Commit Graph

15226 Commits

Author SHA1 Message Date
huangjianxiong
0a8677ec99 fix(whatsapp): keep echo tracker log truncation UTF-16 safe (#102603)
* fix(whatsapp): keep echo tracker log truncation UTF-16 safe

Replace `.slice(0, 50)` with `truncateUtf16Safe(text, 50)` in
echo tracker verbose log message to prevent surrogate pair corruption.

Ref. lsr911 pattern — mechanical substitution, no behavior change.

* test(whatsapp): cover UTF-16-safe echo previews

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:46:52 +01:00
Peter Steinberger
5154fe08fa feat: show Codex sessions across Gateway and paired nodes (#102586)
* feat(codex): add federated session catalog

* fix(codex): align session catalog checks

* fix(ui): translate Codex session catalog

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-09 03:42:03 -07:00
huangjianxiong
29d2a1ed42 fix(ollama): use truncateUtf16Safe for malformed NDJSON log truncation (#102593)
* fix(ollama): use truncateUtf16Safe for malformed NDJSON log warning

The parseNdjsonStream function uses naive .slice(0, 120) on malformed
NDJSON data in log warnings which can split surrogate pairs. Replace
with truncateUtf16Safe().

* test(ollama): cover UTF-16-safe NDJSON warnings

* test(ollama): satisfy lint in NDJSON coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:38:54 +01:00
Sally O'Malley
e595a8c0ac Add Vault SecretRef plugin (#89255)
* Add Vault SecretRef plugin

Signed-off-by: sallyom <somalley@redhat.com>

* expand Vault setup to registered SecretRef targets

Signed-off-by: sallyom <somalley@redhat.com>

* fix(vault): use sdk secret target seam

* fix(vault): preserve auth profile target paths

* docs(vault): document plugin enable step

* fix(vault): make status provider-alias aware

* fix(vault): reject noncanonical secret ids

* fix(vault): separate resolver timeout deadlines

* fix(vault): forward private CA trust settings

* fix(secrets): preserve plugin policy boundaries

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-07-09 05:30:12 -05:00
Vincent Koc
45d15aabf9 fix(tts-local-cli): preserve file output on stream errors
Co-authored-by: 赵旺0668001248 <zhao.wang1@xydigit.com>
2026-07-09 03:28:51 -07:00
huangjianxiong
c87b9a7cee fix(parallel): use truncateUtf16Safe for MCP error JSON truncation (#102592)
* fix(parallel): use truncateUtf16Safe for MCP error JSON truncation

The extractMcpToolPayload function and error messages use naive
.slice(0, 500) on JSON-serialized errors and results which can split
surrogate pairs. Replace with truncateUtf16Safe().

* test(parallel): cover UTF-16-safe MCP errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:25:28 +01:00
lsr911
1beea4b873 fix(qqbot): use truncateUtf16Safe for debug log URL/key truncation (#102572)
* fix(qqbot): use truncateUtf16Safe for debug log URL/key truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in:
- image-size.ts: URL preview in debug logs (2 sites)
- upload-cache.ts: cache key preview in debug logs (2 sites)

Co-Authored-By: Claude <noreply@anthropic.com>

* test(qqbot): cover UTF-16-safe debug previews

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:20:38 +01:00
Alix-007
b37476ab0b fix(twilio): redact webhook turnToken diagnostics (#102089)
* fix(twilio): redact webhook turnToken diagnostics

* chore(twilio): rerun ci

* fix(twilio): contain webhook URL diagnostics

Co-authored-by: Alix-007 <li.long15@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:19:40 +01:00
NIO
32dee52329 fix(googlechat): cap approval binding registries (#101744)
Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-09 11:12:32 +01:00
lsr911
6ad8a77b51 fix(telegram): use truncateUtf16Safe for raw update log truncation (#102567)
* fix(telegram): use truncateUtf16Safe for raw update log truncation

* refactor(telegram): own raw log bounds in formatter

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:11:35 +01:00
lsr911
e39e628a84 fix(active-memory): use truncateUtf16Safe for log value truncation (#102551)
* fix(active-memory): use truncateUtf16Safe for log value truncation

* fix(active-memory): use truncateUtf16Safe for log value truncation

* test(active-memory): cover UTF-16-safe log limits

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:10:42 +01:00
Peter Steinberger
fc5a4defaf feat(cohere): add current Command models (#102563)
* feat(cohere): add current Command models

* docs: keep release notes out of PR
2026-07-09 11:07:50 +01:00
zw-xysk
9fa913740d fix(tts-local-cli): handle stdout/stderr stream errors in speech provider (#102347)
* fix(tts-local-cli): handle stdout/stderr stream errors in speech provider

CLI TTS speech provider spawns a child process to generate audio and
registers stdout/stderr data listeners but omits stream error handlers.

stdout carries synthesized audio data. A pipe error mid-generation must
reject the promise so the caller does not silently receive truncated
audio when the child later exits zero. stderr carries diagnostic logs
only — errors there are benign and should not crash the provider.

Apply separate strategies matching vincentkoc's requirement:
- stdout (audio): error → reject(Promise) — surface the failure
- stderr (diagnostic): error → ignore — does not affect audio output

* fix lint: remove unused signal param from mock kill()

* fix(tts-local-cli): contain child stream failures

Co-authored-by: 赵旺0668001248 <zhao.wang1@xydigit.com>

* chore(tts-local-cli): keep release notes in PR body

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:06:10 +01:00
huangjianxiong
fae5421f81 fix(diagnostics-prometheus): use truncateUtf16Safe for error message truncation (#102591)
* fix(diagnostics-prometheus): use truncateUtf16Safe for error message truncation

The safeErrorMessage function uses naive .slice(0, 500) on error messages
which can split surrogate pairs. Replace with truncateUtf16Safe().

* test(diagnostics-prometheus): cover UTF-16-safe errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:04:47 +01:00
huangjianxiong
4be6fa7413 fix(codex-supervisor): use truncateUtf16Safe for stderr tail truncation (#102590)
* fix(codex-supervisor): use truncateUtf16Safe for stderr tail truncation

StdioCodexJsonRpcConnection includes stderr output in the transport-closed
error message with a naive .slice(0, 1200) which can split surrogate pairs.
Replace with truncateUtf16Safe().

* test(codex-supervisor): cover UTF-16-safe stderr tails

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 10:59:17 +01:00
lsr911
f650d641e4 fix(codex): use truncateUtf16Safe in trajectory and client parse log truncation (#102576)
* fix(codex): use truncateUtf16Safe in trajectory and client parse log truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in:
- trajectory.ts: payload redaction display (20k char limit)
- client.ts: parse error log truncation

Co-Authored-By: Claude <noreply@anthropic.com>

* test(codex): cover UTF-16 truncation boundaries

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 10:53:25 +01:00
qingminlong
c86fe21cad fix(browser): keep UTF-8 stderr tails valid (#102543) 2026-07-09 10:51:52 +01:00
wangmiao0668000666
6433b82723 fix(qa-lab): surface gateway child stream failures (#102104)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 10:28:32 +01:00
wings1029
f7cc6ebe1e fix(agent-core,memory-core): keep compaction summary and memory snippet truncation UTF-16 safe (#102542)
* fix(agent-core,memory-core): keep compaction summary and memory snippet truncation UTF-16 safe

* fix: make compaction and memory truncation UTF-16 safe

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 10:08:11 +01:00
Ayaan Zaidi
1ad346e465 test(codex): align shared-client version fixtures with the 0.143.0 floor 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
8589759818 fix(codex): keep terminal idle backstop gated during in-flight app-server requests 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
bb1da73b14 fix(codex): fail detached-but-leased clients on suspect retirement 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
80b2b709ca fix(codex): scope client fan-out to terminal liveness kills 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
ca3f247eb2 fix(codex): fan out app-server liveness retirement 2026-07-09 14:26:05 +05:30
lsr911
6a3834d41d fix(memory-core): use truncateUtf16Safe for diary context truncation (#102524)
* fix(memory-core): use truncateUtf16Safe for diary context truncation

* test(memory-core): cover utf16 diary truncation

* refactor(memory-core): use plugin sdk text runtime

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:49:21 +01:00
wangmiao0668000666
51b4e78c33 fix(google-meet): bound Google API requests (#102149)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:39:34 +01:00
Peter Steinberger
42a8679c4d fix: restore release validation on main (#102516)
* test(qqbot): assert approval fence exactly

* fix(release): wait for ClawHub publish logging

* fix(ci): repair Bun global install smoke

* test(slack): fix app identity fixture
2026-07-09 09:39:08 +01:00
lsr911
32de666163 fix(codex): use truncateUtf16Safe for tool transcript output truncation (#102522)
* fix(codex): use truncateUtf16Safe for tool transcript output truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in event-projector
tool transcript output text to prevent surrogate pair splitting.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(codex): keep streamed output utf16-safe

* refactor(codex): use plugin sdk text runtime

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:37:07 +01:00
lsr911
145b71f57e fix(oc-path): use truncateUtf16Safe for error message path truncation (#102527)
* fix(oc-path): use truncateUtf16Safe for error message path truncation

Replace naive .slice(0, 80) with truncateUtf16Safe() at three
error-reporting call sites to prevent surrogate pair splitting
in oc:// path validation error messages.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(oc-path): cover utf16 error truncation

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:35:17 +01:00
lsr911
ed9ce1c584 fix(discord): use truncateUtf16Safe for deploy error body truncation (#102525)
* fix(discord): use truncateUtf16Safe for deploy error body truncation

* test(discord): cover utf16 deploy errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:33:46 +01:00
xingzhou
b23fdcfac9 fix(codex): avoid broken emoji in dynamic tool timeout logs (#102509)
* fix(codex): keep dynamic tool log fields UTF-16 safe

* test(codex): narrow dynamic tool response item

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:26:22 +01:00
Miorbnli
e6a2136c3a fix(msteams): lowercase content type so attachment classification is case-insensitive (#102431)
* fix(msteams): lowercase content type so attachment classification is case-insensitive

normalizeContentType only trimmed its input. MIME types are case-insensitive
(RFC 2045), and MS Teams relay payloads (SharePoint, OneDrive, Bot Framework CDN)
routinely emit mixed-case values such as "Image/PNG" or
"Application/Vnd.Microsoft.Teams.File.Download.Info". Every downstream
comparison in the attachments module assumes a lowercased value
(startsWith("image/"), === "application/vnd.microsoft.teams.file.download.info",
startsWith("text/html")), so a mixed-case attachment was silently misclassified:
images became documents, HTML bodies were skipped, and file-download candidates
were not resolved.

Lowercase in normalizeContentType so all six call sites match. The sibling
inferPlaceholder in the same file already lowercases via
normalizeLowercaseStringOrEmpty, so this aligns the two paths.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(msteams): route HTML text extraction through normalizeContentType

extractTextFromHtmlAttachments guarded its loop with an exact
`attachment.contentType !== "text/html"` check, which is the same
case-sensitivity gap the rest of the PR closes via normalizeContentType.
A mixed-case "TEXT/HTML" attachment (common from Teams relays; MIME types are
case-insensitive per RFC 2045) was skipped, so a message whose only body text
lived in such an HTML attachment entered the agent path with empty text.

Route the guard through normalizeContentType so mixed-case HTML attachments
reach the body extractor. Export the function and add regression coverage for
mixed-case / whitespace-padded / object-content / non-HTML cases.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(msteams): preserve MIME parameter case

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:24:35 +01:00
Peter Steinberger
9566aded5c fix(openai): correct Realtime auth and transcription secrets (#102518)
* fix(openai): correct Realtime auth and transcription secrets

* chore: leave release notes to release automation
2026-07-09 08:55:31 +01:00
mikasa
a522e4309c fix(browser): bound Chrome launch stderr diagnostics (#101506)
* fix(browser): bound Chrome launch stderr diagnostics

* fix(browser): preserve chrome launch recovery diagnostics

* refactor(browser): share bounded UTF-8 stderr tails

* fix(browser): own bounded stderr storage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:30:27 +01:00
Alix-007
ca8f6e1efd fix(zalouser): clear probe timeout after auth resolves (#101649) 2026-07-09 08:29:44 +01:00
Peter Steinberger
e7492c6fca feat(providers): refresh Qwen, Cohere, and Mistral catalogs (#102489)
* feat(providers): refresh popular model catalogs

* chore: leave release changelog to release automation

* docs: refresh provider docs map
2026-07-09 08:16:50 +01:00
kevinlin-openai
245b91b83d feat(slack): support Enterprise Grid org installs (#102372)
* feat(slack): support Enterprise Grid org installs

* docs: refresh generated docs map

* fix(slack): satisfy enterprise routing CI

* fix(slack): accept org auth without app id

* docs(plugin-sdk): document channel policy hooks

* fix(slack): reuse canonical sender for enterprise replies

* test(slack): fix enterprise sender lint

---------

Co-authored-by: Kevin Lin <kevin@dendron.so>
2026-07-08 23:53:19 -07:00
Peter Steinberger
fb3f0a2889 fix(openai): clarify rejected Realtime Talk API keys [AI] (#102461)
* fix(openai): clarify realtime API key failures

* chore: leave release notes to release workflow
2026-07-09 07:41:33 +01:00
Miorbnli
18e80760a7 fix(channels): keep inbound log previews UTF-16 safe (#102407)
* fix(matrix): truncate inbound preview on UTF-16 code-point boundary

The matrix inbound verbose preview used bodyText.slice(0, 200) before logging.
When a supplementary-plane character (emoji, extended CJK) straddles the 200th
code unit, the slice splits its surrogate pair and emits a lone surrogate into
the verbose log line. Lone surrogates corrupt JSON log serialization, break
terminal rendering, and crash UTF-8-validating log shippers.

Use the shared truncateUtf16Safe helper (already used by the mattermost sibling
monitor after #101630) to keep complete surrogate pairs intact. No behavior
change for ASCII input; the preview is still capped at 200 code units.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(matrix): fix inbound-preview test for lint and lib target

- Avoid String.prototype.isWellFormed (ES2024 lib): use the encodeURIComponent
  well-formedness probe instead, which works on the project's TS lib target.
- Replace literal string concatenation with template strings to satisfy the
  no-useless-concat lint rule. No behavior change in the assertions.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(channels): keep inbound log previews UTF-16 safe

* test(line): type verbose preview fixtures

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:32:55 +01:00
xingzhou
4adfc30b90 fix(codex): app inventory error diagnostics stay UTF-16 safe (#102414)
* fix(codex): keep app inventory error messages UTF-16 safe

* refactor(codex): unify app inventory error truncation

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:31:18 +01:00
Tianning Li
583ca34bf8 feat(stepfun): add step-3.7-flash model (#88082)
* feat(stepfun): add step-3.7-flash model and make it default

* fix(stepfun): set step-3.7-flash cacheRead cost to 0.04

* fix(stepfun): raise step-3.7-flash maxTokens to context limit

Output was artificially capped at 65536; StepFun docs set max_tokens
default to INF, bounded only by the 256K context window. Raise
step-3.7-flash maxTokens to 262144 on both stepfun and stepfun-plan,
matching contextWindow. Per models.dev anomalyco/models.dev#1903.
step-3.5-flash entries unchanged.

* fix(stepfun): zero step-plan step-3.7-flash cost for plan billing

Step Plan endpoint bills per subscription plan, not per token, matching
the sibling stepfun-plan/step-3.5-flash and step-3.5-flash-2603 entries
which already carry zero cost. Standard stepfun/step-3.7-flash keeps its
per-token rate. Per models.dev anomalyco/models.dev#1903, whose step-plan
providers omit cost entirely.

* docs(changelog): note StepFun 3.7 support

* style(stepfun): format provider table

* fix(stepfun): forward reasoning effort

* fix(stepfun): scope reasoning compat to 3.7

* test(stepfun): keep 3.5 reasoning compat unchanged

* fix(stepfun): carry off fallback through agent turns

* fix(stepfun): use documented token limit field

* fix(stepfun): match chat completions contract

* chore(stepfun): keep changelog release-owned

---------

Co-authored-by: Tianning Li <litianning@stepfun.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:14:46 +01:00
Vincent Koc
8a5ad170c0 chore(codex): bump app-server to 0.143.0 2026-07-08 23:07:20 -07:00
Vincent Koc
bf3e2f5b80 fix(codex): migrate retired approval policy 2026-07-08 23:07:20 -07:00
NIO
a3f00d32c9 fix(telegram): keep DM topic auto-rename user message UTF-16 safe (#101781)
* fix(telegram): keep DM topic auto-rename user message UTF-16 safe

Add surrogate-boundary regression for auto-topic label input truncation.

Co-authored-by: Cursor <cursoragent@cursor.com>

* test(telegram): tighten topic label boundary proof

---------

Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 06:44:19 +01:00
wangmiao0668000666
acac359de6 fix(matrix): keep HTTP error and tool-progress truncations UTF-16 safe (#102395)
* fix(matrix): keep HTTP error and tool-progress truncations UTF-16 safe

* test(matrix): prove UTF-16 truncation boundaries

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 06:15:46 +01:00
wangmiao0668000666
28bbbe4f60 fix(google-meet): bound Calendar event lookups (#102157)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 06:12:24 +01:00
wangmiao0668000666
624dfa6cf6 fix(google-meet): contain node host stream failures (#102105)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 05:59:35 +01:00
xydt-tanshanshan
1d4d8474da [AI] fix(memory): use truncateUtf16Safe for dreaming snippet truncation (#101946)
* [AI] fix(memory): use truncateUtf16Safe for dreaming snippet truncation

Replace .slice(0, N) with truncateUtf16Safe() at 5 call sites in
dreaming-phases.ts so complex emoji and surrogate pairs near the
truncation boundary are not split into lone surrogates.

truncateUtf16Safe is the standard SDK helper, already used in
session-cost-usage, cron, exec-approval, and node-host modules
for the same purpose.

* [AI] fix(memory): use SDK facade import for truncateUtf16Safe, add surrogate-proof test

Replace direct @openclaw/normalization-core/utf16-slice import with
openclaw/plugin-sdk/memory-core-host-engine-foundation SDK facade,
matching manager-search.ts in the same extension.

Add surrogate-proof.test.ts that runs a full dreaming ingestion sweep
with emoji at the 280-char boundary and verifies zero lone surrogates.

* [AI] fix(memory-proof): use relative imports in surrogate-proof test

* [AI] fix(memory-proof): place emoji at post-prefix 280-char boundary, assert session corpus file

* [AI] fix(memory-proof): avoid unnecessary String callback in oxlint

* [AI] fix(memory-proof): add curly braces per eslint curly rule

* [AI] feat(proof): add standalone dreaming surrogate truncation proof script

* [AI] chore(proof): remove unused SQLite-dependent proof script

* [AI] fix(proof): correct emoji boundary placement for all 5 call sites

* [AI] fix(proof): add curly braces per eslint curly rule in proof script

* [AI] fix(proof): session emoji at actual corpus 280-char boundary

* test: streamline memory dreaming UTF-16 coverage

---------

Co-authored-by: hailory <hailory@xydigit.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 05:40:22 +01:00
Dave Fano
b502554f6c Suppress failed tool progress in Discord (#92517)
* fix(discord): suppress failed tool progress

Co-authored-by: davefano-agents@teal-03-mst-m2u-wheeljack <davefano-agents@users.noreply.github.com>

* chore: leave changelog to release

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: davefano-agents@teal-03-mst-m2u-wheeljack <davefano-agents@users.noreply.github.com>
2026-07-09 05:39:59 +01:00
VectorPeak
2cb482dd40 fix(discord): split encoded video URLs from captions (#101815)
* fix(discord): split encoded video URLs from captions

Co-authored-by: chatgpt-codex-connector[bot] <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>

* refactor(discord): scope media filename decoding

---------

Co-authored-by: chatgpt-codex-connector[bot] <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 04:41:53 +01:00