Add Bates installer: Core + Enhancement Wizard#1
Open
Conversation
…, dashboard, Telegram Complete Step 1 "Bates Core" installer that gets a working AI assistant with dashboard and Telegram in 15 minutes: - Windows Inno Setup script (BatesCore.iss) + PowerShell WSL2 bootstrap (install.ps1) - Linux setup scripts: core-setup.sh, core-configure.sh, core-verify.sh - Shared libraries: common.sh, prerequisites.sh, template-engine.sh - 7 core workspace rules, 2 skills, templatized SOUL.md/TOOLS.md - Config templates: openclaw.json, auth-profiles.json, systemd service, crontab - 8 sanitized core scripts (health-check, watchdog, archive, tmux, etc.) - 2 plugins: cost-tracker + dashboard (glassmorphism UI, 14 panels, agent org chart) - Step 2 enhancement wizard scaffold (bates-enhance.sh) with 5 shared libraries - Build pipeline: sanitize-check.sh (15 forbidden patterns) + build-package.sh - All personal data sanitized — 0 forbidden patterns detected Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Complete bates-enhance package with all 14 integration setup scripts: - m365: 22 files (6 refs, 3 rules, 6 skills, 4 scripts, 14 cron jobs) - agents: 15 files (12 deputy configs, 8 scripts, 15 cron jobs, delegation rules) - search: 11 files (6 Python scripts, config.yaml template, Ollama setup) - teams, twilio, social, tailscale, google: medium integrations with configs - telegram, elevenlabs, image, github, deepseek, websearch: simple integrations Also includes: - Patch management: cost-footer, adaptive-cards, channel-bridge, reapply-patches.sh - 8 documentation guides (manual-steps for each integration + troubleshooting) - All sanitized — 0/15 forbidden patterns detected Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…hema Found via Option B testing (fresh user install). 8 schema errors prevented gateway startup: wrong key names (definitions→list, token→botToken, ttlMinutes→ttl), misplaced sections (heartbeat, session), and missing required fields (gateway.mode, model object format, subagents config). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add prominent disclaimer to README: experimental software, no warranty, use at your own risk, not affiliated with any third-party services - Fix core-configure.sh: openclaw models auth setup-token requires an interactive TTY. Now falls back to manual credential storage when piped input is detected, with instructions to complete setup later. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Claude Code is essential for delegation (run-delegation.sh, claude-tmux.sh, coding-agent skill) but was never installed. Also adds tmux which is needed for the claude-tmux.sh persistent session wrapper. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All config fragments and setup scripts were using non-existent OpenClaw
config keys (mcp, features, assistant) and wrong key names/paths.
Fixed to match actual OpenClaw v2026.2 schema:
- telegram: token -> botToken, removed allowFrom, added dmPolicy/streamMode
- twilio: channels.voice -> plugins.entries.voice-call.config,
maxConcurrent -> maxConcurrentCalls
- elevenlabs: channels.voice.tts -> plugins.entries.voice-call.config.tts.elevenlabs,
model -> modelId, added talk section
- m365: removed assistant/mcp keys, use env.vars; fixed config_merge -> config_merge_inline
- github: removed mcp key, store token in env.vars
- google: removed mcp key, store credentials in env.vars
- websearch: removed mcp key, use tools.web.search for Brave,
models.providers for Perplexity
- image: removed features key, store API keys in env.vars
- search: removed features key (search index uses own config.yaml)
- social: removed features key, store MixPost URL in env.vars
- deepseek: replaced {enabled:true} with full provider structure
(baseUrl, apiKey, api, models array), added template rendering
- agents: added archiveAfterMinutes and model to subagents config
- config-merge.sh: fixed telegram and voice helper functions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- bates-icon.ico: Multi-size ICO (256/128/64/48/32/16) from app icon - installer-banner.bmp: 164x314 wizard banner from splash screen - installer-logo.bmp: 55x55 wizard logo from avatar - installer-splash.png: Full splash screen for reference - BatesCore.iss: Enable SetupIconFile, WizardSmallImageFile, WizardImageFile referencing the new assets Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- All 12 deputy heartbeat crons now include delivery config with
{{PRIMARY_CHANNEL}}/{{DELIVERY_TARGET}} placeholders and bestEffort
- Heartbeat prompts reference deputy-specific HEARTBEAT.md paths
({{HOME}}/.openclaw/agents/{name}/HEARTBEAT.md) instead of generic
- message-router cron changed to sessionTarget: "isolated" to prevent
main session pollution
- daily-standup-compile and weekly-strategy-review get proper delivery
- cron-unlock.sh resolves {{USER_TZ}}, {{PRIMARY_CHANNEL}},
{{DELIVERY_TARGET}}, {{HOME}} from env vars or openclaw.json config
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- channel-bridge.patch.ts: add __openclawUpdateTeamsCard bridge + abort-signal blocking fix - send-update.patch.ts: new patch for updateAdaptiveCardMSTeams function - policy-dm.patch.ts: new patch fixing DM proxy revocation (replyStyle thread -> top-level) - reapply-patches.sh: add sections 4-5 for send.ts and policy.ts auto-patching - model-fallback.sh: expand from 2 to 4 provider options (+ Codex 5.3, Gemini, Sonnet) - troubleshooting.md: add proxy revocation fix, channel auto-restart loop, 1M context warning Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sub-agent result cards, thinking bubbles, progress updates, and failure cards now show the deputy's unique avatar image instead of a generic robot emoji. Avatars are served from GitHub raw URLs (public repo) so Teams servers can fetch them directly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- DISCLAIMER.txt: standalone file with full experimental/risk/autonomous-agent warnings - BatesCore.iss: shows disclaimer as Inno Setup license page (must click "I accept"), Apache 2.0 license shown as info-before page - install.ps1: shows disclaimer and requires "I ACCEPT" before Windows bootstrap; persists acceptance marker to avoid re-prompting after reboot - core-setup.sh: shows disclaimer and requires "I ACCEPT" before Linux setup; supports BATES_ACCEPT_DISCLAIMER=yes for non-interactive/CI use Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add OpenAI Codex (GPT-5.3) as provider option 4 in core-configure.sh - Update OpenAI default from GPT-4o to GPT-5.2 - Update Google default from Gemini 2.0 Pro to Gemini 3 Pro Preview - Add cross-provider fallback chain to openclaw.json template Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ation
Extract all deployed patches from v2026.2.21 into a single reply-composite
patch that applies avatars, thinking bubble, progress/failure cards, announce
directive fixes, and agentId tracking. Previously these were manual edits
that reapply-patches.sh couldn't reproduce.
Changes:
- New reply-composite.patch.js (replaces adaptive-cards.patch.js for reply-*.js)
- Avatar map with 13 agent images + helper functions
- Thinking card on sessions_spawn ("working on..." bubble)
- Result card with avatar in runSubagentAnnounceFlow
- Progress card updates for 2+ minute tasks
- Failure cards at timeout/error/archive points
- Announce directives: enforce incremental delivery, no NO_REPLY
- agentId tracking in registerSubagentRun
- Updated reapply-patches.sh to use composite patch + deliver-file iteration
- Updated README.md with full patch documentation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The cost footer transform hook was the only patch that required manual
intervention. Now auto-applied by anchoring on the exact
`await options.deliver(normalized, { kind })` call site.
All 9/9 reply-composite patches now apply automatically.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All 9/9 reply-composite patches apply cleanly on v2026.2.22-2. Added tested versions section to patches README. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- SOUL.md: delegation is now NON-NEGOTIABLE, coordinator-not-worker pattern, 1-tool-call rule, no 2+ turns before spawning - model-routing: remove Gemini, add tiered agent model table - subagent-policy: add three enforcement directives for immediate delegation, remove stale Gemini temporary override - Google no longer supports OpenClaw — all Gemini references removed Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… main agent Text-based delegation directives were insufficient — Bates was making 62 exec calls and 22 process polls per session instead of spawning sub-agents (only 1 sessions_spawn in 138 turns). Fix: deny runtime/filesystem tools on the main agent via tools.deny in openclaw.json. Main session can only coordinate (sessions_spawn, messaging, web_search). All actual work must go through sub-agents which have full tools. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OpenClaw's tool restriction hierarchy means agent-level tools.deny cascades to all sessions under that agentId, including sub-agents. This broke sub-agent exec/read/write capabilities. Replaced with behavioral rules in SOUL.md and subagent-policy.md instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace generic heuristic regex patterns with structural matching: insert between normalizedPayloads flatMap closing and getGlobalHookRunner(), which has been stable across v2026.2.19-2.24. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Teams card update/send calls in runSubagentAnnounceFlow were awaited, blocking the announce flow for 3-5s on Teams API round-trips. Combined with delivery retries, this exceeded the 10s gateway internal timeout causing "Subagent announce failed: gateway timeout after 10000ms". Wrap the card operations in an async IIFE (no await) so they run in the background. Capture closure variables to avoid mutation issues. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 9/9 reply-composite patches and cost-footer patches apply cleanly on v2026.2.25 despite the announce flow state machine refactor — function names and insertion points unchanged. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- send-update.patch.ts: rewrite to use simpler getMSTeamsRuntime() + createMSTeamsConversationStoreFs() approach instead of the heavier resolveMSTeamsSendContext() pattern. Matches what's actually deployed and working in production. - channel-bridge.patch.ts: remove `return result;` (startAccount doesn't return), use `await result.shutdown()` after abort signal fires. Matches deployed channel.ts patch. Both scripts verified against clean v2026.2.25 files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Complete deputy agent system: 12 heartbeat configs with Graph API channel posting, shared memory templates for cross-deputy persistence, deputy feedback loop, updated cron jobs with correct agentId routing, rewritten collect-standups with all deputies. SOUL.md gains agentId delegation rule and read-back-in-conversation directive. Patches tested through v2026.2.26. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The edit/write tools enforce workspace root boundary checks that block access to shared/ (symlink resolves outside agent workspace). Added directive to all 12 HEARTBEAT.md files instructing deputies to use exec (bash) for shared memory writes instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Teams channel message delivery requires RSC permissions that haven't propagated in the Admin Center. This plugin bypasses that by using Graph API change notifications (subscriptions) to receive real-time channel messages and inject them into the gateway's agent pipeline. - Creates Graph subscriptions for all 8 Bates Operations channels - Handles webhook validation and notification processing - Fetches full message content, strips HTML, deduplicates - Injects messages using finalizeInboundContext/dispatchReplyFromConfig - Sends replies back via Bot Framework REST API - Auto-renews subscriptions every 50 minutes - Stores conversation references for proactive messaging - Updated dashboard plugin to exclude /channel-bridge from SPA catch-all Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cron heartbeat announces were sending redundant Adaptive Cards that rendered as "Card - access it on go.skype.com/cards.unsupported" in Teams DMs. The result card now only fires for sessions_spawn calls (which have a registry entry) not for cron announce deliveries. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Session-continuity: persists conversational context across session resets via handoff digests. Uses before_prompt_build hook to inject prior session context into new sessions so Bates never loses awareness of recent interactions, active tasks, or pending decisions. Rule-based summarization (no LLM calls). Rolling buffer of last 5 interactions. Channel-bridge: fix message ID extraction for delegated permission subscriptions (resourceData.id is empty, parse from resource path instead), add duplicate init guard, add Bates user ID to skip filter. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…n enforcer Plugins: - channel-bridge: add media download, voice channels, thread reply support - cost-tracker: migrate to registerHttpRoute (v2026.3.2), add Codex subscription zero-cost - dashboard: migrate to registerHttpRoute (v2026.3.2), restructure route handlers - session-continuity: fix recursive handoff nesting, add sessionId dedup, artifact detection - delegation-enforcer: new plugin — rate-limits main agent tool calls, forces delegation, anti-circumvention (3-layer enforcement), self-protection (integrity monitoring) Scripts: - post-to-channel.sh: Teams channel posting with thread reply support (secrets from config) - lookup-deputy.sh: deputy agent routing (GPT-5.4 model refs) - lookup-skill-file.sh: skill file lookup with plural aliases - acp-health-check.sh: ACP runtime diagnostics Workspace: - SOUL.md: core personality and behavioral rules - 21 workspace rules (delegation, heartbeat policy, teams channels, etc.) - 12 deputy heartbeat configs (absolute paths for sandbox compatibility) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Install @openai/codex alongside @anthropic-ai/claude-code in core-setup.sh - Update provider selection: openai-codex/gpt-5.3-codex → openai-codex/gpt-5.4 - Add CLI presence checks for both Claude Code and Codex in core-verify.sh Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
core-setup.sh: - UFW firewall: deny all incoming except Tailscale (100.64.0.0/10) + localhost - SSH hardening: PasswordAuthentication no, PermitRootLogin no - npm security: ignore-scripts=true (prevents supply-chain attacks) - File permissions: chmod 700 ~/.openclaw, 600 openclaw.json, 700 agents/ openclaw.json.template: - Add ssrfPolicy.dangerouslyAllowPrivateNetwork to browser config Document Section 9 - Security Hardening: - Network security (UFW rules) - SSH hardening - Filesystem restrictions (two-layer: SOUL.md + delegation-enforcer) - File permissions - npm security - Browser relay security (gated approval, auto-revoke) - API key management (subscription auth, env stripping, auto-generated token) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SOUL.md.template:
- Replace all Robert-specific references with {{USER_NAME}}, {{ASSISTANT_NAME}},
{{USER_TZ}}, {{USER_CONTEXT}}, {{ASSISTANT_EMAIL}}, {{LINUX_USER}}
- Add conditional M365 blocks: {{#IF_M365}}...{{/IF_M365}} for OneDrive/email rules,
{{#IF_NO_M365}}...{{/IF_NO_M365}} for local file storage fallback
- Without M365: output files go to ~/.openclaw/workspace/drafts/ (local)
- With M365: output files upload to OneDrive via Graph API
template-engine.sh:
- Add conditional block support: {{#IF_NAME}}...{{/IF_NAME}}
- Keep block content if env var is set, remove if unset/empty
core-configure.sh:
- Set IF_M365/IF_NO_M365 flags based on M365 setup result
- Export LINUX_USER, USER_CONTEXT, ASSISTANT_EMAIL for template rendering
Document Section 9.7:
- Add "Operating Without Microsoft 365" table showing what works/doesn't
- Clarify 100.64.0.0/10 is standard Tailscale CGNAT range (generic)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Section 9.7 renamed to "Operating Without M365 Email/Calendar Sign-In" to distinguish from Teams (which always works via embedded bot). Updated table: Teams DM + channel posting both show "Fully works" without M365 sign-in. Added note explaining the separation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
README.md: - Add "Why two machines?" section with bates-two-machine-setup.png diagram (from fDesk OneDrive brand assets) between Architecture and Integrations sections - Expand Credits into "Powered by OpenClaw" section with links to OpenClaw GitHub, docs, and Peter Steinberger - Add note about OpenClaw's own security warnings and license terms DISCLAIMER.txt: - Add item 8: "POWERED BY OPENCLAW" with MIT license notice and link to OpenClaw repo - Note that OpenClaw's own license terms apply BatesCore.iss: - Add "Powered by OpenClaw" section to installer finish page with Peter Steinberger credit install.ps1: - Add "Powered by OpenClaw" line to final success message Assets: - Add bates-two-machine-setup.png and .svg from fDesk OneDrive Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Installer now shows two pages: 1. OpenClaw MIT License (InfoBeforeFile) — displayed with credit to Peter Steinberger and link to github.com/openclaw/openclaw 2. Bates Disclaimer (LicenseFile) — requires "I accept" to proceed No extra clicks — the OpenClaw license replaces the previously shown Bates Apache LICENSE on the info page. Users see and acknowledge both. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the minimal MIT-only text with the full OpenClaw security notice from docs.openclaw.ai/gateway/security, followed by the MIT license. Users now see on the InfoBefore page: - Security warnings: autonomous capabilities, prompt injection risk, personal assistant trust model, unencrypted data on disk - MIT License by Peter Steinberger - Link to full security guide Then the Bates disclaimer on the License page (requires "I accept"). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Users now see both licenses during install: - Page 1: OpenClaw security notice + MIT License (Peter Steinberger) - Page 2: Bates disclaimer + Apache 2.0 license (getBates / Robert Koller) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mirrors the OpenClaw page format: project name, URLs, creator name prominently at the top. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Changed CreateCustomForm() to TForm.Create(nil) — CreateCustomForm is not available in Inno Setup 6.7.1. Compiled successfully. Output: build/output/BatesCore-2.0.0.exe (21MB) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CRITICAL fixes:
- Fix deputy template_render: export AGENT_ID/AGENT_NAME per-agent before
render (was passing ignored extra args). Fix agent-openclaw.json.template
invalid JSON (unquoted {{AGENT_LAYER}}, missing vars).
- Fix BatesCore.iss: add recursesubdirs for templates/, add agents/,
shared-memory/, patches/ to [Files]. Fix desktop app path.
- Fix WSL/systemd bootstrap: write /etc/wsl.conf with systemd=true and
restart WSL BEFORE running systemd-dependent core-setup.sh.
- Fix M365 whitelist schema to match gateway.py expectations.
- Fix M365 safety fails-open: block write operations (PUT/POST/PATCH/DELETE)
when safety gateway is unavailable. Reads still pass through.
- Remove Teams secret from repo: prompt user interactively instead of
embedding base64-encoded secret in core-configure.sh.
HIGH fixes:
- Replace hardcoded /home/openclaw/ in delegation-enforcer, dashboard,
m365-safety, channel-bridge plugins with os.homedir() / process.env.HOME.
- Fix gateway bind: change loopback to 0.0.0.0 (UFW restricts to Tailscale).
Add token auth config.
- Fix Teams tenantId: add prompt + template placeholder.
- Fix desktop app path: point to dist-builds/ where .exe actually lives.
- Fix install success banner: track $installSuccess, gate final message.
- Add cron to apt install list in core-setup.sh.
- Fix broken workspace refs: make tool reference table conditional, remove
hardcoded file paths for enhance-only refs.
MEDIUM fixes:
- Replace ALL "Robert" references with {{USER_NAME}} in SOUL.md.template
and all 10 workspace rules files.
- Anonymise subagent-policy.md examples (rk@fdesk.tech -> user@example.com,
Solatio -> ExampleCorp).
- Remove hardcoded Teams channel IDs from teams-channels.md, replace with
generic template using script lookups.
LOW fixes:
- Add THIRD_PARTY_LICENSES.md (OpenClaw, Lossless Claw, Superpowers,
Node.js, Inno Setup, Tauri).
- Fix telegram manual steps doc.
NEW:
- Add two-machine architecture diagram to installer role selection
(shows PNG in Windows Form before Server/Client choice).
- Rewrite role selection text to explain the two-machine concept clearly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Publisher: "getBates (Robert Koller)" - URL: https://getbates.ai - Copyright: Robert Koller 2025-2026 - Version info embedded in exe properties Note: "Publisher unknown" UAC warning persists until the exe is code-signed with a certificate. Recommended: Azure Trusted Signing (~$10/month) or SSL.com code signing cert (~$70/year). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The Windows Forms approach failed silently because PowerShell runs inside Inno Setup's console context where ShowDialog doesn't display. New approach: open the PNG with the default Windows image viewer (Start-Process), then pause with "Press Enter to continue". Simple, reliable, works in any PowerShell context. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Users can now cancel at multiple points: - Role selection: type Q to quit (no changes made) - After role selection: "Continue? (Y/Q)" confirmation showing exactly what will be installed, before any system changes begin - Inno Setup wizard pages: standard Cancel button (already existed) Both cancel points confirm "No changes were made to your system." Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The Server vs Client choice is now a proper wizard page inside Inno
Setup (with radio buttons and explanations), appearing right after
the license/disclaimer pages. The user sees:
1. Splash screen
2. OpenClaw security notice
3. Bates disclaimer (I accept)
4. "Which machine is this?" — Server/Client radio buttons with
descriptions and Powered by OpenClaw note
5. Ready to install (with cancel option)
6. File extraction
7. PowerShell receives -Role server/client, skips console selection
The role is passed to install.ps1 via {code:GetSelectedRole}.
Fallback interactive selection preserved for standalone script use.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CRITICAL fixes: - C1/H6: Generate gateway token in core-configure.sh (openssl rand), save to gateway-token file, add to systemd drop-in, print for user - C2: Add all 7 core plugins to plugins.load.paths + plugins.allow + plugins.entries in openclaw.json.template - C3: Fix template engine conditional regex to match digits (IF_M365) HIGH fixes: - H1: Clean up deputy agent-soul.md.template (remove unresolved vars) - H2: Set installSuccess=false when core-verify.sh fails - H3: Anonymise /home/openclaw/ in 10 core scripts (use $HOME) - H4: Fix workspace refs — replace table with "installed by enhance" note, create observations/file-index.md placeholder - H5: Replace bates-enhance.sh references with "available separately" MEDIUM fixes: - M2: Fix agent-message.sh — use $HOME + OPENCLAW_GATEWAY_TOKEN env var - M4: Replace teams-manifest.zip reference with actual instructions Installer UX: - Swap page order: Bates disclaimer first, OpenClaw security notice second - Regenerate wizard logo (55x55) and banner (164x314) with better cropping Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- 12 Sub-Agents with current role names - Remove Docker/Ollama/ChromaDB references - Generic hardware reference - Fix quick start to match actual installer behavior Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
C1/H6 (dashboard token):
- dashboard/index.ts reads OPENCLAW_GATEWAY_TOKEN from env instead of
config.gateway.auth.token
- Updated login hint to reference ~/.openclaw/gateway-token
- Updated browser extension README.md and options.html help text
H3 (anonymisation — deep pass):
- channel-bridge/index.ts: removed hardcoded conversation IDs, read from
config/msteams-conversations.json dynamically
- post-to-channel.sh: removed hardcoded team/channel IDs, read from config
- cron-channel-router.sh: removed hardcoded channel mapping, read from config
- find-channel-thread.sh: removed hardcoded team ID, read from config
- collect-standups.sh: removed hardcoded paths
- rescue-bates.sh: fixed hardcoded path
- core-client-setup.ps1: fixed hardcoded reference
H4 (workspace refs):
- SOUL.md.template: removed references to non-existent skill paths
(presentations, word-documents, spreadsheets, legal-docs)
- Removed Bates Prompt Stack section (references non-existent runtime kit)
- Made QUEUE.md references conditional ("if it exists")
- Made call-transcription skill reference generic
M3 (README):
- Fixed Quick Start to match actual installer behavior
- Removed "builds local search index" (that's enhance)
- Fixed manual steps (only Telegram needed, M365 optional)
- Removed business branding from footer
Mailing list subscribe: already present on finish page (getBates.ai/newsletter)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…tion Inspired by openclaw_quick_installer (JustinBIBERRR): install.ps1: - Timestamped install logging to $InstallDir/logs/install-*.log - Write-Step/Success/Warn/Fail all log with elapsed time - Progress file (install-progress.txt) with step/total/label for future GUI integration (8 steps tracked) - Final elapsed time shown on success and failure core-configure.sh: - Existing installation detection: detects ~/.openclaw/openclaw.json, offers upgrade/fresh/cancel with automatic backup - API key validation: Anthropic token format check (20+ chars), API key prefix check (sk-ant-), Telegram bot token format (digits:alphanumeric), Telegram user ID (numeric only) Also includes remaining anonymisation fixes from H3 agent: - 62 files across plugins, scripts, agents, workspace, dashboard - Removed hardcoded business names, channel IDs, email addresses - All replaced with $HOME, config reads, or template variables Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Complete Tauri + React installer with 7 pages: - Welcome: branded landing with feature highlights - Role Selection: Server/Client with architecture diagram - License: tabbed Bates disclaimer + OpenClaw security notice - System Check: real-time prereq validation (OS, RAM, disk, internet, WSL) - API Setup: AI provider selection, token validation, Telegram config - Installing: real-time progress bar + log output streaming - Success: next steps, dashboard link, GitHub/newsletter/share buttons Tech stack: Tauri 2 (Rust backend), React 18, Tailwind CSS, Vite Rust backend: syscheck via PowerShell, install process streaming, progress file polling Frontend builds successfully (vite build). Rust build requires VS Build Tools on Windows (MSVC linker). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
M365-tools: exposes 13 email/calendar/tasks/OneDrive tools as native gateway tools via mcporter, so sub-agents can access them directly. Mixpost: social media management plugin with HTTP API for posts, accounts, tags, and scheduling via Mixpost Pro Team. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Skill files that guide Bates on how to delegate document creation (DOCX, XLSX, PPTX) to Claude Code / Codex sub-agents. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CLI reminder manager with add/list/due/done/snooze/delete commands. JSON-backed persistence with migration logic for older entries. Integrated into heartbeat flow to surface due reminders automatically. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Use OPENCLAW_HOME env var or platform-specific default (Windows: %APPDATA%/openclaw, Linux: ~/.openclaw) - Add reminders.py deployment to core-setup.sh installer Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New tools via direct Graph API calls: - create_calendar_event (with attendees, Teams meeting link) - update_calendar_event - delete_calendar_event - find_meeting_times (across multiple attendees) - get_user_info (profile lookup by email) Total: 18 native gateway tools for M365. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bates can now compose emails and place them in Robert's Drafts folder for review. No email is sent without human action. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Email drafts now go directly to Outlook Drafts folder via draft_email tool instead of saving as MD files on OneDrive - Calendar operations use native create/update/delete/find_meeting_times tools instead of ms365-assistant - Updated SOUL.md and refs/email-ops.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
draft_email now takes an account parameter (vernot or fdesk) to create drafts in the correct Outlook mailbox. Graph API token management updated to support per-account tokens. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- All links open in external browser via Rust open::that() (Welcome, License, Success, AssistantEmail pages) - License page: click handler intercepts <a> tags, routes through open_url Rust command - Install backend: accepts full InstallConfig with all user settings, writes install-config.json, passes to install.ps1 - get_install_dir command: finds installer files next to exe or falls back to LocalAppData - Streams both stdout and stderr to frontend via events Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
H4: Fix remaining broken references - context-hygiene.md: remove hardcoded refs/mcp-servers.md and refs/email-ops.md examples (enhance-only), simplify to generic guidance - proactive-philosophy.md: remove refs/onedrive.md reference, make OneDrive conditional. Remove hardcoded skill paths. - Create observations/tasks.md and captures.md (referenced by quick-capture skill) - TOOLS.md exists as .template (rendered during install) - not broken M3: Fix README to accurately reflect core vs enhance - Split "What Bates Does" into Core (ships with installer) and Optional Integrations (enhance) - Update metrics table to show what actually ships in core - Remove deployment-specific numbers (49 cron jobs, 6 MCP servers, 4 email inboxes) that only apply to the dev deployment Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
bates-enhance.shwizard with 14 optional integrations: Microsoft 365, Teams, Twilio voice calls, ElevenLabs TTS, search index, image generation, social media, Tailscale, on-demand agents (12 deputies), Google APIs, GitHub, DeepSeek, and web searchStats
Test plan
sanitize-check.sh— verify 0/15 forbidden patternscore-setup.sh+core-configure.sh+core-verify.shon fresh WSL2 UbuntuBatesCore.isswith Inno Setup 6 on Windowsbates-enhance.shand test individual integrations{{PLACEHOLDER}}values correctly🤖 Generated with Claude Code