🚀 release: v1.1.0

.github/instructions/copilot.instructions.md

@@ -13,6 +13,8 @@ Reference: https://github.com/wgtechlabs/clean-commit
 ```text
 <emoji> <type>: <description>
 <emoji> <type> (<scope>): <description>
+<emoji> <type>!: <description>
+<emoji> <type>! (<scope>): <description>
 ```
 
 ## The 9 Types
@@ -32,6 +34,7 @@ Reference: https://github.com/wgtechlabs/clean-commit
 ## Rules
 
 - Use lowercase for type
+- Use `!` immediately after type (no space) to signal a breaking change — only for `new`, `update`, `remove`, `security`
 - Use present tense ("add" not "added")
 - No period at the end
 - Keep description under 72 characters
@@ -47,3 +50,5 @@ Reference: https://github.com/wgtechlabs/clean-commit
 - `🧪 test: add unit tests for auth service`
 - `📖 docs: update installation instructions`
 - `🚀 release: version 1.0.0`
+- `📦 new!: completely redesign authentication system`
+- `🔧 update! (api): change response format for all endpoints`

.github/workflows/commit-lint.yml

@@ -0,0 +1,61 @@
+name: Commit Lint
+
+on:
+  pull_request:
+    branches: [main, dev]
+  push:
+    branches: [main, dev]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  lint-commits:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Validate commit messages
+        run: |
+          # Clean Commit convention pattern
+          # Format: <emoji> <type>[(<scope>)]: <description>
+          PATTERN='^(📦|🔧|🗑️|🔒|⚙️|☕|🧪|📖|🚀) (new|update|remove|security|setup|chore|test|docs|release)( \([a-z0-9][a-z0-9-]*\))?: .{1,72}$'
+
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            COMMITS=$(git log --format="%s" "${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}")
+          else
+            GITHUB_EVENT_BEFORE="${{ github.event.before }}"
+            GITHUB_EVENT_AFTER="${{ github.event.after }}"
+            if [ "$GITHUB_EVENT_BEFORE" = "0000000000000000000000000000000000000000" ]; then
+              # Initial push has no valid "before" SHA, so capture all reachable commits
+              COMMITS=$(git log --format="%s" "$GITHUB_EVENT_AFTER")
+            else
+              COMMITS=$(git log --format="%s" "${GITHUB_EVENT_BEFORE}..${GITHUB_EVENT_AFTER}")
+            fi
+          fi
+
+          FAILED=0
+          while IFS= read -r msg; do
+            [ -z "$msg" ] && continue
+            # Allow merge commits
+            if echo "$msg" | grep -qE "^Merge "; then
+              continue
+            fi
+            if ! echo "$msg" | grep -qP "$PATTERN"; then
+              echo "✖ Invalid commit message: $msg"
+              FAILED=1
+            else
+              echo "✔ Valid commit message: $msg"
+            fi
+          done <<< "$COMMITS"
+
+          if [ "$FAILED" -eq 1 ]; then
+            echo ""
+            echo "One or more commit messages do not follow the Clean Commit convention."
+            echo "Format: <emoji> <type>[(<scope>)]: <description>"
+            echo "Reference: https://github.com/wgtechlabs/clean-commit"
+            exit 1
+          fi

.github/workflows/container.yml

@@ -1,8 +1,14 @@
 name: Container Build
 
 on:
+  pull_request:
+    branches: [main, dev]
+  push:
+    branches: [main, dev]
   workflow_call:
   workflow_dispatch:
+  release:
+    types: [published]
 
 permissions:
   contents: read

.github/workflows/landing.yml

@@ -0,0 +1,50 @@
+name: Deploy Landing Page
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'src/landing/**'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-pages
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+
+      - uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2
+        with:
+          bun-version: 1.2.x
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Build landing page
+        run: bun run --cwd src/landing build
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
+        with:
+          path: src/landing/dist
+
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      pages: write
+      id-token: write
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4

.github/workflows/package.yml

@@ -1,13 +1,19 @@
 name: Package Build
 
 on:
+  pull_request:
+    branches: [main, dev]
+  push:
+    branches: [main, dev]
   workflow_call:
   workflow_dispatch:
     inputs:
       dry-run:
         description: 'Perform dry run without publishing'
         type: boolean
         default: true
+  release:
+    types: [published]
 
 permissions:
   contents: read
@@ -31,8 +37,11 @@ jobs:
       - name: Install dependencies
         run: bun install --frozen-lockfile
 
+      - name: Build workspace packages
+        run: bun run build:packages
+
       - name: Build & Publish Packages
-        uses: wgtechlabs/package-build-flow-action@v2.0.0
+        uses: wgtechlabs/package-build-flow-action@v2.0.1
         with:
           monorepo: 'true'
           workspace-detection: 'true'

.github/workflows/release.yml

@@ -8,8 +8,6 @@ on:
 
 permissions:
   contents: write
-  packages: write
-  security-events: write
   pull-requests: write
 
 jobs:
@@ -42,20 +40,8 @@ jobs:
             echo "changed=false" >> $GITHUB_OUTPUT
           fi
 
-  package:
-    needs: check-version
-    if: needs.check-version.outputs.changed == 'true'
-    uses: ./.github/workflows/package.yml
-    secrets: inherit
-
-  container:
-    needs: check-version
-    if: needs.check-version.outputs.changed == 'true'
-    uses: ./.github/workflows/container.yml
-    secrets: inherit
-
   release:
-    needs: [check-version, package, container]
+    needs: check-version
     if: needs.check-version.outputs.changed == 'true'
     runs-on: ubuntu-latest
     steps:
@@ -64,9 +50,9 @@ jobs:
           fetch-depth: 0
 
       - name: Create Release
-        uses: wgtechlabs/release-build-flow-action@032b32cb5f6933e5912768c5b2e42c29389c2c95 # v1.0.0
+        uses: wgtechlabs/release-build-flow-action@799974c8dec094fbe94a92b2764365d3a8f9ce5f # v1.2.1
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ secrets.GH_PAT }}
           monorepo: 'true'
           workspace-detection: 'true'
           package-manager: 'bun'

.husky/commit-msg

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+bun "$(dirname "$0")/validate-commit-msg.mjs" "$1"

.husky/validate-commit-msg.mjs

@@ -0,0 +1,69 @@
+import { readFileSync } from "fs";
+
+const msgFile = process.argv[2];
+if (!msgFile) {
+  console.error("Error: No commit message file path provided.");
+  process.exit(1);
+}
+let raw;
+try {
+  raw = readFileSync(msgFile, "utf8");
+} catch (err) {
+  console.error(
+    `Error: Could not read commit message file "${msgFile}": ${err.message}`,
+  );
+  process.exit(1);
+}
+const firstLine = raw.replace(/\r/g, "").split("\n")[0].trim();
+
+// Allow merge and revert commits
+if (/^Merge /.test(firstLine) || /^Revert /.test(firstLine)) process.exit(0);
+
+// Clean Commit convention pattern
+// Format: <emoji> <type>[!][(<scope>)]: <description>
+const pattern =
+  /^(📦|🔧|🗑\uFE0F?|🔒|⚙\uFE0F?|☕|🧪|📖|🚀) (new|update|remove|security|setup|chore|test|docs|release)(!?)( \([a-z0-9][a-z0-9-]*\))?: .{1,72}$/u;
+
+// Only new, update, remove, security may use the breaking change marker
+const breakingMatch = firstLine.match(pattern);
+if (breakingMatch) {
+  const type = breakingMatch[2];
+  const bang = breakingMatch[3];
+  if (bang === '!' && !['new', 'update', 'remove', 'security'].includes(type)) {
+    console.error('');
+    console.error('✖ Breaking change marker (!) is only allowed for: new, update, remove, security');
+    console.error('');
+    process.exit(1);
+  }
+}
+
+if (!pattern.test(firstLine)) {
+  console.error("");
+  console.error("✖ Invalid commit message format.");
+  console.error("");
+  console.error("  Expected: <emoji> <type>[!][(<scope>)]: <description>");
+  console.error("");
+  console.error("  Use ! after type for breaking changes (new, update, remove, security only)");
+  console.error("");
+  console.error("  Types and emojis:");
+  console.error("    📦 new      – new features, files, or capabilities");
+  console.error("    🔧 update   – changes, refactoring, improvements");
+  console.error("    🗑️  remove   – removing code, files, or dependencies");
+  console.error("    🔒 security – security fixes or patches");
+  console.error("    ⚙️  setup    – configs, CI/CD, tooling, build systems");
+  console.error("    ☕ chore    – maintenance, dependency updates");
+  console.error("    🧪 test     – adding or updating tests");
+  console.error("    📖 docs     – documentation changes");
+  console.error("    🚀 release  – version releases");
+  console.error("");
+  console.error("  Examples:");
+  console.error("    📦 new: user authentication system");
+  console.error("    🔧 update (api): improve error handling");
+  console.error("    ⚙️  setup (ci): configure github actions workflow");
+  console.error("    📦 new!: completely redesign authentication system");
+  console.error("    🔧 update! (api): change response format for all endpoints");
+  console.error("");
+  console.error("  Reference: https://github.com/wgtechlabs/clean-commit");
+  console.error("");
+  process.exit(1);
+}

AGENTS.md

@@ -9,6 +9,8 @@ Reference: https://github.com/wgtechlabs/clean-commit
 ```text
 <emoji> <type>: <description>
 <emoji> <type> (<scope>): <description>
+<emoji> <type>!: <description>
+<emoji> <type>! (<scope>): <description>
 ```
 
 ## The 9 Types
@@ -28,6 +30,7 @@ Reference: https://github.com/wgtechlabs/clean-commit
 ## Rules
 
 - Use lowercase for type
+- Use `!` immediately after type (no space) to signal a breaking change — only for `new`, `update`, `remove`, `security`
 - Use present tense ("add" not "added")
 - No period at the end
 - Keep description under 72 characters
@@ -43,3 +46,5 @@ Reference: https://github.com/wgtechlabs/clean-commit
 - `🧪 test: add unit tests for auth service`
 - `📖 docs: update installation instructions`
 - `🚀 release: version 1.0.0`
+- `📦 new!: completely redesign authentication system`
+- `🔧 update! (api): change response format for all endpoints`

Dockerfile

@@ -1,5 +1,5 @@
 # ── Stage 1: Install + Build ────────────────────────────────────────
-FROM oven/bun:1 AS builder
+FROM oven/bun:1.3.9 AS builder
 
 WORKDIR /app
 
@@ -31,7 +31,7 @@ COPY plugins/channel/plugin-channel-friends/package.json ./plugins/channel/plugi
 COPY plugins/provider/plugin-provider-openai/package.json ./plugins/provider/plugin-provider-openai/
 
 # Install all deps (dev included — needed to build)
-RUN bun install --frozen-lockfile
+RUN bun install
 
 # Copy source
 COPY . .
@@ -40,7 +40,7 @@ COPY . .
 RUN bun run build
 
 # ── Stage 2: Production ─────────────────────────────────────────────
-FROM oven/bun:1-slim AS production
+FROM oven/bun:1.3.9-slim AS production
 
 WORKDIR /app
 

README.md

@@ -49,7 +49,7 @@ Tiny Claw is inspired by personal AI companions from science fiction like **Cods
 - **Self-configuring.** No manual config files. The agent configures itself through conversation.
 - **Own personality.** Ships with a personality (Heartware system) that's uniquely its own.
 - **Native, not wrapped.** Every component is built from scratch with zero dependency on external AI frameworks.
-- **Easy to start.** Uses Ollama Cloud with two built-in models — kimi-k2.5 (default) and gpt-oss:120b. Choose your model during setup and switch anytime via conversation.
+- **Easy to start.** Uses Ollama Cloud with two built-in models — kimi-k2.5:cloud (default) and gpt-oss:120b-cloud. Choose your model during setup and switch anytime via conversation.
 - **Cost-conscious.** Smart routing tiers queries across your installed providers. Cheap models handle simple stuff, powerful models only fire when needed.
 
 ## ✨ Features
@@ -120,6 +120,7 @@ tinyclaw/
     router/          Smart provider routing (8-dim classifier)
     learning/        Behavioral pattern detection
     sandbox/         Bun Worker code execution
+    shell/           Controlled shell execution with permission engine
     shield/          Runtime SHIELD.md enforcement + anti-malware
     pulse/           Cron-like proactive scheduler
     queue/           Per-session message locking queue
@@ -129,11 +130,11 @@ tinyclaw/
     secrets/         Encrypted secrets management (AES-256-GCM)
     plugins/         Plugin discovery and loading
   plugins/           Plugin packages (keep the core tiny)
-    channel/         Messaging integrations (Discord, etc.)
+    channel/         Messaging integrations (Discord, Friends, etc.)
     provider/        LLM providers (OpenAI, etc.)
-    tool/            Additional agent tools
   src/
     cli/             CLI entry point
+    landing/         Official landing page (Svelte + Vite)
     web/             Web UI (Svelte 5, Discord-like experience)
 ```
 
@@ -157,7 +158,7 @@ Read the project's [code of conduct](https://github.com/warengonzaga/tinyclaw/bl
 
 ## 📃 License
 
-This project is licensed under [MIT License](https://opensource.org/license/MIT).
+This project is licensed under [GNU General Public License v3.0](https://www.gnu.org/licenses/gpl-3.0.html).
 
 ## 🙏 Credits