ButterClaw v0.6 is the release where the project stopped being "a clever agent wrapper" and started becoming a real, governable OS layer. If v0.5 was the memory renaissance, v0.6 is the moment ButterClaw learned to authenticate, authorize, and account for itself.
This cycle—codenamed The Exoskeleton—introduced the API Gateway, the Auth subsystem, the ButterVault, and the first iteration of policy primitives, all while tightening the UI, routing, and deployment structure to prepare for the real world.
The Authentication Breakthrough
v0.6.0 was the architectural pivot. It established the identity boundary: ButterClaw now knows exactly who is calling it and what they are allowed to do.
-
✦
Unified Auth Module:
auth.pyhandles HMAC-SHA256 API key hashing, session tokens, and 3-tier RBAC (Admin, Operator, Viewer). -
✦
The API Gateway:
server.pywas patched to enforce auth gates, route protection, and structured error responses across all endpoints. -
✦
UI State Transitions:
index.htmlandrouting.htmlupdated to natively handle authenticated vs. unauthenticated states via login modals.
Guardrails & Alert Dispatch
v0.6.1 focused on tightening the system and introducing the Policy Engine—deterministic rules to override the probabilistic brain. v0.6.2 followed with a massive hygiene pass: directory restructuring, cleanup, and the integration of the Alert Dispatcher.
- ✦ DRIFT Framework: 3-scope pipeline (pre-brain, post-brain, pre-tool) allowing admins to short-circuit, block, or escalate verdicts using 16 safe condition operators.
- ✦ Push Notifications: 5 external routing channels (Webhook, Discord, ntfy, SMTP, Gotify) to ensure operators know the moment a threat is neutralized.
- ✦ Hygiene & Structure: Moved files into correct deployment directories, cleaned up UX transitions, and made the codebase maintainable for production.
Deployment Packaging (Docker Edition)
The "ready to ship" version. We closed the loop on authentication, governance, and structure by unifying the configuration layer and taming the final boss of containerization: Docker network isolation.
- ✦ Unified config.py: Single source of truth. Replaced scattered hardcoded variables and split-brain SQLite paths with a clean, 12-factor compliant environment loader.
-
✦
Host Bridging: Securely bridges the isolated Linux container back to the host machine's native Windows Ollama instance (
host.docker.internal), preserving GPU acceleration. - ✦ The Deadlock Broken: Injected initialization hooks to ensure the Vault Master Key generates before the server boots, curing secure-session Catch-22s.
Active Assassination & The Double Air-Gap
The final hardening of the Exoskeleton. The Vault no longer just scorches the local database; it actively reaches across the network to vaporize compromised OAuth tokens globally.
-
✦
Network Lethality: The Gibson now fires live HTTP
DELETEandPOSTrequests to GitHub and Google endpoints to assassinate remote tokens before wiping local ciphertext. -
✦
The Double Air-Gap: A hardcoded, low-level
DRY_RUNcircuit breaker guarantees simulated prompt injections won't accidentally annihilate your live GitHub sessions. - ✦ Nginx Isolation: Welded the screen door shut. Raw port 5000 is removed; all UI/API traffic is isolated behind a hardened Nginx TLS reverse proxy.
# 1. Generate Local TLS Certificates for Nginx
mkdir -p nginx/certs
docker run --rm -v "${PWD}/nginx/certs:/certs" alpine/openssl req -x509 \
-nodes -days 365 -newkey rsa:2048 -keyout /certs/butterclaw.key \
-out /certs/butterclaw.crt -subj "/CN=localhost"
# 2. Final Production Ignition
docker compose up -d --build
# 3. View your Bootstrap Admin API Key
docker compose logs -f butterclawLooking to v0.7
With identity, boundaries, policy, and deployment locked in, the Exoskeleton is fully calcified. ButterClaw is now stable enough to handle distributed environments. The next horizon involves federated nodes, multi-agent observability, and broader enterprise integrations.