MyAgens
MyAgens

Changelog

Every release, newest first

What's new, changed, and fixed in each version of MyAgens.

v0.4.012 new · 8 security
Added
  • Secret vault: AES-256-GCM encrypted secrets, macOS Keychain or key-file on Linux, rotation and backup/restore. (b8c72ee)
  • Crew hierarchy: Lead bots with their own Telegram tokens, crew_delegate, crew_report, crew_ask_president, crew_suggest. (b8c72ee)
  • Kanban task board with delegation to autonomous runs, WIP limits, drag-drop, bulk select, blocked-by ordering. (b8c72ee)
  • Council votes: /council <proposal> runs all Leads as one-shot SUPPORT/OPPOSE voters. (b8c72ee)
  • Suggestion inbox: Leads file non-urgent ideas via crew_suggest; president triages from the panel. (9b0ab54)
  • Remote access / tunnel relay: ngrok or cloudflared child process, Basic Auth gate, auto-start. (5ab31d1)
  • AskUserQuestion rendered as inline Telegram buttons. (158298e)
  • Agentic loop detector: SHA-256 hashes tool+input, prompts or aborts at threshold. (60a6555)
  • Per-chat turn rate limiter in the Telegram bot. (5e016ff)
  • SSRF guard (safeFetch, assertSafeUrl) on all server-side outbound fetches. (b5b655c)
  • Task concurrency queue, provider probe diagnostics, hot-memory shorten threshold. (b5b655c, c5c0e52)
  • Activity feed shows crew tool calls with meaningful detail. (955301b)
Security (0.3.x batch included here)
  • Panel token brute-force hardening and URL-leakage fix. (502b687)
  • Provider authToken never returned in plaintext. (7e957e2)
  • Panel terminal gated behind a flag; env sanitised. (a9880dc)
  • Log lines redacted before persistence. (8a2f04c)
  • SSRF guard on all outbound fetches. (5d84440)
  • Symlink-escape fix for claudeFiles path canonicalisation. (cf931fa)
  • Private-chat enforcement on Lead bots. (1cffb5a)
  • Data dir chmod 0700, proto-pollution reviver, Vite bumped. (0eb24ff)
v0.3.19 new · 2 fixed
Added
  • Memory maintenance: deterministic tier decay, Haiku consolidation pass, shorten-verbose pass; interval-based scheduler. (b7118db, 3e71117)
  • Maintenance dry-run preview before compaction runs. (fdf67e9)
  • Council votes from Crew view in the panel. (ef63fc3)
  • Lead protocol injected into Lead system prompts; delegation log expand. (ca7ed6d)
  • Lead bot AskUserQuestion inline buttons. (147bbb1)
  • Restore button on archived task cards. (9f12012)
  • Lead bot splits final reply on --- separator, matching main bot UX. (41d5d21)
  • Persona-aware inbox delegation. (158298e)
  • Memory stats overview grid. (4fa23a2)
Fixed
  • crew_ask_president now works inside Lead bots. (64663a8)
  • Hot memory entries can decay; steered toward terse memories. (7f4cff0)
v0.3.05 new · 1 security
Added
  • Three-tab Logs view: human-readable activity feed, raw logs, analytics. (5d00416)
  • Remote Access: tunnel relay (ngrok/cloudflared) with HTTP Basic Auth gate and auto-start. (5ab31d1)
  • Auto-heal weak PANEL_TOKEN: generates a secure token and DMs it via Telegram. (c611f51)
  • Lifecycle events surfaced in the activity feed. (de644c1)
  • Blurred locked-terminal placeholder when terminal is disabled. (41852da)
Security
  • Full SEC-1 through SEC-8 hardening pass (see the 0.4.0 section above for details).
v0.2.011 new
Added
  • Management panel: embedded Fastify SPA with health dashboard, workers, tasks, memory, vault, logs, usage, settings, and more.
  • Crew / Lead bots: initial multi-agent infrastructure.
  • Scheduling: persisted timed prompts run as autonomous turns.
  • Voice transcription: OpenAI-compatible endpoint or local Vosk backend.
  • Projects: saved cwds with /projects inline menu.
  • Approval presets: persistent always-allow per tool and per bash command.
  • Image vision: inline photo handling and send_file back to Telegram.
  • Git review flow: /diff with Commit/Discard buttons, /commit.
  • Usage tracking: per-session lifetime and per-day token buckets.
  • Session persistence across restarts (resume token, cwd, autonomy, usage).
  • Install wizard (myhq-install.sh), update, and uninstall scripts.
v0.1.0

Initial release. A Telegram bot driving the Claude Agent SDK on the host machine, with streamed replies, inline tool-approval buttons, and an allowed-user allow-list.

Full history and source on GitHub.