agentscope-ai/hiclaw v1.1.2 on GitHub

Highlights

What's New

QwenPaw-first local install flow: The installer now presents QwenPaw as the default worker runtime, supports keep-all upgrades with enter-to-keep prompts for existing parameters, and improves non-interactive guardrails for scripted installs.
Team human coordinators: Team resources can include human coordinator members, with team-admin-owned Matrix rooms and updated Team Leader / Worker prompts so coordination stays inside the Team Room.
Team Leader coordination refresh: Team Leader built-ins were refreshed for project planning, DAG task execution, file sharing, communication, organization, mcporter usage, and worker lifecycle coordination. Worker-style anti-loop reply rules were mirrored for Team Leader, and legacy Team Leader skill aliases were removed after migration.
CoPaw runtime coordination tools: CoPaw workers now include runtime hooks and tools for task flow, project flow, messaging, file sync, output sanitizing, credential guarding, health probes, richer readiness handling, and configurable ReAct iteration limits.
Nacos remote skills and credentials: The controller can pass skills API defaults and per-package Nacos authentication to workers, including authType=nacos|sts-hiclaw|none and ai-registry STS access scope.
Worker identity separation: Controller resource names are separated from runtime worker names across identity, credentials, storage defaults, and readiness reporting, making CR naming and agent-facing names less tightly coupled.
Controller observability: Controller-side reconcile metrics, graceful HTTP/background goroutine shutdown, and test diagnostics were added to make runtime and CI failures easier to inspect.

Bug Fixes

Installer robustness: Rootless Podman socket detection, retry behavior for too-short admin passwords, multi-line error output, GitHub repository URL defaults, stable fallback version handling, and Windows stream-idle-timeout propagation were corrected.
Helm cleanup and Matrix display names: Helm uninstall now cleans up Manager/Worker pods, and Tuwunel's default display-name suffix is disabled in the chart.
Manager worker lifecycle API: Manager local container operations now use the controller's /api/v1 paths, and groupAllowFrom is hot-reloaded when Workers are created.
Agent-facing docs and safeguards: Agent prompts and skills now use roomID for hiclaw get workers / hiclaw create worker JSON, quote colon-containing frontmatter descriptions, and explicitly prohibit direct credential file access in CoPaw worker and Team Leader prompts.
CoPaw message handling: CoPaw workers avoid swallowing fresh Matrix messages during startup, handle targeted readiness probes directly, stop typing indicators on empty/cancelled runs, require slash-prefixed control commands, normalize Element double-slash commands, and use display names in mention bodies.
CoPaw storage and context sync: CoPaw workers align the install directory with the HOME-backed workspace path, seed the heartbeat interval at 10 minutes, skip static mc alias setup for k8s wrapper credentials, exclude inbound Matrix thread messages from room-history context, and suppress noisy warnings for optional missing MinIO objects.
Controller config preservation: Reconcile now preserves runtime-mutated package files, default object-storage access entries, and user plugin customizations while still applying controller-managed defaults.
Gateway and auth stability: The configured AI stream idle timeout is applied to the self-hosted Higress gateway, observability/stream-timeout env is propagated during bootstrap, and TokenReview cache entries are capped and swept.

新增功能

本地安装默认优先 QwenPaw: 安装脚本现在优先展示 QwenPaw 作为默认 Worker 运行时，升级时支持 keep-all 和回车保留已有参数，并强化了非交互模式下的防误执行保护。
Team 支持人类协调员: Team 资源支持声明人类协调员成员，Team Room 由 team-admin 归属，并同步更新 Team Leader / Worker 提示词，确保协作收敛在 Team Room 中。
Team Leader 协作能力刷新: Team Leader 内置能力围绕项目规划、DAG 任务执行、文件共享、沟通、组织、mcporter 使用和 Worker 生命周期协作重新整理；同步 Worker 的 anti-loop 回复规则；迁移完成后移除了旧的 Team Leader 技能别名。
CoPaw 运行时协作工具: CoPaw Worker 新增任务流、项目流、消息、文件同步、输出清洗、凭据保护、健康探针、更完整的就绪检查相关 hooks / tools，并支持配置 ReAct 最大迭代次数。
Nacos 远程技能与凭据: 控制器可向 Worker 传递 skills API 默认值和每个包的 Nacos 认证配置，支持 authType=nacos|sts-hiclaw|none 以及 ai-registry STS 权限范围。
Worker 身份解耦: 控制器资源名与运行时 Worker 名称在身份、凭据、存储默认值和就绪状态中解耦，降低 CR 名称与 Agent 对外名称的耦合。
控制器可观测性: 增加控制器 reconcile 指标、HTTP 服务与后台 goroutine 的优雅退出，以及测试失败诊断信息，便于排查运行时和 CI 问题。

Bug 修复

安装脚本稳健性: 修复 rootless Podman socket 检测、管理员密码过短时的重试、多行错误输出、GitHub 仓库 URL 默认值、稳定版本 fallback，以及 Windows 下 stream idle timeout 的传递。
Helm 清理与 Matrix 显示名: Helm 卸载时会清理 Manager/Worker Pod；Chart 中关闭 Tuwunel 默认 display-name suffix。
Manager Worker 生命周期 API: Manager 本地容器操作改为使用控制器 /api/v1 路径，并在 Worker 创建后热更新 groupAllowFrom。
Agent 文档与安全边界: Agent 提示词和技能统一使用 roomID 解析 hiclaw get workers / hiclaw create worker JSON，修复含冒号 frontmatter 描述的引用，并在 CoPaw Worker 与 Team Leader 提示词中加入不可覆盖的凭据文件直接访问禁令。
CoPaw 消息处理: CoPaw Worker 避免启动时吞掉新 Matrix 消息，直接处理定向就绪探针，空回复或取消运行时停止 typing indicator，要求运行时控制命令以 slash 开头，兼容 Element 双 slash，并在 mention 文本中使用显示名。
CoPaw 存储与上下文同步: CoPaw Worker 安装目录与 HOME 工作区对齐，默认心跳间隔设为 10 分钟；在 k8s wrapper 凭据场景跳过静态 mc alias；房间历史上下文排除入站 Matrix thread 消息；缺失可选 MinIO 对象时不再输出噪声警告。
控制器配置保留: Reconcile 过程保留运行时已变更的包文件、默认对象存储访问项和用户插件自定义配置，同时继续下发控制器托管默认值。
网关与认证稳定性: 自托管 Higress 网关应用配置的 AI stream idle timeout；启动时传递 observability / stream-timeout 环境变量；TokenReview 缓存增加容量上限和清理机制。
fix(install): add non-interactive deep-defense guards to step functions (6cbec18)
chore(helm): bump chart to 1.1.1 and update repo URLs (fd09d98)
fix(install): update GitHub repo URL to agentscope-ai/HiClaw and bump stable fallback to v1.1.1 (f39601a)
fix(helm): clean up Manager/Worker pods on helm uninstall (6570402)
fix(manager): align container-api.sh paths with controller /api/v1 (5c9a653)
feat(install): swap runtime selection order to make QwenPaw the default (d3e33e8)
feat(install): support keep-all upgrade mode and enter-to-keep for all params (c9ab98f)
fix(agent): use roomID when parsing hiclaw get workers JSON output (efcb544)
fix(install): make error() multi-line safe by splitting exit into die() (e21ac83)
fix(install): retry on too-short admin password instead of exiting (19777eb)
fix(auth): cap and sweep TokenReview cache (2991d06)
chore(controller): graceful shutdown for HTTP server and background goroutines (fc99788)
feat(controller): export per-CRD reconcile metrics (5d7e721)
fix(legacy): preserve user plugin customizations on Manager config push (f07a32f)
fix(helm): disable Tuwunel default displayname suffix (ab5cdcf)
feat(controller): support Nacos remote skills with STS auth (fb01fe6)
fix(bootstrap): propagate observability and stream timeout env (df98989)
fix(agent): quote coding CLI skill frontmatter (bd11844)
feat(install): optimize container runtime socket detection for rootless podman (b1f103b)
fix(copaw): stop typing indicator on empty completion (78418b5)
fix(copaw): use display name instead of MXID in mention body (02ff138)
fix(controller): preserve runtime package files on reconcile (8cb9f46)
feat(copaw): make ReAct max iterations configurable (933a600)
feat(controller): separate CR names from runtime worker names (12da1ce)
fix(copaw): require slash-prefixed control commands (e94aceb)
feat(agent): prohibit direct credential file access (046537b)
fix(manager): hot-reload groupAllowFrom when Workers are created (94bde15)
fix(copaw): seed worker heartbeat interval (ec0f57d)
fix(copaw): align install dir with worker home (c0bca77)
fix(copaw): exclude inbound thread messages from room history (8d6a852)
fix(copaw): skip mc alias setup in k8s mode (fc1b934)
fix(controller): preserve default object-storage access entries (a940d94)
fix(copaw): suppress missing MinIO object warnings (53d270e)
feat(controller): propagate skills API defaults to workers (e4a3506)
feat(team-leader): refresh coordination builtins (bfd99cd)
fix(controller): apply Higress stream idle timeout (8d81c9f)
feat(controller): support team human coordinators (16e87c2)
feat(copaw): add runtime coordination tools (4a2ced6)
fix(install): pass stream idle timeout on Windows (fece949)
refactor(team-leader): remove legacy skill aliases (67a6daf)
fix(team-leader): mirror worker's anti-loop reply rules (2a7cd17)

Also in this window (docs / repo metadata / tests; not image-facing)

chore: archive changelog for v1.1.1 (d62aecb)
Revert "chore: archive changelog for v1.1.1" (c78b469)
chore: remove duplicate CLAUDE.md entry from .gitignore (8c262f7)
feat(test): add CoPaw metrics collection via token_usage.json (724d80b)
docs(copaw): add CredAgent config reference (9bae51d)
test(controller): cover team leader ready auth (41ac30b)
docs(controller): note Nacos auth type example (d522966)
docs: sync zh-CN architecture docs (58cdded)
test: dump diagnostics on wait/probe failures (e07feb8)

Docker Images

Multi-architecture images (amd64 + arm64):

# Embedded all-in-one (infra + controller; pulled by the installer)
docker pull higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/hiclaw-embedded:v1.1.2

# Manager (lightweight; spawned by the embedded controller)
docker pull higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/hiclaw-manager:v1.1.2

# Worker
docker pull higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/hiclaw-worker:v1.1.2

# Controller (used standalone in k8s; bundled inside hiclaw-embedded for docker installs)
docker pull higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/hiclaw-controller:v1.1.2

Quick Start

macOS / Linux

bash <(curl -fsSL https://raw.githubusercontent.com/agentscope-ai/HiClaw/main/install/hiclaw-install.sh)

Windows (PowerShell 7+)

Set-ExecutionPolicy Bypass -Scope Process -Force; =New-Object Net.WebClient; .Encoding=[Text.Encoding]::UTF8; iex .DownloadString('https://higress.ai/hiclaw/install.ps1')

Documentation

For more details, see the installation guide.

What's Changed

chore: archive changelog for v1.1.1 by @github-actions[bot] in #771
fix(install): add non-interactive deep-defense guards to step functions by @CH3CHO in #775
chore(helm): bump chart to 1.1.1 and update repo URLs by @googs1025 in #781
fix(install): update GitHub repo URL to agentscope-ai/HiClaw and bump stable fallback to v1.1.1 by @googs1025 in #776
fix(helm): clean up Manager/Worker pods on helm uninstall (#779) by @googs1025 in #783
fix(manager): align container-api.sh paths with controller /api/v1 (#785) by @googs1025 in #786
feat(install): swap runtime selection order to make QwenPaw the default by @flystar32 in #780
feat(install): support keep-all upgrade mode and enter-to-keep for all params by @CH3CHO in #749
fix(agent): use roomID when parsing hiclaw get workers JSON output by @johnlanni in #743
fix(install): make error() multi-line safe by splitting exit into die() by @johnlanni in #798
fix(install): retry on too-short admin password instead of exiting by @googs1025 in #795
fix(auth): cap and sweep TokenReview cache by @googs1025 in #810
chore(controller): graceful shutdown for HTTP server and background goroutines by @googs1025 in #811
feat(controller): export per-CRD reconcile metrics by @googs1025 in #812
fix(legacy): preserve user plugin customizations on Manager config push by @googs1025 in #816
fix(helm): disable Tuwunel default displayname suffix by @shiyiyue1102 in #821
feat(controller): support Nacos remote skills with STS auth by @shiyiyue1102 in #823
fix(bootstrap): propagate observability and stream timeout env by @shiyiyue1102 in #822
fix(agent): quote coding CLI skill frontmatter by @shiyiyue1102 in #825
feat(install): optimize container runtime socket detection for rootless podman by @NaCodermer in #817
fix(copaw): stop typing indicator on empty completion by @shiyiyue1102 in #824
fix(copaw): use display name instead of MXID in mention body (#174) by @grllll in #807
fix(controller): preserve runtime package files on reconcile by @shiyiyue1102 in #826
feat(copaw): make ReAct max iterations configurable by @shiyiyue1102 in #829
feat(controller): separate CR names from runtime worker names by @shiyiyue1102 in #830
fix(copaw): require slash-prefixed control commands by @shiyiyue1102 in #833
feat(agent): prohibit direct credential file access by @shiyiyue1102 in #834
fix(manager): hot-reload groupAllowFrom when Workers are created by @maplefeng-a in #831
feat(test): add CoPaw metrics collection via token_usage.json by @maplefeng-a in #832
fix(copaw): seed worker heartbeat interval by @shiyiyue1102 in #835
fix(copaw): align install dir with worker home by @shiyiyue1102 in #836
fix(copaw): exclude inbound thread messages from room history by @shiyiyue1102 in #838
fix(copaw): skip mc alias setup in k8s mode by @shiyiyue1102 in #839
fix(controller): preserve default object-storage access entries by @shiyiyue1102 in #840
fix(copaw): suppress missing MinIO object warnings by @shiyiyue1102 in #841
feat(controller): propagate skills API defaults to workers by @shiyiyue1102 in #842
feat(team-leader): refresh coordination builtins by @shiyiyue1102 in #846
fix(controller): apply Higress stream idle timeout by @shiyiyue1102 in #844
feat(controller): support team human coordinators by @shiyiyue1102 in #848
feat(copaw): add runtime coordination tools by @shiyiyue1102 in #847
docs(copaw): add CredAgent config reference by @shiyiyue1102 in #851
test(controller): cover team leader ready auth by @shiyiyue1102 in #853
fix(install): pass stream idle timeout on Windows by @shiyiyue1102 in #852
docs(controller): note Nacos auth type example by @shiyiyue1102 in #854
refactor(team-leader): remove legacy skill aliases by @shiyiyue1102 in #855
fix(team-leader): mirror worker's anti-loop reply rules by @googs1025 in #843
docs: sync zh-CN architecture docs by @shiyiyue1102 in #858
test: dump diagnostics on wait/probe failures by @googs1025 in #859
[codex] prepare v1.1.2 changelog by @shiyiyue1102 in #864

New Contributors

@shiyiyue1102 made their first contribution in #821
@NaCodermer made their first contribution in #817
@grllll made their first contribution in #807

Full Changelog: v1.1.1...v1.1.2