vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-06-28 19:23:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
59,026 Commits 1,843 Branches 149 Tags
0ea08076c3b58b074e9c9f8ab27d41ef86d0abf3
Commit Graph

63 Commits

Author SHA1 Message Date
NVIDIAN
781e03a179 fix(process): return timeout code for killed commands 2026-06-10 19:21:35 +01:00
Mariano
b8adc11977 feat(cron): support command jobs 
Add command-backed cron jobs with timeout-safe process-tree cleanup for shell wrappers. Ensures POSIX command jobs run in a killable process group, adds Windows tree cleanup fallback handling, and covers timeout cleanup behind sh -lc.
 2026-06-08 12:06:16 +09:00
Peter Steinberger
a628a66e4d docs: document process helpers 2026-06-04 20:14:34 -04:00
Peter Steinberger
304e2c83c0 chore(lint): enable stricter oxlint rules 2026-05-31 18:59:02 +01:00
Peter Steinberger
00d8d7ead0 refactor: extract normalization core package 
Extract shared normalization/coercion helpers into private @openclaw/normalization-core workspace package while preserving existing plugin SDK helper subpaths.\n\nAlso keeps direct normalization-core imports internal, wires UI/build/loader resolution, and replaces the slow PR network CodeQL lane with a fast added-line boundary scan while retaining full CodeQL for scheduled/manual runs.\n\nVerification: local moved tests, plugin SDK boundary tests, extension loader tests, agents-support shard, UI build/test, build artifacts, lint, workflow guards, autoreview, and GitHub CI passed on PR head 963d893715.
 2026-05-31 01:33:00 +01:00
Vincent Koc
8ba71e4aff fix(process): bound command output capture 2026-05-28 15:52:02 +02:00
Peter Steinberger
bb46b79d3c refactor: internalize OpenClaw agent runtime (#85341) 
* refactor: extract agent core package

Introduce packages/agent-core as the OpenClaw-owned home for reusable agent loop, harness, session, prompt, and runtime dependency contracts.

* refactor: extract shared llm runtime

Move provider model registries, stream wrappers, OAuth helpers, and LLM utilities into src/llm with plugin-sdk barrels instead of depending on the old embedded runtime layout.

* refactor: remove pi runtime internals

Rename remaining Pi-shaped agent surfaces to OpenClaw agent runtime names, delete obsolete Pi docs and package graph checks, and add the third-party notice for incorporated code.

* refactor: tighten agent session runtime

Make agent-core/runtime dependencies explicit, consolidate compaction and session transcript helpers, and move model/session helpers behind OpenClaw-owned contracts.

* refactor: remove static model and pi auth paths

Drop static model catalogs and Pi auth bridges, move model/provider facts to manifest-owned runtime contracts, and harden internal embedded-agent utilities.

* refactor: remove legacy provider compat paths

* docs: remove agent parity notes

* fix: skip provider wildcard metadata parsing

* refactor: share session extension sdk loading

* refactor: inline acpx proxy error formatter

* refactor: fold edit recovery into edit tool

* fix: accept extension batch separator

* test: align startup provider plugin expectations

* fix: restore provider-scoped release discovery

* test: align static asset packaging expectations

* fix: run static provider catalogs during scoped discovery

* fix: add provider entry catalogs for scoped live discovery

* fix: load lightweight provider catalog entries

* fix: refresh provider-scoped plugin metadata

* fix: keep provider catalog entries on release live path

* fix: keep static manifest models in release live checks

* fix: harden release model discovery

* fix: reduce OpenAI live cache probe reasoning

* fix: disable OpenAI cache probe reasoning

* ci: extend OpenAI gateway live timeout

* fix: extend live gateway model budget

* fix: stabilize release validation regressions

* fix: honor provider aliases in model rows

* fix: stabilize release validation lanes

* fix: stabilize release memory qa

* ci: stabilize release validation lanes

* ci: prefer ipv4 for live docker node calls

* fix: restore shared tool-call stream wrapper

* ci: remove legacy pi test shard alias

* fix: clean up embedded agent test drift

* fix: stabilize runtime alias status

* fix: clean up embedded agent ci drift

* fix: restore release ci invariants

* fix: clean up post-rebase runtime drift

* fix: restore release ci checks

* fix: restore release ci after rebase

* fix: remove stale pi runtime path

* test: align compaction runtime expectations

* test: update plugin prerelease expectations

* fix: handle claude live tool approvals

* fix: stabilize release validation gates

* fix: finish agent runtime import

* test: finish post-rebase agent runtime mocks

* fix: keep codex compaction native

* fix: stabilize codex app-server hook tests

* test: isolate codex diagnostic active run

* test: remove codex diagnostic completion race

# Conflicts:
#	extensions/codex/src/app-server/run-attempt.test.ts

* ci: fix full release manifest performance run id

* refactor: narrow llm plugin sdk boundary

* chore: drop generated google boundary stamps

* fix: repair rebase fallout

* fix: clean up rebased runtime references

* fix: decode codex jwt payloads as base64url

* fix: preserve shipped pi runtime alias

* fix: add scoped sdk virtual modules

* fix: decode llm codex oauth jwt as base64url

* fix: avoid stale vertex adc negative cache

* fix: harden tool arg decoding and codeql path

* fix: keep vertex adc negative checks live

* refactor: consolidate codex jwt and edit helpers

* fix: await codex oauth node runtime imports

* fix: preserve sdk tool and notice contracts

* fix: preserve shipped compat config boundaries

* fix: align codex oauth callback host

* fix: terminate agent-core loop streams on failure

* fix: keep codex oauth callback alive during fallback

* ci: include session tools in critical codeql scans

* fix: keep Cloudflare Anthropic provider auth header

* docs: redirect legacy pi runtime pages

* fix: honor bundled web provider compat discovery

* fix: protect session output spill files

* fix: keep legacy agent dir env blocked

* fix: contain auto-discovered skill symlinks

* fix: harden agent core sdk proxy surfaces

* fix: restore approval reaction sdk compat

* fix: keep live docker runs bounded

* fix: keep codex oauth redirect host aligned

* fix: resolve post-rebase agent runtime drift

* fix: redact anthropic oauth parse failures

* fix: preserve responses strict tool shaping

* fix: repair agent runtime rebase cleanup

* docs: redirect retired parity pages

* fix: bound auto-discovered resources to roots

* fix: repair post-rebase agent test drift

* fix: preserve bundled provider allowlist migration

* fix: preserve manifest-owned provider aliases

* fix: declare photon image dependency

* fix: keep provider headers out of proxy body

* fix: preserve shipped env aliases

* fix: refresh control ui i18n generated state

* fix: quote read fallback paths

* fix: preview edits through configured backend

* test: satisfy core test typecheck

* fix: preserve ZAI usage auth fallback

* test: repair codex diagnostic test

* fix: repair agent runtime rebase drift

* test: finish embedded runner import rename

* fix: repair agent runtime rebase integrations

* test: align compaction oauth fallback expectations

* fix: allow sdk-auth session models

* fix: update doctor tool schema import

* fix: preserve bedrock plugin region

* fix: stream harmony-like prose immediately

* ci: include session runtime in codeql shards

* fix: repair latest rebase integrations

* fix: honor explicit codex websocket transport

* fix: keep openai-compatible credentials provider-scoped

* fix: refresh sdk api baseline after rebase

* fix: route cli runtime aliases through openclaw harness

* test: rename stale harness mock expectation

* test: rename embedded agent overflow calls

* test: clean embedded auth test wording

* test: use openclaw stream types in deepinfra cache test

* fix: refresh sdk api baseline on latest main

* fix: honor bundled discovery compat allowlists

* fix: refresh sdk api baseline after latest rebase

* fix: remove stale rebase imports

* test: rename stale model catalog mock

* test: mock renamed doctor runtime modules

* fix: map canonical kimi env auth

* fix: use internal model registry in bench script

* fix: migrate deepinfra provider catalog entry

* fix: enforce builtin tool suppression

* fix: route compaction auth and proxy payloads safely

* refactor: prune unused llm registry leftovers

* test: update codex hooks session import

* test: fix model picker ci coverage

* test: align model picker auth mock types
 2026-05-27 19:24:04 +01:00
Patrick Erichsen
c0312748c4 feat: support git and local skill installs (#84793) 2026-05-20 21:12:03 -07:00
samzong
2fa853dce5 fix(gateway): isolate gmail watcher restart and abort handling (#82395) 
Merged via squash.

Prepared head SHA: 61502846df
Co-authored-by: samzong <13782141+samzong@users.noreply.github.com>
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Reviewed-by: @frankekn
 2026-05-16 15:31:51 +08:00
Vincent Koc
d656cda46d fix(process): normalize Windows child env keys 2026-05-14 14:34:00 +08:00
Devin Robison
982d123b80 Harden Windows command wrapper resolution (#77472) 
* Harden Windows command wrapper resolution

* clawsweeper: route Windows cmd.exe wrapper through getWindowsInstallRoots

Replace the local SystemRoot/windir/SYSTEMROOT/WINDIR scan in
resolveTrustedWindowsCmdExe with the shared getWindowsInstallRoots()
resolver from src/infra/windows-install-roots.ts. The shared resolver
already rejects UNC paths, root-relative values, semicolon-delimited
path-lists, and missing-drive-letter roots, and prefers registry-derived
roots over env, so the wrapper-launch trust boundary now matches the
existing Windows install-root boundary on main.

Tests:
- _resetWindowsInstallRootsForTests in beforeEach so cached roots track
  per-test process.env mutations
- expectedTrustedCmdExe helper now joins the resolved systemRoot, so the
  expected wrapper executable matches the production resolver on Linux
  CI (where it falls back to DEFAULT_WINDOWS_SYSTEM_ROOT)
- new "rejects unsafe Windows root values" test covers UNC,
  semicolon-delimited path-list, root-relative, and bare-relative
  SystemRoot inputs

* Add CHANGELOG entry for #77472 Windows command wrapper hardening

* clawsweeper: stub registry probe in Windows wrapper tests

On real Windows CI runners getWindowsInstallRoots() reads the canonical
SystemRoot from the registry (e.g. C:\WINDOWS) before falling back to
process.env, which shadowed the env-only setup in the ComSpec-poisoning
and unsafe-root tests and produced casing mismatches like
"C:\WINDOWS\System32\cmd.exe" vs the expected "C:\Windows\...". Pass a
queryRegistryValue stub returning null in beforeEach (and inside the
unsafe-root loop) so install-root resolution is fully driven by the
test's process.env setup on every platform.

* clawsweeper: overwrite WINDIR alongside SystemRoot in unsafe-root test

Real Windows runners did not honor `delete process.env.windir`, so the
unsafe-root iteration's WINDIR fallback still resolved to the canonical
`C:\WINDOWS` and produced a casing mismatch against the expected default
`C:\Windows\System32\cmd.exe`. Set both `SystemRoot` and `WINDIR` to the
unsafe payload so every install-root env source is rejected by
`normalizeWindowsInstallRoot` and the resolver falls through to
`DEFAULT_WINDOWS_SYSTEM_ROOT`.
 2026-05-04 14:33:18 -06:00
Peter Steinberger
3921e1b0b7 fix(process): kill Windows command trees on timeout 
(cherry picked from commit 9cc3ae100b)
 2026-05-04 20:44:27 +01:00
Alex Knight
e1a7c5b860 fix: handle EPIPE errors on child process stdin writes (#75602) 
Fix three child-process stdin write paths that let async EPIPE errors
escape to uncaughtException and crash the gateway.

extensions/imessage/src/client.ts (the actual #75438 crash path):
- Add child.stdin.on('error') listener in start() to catch async EPIPE
  and reject all pending requests via failAll().
- Add write callback to request() stdin.write() that rejects the
  specific pending request on error, instead of leaving it hanging
  until timeout.

src/agents/mcp-stdio-transport.ts:
- Fix write callback race in send(): previously resolved the promise
  immediately when write() returned true, then the write callback with
  EPIPE would fire after the promise was already fulfilled. Now always
  settles the promise from the write callback so the outcome is known
  before resolving.

src/process/exec.ts:
- Add stdin.on('error') before writing input so EPIPE from a
  prematurely-exited child is swallowed — the process exit handler
  reports the real status.

One reporter observed a gateway crash after 10.5 hours of stable
uptime — a single EPIPE on an iMessage RPC child process stdin write
killed the gateway with code 1.

Fixes: #75438
 2026-05-01 21:45:12 +10:00
Vincent Koc
e6d2c9b080 fix(process): decode Windows command output with console codepage awareness (#72393) 
* fix(process): decode Windows command output with console codepage awareness

* fix(clownfish): address review for ghcrawl-199248-agentic-merge (1)
 2026-04-26 23:10:59 -07:00
Peter Steinberger
c3074bd513 refactor: dedupe path lowercase helpers 2026-04-07 15:53:50 +01:00
Peter Steinberger
edab013e51 fix: support corepack cmd shim on windows 2026-04-06 03:48:47 +01:00
Peter Steinberger
f4fa53de3f fix(ci): repair zalouser sdk path and exec timeout kill 2026-04-04 04:51:33 +01:00
Peter Steinberger
f03d7c5a4c refactor: centralize Windows exec invocation 2026-04-02 18:27:53 +01:00
lawrence3699
2fd7f7ca52 fix(exec): hide windows console windows 2026-04-03 02:19:32 +09:00
Vincent Koc
37099dae3e fix(ci): restore matrix monitor import guards and windows npm exit codes 2026-03-31 22:04:35 +09:00
Vincent Koc
11590eb6ce fix(ci): restore dotenv trust boundary and windows npm exit handling 2026-03-31 21:51:17 +09:00
Vincent Koc
25a3d37970 fix(ci): restore matrix guardrails and windows exec shim 2026-03-31 21:27:43 +09:00
George Zhang
e133924047 [codex] harden clawhub plugin publishing and install (#56870) 
* fix: harden clawhub plugin publishing and install

* fix(process): preserve windows shim exit success
 2026-03-29 11:59:19 -07:00
Ayaan Zaidi
cfba0ab68f fix(process): wait for windows close state settlement 2026-03-28 16:55:15 +05:30
Ayaan Zaidi
c3c1f9df54 fix(process): wait for windows exit code settlement 2026-03-28 16:37:29 +05:30
Ayaan Zaidi
e0ba57e9c7 fix: preserve windows child exit codes 2026-03-28 14:55:20 +05:30
Tak Hoffman
262e5c57c8 fix(ci): stabilize module-bound exact regressions (#56085) 
* Adjust compaction identifier test for summary args

* Harden exec completion after child exit

* Handle SDK compaction and skill shape drift

* Stabilize Synology Chat module-bound tests

* Restore skill source compatibility shims

* Restore self-hosted provider discovery mocks
 2026-03-27 19:44:15 -05:00
Peter Steinberger
4e531d382b fix(ci): restore cli runtime mocks and timeout exits 2026-03-22 23:43:58 +00:00
Peter Steinberger
344b2286aa refactor: share windows command shim resolution 2026-03-10 22:18:04 +00:00
Vincent Koc
b48291e01e Exec: mark child command env with OPENCLAW_CLI (#41411) 2026-03-09 19:14:08 -04:00
0xlin2023
d000316d19 fix: Windows: openclaw plugins install fails with spawn EINVAL 
Fixes #7631
 2026-03-06 22:19:16 +05:30
Peter Steinberger
234e07fcc0 refactor(process): extract command env resolution helper 2026-03-02 14:02:47 +00:00
icesword0760
6e008e93be Process: fix Windows .cmd spawn EINVAL (openclaw#29759) thanks @icesword0760 
Verified:
- pnpm vitest run src/process/exec.test.ts src/process/exec.windows.test.ts

Co-authored-by: icesword0760 <123886211+icesword0760@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-02 07:49:54 -06:00
Peter Steinberger
a1a8ec6870 fix(windows): land #31147 plugin install spawn EINVAL (@codertony) 
Landed from contributor PR #31147 by @codertony.

Co-authored-by: codertony <codertony@users.noreply.github.com>
 2026-03-02 02:23:53 +00:00
joshavant
e8637c79b3 fix(secrets): harden sops migration sops rule matching 2026-02-26 14:47:22 +00:00
Sebastian
726ad45c75 Revert "fix: add windowsHide: true to spawn in runCommandWithTimeout" 
This reverts commit 32c66aff49.
 2026-02-16 20:27:32 -05:00
Guy
32c66aff49 fix: add windowsHide: true to spawn in runCommandWithTimeout 
Fixes flashing conhost.exe windows on Windows when exec module spawns
child processes. The windowsHide: true option prevents orphaned conhost.exe
processes and eliminates disruptive terminal window flashing.

Closes #18613
 2026-02-16 23:49:47 +01:00
Onur
cd44a0d01e fix: codex and similar processes keep dying on pty, solved by refactoring process spawning (#14257) 
* exec: clean up PTY resources on timeout and exit

* cli: harden resume cleanup and watchdog stalled runs

* cli: productionize PTY and resume reliability paths

* docs: add PTY process supervision architecture plan

* docs: rewrite PTY supervision plan as pre-rewrite baseline

* docs: switch PTY supervision plan to one-go execution

* docs: add one-line root cause to PTY supervision plan

* docs: add OS contracts and test matrix to PTY supervision plan

* docs: define process-supervisor package placement and scope

* docs: tie supervisor plan to existing CI lanes

* docs: place PTY supervisor plan under src/process

* refactor(process): route exec and cli runs through supervisor

* docs(process): refresh PTY supervision plan

* wip

* fix(process): harden supervisor timeout and PTY termination

* fix(process): harden supervisor adapters env and wait handling

* ci: avoid failing formal conformance on comment permissions

* test(ui): fix cron request mock argument typing

* fix(ui): remove leftover conflict marker

* fix: supervise PTY processes (#14257) (openclaw#14257) (thanks @onutc)
 2026-02-16 02:32:05 +01:00
Peter Steinberger
a7eb0dd9a5 fix(security): harden Windows child process spawning 2026-02-15 03:24:55 +01:00
Shadow
be18f5f0f0 Process: fix Windows exec env overrides 2026-02-13 12:06:47 -06:00
Burak Sormageç
23b1b51568 fix(windows): normalize env entries for spawn 2026-02-13 17:48:04 +01:00
Burak Sormageç
e97aa45428 fix(windows): handle undefined environment variables in runCommandWithTimeout 2026-02-13 17:48:04 +01:00
Burak Sormageç
d7fb01afad fix(windows): resolve command execution and binary detection issues 2026-02-13 17:48:04 +01:00
Jhin
dc8a63cb8b fix: skip extension append if command already has one 
Addresses review feedback - now checks path.extname() before
appending .cmd to avoid producing invalid paths like npm.cmd.cmd
 2026-01-31 20:39:33 -06:00
Jhin
5c8880ed3f fix(process): resolve npm/pnpm spawn ENOENT on Windows 
On Windows, non-.exe commands like npm, pnpm, yarn, npx require
their .cmd extension when using spawn(). This adds a resolveCommand()
helper that automatically appends .cmd on Windows for these commands.

Fixes #5773
 2026-01-31 20:39:33 -06:00
cpojer
f06dd8df06 chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
cpojer
5ceff756e1 chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
Peter Steinberger
c6cdbb630c fix: harden exec spawn fallback 2026-01-25 06:37:39 +00:00
Peter Steinberger
6ea4cb0012 fix: suppress npm fund prompts 2026-01-21 03:47:50 +00:00
Peter Steinberger
c379191f80 chore: migrate to oxlint and oxfmt 
Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com>
 2026-01-14 15:02:19 +00:00