— changelog

Every release. Tagged, dated, sourced.

Mirrored from github.com/itsmehatef/dclaw/releases at build time. Not a changelog file — the Releases API is the source of truth.

7 releases · Latest v0.3.0-beta.2-sandbox-hardening · Updated 2026-04-22 · Apache-2.0
v0.3.0-beta.2-sandbox-hardening Current
2026-04-22

Sandbox hardening

Mandatory container posture across every agent. Capabilities dropped, root filesystem locked, fork bombs and escalation paths closed.

Security
  • Drop ALL Linux capabilities by default; agents run with no caps.
  • no-new-privileges enforced via SecurityOpt — setuid escalation blocked.
  • ReadonlyRootfs — agent FS is read-only outside the workspace mount.
  • Default seccomp profile applied; mknod and raw-device syscalls denied.
  • PidsLimit 256 per agent — fork bombs cannot exhaust host PIDs.
  • Containers run as uid 1000 (non-root) with workspace ownership matched.
  • docker.sock denylisted as a workspace path; symlink resolution validated.
Reliability
  • NDJSON audit log with size-based rotation in $XDG_STATE_HOME/dclaw.
  • dclaw doctor pre-flight: Docker daemon, image pull, capability probe.
Breaking
  • CAP_NET_ADMIN dropped — egress allowlist wiring deferred to GA.
  • Workspaces under /var/run, /proc, /sys are rejected with --workspace-trust.
View on GitHub →
v0.3.0-beta.1 Shipped
2026-03-30

First-run flow

dclaw init scaffolds a usable home, dclaw doctor surfaces Docker problems, agent create / agent chat ship end-to-end.

Features
  • dclaw init — scaffolds fleet.yaml, key store, and XDG state dir.
  • dclaw doctor — health checks for Docker, image, and host config.
  • agent create / agent chat --one-shot — full prompt → response loop.
  • Workspace path validator with denylist and --workspace-trust flag.
View on GitHub →
v0.3.0-alpha.4 Shipped
2026-03-12

Daemon, end-to-end

Daemon owns container lifecycle. JSON-RPC routing between channel plugins, daemon, and agent containers ships.

Features
  • dclaw daemon start — long-running control plane on Unix socket.
  • Container lifecycle managed by daemon; agents start/stop on demand.
  • JSON-RPC 2.0 wire protocol over Unix domain sockets.
  • Discord channel plugin reaches agent via daemon routing.
View on GitHub →
v0.3.0-alpha.3 Shipped
2026-02-26

Quota + cost tracking

Per-agent token budgets, cost accounting, and rate limits enforced in the daemon.

Features
  • Per-agent token quota with daily reset.
  • Cost tracking by model and provider, persisted to state dir.
  • Rate-limit enforcement at the daemon boundary.
View on GitHub →
v0.3.0-alpha.2 Shipped
2026-02-09

Fleet manager

fleet.yaml declarative config; daemon reconciles container fleet to match.

Features
  • fleet.yaml schema — agents, channels, models, quotas.
  • Reconciliation loop brings running fleet to declared state.
View on GitHub →
v0.2.0-cli Shipped
2026-01-14

CLI bones

CLI scaffold and version surface. Commands requiring the daemon exit 69 with structured JSON.

Features
  • dclaw version, dclaw --help wired.
  • Daemon-required commands return EX_UNAVAILABLE (69) with -o json envelope.
View on GitHub →
v0.1.0 Shipped
2025-12-18

One agent in a container

Proof-of-concept: pi-mono agent loop runs inside a Docker container with sandboxed tools.

Features
  • Alpine + Node + @mariozechner/pi-coding-agent container image (~250 MB).
  • Wrapper script runs an agent with a system prompt against a bind mount.
View on GitHub →
— how this page is built

At astro build, the page fetches api.github.com/repos/itsmehatef/dclaw/releases and bakes the response into static HTML. A repository_dispatch from the dclaw repo redeploys this site whenever a new release publishes — typically within 30 seconds. No client-side fetch, no rate limits, no CHANGELOG.md to maintain.

See HANDOFF.md for the Astro frontmatter and GitHub Actions workflow.