github openlegion-ai/openlegion v0.3.0
on GitHub

pre-release10 hours ago

What's Changed

  • feat: enforce plan limits on agent and project creation by @bicced in #290
  • Reduce agent CPU quota from 1.0 to 0.5 by @bicced in #291
  • fix: always show add agent/project buttons when plan limits reached by @bicced in #292
  • fix: align plan limit popovers to avoid clipping off screen by @bicced in #293
  • fix: chat button spans full width, grid adapts when chat panel open by @bicced in #294
  • fix: toast notifications show above modals by @bicced in #296
  • refactor: shared Camoufox browser service, slim agent containers by @bicced in #295
  • fix: KasmVNC flags, type_text clear, focus locking by @bicced in #297
  • fix: connect dashboard browser viewer to per-agent focus by @bicced in #298
  • fix: VNC iframe embedding — remove password param, add cross-origin headers by @bicced in #299
  • fix: support VNC through reverse proxy for VPS deployments by @bicced in #300
  • fix: auto-start browser on focus, fix health check auth by @bicced in #301
  • fix: pass Playwright instance to AsyncNewBrowser by @bicced in #302
  • fix: run camoufox fetch as browser user in Docker build by @bicced in #303
  • feat: loading states and double-submit prevention for all dashboard forms by @bicced in #305
  • fix: add GTK3/X11 libs and fix camoufox fetch in Dockerfile by @bicced in #306
  • fix: confirm modal never closing after action completes by @bicced in #308
  • feat: enforce plan limits on downgrade — locked agents & projects by @bicced in #309
  • fix: try/finally for config save, disable project Cancel by @bicced in #310
  • refactor: harden browser service — security, cleanup, tests by @bicced in #311
  • fix: pin browser window size to fill VNC display by @bicced in #312
  • docs: fix 29 documentation inaccuracies found by code audit by @bicced in #313
  • refactor: harden browser service + ARM64 support by @bicced in #314
  • fix: Python 3.10 compat + VNC loading UX by @bicced in #315
  • feat: human-like browser interaction timing + scroll support by @bicced in #316
  • fix: steer detection + stale identity file cache by @bicced in #318
  • feat: built-in VNC reverse proxy for VPS deployments by @bicced in #317
  • fix: harden VNC proxy — timeout handling, websockets dep, test coverage by @bicced in #319
  • fix: security audit hardening by @bicced in #320
  • fix: dashboard live-updates when agent modifies identity files by @bicced in #321
  • fix: harden dashboard identity live-refresh by @bicced in #322
  • security: fix VNC auth — reject agent tokens instead of requiring them by @bicced in #323
  • fix: security architectural fixes — bridge networking, DNS pinning, WS auth, session cookies by @bicced in #324
  • refactor: clean up dead params, duplicated logic, and silent exceptions by @bicced in #325
  • security: harden agent containers — cap drops, read-only rootfs, internal network by @bicced in #326
  • feat: extend template system with soul, heartbeat, permissions, budgets, workflows by @bicced in #327
  • docs: comprehensive accuracy audit — fix 20+ discrepancies by @bicced in #328
  • security: production readiness review — engine by @bicced in #330
  • feat: plan-based browser container scaling by @bicced in #331
  • feat: skill template selection when creating agents by @bicced in #332
  • fix: workspace_updated events silently dropped — dashboard stale by @bicced in #333
  • fix: template workspace content not reaching agent containers by @bicced in #336
  • fix: remove duplicate notification event emission by @bicced in #337
  • Remove empty state block from dashboard by @bicced in #338
  • feat: forward proxy env vars to browser container by @bicced in #339
  • fix: allow x-mesh-internal to bypass auth on internal endpoints by @bicced in #340
  • security: harden blackboard — sanitization, limits, persistence by @bicced in #341
  • fix: review cleanup — dict key sanitization, dashboard limits by @bicced in #342
  • security: production readiness audit — Stage 3 (engine) by @bicced in #343
  • feat: Anthropic OAuth setup-token authentication by @bicced in #344
  • refactor: streamline agent prompt system for self-evolution by @bicced in #345
  • fix: refine agent prompts and revise all fleet templates by @bicced in #346
  • fix: verify KasmVNC is reachable before exposing browser in dashboard by @bicced in #347
  • fix: verify KasmVNC reachability before setting browser_vnc_url by @bicced in #349
  • fix: quote credential values in .env to prevent interpolation on reload by @bicced in #350
  • feat: hide blackboard from standalone agents by @bicced in #348
  • fix: disable dotenv interpolation and harden .env quoting by @bicced in #351
  • fix: show onboarding when settings data hasn't loaded by @bicced in #352
  • fix: add unsafe-eval to CSP for Alpine.js and Tailwind CDN by @bicced in #353
  • fix: convert OpenAI-format tool messages in OAuth path by @bicced in #354
  • fix: production readiness review round 2 by @bicced in #355
  • fix: Dockerfile.browser build + env-file quoting regression by @bicced in #356
  • fix: subagent TTL lower bound + robust loopback check by @bicced in #357
  • fix: production readiness review — security hardening & bug fixes by @bicced in #358
  • improve chat input by @zeedann in #359
  • docs: accuracy audit — fix lies, stale content, and gaps by @bicced in #360
  • fix: sync README and tool docs with engine truth by @bicced in #361
  • Add Tier 6: Self-Improving Fleet (Engineering Agent) to roadmap by @bicced in #150
  • fix: add monthly budget support to dashboard by @LegionInterns in #364
  • fix: filter LLM-hallucinated parameters in skill execution by @LegionInterns in #362
  • fix: improve dashboard mobile responsiveness by @bicced in #365
  • feat: redesign blackboard as unified Comms view with activity timeline by @bicced in #366
  • fix: strip project prefix from blackboard keys in dashboard by @bicced in #367
  • catch exceptions and retries in http transport layer by @zeedann in #363
  • refactor: move comms from system tab to agent detail page by @bicced in #368
  • fix: gracefully disable embedding after 3 consecutive failures by @LegionInterns in #376
  • security: allowlist LLM params to prevent injection via agent kwargs by @LegionInterns in #373
  • fix: preserve tool calls across tab switches on mobile by @LegionInterns in #375
  • fix: persist chat history and prevent notification replay on dashboard by @LegionInterns in #372
  • feat: artifacts display, project-level comms, per-agent automations by @bicced in #380
  • Functional Slack Integration + Guide by @zeedann in #378
  • refactor: improve tool names and descriptions for LLM accuracy by @bicced in #381
  • Replace hard chat session limit with auto-continue compaction by @bicced in #382
  • fix: align comms tool descriptions with actual blackboard usage by @bicced in #383
  • fix: align dashboard namespace styling with comms conventions by @bicced in #384
  • feat(dashboard): UX improvements — comms reorder, health badges, chat timestamps, cron safety by @bicced in #385
  • Fix heartbeat countdown: compute next_run timestamps by @bicced in #386
  • fix(dashboard): use monitor icon for dashboard in comms activity by @bicced in #388
  • fix: cron dashboard Run/Pause/Resume buttons not working by @LegionInterns in #387
  • feat(dashboard): add artifact delete capability by @bicced in #389
  • feat: persist chat transcript for cross-device history by @bicced in #390
  • feat(dashboard): add storage usage display by @bicced in #391
  • test: add artifact delete edge case coverage by @bicced in #392
  • distinct system routes by @zeedann in #379
  • fix(dashboard): sync chat history from server on init and tab focus by @bicced in #393
  • fix: skip cost tracking for OAuth (subscription) calls by @bicced in #394
  • feat: add competitive-intel and social-listening fleet templates by @bicced in #395
  • feat: add lead-enrichment, price-intelligence, and review-ops fleet templates by @bicced in #396
  • fix(dashboard): add heartbeat toggle and fix Alpine.js disabled bindings by @bicced in #397
  • add thinking toggle for agents by @zeedann in #398
  • dashboard messenger experience by @zeedann in #399
  • Remove tokens row from agent card, align skeletons by @bicced in #401
  • move search bar left by @zeedann in #400
  • fix: enable KasmVNC auto-reconnect on WebSocket drop by @bicced in #402
  • fix: prevent Firefox window disappearing on VNC display by @bicced in #403
  • dashboard: unify Project Hub — Context, Activity, State, Files, Broadcast by @bicced in #404
  • fix: xdotool X11 raise is best-effort — don't fail focus on missing xdotool by @bicced in #405
  • fix: disable websockets auto-ping on VNC proxy to stop disconnect/reconnect loop by @bicced in #406
  • fix: prevent VNC blue screen from idle browser kill + WebSocket keepalive by @bicced in #407
  • feat: agent color picker, project assignment, and config view improvements by @bicced in #408
  • fix: set_cron permission + tool source badges on capabilities tab by @bicced in #409
  • feat: agent file browser tab + user uploads shared directory by @bicced in #410
  • fix: document mesh_client injection pattern in create_skill by @bicced in #411
  • feat: chat UX improvements — compact separator, tool-limit hint, reset rename by @bicced in #412
  • fix: post-merge review — worker loop regression + auto-continue separator + tests by @bicced in #413
  • fix: chat messages not rendering — Alpine x-for requires single root element by @bicced in #414
  • feat: chat UX — reset button, file attach, speech-to-text, mobile sidebar by @bicced in #415
  • fix: chat input alignment, mobile close controls, continuous voice by @bicced in #416
  • fix(browser): human-like typing via keyboard.type() — fixes Post button on X by @bicced in #417
  • fix(browser): reliable SPA interaction — wait_until, force click, wait_for_element by @bicced in #418
  • fix(browser): execCommand('insertText') to fix React Post button on X by @bicced in #419
  • feat(browser): advanced stealth hardening — Windows fingerprint, WebRTC kill, timing model by @bicced in #420
  • fix(browser): deep bot-detection review — 6 fixes, hover skill, allowed-actions regression by @bicced in #421
  • fix(browser): remove invalid timezone kwarg that crashed Camoufox on startup by @bicced in #422
  • feat(browser): multimodal screenshot image blocks for agents by @bicced in #423
  • fix(browser): auto-force click on aria-disabled buttons/links by @bicced in #424
  • feat(dashboard): UX improvements — Members tab, activity dot, skeleton by @bicced in #425
  • fix(context): image-aware token estimation + screenshot guidance by @bicced in #426
  • feat(browser): press_key, tab switching, history nav, Turnstile detection by @bicced in #427
  • fix(browser): go_back/go_forward navigated flag + review cleanup by @bicced in #428
  • docs: rebuild CLAUDE.md against current codebase by @bicced in #429
  • cleanup: promote inner imports, consolidate constants, tighten exception handling by @bicced in #430
  • fix(docs): update stale tool names across all documentation by @bicced in #431
  • fix(security): harden marketplace git clone and browser permission default by @bicced in #432
  • fix(security): add missing authz checks to mesh server endpoints by @bicced in #433
  • fix: remove dead code and fix correctness bugs by @bicced in #434
  • fix(security): harden channel webhook authentication by @bicced in #435
  • fix(security): isolate browser credential redaction per agent by @bicced in #436
  • fix(security): block CGNAT/multicast SSRF and harden agent loop by @bicced in #437
  • fix(docs): full documentation accuracy audit against codebase by @bicced in #438
  • fix: accept async functions in skill code validation by @bicced in #439
  • fix(permissions): default can_use_browser to true for all agents by @bicced in #440
  • refactor(dashboard): restructure System sub-tabs for clarity by @bicced in #441
  • feat(browser): dialog scoping and configurable speed factor by @bicced in #442
  • fix(dashboard): browser speed slider not loading on tab switch by @bicced in #443
  • fix(browser): invert speed semantics so higher = faster by @bicced in #444
  • fix(browser): detect modals via DOM instead of a11y tree by @bicced in #445
  • fix(browser): safety fallback when scoped modal snapshot fails by @bicced in #446
  • feat(dashboard): move pub/sub topics into project State tab by @bicced in #447
  • fix(browser): harden dialog scoping with dedup, navigate reset, DRY selector by @bicced in #448
  • fix(browser): JS-based accessibility tree when Playwright API unavailable by @bicced in #449
  • fix(browser): reset dialog_active on go_back/go_forward by @bicced in #450
  • Change demo link to new asset URL by @bicced in #451
  • fix(cron): bypass skip-LLM optimization on manual heartbeat trigger by @bicced in #452
  • feat(dashboard): phase-aware chat activity indicators and steer bubble split by @bicced in #453
  • feat(heartbeat): separate heartbeat from chat + activity log by @bicced in #454
  • fix(dashboard): preserve user messages on tab return by @bicced in #455
  • fix(dashboard): chat history role mismatch, timestamp bugs, and cleanup leaks by @bicced in #456
  • fix(dashboard): clear local chat on reset, add phase to notifications by @bicced in #457
  • docs: rebuild CLAUDE.md from codebase audit by @bicced in #458
  • feat: add Ollama (local LLM) support by @bicced in #460
  • fix(dashboard): persist chat panel state and fix activity unread inflation by @bicced in #461
  • feat: append-only audit trails with query API by @bicced in #462
  • fix: prevent horizontal scroll on mobile chat messages by @LegionInterns in #459
  • fix(dashboard): remove system/activity event notifications by @bicced in #463
  • fix(browser): modal scoping, visibility checks, and auto-force suppression by @bicced in #464
  • fix(dashboard): await VNC focus before loading iframe on agent switch by @bicced in #465
  • fix(agent): graceful heartbeat wind-down instead of hard iteration cutoff by @bicced in #466
  • fix(browser): element targeting accuracy and interaction speed by @bicced in #467
  • perf(agent): Phase 1 agent loop optimizations by @bicced in #468
  • fix(browser): remove DOM mutations and add human-like mouse movement by @bicced in #469
  • fix(browser): periodic VNC focus enforcement and reliable modal close by @bicced in #471
  • perf(agent): Phases 2-4 agent loop optimizations by @bicced in #470
  • feat(agent): enrich heartbeat system prompt with goals, learnings, fleet context by @bicced in #472
  • fix(dashboard): open browser viewer instantly instead of blocking on focus by @bicced in #473
  • feat(providers): single-source provider registry, OAuth fix, 5 new providers by @bicced in #475
  • feat(wallet): secure EVM + Solana wallet signing service by @bicced in #476
  • fix(webhooks): fix broken dashboard CRUD, add instructions support by @bicced in #477
  • fix(tools): add missing items to array schemas for OpenAI compat by @bicced in #478
  • fix(dashboard): responsive chat sidebar — compact on mid screens by @bicced in #479
  • fix(models): use litellm registry for Ollama context windows by @bicced in #480
  • feat(dashboard): restructure system tabs for clarity by @bicced in #481
  • fix(streaming): SSE keepalive prevents Ollama timeout cascade by @bicced in #482
  • refactor: remove orchestrator and workflow system by @bicced in #483
  • docs: rebuild CLAUDE.md from current codebase by @bicced in #484
  • docs: align documentation with codebase by @bicced in #486
  • fix(docker): upgrade pip before installing packages by @bicced in #485
  • fix(docker): suppress pip root-user warning in container builds by @bicced in #487
  • feat(dashboard): expand System Settings with LLM, budgets, agents, browser, and health controls by @bicced in #488
  • fix: handle empty responses from Ollama thinking models by @bicced in #489
  • fix: extract response from JSON chain-of-thought output (qwen3) by @bicced in #490
  • fix: disable Ollama thinking mode when tools are present by @bicced in #491
  • refactor: codebase cleanup — dead code, standardization, consolidation by @bicced in #492
  • feat(dashboard): add Restart Agents button, remove browser_max_concurrent by @bicced in #493
  • security: production readiness review — 17 fixes across 15 source files by @bicced in #494
  • fix: modal close fallback, agent behavior, dashboard tooltips by @bicced in #495
  • refactor: reuse available_tools variable in task nudge check by @bicced in #496
  • feat(browser): add BROWSER_UA_VERSION env var to spoof Firefox version by @bicced in #497
  • feat(dashboard): expandable tool details in chat bubbles by @bicced in #498
  • feat(webhooks): add edit functionality to dashboard by @bicced in #499
  • fix(browser): target specific X11 window when switching agent browsers by @bicced in #500
  • feat(credentials): add OpenAI OAuth setup-token support by @bicced in #501
  • fix(dashboard): fix dropdowns and popovers clipped or under other components by @bicced in #502
  • docs: rebuild CLAUDE.md from current codebase by @bicced in #503
  • docs: enforce mandatory worktree usage by @bicced in #504
  • feat(tools): add generate_image built-in skill by @bicced in #505
  • refactor(dashboard): improve UI/UX across fleet, chat, and system panels by @bicced in #506
  • feat(credentials): rewrite OpenAI OAuth to Codex Responses API by @bicced in #507
  • fix(setup_wizard): store OpenAI OAuth correctly in full wizard by @bicced in #508
  • [OLT-7] Title: test(webhooks): add update_hook unit tests and gitignore local dirs by @cmarccab in #509
  • feat(dashboard): add tooltip hints across all sections + fix right-edge overflow by @bicced in #510
  • fix(dashboard): constrain dropdowns and popovers to viewport on mobile by @bicced in #511
  • fix(image_gen): replace deprecated Gemini model with fallback chain by @bicced in #512
  • fix(credentials): revert Anthropic betas + dashboard OpenAI OAuth UX by @bicced in #513
  • fix(image_gen): prioritize gemini-2.5-flash-image by @bicced in #514
  • fix(credentials): accept nested Codex auth.json format in all entry points by @bicced in #515
  • feat(dashboard): add image generation provider setting by @bicced in #516
  • fix(credentials): include OpenAI OAuth in provider detection by @bicced in #517
  • feat(credentials): add structured Anthropic OAuth with Claude CLI import by @bicced in #518
  • fix(credentials): allow multi-line OAuth JSON paste + show in credentials list by @bicced in #519
  • show webhook secret to user + add port option for worktrees by @zeedann in #523
  • refactor: consolidate duplicate code and fix quality issues by @bicced in #524
  • API-key-authenticated credential management endpoint for external systems by @zeedann in #520
  • improve webhooks by @zeedann in #526
  • feat(browser): X11 input bypass for isTrusted=true on high-sensitivity elements by @bicced in #527
  • docs: rebuild CLAUDE.md from scratch by @bicced in #528
  • docs(credentials): add help guides explaining agent vs system API key tiers by @LegionInterns in #521
  • feat(webhooks): add PATCH endpoint to update webhook details by @LegionInterns in #522
  • feat(dashboard): add .env file upload endpoint for bulk credential import by @LegionInterns in #525
  • refactor: codebase cleanup — mechanical fixes and consolidation by @bicced in #529
  • fix(dashboard): event-driven updates for notifications, cron, and agent state by @bicced in #531
  • feat(coordination): structured multi-agent coordination protocol by @bicced in #530
  • fix(coordination): preserve task fields on complete, update stale tool guidance by @bicced in #532
  • fix(coordination): guard check_inbox against non-dict values by @bicced in #533
  • fix(dashboard): responsive overflow fixes across all pages by @bicced in #534
  • fix(dashboard): prevent notification replay on page refresh by @bicced in #535
  • fix(dashboard): parse ISO timestamp in notification replay detection by @bicced in #536
  • refactor(coordination): unify tool names on 'blackboard' by @bicced in #538
  • fix(coordination): harden agent cleanup, task lifecycle, and steer sanitization by @bicced in #537
  • fix(security): production readiness fixes from full codebase audit by @bicced in #539
  • fix(dashboard): show correct agent's browser in VNC viewer by @bicced in #543
  • upgrade pip on test workflow by @zeedann in #544
  • fix: notify dashboard when skills are hot-reloaded by @bicced in #542
  • improve dropdown search UI by @zeedann in #541
  • fix: pin litellm <1.82.8 to avoid critical vulnerability by @bicced in #549
  • fix(dashboard): resolve credential view and OAuth validation bugs by @bicced in #550
  • feat(dashboard): custom LLM provider support by @bicced in #551
  • docs: rebuild CLAUDE.md from current codebase state by @bicced in #553
  • fix(credentials): include Anthropic response body in OAuth error messages by @bicced in #554
  • fix(credentials): rewrite Anthropic OAuth to use official SDK by @bicced in #555
  • fix(dashboard): align credential badges when OAuth buttons hidden by @bicced in #557
  • fix: tool_calls format, case normalization, and settings lock by @bicced in #560
  • fix(dashboard): make system settings tab bar responsive by @bicced in #556
  • fix(dashboard): clip agent card accent stripe to rounded corners by @bicced in #558
  • fix(dashboard): wrap wallet chain badges on small screens by @bicced in #559
  • fix(credentials): set api_key=None in OAuth SDK client by @bicced in #561
  • fix(credentials): match openclaw's Anthropic OAuth SDK pattern exactly by @bicced in #563
  • feat(dashboard): redesign costs page with stat cards, model donut chart, and improved budgets by @bicced in #562
  • feat(dashboard): interactive database details in Storage tab by @bicced in #564
  • fix(credentials): route OAuth setup tokens to anthropic_oauth, not api_key by @bicced in #565
  • feat(dashboard): add custom LLM provider option to onboarding flow by @bicced in #566
  • feat(dashboard): searchable model dropdowns by @bicced in #567
  • fix(credentials): add OAuth debug logging for deployment diagnosis by @bicced in #568
  • fix(llm): route custom LLM providers through litellm OpenAI-compatible path by @bicced in #569
  • fix(credentials): atomic .env writes with fsync to survive service restarts by @bicced in #570
  • fix: temp file naming, case-insensitive model validation, settings lock by @bicced in #572
  • fix(llm): handle bare model names and clean up custom provider routing by @bicced in #571
  • fix(dashboard): prevent dropdown text from being cut off by @bicced in #573
  • fix(credentials): strip carriage return characters from pasted tokens by @bicced in #575
  • fix: credential \r strip, dropdown reset, dead code cleanup by @bicced in #576
  • fix(dashboard): load system settings when switching to settings sub-tab by @bicced in #574
  • fix(credentials): strip all whitespace from pasted tokens, not just \r by @bicced in #578
  • feat(dashboard): make credential service dropdown searchable by @bicced in #577
  • fix(dashboard): detect OAuth in has_llm_credentials + clear stale api_key on JSON OAuth by @bicced in #579
  • docs: update CLA with patent grant and streamline contributing guide by @bicced in #580
  • docs: add Work Patterns section to CLAUDE.md by @bicced in #582
  • fix(browser): pure X11 input chain for antibot bypass on X by @bicced in #581
  • fix(browser): behavioral antibot — wheel scroll, idle jitter, click dwell, Bezier trajectory by @bicced in #583
  • test(browser): add hover/press_key X11 fallback and selector coverage by @bicced in #584
  • fix(browser): prevent clicks escaping compose modal on X by @bicced in #585
  • fix(dashboard): responsive chat panel layout for tablets and small desktops by @bicced in #586
  • fix(agent): document mesh_client methods in create_skill for browser automation skills by @bicced in #587
  • fix(browser): scale X11 mouse/click/dwell timing with speed setting by @bicced in #588
  • fix(dashboard): cross-session chat sync via WebSocket events by @bicced in #589
  • fix(dashboard): responsive project hub for tablets and mobile by @bicced in #590

New Contributors

Full Changelog: v0.2.0...v0.3.0

Check out latest releases or
releases around openlegion-ai/openlegion v0.3.0

Don't miss a new openlegion release

NewReleases is sending notifications on new releases.

Get notifications