* fix(agents): keep steering metadata truncation UTF-16 safe
Replace raw string slicing with truncateUtf16Safe in promptLiteral so
emoji and CJK surrogate pairs in steering queue metadata are not split
mid-pair at the 500-char MAX_METADATA_CHARS cap.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* test(agents): add emoji surrogate boundary regression for steering metadata
Drive buildMergedAgentSteeringPrompt with a task label placing an emoji
at the 500-char MAX_METADATA_CHARS boundary to prove truncateUtf16Safe
preserves the surrogate pair instead of splitting it.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* test(agents): assert steering truncation output
* test(agents): remove useless string concat in emoji boundary test
---------
Co-authored-by: Alix-007 <li.long15@xydigit.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
* fix: keep emoji intact at remaining text truncation boundaries
Replace .slice(0, N) with truncateUtf16Safe() in five remaining
user-visible text truncation sites that were missed by earlier
UTF-16 safety sweeps:
- restart.ts: restart reason text (2 sites)
- chat-composer.ts: reply target text preview
- chat-thread.ts: thread text preview + message text extraction
All sites truncate user-generated content where emoji or other
supplementary-plane characters could produce lone surrogates.
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: complete UTF-16-safe restart and chat boundaries
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Adds GitHub Enterprise data-residency support to the existing bundled GitHub Copilot provider.
Maintainer proof:
- GitHub CI green on head 54010a6538
- `check-lint`, `check-additional-extension-bundled`, and `check-shrinkwrap` passed in CI
- local `pnpm lint:extensions:bundled`, `pnpm lint`, and focused GitHub Copilot Vitest passed
- AWS Crabbox proof passed
- live microsoft.ghe.com device-flow/token-exchange/model-catalog proof passed
Co-authored-by: Tobias Oort <tobias.oort@ict.nl>
Co-authored-by: Gio Della-Libera <235387111+giodl73-repo@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Summary:
- audit Doctor lint default selection after the full lint-family backfill
- make legacy state, skills readiness, session transcripts, and session snapshots explicit-only for default lint
- document default lint vs --all/--only and keep plugin/SDK public contracts unchanged
Validation:
- Galin review: no blocking findings
- maintainer accepted the default-lint compatibility tradeoff in PR comment
- exact-head hosted gates passed for d5d88a0db1: CI#28976811444 and Workflow Sanity#28976811343
- local broad pnpm check was blocked by a shrinkwrap guard failure that reproduces on origin/main and is unrelated to this five-file Doctor diff
Co-authored-by: Gio Della-Libera <235387111+giodl73-repo@users.noreply.github.com>
* fix(xurl): use install kind "node" instead of invalid "npm" [AI]
The xurl skill's second installer declares kind "npm", which is not a
valid install kind. The installer switches on spec.kind with cases for
brew/node/go/uv/download and a default of "unsupported installer", so the
entry is dropped -- `openclaw skills info xurl` only offers the brew
option, leaving no install path on machines without Homebrew.
npm-backed installs use kind "node" (which honors
skills.install.nodeManager, default npm). Only kind is changed;
id/package/bins are left as-is.
Verified against openclaw 2026.6.11 in a container:
before (kind: npm): Install options: → Install xurl (brew)
after (kind: node): Install options: → Install @xdevplatform/xurl (npm)
* fix(github): drop non-functional "apt" install entry [AI]
The github skill's second installer declares kind "apt", which is not a
supported install kind (installer switch handles brew/node/go/uv/download
+ default "unsupported installer"). openclaw silently drops it -- `skills
info github` only ever surfaces the brew option -- so the entry is dead,
misleading metadata rather than a working Linux path.
The remaining brew installer is cross-platform (Homebrew runs on Linux),
so removing the dead entry loses no working path. Improving install paths
for Linux users without Homebrew is tracked separately in #57555
(needs-product-decision).
* fix: harden web fetch html conversion
* fix: consume malformed html tag tails
* fix: consume invalid html tag spans
* fix: preserve html scanner edge cases
* fix: preserve title-only html fallback
* fix: harden html scanner malformed tokens
* fix: close html scanner review gaps
* fix: keep malformed html raw text hidden
* fix: keep html scanner comment content hidden
* fix: skip unsupported html attribute values
* fix: skip raw text from opener end
* fix: drop malformed html tag tails
* fix: preserve trailing slash href links
* fix: close html scanner review gaps
* fix: preserve literal less-than text
* fix: bound html render context nesting
* fix: drop bogus html closing tags
* fix: handle abrupt html comments
* fix: remove dead html scanner branches
* fix: close quoted self-closing html tags
* fix: track anchor text incrementally
* fix: ignore quoted raw text markers
* fix: close title contexts through literal markup
* fix: close anchors through nested contexts
* fix: close nested HTML contexts consistently
* feat(secrets): resolve SecretRef model credentials at egress via process-local sentinels
SecretRef-managed model-provider credentials now travel as opaque
oc-sent-v1 sentinels through auth storage, stream options, and SDK
config; the guarded model fetch injects real values into headers and
URLs immediately before the SSRF-guarded send and fails closed on
unknown sentinels. packages/ai adapters converge on the host guarded
fetch where the SDK supports custom fetch and unwrap at construction
where it does not. Resolved values (and their percent-encoded forms)
register for exact-value log redaction. Kill switch:
OPENCLAW_SECRET_SENTINELS=off. Also fixes a pre-existing unhandled
rejection race in capNonOkResponseBodyLazily (pipeThrough writer leak).
* test(plugin-sdk): update public surface budget
The wrapper probes `crabbox --version` and `crabbox run --help` once each with a
snappy 5s timeout to enumerate providers before delegating. A cold Crabbox — the
first call right after a version bump, or one on a loaded machine — can exceed
that timeout while rendering `run --help` (52KB, emitted on stderr in 0.36) or
doing first-run init, and can emit nothing on that first call. When that happens
both guards fire and hard-exit the wrapper ("selected binary failed basic
--version/--help sanity checks" or "could not parse provider list from --help;
refusing to run"), which blocks ALL remote validation (`pnpm check:changed`,
remote `pnpm test` lanes) even though the binary is fine.
Retry each metadata probe once with a generous 20s timeout when the first attempt
is killed or returns empty. The warm path is unchanged (one ~instant probe); only
a slow/empty first probe pays for the retry, after which the sanity/provider-list
guards judge the recovered result. Add a regression test: a fake Crabbox whose
`run --help` is slower than the default probe timeout (and, like 0.36, writes help
to stderr) is now recovered by the retry instead of hard-failing.
* fix(state): close cached SQLite state and agent databases on process exit
* refactor(state): pair SQLite exit-close with cache lifecycle and rebind stale proxy-capture stores
* fix(cli): register debug-proxy finalize before the state DB exit hook
* refactor(state): narrow to agent-db and proxy-capture exit lifecycle after #100691 landed shared-state close
---------
Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>