0.22.0 - 2026-03-25

Release Notes

Added

• (agent) thread per-tool reasoning through provider, session, and all surfaces (#1513)
• (cli) show credential auth status in tool info (#1572)
• multi-tenant auth with per-user workspace isolation (#1118)
• (cli) add ironclaw models subcommands (list/status/set/set-provider) (#1043)
• (workspace) multi-scope workspace reads (#1117)
• (ux) complete UX overhaul — design system, onboarding, web polish (#1277)
• (gemini_oauth) full Gemini CLI OAuth integration with Cloud Code API (#1356)
• (shell) add Low/Medium/High risk levels for graduated command approval (closes #172) (#368)
• (agent) queue and merge messages during active turns (#1412)
• (cli) add ironclaw hooks list subcommand (#1023)
• (extensions) support text setup fields in web configure modal (#496)
• (llm) add GitHub Copilot as LLM provider (#1512)
• (workspace) layered memory with sensitivity-based privacy redirect (#1112)
• (webhooks) add public webhook trigger endpoint for routines (#736)
• (llm) Add OpenAI Codex (ChatGPT subscription) as LLM provider (#1461)
• (web) add light theme with dark/light/system toggle (#1457)
• (agent) activate stuck_threshold for time-based stuck job detection (#1234)
• chat onboarding and routine advisor (#927)

Fixed

• ensure LLM calls always end with user message (closes #763) (#1259)
• restore owner-scoped gateway startup (#1625)
• remove stale stream_token gate from channel-relay activation (#1623)
• (agent) case-insensitive channel match and user_id filter for event triggers (#1211)
• (routines) normalize status display across web and CLI (#1469)
• (tunnel) managed tunnels target wrong port and die from SIGPIPE (#1093)
• (agent) persist /model selection to .env, TOML, and DB (#1581)
• post-merge review sweep — 8 fixes across security, perf, and correctness (#1550)
• generate Mistral-compatible 9-char alphanumeric tool call IDs (#1242)
• (mcp) handle empty 202 notification acknowledgements (#1539)
• (tests) eliminate env mutex poison cascade (#1558)
• (safety) escape tool output XML content and remove misleading sanitized attr (#1067)
• (oauth) reject malformed ic2.* states in decode_hosted_oauth_state (#1441) (#1454)
• parameter coercion and validation for oneOf/anyOf/allOf schemas (#1397)
• persist startup-loaded MCP clients in ExtensionManager (#1509)
• (deps) patch rustls-webpki vulnerability (RUSTSEC-2026-0049)
• (routines) add missing extension_manager field in trigger_manual EngineContext
• (ci) serialize env-mutating OAuth wildcard tests with ENV_MUTEX (#1280) (#1468)
• (setup) remove redundant LLM config and API keys from bootstrap .env (#1448)
• resolve wasm broadcast merge conflicts with staging (#395) (#1460)
• skip credential validation for Bedrock backend (#1011)
• register sandbox jobs in ContextManager for query tool visibility (#1426)
• prefer execution-local message routing metadata (#1449)
• (security) validate embedding base URLs to prevent SSRF (#1221)
• f32→f64 precision artifact in temperature causes provider 400 errors (#1450)
• (routines) surface errors when sandbox unavailable for full_job routines (#769)
• restore libSQL vector search with dynamic dimensions (#1393)
• staging CI triage — consolidate retry parsing, fix flaky tests, add docs (#1427)

Other

• Merge branch 'main' into staging-promote/455f543b-23329172268
• Merge pull request #1655 from nearai/codex/fix-staging-promotion-1451-version-bumps
• Merge pull request #1499 from nearai/staging-promote/9603fefd-23364438978
• Fix libsql prompt scope regressions (#1651)
• Normalize cron schedules on routine create (#1648)
• Fix MCP lifecycle trace user scope (#1646)
• Fix REPL single-message hang and cap CI test duration (#1643)
• extract AppEvent to crates/ironclaw_common (#1615)
• Fix hosted OAuth refresh via proxy (#1602)
• (agent) optimize approval thread resolution (UUID parsing + lock contention) (#1592)
• (tools) auto-compact WASM tool schemas, add descriptions, improve credential prompts (#1525)
• Default new lightweight routines to tools-enabled (#1573)
• Google OAuth URL broken when initiated from Telegram channel (#1165)
• add gitcgr code graph badge (#1563)
• Fix owner-scoped message routing fallbacks (#1574)
• (tools) remove unconditional params clone in shared execution (fix #893) (#926)
• (llm) move transcription module into src/llm/ (#1559)
• (agent) avoid preview allocations for non-truncated strings (fix #894) (#924)
• Expand AGENTS.md with coding agents guidance (#1392)
• Fix CI approval flows and stale fixtures (#1478)
• Use live owner tool scope for autonomous routines and jobs (#1453)
• use Arc in embedding cache to avoid clones on miss path (#1438)
• Add owner-scoped permissions for full-job routines (#1440)

Install ironclaw 0.22.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/nearai/ironclaw/releases/download/ironclaw-v0.22.0/ironclaw-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/nearai/ironclaw/releases/download/ironclaw-v0.22.0/ironclaw-installer.ps1 | iex"

Install prebuilt binaries into your npm project

npm install ironclaw@0.22.0

Download ironclaw 0.22.0

File	Platform	Checksum
ironclaw-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ironclaw-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ironclaw-x86_64-pc-windows-msvc.tar.gz	x64 Windows	checksum
ironclaw-x86_64-pc-windows-msvc.msi	x64 Windows	checksum
ironclaw-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
ironclaw-x86_64-unknown-linux-gnu.tar.gz	x64 Linux	checksum
ironclaw-aarch64-unknown-linux-musl.tar.gz	ARM64 MUSL Linux	checksum
ironclaw-x86_64-unknown-linux-musl.tar.gz	x64 MUSL Linux	checksum