ooiuuii
201eb9cd29
fix(gateway): iOS Talk treats SecretRef-backed API keys as missing ( #98210 )
...
* fix(gateway): resolve Talk SecretRefs for scoped native clients
* fix(gateway): constrain Talk secret materialization
* fix(gateway): redact Talk source provider secrets
* fix(gateway): satisfy Talk config lint
* docs(gateway): clarify Talk secret config payload
---------
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com >
2026-06-30 20:17:33 -05:00
Marvinthebored
b3b51b0c91
fix(anthropic): surface Discord pre-tool commentary
...
Route Anthropic pre-tool narration through the commentary progress lane, preserve shared channel progress defaults, and keep Discord/Telegram reasoning gates explicit.
Thanks @Marvinthebored!
2026-06-30 18:12:07 -07:00
Wynne668
ba3f68030b
fix(cron): clear agentTurn thinking override by blanking the field ( #96293 )
...
* fix(cron): clear agentTurn thinking override when patched with null
Cron agentTurn patches could clear model/fallbacks/toolsAllow overrides by
sending an explicit null, but thinking had no clear path: the patch schema and
normalizer dropped thinking:null before it reached the merge logic, and the
payload merge only handled string values. Blanking the Thinking/Effort field in
the Cron Control UI therefore silently preserved the old value.
Add thinking:null support across the patch schema, exported type, normalizer,
and payload merge (mirroring model). The Control UI now sends an explicit clear
for model/thinking when an edited job blanks a previously stored override, and
the CLI gains --clear-thinking for parity with --clear-model.
* docs(cron): document --clear-thinking beside sibling clear flags
2026-06-30 17:43:22 -07:00
ZOOWH
5a73361ed2
fix(plugins): apply output text transforms to toolcall_delta and toolcall_end events ( #97769 )
...
* fix(plugins): apply output text transforms to toolcall_delta and toolcall_end events
toolcall_delta and toolcall_end events bypassed the output replacement
pipeline, leaking masked tokens (e.g. PII placeholders) into tool call
arguments and external systems.
Closes #97761
* fix(plugins): transform nested tool call arguments in output replacements
Add recursive transformToolCallArgumentText to handle strings, arrays,
and nested objects in tool call arguments, not just the name field.
* fix(plugins): keep tool names unchanged and cover result path
- Remove toolCall.name transformation to prevent breaking tool routing
- Add arguments transform to stream.result()/done.message via
transformContentText for tool-call content blocks
* fix(plugins): narrow argument transform to toolCall content blocks only
Only transform arguments on content blocks with type=toolCall to avoid
touching non-tool-call blocks that happen to have an arguments field.
* test(plugins): assert stream.result() tool-call content block is transformed
* test(plugins): fix result-path fixture to actually contain toolCall block
The previous fixture used makeAssistantMessage('final') which produces
a plain text content block, not a toolCall block. The stream.result()
assertion was vacuously passing.
* style(plugins): fix type cast in result-path test assertion
* fix(agents): preserve tool argument transforms after repair
* refactor(agents): keep tool transform boundary narrow
---------
Co-authored-by: Peter Steinberger <steipete@golden-gate.local >
2026-06-30 17:15:01 -07:00
Agustin Rivera
b885c81479
fix(mcp): require owner for Claude permission replies ( #98256 )
...
* fix(mcp): require owner for Claude permission replies
* fix(mcp): prove owner-gated permission replies
2026-06-30 13:58:02 -07:00
Vincent Koc
66e676d29b
chore(release): close out 2026.6.11 on main
2026-06-30 11:31:08 -07:00
Jason (Json)
786abe78df
Streamline OpenClaw onboarding ( #98218 )
...
* feat: streamline onboarding setup flow
* fix: harden onboarding preflight installs
* test: isolate gateway preflight safety env
* fix: keep local gateway probes on loopback
* fix: honor onboarding node manager installs
* docs: align setup onboarding reference
* fix: harden bare gateway probe fallback
* fix: honor env gateway auth in bare TUI probe
* test: isolate wizard TUI hatch mocks
2026-06-30 11:22:26 -07:00
Kris Wu
444a093593
fix(agents): skip pre-prompt precheck when context engine owns compaction ( #95342 )
...
* fix(agents): skip pre-prompt precheck when context engine owns compaction
When a context engine advertises ownsCompaction=true (e.g. lossless-claw),
skip the pre-prompt preemptive overflow precheck entirely. The engine
already manages the context budget through assemble() and its own
compaction lifecycle — the built-in precheck is redundant and causes
false-positive overflow errors for CJK-heavy sessions due to its
conservative token estimation formula.
Safety is preserved: if the model's actual context limit is exceeded,
the model API returns an error that the outer overflow-compaction retry
loop handles normally.
* fix(agents): assert non-null context engine in precheck skip log
* test(context-engine): cover owning precheck contract
* fix(agents): preserve precheck after context assembly failure
---------
Co-authored-by: Josh Lehman <josh@martian.engineering >
2026-06-30 00:55:03 -07:00
Agustin Rivera
72f837a4a4
fix(codex): require admin for native controls ( #97952 )
...
* fix(codex): require admin for native controls
Gate Codex native session controls and bound turns on current owner or operator.admin authority. Preserve gateway scope precedence and read-only status behavior.
* fix(codex): align native authorization
* fix(codex): preserve silent bound handling
* fix(codex): narrow bound auth contract
* fix(docs): refresh generated docs map
2026-06-29 20:41:28 -07:00
Agustin Rivera
6ead092302
fix(acp): require owner for runtime controls ( #97953 )
2026-06-29 17:29:08 -07:00
Hannes Rudolph
606bcc8d14
[codex] docs: add release notes placeholder ( #97959 )
2026-06-29 18:25:15 -06:00
Agustin Rivera
e87b0df675
fix(codex): restrict computer-use installation ( #97955 )
2026-06-29 17:17:49 -07:00
Vincent Koc
18b2ff683f
docs(ci): update runner registration budget ( #97943 )
2026-06-29 16:27:32 -07:00
Jiaming Guo
456c48f368
fix(gateway): require admin scope for browser proxy invoke ( #85916 )
...
* fix(gateway): require admin scope for browser proxy invoke
* fix(gateway): document trusted node scopes
* fix(gateway): align browser scope test
* fix(gateway): satisfy node test lint
---------
Co-authored-by: Agustin Rivera <agustin@rivera-web.com >
2026-06-29 16:23:02 -07:00
Dallin Romney
5dae3d49e6
Update QA Lab Crabline integration ( #97941 )
...
* Update QA Lab Crabline integration
* Refresh docs map
2026-06-29 16:07:38 -07:00
Agustin Rivera
29f787f10e
fix(memory): require privileged dreaming config changes ( #97869 )
...
* fix(memory): gate dreaming config changes
* fix(memory): document dreaming privilege gate
Explain that persistent dreaming toggles require channel owner status or Gateway admin scope, while status and help remain read-only.
2026-06-29 13:03:22 -07:00
Glenn-Agent
7e428797ec
docs: add generated docs map ( #95954 )
...
* docs: add generated docs map
* docs: format docs map headings
* docs: separate docs map sections
* fix: satisfy docs map checks
2026-06-29 11:05:58 -07:00
Momo
db2488b6e3
fix(memory): record structured dreaming outcomes ( #97723 )
...
Summary:
- Merged fix(memory): record structured dreaming outcomes after ClawSweeper review.
Automerge notes:
- PR branch already contained follow-up commit before automerge: chore(plugin-sdk): update surface budgets
Validation:
- ClawSweeper review passed for head 9fa7d20a96 .
- Required merge gates passed before the squash merge.
Prepared head SHA: 9fa7d20a96
Review: https://github.com/openclaw/openclaw/pull/97723#issuecomment-4831902831
Co-authored-by: momothemage <niuzhengnan@163.com >
Approved-by: momothemage
2026-06-29 11:23:38 +00:00
wm0018
ff1e7e1305
docs(telegram): correct errorPolicy values and defaults
2026-06-29 01:20:44 -07:00
wm0018
293f0369d0
docs(feishu): remove nonexistent disabled dmPolicy option
2026-06-29 01:05:03 -07:00
Alex Knight
aeab5f8418
feat: improve model call telemetry
2026-06-29 15:21:53 +10:00
zhangqueping
15fc881281
fix(cli): clarify safe restart bounded-then-force behavior in help and docs
2026-06-28 19:18:13 -07:00
slammajamma28
68ad8dacc0
fix(docs): Fix formatting on permissions for Discord bot ( #97584 )
...
* Fix required formatting text permissions for Discord bot
* remove whitespace
2026-06-28 18:30:36 -07:00
Dallin Romney
4b8a0a8ecf
Migrate Tool Search gateway E2E into QA Lab flow ( #97478 )
...
* test: migrate tool search gateway to QA flow
* test: use built SDK in tool search QA fixture
* test: fix tool search QA fixture lint
* test: gate tool search QA flow to mock provider
* Share QA Lab fixture utilities
* Tighten QA fixture helper defaults
* test: gate tool search QA flow mode
2026-06-28 18:16:15 -07:00
Arnav Panicker
8e69811560
docs(cli): clarify strict json parsing ( #80981 )
2026-06-28 14:19:19 -07:00
Gio Della-Libera
9bb004359e
Add marketplace feed entries command ( #96158 )
...
Merged via squash.
Prepared head SHA: 1289a25156
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com >
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com >
Reviewed-by: @giodl73-repo
2026-06-28 14:11:29 -07:00
JC
78029e43d2
fix(doctor): warn and document QMD session recall gates ( #80947 )
...
* Warn on QMD session recall export mismatch
* Clarify session transcript recall gates
2026-06-28 13:55:27 -07:00
黄伟浩
f4201578e5
fix(matrix): warn on accumulated token storage roots ( #97353 )
2026-06-28 12:34:52 -07:00
Yung-Chen Tang
f3bcee8b2e
fix: clarify pinned plugin dry-run updates ( #97282 )
...
* fix: clarify pinned plugin dry-run updates
* fix(plugins): normalize pinned npm dry-run versions
2026-06-28 12:18:31 -07:00
Vincent Koc
b70d1aae57
ci(docker): publish releases to Docker Hub ( #97122 )
...
* ci(docker): publish releases to Docker Hub
* ci(docker): clarify beta image tags
2026-06-28 11:15:34 -07:00
Naseem Muhammad
9ff8510f52
fix path to Discord Developer Mode in setup guide ( #97336 )
2026-06-28 11:03:25 -07:00
Tirion Prole
928aa3ea7e
[codex] Update Claude CLI billing docs ( #96848 )
...
* Update Claude CLI billing docs
* Sync Claude live testing billing note
2026-06-28 11:03:17 -07:00
Ben.Li
a5379472f7
feat(onboard): show setup timeline note ( #97482 )
...
* feat(onboard): show setup timeline note
* test(agents): stabilize retained lock CI flakes
2026-06-28 10:47:11 -07:00
Gio Della-Libera
102a65477e
Add marketplace feed refresh command ( #96155 )
...
Merged via squash.
Prepared head SHA: 1614070e92
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com >
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com >
Reviewed-by: @giodl73-repo
2026-06-28 10:29:15 -07:00
mushuiyu886
891096926e
fix(opencode): restore Zen model catalog ( #92495 )
...
* fix(opencode): restore Zen model catalog
* fix(opencode): restore Zen transport routing
* fix(opencode): broaden Zen fallback catalog
* fix(opencode): correct Zen family routing
* fix(opencode): route Zen MiniMax through Anthropic
* fix(opencode): filter Zen live-only catalog rows
* fix(opencode): route MiniMax through Zen chat completions
* fix(opencode): omit unverified Zen model costs
* fix(opencode): align sampled Zen costs
* fix(opencode): keep Zen cost metadata required
* fix(opencode): keep Zen docs examples resolvable
* fix(opencode): move Zen catalog to provider discovery
* test(opencode): cover Zen discovery cache isolation
* fix(opencode): add Zen GLM-5.2 catalog coverage
* test(opencode): detect Zen catalog drift
Signed-off-by: sallyom <somalley@redhat.com >
---------
Signed-off-by: sallyom <somalley@redhat.com >
Co-authored-by: sallyom <somalley@redhat.com >
2026-06-28 12:32:44 -04:00
Gio Della-Libera
70e0fd4d8b
Add hosted catalog config profiles ( #95981 )
...
Merged via squash.
Prepared head SHA: ef4d81cd08
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com >
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com >
Reviewed-by: @giodl73-repo
2026-06-28 07:53:32 -07:00
Josh Lehman
b5e9179063
docs: deprecate legacy session file helpers ( #97494 )
...
* docs: deprecate legacy session file helpers
* docs: update sdk deprecation budgets
2026-06-28 07:33:34 -07:00
Bek
9c95abd49d
fix: seed Slack thread context after reset ( #97100 )
2026-06-28 02:36:53 -04:00
Josh Avant
07b934901a
fix: scanned PDF pages reach chat vision models ( #97354 )
...
* fix: forward scanned PDF page images to chat models
* fix: remove stale reply option cast
2026-06-27 23:01:08 -05:00
Dallin Romney
7bbd09047b
docs: simplify macOS app overview ( #97120 )
...
* docs: simplify macOS app docs
* docs: preserve macOS app detail links
* docs: address macOS review feedback
2026-06-27 16:04:30 -07:00
Shakker
461e551e85
test: clarify delegated Testbox proof status
2026-06-27 23:53:52 +01:00
Galin Iliev
dc575d148a
fix: page sessions_history beyond truncated tails ( #97101 )
...
* Add sessions history offset pagination
* Fix sessions_history pagination after tool caps
* Fix sessions_history PR CI blockers
* Update sessions_history prompt snapshots
* Fix offset history projection windows
---------
Co-authored-by: Galin Iliev <5711535+galiniliev@users.noreply.github.com >
2026-06-27 15:30:49 -07:00
Milosz Jankiewicz
84bcd500c9
feat(xai): route OAuth login through device-code flow ( #97249 )
...
Route xAI OAuth through device-code sign-in so remote and headless hosts do not need a localhost callback. Preserve the legacy manual `xai-device-code` auth choice/method as a compatibility alias to the same device-code flow.
Also migrate stale xAI token endpoints on refresh and fail fast on structured refresh errors while keeping retries scoped to detected HTML/Cloudflare challenge responses.
Verification:
- `node scripts/run-vitest.mjs extensions/xai/index.test.ts extensions/xai/xai-oauth.test.ts`
- `node scripts/run-vitest.mjs src/cli/models-cli.test.ts -t 'maps --device-code'`
- `node scripts/run-vitest.mjs src/commands/auth-choice.test.ts -t 'removed provider auth choice'`
- Crabbox local-container live smoke on exact head `fef3cb24afb01cd1f69cf04ef67ed11d71dfadb3`: xAI discovery and device authorization returned 200.
- `$autoreview` after the live smoke: clean.
Co-authored-by: Jaaneek <Jaaneek@users.noreply.github.com >
Co-authored-by: fuller-stack-dev <263060202+fuller-stack-dev@users.noreply.github.com >
2026-06-27 10:02:57 -06:00
Kevin Lin
c5d34c8376
feat(codex): add always plugin approval mode ( #97123 )
...
* feat(codex): add always plugin approval mode
* fix(codex): normalize plugin approval decisions
* fix(codex): fail closed on layered approval overrides
2026-06-27 01:19:00 -07:00
mushuiyu886
65fec9d787
fix(voice-call): emit canonical session keys ( #89884 )
...
* fix(voice-call): scope generated session keys by agent
* docs(voice-call): document session key canonicalization
* test(voice-call): prove legacy session migration
* fix(voice-call): preserve canonical session ownership
* fix(sessions): isolate opaque nested identities
* fix(voice-call): preserve routing ownership
* fix(voice-call): enforce inbound route direction
* fix(sessions): preserve migration and policy boundaries
* fix(sessions): normalize ambiguous main aliases
* fix(sessions): preserve canonical peer and warning paths
* fix(sessions): exclude mixed-case scoped legacy keys
* fix(sessions): cover first-run plugin migration gaps
* fix(sessions): compare aliased store identities
* fix(sessions): coalesce aliased store ownership
* fix(sessions): defer ambiguous aliased migrations
* fix(sessions): preserve shared migration boundaries
* fix(sessions): preserve opaque peer ownership
* fix(sessions): reject ambiguous ownership shapes
* fix(sessions): preserve transcript rewrite keys
* fix(sessions): close routing and migration ambiguities
* fix(sessions): preserve plugin-owned ACP aliases
* fix(sessions): retain physical store ownership
* fix(sessions): restore configured store owners
* fix(sessions): reject malformed store owners
* fix(sessions): validate ACP store ownership
* fix(sessions): include canonical store owners
* fix(sessions): preserve final store symlinks
* fix(sessions): retain shared row owners
* fix(sessions): close legacy policy gaps
* fix(sessions): preserve aliases across migrations
* fix(sessions): resolve first-run store ownership
* fix(sessions): preserve hostile legacy keys
* fix(sessions): inspect unlisted store owners
* test(doctor): refresh migration harness
* fix(sessions): preserve opaque route segments
* fix(sessions): retain metadata during migration
* fix(sessions): fail closed on store alias uncertainty
* fix(sessions): defer aliased store rewrites
* fix(sessions): retain legacy row owners
* test(sessions): harden migration proof
* fix(sessions): migrate opaque agent keys
* chore(plugin-sdk): refresh API baseline
* fix(voice-call): reuse public routing parser
* fix(sessions): retain readable alias warnings
* fix(sessions): reject opaque nested routes
* fix(sessions): share strict delivery parsing
* test(voice-call): preserve malformed Matrix case
* fix(sessions): reject legacy peer overlap
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-06-27 01:29:58 +01:00
Patrick Erichsen
808c227edb
feat: scaffold provider plugins from init ( #94352 )
...
* feat: scaffold provider plugins from init
* fix: satisfy plugin init scaffold CI guards
* fix: preserve plugin init id argument
2026-06-26 16:43:51 -07:00
Vincent Koc
a82902c725
ci: right-size runner registration caps ( #97119 )
2026-06-27 07:01:26 +08:00
Vincent Koc
689baa5c1e
feat(i18n): add Hindi and Russian docs and Control UI locales
2026-06-26 15:01:15 -07:00
Bek
9636bea901
perf(memory): add QMD search diagnostics and runtime cache ( #96655 )
2026-06-26 16:16:12 -04:00
NIO
527f8f0cbb
fix(image-gen): bound image generation provider JSON response reads ( #96495 )
...
* fix(image-gen): bound image generation provider JSON response reads
Route success JSON reads through readProviderJsonResponse (16 MiB cap)
in openrouter, google, fal, minimax, openai, and vydra image generation
providers to prevent OOM from oversized or hostile endpoint responses.
Mirrors the response-limit campaign already applied to other provider paths.
AI-assisted.
Co-authored-by: Cursor <cursoragent@cursor.com >
* fix(image-gen): size bounded JSON caps for inline image payloads
Signed-off-by: sallyom <somalley@redhat.com >
---------
Signed-off-by: sallyom <somalley@redhat.com >
Co-authored-by: Cursor <cursoragent@cursor.com >
Co-authored-by: sallyom <somalley@redhat.com >
2026-06-26 07:08:30 -04:00