Download Latest Version v1.9.3 -- Smarter Agents, Safer Company Configuration, and Better Workspace Tools source code.tar.gz (2.4 MB)
Email in envelope

Get an email when there's a new version of Clawith

Home / v1.9.0
Name Modified Size InfoDownloads / Week
Parent folder
README.md 2026-04-26 9.1 kB
0
v1.9.0 -- OKR Engine, Workspace Collaboration, Multi-Channel Expansion _ Security Hardening source code.tar.gz 2026-04-26 1.6 MB
0
v1.9.0 -- OKR Engine, Workspace Collaboration, Multi-Channel Expansion _ Security Hardening source code.zip 2026-04-26 1.8 MB
0
Totals: 3 Items   3.5 MB 0

What's New in v1.9.0

This is a major release introducing the OKR management system, real-time workspace collaboration, new channel integrations, and critical security hardening.

🎯 OKR Management System

A full-featured OKR engine built on top of the multi-agent platform:

  • OKR Data Model & API — Complete CRUD for Objectives and Key Results, including a company-level OKR dashboard
  • Auto-provisioned OKR Agent — When a tenant enables OKR for the first time, a dedicated OKR Agent is automatically created
  • Daily Collection & Reporting — The OKR Agent sends daily progress check-ins to members via A2A, aggregates responses, and generates company-level reports; automatically skips non-business days
  • Nudge Members — Proactively reminds members who haven't submitted OKR updates; supports relationship-network-based member filtering
  • KR Content Update Tool — Agents can directly call a tool to update KR progress content
  • OKR Settings Page — New dedicated OKR tab in Enterprise Settings for toggling, cadence configuration, and report trigger management
  • Missing OKR Members Panel — Displays members who haven't filled in OKRs, with source annotations

🤝 Agent-to-Agent (A2A) Enhancements

  • Three message types — notify, consult, and task_delegate; agents automatically select the appropriate type based on semantics
  • Tenant-level async toggle — a2a_async_enabled moved from Agent level to Tenant level; configure once in Enterprise Settings
  • A2A session visibility — A2A replies are mirrored to shared sessions; users can view agent-to-agent conversations in the "Other Users" tab
  • User-friendly notifications — Task delegation generates readable notification titles, filtering out internal jargon

🗂️ Workspace Collaboration

  • Rich file preview — Sidebar preview for images, HTML, PDF, Markdown, and more
  • Preview lock — Users can lock the current preview to prevent auto-switching when agents write files
  • Streaming draft parameters — Real-time streaming display of draft parameters during tool calls
  • File deletion confirmation — Confirmation prompt before deleting a previewed file
  • Auto-archive generated documents — Agent-generated documents are automatically organized into corresponding folders
  • Hover delete button — Workspace file list shows a delete button on hover

📡 New Channel Integrations

  • WeChat (垎俥) — New WeChat Work channel integration
  • WhatsApp — New WhatsApp channel integration
  • Google Workspace — New Google Workspace integration with proxy configuration and UI improvements
  • DingTalk rich media — Added support for image, file, audio, and video message types in DingTalk

🛠️ New Agent Tools

  • Format conversion tools — Built-in tools for Word / Excel / PPT / PDF conversion
  • Feishu document search — Agents can search Feishu document libraries via tool call
  • Platform message priority routing — Messages from platform users are preferentially sent via send_platform_message

💬 Chat & Session Improvements

  • Primary Session — Platform users now have a dedicated primary session entry with unread badge support
  • Hash routing — Agent detail page supports hash anchor navigation to jump directly to a specific tab

🔒 Security Hardening

  • 4 critical vulnerabilities patched (#246):
  • Unauthenticated API key generation endpoint
  • LLM API keys stored in plaintext — now AES-256 encrypted
  • Production startup allowed with default JWT secret — now blocked unless DEBUG=true
  • Multi-tenant isolation gaps in permission checks and Plaza API
  • Stronger execute_code sandbox — Enhanced bwrap isolation for the code execution tool
  • Removed plaintext credential fields — Plaintext website password fields removed from credential storage

⚡ Performance

  • Session list N+1 query fix (#410) — Replaced 1+2N per-session queries with 3–4 bulk queries regardless of session count
  • A2A wake reflection limit — Reflection sessions capped at 2 tool-call rounds to prevent resource waste

🐛 Bug Fixes

  • Fixed backend startup hang during database bootstrap
  • Fixed Feishu WebSocket duplicate connection causing "kicked by new connection" errors
  • Fixed Feishu streaming cards, structured errors, and migration robustness (#444)
  • Fixed approvals tab crash on non-array responses (#422)
  • Fixed missing ensure_identity_provider in registration flow (#469)
  • Fixed chat page scroll regression
  • Fixed model configuration not taking effect in real time
  • Fixed fallback LLM not activating when primary LLM errors
  • Added rate-limit protection to DingTalk org sync API
  • Fixed tool call message pairs (assistant + tool) being broken apart (#416)
  • Fixed malformed JSON arguments in write_file tool calls (#212)
  • Fixed user profile update not persisting correctly in PATCH /auth/me (#213)
  • Fixed org member identity mapping for sync and SSO (#404)

Upgrade Guide

Database migration required. This release includes multiple schema changes. Run alembic upgrade head before starting the new version.

⚠️ Breaking Changes — Read Before Upgrading

1. a2a_async_enabled moved from Agent to Tenant level The migration script automatically sets the tenant-level flag to FALSE. After upgrading, reconfigure in Enterprise Settings → Company Info → A2A Async if you had this enabled per-agent.

2. send_web_message tool renamed to send_platform_message Any Agent soul.md files that reference send_web_message must be updated manually. The old name will not be recognized.

3. Plaintext credential fields removed The website_password and related plaintext fields have been dropped from the agent_credentials table. Back up your credentials before running migrations. After upgrading, re-enter credentials through the UI.

4. JWT secret enforcement in production If your deployment uses the default SECRET_KEY=change-me, the backend will now refuse to start unless DEBUG=true. Set a strong secret in your .env before upgrading production.

Docker Deployment (Recommended)

:::bash
# 1. Pull latest code
git pull origin main

# 2. Run database migrations (before restarting)
docker exec clawith-backend-1 alembic upgrade head

# 3. Rebuild and restart all services
docker compose down && docker compose up -d --build

Large datasets: The chat message index migration (#411) may take several minutes on tables with millions of rows. Run it during a maintenance window and monitor progress with: bash docker exec clawith-backend-1 alembic current

Source Deployment

:::bash
# 1. Pull latest code
git pull origin main

# 2. Install new backend dependencies
cd backend && pip install -e ".[dev]"

# 3. Run database migrations
alembic upgrade head

# 4. Rebuild frontend
cd ../frontend && npm install && npm run build

# 5. Restart backend
# (use your process manager: systemd, supervisor, etc.)

Kubernetes (Helm)

:::bash
# 1. Update chart values if needed (new env vars: see Notes below)
vim values.yaml

# 2. Run migration job before rolling out new pods
kubectl exec -n <namespace> deploy/clawith-backend -- alembic upgrade head

# 3. Roll out new image
helm upgrade clawith helm/clawith/ -f values.yaml

Post-Upgrade Checklist

  • [ ] Verify backend starts without errors (docker logs clawith-backend-1)
  • [ ] Confirm SECRET_KEY is set to a non-default value in production
  • [ ] Re-enter any credentials that used plaintext fields (Agent Credentials page)
  • [ ] Update Agent soul.md files: replace send_web_message → send_platform_message
  • [ ] If A2A Async was in use: re-enable in Enterprise Settings → Company Info
  • [ ] New channels (WeChat, WhatsApp, Google Workspace): configure credentials in Enterprise Settings → Channels
  • [ ] OKR feature is off by default — enable in Enterprise Settings → OKR when ready

New Environment Variables

No new required environment variables. Optional additions:

Variable Default Description
DEBUG false Must be true to allow default JWT secret in dev

Notes

  • OKR features are disabled by default. Enabling them auto-creates a dedicated OKR Agent for the tenant.
  • WeChat, WhatsApp, and Google Workspace channels each require separate credential setup in Enterprise Settings before use.
  • The a2a_async_enabled column on the agents table has been removed; the flag now lives on the tenants table.
Source: README.md, updated 2026-04-26