CCCC v0.4.2 Release Notes

v0.4.2 advances the IM integration and operator-facing control surfaces. It ships key-based IM chat authorization, a reusable actor profiles system, and a remote access control plane — all with matching Web/MCP/CLI coverage.

Highlights

1) Key-based IM chat authorization

IM bridges now authenticate chats through a cryptographic bind-key flow instead of static trust. Operators generate a one-time bind key in the Web UI, share it with the target IM chat, and the bridge verifies identity before granting access.

Key capabilities:

• /bind <key> command in supported IM platforms (Telegram first)
• automatic subscription on successful bind (no separate /subscribe step)
• pending approval management: operators can review and approve/deny bind requests from the Web Settings → IM Bridge tab
• revoke semantics: authorized chats can be revoked at any time, with immediate effect on message routing
• cccc_im_bind MCP tool for programmatic binding from automation workflows

2) Actor profiles

A new actor profile abstraction lets operators attach reusable identity metadata (display name, avatar, prompt preamble, model preferences) to actors.

Profiles are linked at actor creation or update and propagate across:

• daemon runtime (used for display in IM bridges and Web)
• Web UI (dedicated Actor Profiles settings tab for CRUD operations)
• MCP surface (profile query and assignment tools)

3) Remote access control plane

A new remote access layer allows authorized clients to interact with a CCCC daemon across network boundaries. Combined with hardened IM revoke semantics, this enables secure multi-node orchestration without exposing the daemon socket directly.

4) Telegram UX improvements

• Typing indicators: the bridge now sends typing actions with configurable throttling, giving collaborators visual feedback during agent processing.
• Actor titles over IDs: IM-rendered messages now prefer human-readable actor titles instead of raw actor identifiers.

5) MCP and operational fixes

• Recipient semantics fix: None (broadcast) vs [] (no recipients) distinction is now correctly preserved in MCP message send, preventing unintended broadcast or silent drops.
• IM KeyManager reload: authorization state is reloaded from disk on each inbound poll, eliminating stale-cache authorization failures after daemon restarts.
• Timestamp handling: authorized_at timestamps in the IM Web UI are now correctly parsed and displayed.

Validation Summary

Release preparation checks:

• pytest -q -> all tests passed (including new test suites for actor profiles, IM auth, remote access, and chat ops)
• npm --prefix web run typecheck -> pass
• npm --prefix web run build -> pass
• npm --prefix docs run build -> pass

Upgrade Notes

From v0.4.1, this is a drop-in minor upgrade. No migration procedure is required — profile and IM auth state stores are created on first use.

Recommended post-upgrade checks:

1. restart daemon/web once to ensure clean runtime state
2. verify IM bridge authorization by generating a bind key and testing the /bind flow in a test chat
3. confirm actor profiles appear correctly in Web Settings → Actor Profiles tab
4. if using remote access, verify connectivity and revoke semantics from the Remote Access settings tab