Clawbolt Files

Highlights

• feat(security): envelope-encrypt messages.tool_interactions_json at rest (#1119). The third user-content column on the messages table joins body and processed_context as encrypted at rest. Tool call arguments and results frequently embed customer names, phone numbers, and addresses passed to QuickBooks / CompanyCam / calendar tools; encrypting closes the DB-direct exposure that redact_pii only covers on the way out. Migration 024 backfills existing rows in batches and refuses to run when ENCRYPTION_KEY is unset on a non-empty table.
• fix(heartbeat): treat header-only HEARTBEAT.md as empty; drop dead quiet-hours code (#1118). The Phase 1 gate previously treated a HEARTBEAT.md that contained only ATX headings as actionable, burning ~48 LLM calls per day for users whose directives doc had no real items. New _has_actionable_heartbeat_content helper skips header-only docs. Stricter ATX-heading detection so hashtag-style #urgent task lines still count as content. Drops the unused is_within_business_hours function and the corresponding HEARTBEAT_QUIET_HOURS_* config fields.

Operator notes

Migration 024 envelope-encrypts messages.tool_interactions_json in a single transaction, locking the messages table for the duration. Plan a maintenance window proportional to your row count: ~1ms per row on the local KEK provider, so 100k rows finishes in ~2 minutes. Set ENCRYPTION_KEY to a stable value before running; the migration refuses to run on a non-empty table without it. There is no automatic downgrade.

Companion premium changes

After this OSS release lands, premium's OSS_REF is auto-bumped via oss-release-listener. Admin API keys (#364) and the export-endpoint correctness fixes (#365) merge on premium main independently.