DashClaw 4.20.1 — launch-readiness patch.

Versioning note: since 4.0.0 the platform and both SDKs share one version, tagged from the platform package.json. Releases between v2.1.0 and this tag shipped continuously to main and are fully documented in CHANGELOG.md — the GitHub releases page is simply catching up.

Fixed

• MCP read tools honor explicit agent_id filters (@dashclaw/mcp-server 2.0.1): on the 8 query tools (loop_list, learning_query, decisions_recent, handoff_latest, secret_list, secret_due, inbox_list, behavior_suggestions) the server-configured agent id no longer silently rewrites an explicit per-call filter — "show me agent X's loops" used to return the caller's own rows. Write tools keep server-priority identity pinning (the impersonation guard, unchanged).
• GET /api/actions/loops now actually filters by action_id — the MCP loop_list tool always advertised and sent the param; the route silently ignored it.
• README: removed a stale pre-4.0 version label from the Durable execution finality section.
• Removed a superseded internal homepage draft doc from the public repo.

Verified for this release

• npx dashclaw-demo re-tested end-to-end on a clean environment (no DASHCLAW_* env vars): image pulls anonymously from GHCR, the simulated high-risk action is blocked, and the Decision Replay page serves. The demo image rebuilds automatically on every push to main.
• The May 2026 smoke-test reports of loop_list / learning_query 500s were re-verified against a live instance: both endpoints are healthy (fixed by the earlier loops-route join fix); the agent_id rewrite above was the remaining real defect.

Full history: CHANGELOG.md

Added

• Governance Boundary CI: New CI rule (npm run governance:boundary:check) that prevents "platform creep" by failing if non-core routes are added to the active API namespace.
• Minimal Governance Loop Example: Shipped examples/dashclaw-example-openai-agent, a 30-line "Aha! Moment" demo that shows DashClaw blocking a risky action in under 8 minutes.
• v2 SDK Compatibility Bridge: New sdk/index.cjs providing a clean CommonJS entry point for the minimal v2 runtime.

Changed

• Minimal Governance Runtime: Physically isolated over 140 non-core API routes into the _archive/ namespace. The active runtime is now hardened to 7 canonical governance primitives.
• SDK Surface Area Collapse: Flipped the default dashclaw SDK to the v2 runtime. Surface area reduced from 178+ methods to 5 core governance methods (guard, createAction, updateOutcome, recordAssumption, waitForApproval).
• Sanitized Mission Control: Stripped all productivity and analytics bloat from the main dashboard to focus strictly on Posture, Interventions, Risk Signals, and Fleet Health.
• Documentation Overhaul: Every core document (README, Quickstart, Project Details) has been rewritten to reflect the "Decision Infrastructure" narrative.

Fixed

• Friendly Fire Restoration: Restored essential infrastructure routes (/api/auth, /api/keys, /api/usage) that were accidentally quarantined during the big purge.
• TypeError in Demo Simulation: Resolved a crash in the demo middleware where signals were incorrectly processed as objects instead of arrays.
• Ghost Fetch Silence: Stripped legacy background fetches from the UI that were triggering terminal 404s after the API quarantine.

Added

• Major SDK Expansion: 177 total methods across 28 categories to both Node.js and Python SDKs.
• Unified 2.0.0 Baseline: Synchronized versioning across the core platform and all official SDKs.
• Enhanced Category Coverage: New methods covering advanced agent orchestration, swarm intelligence, and deep observability patterns.

AI agent observability platform — a Next.js 14 app that gives AI agents (and their operators) a command center for tracking actions, learning, relationships, goals, content, and workflows.