vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,087 Commits 680 Branches 76 Tags
main
Commit Graph

2932 Commits

Author SHA1 Message Date
Vincent Koc
2d52c88dad fix(podman): stop assuming /tmp is disk-backed (#38296) 
* Podman: avoid hardcoding /tmp for image staging

* Docs: clarify container storage paths

* Podman: secure staged image import

* Podman: clarify streamed image handoff
 2026-03-06 19:55:26 -05:00
Vincent Koc
42e3d8d693 Secrets: add inline allowlist review set (#38314) 
* Secrets: add inline allowlist review set

* Secrets: narrow detect-secrets file exclusions

* Secrets: exclude Docker fingerprint false positive

* Secrets: allowlist test and docs false positives

* Secrets: refresh baseline after allowlist updates

* Secrets: fix gateway chat fixture pragma

* Secrets: format pre-commit config

* Android: keep talk mode fixture JSON valid

* Feishu: rely on client timeout injection

* Secrets: allowlist provider auth test fixtures

* Secrets: allowlist onboard search fixtures

* Secrets: allowlist onboard mode fixture

* Secrets: allowlist gateway auth mode fixture

* Secrets: allowlist APNS wake test key

* Secrets: allowlist gateway reload fixtures

* Secrets: allowlist moonshot video fixture

* Secrets: allowlist auto audio fixture

* Secrets: allowlist tiny audio fixture

* Secrets: allowlist embeddings fixtures

* Secrets: allowlist resolve fixtures

* Secrets: allowlist target registry pattern fixtures

* Secrets: allowlist gateway chat env fixture

* Secrets: refresh baseline after fixture allowlists

* Secrets: reapply gateway chat env allowlist

* Secrets: reapply gateway chat env allowlist

* Secrets: stabilize gateway chat env allowlist

* Secrets: allowlist runtime snapshot save fixture

* Secrets: allowlist oauth profile fixtures

* Secrets: allowlist compaction identifier fixture

* Secrets: allowlist model auth fixture

* Secrets: allowlist model status fixtures

* Secrets: allowlist custom onboarding fixture

* Secrets: allowlist mattermost token summary fixtures

* Secrets: allowlist gateway auth suite fixtures

* Secrets: allowlist channel summary fixture

* Secrets: allowlist provider usage auth fixtures

* Secrets: allowlist media proxy fixture

* Secrets: allowlist secrets audit fixtures

* Secrets: refresh baseline after final fixture allowlists

* Feishu: prefer explicit client timeout

* Feishu: test direct timeout precedence
 2026-03-06 19:35:26 -05:00
Vincent Koc
3070fafec1 fix(venice): switch default model to kimi-k2-5 (#38423) 
* Docs: refresh Venice default model guidance

* Venice: switch default model to Kimi K2.5

* Changelog: credit Venice default refresh
 2026-03-06 19:31:07 -05:00
Efe Büken
03b9abab84 feat(compaction): make post-compaction context sections configurable (#34556) 
Merged via squash.

Prepared head SHA: 491bb28544
Co-authored-by: efe-arv <259833796+efe-arv@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-06 14:57:15 -08:00
Altay
6e962d8b9e fix(agents): handle overloaded failover separately (#38301) 
* fix(agents): skip auth-profile failure on overload

* fix(agents): note overload auth-profile fallback fix

* fix(agents): classify overloaded failures separately

* fix(agents): back off before overload failover

* fix(agents): tighten overload probe and backoff state

* fix(agents): persist overloaded cooldown across runs

* fix(agents): tighten overloaded status handling

* test(agents): add overload regression coverage

* fix(agents): restore runner imports after rebase

* test(agents): add overload fallback integration coverage

* fix(agents): harden overloaded failover abort handling

* test(agents): tighten overload classifier coverage

* test(agents): cover all-overloaded fallback exhaustion

* fix(cron): retry overloaded fallback summaries

* fix(cron): treat HTTP 529 as overloaded retry
 2026-03-07 01:42:11 +03:00
AngryBird
7ce79c8972 docs: fix broken dashboard image on i18n pages (#38031) 
The dashboard screenshot uses a relative path `src="whatsapp-openclaw.jpg"`
which resolves correctly on the English root page but produces 404 on
zh-CN and ja-JP pages because Mintlify prepends the language subdirectory
to the CDN path.

Change to absolute path `/whatsapp-openclaw.jpg` in all three index files,
consistent with other images on the same page that already use absolute
paths (e.g. `/assets/openclaw-logo-text-dark.png`).
 2026-03-07 00:22:19 +03:00
Vincent Koc
ab5fcfcc01 feat(gateway): add channel-backed readiness probes (#38285) 
* Changelog: add channel-backed readiness probe entry

* Gateway: add channel-backed readiness probes

* Docs: describe readiness probe behavior

* Gateway: add readiness probe regression tests

* Changelog: dedupe gateway probe entries

* Docs: fix readiness startup grace description

* Changelog: remove stale readiness entry

* Gateway: cover readiness hardening

* Gateway: harden readiness probes
 2026-03-06 15:15:23 -05:00
Vincent Koc
042b2c867d Docs: clarify main secret scan behavior 2026-03-06 14:41:23 -05:00
Vincent Koc
b529b7c6b7 Docs: update secret scan reproduction steps 2026-03-06 14:34:46 -05:00
Kesku
3d7bc5958d feat(onboarding): add web search to onboarding flow (#34009) 
* add web search to onboarding flow

* remove post onboarding step (now redundant)

* post-onboarding nudge if no web search set up

* address comments

* fix test mocking

* add enabled: false assertion to the no-key test

* --skip-search cli flag

* use provider that a user has a key for

* add assertions, replace the duplicated switch blocks

* test for quickstart fast-path with existing config key

* address comments

* cover quickstart falls through to key test

* bring back key source

* normalize secret inputs instead of direct string trimming

* preserve enabled: false if it's already set

* handle missing API keys in flow

* doc updates

* hasExistingKey to detect both plaintext strings and SecretRef objects

* preserve enabled state only on the "keep current" paths

* add test for preserving

* better gate flows

* guard against invalid provider values in config

* Update src/commands/configure.wizard.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* format fix

* only mentions env var when it's actually available

* search apiKey fields now typed as SecretInput

* if no provider check if any search provider key is detectable

* handle both kimi keys

* remove .filter(Boolean)

* do not disable web_search after user enables it

* update resolveSearchProvider

* fix(onboarding): skip search key prompt in ref mode

* fix: add onboarding web search step (#34009) (thanks @kesku)

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Shadow <hi@shadowing.dev>
 2026-03-06 13:09:00 -06:00
Sally O'Malley
57f19f0d5c container builds: opt-in extension deps via OPENCLAW_EXTENSIONS build arg (#32223) 
* Docker: opt-in extension deps via OPENCLAW_EXTENSIONS build arg

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: sallyom <somalley@redhat.com>

* CI: clarify extension smoke scope

* Tests: allow digest-pinned multi-stage FROM lines

* Changelog: note container extension preinstall option

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-06 12:18:42 -05:00
Vincent Koc
9aceb51379 Gateway: normalize HEIC input_image sources (#38122) 
* Media: normalize HEIC input images

* Gateway: accept HEIC image input schema

* Media: add HEIC input normalization tests

* Gateway: cover HEIC input schema parity

* Docs: document HEIC input image support

* Changelog: note HEIC input image fix
 2026-03-06 11:19:36 -05:00
Vincent Koc
f392b81e95 Infra: require explicit opt-in for prerelease npm installs (#38117) 
* Infra: tighten npm registry spec parsing

* Infra: block implicit prerelease npm installs

* Plugins: cover prerelease install policy

* Infra: add npm registry spec tests

* Hooks: cover prerelease install policy

* Docs: clarify plugin guide version policy

* Docs: clarify plugin install version policy

* Docs: clarify hooks install version policy

* Docs: clarify hook pack version policy
 2026-03-06 11:13:30 -05:00
Vincent Koc
222d635aee WhatsApp: honor outbound mediaMaxMb (#38097) 
* WhatsApp: add media cap helper

* WhatsApp: cap outbound media loads

* WhatsApp: align auto-reply media caps

* WhatsApp: add outbound media cap test

* WhatsApp: update auto-reply cap tests

* Docs: update WhatsApp media caps

* Changelog: note WhatsApp media cap fix
 2026-03-06 11:08:15 -05:00
Vincent Koc
7c45d918bf Docs: align BlueBubbles media cap wording 2026-03-06 10:59:05 -05:00
Vincent Koc
9c1786bdd6 Telegram/Discord: honor outbound mediaMaxMb uploads (#38065) 
* Telegram: default media cap to 100MB

* Telegram: honor outbound mediaMaxMb

* Discord: add shared media upload cap

* Discord: pass mediaMaxMb to outbound sends

* Telegram: cover outbound media cap sends

* Discord: cover media upload cap config

* Docs: update Telegram media cap guide

* Docs: update Telegram config reference

* Changelog: note media upload cap fix

* Docs: note Discord upload cap behavior
 2026-03-06 10:53:06 -05:00
Vincent Koc
151f26070b docs: context engine 2026-03-06 08:55:58 -05:00
Vincent Koc
5470337b1c docs(config): list the context engine plugin slot 2026-03-06 08:53:30 -05:00
Vincent Koc
7cc3376f07 docs(plugins): add context-engine manifest kind example 2026-03-06 08:53:30 -05:00
Vincent Koc
eb2eebae22 docs(plugins): document context engine slots and registration 2026-03-06 08:53:30 -05:00
Vincent Koc
f788ba142a docs(protocol): document slash-delimited schema lookup plugin ids 2026-03-06 08:53:29 -05:00
Vincent Koc
e88f6605ec docs(tools): document slash-delimited config schema lookup paths 2026-03-06 08:53:29 -05:00
Muhammed Mukhthar CM
4a80d48ea9 fix(mattermost): allow reachable interaction callback URLs (#37543) 
Merged via squash.

Prepared head SHA: 4d593731be
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-06 15:27:47 +05:30
Gustavo Madeira Santana
ff97195500 Gateway: add path-scoped config schema lookup (#37266) 
Merged via squash.

Prepared head SHA: 0c4d187f6f
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-06 02:50:48 -05:00
Josh Avant
0e4245063f CLI: make read-only SecretRef status flows degrade safely (#37023) 
* CLI: add read-only SecretRef inspection

* CLI: fix read-only SecretRef status regressions

* CLI: preserve read-only SecretRef status fallbacks

* Docs: document read-only channel inspection hook

* CLI: preserve audit coverage for read-only SecretRefs

* CLI: fix read-only status account selection

* CLI: fix targeted gateway fallback analysis

* CLI: fix Slack HTTP read-only inspection

* CLI: align audit credential status checks

* CLI: restore Telegram read-only fallback semantics
 2026-03-05 23:07:13 -06:00
dorukardahan
5d4b04040d feat(openai): add gpt-5.4 support for API and Codex OAuth (#36590) 
* feat(openai): add gpt-5.4 support and priority processing

* feat(openai-codex): add gpt-5.4 oauth support

* fix(openai): preserve provider overrides in gpt-5.4 fallback

* fix(openai-codex): keep xhigh for gpt-5.4 default

* fix(models): preserve configured overrides in list output

* fix(models): close gpt-5.4 integration gaps

* fix(openai): scope service tier to public api

* fix(openai): complete prep followups for gpt-5.4 support (#36590) (thanks @dorukardahan)

---------

Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
 2026-03-05 21:01:37 -08:00
Hinata Kaga (samon)
8c85ad540a fix: remove config.schema from agent gateway tool (#7382) 
Merged via squash.

Prepared head SHA: f34a778069
Co-authored-by: kakuteki <61647657+kakuteki@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 23:53:08 -05:00
Tyler Yust
81b93b9ce0 fix(subagents): announce delivery with descendant gating, frozen result refresh, and cron retry (#35080) 
Thanks @tyler6204
 2026-03-05 19:20:24 -08:00
Vincent Koc
71ec42127d feat(hooks): emit compaction lifecycle hooks (#16788) 2026-03-05 19:08:26 -08:00
Harold Hunt
d58dafae88 feat(telegram/acp): Topic Binding, Pin Binding Message, Fix Spawn Param Parsing (#36683) 
* fix(acp): normalize unicode flags and Telegram topic binding

* feat(telegram/acp): restore topic-bound ACP and session bindings

* fix(acpx): clarify permission-denied guidance

* feat(telegram/acp): pin spawn bind notice in topics

* docs(telegram): document ACP topic thread binding behavior

* refactor(reply): share Telegram conversation-id resolver

* fix(telegram/acp): preserve bound session routing semantics

* fix(telegram): respect binding persistence and expiry reporting

* refactor(telegram): simplify binding lifecycle persistence

* fix(telegram): bind acp spawns in direct messages

* fix: document telegram ACP topic binding changelog (#36683) (thanks @huntharo)

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
 2026-03-06 02:17:50 +01:00
Gustavo Madeira Santana
1a67cf57e3 Diffs: restore system prompt guidance (#36904) 
Merged via squash.

Prepared head SHA: 1b3be3c879
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 19:46:39 -05:00
Gustavo Madeira Santana
6dfd39c32f Harden Telegram poll gating and schema consistency (#36547) 
Merged via squash.

Prepared head SHA: f77824419e
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 19:24:43 -05:00
Gustavo Madeira Santana
688b72e158 plugins: enforce prompt hook policy with runtime validation (#36567) 
Merged via squash.

Prepared head SHA: 6b9d883b6a
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 18:15:54 -05:00
Bob
063e493d3d fix: decouple Discord inbound worker timeout from listener timeout (#36602) (thanks @dutifulbob) (#36602) 
Co-authored-by: Onur Solmaz <2453968+osolmaz@users.noreply.github.com>
 2026-03-06 00:09:14 +01:00
Vincent Koc
98aecab7bd Docs: cover heartbeat, cron, and plugin route updates 2026-03-05 17:05:21 -05:00
Vincent Koc
2b45eb0e52 Docs: document Control UI locale support 2026-03-05 16:57:59 -05:00
Vincent Koc
6b2c115167 Docs: clarify OpenAI-compatible TTS endpoints 2026-03-05 16:57:51 -05:00
Vincent Koc
1d3962a000 Docs: update gateway config reference for Slack and TTS 2026-03-05 16:57:40 -05:00
Vincent Koc
837b7b4b94 Docs: add Slack typing reaction fallback 2026-03-05 16:57:31 -05:00
Josh Avant
72cf9253fc Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails (#35094) 2026-03-05 12:53:56 -06:00
maweibin
09c68f8f0e add prependSystemContext and appendSystemContext to before_prompt_build (fixes #35131) (#35177) 
Merged via squash.

Prepared head SHA: d9a2869ad6
Co-authored-by: maweibin <18023423+maweibin@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 13:06:59 -05:00
Tony Dehnke
136ca87f7b feat(mattermost): add interactive buttons support (#19957) 
Merged via squash.

Prepared head SHA: 8a25e60872
Co-authored-by: tonydehnke <36720180+tonydehnke@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-05 20:14:57 +05:30
青雲
c522154771 docs(telegram): recommend allowlist for single-user DM policy (#34841) 
* docs(telegram): recommend allowlist for single-user bots

* docs(telegram): condense single-user allowlist note

---------

Co-authored-by: echoVic <echovic@163.com>
 2026-03-05 11:39:19 +03:00
Bob
6a705a37f2 ACP: add persistent Discord channel and Telegram topic bindings (#34873) 
* docs: add ACP persistent binding experiment plan

* docs: align ACP persistent binding spec to channel-local config

* docs: scope Telegram ACP bindings to forum topics only

* docs: lock bound /new and /reset behavior to in-place ACP reset

* ACP: add persistent discord/telegram conversation bindings

* ACP: fix persistent binding reuse and discord thread parent context

* docs: document channel-specific persistent ACP bindings

* ACP: split persistent bindings and share conversation id helpers

* ACP: defer configured binding init until preflight passes

* ACP: fix discord thread parent fallback and explicit disable inheritance

* ACP: keep bound /new and /reset in-place

* ACP: honor configured bindings in native command flows

* ACP: avoid configured fallback after runtime bind failure

* docs: refine ACP bindings experiment config examples

* acp: cut over to typed top-level persistent bindings

* ACP bindings: harden reset recovery and native command auth

* Docs: add ACP bound command auth proposal

* Tests: normalize i18n registry zh-CN assertion encoding

* ACP bindings: address review findings for reset and fallback routing

* ACP reset: gate hooks on success and preserve /new arguments

* ACP bindings: fix auth and binding-priority review findings

* Telegram ACP: gate ensure on auth and accepted messages

* ACP bindings: fix session-key precedence and unavailable handling

* ACP reset/native commands: honor fallback targets and abort on bootstrap failure

* Config schema: validate ACP binding channel and Telegram topic IDs

* Discord ACP: apply configured DM bindings to native commands

* ACP reset tails: dispatch through ACP after command handling

* ACP tails/native reset auth: fix target dispatch and restore full auth

* ACP reset detection: fallback to active ACP keys for DM contexts

* Tests: type runTurn mock input in ACP dispatch test

* ACP: dedup binding route bootstrap and reset target resolution

* reply: align ACP reset hooks with bound session key

* docs: replace personal discord ids with placeholders

* fix: add changelog entry for ACP persistent bindings (#34873) (thanks @dutifulbob)

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
 2026-03-05 09:38:12 +01:00
青雲
96021a2b17 fix: align AGENTS.md template section names with post-compaction extraction (#25029) (#25098) 
Merged via squash.

Prepared head SHA: 8cd6cc8049
Co-authored-by: echoVic <16428813+echoVic@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-04 12:16:00 -08:00
Bob
257e2f5338 fix: relay ACP sessions_spawn parent streaming (#34310) (thanks @vincentkoc) (#34310) 
Co-authored-by: Onur Solmaz <2453968+osolmaz@users.noreply.github.com>
 2026-03-04 11:44:20 +01:00
Gustavo Madeira Santana
7a2f5a0098 Plugin SDK: add full bundled subpath wiring 2026-03-04 02:35:12 -05:00
Gustavo Madeira Santana
802b9f6b19 Plugins: add root-alias shim and cache/docs updates 2026-03-04 01:20:48 -05:00
Vincent Koc
4d183af0cf fix: code/cli acpx reliability 20260304 (#34020) 
* agents: switch claude-cli defaults to bypassPermissions

* agents: add claude-cli default args coverage

* agents: emit watchdog stall system event for cli runs

* agents: test cli watchdog stall system event

* acpx: fallback to sessions new when ensure returns no ids

* acpx tests: mock sessions new fallback path

* acpx tests: cover ensure-empty fallback flow

* skills: clarify claude print mode without pty

* docs: update cli-backends claude default args

* docs: refresh cli live test default args

* gateway tests: align live claude args defaults

* changelog: credit claude/acpx reliability fixes

* Agents: normalize legacy Claude permission flag overrides

* Tests: cover legacy Claude permission override normalization

* Changelog: note legacy Claude permission flag auto-normalization

* ACPX: fail fast when ensure/new return no session IDs

* ACPX tests: support empty sessions new fixture output

* ACPX tests: assert ensureSession failure when IDs missing

* CLI runner: scope watchdog heartbeat wake to session

* CLI runner tests: assert session-scoped watchdog wake

* Update CHANGELOG.md
 2026-03-04 01:15:28 -05:00
Kesku
230fea1ca6 feat(web-search): switch Perplexity to native Search API (#33822) 
* feat: Add Perplexity Search API as web_search provider

* docs fixes

* domain_filter validation

* address comments

* provider-specific options in cache key

* add validation for unsupported date filters

* legacy fields

* unsupported_language guard

* cache key matches the request's precedence order

* conflicting_time_filters guard

* unsupported_country guard

* invalid_date_range guard

* pplx validate for ISO 639-1 format

* docs: add Perplexity Search API changelog entry

* unsupported_domain_filter guard

---------

Co-authored-by: Shadow <hi@shadowing.dev>
 2026-03-03 22:57:19 -06:00