winget install --id RightNow-AI.OpenFangAbout OpenFang
OpenFang is an open-source Agent Operating System — not a chatbot framework, not a Python wrapper around an LLM, not a "multi-agent orchestrator." It is a full operating system for autonomous agents, built from scratch in Rust. Traditional agent frameworks wait for you to type something. OpenFang runs autonomous agents that work for you — on schedules, 24/7, building knowledge graphs, monitoring targets, generating leads, managing your social media, and reporting results to your dashboard.
What's new in 0.6.9
Security patches (RUSTSEC advisories that broke v0.6.8 CI): - rustls-webpki 0.103.10 → 0.103.13: - RUSTSEC-2026-0104 — reachable panic in CRL parsing - RUSTSEC-2026-0098 — name constraints for URI names incorrectly accepted - RUSTSEC-2026-0099 — wildcard name constraints accepted incorrectly - wasmtime 43.0.1 → 43.0.2: - RUSTSEC-2026-0114 — panic allocating a table exceeding host address space Maintenance: - cargo fmt applied workspace-wide (CI Format gate green) All v0.6.8 fixes carried forward: - #1097 workspace state_dir split - #1085 dashboard WS auth aligned with HTTP middleware - #1038 skill_list / skill_describe / skill_execute agent tools - #995 Requesty provider added - #1154 OLLAMA_HOST / LMSTUDIO_HOST env override - #1170 require_signed wired through POST /api/skills/install - #1174 POST /api/audit/append endpoint - #1172 HAND.toml SHA-256 to Merkle audit chain - #780 Telegram message_thread_id routing - Codex installer findings: CRLF/BOM, package.json, symlink, TOCTOU all closed
Version history
| Version | Updated | Notes |
|---|---|---|
| 0.6.9 | Security patches (RUSTSEC advisories that broke v0.6.8 CI): - rustls-webpki 0.103.10 → 0.103.13: - RUSTSEC-2026-0104 — reachable panic in CRL parsing - RUSTSEC-2026-0098 — name constraints for URI names incorrectly accep... | |
| 0.6.7 | Unknown | Resolves 7 community issues. 2657 tests passing, zero clippy warnings, zero regressions. Web Dashboard - #1179 WebSocket reconnects to the active agent after page refresh. localStorage persists the agent id, init restore... |
| 0.6.4 | Unknown | This release resolves 4 community-reported issues. 2543 tests passing, zero clippy warnings, zero regressions. Web Dashboard - #1036 Sidebar opens in Firefox. Replaced template x-if + div x-transition pattern (broken in... |
| 0.6.3 | Unknown | This release resolves 4 bugs across LLM drivers, channels, and kernel hot-reload, plus a CI tooling bump. 2540 tests passing, zero clippy warnings, zero regressions. LLM Drivers - #1098 Reasoning models retain state acro... |
| 0.6.2 | Unknown | This release resolves 8 community-reported issues and ships 4 dependency bumps. All changes verified with cargo clippy clean and 2517 tests passing. Security - #1060 SSRF protection unified for WASM host calls. IPv6 brac... |
| 0.6.1 | Unknown | This release resolves 12 community-reported issues across kernel, channels, runtime, and the dashboard. All fixes verified with cargo clippy clean and 2497 tests passing. Kernel & Heartbeat - #1102 Heartbeat now exempts... |
| 0.6.0 | Unknown | Three Hermes-inspired capabilities ported to OpenFang's Rust architecture. Each wired end-to-end: backend + API + dashboard + (where applicable) TUI. 51 new tests, zero clippy warnings, zero regressions across 2460+ work... |
| 0.5.10 | Unknown | Follow-up patch to v0.5.9. Seven real bugs off the tracker. Security Auth fail-closed. When no api_key is configured, non-loopback requests are rejected with 401 by default. Loopback still goes through with no config so... |
| 0.5.9 | Unknown | The zero-bug release. Every open bug on the tracker has been fixed. Config persistence finally works Dashboard changes to agent model, provider, fallback chain, system prompt, and identity settings now write back to agen... |
| 0.5.8 | Unknown | Dozens of community contributions merged in this release. Every PR was audited for correctness, security, and code quality before landing. What's new GitHub Copilot OAuth rewrite by @dmbutko. Full device flow authenticat... |
| 0.5.6 | Unknown | Critical Fix - Version sync: Desktop app and workspace version now correctly report v0.5.5+. Users stuck on v0.5.1 should be able to update. Tauri config was hardcoded at 0.1.0 since initial commit. New Features - SSRF a... |
| 0.5.5 | Unknown | Bug Fixes - #771 Qwen/OpenAI-compat tool_calls orphaning after context overflow. Smart drain boundaries + streaming repair. - #811 LINE webhook signature validation. Raw bytes for HMAC, secret trimming, debug logging. -... |
| 0.5.4 | Unknown | Bug Fixes - #875 Install script now correctly fetches latest release version - #872 Session endpoint returns full tool results (removed 2000-char truncation) - #867 agent_send/agent_spawn timeout increased to 600s (was 1... |
| 0.5.3 | Unknown | What's Changed This release resolves 19 bugs across runtime, kernel, CLI, Web UI, and hands — all verified with live daemon testing. Runtime & Drivers - #834 Remove 3 decommissioned Groq models (gemma2-9b-it, llama-3.2-1... |
| 0.5.2 | Unknown | What's Changed Bug Fixes (12 issues resolved) Runtime & Drivers - #834 Remove 3 decommissioned Groq models (gemma2-9b-it, llama-3.2-1b-preview, llama-3.2-3b-preview) - #805 Ollama streaming parser now handles both reason... |
| 0.5.1 | Unknown | 9 community PRs merged after strict review (24 PRs reviewed, 11 rejected, 4 closed). Fixes - Dashboard settings page loading state fix (#750) - KaTeX loaded on demand to prevent first-paint blocking (#748) - Provider mod... |
| 0.5.0 | Unknown | 29 bugs fixed, 6 features shipped, 100+ PRs reviewed, 65+ issues resolved. Features - Image generation pipeline (DALL-E/GPT-Image) - WeCom channel adapter - Docker sandbox runtimes - Shell skill runtime - Slack unfurl li... |
| 0.4.9 | Unknown | v0.4.9 Bug Fixed - Image pipeline (#686): REST API and WebSocket now pass image attachments as content_blocks directly to the LLM via send_message_with_handle_and_blocks() / send_message_streaming(). Previously images we... |
| 0.4.8 | Unknown | v0.4.8 Bugs Fixed - Fix HandCategory TOML parse error — added Finance + catch-all Other variant (#717) - Fix LINE token detection heuristic — long tokens (>80 chars) recognized as direct values (#729) - Fix General Assis... |
| 0.4.7 | Unknown | Release notes |