v0.2.0

Critical Bug Fixes

Fixed: UTF-8 Panics (#74, #73, #71)

• Added safe truncate_str() helper — never splits multibyte characters
• Fixed 20 crash sites across kernel, memory, API, runtime, channels, and CLI
• Chinese text, emoji, and em-dash no longer crash the daemon

Fixed: Shell_exec Infinite Loop (#69)

• Agent no longer retries denied tool calls endlessly burning API credits
• Approval denial now injects guidance message so the LLM stops retrying
• Works in both streaming and non-streaming paths

Fixed: Stale Groq Model (#60)

• Removed decommissioned deepseek-r1-distill-llama-70b (was returning HTTP 400)

Fixed: Volatile System Prompt Cache Misses (#82)

• Moved canonical context from system prompt to first user message
• System prompt is now stable across turns, enabling provider prompt caching

Fixed: Misleading Empty Response (#61)

• Now tracks whether tools actually executed
• Shows accurate message when model returns empty (no more false "tools executed" claims)

UI Improvements

• TUI chat now shows per-message cost alongside token counts ($0.0012)
• HTTP /api/agents/{id}/message response now includes cost_usd field
• All 16 TUI screens use safe UTF-8 truncation

v0.1.9 — Bug Fixes

Bug Fixes

• #55 Cron scheduler fires every minute (CRITICAL) — Pre-advances next_run before job execution to prevent re-firing during slow jobs. Changed tick behavior from Burst to Skip.
• #51 Dashboard 401s when api_key is set — Fixed auth detection (checkAuth() now matches "Not authorized" instead of "401"). Added 15 dashboard read endpoints to the public auth whitelist.
• #46 Approval cards missing buttons — Switched from x-show to x-if template for approval action buttons, fixing Alpine.js inline style conflict.
• #44 CLI hangs on --version and status — find_daemon() now normalizes 0.0.0.0 → 127.0.0.1 and adds 1s connect_timeout to prevent macOS DNS hangs.

v0.1.8 — Real Email & channel_send Tool

Features

• Real SMTP sending via lettre (STARTTLS port 587 / implicit TLS port 465, credential auth)
• Real IMAP polling via imap crate (TLS connect, UNSEEN search, mailparse RFC822 parsing, mark as Seen)
• Email threading via In-Reply-To headers with DashMap reply context per sender
• New channel_send tool — agents can proactively send messages on any configured channel (email, telegram, slack, etc.)
• KernelHandle.send_channel_message() wired through kernel → channel adapter DashMap
• Channel adapter registration in kernel at bridge startup for tool access

Dependencies Added

• lettre 0.11 (async SMTP transport)
• imap 2 (sync IMAP client)
• native-tls 0.2 (TLS connector)
• mailparse 0.15 (RFC822 parser)

Stats

• 1799 tests passing, 0 clippy warnings
• Live integration tested (daemon boot, tool visibility, channel adapter wiring)

v0.1.7

Fixes

• Fix MCP tools not visible to agents (threshold was >= 3, now > 0)
• MCP tools now show in Settings -> Tools alongside built-in tools
• Fix cron scheduler firing every 60s (real cron parsing with cron crate)
• Fix token quota treating 0 as deny-all instead of unlimited
• Fix dashboard scheduler calling wrong API endpoint
• Fix base_url not propagated from config to LLM driver
• Fix Mastodon HTML sanitizer panic on emoji/CJK characters
• Expand SSRF blocklist (Alibaba/Azure metadata, IPv6 localhost, 0.0.0.0)
• Add vault OFV1 magic byte header with legacy JSON backward compat
• Add input length validation for agent fields (413 on overflow)

New

• Zhipu Coding (CodeGeeX) provider + codegeex-4 model
• Config-based OAuth client ID overrides ([oauth] section)

v0.1.6

v0.1.6

Fixes

• MCP filesystem tools now actually used: Agents with MCP filesystem servers configured will now prefer MCP tools for files outside the workspace instead of failing with "resolves outside workspace"
• Better workspace error messages: When built-in file tools fail on paths outside the workspace, the error now suggests using MCP filesystem tools
• Binary version fixed: openfang -V now reports the correct version (was stuck on 0.1.0 in all previous releases)

v0.1.5

Fixes

• Fix #38: Panic when truncating Chinese/multi-byte text — cap_str was slicing by byte index, causing byte index is not a char boundary panic with Chinese characters, emoji, or other multi-byte UTF-8 text
• Fix #35: Improved error message for LLM failures — was showing "Invalid request format. This may be a bug" which confused users; now shows "Check your API key and model configuration in Settings"
• 13 additional UTF-8 boundary fixes across compactor, session_repair, loop_guard, image_gen, tool_runner, tts, and workspace_context — all string truncation sites now use safe char-boundary-aware slicing
• Added safe_truncate_str utility with 7 unit tests for safe multi-byte string truncation

Closes #38, #35

v0.1.4

What's New

Editable Provider Base URLs

• Local providers (Ollama, vLLM, LM Studio) can now have their base URLs customized via API or dashboard
• PUT /api/providers/{name}/url endpoint with URL validation and automatic health probe
• [provider_urls] config section persisted to config.toml, applied on boot
• Hot-reload support — provider URL changes applied without restart
• Dashboard UI base URL input on local provider cards in Settings > Providers
• base_url field added to GET /api/providers response

17 New Models

• Anthropic: Claude Opus 4.6, Claude Sonnet 4.6
• OpenAI: GPT-5, GPT-5 Mini, GPT-5 Nano, GPT-5.1, GPT-5.2, GPT-5.2 Pro
• Google: Gemini 3.1 Pro, Gemini 3 Flash, Gemini 3 Deep Think, Gemini 2.5 Flash Lite
• Meta: Llama 4 Scout 17B
• xAI: Grok 4, Grok 4.1 Fast
• AWS Bedrock: Claude Opus 4.6, Claude Sonnet 4.6

Alias Updates

• sonnet / opus → Claude 4.6 variants
• gpt5 / gpt5-mini → GPT-5 / GPT-5 Mini
• flash / gemini-flash → Gemini 3 Flash
• gemini-pro → Gemini 3.1 Pro
• grok → Grok 4
• grok-fast → Grok 4.1 Fast

OpenFang v0.1.3

What's New

Features

• Dashboard theme switcher — 3-mode pill (Light / System / Dark) with OS preference sync and localStorage persistence
• Windows ARM64 release target — native builds for Snapdragon X Elite devices

Fixes

• Cron delivery system — agent turns triggered by cron/channels/events now have full kernel tool access (cron_create, agent_send, etc.)
• Cron tool schema — action tag now matches serde (kind instead of action), so LLMs generate correct JSON
• Cron response delivery — routes agent responses to Channel, LastChannel (KV-persisted), or Webhook targets
• WhatsApp gateway — Node 25 compat ("type": "commonjs", removed import.meta.url)
• openfang stop — now waits for daemon to exit, force-kills if needed, cleans up daemon.json

Community

• Closed 6 issues (#2, #13, #14, #15, #16, #18)
• Reviewed and rebuilt 4 community PR ideas in-house (#9, #17, #20, #21)

Installation

CLI (Linux/macOS):

curl -sSf https://openfang.sh/install | sh

Docker (build from source):

git clone https://github.com/RightNow-AI/openfang.git
cd openfang && docker compose up --build

v0.1.2

What's New

Fixes

• openfang stop — CLI now waits for daemon to exit, force-kills via PID if needed, cleans up daemon.json
• Shutdown endpoint — uses notify signal for clean daemon exit
• Landing page — removed misleading "production-grade" wording, replaced with "battle-tested"
• Docker — documented build-from-source workaround for private GHCR image

Community

• Closed issues: #2 (GLIBC), #13 (wording), #14 (Arch), #15 (OS?), #16 (GLM), #18 (crypto)

Installation

CLI (Linux/macOS):

curl -sSf https://openfang.sh/install | sh

v0.1.1

v0.1.1

Fixes

• Agent templates now bundled in binary. openfang agent new works immediately after install.
• Kernel overlays user's configured default provider onto all agents at spawn time.
• API keys set via dashboard now persist across restarts (loads secrets.env on boot).
• listen_addr alias added for api_listen config field.
• Skill TOML parsing: [runtime] section now optional, defaults to PromptOnly.
• Added Kimi/Moonshot, Qwen, MiniMax, Zhipu, Qianfan to provider registry.
• Removed OpenSSL dependency. Binary uses pure Rust TLS (rustls) everywhere.
• Linux release binaries built on Ubuntu 22.04 for GLIBC 2.35 compatibility.
• Docker image name fixed to lowercase ghcr.io/rightnow-ai/openfang.

Upgrade

curl -sSf https://openfang.sh | sh