Action guard upgrade and docs polish. The output guard now catches past-tense false completion claims, and the README is condensed for the npm landing page.

• Expanded action guard to detect past-tense claims like "I've posted the message" when no action block was emitted.
• Classified downloadAttachment as a query action so auto-follow-up fires correctly after downloads.
• Condensed README for a cleaner npm package page.

Self-management docs and Discord action hardening. The bot can now update itself via !update, and action routing is more resilient.

• Added self-management section to README documenting the !update command for in-place upgrades.
• Hardened Discord action routing for edge cases in action dispatch.

Smarter recall. Cold storage queries now use HyDE (Hypothetical Document Embedding) to generate a synthetic ideal answer before searching, dramatically improving retrieval for vague or conceptual queries.

• Added HyDE to cold storage — the bot now imagines what a perfect answer would look like, then searches for real content matching that shape.
• Enabled by default; opt out via DISCOCLAW_HYDE_ENABLED=false.
• Especially effective for "when did we discuss..." and "what was the decision about..." style queries where keywords alone miss the mark.

Lighter context window. History images are no longer injected into the prompt, reducing token overhead without losing image awareness.

• Stopped downloading and injecting inline images from message history into the AI prompt.
• Images attached to the triggering message are still processed — only historical image re-injection is removed.
• Significant token savings on threads with lots of image attachments.

Instruction extraction. Core behavioral rules are now in a standalone SYSTEM_DEFAULTS.md file, making them easier to audit, override, and share across workspace configurations.

• Extracted tracked default instructions into templates/instructions/SYSTEM_DEFAULTS.md.
• Workspace-specific AGENTS.md files can now override defaults cleanly without duplicating baseline rules.

Silent cron fix. Error messages from failed cron jobs are no longer posted to Discord when the cron has silent mode enabled.

• Gated catch-block error posts on the silent flag — silent crons no longer spam channels on failure.
• Errors are still logged and recorded in stats; only the Discord post is suppressed.

Focus discipline. The bot no longer volunteers help with unrelated topics it notices in conversation history or cross-channel activity.

• Added explicit instruction preventing the model from proactively surfacing issues from other channels or older history.
• Strengthened wording removes the "unrelated" escape hatch so the model can't rationalize old topics as relevant.

Cron embed hygiene. Stale pinned prompt and status messages are now unpinned before replacements are posted, preventing pin clutter in cron threads.

• Cron sync now unpins old prompt messages before pinning refreshed replacements when projections drift.
• Status message updates unpin the previous message when edits fail, avoiding duplicate pins.
• Added a promptMessageId secondary index for O(1) prompt message lookups and proper cleanup on record removal.

Prompt efficiency patch. Reduces per-turn token overhead by ~1,765 tokens through instruction compression and runtime deduplication.

• Compressed system instructions (SYSTEM_DEFAULTS.md, TOOLS.md, pa.md) — same behavior, fewer tokens.
• Moved repetitive instruction content into runtime builders so templates stay lean.
• Added test coverage for instruction assembly and deduplication logic.

Smarter context, better reliability. Messages now carry temporal awareness, cron scheduling is decoupled from Discord thread state, and the dashboard gets a settings panel.

• Added temporal awareness to message history — the bot now knows when messages were sent, enabling time-relative reasoning.
• New dashboard settings panel surfaces key config options without touching .env files.
• Hardened cron boot loading against stats store loss and AI parse failures.
• Decoupled cron scheduling from Discord thread archive state — archived threads no longer block scheduled jobs.
• Plan/forge system is now disabled by default with sub-flags derived from the parent enable flag.

The 1.0 milestone. Six runtimes validated end-to-end, Discord canvas activities, a redesigned operator dashboard, and a fully automated release pipeline.

• Validated all six runtime paths (Claude CLI, Claude API, Codex CLI, OpenAI, OpenRouter, Gemini) with auth smoke tests and a 1.0 support matrix.
• Redesigned the operator dashboard with live runtime state overlay and per-instance boot disambiguation.
• Unified all six runtime paths with auth smoke tests, safe defaults, and a provider/auth support matrix.
• Added first-class shell-input cron mode and hardened prompt sectioning for session stability.
• Automated the full release pipeline: rehearsal checkpoints, push/PR verification in forge, and zero npm audit vulnerabilities.

Self-improvement harness, PDF ingestion, and model defaults modernized.

• Built the self-improvement harness: AI-guided mutator, parallel test execution, targeted mutations, per-file baselines, and forbiddenActions scoring.
• Added PDF text extraction for all runtimes (auto-download for Claude, cross-runtime extraction).
• Switched AI mutator to OpenAI-compatible API via OpenRouter.
• Updated default models to claude-opus-4-6 / claude-sonnet-4-6 and added archive action.
• Shipped 45+ action-compliance fixtures with CLI --tag filtering.

Security hardening and safety rails: webhook sanitization, config action auth, git commit safeguards, and smarter follow-up prompts.

• Fixed a webhook prototype-pollution DoS vector and added requester authorization to config actions.
• Shipped a three-layer defense against catastrophic git commits (diff-size gate, path blocklist, confirmation prompt).
• Hardened follow-up prompts against context overflow and truncation in long conversations.
• Added Gemini model validation and updated imagegen defaults.

Image generation gets source-image support and a progress indicator.

• Added source image support for generateImage — edit, remix, or riff on an existing image.
• External URL source images are now accepted alongside local file paths.
• Added a progress indicator so users see generation status in real time.

Vision lands: the bot can now see images in chat history, not just the triggering message.

• Added vision support for images in chat history — thread and channel context images are now visible to the AI.
• Image attachment metadata (filename, content type, dimensions) surfaced in readMessages and fetchMessage.
• Imagegen model is now runtime-switchable via `!models set`.

Forge reliability overhaul, Codex hardening across the board, and a new operator dashboard preset switcher.

• Added runtime preset switcher to the operator dashboard and forced action inventory checks before capability refusals.
• Hardened native Codex forge: salvage retries, plan tail preservation, stall detection, websocket reconnect, and mid-turn steering.
• Made local cron persistence the canonical source of truth and shipped a cron patterns cookbook.

Operator ergonomics jump forward: built-in dashboard, MCP visibility, and much sturdier long-running workflows.

• Added a built-in operator dashboard with health/status surfaces, config doctor, and safer local/network access handling.
• Shipped MCP operator tooling: `!mcp`, dashboard MCP status, and stronger startup/environment validation.
• Hardened plan runs and automations with verification evidence, resumable HITL waits, reaction-history context, execution traces, and cron state cleanup.

Cold storage memory lands, model routing gets a tiered overhaul, and prompt/streaming behavior gets tighter.

• Added cold storage: semantic recall over past conversations using SQLite, vector search, and keyword search.
• Reworked model config into tier-based presets with cleaner per-role overrides.
• Polished prompt ordering, token budgeting, and streaming previews.

Memory injection got smarter, Discord reads got richer, and a few operational rough edges got sanded down.

• Made durable memory injection query-aware instead of blindly static.
• Taught `fetchMessage`, `readMessages`, and `listPins` to surface embed content too.
• Expanded cron cookbook patterns and bumped `@discordjs/opus` for a security fix.

Maintenance cut to roll forward the voice/runtime work from the surrounding releases.

• No major user-facing delta on its own.
• Served as a packaging waypoint while the voice and defer changes stabilized.

Voice got substantially more capable, with runtime routing and better conversation state.

• Added per-role voice runtime support, including Gemini REST adapter support.
• Introduced voice conversation buffering and smarter runtime auto-switch behavior.
• Documented context-isolation edges for defer, spawn, and reaction prompts.

Deferred workflows can now nest instead of stopping after one hop.

• Added nested `defer` support with a configurable depth limit.
• Exposed the depth control in config/docs so it can be tuned instead of hardcoded.

Install fix release for newer Fedora / GCC toolchains.

• Patched `@discordjs/opus` install behavior for Fedora 43+ / GCC 15 compatibility.

Automations learned how to keep state and hand work to each other.

• Added cron job chaining.
• Added persistent state for cron jobs across runs.

Durable memory stopped being static and started adapting over time.

• Added reinforcement and decay signals to durable memory.
• Made long-term facts age more like real memory instead of a flat key-value store.

Prompt context, voice, and task/thread synchronization all got sharper.

• Injected a live open-task summary into prompts and pinned prompt messages in cron threads.
• Added the deep model tier and cleaned up voice ID/code readouts before TTS.
• Fixed archived-thread orphaning, task-close idempotency, and streaming code-fence leaks.

Parallel sub-agents became a first-class feature.

• Added the `spawnAgent` Discord action for parallel sub-agent invocations.
• Enabled subagent spawning by default.
• Exposed Deepgram TTS speed in config and cleaned up `!update` apply noise.

A broad systems release: secrets, memory upgrades, transcript ingestion, and stronger safety around external content.

• Added `!secret` for DM-only `.env` management.
• Added durable memory supersession/consolidation plus YouTube transcript injection.
• Sanitized external content before prompt injection and expanded the docs substantially.

OpenAI-compatible runtimes graduated from basic text to real tool use.

• Added OpenAI-compatible tool schemas, execution handlers, and runtime support.
• Enabled runtime hot-swaps via `!models set`.
• Shipped MCP and webhook docs alongside the adapter work.

The npm-managed install path got more production-ready.

• Improved `install-daemon` service naming and PATH handling.
• Reset multi-turn sessions automatically on context overflow instead of getting wedged.
• Cleaned up tag-triggered publish behavior.

Follow-up fix for npm-managed installs.

• Replaced the brittle global npm path check with `.git`-based npm-managed detection.

The updater era started here.

• Added npm-managed instance detection and the `!update` command.
• Capped rolling summaries harder and handled cron interruptions more gracefully.
• Bundled model-tier overrides, batching, and imagegen improvements.

Bootstrap and first-run setup got much less painful.

• Made `discoclaw init` auto-bootstrap the key forum channels on first connect.
• Added image generation actions and stronger forge failure reporting.
• Started wiring the `--service-name` install flow.

First public npm release.

• Initial publish of DiscoClaw to npm.