v0.1.28

What's Changed

• Fix min/max version to align with XML v7 minimum by @mstrhakr in #11

New Contributors

• @mstrhakr made their first contribution in #11

Full Changelog: v0.1.27...v0.1.28

v0.1.27

System & Disk Stats

• Add memory stats (total, used, free, percent) to /api/system/info and /api/system/metrics
• Add CPU load averages (1m, 5m, 15m) to /api/system/info and /api/system/metrics
• Add disk usage (used, free, percent) to /api/disks endpoints via df
• Make /api/system/metrics a lightweight endpoint for polling (memory + CPU load only)
• Update OpenClaw plugin tool descriptions to match new fields (v0.1.4 on npm)

Full Changelog: v0.1.26...v0.1.27

v0.1.26

Security Hardening Release

• Fix command injection in syslog and notification endpoints (execSync to execFileAsync)
• Fix path traversal in notification archive/delete and docker template filename
• Restrict CORS to local network origins only
• Stop exposing Unraid API key in settings page HTML
• Remove internal error details from API error responses
• Add rate limiting on API authentication (10 attempts/min per IP)
• Add input validation on docker:create parameters (image, ports, volumes, env, network)
• Validate share update fields (floor, splitLevel, comment)
• Set restrictive file permissions on config, permissions, and log files
• Enforce strict boolean types in permission saves
• Require WebGUI authentication on activity log PHP endpoints
• Move CSRF token from global JS variable to data attribute

Full Changelog: v0.1.25...v0.1.26

v0.1.25

Changes

• Add Unraid WebUI Port setting for non-standard port configurations (fixes #6)
• GraphQL URL is now constructed automatically from the port (default: 80)
• Users running Unraid on custom ports (e.g. 3443) can now set it without editing the full URL

Full Changelog: v0.1.24...v0.1.25

v0.1.24

Changes

• Remove GraphQL URL from settings UI, hardcode to http://localhost/graphql (fixes #6)
• Prevents misconfiguration that caused 500 errors on all GraphQL-based endpoints

Full Changelog: v0.1.23...v0.1.24

v0.1.23

Bug Fixes

• Fix /api/health reporting hardcoded version "0.1.0" instead of actual installed version
• Version is now read from the .plg file automatically, so it always matches the installed release

Full Changelog: v0.1.22...v0.1.23

v0.1.22

What's New

• Docker container creation endpoint with Unraid UI integration by @bitcryptic-gw in #4

Bug Fixes

• Fix Docker/VM actions failing with 400 Bad Request (fixes #2, #3): All Docker operations (inspect, logs, start, stop, restart, pause, unpause) and VM operations now use CLI (docker/virsh) instead of GraphQL queries that relied on schema fields not exposed in production Unraid 7.2.3
• Fix OpenAI function calling compatibility (fixes #5): Added properties: {} to all parameter-less tool schemas. OpenAI requires this even for tools with no parameters
• Fix global TLS bypass in OpenClaw plugin (#1): Replaced NODE_TLS_REJECT_UNAUTHORIZED=0 with a scoped https.Agent({ rejectUnauthorized: false }) that only affects connections to the Unraid server
• Fix XML injection in docker:create: All user-supplied values in the dockerMan XML template are now escaped
• Fix volume pre-creation safety: Restricted mkdir to /mnt/ paths only, removed blanket chown

Docs

• README: corrected route paths (/api/array/status, /api/array/parity/status), added ADMIN API key requirement, added docker:create to endpoint and permission tables

New Contributors

• @bitcryptic-gw made their first contribution in #4

Full Changelog: v0.1.21...v0.1.22

v0.1.21

Full Changelog: v0.1.20...v0.1.21

v0.1.20

Full Changelog: v0.1.19...v0.1.20

v0.1.19

Full Changelog: v0.1.18...v0.1.19