62875 Commits

Author SHA1 Message Date
Peter Steinberger
c230ab3c92 improve(ios): clarify Control and Talk visual hierarchy (#98423)
* feat(ios): refine control and talk visual hierarchy

* feat(ios): refine control and talk visual hierarchy

* feat(ios): refine control and talk visual hierarchy
2026-07-01 06:19:58 +01:00
Dallin Romney
9003042c5f fix(cli): explain how to recover from device approve deadlock (#98146)
* fix(cli): explain how to recover from device approve deadlock

`openclaw devices approve` could fail two ways with no path forward:

- When the calling device can't approve its own scope upgrade (it lacks
  operator.approvals) and no loopback local fallback is available (e.g. a
  remote --url gateway), the raw "scope upgrade pending approval" error
  propagated with no guidance.
- When the request id wasn't found in pending state (already approved,
  expired, or superseded), it printed only "unknown requestId".

Surface actionable guidance instead:

- On an authorization failure, explain that the device can't approve its
  own upgrade and point to `--token`/`--password` (gateway owner creds) or
  approving from a device that already holds operator.approvals.
- On a missing request, point to `openclaw devices list` and
  `openclaw devices approve --latest`.

AI-assisted (Claude Code).

* fix(cli): clarify device approval recovery

* fix(cli): avoid unusable approval credential advice
2026-06-30 22:17:42 -07:00
Josh Avant
ad59492d3c fix: show actionable mobile protocol mismatch recovery (#98385)
* Fix mobile protocol mismatch recovery

* Test iOS protocol mismatch connect failures

* Fix iOS protocol mismatch problem actions
2026-07-01 00:11:03 -05:00
Paul Frederiksen
d68ba5edc5 Suppress expired exec approval followup warnings (#66685)
* fix(agents): suppress expired approval followup warnings

* fix(agents): suppress expired approval followup warnings

---------

Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
2026-07-01 05:39:06 +01:00
Peter Steinberger
d0f655811c fix(ios): use Gateway speech providers in Talk (#98376)
* fix(ios): route gateway speech through talk.speak

* fix(ios): preserve realtime fallback state

* fix(ios): satisfy audio delegate concurrency

* fix(ios): ignore stale audio callbacks

* fix(ios): ignore stale audio callbacks

---------

Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
2026-07-01 05:33:51 +01:00
Brian Snyder
9f98b6e174 fix(gateway): emit stale exec approval followup diagnostics (#98293)
* fix(gateway): emit stale exec approval followup diagnostics

* fix(gateway): cover approval suppression diagnostics in ci

* fix(logging): preserve approval ids in stability bundles

* docs(exec): document suppression diagnostics

---------

Co-authored-by: BSnizND <199837910+BsnizND@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
2026-07-01 05:20:53 +01:00
ooiuuii
5a5913a98b fix(ios): avoid transient duplicate final replies (#98117)
* Fix iOS final reply dedupe

* fix(ios): scope final message reconciliation

* docs(ios): explain final message reconciliation key

---------

Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-06-30 23:05:33 -05:00
Momo
59df350f3c fix: retry image describe fallback models (#98347)
Summary:
- Merged fix: retry image describe fallback models after ClawSweeper review.

Automerge notes:
- Addressed earlier ClawSweeper review findings before merge.

Validation:
- ClawSweeper review passed for head 55b26bd373.
- Required merge gates passed before the squash merge.

Prepared head SHA: 55b26bd373
Review: https://github.com/openclaw/openclaw/pull/98347#issuecomment-4850122718

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
2026-07-01 04:00:39 +00:00
Momo
f5d0c370d6 fix(security): warn on agent skill MCP boundary drift (#98352)
Summary:
- Merged fix(security): warn on agent skill MCP boundary drift after ClawSweeper review.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head ab3c29ef4c.
- Required merge gates passed before the squash merge.

Prepared head SHA: ab3c29ef4c
Review: https://github.com/openclaw/openclaw/pull/98352#issuecomment-4850104358

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
2026-07-01 03:56:28 +00:00
Brian Snyder
63dc9201c6 fix(ios): open app on chat by default (#98353)
Co-authored-by: BSnizND <199837910+BsnizND@users.noreply.github.com>
2026-06-30 23:54:01 -04:00
Josh Avant
21d1e1f0fc Fix Android TLS fingerprint timeout handling (#98366) 2026-06-30 22:35:45 -05:00
Gio Della-Libera
a1cddbdb57 doctor: expose device pairing findings (#97366) 2026-06-30 20:34:05 -07:00
Ben Badejo
180a970ac0 fix(heartbeat): scope commitment fan-out prompts (#98169)
* fix(heartbeat): scope commitment fan-out prompts

* fix(heartbeat): isolate commitment fan-out runs

* fix(heartbeat): isolate commitment fan-out runs

---------

Co-authored-by: Benjamin Badejo <ben@benbadejo.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-06-30 20:25:28 -07:00
Momo
8c5d1dca78 fix: prevent skill-creator from bypassing workshop proposals (#98346)
Summary:
- The branch adds bundled skill-creator guidance to route durable OpenClaw skill work through Skill Workshop proposals and removes the direct `init_skill.py` scaffold helper plus its test.
- PR surface: Docs +6, Other -429. Total -423 across 3 files.
- Reproducibility: yes. source-level: current main has `init_skill.py` writing a live `SKILL.md` directly, whi ... `. I did not run the direct helper as a repro because this review was read-only and that path writes files.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head 8eca165447.
- Required merge gates passed before the squash merge.

Prepared head SHA: 8eca165447
Review: https://github.com/openclaw/openclaw/pull/98346#issuecomment-4849855806

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
2026-07-01 03:24:22 +00:00
Marcus Castro
fa3c9de459 test(qa-lab): harden whatsapp qa scenarios (#95622)
* fix(whatsapp): preserve group participant identity in QA driver

* fix(whatsapp): infer same-chat action targets

* test(qa-lab): record whatsapp scenario posture

* test(qa-lab): harden whatsapp live scenario coverage

* docs(qa): describe whatsapp qa lane coverage
2026-07-01 00:01:09 -03:00
Gio Della-Libera
4ac5cf8636 Doctor: expose workspace status findings (#97358)
* doctor: expose workspace status findings

* fix(doctor): pass workspace drift into lint

* fix(doctor): pass allow-exec into workspace lint drift
2026-06-30 19:33:52 -07:00
Gio Della-Libera
816038e97a doctor: add memory search lint findings (#97137)
* doctor: add memory search lint findings

* fix(doctor): quiet memory lint for auth-profile sources

* fix(doctor): require provider-specific auth source for memory lint

* fix(doctor): preserve qmd memory lint warnings

* fix(doctor): validate auth source credentials
2026-06-30 18:54:57 -07:00
liuhao1024
92a2681a0d fix(agents): estimate harness role sizes in context guard char estimator (#97928)
The in-loop context-overflow guard (installToolResultContextGuard) sizes
transcript messages via estimateMessageChars, which only handled user,
assistant, and toolResult roles. Harness roles (bashExecution,
compactionSummary, branchSummary, custom) fell through to a flat 256-char
return, causing the guard to undercount summary- and bash-dominated
context by orders of magnitude.

This is the sibling defect of the just-merged #97861 which fixed the same
class in estimateMessageTokenPressure (the pre-prompt precheck). This
commit applies the identical pattern to the live in-loop guard estimator.

Fixes #97927
2026-06-30 18:51:59 -07:00
Yuval Dinodia
54e6afdc29 fix(auto-reply): stop level directives from eating the next message word (#97929)
matchLevelDirective consumed the token after a level directive
(/think, /verbose, /trace, /fast, /reasoning, /elevated) as the level
argument unconditionally, and extractLevelDirective stripped it from the
body whether or not it was a valid level. So a message like
"/verbose explain quantum computing" reached the agent as
"quantum computing", silently dropping the user's first word, and the
whitespace scan crossed newlines so "/verbose\nSummarize this" lost
"Summarize".

Treat the trailing token as the directive argument only when it
normalizes to a valid level or is the sole remaining token (preserving
the unrecognized-level hint and the default/inherit clear sentinels).
When two or more words follow, the directive acts argument-less and the
message text is preserved intact, matching the exec and queue parsers
that stop at an unrecognized token.
2026-06-30 18:51:51 -07:00
Hannes Rudolph
6603437afb docs: refresh docs map for v2026.6.11 (#98325) 2026-06-30 19:50:42 -06:00
Yuval Dinodia
d9aedc32a1 fix(gateway): keep provider-owned CLI sessions across the daily default reset (#97931)
The gateway agent.run freshness decision called evaluateSessionFreshness
directly at both of its decision sites with no provider-owned guard, so a
provider-owned CLI session (claude-cli, codex, gemini-cli) under the default
reset config was rotated after the daily boundary when a turn ran through the
gateway path (webchat, openclaw agent, ACP, control UI, cron, heartbeat). The
rotation cleared the CLI session binding and split the transcript, violating
the documented exemption that the inbound auto-reply path and the canonical
session helper already honor.

Route both gateway freshness decisions through the same
resetPolicy.configured !== true && hasProviderOwnedSession(entry) skip the
inbound path uses, and export hasProviderOwnedSession so the predicate has one
shared definition instead of a third copy. Explicit session.reset and /reset
still cut these sessions.
2026-06-30 18:50:20 -07:00
scotthuang
bc8fa1393b fix: show in-progress status for channel runs (#98257)
Summary:
- Merged fix: show in-progress status for channel runs after ClawSweeper review.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head 08eec41769.
- Required merge gates passed before the squash merge.

Prepared head SHA: 08eec41769
Review: https://github.com/openclaw/openclaw/pull/98257#issuecomment-4849525931

Co-authored-by: scotthuang <scotthuang@tencent.com>
Approved-by: takhoffman
2026-07-01 01:50:12 +00:00
Hannes Rudolph
7ceaf0ece3 docs: publish release notes for v2026.6.11 (#98319) 2026-06-30 19:42:12 -06:00
ooiuuii
c5bc35de12 Redact bare Fireworks API keys (#98226)
* Redact bare Fireworks API keys

* fix(logging): harden Fireworks key redaction

* fix(logging): harden Fireworks key redaction

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-06-30 18:40:25 -07:00
Yuval Dinodia
150ca2fedd fix(agents): keep merged delivery routes account-bound (#98240)
* fix(agents): keep merged delivery routes account-bound

mergeDeliveryContext gated route-field crossing on channel only, so a
completion origin that knew its account but not a concrete target
inherited a different account's to/threadId on the same channel. A
subagent, cron, or media completion for bot-a could be addressed to
bot-b's chat but sent through bot-a (cross-account misroute) or dropped.

This restores the account-bound guard added in 1ed8592467 and removed as
collateral by 025db6cf9e (PR #89949); same-account and missing-account
merges still backfill so the media route-pin path is preserved. Restores
the deleted regression test.

* fix(agents): centralize account-bound completion routes

---------

Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
2026-06-30 18:32:35 -07:00
Vincent Koc
35af831fd0 Merge branch 'main' of https://github.com/openclaw/openclaw
* 'main' of https://github.com/openclaw/openclaw: (29 commits)
  refactor(gateway): trim attach grant implementation
  feat(gateway): scoped attach grants for external MCP loopback clients
  fix(gateway): iOS Talk treats SecretRef-backed API keys as missing (#98210)
  test(infra): add unit tests for SQLite number normalization (#98009)
  test(config): add unit tests for resolveExecCommandHighlighting (#98087)
  test(utils): add unit tests for chunkItems (#98219)
  fix(core): propagate caller env PATHEXT through isExecutableFile on Windows (#98093)
  fix(matrix): guard JSON.parse against malformed homeserver response bodies (#97973)
  fix(sms): guard Twilio JSON.parse against malformed API response bodies (#97999)
  Add Swedish mobile app localization (#98043)
  fix(anthropic): surface Discord pre-tool commentary
  fix(tui): correct disconnect copy for device scope upgrades (#98144)
  chore(ui): refresh fa control ui locale
  chore(ui): refresh nl control ui locale
  chore(ui): refresh vi control ui locale
  chore(ui): refresh th control ui locale
  chore(ui): refresh pl control ui locale
  chore(ui): refresh uk control ui locale
  chore(ui): refresh id control ui locale
  chore(ui): refresh tr control ui locale
  ...
2026-06-30 18:27:32 -07:00
Ayaan Zaidi
1241885db6 refactor(gateway): trim attach grant implementation 2026-06-30 18:22:05 -07:00
Cameron Beeley
2deb696ef4 feat(gateway): scoped attach grants for external MCP loopback clients
Per-session, TTL-bounded, revocable bearer grants (mcp-grant-store) let an external/interactive
harness reach the gateway's scoped MCP loopback tools without the cli-backend's process-global
token. A grant is a lower-trust boundary: it binds the session server-side AND fail-closes on every
caller-supplied context header (x-session-key plus message-channel/account/current-channel/thread/
source-reply/event-kind), so a grant holder can neither scope-shop the session nor spoof
delivery/action context into scoped tools or the message tool. New attach.grant/attach.revoke
operator methods mint/revoke grants and return the loopback MCP config. Owner/non-owner cli-backend
path unchanged.
2026-06-30 18:22:05 -07:00
ooiuuii
201eb9cd29 fix(gateway): iOS Talk treats SecretRef-backed API keys as missing (#98210)
* fix(gateway): resolve Talk SecretRefs for scoped native clients

* fix(gateway): constrain Talk secret materialization

* fix(gateway): redact Talk source provider secrets

* fix(gateway): satisfy Talk config lint

* docs(gateway): clarify Talk secret config payload

---------

Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-06-30 20:17:33 -05:00
dwc1997
3669280b9a test(infra): add unit tests for SQLite number normalization (#98009)
* test(infra): add unit tests for SQLite number normalization

* fix: remove undefined param test, not in function signature
2026-06-30 18:15:38 -07:00
solodmd
4a200e6ecf test(config): add unit tests for resolveExecCommandHighlighting (#98087) 2026-06-30 18:15:31 -07:00
zengLingbiao
09ebc1d566 test(utils): add unit tests for chunkItems (#98219)
Add 8 test cases covering fixed-size array splitting, empty input,
size <= 0, size=1, size > length, exact division, readonly input
preservation, and fractional size behavior.
2026-06-30 18:15:24 -07:00
wendy
8028269d32 fix(core): propagate caller env PATHEXT through isExecutableFile on Windows (#98093)
* fix(core): propagate caller env PATHEXT through isExecutableFile on Windows

isExecutableFile hardcoded undefined when calling resolveWindowsExecutableExtSet,
ignoring any caller-provided custom env.PATHEXT. This meant resolveExecutablePath
and resolveExecutableFromPathEnv would fall back to process.env.PATHEXT even when
the caller supplied a different env with an extended PATHEXT (e.g. .PS1).

- Add optional options.env parameter to isExecutableFile
- resolveWindowsExecutableExtSet now reads from options?.env
- All 3 callers pass their available env through

Affects Windows deployments using sandbox/container environments where
PATHEXT differs from process.env (Docker Windows containers, CI runners, tests).
Fully backward compatible: undefined env falls back to process.env.PATHEXT.

* fix(core): also propagate caller env PATHEXT in node-host invoke resolver

- Fix sibling system.which resolver in src/node-host/invoke.ts:378
  to use caller env PATHEXT instead of process.env only
- Add comprehensive Windows-mocked tests for caller env PATHEXT
  propagation through isExecutableFile, resolveExecutableFromPathEnv,
  and resolveExecutablePath
- Tests cover: custom env accepted, fallback to process.env,
  path-separator and PATH-based resolution paths

* fix(core): also propagate caller env PATHEXT through node-host invoke resolver

- Add env?.PathExt and process.env.PathExt casing to both
  resolveWindowsExecutableExtSet and resolveWindowsExecutableExtensions
  for compatibility with callers using PascalCase env keys
- Isolate positive PATHEXT tests from process.env.PATHEXT by
  explicitly setting it to .TXT before each test, ensuring they
  prove caller env propagation rather than host env leak

* fix(core): add env?.PathExt casing to node-host system.which resolver

---------

Co-authored-by: wendy-chsy <wan.wenyan@xydigit.com>
2026-06-30 18:15:19 -07:00
lsr911
853a274f14 fix(matrix): guard JSON.parse against malformed homeserver response bodies (#97973)
Wrap JSON.parse(text) in MatrixAuthedHttpClient.requestJson with try/catch to prevent a malformed Matrix homeserver response from throwing an unhandled SyntaxError.

On parse failure, throw an Error with statusCode attached (matching the buildHttpError convention) so callers can handle it like any other Matrix API error.

Signed-off-by: lsr911 <liao.shirong@xydigit.com>
Co-authored-by: Claude <noreply@anthropic.com>
2026-06-30 18:15:14 -07:00
lsr911
6e98477ee4 fix(sms): guard Twilio JSON.parse against malformed API response bodies (#97999)
Wrap JSON.parse in parseTwilioListPayload and retrieveTwilioMessagingService with try/catch to prevent a malformed Twilio API response from throwing an unhandled SyntaxError.

- parseTwilioListPayload: return [] on parse failure (fail-safe for phone number listing)
- retrieveTwilioMessagingService: throw descriptive Error on parse failure

Note: parseTwilioApiError and parseTwilioSuccessPayload already had try/catch guards (lines 85-97, 104-121).

Signed-off-by: lsr911 <liao.shirong@xydigit.com>
Co-authored-by: Claude <noreply@anthropic.com>
2026-06-30 18:15:08 -07:00
Daniel Nylander
339d19b089 Add Swedish mobile app localization (#98043)
* feat: add Swedish mobile app localization

* fix: remove dead Swedish watch extension localization

* docs: document iOS metadata locale directories

---------

Co-authored-by: Daniel Nylander <daniel@danielnylander.se>
2026-06-30 18:15:04 -07:00
Marvinthebored
b3b51b0c91 fix(anthropic): surface Discord pre-tool commentary
Route Anthropic pre-tool narration through the commentary progress lane, preserve shared channel progress defaults, and keep Discord/Telegram reasoning gates explicit.

Thanks @Marvinthebored!
2026-06-30 18:12:07 -07:00
Dallin Romney
3eaaa2ca3c fix(tui): correct disconnect copy for device scope upgrades (#98144)
* fix(tui): correct disconnect copy for device scope upgrades

On disconnect, the TUI told users "Pairing required. Run `openclaw devices
list`, approve your request ID, then reconnect." This is misleading: the
gateway is asking for a device *scope upgrade* (the device is already
paired), and "pairing" points users at `openclaw pairing`, which only
handles chat DM pairing — a different subsystem.

- Reword the hint to name the scope upgrade and the actual recovery command
  (`openclaw devices approve --latest`), including the `--token`/`--password`
  escape hatch for when the device can't approve its own upgrade.
- Also match the gateway's "scope upgrade" disconnect reason, not just
  "pairing required".

AI-assisted (Claude Code).

* fix(tui): clarify device approval preview hint
2026-06-30 18:10:04 -07:00
github-actions[bot]
21e6fc948b chore(ui): refresh fa control ui locale 2026-07-01 01:09:00 +00:00
github-actions[bot]
db73ece2de chore(ui): refresh nl control ui locale 2026-07-01 01:08:55 +00:00
github-actions[bot]
0dcfbb09d8 chore(ui): refresh vi control ui locale 2026-07-01 01:08:41 +00:00
github-actions[bot]
bb0af61d20 chore(ui): refresh th control ui locale 2026-07-01 01:08:35 +00:00
github-actions[bot]
cb69ce7ba8 chore(ui): refresh pl control ui locale 2026-07-01 01:08:14 +00:00
github-actions[bot]
49edc0a8af chore(ui): refresh uk control ui locale 2026-07-01 01:08:05 +00:00
github-actions[bot]
c1aeaf9287 chore(ui): refresh id control ui locale 2026-07-01 01:08:00 +00:00
github-actions[bot]
75bd44a94b chore(ui): refresh tr control ui locale 2026-07-01 01:07:52 +00:00
github-actions[bot]
614032676d chore(ui): refresh it control ui locale 2026-07-01 01:07:33 +00:00
github-actions[bot]
1520d09807 chore(ui): refresh ar control ui locale 2026-07-01 01:07:21 +00:00
github-actions[bot]
5b5c6237c2 chore(ui): refresh fr control ui locale 2026-07-01 01:07:09 +00:00
github-actions[bot]
b4476ab72f chore(ui): refresh ko control ui locale 2026-07-01 01:07:04 +00:00