Fix task data leakage: isolate IPC directories per group by gavrielc · Pull Request #4 · qwibitai/nanoclaw

gavrielc · 2026-02-01T18:13:18Z

Previously all containers shared a single IPC directory with a global
current_tasks.json containing all groups' scheduled task prompts. Any
container could read another group's sensitive task data.

Now each group gets its own IPC directory (data/ipc/{groupFolder}/)
with isolated messages/, task_ops/, and tasks.json. Containers can
only access their own group's data.

https://claude.ai/code/session_01APCTSMLsJtP7a8kPBPdWQp

Previously all containers shared a single IPC directory with a global current_tasks.json containing all groups' scheduled task prompts. Any container could read another group's sensitive task data. Now each group gets its own IPC directory (data/ipc/{groupFolder}/) with isolated messages/, task_ops/, and tasks.json. Containers can only access their own group's data. https://claude.ai/code/session_01APCTSMLsJtP7a8kPBPdWQp

https://claude.ai/code/session_01APCTSMLsJtP7a8kPBPdWQp

gavrielc · 2026-02-01T18:41:11Z

Superseded by PR #3 which implemented per-group IPC isolation with more comprehensive authorization checks. The container-side task_ops rename from this PR was not critical.

Database: - Added usage_stats table with indexes (group, timestamp) - Added logUsage() to record each container execution - Added getUsageStats() with optional group/time filtering - Added getRecentUsage() for recent activity Integration: - Container-runner now logs duration after each execution - Enhanced /admin stats to show usage analytics: - Total requests - Average response time - Total tokens used This enables tracking of resource usage per group and over time.

P0 #1 - Cursor Safety (CRITICAL): - Move cursor advance to INSIDE handleClearCommand on success path only - Pass clearCommand timestamp to handleClearCommand - Advance cursor in empty message case to prevent infinite reprocessing - On error, cursor stays at old position → /clear can be retried - Prevents permanent message loss if API call fails P0 qwibitai#3 - Token Limit Protection: - Add progressive truncation: start with 500 messages, reduce by 25% if > 150k chars - Hard cap at 150k characters (~37.5k tokens, well under 200k limit) - Prevents API errors from oversized context - Logs actual character count and message count used P0 qwibitai#4 - Permission Control (SECURITY): - Add is_from_me check before executing /clear - Only bot owner can clear conversations - Prevents malicious group members from wiping history - Returns clear error message to unauthorized users All fixes prevent production failures and security vulnerabilities.

commit 452a9f8363c151bf440d405de195614307b3ca4f Author: brand <gialovcompotrds@gmail.com> Date: Wed Feb 25 16:43:52 2026 +0000 restore commit 55dbe9d4a57884ec5065ef6ba41704c2aac9f462 Author: brand <gialovcompotrds@gmail.com> Date: Wed Feb 25 16:38:56 2026 +0000 feat(skill/slack): include groups/main CLAUDE.md in package modifies with Slack formatting guidance commit 846c6dbd6aca5ee57fda83c94f5afd1c5f7bf69d Author: brand <gialovcompotrds@gmail.com> Date: Wed Feb 25 16:26:22 2026 +0000 docs(contributing): document nanorepo package-based skill format alongside instruction-based format commit 1e024930d9dc93955939dc2581da860a050fc74c Author: brand <gialovcompotrds@gmail.com> Date: Wed Feb 25 16:25:53 2026 +0000 fix(skill-pr): revert src/container-runner.ts to main baseline; ANTHROPIC_BASE_URL fix moved to fix/anthropic-base-url-passthrough branch commit b651b3f0ac459afadde5d302e55074587f0dec38 Author: brand <gialovcompotrds@gmail.com> Date: Wed Feb 25 16:24:46 2026 +0000 feat(slack): downgrade skill version from 1.0.0 to 0.1.2 for pre-release alignment commit ce81959f2e2b8adb2d32ade429b1f334086836f6 Author: brand <gialovcompotrds@gmail.com> Date: Wed Feb 25 16:04:52 2026 +0000 docs(slack): 更新技术债务文档至 v1.4，重新分类债务项并调整优先级 - 版本号 1.3 → 1.4，更新日期 2026-02-25 - 全局优先级"中等"改为"见各项优先级" - 新增"Part I: 核心代码架构债务"分类标题，明确债务项需修改 `src/` 主代码库 - 债务项 #1 新增"优先级：中等 — 第二通道集成前必须解决"标签 - 开发决策声明中"Part I 项"替代"所有债务项"，限定范围更精确 - 修正"Post-Application Revision"措 commit 6ce563117813ade0b9474ead36c0d7e172993bc0 Author: brand <gialovcompotrds@gmail.com> Date: Wed Feb 25 15:41:55 2026 +0000 docs(slack): 移除技术债务文档，已通过 Path C 实现解决 - 删除 slack-technical-debt-zh.md（413 行） - 债务项 #1-qwibitai#4（*_ONLY 标志、路由增强、IPC 扩展、配置统一）已通过 skill-first Path C 实现（getChatName + IPC auto-resolve + resolveChannelName） - 债务项 qwibitai#5（核心文件修改）已在 W6 审计中确认为通用基础设施改进，无需回退 - 文档版本 1.3，最后更新 2026-02-25，标记为"中等优先级" commit a14d55f7885370673d095b0a376c7ab3cff68b58 Author: brand <gialovcompotrds@gmail.com> Date: Wed Feb 25 15:34:25 2026 +0000 docs(slack): 更新用户指南术语和结构，新增 API 恢复章节 - 标题改为"用户指南"（原"用户手册"） - 统一术语：App→应用、Token→令牌、Main Channel→主频道、故障排查→故障排除、运维与监控→操作与监控 - 新增第 10 节"API 恢复与弹性"，说明 AI API 宕机时的失败消息丢弃和恢复后处理新消息机制 - 概述部分新增自动 API 恢复功能说明 - 前置条件表格标题"条件"改为"要求" - 简化描

Package the image vision feature (PR #4) as a formal NanoClaw skill for the three-way merge system. Includes add/ files, modify/ files with only image-vision changes vs base, intent docs, and 48 tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Closes qwibitai#6, relates to qwibitai#4 ## Changes ### `container/build.sh` - Default (no args) builds with `git rev-parse --short HEAD` SHA tag **and** re-tags as `latest` - Optional `REGISTRY` env var: push both SHA tag and `latest` to a registry after build - Explicit tag argument still works for one-off builds; skips `latest` re-tag in that case - Build output now prints both tags and includes rollback instructions ### `setup/container.ts` - Derives SHA tag via `git rev-parse --short HEAD` at build time (falls back to `'unknown'` in non-git environments) - Builds with SHA tag, then re-tags as `latest` - Adds `SHA_TAG` field to all `emitStatus` calls — setup output now records which exact commit was built - Test run uses the SHA-tagged image ## Verification After merge, `./container/build.sh` will produce: ``` nanoclaw-agent:<sha> ← immutable, traceable nanoclaw-agent:latest ← always current ``` To confirm a running container's commit: ```bash docker inspect nanoclaw-agent:latest --format '{{.Config.Labels}}' # or compare the SHA tag against git log ``` To roll back: ```bash docker tag nanoclaw-agent:<previous-sha> nanoclaw-agent:latest ``` Co-authored-by: Tony Santopietro <asantopietro@gmail.com> Reviewed-on: https://gitea.cluster.lab1.lan/asantopietro/nanoclaw/pulls/7 Co-authored-by: nanoclaw-bot <nanoclaw@nowhere.net> Co-committed-by: nanoclaw-bot <nanoclaw@nowhere.net>

- migrate-memories.mjs: pass apiKey for LanceDB Cloud URIs (medium #1) - Throw on old schema without scope column instead of silent warn (medium #2) - Log hint when rerank API key is present but RERANK_PROVIDER unset (medium qwibitai#3) - Validate vectorDim early for custom providers (low qwibitai#4) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Text Memo Capture step 3 now explicitly states original text must be preserved as-is above the --- divider, with bold markers only in the structured analysis section below. Prevents eval qwibitai#4 E5 failure where bold was applied inline to original text.

Critical bugs: - Bug qwibitai#4: Remove sequence from content hash to prevent duplicates on repeated PreCompact calls. Hash is now sha256(session_id:role:content). - Bug qwibitai#5: storeMessages() now returns count of newly inserted messages. PreCompact only creates leaf summaries for newly inserted messages, preventing re-summarization of already-stored content. Should-fix: - #1/qwibitai#10: Add dbInitialized flag to skip redundant schema setup on repeated initLcmDatabase() calls (fast path for MCP tool calls). - qwibitai#6: Depth-capped condensation now attempts API summarization first, falls back to truncated concatenation with 10K token cap instead of unbounded blob. - qwibitai#7: Skip API call entirely when neither ANTHROPIC_API_KEY nor ANTHROPIC_AUTH_TOKEN is set, go straight to deterministic fallback. Nice-to-have: - qwibitai#3: Remove duplicate LcmMessage/LcmSummary from src/types.ts. Single source of truth is container/agent-runner/src/lcm-store.ts.

Adversarial review surfaced 10+ issues with the junction table migration and maintenance features. Resolved the ones that matter most for pre-production deploy: Schema cleanup: - Collapsed all 7 LCM migrations into base schema (DBs will be wiped before production, no upgrade path needed) - Dropped dead JSON columns (source_message_ids, parent_summary_ids, child_summary_ids) that were write-only after junction table refactor - Removed legacy session_id→conversation_id rename - Removed lcm_schema_version and migration framework entirely API cleanup: - StoreSummaryInput now takes sourceMessageIds/childSummaryIds as arrays (was: JSON-stringified strings) - Removed silent try/catch on JSON parse failures - Removed the range-based fallback in lcm-subagent read_source (junction tables are authoritative) - Renamed getCoveredLeafIds → getCoveredSummaryIds (name was a lie: returned any covered summary, not just leaves) Dead code removal: - Deleted lcm-transcript-repair.ts entirely (was wired at wrong point in architecture: applied to stored messages, but our pipeline never re-sends those to an API, so it was fixing a problem we don't have) - Removed unused repairToolPairing import in lcm-helpers.ts Safety & correctness: - Pruning safety floors: minRetainedConversations (default 1) and maxDeleteFraction (default 0.5), with force=true override - Integrity check qwibitai#3 (leaf lineage) bumped from warning to error since getMessagesForSummary has no fallback path - Integrity check qwibitai#4 (condensed lineage) same treatment - Integrity check qwibitai#5 (orphans) rewrote N+1 query loop as a single JOIN query using the junction table index DR script (aios-infra): - Extended dr-test.sh with LCM integrity checks: summarization stall detection, orphan leaf/condensed summary detection, schema verification 125 tests passing, tsc clean. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Critical bugs: - Bug qwibitai#4: Remove sequence from content hash to prevent duplicates on repeated PreCompact calls. Hash is now sha256(session_id:role:content). - Bug qwibitai#5: storeMessages() now returns count of newly inserted messages. PreCompact only creates leaf summaries for newly inserted messages, preventing re-summarization of already-stored content. Should-fix: - #1/qwibitai#10: Add dbInitialized flag to skip redundant schema setup on repeated initLcmDatabase() calls (fast path for MCP tool calls). - qwibitai#6: Depth-capped condensation now attempts API summarization first, falls back to truncated concatenation with 10K token cap instead of unbounded blob. - qwibitai#7: Skip API call entirely when neither ANTHROPIC_API_KEY nor ANTHROPIC_AUTH_TOKEN is set, go straight to deterministic fallback. Nice-to-have: - qwibitai#3: Remove duplicate LcmMessage/LcmSummary from src/types.ts. Single source of truth is container/agent-runner/src/lcm-store.ts.

…odules container-runner.ts에 91줄을 차지하던 IPC 스냅샷 함수들이 spawn 로직과 무관한 도메인이라, 각 도메인의 owning 모듈로 분리: - mapTasksToSnapshots / writeAllTasksSnapshots / writeTasksSnapshot → task-scheduler.ts (이미 두 함수를 import 중이었음) - AvailableGroup 인터페이스 + writeGroupsSnapshot → group-state.ts (이미 두 함수를 import 중이었음) container-runner.ts 629→537줄. spawn 편집 시 무관 91줄 미로드 (Claude 토큰 효율). project_final_review.md qwibitai#4 완료. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Fixes two classes of spec violations caught by the phase 3 spec-compliance review: - R036/R049/R056/R057: in-sync rows had Docs-present broader than Docs-expected. Rule qwibitai#7 requires strict bitmap equality. Broadened Docs-expected to match actuals (these features DO have the extra coverage, so the initial expected mask was under-tight). - R022/R069/R071: stale-in-prod rows with total=0 violated rule qwibitai#4's "total>0 AND last_30d==0" predicate. The decision table lacks an explicit bucket for "shipped in code, never used, undocumented." Reclassified to stale-in-prod with an explicit rule-gap note on each row — the spirit of rule qwibitai#4 is "dormant feature", and these qualify regardless of doc coverage. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Three parallel subagent reviews (correctness, tests, template/bot-flow) of 6e33f39 + f859aa6 flagged three material gaps. All addressed here. TEMPLATE — recoverable-error retry loop (Agent 3 finding qwibitai#4) The existing success:false handler at L567 said "If error exists, present it in {{LANGUAGE}}" — which degrades into "sorry, registration failed" when the engine rejects register_person with the new missing- fields error. The bot would just show the error to the user instead of parsing which fields are missing and asking for them. Added a new "Recoverable-error retry loop" bullet right after the generic handler that teaches the bot to: 1. Parse the missing-field list from the error text 2. Ask the user in ONE concise question for only those specific fields 3. Retry the SAME register_person call with the complete payload 4. Only degrade to "sorry, failed" if the user refuses or retry errors This is a two-turn conversation, not a failure. TEMPLATE — Cross-Board Assignee Guard 4-field reminder (Agent 3 qwibitai#6) M8 already cross-referenced the offer_register branch for handling cross-board reassignment rejects, but didn't inline the 4-field rule. Added an explicit note on the offer_register diagnose step so a reader landing there directly understands the hierarchy-board requirement without chasing the cross-reference to L545. TESTS — 3 new cases closing Agent 2 coverage gaps container/agent-runner/src/taskflow-engine.test.ts: 1. Hierarchy board missing ALL three fields (phone + group_name + group_folder) → error message lists all three. Guards the dynamic `missing.join(', ')` output so the bot can ask for everything in one prompt instead of discovering the fields one by one across multiple retries. 2. Legacy board with max_depth = NULL → canDelegateDown() returns false, so the validation does NOT fire and a 3-field register_person call succeeds. Pre-hierarchy installs (before the hierarchy schema was added) still have max_depth NULL in the boards table; this regression guard prevents my validation from breaking them. 3. offer_register on a LEAF board → message does NOT include the division/sigla ask. Counterpart to the existing assertion that the sigla IS present on the hierarchy fixture. Locks down the canDelegateDown() branch in buildOfferRegisterError. 218 container engine tests pass (up from 214). DEFERRED (pre-existing, out of scope): Agent 3 qwibitai#2 suggested injecting a pre-resolved {{IS_HIERARCHY_BOARD}} boolean into the generator instead of using literal {{HIERARCHY_LEVEL}} < {{MAX_DEPTH}} comparisons that render as "3 < 3" in rendered group prompts. The current pattern is functional — LLMs read "3 < 3 = false" correctly — but it's cognitively more expensive than a pre-resolved flag. Changing this would require generator refactoring and touches L293, L294, L534, L545 and other places that use the same pattern. Out of scope for the Edilson fix; worth a separate refactor commit later. REGEN 11 groups/*/CLAUDE.md re-rendered to pick up the L545 retry-loop and cross-board 4-field additions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

…index Three parallel review agents (reuse, quality, efficiency) flagged actionable items on Phase 2: 1. TYPE SAFETY (Agent 1 qwibitai#5, Agent 2 qwibitai#4): The pending_approval response field was not declared in UpdateResult, and new AdminResult fields (offer_register, merged, source_archived, notes_added) were only returned via 'as any' casts. Fixed: - UpdateResult extended with pending_approval: { request_id, target_chat_jid, message, parent_board_id } - AdminResult extended with offer_register, merged, source_archived, notes_added (used by merge_project and handle_subtask_approval) - All 4 'as any' casts in the Phase 2 code removed - Also cleaned up `parentBoard?.group_jid ?? null` dead fallback (the null case was already made unreachable by the earlier fail-fast guard) 2. UNUSED INDEX (Agent 3 qwibitai#6): idx_subtask_requests_status on (status, target_board_id) was never queried — the dominant query is the PK lookup on request_id (O(1)). Removed the index and the drift-guard test that asserted its existence. Added a comment explaining the decision so a future scan-by-pending query can reinstate it. Deferred (acceptable at current scale): - subtask_requests grows unbounded: zero boards have opted into approval mode, so no current users. Revisit when adoption warrants. - N+1 insert in approve loop: typical batches < 10 subtasks, better-sqlite3 caches prepared statements. - decision field conflates handle_subtask_approval + process_minutes_ decision: matches existing codebase pattern. - Reject/approve notification duplication: only 2 sites with small variation, helper extraction would save ~2 lines. 236 engine / 365 skill tests pass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Risk/execution overhaul — makes the bot safe to run on real money and replaces per-coin tuning with a universal volatility-normalized formula. Fix qwibitai#3 — Exchange-side SL/TP (real-money safety net): - Entry market orders now include attachAlgoOrds with ATR-derived slTriggerPx + tpTriggerPx, so positions are protected on the exchange even if the bot goes offline between cron cycles. - Main bot: new syncExchangeSl() amends the live conditional algo (cancel-and-recreate fallback via orders-algo-pending) whenever the local trailing-SL tier advances, keeping exchange SL in lockstep. - Store slAlgoClOrdId + currentExchangeSlPrice in state.openData. Fix qwibitai#4 — Session rules actually enforced: - New getCurrentSession() (UTC: asian<8, london<13, ny). - Entry logic now applies session_rules[session].max_leverage and size_multiplier instead of only passing them to Claude for logging. Fix #5a — OI divergence with real previous OI: - OKX has no public per-instrument historical OI endpoint, so roll a state.oiHistory cache: pushOiSample() writes current OI each cycle, pickOiPrev() returns the oldest sample inside a 2–8h window. - analyzeMarket() signature extended with oiPrev; both call sites (hold loop + scan loop) pass it through. - Kills the `analyzeOIDivergence(oiCurrent, oiCurrent, ...)` no-op that silently disabled 4 OI signal weights. Fix #5b — Funding-rate trap F&G fusion: - analyzeFundingTrap() now receives the real fg object instead of hardcoded {value: 50}; `combined_with_fear/greed` flags finally fire. Fix qwibitai#6 — Risk dialed down: - risk_per_trade_main: 0.08 → 0.01 (8x reduction; 1% per trade) - hard_limits.max_risk_per_trade: 0.08 → 0.02 (ceiling for selfEvolve) - max_positions_main: 2 → 4 (room for ETH/SOL/XRP/DOGE/SUI scan) - max_drawdown_main: 0.20 → 0.15 (tighter DD circuit-breaker) - Added risk_per_trade_lab 0.005, max_positions_lab 4, max_leverage_lab 5 - instruments[] now matches WATCHLIST (ETH/SOL/XRP/DOGE/SUI) - Params version bump 0 → 1 with update_reason=atr_universal_fix_v1 Universal per-instrument formula (replaces hardcoded per-coin tuning): - New atr(rawCandles, 14) helper computes True Range on 1H candles. - New getInstrumentProfile() returns {atr, atrPct, sizeMult, maxLev, k_sl=1.5, k_tp=3.0}. sizeMult is log-normalized from 24h USD volume ($10M→0.4, $1B→1.0). maxLev is volatility-capped: ~0.12/atrPct. - analyzeMarket() now computes and returns the profile per instrument. - Entry sizing replaces equity*risk*lev*sizeM/ctUsdVal with: riskUsd = equity × risk% × session × liquidity × signal notional = riskUsd × (price / (k_sl × ATR)) sz = notional / ctUsdVal So SUI/DOGE get smaller positions automatically (higher ATR%) while keeping the same USD risk as ETH. No per-coin tuning required. - Initial SL/TP prices derive from ATR: SL = entry ± 1.5×ATR, TP = entry ± 3.0×ATR (1:2 R:R), passed both to attachAlgoOrds and stored in state.openData for the tier-ladder override below. Trailing-SL ladder (main bot): - At t0 (hwm below t1 threshold), prefer the stored ATR-derived atrSlUplRatio over the fixed -7% margin-% default, so the initial stop scales with the coin's natural volatility. - Tiers t1..t5 unchanged; still drive exchange-SL sync on advance. Lab bot (okx-trader-lab.js): - Same helpers/fixes (ATR, profile, session rules, OI cache, FR fix, attachAlgoOrds at entry). - Skips exchange-side SL tier sync because lab's pnlPct is equity-scale rather than uplRatio-scale — initial attach SL/TP still provides the safety net.

…ebug+security README.md: - rewrite from scratch: remove OpenClaw comparison + upstream author first-person voice, "gh repo fork qwibitai" Quick Start, dead docs.nanoclaw.dev links, Docker/Linux/Windows support claims (runtime is hardcoded to Apple `container` CLI), "Agent Swarms" framing, and the upstream PR/contribution section - describe current reality: Slack pat/mat dual bots + Gmail, Claude+Codex dual SDK, Apple Container + OneCLI, whisper-cpp local transcription, per-group isolated memory - Key Files table reflects src/ as it is now (slack-mat.ts, container-runtime.ts, transcribe.ts) docs/DEBUG_CHECKLIST.md: - drop Issue qwibitai#4 (Kubernetes/Rancher Desktop image GC) — Docker-only problem, runtime is hardcoded to Apple container - docker ps/run → container list/run - delete Channel Auth Issues section (QR code, store/auth/, npm run auth — all WhatsApp-era dead weight) docs/SECURITY.md: - drop `store/auth/` NOT-Mounted bullet (WhatsApp session dir, unused in this fork) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

…g fixes Three divergences resolved against the current implementation: - Incremental reset archives (#1/qwibitai#2): ArchiveAndStartThrowawayOnReset now binds a prior_archives lookup, derives latest_prior_at, and passes it as messages_since on the new archive (null = full transcript). Added NonOverlappingArchivesPerSession invariant to assert no message timestamp sits inside the range of two non-placeholder archives for the same session. All other creation sites set messages_since: null. - Path format (qwibitai#4): all example archive paths now include the {HHmm} time component that the code has always written. - ThrowawaySession status (qwibitai#5): creation sites changed from status: queued (undeclared) to status: running, matching the code where runContainerAgent is called immediately with no queued step. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Additive change — existing code paths still run via inline fallbacks. Prepares core for per-module extractions in PR #3 onward. Four registries added with empty defaults: - delivery action handlers (delivery.ts) - router inbound gate (router.ts) - response dispatcher (index.ts) - MCP tool self-registration (container/agent-runner/src/mcp-tools/server.ts) Default modules moved to src/modules/ for signaling: - src/modules/typing/ (extracted from delivery.ts) - src/modules/mount-security/ (moved from src/mount-security.ts) Both are imported directly by core — no hook, no registry. Removal requires editing core imports. Migrator now keys applied rows by name (uniqueness) so module migrations can pick arbitrary version numbers. Stored version column is auto-assigned as an applied-order sequence. sqlite_master guards added around core calls into module-owned tables (user_roles, agent_destinations, pending_questions). No-ops today; load-bearing after the owning modules are extracted. MODULE-HOOK markers placed at scheduling's two skill-edit sites (host-sweep.ts recurrence call, poll-loop.ts pre-task gate). PR #4 replaces the marked blocks when scheduling moves to its module. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

refactor: extract scheduling as registry-based module (PR #4)

claude added 2 commits February 1, 2026 17:45

Add container agent-runner package-lock.json

e5cc314

https://claude.ai/code/session_01APCTSMLsJtP7a8kPBPdWQp

gavrielc closed this Feb 1, 2026

TomGranot deleted the claude/fix-task-data-leakage-XcZNI branch February 12, 2026 15:51

glifocat mentioned this pull request Feb 27, 2026

feat(skills): add image vision skill package #555

Closed

6 tasks

asantopietro added a commit to asantopietro/nanoclaw that referenced this pull request Mar 1, 2026

Replace readline TUI with pi-tui component architecture (qwibitai#4)

32481c7

asantopietro added a commit to asantopietro/nanoclaw that referenced this pull request Mar 1, 2026

Stream partial agent output to TUI via WebSocket (qwibitai#4)

455002e

rmmnk mentioned this pull request Mar 5, 2026

Add CONTAINER_MEMORY_LIMIT to config.ts rmmnk/nanoclaw#5

Closed

Ordinath mentioned this pull request Mar 20, 2026

Read incoming emoji reactions on messages #1288

Closed

roi-shikler-thenvoi mentioned this pull request Mar 31, 2026

feat: add Thenvoi Platform channel integration thenvoi/nanoclaw-thenvoi#2

Closed

7 tasks

gavrielc mentioned this pull request Apr 18, 2026

refactor: extract scheduling as registry-based module (PR #4) #1842

Merged

gavrielc added a commit that referenced this pull request Apr 18, 2026

Merge pull request #1842 from qwibitai/refactor/pr4-scheduling

e75af5e

refactor: extract scheduling as registry-based module (PR #4)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix task data leakage: isolate IPC directories per group#4

Fix task data leakage: isolate IPC directories per group#4
gavrielc wants to merge 2 commits intomainfrom
claude/fix-task-data-leakage-XcZNI

gavrielc commented Feb 1, 2026

Uh oh!

gavrielc commented Feb 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants