v0.1.5 — flat tool schema (fix wedged params)

Fixes a critical bug where every action except airbnb-listing was unreachable.

Symptom

Agents reported that calling google-serp, zillow-listing, web-scraping, or anything other than airbnb-listing got rejected with must have required properties location, checkIn — airbnb's required fields.

Cause

The tool's parameters schema was a Type.Union of 39 per-action branches (a discriminated union at the root of a tool-use schema). The OpenClaw gateway and underlying tool-use APIs collapse top-level anyOf into a single branch — the first alphabetically — so the validator always checked airbnb's shape regardless of the action the LLM passed.

Fix

Flat schema: { action: <enum of 39 literals>, params: object }. Per-action contracts move into the tool description, which now:

• lists required fields per action in the catalog,
• groups common optional fields by action family,
• keeps the full rules block (outputFormat array, aiExtractRules nested example, extractRules CSS selector syntax, Zillow camelCase).

Side effects

• Tool payload shrinks ~9x: 98KB → 11KB (23k → 2.7k tokens per call).
• src/schema-builder.ts is unused and removed.
• All 11 tests pass; existing tests for URL construction and name-mapping unchanged.

v0.1.4 — cleaner ClawHub URL

Publishes to ClawHub under the unscoped name hasdata-openclaw-plugin (URL: https://clawhub.ai/plugins/hasdata-openclaw-plugin). The npm package name remains @hasdata/hasdata-openclaw-plugin.

v0.1.3 — silence scanner false positives

Cosmetic fixes aimed at the ClawHub pre-scanner. Behavior unchanged.

• src/tools/hasdata-tool.ts comment removed — the literal text process.env inside a prose comment was being grep-matched by the scanner even though the code has no env read in this file.
• skills/hasdata/SKILL.md reformatted as short bullets so no prose sentence has 40+ consecutive [A-Za-z0-9+/=] characters between punctuation marks. The scanner's base64-block heuristic strips whitespace first, which makes any flowing English prose look like a dense alphanumeric run.
• YAML frontmatter description quoted to prevent : inside the value from being parsed as a nested key.

v0.1.2 — credential-flow hardening

Separates the env-var read from the network-call site. The hasdata tool code no longer contains any process.env access — the API key is resolved once at plugin load in register() and passed in as config. Adds providerAuthEnvVars: { hasdata: [HASDATA_API_KEY] } to the openclaw manifest so the registry can declare the credential requirement explicitly instead of inferring it from code patterns.

v0.1.1 — hardening

Responds to ClawHub static-analysis feedback on v0.1.0. No API changes — same hasdata tool with the same action catalog.

Hardening

• Env-var surface reduced to one site. The only environment variable the plugin reads at runtime is HASDATA_API_KEY — the advertised credential fallback. Dropped HASDATA_DEBUG and HASDATA_SCHEMA_BASE. Debug logging is now opt-in via config only (npm run try --debug for the local runner).
• Tarball parity. Added .clawhubignore so the ClawHub and npm tarballs contain the same 12 files — test/, scripts/, .github/, configs, and lockfiles no longer ship to either registry.
• Registry metadata coherence. Plugin description and configSchema.apiKey now state explicitly that a HasData API key is required and name both sources (env var + config field).

New

• SECURITY.md — documents the api.hasdata.com network boundary, credential sources, no-telemetry posture, supply-chain provenance, and reporting contact.
• Test sandboxing via vi.stubEnv / vi.unstubAllEnvs instead of mutating process.env directly.

Changed

• SKILL.md rewritten as dense prose; cut large JSON blocks that an entropy scanner could mistake for encoded content.

v0.1.0 — initial release

First release of the HasData plugin for OpenClaw.

Install

openclaw plugins install @hasdata/hasdata-openclaw-plugin

Restart the Gateway after installation. Get an API key at https://hasdata.com.

What's in the box

• Single hasdata tool exposing 39 HasData endpoints — Google SERP, Google Maps, Google News / Shopping / Trends / Flights, Bing, Amazon, Shopify, Zillow, Redfin, Airbnb, Yelp, YellowPages, Indeed, Glassdoor, Instagram, and arbitrary URL scraping (HTML / Markdown / AI-extracted JSON).
• Auto-generated TypeBox schema from the live HasData API catalog — strict per-action `params` validation, enums, defaults, and descriptions flow through to the LLM.
• Ergonomic → wire name mapping — LLM sees `priceMin` / `homeTypes`, plugin translates to HasData's `price[min]` / `homeTypes[]` on the wire.
• Skill (`skills/hasdata/SKILL.md`) with endpoint-picker decision matrix, `aiExtractRules` recipes, cost guidance, and common-error table — registered via `openclaw.plugin.json`.
• Setup/status/test CLI subcommands under `openclaw hasdata`.
• Daily auto-regen workflow that opens a PR when the HasData catalog drifts.

Release automation

This release fires the `release` workflow, which publishes to npm and ClawHub.