pomelo-nwu
77a35025e8
feat: integrate Alibaba Bailian Coding Plan into onboarding wizard
2026-03-10 19:58:43 +00:00
Nimrod Gutman
c2e41c57c9
fix(ios): make pairing instructions generic
2026-03-10 21:44:00 +02:00
Nimrod Gutman
6bcf89b09b
feat(ios): refresh home canvas toolbar
2026-03-10 21:44:00 +02:00
Mariano Belinky
67746a12de
iOS: add welcome home canvas
2026-03-10 21:44:00 +02:00
Onur
8ba1b6eff1
ci: add npm release workflow and CalVer checks ( #42414 ) (thanks @onutc)
2026-03-10 20:09:25 +01:00
Altay
0ff184397d
docs(telegram): clarify group and sender allowlists ( #42451 )
...
Merged via squash.
Prepared head SHA: f30cacafb39790196+altaywtf@users.noreply.github.com >
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com >
Reviewed-by: @altaywtf
2026-03-10 21:56:30 +03:00
Josh Avant
b205de6154
Docs: add changelog entry for SecretRef traversal ( #42455 )
2026-03-10 13:52:50 -05:00
Josh Avant
d30dc28b8c
Secrets: reject exec SecretRef traversal ids across schema/runtime/gateway ( #42370 )
...
* Secrets: harden exec SecretRef validation and reload LKG coverage
* Tests: harden exec fast-exit stdin regression case
* Tests: align lifecycle daemon test formatting with oxfmt 0.36
2026-03-10 13:45:37 -05:00
Josh Avant
0687e04760
fix: thread runtime config through Discord/Telegram sends ( #42352 ) (thanks @joshavant) ( #42352 )
2026-03-10 13:30:57 -05:00
Yufeng He
c2d9386796
fix: log auth profile resolution failures instead of swallowing silently ( #41271 )
...
Merged via squash.
Prepared head SHA: 049d1e119a40085740+he-yufeng@users.noreply.github.com >
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com >
Reviewed-by: @altaywtf
2026-03-10 20:38:49 +03:00
JiangNan
e9e8b81939
fix(failover): classify Gemini MALFORMED_RESPONSE as retryable timeout ( #42292 )
...
Merged via squash.
Prepared head SHA: 68f106ff4912096460+jnMetaCode@users.noreply.github.com >
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com >
Reviewed-by: @altaywtf
2026-03-10 20:34:32 +03:00
jiarung
bc9b35d6ce
fix(logging): include model and provider in overload/error log ( #41236 )
...
Merged via squash.
Prepared head SHA: bb16fecbf716461359+jiarung@users.noreply.github.com >
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com >
Reviewed-by: @altaywtf
2026-03-10 20:32:14 +03:00
Ayaan Zaidi
3b582f1d54
fix(telegram): chunk long html outbound messages ( #42240 )
...
Merged via squash.
Prepared head SHA: 4d79c41ddf22031114+obviyus@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
2026-03-10 22:53:04 +05:30
CryUshio
8bf64f219a
fix: recognize Poe 402 'used up your points' as billing for fallback ( #42278 )
...
Merged via squash.
Prepared head SHA: f3cdfa76dd30655354+CryUshio@users.noreply.github.com >
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com >
Reviewed-by: @altaywtf
2026-03-10 20:17:36 +03:00
Pejman Pour-Moezzi
466cc816a8
docs(acp): document resumeSessionId for session resume ( #42280 )
...
* docs(acp): document resumeSessionId for session resume
* docs: clarify ACP resumeSessionId thread/mode behavior (#42280 ) (thanks @pejmanjohn)
---------
Co-authored-by: Onur <onur@textcortex.com >
2026-03-10 18:06:09 +01:00
sline
bfeea5d23f
fix(agents): prevent /v1beta duplication in Gemini PDF URL ( #34369 )
...
Strip trailing /v1beta from baseUrl before appending the version
segment, so callers that already include /v1beta in their base URL
(e.g. subagent-registry) no longer produce /v1beta/v1beta/models/…
which results in a 404 from the Gemini API.
Closes #34312
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-10 12:52:49 -04:00
Ayaan Zaidi
936607ca22
ci: drop detect-secrets check
2026-03-10 20:35:23 +05:30
Ayaan Zaidi
ac88a39acc
fix: align pi-ai 0.57.1 oauth imports and payload hooks
2026-03-10 20:29:03 +05:30
George Zhang
f50fc2966b
docs: add #42173 to CHANGELOG — strip leaked model control tokens ( #42216 )
...
Thanks @imwyvern.
2026-03-10 07:19:13 -07:00
joshavant
59bc3c6630
Agents: align onPayload callback and OAuth imports
2026-03-10 08:50:30 -05:00
George Zhang
3508b4821b
docs: add Tengji (George) Zhang to maintainer table ( #42190 )
2026-03-10 06:46:12 -07:00
George Zhang
309162f9a2
fix: strip leaked model control tokens from user-facing text ( #42173 )
...
Models like GLM-5 and DeepSeek sometimes emit internal delimiter tokens in their responses. Uses generic pattern in the text extraction pipeline, following the same architecture as stripMinimaxToolCallXml.
Closes #40020
Supersedes #40573
Co-authored-by: imwyvern <100903837+imwyvern@users.noreply.github.com >
2026-03-10 06:27:59 -07:00
Vincent Koc
208b636414
Changelog: add unreleased March 9 entries
2026-03-10 08:51:12 -04:00
smysle
d340ea92d1
chore: add .dev-state to .gitignore ( #41848 )
...
Merged via squash.
Prepared head SHA: 85c4eb7d26207193754+smysle@users.noreply.github.com >
Co-authored-by: hydro13 <6640526+hydro13@users.noreply.github.com >
Reviewed-by: @hydro13
2026-03-10 13:35:04 +01:00
Charles Dusek
048e25c2b2
fix(agents): avoid duplicate same-provider cooldown probes in fallback runs ( #41711 )
...
Merged via squash.
Prepared head SHA: 8be8967bcb38732970+cgdusek@users.noreply.github.com >
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com >
Reviewed-by: @altaywtf
2026-03-10 15:26:47 +03:00
Echo
bda63c3c7f
fix(mattermost): preserve markdown formatting and native tables ( #18655 )
...
Merged via squash.
Prepared head SHA: d30fff1776259437483+echo931@users.noreply.github.com >
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com >
Reviewed-by: @mukhtharcm
2026-03-10 17:40:01 +05:30
Pejman Pour-Moezzi
aca216bfcf
feat(acp): add resumeSessionId to sessions_spawn for ACP session resume ( #41847 )
...
* feat(acp): add resumeSessionId to sessions_spawn for ACP session resume
Thread resumeSessionId through the ACP session spawn pipeline so agents
can resume existing sessions (e.g. a prior Codex conversation) instead
of starting fresh.
Flow: sessions_spawn tool → spawnAcpDirect → initializeSession →
ensureSession → acpx --resume-session flag → agent session/load
- Add resumeSessionId param to sessions-spawn-tool schema with
description so agents can discover and use it
- Thread through SpawnAcpParams → AcpInitializeSessionInput →
AcpRuntimeEnsureInput → acpx extension runtime
- Pass as --resume-session flag to acpx CLI
- Error hard (exit 4) on non-existent session, no silent fallback
- All new fields optional for backward compatibility
Depends on acpx >= 0.1.16 (openclaw/acpx#85, merged, pending release).
Tests: 26/26 pass (runtime + tool schema)
Verified e2e: Discord → sessions_spawn(resumeSessionId) → Codex
resumed session and recalled stored secret.
🤖 AI-assisted
* fix: guard resumeSessionId against non-ACP runtime
Add early-return error when resumeSessionId is passed without
runtime="acp" (mirrors existing streamTo guard). Without this,
the parameter is silently ignored and the agent gets a fresh
session instead of resuming.
Also update schema description to note the runtime=acp requirement.
Addresses Greptile review feedback.
* ACP: add changelog entry for session resume (#41847 ) (thanks @pejmanjohn)
---------
Co-authored-by: Pejman Pour-Moezzi <481729+pejmanjohn@users.noreply.github.com >
Co-authored-by: Onur <onur@textcortex.com >
2026-03-10 10:36:13 +01:00
Bob
c2eb12bbc5
ACPX: bump bundled acpx to 0.1.16 ( #41975 )
...
* ACPX: bump bundled acpx to 0.1.16
* fix: bump acpx pin to 0.1.16 (#41975 ) (thanks @dutifulbob)
---------
Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com >
2026-03-10 10:18:09 +01:00
Teconomix
6d0547dc2e
mattermost: fix DM media upload for unprefixed user IDs ( #29925 )
...
Merged via squash.
Prepared head SHA: 5cffcb072c6959299+teconomix@users.noreply.github.com >
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com >
Reviewed-by: @mukhtharcm
2026-03-10 14:22:24 +05:30
Brad Groux
568b0a22bb
fix(msteams): use General channel conversation ID as team key for Bot Framework compatibility ( #41838 )
...
* fix(msteams): use General channel conversation ID as team key for Bot Framework compatibility
Bot Framework sends `activity.channelData.team.id` as the General channel's
conversation ID (e.g. `19:abc@thread.tacv2 `), not the Graph API group GUID
(e.g. `fa101332-cf00-431b-b0ea-f701a85fde81`). The startup resolver was
storing the Graph GUID as the team config key, so runtime matching always
failed and every channel message was silently dropped.
Fix: always call `listChannelsForTeam` during resolution to find the General
channel, then use its conversation ID as the stored `teamId`. When a specific
channel is also configured, reuse the same channel list rather than issuing a
second API call. Falls back to the Graph GUID if the General channel cannot
be found (renamed/deleted edge case).
Fixes #41390
* fix(msteams): handle listChannelsForTeam failure gracefully
* fix(msteams): trim General channel ID and guard against empty string
* fix: document MS Teams allowlist team-key fix (#41838 ) (thanks @BradGroux)
---------
Co-authored-by: bradgroux <bradgroux@users.noreply.github.com >
Co-authored-by: Onur <onur@textcortex.com >
2026-03-10 09:13:41 +01:00
Daniel Hnyk
450d49ea52
fix(mattermost): read replyTo param in plugin handleAction send ( #41176 )
...
Merged via squash.
Prepared head SHA: 33cac4c33f2741256+hnykda@users.noreply.github.com >
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com >
Reviewed-by: @mukhtharcm
2026-03-10 13:19:54 +05:30
Daniel Reis
3495563cfe
fix(sandbox): pass real workspace to sessions_spawn when workspaceAccess is ro ( #40757 )
...
Merged via squash.
Prepared head SHA: 0e8b27bf8066363641+dsantoreis@users.noreply.github.com >
Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com >
Reviewed-by: @mcaxtr
2026-03-10 04:12:50 -03:00
Austin
9d403fd415
fix(ui): replace Manual RPC text input with sorted method dropdown ( #14967 )
...
Merged via squash.
Prepared head SHA: 1bb49b2e64112558420+rixau@users.noreply.github.com >
Co-authored-by: BunsDev <68980965+BunsDev@users.noreply.github.com >
Reviewed-by: @BunsDev
2026-03-10 01:30:31 -05:00
Val Alexander
5296147c20
CI: select Swift 6.2 toolchain for CodeQL ( #41787 )
...
Merged via squash.
Prepared head SHA: 8abc6c165768980965+BunsDev@users.noreply.github.com >
Co-authored-by: BunsDev <68980965+BunsDev@users.noreply.github.com >
Reviewed-by: @BunsDev
2026-03-10 01:22:41 -05:00
Frank Yang
8306eabf85
fix(agents): forward memory flush write path ( #41761 )
...
Merged via squash.
Prepared head SHA: 0a8ebf8e5b4488090+frankekn@users.noreply.github.com >
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com >
Reviewed-by: @frankekn
2026-03-10 14:18:41 +08:00
Eugene
45b74fb56c
fix(telegram): move network fallback to resolver-scoped dispatchers ( #40740 )
...
Merged via squash.
Prepared head SHA: a4456d48b44436535+sircrumpet@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
2026-03-10 11:28:51 +05:30
Urian Paul Danut
d1a59557b5
fix(security): harden replaceMarkers() to catch space/underscore boundary marker variants ( #35983 )
...
Merged via squash.
Prepared head SHA: ff07dc45a933277984+urianpaul94@users.noreply.github.com >
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com >
Reviewed-by: @frankekn
2026-03-10 13:54:23 +08:00
Laurie Luo
cf9db91b61
fix(web-search): recover OpenRouter Perplexity citations from message annotations ( #40881 )
...
Merged via squash.
Prepared head SHA: 66c8bb2c6a89195476+laurieluo@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
2026-03-10 10:37:44 +05:30
futuremind2026
382287026b
cron: record lastErrorReason in job state ( #14382 )
...
Merged via squash.
Prepared head SHA: baa6b5d566258860756+futuremind2026@users.noreply.github.com >
Co-authored-by: BunsDev <68980965+BunsDev@users.noreply.github.com >
Reviewed-by: @BunsDev
2026-03-10 00:01:45 -05:00
Wayne
da4fec6641
fix(telegram): prevent duplicate messages when preview edit times out ( #41662 )
...
Merged via squash.
Prepared head SHA: 2780e62d07105773686+hougangdev@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
2026-03-10 10:17:39 +05:30
Frank Yang
96e4975922
fix: protect bootstrap files during memory flush ( #38574 )
...
Merged via squash.
Prepared head SHA: a0b9a02e2e4488090+frankekn@users.noreply.github.com >
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com >
Reviewed-by: @frankekn
2026-03-10 12:44:33 +08:00
Benji Peng
989ee21b24
ui: fix sessions table collapse on narrow widths ( #12175 )
...
Merged via squash.
Prepared head SHA: b1fcfba86811394934+benjipeng@users.noreply.github.com >
Co-authored-by: BunsDev <68980965+BunsDev@users.noreply.github.com >
Reviewed-by: @BunsDev
2026-03-09 23:14:07 -05:00
Tak Hoffman
705c6a422d
Add provider routing details to bug report form ( #41712 )
2026-03-09 23:01:55 -05:00
Josh Avant
f0eb67923c
fix(secrets): resolve web tool SecretRefs atomically at runtime
2026-03-09 22:57:03 -05:00
Ayaan Zaidi
93c44e3dad
ci: drop gha cache from docker release ( #41692 )
2026-03-10 09:14:57 +05:30
Shadow
e42c4f4513
docs: harden PR review gates against unsubstantiated fixes
2026-03-09 22:43:56 -05:00
Ayane
391f9430ca
fix(feishu): pass mediaLocalRoots in sendText local-image auto-convert shim (openclaw#40623)
...
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: ayanesakura <40628300+ayanesakura@users.noreply.github.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-03-09 22:26:06 -05:00
Ayaan Zaidi
e74666cd0a
build: raise extension openclaw peer floor
2026-03-10 08:47:56 +05:30
Ayaan Zaidi
731f1aa906
test: avoid detect-secrets churn in observation fixtures
2026-03-10 08:43:19 +05:30
Harold Hunt
de49a8b72c
Telegram: exec approvals for OpenCode/Codex ( #37233 )
...
Merged via squash.
Prepared head SHA: f2433790945617868+huntharo@users.noreply.github.com >
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com >
Reviewed-by: @huntharo
2026-03-09 23:04:35 -04:00
