v2.0.1 — Mission Control 2.0.1

Mission Control 2.0.1

Released: 2026-03-18

Mission Control 2.0.1 is the patch release that consolidates everything shipped after the v2.0.0 launch. It includes the operational fixes that stabilized HTTP/Tailscale deployments, a zero-config first-run path, full application internationalization, broader task-routing automation, and the latest OpenClaw compatibility updates needed for current self-hosted installs.

Highlights

HTTP, Tailscale, and gateway stability

• Login now works reliably on HTTP Docker installs and Tailscale-served deployments.
• CSP handling was tightened so SSR nonces, theme bootstrapping, and inline script policy stay aligned during login and chunk loading.
• Public websocket URL selection and Tailscale Serve detection were hardened for proxied gateway setups.
• Gateway startup and runtime checks now better tolerate read-only configs, missing OPENCLAW_HOME, and container health-probe requirements.

Better first-run setup

• A first-time setup wizard now guides fresh installs through bootstrap and initial configuration.
• Zero-config startup paths reduce the amount of manual environment setup needed for local and Docker-based installs.
• Doctor and onboarding follow-ups are more resilient, including banner persistence and safer health-check behavior.

Stronger task and automation flow

• Task routing now preserves implementation metadata, targets the correct gateway session/agent identifiers, and can classify complexity for model-tier routing.
• GNAP sync landed for git-native task persistence.
• awaiting_owner state detection and other dispatch/runtime fixes improve workflow accuracy after the v2 cut.

Broader self-hosted platform support

• Full app localization now ships across 10 languages.
• Windows setup improved with a PowerShell installer and stronger password-generation behavior.
• Workspace skill-root discovery and filtering are now surfaced throughout the app for operators running mixed local/gateway environments.
• The Docker/image pipeline now supports publishing the official image to Docker Hub when release secrets are configured.

Full Changelog

Added

• First-time setup wizard and zero-config startup flow
• Full i18n across the app with 10 language packs
• Trusted reverse proxy/header-auth support
• Gateway health history timeline
• Port-based Tailscale Serve proxy detection
• Task implementation-target persistence, session targeting, and complexity-based model-tier routing
• GNAP sync for git-native task persistence
• Hybrid gateway/local dashboard mode
• Workspace skill-root discovery and per-agent display
• Windows PowerShell installer
• awaiting_owner task status detection

Changed

• Node runtime support is now >=22
• CSP/browser-security helpers were split into dedicated modules
• Release automation now supports Docker Hub publishing when configured
• Repository/release metadata now consistently points at builderz-labs/mission-control

Fixed

• HTTP/Tailscale login and CSP nonce regressions
• Fresh HTTP Docker login failures caused by secure-cookie mismatch
• Gateway auth/token detection in mixed runtime setups
• Task dispatch using display names instead of gateway IDs
• Docker/runtime regressions around Compose, assets, probes, OPENCLAW_HOME, and read-only configs
• SQLite SQLITE_BUSY contention during build/runtime crossover
• Doctor banner persistence, cron panel crash handling, and null-safe model config editing
• Public websocket URL preference and onboarding gateway health probe handling
• Notification refresh timing, agent empty-state UX, delete handling, and duplicate task-title behavior
• Memory diagnostics scoping, gateway notification delivery, session labels, and missing i18n namespaces
• Windows installer password generation via CSPRNG
• Reagraph CSP regression from style-src nonce handling
• OpenClaw spawn compatibility when agents use configured default models
• Regression coverage for gateway dashboard registration preserving device-auth posture

Security

• Removed unsafe-inline in favor of nonce-based CSP
• Added stronger SSRF/path-traversal detection in the skill registry
• Stopped forcing dangerouslyDisableDeviceAuth when registering Mission Control as a dashboard

Tests

• Utility coverage improvements to satisfy the Vitest coverage threshold
• Gateway health history E2E coverage
• Docker-mode integration coverage for gateway connectivity regressions
• Regression tests for spawn compatibility and gateway registration behavior

Contributors

• @0xNyk
• @Brixyy
• @clintbaxley
• @dk-blackfuel
• @firefloc-nox
• @HonzysClawdbot
• @hectorse.88
• @jonathan-squaredlemons
• @jonboirama
• @joshua-mo-143
• @jrrcdev
• @lucascr
• @RazorFIN
• @topshelfmedia

v2.0.0 — Mission Control 2.0

Mission Control 2.0.0

Released: 2026-03-11

Mission Control 2.0.0 is the major release that lands the feat/refactor branch as the new baseline for the project. It rolls up 189 commits on top of main and shifts Mission Control from an early dashboard into a broader agent operations console for both local and gateway-driven setups.

Highlights

Dual-mode operation

• Mission Control now supports both OpenClaw gateway mode and local workstation mode cleanly.
• Onboarding, runtime detection, security checks, and panel behavior were reworked so the app can adapt to the active environment instead of assuming one deployment shape.

Broader agent observability

• Hermes observability was added across sessions, memory, tasks, cron, and transcripts.
• OpenClaw coverage was expanded across channels, chat, sessions, cron, devices, approvals, logs, usage, and config editing.
• Agent communication, session routing, and inline transcript visibility were strengthened throughout the app.

Memory system redesign

• The memory panel was redesigned into an Obsidian-style knowledge surface.
• Mission Control now ships with a filesystem memory browser, link/context endpoints, memory health signals, and an interactive graph view for linked knowledge.
• Loading and navigation performance in the memory panel were improved substantially, including lazy tree loading and graph prefetching.

Onboarding, security, and doctor workflows

• The onboarding experience was rebuilt into a guided walkthrough with stronger separation between per-user progress and per-session display behavior.
• The security scan now has clearer severity handling, improved autofix behavior, and better reporting of manual vs auto-fixable issues.
• OpenClaw doctor warnings, doctor fix, and state-integrity handling are now surfaced directly in the UI.

Deployment and runtime hardening

• Node support was standardized on 22.x across local development, CI, Docker, and standalone deploys.
• Build-time SQLite handling was isolated from runtime SQLite state to avoid noisy or fragile deploy behavior.
• Standalone deploys were hardened around asset inclusion, runtime data directories, backups, and restart detection.
• Dynamic host handling and safer env mutation behavior improved self-hosted reliability.

Agent lifecycle and operator UX

• Agent/workspace creation and deletion flows were hardened end to end, including OpenClaw config normalization and cleanup.
• The boot loader was redesigned with real progress phases and framework logos.
• Cost tracking, approvals, channels, chat, and session controls were all tightened during the refactor.

Everything Included In The v2 Update

Core platform and mode handling

• Local mode and OpenClaw gateway mode were hardened into first-class operating modes.
• Gateway discovery and connection handling improved across configured runtimes, systemd-managed gateways, Tailscale Serve, proxied websocket paths, forwarded-proto setups, and token-preserving websocket URLs.
• Mission Control can register itself as the dashboard for an OpenClaw runtime without the earlier device-auth and dashboard URL failure cases.
• Managed-gateway UX was tightened across health, status, mode badges, and startup auto-connect behavior.

Agents, sessions, chat, and comms

• Embedded chat became a shared workspace rather than a fragmented set of views.
• Session navigation was unified into Chat, with local Claude/Codex sessions included alongside gateway sessions.
• Hermes sessions, transcripts, memory, tasks, and cron surfaced throughout the app.
• Session transcript handling improved across local, Hermes, aggregated gateway, and disk-backed OpenClaw transcript sources.
• Agent comms, runtime tool visibility, coordinator inbox behavior, session-thread routing, and agent feed ergonomics were hardened.
• Agent registration, self-registration, rate limiting, attribution, wake/spawn actions, and agent detail editing all received follow-up fixes.

Tasks, quality flow, and automation

• Task dispatch now polls assigned tasks and runs agents through OpenClaw with session linkage.
• Aegis quality review became an automated scheduled workflow for review-stage tasks.
• Natural-language recurring tasks now parse into cron-backed template spawning.
• Spawn/task flows were consolidated, old spawn-only UI was removed, and task/session linking became more traceable.
• Cost tracking moved into a unified Cost Tracker panel.

Memory, knowledge, and browsing

• The memory experience was redesigned into a graph-first, Obsidian-style knowledge system.
• The memory browser now supports faster loading, lazy directory hydration, better overflow handling, and improved graph fitting behavior.
• Memory APIs expanded around graph, health, links, context, and processing actions.
• Boot-time prefetching and panel persistence reduced the need to re-fetch heavy memory state on every navigation.

Skills and local discovery

• Skills Hub support expanded across browsing, installation, bidirectional sync, registry search, security scanning, and local disk roots.
• Local agent discovery now covers ~/.agents, ~/.codex/agents, and Claude agent roots more reliably.
• Skill roots and E2E skill paths can now be overridden cleanly for isolated test and self-hosted environments.

Security, audit, and approvals

• Security audit posture scoring, secret detection, evals, optimization, and security events were substantially expanded.
• Security scan severity scoring, infrastructure checks, OpenClaw hardening checks, autofix behavior, and agent-side scan APIs improved.
• Global exec approval overlay and approval flows were added/refined.
• Auth hardening covered timing-safe behavior, CSRF, session revocation, host allowlists, and safer trusted-host resolution.
• Audit trail coverage expanded across grouped action types and more complete operator activity logging.

Onboarding and first-run experience

• The onboarding wizard went through several iterations and now combines runtime capability detection, gateway setup, security scan, credentials, and guided getting-started flow.
• Walkthrough visibility is session-aware while progress persists per user.
• The loading experience was redesigned with branded motion, framework logos, and real boot phases instead of generic spinner states.

UI, navigation, and operator polish

• Agent cards, the agent detail modal, the cron calendar, activity/history views, interface mode toggles, sidebar categories, and panel loading states were redesigned.
• Shared loader patterns replaced ad-hoc spinners across more panels.
• Navigation state, URL synchronization, and panel persistence were tightened to reduce remount churn and stale data flashes.
• Branding assets and logos for Mission Control, OpenClaw, Claude, Codex, and Hermes were refreshed across the interface.

Runtime, deployment, and template hardening

• Standalone deploys were hardened across static assets, runtime data directories, sqlite migration/backup flow, restart detection, and build/runtime separation.
• Build-time DB/token isolation removed noisy runtime coupling during next build.
• Node support was standardized on 22.x, with matching local, CI, Docker, and deploy expectations.
• Proxy and host validation logic became more template-safe and more dynamic for self-hosted environments.
• OpenClaw doctor drift handling, doctor fix, config normalization, and workspace lifecycle cleanup were tightened to better support real self-hosted installs.

E2E, CI, and release readiness

• The E2E harness now uses isolated OpenClaw runtime state, isolated skill roots, deterministic scheduler behavior, and safer env handling.
• Several regressions that only showed up in CI were fixed around security autofix, workload signals, and agent deletion behavior.
• README, landing page assets, and release documentation were refreshed for the v2 release.

Notable Improvements

• Unified cost tracker replacing the split token/cost views
• Global exec approval overlay
• Better local agent discovery and skill sync behavior
• More reliable gateway config concurrency handling
• Better navigation responsiveness and less panel reload churn
• Stronger E2E runtime isolation for CI and local test harnesses

Detailed Functional Additions

• Framework adapters and normalized multi-agent registration flow
• Self-update banner and admin-triggered update flow
• Tenant-scoped workspaces and free-tier extraction cleanup
• Google Workspace integration
• Plugin capabilities system and Hyperbrowser integration
• Claude Code task bridge
• OpenClaw backup creation and restore-oriented backup directory handling
• Embedded /chat panel and provider-session-first chat workspace
• Memory graph upgrades from Canvas to Reagraph WebGL
• Security audit panel, agent eval framework, and optimization endpoint
• OpenClaw update-now trigger from the UI
• Approvals overlay, channels parity, chat parity, usage parity, device parity, and logs parity with the newer OpenClaw surface

Detailed Fix Areas

• Login autofill, redirect race, CSP/theme flash, and auth/session regressions
• Channels auth and RPC fallback behavior
• Gateway websocket stability and device identity handshake behavior
• Memory graph blank states, overflow, sizing, auto-fit, and speed issues
• Agent detail/model-shape crashes and delete/provisioning edge cases
• Doctor warning misclassification and state-integrity surfacing
• Security scan autofix false positives and active-host preservation
• Standalone deploy asset/runtime drift and SQLite migration contention
• README and docs freshness so product marketing reflects the shipped interface

Upgrade Notes

• Mission Control 2.0.0 expects Node 22.x.
• Self-hosted installs should verify env files, host allowlist configuration, and runtime data directory settings after upgrade.
• If you run OpenClaw, use the in-app doctor and security panels after upgrade to catch any st...

v1.3.0 — Security Hardening, Claude Sessions & Webhook Retry

What's Changed

Local Claude Code Session Tracking

• Auto-discovers and tracks local Claude Code sessions by scanning ~/.claude/projects/
• Extracts token usage, model info, message counts, cost estimates, and active status from JSONL transcripts
• Background scanner runs every 60s via the scheduler
• GET /api/claude/sessions with filtering (?active=1, ?project=slug), pagination, and aggregate stats
• POST /api/claude/sessions to trigger manual scans
• Configure with MC_CLAUDE_HOME env var (defaults to ~/.claude)

Webhook Retry System

• Exponential backoff with circuit breaker for failed webhook deliveries
• POST /api/webhooks/retry for manual retry of failed deliveries
• GET /api/webhooks/verify-docs for signature verification documentation
• Automatic retry processing via background scheduler

Security Hardening

• Fixed timing-safe comparison bugs in webhook signature verification and auth token validation
• Hardened rate limiter IP extraction — uses rightmost untrusted IP from X-Forwarded-For chain
• Added MC_TRUSTED_PROXIES env var for explicit proxy trust configuration
• Increased password minimum to 12 characters with Zod + runtime validation
• Added Zod validation on PUT /api/tasks bulk status updates

Quality & DX

• All 31 API routes now use structured pino logger (replaced all console.error/console.warn)
• Docker HEALTHCHECK directive added
• Vitest coverage config with v8 provider and 60% thresholds
• Cron job deduplication on read + duplicate prevention on write
• Cron file I/O converted from sync to async
• Jittered WebSocket reconnect backoff (prevents thundering-herd)
• Feed item ID collision fix in live feed

Bug Fixes

• Model display: getModelInfo() always returned haiku for unrecognized models (credit @TGLTommy)
• Feed item key collisions between logs and activities (credit @doanbactam)
• Cron job duplicates in the management panel (credit @doanbactam)

Quality Gates

Check	Result
TypeScript	0 errors
ESLint	0 warnings
Unit tests	69/69 pass
E2E tests	165/165 pass
Production build	Clean

Contributors

• @TGLTommy — model display bug fix (#67)
• @doanbactam — feed ID fix, jittered reconnect, cron deduplication (#57)
• @rezero-household — WebSocket auth fix (#54), memory dir docs (#55)

Full Changelog: v1.2.0...v1.3.0

v1.2.0 — Validation Hardening, Unit Tests & Quality

What's Changed

Security & Validation Hardening

• Fixed task status enum mismatch (blocked → quality_review) in validation schema
• Added 12 new Zod input validation schemas covering all previously unvalidated mutation routes
• Applied validateBody() across 11 API route POST/PUT handlers
• Extended rate limiting: readLimiter (120/min) for memory & logs GET, heavyLimiter for search, backup, cleanup
• Added security headers to all middleware responses: X-Content-Type-Options: nosniff, X-Frame-Options: DENY, Referrer-Policy: strict-origin-when-cross-origin

Unit Tests

• Filled auth test stubs with real assertions (safeCompare, requireRole)
• Added validation test suite (27 tests across 10 schema groups)
• Added rate-limit test suite (limits, 429 responses, window reset, IP isolation)
• Added db-helpers test suite (parseMentions, logActivity, createNotification, updateAgentStatus)
• 60 total tests, all passing

Code Quality & DX

• Replaced as any casts with typed interfaces (SessionQueryRow, UserQueryRow, CountRow)
• Bumped version from 1.0.0 to 1.2.0
• Added CHANGELOG.md with v1.0.0, v1.1.0, v1.2.0 entries
• Updated README roadmap: 11 items marked complete, 6 new items added

Quality Gates

Check	Result
TypeScript	0 errors
ESLint	0 errors
Unit tests	60/60 pass
Production build	Clean

Full Changelog: v1.1.0...v1.2.0

v1.1.0 — Roadmap Issues #34–#43

What's New

High Priority (PR #45)

• Docker Support (#34) — Multi-stage Dockerfile, docker-compose.yml, .dockerignore, standalone output
• Session Controls (#35) — Monitor/pause/terminate buttons wired to gateway CLI via /api/sessions/[id]/control
• Dynamic Model Catalog (#36) — Single source of truth in src/lib/models.ts replacing 2 hardcoded arrays
• API Rate Limiting (#37) — Factory-based rate limiter: login (5/min), mutations (60/min), heavy ops (10/min)

Medium Priority (PR #46)

• Error Boundaries (#38) — React ErrorBoundary wrapping panels with retry UI
• Structured Logging (#39) — Pino logger replacing console.log/error across lib + API routes
• Accessibility (#40) — WCAG 2.1 AA: ARIA landmarks, labels, aria-current, role="alert" on errors
• HSTS Header (#41) — Conditional via MC_ENABLE_HSTS=1 env var
• Zod Validation (#42) — Input schemas for tasks, agents, webhooks, alerts mutation endpoints
• Export Row Limits (#43) — Bounded SELECT queries with configurable LIMIT caps

Verification

• pnpm typecheck && pnpm lint && pnpm build — all pass
• pnpm test — 5 passed, 7 todo (pre-existing)

v1.0.0 — Initial Open-Source Release

Mission Control v1.0.0

The open-source dashboard for AI agent orchestration.

Manage agent fleets, track tasks, monitor costs, and orchestrate workflows — all from a single pane of glass.

Highlights

• 26 panels — Tasks, agents, logs, tokens, memory, cron, alerts, webhooks, pipelines, and more
• Real-time everything — WebSocket + SSE push updates with smart polling
• Zero external dependencies — SQLite database, single pnpm start to run
• Role-based access — Viewer, operator, and admin roles with session + API key auth
• Quality gates — Built-in review system that blocks task completion without sign-off
• Multi-gateway — Connect to multiple OpenClaw gateways simultaneously

Quick Start

```bash
git clone https://github.com/builderz-labs/mission-control.git
cd mission-control
pnpm install
cp .env.example .env # edit with your values
pnpm dev # http://localhost:3000
```

Tech Stack

Layer	Technology
Framework	Next.js 16 (App Router)
UI	React 19, Tailwind CSS 3.4
Language	TypeScript 5.7 (strict mode)
Database	SQLite via better-sqlite3 (WAL mode)
State	Zustand 5
Charts	Recharts 3
Real-time	WebSocket + Server-Sent Events
Auth	scrypt hashing, session tokens, RBAC
Testing	Vitest + Playwright (52 E2E tests)

Security Hardening

• Auth guards on all GET endpoints (#4)
• Timing-safe API key comparison (#5)
• XSS sanitization in memory browser (#6)
• Legacy cookie auth removed (#7)
• Login rate limiting — 5 attempts/min per IP (#8)
• SSRF protection on gateway health probes (#9)
• SQL injection fix — parameterized queries (#10)
• CSP hardening — removed unsafe-eval (#15)
• CSRF Origin validation (#20)
• SQLite foreign_keys pragma enabled (#33)
• Missing database indexes on hot query paths (#33)

Quality & DX

• TypeScript strict mode (#11)
• 52 Playwright E2E tests (#12, #29)
• Pagination total counts (#13)
• N+1 query fixes (#14)
• DELETE body standardization (#18)
• Query limit caps at 200 (#19)
• CI pipeline — lint + typecheck + unit tests + build + E2E (#30)

Community

• CODE_OF_CONDUCT.md — Contributor Covenant 2.1
• CONTRIBUTING.md — Development workflow and guidelines
• SECURITY.md — Vulnerability reporting policy
• Issue templates for bug reports and feature requests
• Pull request template with risk level and security checklist

---

Full Changelog: https://github.com/builderz-labs/mission-control/commits/v1.0.0