_YOLO_MODE=1、抑制噪音的 MATRIX_HOME_CHANNEL=disabled。
修复 Manager openclaw.json 使用 userId=@default 而非 userId=@manager，静默丢弃所有管理员 DM 消息。
修复 Manager 镜像体积：将 openclaw-base 从 higress/all-in-one:2.2.1（~1.79 GB）重新基于 higress/ubuntu:24.04（~103 MB），所有下游镜像缩小约 1.7 GB。
refactor(controller): stamp CR-to-Pod controller OwnerReference instead of inheriting from controller Pod (da4d780)
refactor(controller): restructure HumanReconciler with service layer + lazy Matrix login (1a4d83f)
feat(controller): align cloud-mode STS defaults with embedded MinIO and add team member accessEntries (ae0093b)
fix(controller): preserve AI-route allowedConsumers across controller restart (1768d57)
feat(controller): send first-boot Manager welcome prompt in embedded/k8s mode (92ec7c2)
fix(controller): respect HICLAW_DEFAULT_MODEL in hiclaw create/apply worker (b0fa4b2)
feat(install): add Hermes to worker runtime picker, rename CoPaw→QwenPaw in installer UI (b8336f1)
fix(manager): unblock CoPaw create-worker DM ack + capture CoPaw debug-log sessions (24d3113)
chore(base): pin openclaw-base image tag to 20260423-8359cbc (e683a4f)
feat(install): show masked asterisks when typing secret input (4099413)
feat(install): add uninstall subcommand to hiclaw-install.sh and hiclaw-install.ps1 (fa66f21)
feat: pluggable gateway/storage providers via hiclaw-credential-provider sidecar (ae6e7e6)
fix(install): always pull all worker runtime images and sync ps1 with sh (cd01437)
feat(manager): teach worker-management skill to switch a Worker's runtime (a5380be)
fix(controller): propagate runtime to team workers in v1.0.9 migration (ef3ebe9)
fix(controller,tests): make hermes workers join their own Matrix room (93a8969)
fix(controller): TeamReconciler directly manages member lifecycle without Worker CRs (e399d83)
fix(copaw): adapt bridge to CoPaw's config.json + agent.json split (af97be3)
fix(controller): replace Synapse DeactivateUser with Tuwunel room management for agent deletion (3c31d98)
feat(hermes): integrate hermes-agent as a third worker runtime (e8573c5)
fix(copaw): emit Element-style visible mentions in MatrixChannel (efebe4f)
fix(controller): honor HICLAW_DEFAULT_WORKER_RUNTIME by removing CRD default (b51902f)
fix(manager): add hiclaw create worker --no-wait, ban raw curl to controller (0caf726)
fix(controller): make hiclaw apply worker --zip honor the worker runtime (90bfc05)
chore: upgrade openclaw to hiclaw-2026.4.14 and fix Manager Matrix userId (3366dd8)
fix: stop AGENTS/SOUL/HEARTBEAT.md sync races between controller and worker (5aa95c2)
feat: CoPaw runtime upgrade, team leader improvements, and build simplification (bb1eff2)
chore(controller): drop istiod debug push workaround for Higress embedded mode (ec87064)
fix(integration-tests): stabilize test-01/15/20 and fix plugin-server + worker sync races (394a7d3)
chore(base): pin higress/all-in-one to 2.2.1 (ea18e0c)
refactor: modularize Manager reconciler with phase-based lifecycle and integration tests (09231a9)
fix: restore manager-workspace from MinIO on k8s mode pod restart (03313f4)
feat: add leader election support for hiclaw controller HA (5cf7277)
refactor: replace update-worker-model.sh script with hiclaw CLI command (b2ecc3c)
refactor: declarative convergence rewrite for Worker Reconciler with integration tests (7d0c117)
refactor: unified admin credentials, image build deps & Helm cleanup (e30b736)
feat: auto-migrate v1.0.9 registry data to CR resources (711f4ab)
refactor: Helm config cleanup, CI pipelines & unified token auth (24079a4)
feat: declarative worker lifecycle with spec.state (e43c158)
refactor(controller): hiclaw-controller architecture refactor (d029ed2)
chore(openclaw-base): rebase from higress/all-in-one to higress/ubuntu:24.04 (~1.7 GB shrink) (f63bf98)

Docker Images

Multi-architecture images (amd64 + arm64):

# Embedded all-in-one (infra + controller; pulled by the installer)
docker pull higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/hiclaw-embedded:v1.1.0

# Manager (lightweight; spawned by the embedded controller)
docker pull higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/hiclaw-manager:v1.1.0

# Worker
docker pull higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/hiclaw-worker:v1.1.0

# Controller (used standalone in k8s; bundled inside hiclaw-embedded for docker installs)
docker pull higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/hiclaw-controller:v1.1.0

Quick Start

macOS / Linux

bash <(curl -fsSL https://raw.githubusercontent.com/agentscope-ai/HiClaw/main/install/hiclaw-install.sh)

Windows (PowerShell 7+)

Set-ExecutionPolicy Bypass -Scope Process -Force; =New-Object Net.WebClient; .Encoding=[Text.Encoding]::UTF8; iex .DownloadString('https://higress.ai/hiclaw/install.ps1')

Documentation

For more details, see the installation guide.

What's Changed

fix(copaw): download file attachments in group room history by @maplefeng-a in #540
refactor(copaw-manager): simplify _apply_mention to match worker by @maplefeng-a in #544
docs: hiclaw-controller 重构与 K8s 部署设计方案 || docs: hiclaw-controller reconstruction and K8s deployment design plan by @johnlanni in #551
fix(crd): move subresources.status to correct level in teams CRD by @googs1025 in #573
fix(tuwunel): set default cache_capacity_modifier to prevent CPU thrashing by @Jing-ze in #578
Revise README with enhanced project overview by @max-wc in #583
Revise HiClaw description and architecture details by @max-wc in #582
fix(install): set JVM_ARGS to fix Higress Console on Apple Silicon by @xcaspar in #585
fix(find-skills): use canonical install paths by @luoxiner in #587
docs: DebugWorker 基于标准 Worker 构建 || docs: DebugWorker is built based on standard Worker by @johnlanni in #589
Hiclaw controller refactor by @johnlanni in #616
fix: DeployToMinIO Phase 2 should respect excludeMemory flag by @johnlanni in #619
docs: add K8s-native multi-agent collaboration blog and LF introduction by @johnlanni in #624
feat: declarative worker lifecycle with spec.state by @johnlanni in #620
refactor: Helm config cleanup, CI pipelines & unified token auth by @Jing-ze in #625
feat: auto-migrate v1.0.9 registry data to CR resources by @johnlanni in #621
refactor: unified admin credentials, image build deps & Helm cleanup by @Jing-ze in #629
refactor: declarative convergence rewrite for Worker Reconciler with integration tests by @Jing-ze in #632
refactor: replace update-worker-model.sh script with hiclaw CLI command by @Jing-ze in #633
ci: run openclaw and copaw runtime integration tests in parallel by @johnlanni in #636
fix(ci): use falsy check for inputs.worker_runtime to fix non-dispatch triggers by @johnlanni in #641
feat: add leader election support for hiclaw controller HA by @Jing-ze in #640
fix: restore manager-workspace from MinIO on k8s mode pod restart by @Jing-ze in #637
refactor: modularize Manager reconciler with phase-based lifecycle and integration tests by @Jing-ze in #635
chore(controller): drop istiod debug push workaround for Higress embedded mode by @johnlanni in #648
fix(test): de-flake TestLeaderElection_TwoInstances_OnlyOneReconciles by @johnlanni in #649
feat: CoPaw runtime upgrade, team leader improvements, and build simplification by @maplefeng-a in #643
fix: stop AGENTS/SOUL/HEARTBEAT.md sync races between controller and worker by @johnlanni in #651
fix: make OpenClaw repo URL configurable via build arg (#617) by @vincent067 in #647
ci(test-integration): rebuild openclaw-base from PR source when changed by @johnlanni in #655
fix(manager): worker post-creation DM + send-worker-greeting helper (#652) by @maplefeng-a in #653
chore: upgrade openclaw to hiclaw-2026.4.14 and fix Manager Matrix userId by @johnlanni in #654
fix(controller): make hiclaw apply worker --zip honor the worker runtime by @johnlanni in #656
ci(test-integration): split matrix runtime into manager_runtime + worker_runtime by @johnlanni in #660
fix: remove dead HICLAW_CONTROLLER_API_KEY code by @Jing-ze in #662
fix(manager): add hiclaw create worker --no-wait, ban raw curl to controller by @johnlanni in #663
fix(controller): honor HICLAW_DEFAULT_WORKER_RUNTIME by removing CRD default by @johnlanni in #665
docs: sync CRD docs, k8s-native overview, blog layout, README News by @johnlanni in #667
fix(tests): correct metrics collection paths and surface unsupported runtimes by @johnlanni in #664
ci(test-integration): fix integration-tests skipped when build-openclaw-base is skipped by @Jing-ze in #669
fix(copaw): emit Element-style visible mentions in MatrixChannel by @maplefeng-a in #673
Fix DingTalk link and update WeChat group image by @max-wc in #671
feat(hermes): integrate hermes-agent as a third worker runtime by @johnlanni in #659
fix(controller): replace Synapse DeactivateUser with Tuwunel room management for agent deletion by @Jing-ze in #668
fix(copaw): adapt bridge to CoPaw's config.json + agent.json split by @maplefeng-a in #670
fix(controller): TeamReconciler directly manages member lifecycle without Worker CRs by @Jing-ze in #666
fix(controller,tests): make hermes workers join their own Matrix room by @johnlanni in #674
fix(controller): propagate runtime to team workers in v1.0.9 migration by @johnlanni in #676
feat(manager): teach worker-management skill to switch a Worker's runtime by @johnlanni in #677
fix(install): always pull all worker runtime images and sync ps1 with sh by @johnlanni in #678
feat: pluggable gateway/storage providers via hiclaw-credential-provider sidecar, with multi-tenancy, agent pod template, and access control by @Jing-ze in #675
feat(install): add uninstall subcommand to hiclaw-install.sh and hiclaw-install.ps1 by @cr7258 in #599
feat(install): show masked asterisks when typing secret input by @cr7258 in #601
fix: pass HICLAW_CONTROLLER_IMAGE build arg to worker image targets by @johnlanni in #679
chore(base): pin openclaw-base image tag to 20260423-8359cbc by @johnlanni in #684
fix(manager): unblock CoPaw create-worker DM ack + capture CoPaw debug-log sessions by @johnlanni in #683
feat(install): add Hermes to worker runtime picker, drop label suffixes, rename CoPaw->QwenPaw in installer UI by @johnlanni in #686
fix(controller): respect HICLAW_DEFAULT_MODEL in hiclaw create/apply worker by @johnlanni in #689
test(test-02): tolerate progressive Manager DM acks before 'alice' is named by @johnlanni in #691
ci(helm): manual dispatch input, bump higress 2.2.1, document Helm install by @johnlanni in #693
feat(controller): send first-boot Manager welcome prompt in embedded/k8s mode by @johnlanni in #692
fix(controller): preserve AI-route allowedConsumers across controller restart by @Jing-ze in #681
feat(controller): align cloud-mode STS defaults with embedded MinIO and add team member accessEntries by @Jing-ze in #682
refactor(controller): restructure HumanReconciler with service layer + lazy Matrix login by @Jing-ze in #685
refactor(controller): stamp CR-to-Pod controller OwnerReference instead of inheriting from controller Pod by @Jing-ze in #688
docs: rewrite FAQ for new multi-container architecture (v1.1.0+) by @johnlanni in #695
fix(helm): sync CRDs, add OpenAI-compatible defaults, document multi-region registries by @johnlanni in #696
fix(controller): respect HICLAW_OPENAI_BASE_URL for non-qwen providers by @johnlanni in #698
fix(helm): add ClusterRole for CRD access and auto-derive imageTag from Chart.AppVersion by @johnlanni in #697
feat(controller): propagate CR metadata.labels + new spec.labels to managed Pods by @Jing-ze in #687

New Contributors

@xcaspar made their first contribution in #585
@vincent067 made their first contribution in #647
@cr7258 made their first contribution in #599

Full Changelog: v1.0.9...v1.1.0