v2.0.0

ZTM Chat v2.0.0 Release Notes

Release: ZTM v2.0 "OpenClaw Edition" 🛡️🤖

We are thrilled to announce the release of ZTM v2.0, codenamed the "OpenClaw Edition." This milestone update is specifically engineered to empower OpenClaw users with a seamless, decentralized, and ultra-secure management experience.

By integrating the power of the Zero Trust Mesh (ZTM) with the most versatile local AI agent, we are redefining how users interact with their private AI infrastructure. This release focuses on two core pillars: Private Communication and Invisible Management.

Key Features in this Edition:

• Native OpenClaw Chat Channel:
  Say goodbye to third-party IM dependencies. With the new built-in Chat Channel, users can now send commands and receive feedback from OpenClaw directly through ZTM-Chat. This ensures a 100% Peer-to-Peer (P2P) experience where your sensitive AI prompts never leave your private mesh. It is encrypted, serverless, and completely private.
• ZTM Tunnel for OpenClaw Web Console:
  Remote management no longer requires risky port forwarding or complex VPNs. Using ZTM Tunnel, you can securely map your remote OpenClaw Web Console (port 18789) to your local machine. This allows you to access the full management UI via localhost from anywhere in the world, with zero exposure to the public internet.
• Zero-Knowledge, Zero-Exposure Architecture:
  This edition leverages the Pipy-based programmable proxy to ensure that your OpenClaw instance remains "invisible" to hackers and scanners. Authorization is strictly certificate-based, ensuring that only you have the keys to your AI’s kingdom.

Why "OpenClaw Edition"?

OpenClaw provides the "brawn" to execute system-level tasks, and ZTM 2.0 provides the "armor" to protect those capabilities. Whether you are running OpenClaw on a home NAS or a secure server, ZTM 2.0 ensures that your AI assistant remains powerful, reachable, and—most importantly—private.

---

Total control, zero exposure. Welcome to the future of decentralized AI management.

---

---

Breaking Changes

Architecture Refactoring

• Migrated from storage API to Chat App HTTP API (22275d2)
• Reorganized ztm-chat directory structure into focused domains (b943436)
• Modularized channel.ts into focused submodules (d57fcad)
• Implemented dependency injection container for decoupling (710a751, 535ed83)
• Removed MessageDeduplicator in favor of Watermark-based deduplication (a0e7d29)

Path Changes

• Changed config path to ~/.openclaw/ztm/config.json (cb57b46)
• Changed state file path to ~/.openclaw/ztm/state.json (c9830e9)

---

Features

New Capabilities

• Persistent Pairing State (0980ced): Added persistent pairing state store with auto-cleanup
• Message Flow Logging (7ba7f06): Added message flow logging and conditional watermark updates
• UI Hints (8ff6e80): Added uiHints support to configuration schema
• Memory Monitoring (008d49c): Added memory usage monitoring to MessageDeduplicator
• Concurrency Control (2d14557): Added Semaphore to limit concurrent message processing in watch loop
• State Cleanup (9029ba0): Added state cleanup to prevent unbounded state.json growth
• Directory Creation (69dc42b): Ensure ~/.openclaw/ztm directory exists on plugin startup

---

Performance Improvements

• Optimized Message Watching (0cd1c10): Optimized message watching and polling for reduced latency
• Static Imports (086a528, 811ad7a): Replaced dynamic imports with static imports throughout
• Pre-compiled Regex (0bfdff4): Pre-compile regex patterns in ZTM API client
• Test Isolation (46087b1): Isolated MessageStateStore tests to avoid polluting real state.json

---

Bug Fixes

Critical Fixes

• Infinite Loop Prevention (66fed84): Handle message format and prevent infinite loops
• Duplicate Prevention (cd93429): Prevent duplicate message processing using <= in watermark check
• Memory Leak (7c9a1ae): Prevent memory leak in lastSeenFiles Map
• Async Error Handling (175ae94): Properly propagate async errors instead of silently swallowing them
• Self-pairing (a2fb0d7): Filter out bot's own username to prevent self-pairing
• Plugin Loading (6a6cbcf): Export registerPlugin function to fix OpenClaw plugin loading
• File Metadata (8d1840c): Persist file metadata (time + size) to detect append-only changes across restarts
• Watermark Persistence (329bb6b): Persist message watermarks to prevent re-processing on restart
• API Timeout (719acd4): Resolve ZTM Chat API timeout issues
• Message Reception (2a51ce7): Fix ztm-api message reception and watch loop bugs
• Watch Fallback (2386fad): Correct watch path, regex, and add polling fallback for ZTM watch API

Other Fixes

• Whitespace Messages (212923f): Skip empty or whitespace-only messages in processIncomingMessage
• Error Propagation (f3a7fbc): Prevent unhandled promise rejection by not re-throwing logged errors
• Mesh Connectivity (30b14b5): Resolve race condition between ztm join and mesh connectivity check
• Pairing Integration (4d347d7): Implement AI dispatch pipeline and persist pairing approvals across restarts
• Pairing Store (c6b0477): Integrate pairing store and fix DM policy bypass
• API Regex (c941555): Correct ZTM API regex syntax and path prefixes
• Storage API (115f4b0): Use ZTM Agent storage API instead of Chat app API
• Pairing Command (72b4f47): Correct OpenClaw pairing command syntax
• Config Resolution (91f82a0): Apply config defaults in resolveZTMChatAccount
• Mesh Name (ac83928, fd8e1d5): Make meshName optional and set default to "openclaw-mesh"

---

Refactoring

Code Organization

• Modularization (73505b7): Split channel.ts into modular submodules
• Function Extraction (11de02c): Extract watchLoop into single-responsibility functions
• Helper Functions (bc30708, 474fbda): Extract helper functions for data transformation
• Result Pattern (c98a356): Implement Result<T, E> type pattern for consistent error handling
• Directory Structure (6ec0972): Move onboarding.ts to src/onboarding/ directory
• Runtime Directory (8011cda): Move runtime.ts to runtime/ directory
• Test Utilities (82ce688): Add test utilities for dependency injection

Type Safety

• Type-safe Imports (c487a14): Replace as any type assertions with type-safe alternatives
• Typed Interfaces (89c88a5): Replace any type with typed ChannelPlugin interface
• Eliminate Any (95fad36): Eliminate any types in channel.ts
• Type Guards (4d71326): Use type guard for file metadata in watchChanges
• Interface Extends (aeb6006): Use interface extends instead of type intersection
• Test Type Safety (aed0500, 4bcd17e): Improve test type safety with proper mocking patterns

Code Quality

• Node.js Prefix (67b5551): Use node: prefix for Node.js built-in module imports
• Logger Cleanup (4003aa2): Remove logger fallback and use module-level logger
• Error Handling (be90632): Add handleResult utility for unified error handling
• Constants (159d29f): Extract identifier pattern to shared constant
• URL Validation (7343f16): Extract URL validation logic to shared utility
• Unused Code (d07646f): Remove unused exported functions from ZTM API
• Config Unification (1faeb54): Unify schema and types for ZTM Chat configuration
• Config Helper (2b8b2ca): Use mergeAccountConfig helper in resolveZTMChatAccount
• Message Deduplication (f4024d1): Simplify message deduplication logic
• Cleanup (65fe70c): Reorganize ztm-chat directory structure and clean up deprecated code

---

Testing

New Tests

• Comprehensive Tests (922777f): Add comprehensive polling tests and enhance integration tests
• Integration Tests (2b4a12d): Add integration tests for Watch→Polling fallback and Pairing flow
• E2E Tests (9c6844a): Add E2E tests for startAccount gateway function
• Mock Tests (295a8bc): Add unit tests for MockZTMClient

Test Improvements

• Test Utilities (bc30708): Extract test utilities from ztm-api.ts
• Type Safety (4bcd17e): Improve type safety in polling.test.ts
• Test Isolation (46087b1): Isolate MessageStateStore tests

---

Documentation

• README Updates (14c4957): Improve README with ZTM setup instructions and reorganization
• CLI Examples (03243f2): Update CLI command examples to use correct OpenClaw syntax

---

Chores

• Dependency Updates (fd35c84): Update dependencies and clean up local tarball
• Test Fixes (8059865): Resolve test failures and TypeScript type errors
• DI Container (182a467): Improve DI container with typed factory functions

---

Contributors

Thanks to all contributors who made this release possible!

v1.0.4

ZTM v1.0.4 Release Notes

---

✨ New Features

Post-Quantum Cryptography (PQC)
ZTM v1.0.4 introduces Post-Quantum Cryptography support based on SEC PQC requirements, enabling quantum-safe network communication:

• New --pqc-signature flag: Enable post-quantum signatures
• New --pqc-key-exchange flag: Enable post-quantum key exchange
• Support for quantum-safe HTTP/2 tunnels
• Enable quick quantum-safe capabilities for traditional network applications
  Reference: SEC PQC Requirements | Introduction Video
  Shell Completion Support
  New command-line completion support for improved user experience:
• New ztm completion command
• Support for zsh and bash shells
• Completion support for mesh and ep commands

---

🔧 Feature Enhancements

Network Features

• Connection Timeout: Added timeout handling for agent-to-hub connections, improving reliability
• Cluster Mode Enhancements:
  • Support for ping ep and stats ep commands
  • Support for checking ztm version details in cluster mode
• Hub Address Filtering: Filter hub addresses based on request origin
• Hub Persistence: All discovered hubs are retained in the database
• Bug Fix: Fixed exit ep lookup bug in proxy application
  MCP (Model Context Protocol) Improvements
• New MCP prompt setting feature
• Added MCP host recursive mode support
• MCP enabled by default
• Fixed MCP transports compatibility issues
• Fixed Content-Type header issue for LLM applications
• Improved CORS header handling (default addition + route-side handling)
  LLM Application Improvements
• New LLM error alert and abort functionality
• Added logging for LLM forwarded requests and responses
• Fixed LLM link message issues

---

🛡️ Security Enhancements

• CA Certificate Validity: Automatically generated CA certificates now have a validity period of 100 years

---

🔨 Build & Infrastructure

• Tauri Upgrade: Upgraded to the latest version
• iOS Build Fix: Fixed iOS platform build issues
• Pipy Version Management: Optimized version change management

---

🐛 Bug Fixes

• Fixed multiple UI bugs
• Fixed mesh style display issues
• Fixed toolcall bug
• Fixed mcp call args bug
• Fixed deep chat bug
• Fixed route deletion bug
• Fixed safe-area-inset-top layout issue

---

👥 Contributors

Thanks to our contributors:

• DongChen Lin (@lindongchen) - Core development, UI and feature development
• pajama-coder - Network features, PQC, build improvements
• Kevein Liu - Shell completion, documentation cleanup
• Ali Naqvi - Documentation and PQC-related work
• York Wong

---

📚 Resources

• GitHub: https://github.com/flomesh-io/ztm
• Releases: https://github.com/flomesh-io/ztm/releases
• Documentation:
  • ZTM - A Programmable Quantum-Aware Mesh for AI and Zero Trust Networks
  • Building Quantum-Safe Infrastructure: A Deep Dive into PQC Gateway

---

📝 Full Changelog

• View all changes: v1.0.4-rc4...main

---

v1.0.4-rc4

Based on the SEC's PQC support requirements released on Sep 3 (https://www.sec.gov/files/cft-written-input-daniel-bruno-corvelo-costa-090325.pdf), we have implemented PQC support in ztm. Starting with this version, ztm supports PQC mode, where the http2 tunnel established between the ztm agent and ztm hub is Quantum Safe. By using ztm, users can quickly make their traditional network applications Quantum Safe. More detailed information can be found here: https://youtu.be/D1XG07B9MW0

We also fixed several issues.

v1.0.0-rc3

We bring MCP capabilities into this release, called 'MCP Remote'.

Flomesh MCP Remote is a platform for rapid development of MCP based AI agents, including a zero-trust network framework, local RESTful interfaces, and a chat client. Flomesh MCP Remote brings Zero Trust security and dynamic orchestration to AI agent-tool interaction using the Model Context Protocol (MCP).

Much like Cloudflare Workers and Durable Objects form a programmable edge layer, ZTM acts as the orchestration backbone, handling mTLS-based authentication, routing, observability, and access control across all endpoints. Developers can interact with remote MCP tools via local RESTful APIs on http://localhost:7777/, while agents tunnel encrypted traffic through NAT and firewalls without any special network configuration.

Flomesh MCP Remote includes a chat client that can be used for rapid development of AI agents. The chat client supports:

• multiple LLM chatbots
• set LLM context length and memory length
• configuration of pre-execution tool queries
• manual parameter adjustment
• playback of MCP calls

Flomesh MCP Remote key Features:

• Zero Trust Mesh for MCP Enforces mTLS-based authentication and least-privilege access for all MCP interactions, no VPNs or static IPs required.
• Distributed Orchestration with ZTM Agents ZTM Agents run on edge, user, mobile, and IoT devices to form a programmable mesh, similar in role to Cloudflare Workers.
• Seamless Connectivity Across NAT/Firewalls Enables secure access to MCP servers across any network boundary without manual port forwarding or tunneling setup.
• No SDK Required Connect to remote MCP tools or services without modifying or rebuilding them using any SDK.
• Developer-Friendly Local API Access tools via RESTful API , ideal for rapid testing, IDE integration, and debugging.
• Tool Poisoning & Threat Mitigation Built-in semantic validation, runtime monitoring, and strict access policies prevent tampering and misuse.
• Cross-Platform & Lightweight Runs on Windows, macOS, Linux, iOS, Android, OpenWrt, and embedded Linux, making it ideal for hybrid cloud-edge use cases.
• Full Auditability & Enterprise Compliance Logs every interaction with cryptographic guarantees to meet audit, security, and regulatory requirements.

Follow this wiki to try it in minutes :

https://github.com/flomesh-io/ztm/wiki/9.-ZTM%E2%80%90MCP%E2%80%90Remote:-Intro-&-Quick-Start

Fix issues:

• Resolve in remote transmission for the agent gateway.
• Enhance the stability of MCP transmission.
• Fix tunnel blockage caused by Pipy2.
• Add LLM memory length
• Add Multi Agent Bot Window
• Add MCP Tool execution confirmation/modification
• Add MCP Tool historical replay
• Upgrade the Tauri latest version
• Improve the switching and status display of mesh selectors
• Adjust the safe area height for the iPhone client, etc.
• Add link route with llm messages
• Adapted to more mcp servers and fixed related issues.
• Improve mcp tool call recursive mode
• Extend the expiration time of CA certificate
• Fix deep-chat layout issue
• Fix llm route bug
• Add llm abort button
• Add llm error message program
• Fix function call logic issue
• Fix llm error message display issue
• Add llm prompt editor

v1.0.3-mcp-remote

• Add llm abort button
• Add llm error message program
• Fix function call logic issue

v1.0.2-mcp-remote

• Adapted to more mcp servers and fixed related issues.
• Improve mcp tool call recursive mode
• Extend the expiration time of CA certificate
• Fix deep-chat layout issue
• Fix llm route bug

v1.0.1-mcp-remote

1.Resolve in remote transmission for the agent gateway.

2.Enhance the stability of MCP transmission.

3.Fix tunnel blockage caused by Pipy2.

4.Add LLM memory length

5.Add Multi Agent Bot Window

6.Add MCP Tool execution confirmation/modification

7.Add MCP Tool historical replay

8.Upgrade the Tauri latest version

9.Improve the switching and status display of mesh selectors

10.Adjust the safe area height for the iPhone client, etc.

v1.0.0-mcp-remote

Flomesh MCP Remote is a platform for rapid development of MCP based AI agents, including a zero-trust network framework, local RESTful interfaces, and a chat client. Flomesh MCP Remote brings Zero Trust security and dynamic orchestration to AI agent-tool interaction using the Model Context Protocol (MCP).

Much like Cloudflare Workers and Durable Objects form a programmable edge layer, ZTM acts as the orchestration backbone, handling mTLS-based authentication, routing, observability, and access control across all endpoints. Developers can interact with remote MCP tools via local RESTful APIs on http://localhost:7777, while agents tunnel encrypted traffic through NAT and firewalls without any special network configuration.

Flomesh MCP Remote includes a chat client that can be used for rapid development of AI agents. The chat client supports:

• multiple LLM chatbots
• set LLM context length and memory length
• configuration of pre-execution tool queries
• manual parameter adjustment
• playback of MCP calls

Flomesh MCP Remote key Features:

• Zero Trust Mesh for MCP Enforces mTLS-based authentication and least-privilege access for all MCP interactions, no VPNs or static IPs required.
• Distributed Orchestration with ZTM Agents ZTM Agents run on edge, user, mobile, and IoT devices to form a programmable mesh, similar in role to Cloudflare Workers.
• Seamless Connectivity Across NAT/Firewalls Enables secure access to MCP servers across any network boundary without manual port forwarding or tunneling setup.
• No SDK Required Connect to remote MCP tools or services without modifying or rebuilding them using any SDK.
• Developer-Friendly Local API Access tools via RESTful API , ideal for rapid testing, IDE integration, and debugging.
  Tool Poisoning & Threat Mitigation Built-in semantic validation, runtime monitoring, and strict access policies prevent tampering and misuse.
• Cross-Platform & Lightweight Runs on Windows, macOS, Linux, iOS, Android, OpenWrt, and embedded Linux, making it ideal for hybrid cloud-edge use cases.
• Full Auditability & Enterprise Compliance Logs every interaction with cryptographic guarantees to meet audit, security, and regulatory requirements.

Follow this wiki to try it in minutes :

• https://github.com/flomesh-io/ztm/wiki/9.-ZTM%E2%80%90MCP%E2%80%90Remote:-Intro-&-Quick-Start

v1.0.0-rc2

• Implement user and user group management
• add system proxy switch, commercialize proxy rules, achieve user group granularity
• optimize chat display
• provide enterprise authentication
• optimize tunneling function
• configurable i18n

v1.0.0-rc1

This release comes with a builtin secure browser that protects your privacy by using ZTM technology while you surf the Internet. The builtin Chat app has also been largely improved since its release in the last version.