Releases: Jovancoding/AI-COMMS
v1.4.1
Full Changelog: v1.4.0...v1.4.1
v1.4.0 — Hermes Agent Bridge
What's New
Hermes Agent Bridge (NousResearch)
AI COMMS now connects to Hermes Agent — the self-improving AI agent by Nous Research with 40+ tools, skills, memory, cron scheduling, and multi-platform messaging.
Prefixes: !hermes / !ha
!hermes research competitor pricing and summarize in a table
!ha fix the deployment script and run tests
Hermes Agent exposes an OpenAI-compatible API server on port 8642. AI COMMS talks to it directly via /v1/chat/completions — no custom bridge server needed.
Setup
Hermes side (~/.hermes/.env):
API_SERVER_ENABLED=true
API_SERVER_KEY=your-secret-key
Then: hermes gateway
AI COMMS side (.env):
HERMES_API_URL=http://127.0.0.1:8642
HERMES_API_KEY=your-secret-key
6 Bridges
| Bridge | Prefix | Port |
|---|---|---|
| Copilot (VS Code) | !copilot / !cp |
3120 |
| Claude Code | !claude / !cc |
3121 |
| Codex | !codex / !cx |
3122 |
| Cursor | !cursor / !cu |
3123 |
| OpenClaw | !claw / !oc |
3124 |
| Hermes Agent | !hermes / !ha |
8642 |
Stats
- 126 tests, 0 failures
- 5 files changed, 177 insertions
v1.3.0 — Security Hardening
Security Release
7 security fixes addressing OWASP-class vulnerabilities found during codebase audit.
Fixes
| # | Fix | File | Severity |
|---|---|---|---|
| 1 | SSRF guard — reject private/loopback IPs in agent URL validation | multi-agent.js | HIGH |
| 2 | JSON schema validation — validate AI-generated group commands before execution | orchestrator.js | CRITICAL |
| 3 | Remote agent sandbox — \execSync\ → \execFileSync\ (no shell), metachar detection, command whitelist | remote-agent.js | CRITICAL |
| 4 | Hub rate limiting — per-IP sliding-window on HTTP (60/min) + WS connect rate (10/min) | hub/server.js | HIGH |
| 5 | KDF swap — SHA-256 → PBKDF2 (100k iterations) for encryption key derivation | encryption.js | MEDIUM |
| 6 | Atomic audit log — crash-safe rotation via temp-file writes | audit-log.js | MEDIUM |
| 7 | Silent catches → audit log — blocked messages now logged with context for observability | orchestrator.js, admin.js | HIGH |
Breaking Changes
- SSRF guard: Private/loopback agent URLs are now blocked by default. Set \ALLOW_PRIVATE_AGENTS=true\ if running agents on localhost.
- Encryption KDF: Keys derived from \SECURITY_ENCRYPTION_KEY\ now use PBKDF2 instead of SHA-256. Existing encrypted messages from v1.2.x will need re-encryption.
- Remote agent: Shell metacharacters (&&, |, \) in commands are now blocked. Only whitelisted executables (node, npm, git, python, etc.) are allowed.
Tests
8 new security tests (123 total, 0 failures)
Full Changelog: v1.2.8...v1.3.0
v1.2.8 — README: All 5 IDE Bridges
Updated README to reflect all 5 IDE bridge adapters (Copilot, Claude Code, Codex, Cursor, OpenClaw) instead of VS Code/Copilot-only language. Architecture diagram, intro, Agent Hub, and Multi-Agent sections now accurately describe the full bridge support.
Full Changelog: v1.2.7...v1.2.8
v1.2.7 — OpenClaw Hub Connector
What's New
OpenClaw Hub Connector — Bridge an OpenClaw Gateway to the AI COMMS Agent Hub mesh for cross-network agent discovery.
Changes
- src/openclaw-hub-connector.js — Dual WebSocket bridge: registers as
openclawagent on the Hub, forwards tasks/messages between OpenClaw Gateway and Hub agents - Auto-reconnect (5s), heartbeat (25s), graceful shutdown
- New npm script:
npm run connector:openclaw - 5 new tests (115 total, 0 failures)
- Updated
.env.examplewith connector env vars - README: new OpenClaw Hub Connector section with architecture diagram
Architecture
OpenClaw Gateway ↔ Hub Connector ↔ Agent Hub ↔ Other Agents
Quick Start
export HUB_SECRET=your-secret
npm run connector:openclawFull Changelog: v1.2.6...v1.2.7
v1.2.6 — README cleanup + npm publish
v1.2.6
- Removed duplicated README section (389 lines of stale content)
- npm publish with clean README
- 5 bridges: Copilot, Claude Code, Codex, Cursor, OpenClaw
- CLI: doctor, --format, --verbose, structured exit codes
- 110 tests, 0 failures
Full Changelog: v1.2.5...v1.2.6
v1.2.5 — OpenClaw Bridge Adapter
What's New in v1.2.5
OpenClaw Bridge Adapter
AI COMMS now has 5 bridge adapters. The new OpenClaw bridge connects your WhatsApp/Telegram messages to a running OpenClaw Gateway (356k stars personal AI assistant).
| Prefix | Port | Target |
|---|---|---|
!copilot / !cp |
3120 | VS Code Copilot |
!claude / !cc |
3121 | Claude Code CLI |
!codex / !cx |
3122 | OpenAI Codex CLI |
!cursor / !cu |
3123 | Cursor IDE |
!claw / !oc |
3124 | OpenClaw Gateway (NEW) |
Usage
ai-comms --bridge openclaw "summarize today's messages"
From WhatsApp/Telegram:
!claw ship checklist for the release
!oc summarize today's messages and draft a reply
Setup
- Install OpenClaw:
npm install -g openclaw@latest - Start the gateway:
openclaw gateway --port 18789 - Start the bridge adapter on port 3124
- Set
OPENCLAW_BRIDGE_PORT=3124in .env
Tests
110 total, 0 failures (+3 new OpenClaw bridge tests).
Full Changelog: v1.2.4...v1.2.5
v1.2.4 — Doctor, Exit Codes, Format & Verbose
What's New in v1.2.4
doctor command
Run ai-comms doctor to diagnose your setup -- checks Node.js version, .env file, AI provider config, API connectivity, all 4 bridges, hub server, and npm.
Structured exit codes (sysexits.h)
| Code | Name | Meaning |
|---|---|---|
| 0 | OK | Success |
| 2 | USAGE | Bad usage |
| 66 | NOINPUT | Input missing |
| 69 | UNAVAILABLE | Service offline |
| 77 | NOPERM | Auth failure |
| 78 | CONFIG | Config error |
--format flag
-f json, -f csv, -f table for agents status, doctor, and more. Pipe-friendly structured output.
--verbose flag
-v enables verbose stderr logging. -V is now version (was -v).
Tests
107 total, 0 failures (+12 new tests for exit codes, format, verbose, doctor parsing).
Full Changelog: v1.2.3...v1.2.4
v1.2.3 — CLI with Full Computer Control
Highlights
CLI with full computer control — AI COMMS now has a terminal interface. Run ai-comms for an interactive REPL with 12 native tools (file ops, shell commands, code search, HTTP requests), or relay tasks to any running IDE bridge. No WhatsApp or messaging platform needed.
What's New
CLI — Standalone Mode
- 12 native tools:
read_file,write_file,append_file,list_directory,search_files,grep,run_command,file_info,move_file,delete_file,http_request,system_info - AI tool-calling loop — the AI decides which tools to use, executes them, and iterates
- Works with any provider that supports function calling (OpenAI, Groq, DeepSeek, Mistral, xAI, Copilot, etc.)
- Falls back to simple chat for providers without tool support
CLI — Bridge Relay Mode
- Route tasks to any running bridge:
ai-comms --bridge copilot "fix the tests" - Supports all 4 bridges: Copilot, Claude Code, Codex, Cursor
- Token auth, 3-minute timeout, same contract as WhatsApp/Telegram
CLI — Interactive REPL
- Color-coded prompt with conversation history
- Commands:
/bridge,/bridges,/tools,/provider,/clear,/help,/quit - Agent management:
ai-comms agents statusshows all bridge statuses
CLI — One-Shot Mode
ai-comms "your task here"— runs, prints result, exits- Perfect for scripts, CI/CD pipelines, and automation
Global Install
npm install -g ai-comms
ai-comms --help
Tests
- 12 new CLI tool tests (95 total, 0 failures)
- Covers: file read/write/delete, directory listing, command execution, system info, grep, search, HTTP
Full Changelog: v1.2.2...v1.2.3
Full Changelog: v1.2.2...v1.2.3
v1.2.2 — Claude Code, Codex & Cursor Bridges
Highlights
4 IDE Bridges — AI COMMS now connects to Copilot (VS Code), Claude Code, OpenAI Codex, and Cursor from WhatsApp and Telegram. Each bridge uses the same HTTP contract — send a task from your phone, get results from any IDE agent.
What's New
Claude Code Bridge
- New bridge client:
src/claude-code-bridge.js - WhatsApp/Telegram prefix:
!claudeor!cc - Default port: 3121
- Token auth:
CLAUDE_CODE_BRIDGE_TOKEN - 3-minute timeout for multi-step coding tasks
Codex Bridge
- New bridge client:
src/codex-bridge.js - WhatsApp/Telegram prefix:
!codexor!cx - Default port: 3122
- Token auth:
CODEX_BRIDGE_TOKEN
Cursor Bridge
- New bridge client:
src/cursor-bridge.js - WhatsApp/Telegram prefix:
!cursoror!cu - Default port: 3123
- Token auth:
CURSOR_BRIDGE_TOKEN
Bridge Architecture
All 4 bridges share the same HTTP contract — any server that implements these endpoints can plug in:
GET /health → 200 OK
POST /chat → { "message": "...", "sender": "..." }
← { "response": "..." }
Tests
- 9 new bridge tests (83 total, 0 failures)
- Prefix detection, availability checks, error handling for all 3 new bridges
New Environment Variables
| Variable | Default | Description |
|---|---|---|
CLAUDE_CODE_BRIDGE_PORT |
3121 |
Claude Code bridge server port |
CLAUDE_CODE_BRIDGE_TOKEN |
— | Auth token for Claude Code bridge |
CODEX_BRIDGE_PORT |
3122 |
Codex bridge server port |
CODEX_BRIDGE_TOKEN |
— | Auth token for Codex bridge |
CURSOR_BRIDGE_PORT |
3123 |
Cursor bridge server port |
CURSOR_BRIDGE_TOKEN |
— | Auth token for Cursor bridge |
Full Changelog: v1.2.1...v1.2.2