anna docs

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[0.16.6] - 2026-04-26

✨ Features

OAuth: Expand lark/feishu pre-authorized scopes to match lark-cli domain coverage (approval, base, calendar, contact, docs, drive, im, mail, sheets, slides, task, wiki — 138 scopes)
OAuth: Add Feishu/Lark device-code flow support in channel chat

Full Changelog: v0.16.5...v0.16.6

[0.16.5] - 2026-04-25

🐛 Bug Fixes

Sandbox: Require bubblewrap on Linux local sandbox, remove fallbacks (#129)
Sandbox: Require bubblewrap on Linux local sandbox, remove unshare/unconfined fallbacks
Sandbox: Skip Docker preflight checks when local sandbox backend is selected
Sandbox: Remove redundant --dir /workspace from bwrap args
Sandbox: Fix bwrap bind ordering — bind /workspace before --ro-bind / /
Sandbox: Harden local sandbox root directory security
OAuth: Fix token refresh and session environment injection (#128)

✅ Testing

Skip bubblewrap-dependent tests when user namespaces are blocked
Improve test coverage from 51.6% to ~53%
Install bubblewrap in CI and fix omitzero JSON tag

📝 Documentation

Clarify Feishu auto-provision setup instructions

Full Changelog: v0.16.4...v0.16.5

[0.16.4] - 2026-04-24

🐛 Bug Fixes

Sandbox: Default backend changed from Docker to Local; Plugins page selection now correctly honoured
Feishu: Run auto-provision synchronously before identity lookup

Full Changelog: v0.16.3...v0.16.4

[0.16.3] - 2026-04-24

🐛 Bug Fixes

Session: Use random IDs in NewSessionID to prevent Docker container name collisions
OAuth: Persist device-code token via FlowStore, not broker instance
OAuth: Wire OAuth registry into PoolManager for session env injection
Runtime: Abort reconcile early when context is canceled
Runtime: Remove racy ProcessState read in managed command Cancel
Plugins: Add @rsbuild/core to satisfy static import in start-plugin-core

♻️ Refactoring

Apply linter suggestions from golangci-lint

🔧 CI

Upgrade GitHub Actions runner

Full Changelog: v0.16.2...v0.16.3

[0.16.2] - 2026-04-24

🐛 Bug Fixes

Plugins: Fix default mise table versions not being set correctly
Plugins: Isolate manifest binary installer to prevent cross-plugin interference

Full Changelog: v0.16.1...v0.16.2

[0.16.1] - 2026-04-24

🐛 Bug Fixes

Plugins: Fix manifest binary install failing when mise refuses to read untrusted temp config files — now runs mise trust on the temp dir before mise install

🔒 Security

Resolve 9 GitHub Dependabot security alerts in docs dependencies

Full Changelog: v0.16.0...v0.16.1

[0.16.0] - 2026-04-24

✨ Features

Plugins: Add runtime manifest tool plugins — file-driven path for CLI tool integrations via $ANNA_HOME/plugins.yaml with two-layer merge, binary provisioning, version-based caching, and admin UI (#124)
OAuth: Add generic OAuth registry/broker framework integrated into runtime, admin, and plugin host paths; add manifest validation for OAuth providers (#125)
Plugins: Unify gh, lark-cli, tap-web, and mise under a first-class CLI-backed tool plugin pattern with plugin-owned binary, wrapper, session env, bundled-skill, and prompt registrations (#123)

♻️ Refactoring

Plugins: Consolidate and simplify embedded tool and bundle management internals; remove legacy OAuth bundles and unused vault/token management code (#125)
Auth: Migrate legacy auth rows into tool/gh and tool/lark-cli plugins; remove old auth plugin packages (#123)

Full Changelog: v0.15.0...v0.16.0

[0.15.0] - 2026-04-22

✨ Features

Vault: Add per-user encrypted secret storage with age envelope encryption; secrets injected as env vars into sandbox sessions (#120)
Credentials: Unified credentials tool with shared backend service (#122)
OAuth: Device-flow OAuth for gh and lark-cli (#121)
Tools: Embed the GitHub CLI (gh) in prebuilt sandbox tool bundles
Admin: Redesign plugins page with tabbed navigation and split account/credentials UI

⚠️ Breaking Changes

Sandbox: Retire boxsh backend — Docker is now the only sandbox backend. Install and start Docker Desktop (macOS/Windows) or the Docker daemon (Linux) before upgrading. Users with sandbox.backend = "boxsh" in their config will have it automatically remapped with a one-time log warning.

✨ Improvements

stdio MCP: StartProcess (stdio MCP servers) now works on every run. Previously silently broken on boxsh sessions; docker's container model gives every session a proper process namespace where stdio MCP servers start reliably.

♻️ Refactoring

Sandbox: Simplify to docker-only backend (#118)
Build: Sync embedded deps and system skills before build (#119)
Auth: Decouple auth provisioning from vault and merge oauthcli into credentials

✅ Testing

Harden refactor coverage

Full Changelog: v0.14.0...v0.15.0

[0.14.0] - 2026-04-21

✨ Features

Resources: Add builtin resource catalog and agent templates (#117)
Feishu: Add Feishu auto-provisioning (#116)

Full Changelog: v0.13.0...v0.14.0

[0.13.0] - 2026-04-20

✨ Features

Sandbox: Add docker as a third sandbox backend alongside boxsh and local (#115)
Skills: Move skills storage from filesystem to SQLite for reliability (#114)
Tooling: On-demand CLI tool downloads — tools fetched only when needed (#111)
Sandbox: Sync sandbox session files back to source after each chat turn (#112)
Admin UI: Add sandbox backend selector to admin panel

🐛 Bug Fixes

Sandbox: Persist sandbox session changes and clean up orphaned session dirs (#112)
Tools: Use exact release asset URLs for embedded tools
Tools: Use gh release download for cross-platform tool fetching

♻️ Refactoring

TUI: Remove chatcli TUI and Japanese docs
Skills: Tighten skills loading and path resolution
Skills: Remove builtin-skills cache tier for agent presets
Skills: Unify builtin skills path and use .agents/skills for agent root

📦 Dependencies

Bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 (#113)

Full Changelog: v0.12.0...v0.13.0

[0.12.0] - 2026-04-16

✨ Features

Tooling: Prepare embedded mise and tap tooling for sandbox runtimes (#109)
Docker: Add docker dev task for local development workflows

🐛 Bug Fixes

Sandbox: Harden scheduler runtime stability (#110)
Docker: Keep docker binary outside mounted workspace
Docker: Align docker build with release flow
Docker: Use debian runtime for embedded sandbox tools
Docker: Expose docker dev admin panel
Docker: Enable boxsh in docker runtime
Tools: Route notify tool through user identities
Scheduler: Preserve scheduler job scope

♻️ Refactoring

Tooling: Stabilize embedded tool downloads

📦 Dependencies

Bump vite-plus from 0.1.12 to 0.1.18 in docs (#108)

Full Changelog: v0.11.1...v0.12.0

[0.11.1] - 2026-04-15

✨ Features

CLI: Add short-message command intent routing and improve built-in help output (#106)

🐛 Bug Fixes

Sandbox: Diagnose boxsh sandbox startup failures and improve failure handling (#107)

Full Changelog: v0.11.0...v0.11.1

[0.11.0] - 2026-04-15

✨ Features

Channels: Queue channel messages per session and add /abort support for in-flight session control (#104)
Builtin Tools: Make memory, scheduler, and skills available as builtin tools (#105)

♻️ Refactoring

Workflows: Move GitHub Actions workflows to Node 24 actions
Skills: Make skill install scope explicit (#103)
Sandbox: Align sandbox user root with skill path layers (#102)

🐛 Bug Fixes

CI: Avoid oversized coverage comment environment payloads

📝 Documentation

Sandbox: Document Linux boxsh prerequisites

Full Changelog: v0.10.2...v0.11.0

[0.10.2] - 2026-04-15

🐛 Bug Fixes

Release: Make mise run release:snapshot host-only so local snapshot builds no longer fan out into the full cross-platform GoReleaser matrix
Release: Embed only target-specific helper tool archives so each release binary ships just its own platform tools and avoids parallel GoReleaser target races
Models: Resolve provider type aliases in agent model refs so anthropic/... style model names map to the configured provider instance without requiring a literal provider ID

♻️ Refactoring

Config: Centralize default agent model selection and derive the seeded anna agent model from configured provider instances instead of hardcoding a provider ID

Full Changelog: v0.10.1...v0.10.2

[0.10.1] - 2026-04-14

♻️ Refactoring

Paths: Simplify the runner and sandbox path model, flatten tool path context handling, and remove file_path from core file tools (#99, #100, #101)

Full Changelog: v0.10.0...v0.10.1

[0.10.0] - 2026-04-14

✨ Features

Channels: Add multi-instance channel support with dedicated channel binding from agent settings and a simplified linking flow (#93)
Sandbox: Add the boxsh sandbox foundation and wire runner/config support through the sandbox backend (#95, #97)
Tools: Mediate sandbox-aware tools through hostfs for sandbox runtime execution (#94)
Providers: Improve provider editor, type selection, model schema, and local build speed

🐛 Bug Fixes

Notifications: Route agent-bound notifications to dedicated channels
Channels: Use a stable Feishu sender identity across apps
Tools: Harden bash timeout handling and mediate boxsh filesystem operations correctly

♻️ Refactoring

Sandbox: Promote the sandbox tool runtime redesign and expose runtime capabilities across the tool stack (#98)
Channels: Make channel instances the single source of truth and merge channel link/config UI
Identity: Add sender identity abstraction, flatten channel sender identity handling, and align core tool path arguments
Tooling: Harden tool output truncation

📝 Documentation

Add sandbox backend rollout documentation and align sandbox docs with the runtime API (#96)
Add Lark CLI skill notes

Full Changelog: v0.9.1...v0.10.0

[0.9.1] - 2026-04-10

🐛 Bug Fixes

Release: Skip optional embedded tool downloads when an upstream asset is unavailable, allowing cross-platform releases to continue when rtk is missing for a target platform

Full Changelog: v0.9.0...v0.9.1

[0.9.0] - 2026-04-10

✨ Features

Plugins: Introduce a unified plugin host runtime and migrate channels, tools, providers, MCP, and memory integrations onto the host-backed platform
Plugins: Add MCP tool plugin runtime with admin config editor and prompt integration (#85)
Plugins: Add typed plugin hook system and extension-owned prompt contributions (#78)
Providers: Make AI providers a first-class plugin type (#79)
Memory: Introduce pluggable memory providers with LCM and simple memory plugins, plus dynamic tool generation (#82)
Tracing: Add optional OpenTelemetry tracing with chat, tool, provider, and memory lifecycle coverage (#84)
Automation: Add self-improvement system for autonomous skill extraction (#75)
Agent Tool: Add presets, concurrency limits, context passing, and observability improvements (#74)
Channels: Add WeChat (weixin) iLink Bot channel (#69)
Channels: Enhance Feishu channel with Lark workspace tools (#68)
Auth: Add RBAC + ABAC permission system for multi-agent multi-user deployments (#67)
Gateway: Add host and port flags for gateway startup
Plugins: Add schema-driven plugin config editor and plugin-owned scheduler capabilities

🐛 Bug Fixes

Plugins: Preserve plugin hooks across runtime switches
Channels: Improve initialization reliability and decouple startup failures (#76)
Tracing: Fix span lifecycle, context propagation, and race issues across memory and provider instrumentation
Admin: Fix plugin and channel configuration regressions during the host-backed migration

♻️ Refactoring

Plugins: Unify the plugin system around a single subprocess model (#72)
Plugins: Complete unified plugin host cleanup and remove legacy host surfaces (#89)
Channels: Extract shared channel runtime infrastructure into pkg/channel and convert channel implementations into thin adapters (#80)
Agent: Move the agent engine to pkg/agent with a Runner abstraction (#81)
Architecture: Simplify command wiring, gateway control flow, and legacy channel lifecycle code

📝 Documentation

Add plugin architecture and authoring guide
Add OpenTelemetry tracing documentation and deployment guidance
Unify agent instructions and remove stale docs

📦 Dependencies

Bump github.com/go-git/go-git/v5 to v5.17.1 (#73)
Bump github.com/modelcontextprotocol/go-sdk to v1.4.1 (#87)
Bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to v0.19.0 (#86)
Bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to v1.43.0 (#88)

Full Changelog: v0.8.1...v0.9.0

[0.8.1] - 2026-03-18

✨ Features

Runner: Embed rtk, fd, rg binaries and wrap bash with rtk (#66)
Admin: Migrate admin UI to templ + daisyUI 5 + Alpine.js ESM (#65)
- Settings, providers, agents, channels, users, scheduler, and sessions pages
- Shared daisyUI components (PageHeader, EmptyState, Badge, FormField)
- Delete old SPA UI files
Admin: Use models cache for agent model autocomplete
Docs: Add i18n support (en, zh, ja) (#63)

🐛 Bug Fixes

Admin: Stop auto-fetching provider models on agents page load
Docs: Add root index route to redirect / to /en
CI: Exclude templ-generated files from coverage calculation

♻️ Refactoring

Admin: Split admin UI into modular files (#64)

📝 Documentation

Add admin UI CLAUDE.md and update root CLAUDE.md
Add i18n section to CLAUDE.md files

Full Changelog: v0.8.0...v0.8.1

[0.8.0] - 2026-03-17

✨ Features

Multi-user multi-agent: Full multi-user × multi-agent support across all channels (Telegram, QQ, Feishu) with DB-backed config, per-user memory, agent routing, and /agent command (#61)
Admin UI: Redesigned admin panel with user management, agent memory, session detail views, and system prompt viewer
Skills: Add load_skill tool; add Twitter/X posting script to social-content skill

🐛 Bug Fixes

Provider: Fix provider fetch models and model list display
Telegram: Fix userID propagation through model switch paths
QQ: Fix userID propagation through all command paths
Admin: Fix SSR React hooks error and CSS import order
Admin: Add JSON tags to config types for API serialization

♻️ Refactoring

Prompt: Restructure system prompt into 3 layers, make user_memory write-only
Memory: Unify memory tools into single action-based tool
Channel: Introduce ResolvedChat, remove Commander/PoolAdapter
Admin: Use canonical tool definitions in admin API
Skills: Move skill loading into existing skills tool load action

✅ Testing

Add comprehensive DBStore and multi-user/multi-agent unit tests

🔒 Security

Upgrade undici to >=7.24.0 to resolve 6 security vulnerabilities

📝 Documentation

Update all docs for multi-user multi-agent architecture
Update builtin anna skill with user-facing changes

Full Changelog: v0.7.1...v0.8.0

[0.7.1] - 2026-03-17

♻️ Refactoring

Docs: Migrate docs site to Vite+ unified toolchain
Docs: Migrate docs CI workflow to Vite+ setup action

Full Changelog: v0.7.0...v0.7.1

[0.7.0] - 2026-03-16

✨ Features

Plugin: Add plugin core framework with JS runtime (#57)
Agent: Improve tool result quality for LLM consumption
Website: Add About Anna page, persona section, and full icon pack (#62)
Website: Add avatar as favicon, nav logo, and README header (#60)
Skills: Add social content skill and references

🐛 Bug Fixes

Plugin: Prevent SSRF DNS rebinding in plugin fetch
Plugin: Store absolute path when adding plugins
Plugin: Use config.AnnaHome() for plugin path sandboxing
Plugin: Address plugin system review issues

♻️ Refactoring

Plugin: Simplify plugin system to JS-only

📝 Documentation

Plugin: Add plugin system documentation with example plugins

Full Changelog: v0.6.2...v0.7.0

[0.6.2] - 2026-03-14

✨ Features

Agent: Add delegate tool for subagent delegation (#55)

🐛 Bug Fixes

Build: Bump mise Go toolchain to 1.25
Build: Bump Docker builder image to Go 1.25

♻️ Refactoring

Scheduler: Rename cron package to scheduler and migrate storage from file to database (#53)
Skills: Replace custom search HTTP client with mcphub/pkg/skills.Search, removing duplicate code

📦 Dependencies

Update github.com/vaayne/mcphub to v0.2.4

Full Changelog: v0.6.1...v0.6.2

[0.6.1] - 2026-03-13

♻️ Refactoring

Skills: Replace internal installer with mcphub/pkg/skills for multi-source support (#52)
- Now supports GitHub/GitLab URLs, local paths, and shorthand formats
- Backward compatible with existing owner/repo@skill-name#ref syntax

📦 Dependencies

Update Go to 1.25
Add github.com/vaayne/mcphub v0.2.3

Full Changelog: v0.6.0...v0.6.1

[0.6.0] - 2026-03-13

♻️ Refactoring

Packages: Move all packages under internal/ for app-private encapsulation (#50)

✅ Testing

Add unit tests to fix CI coverage threshold

📝 Documentation

Add Fumadocs documentation site on Cloudflare Workers (#51)

Full Changelog: v0.5.0...v0.6.0

[0.5.0] - 2026-03-13

✨ Features

Memory: Add Lossless Context Management (LCM) — DAG-based memory system with identity files, semantic retrieval tools, and session-scoped context (#46)

♻️ Refactoring

Database: Restructure database layer with Atlas and sqlc (#46)
Database: Remove store.Store + RPCEvent — SQLite-only persistence with ai.Message (#47)
Database: Replace hardcoded migrations with Atlas-generated SQL files (#48)
Cron: Merge heartbeat/ package into internal/cron/ — heartbeat is now a built-in cron task (#49)

📝 Documentation

Rewrite README as marketing-oriented product page
Add MIT license
Rewrite memory system docs to match LCM implementation
Sync builtin anna skill with new README

Full Changelog: v0.4.2...v0.5.0

[0.4.2] - 2026-03-12

✨ Features

Channels: Add /whoami command to all channels (#44)

Full Changelog: v0.4.1...v0.4.2

[0.4.1] - 2026-03-11

♻️ Refactoring

Flatten packages, split large files, and improve structure (#43)

Full Changelog: v0.4.0...v0.4.1

[0.4.0] - 2026-03-11

✨ Features

CLI: Add version and self-upgrade commands (#41)
Gateway: Add heartbeat support for gateway channels (#40)
Config: Add enabled and enable_notify toggles for channels

🐛 Bug Fixes

Notifications: Respect channel enabled flag for notification routing
Gateway: Skip persisted cron jobs for heartbeat-only gateway runs
Upgrade: Harden self-upgrade target replacement

📝 Documentation

CLI: Document version and upgrade commands

Full Changelog: v0.3.0...v0.4.0

[0.3.0] - 2026-03-10

✨ Features

Feishu: Add Feishu (Lark) bot channel with WebSocket, streaming cards, image I/O, rich text, and group support (#39)
Skills: Add builtin anna skill embedded in binary (#37)