NVIDIAN
797d574dfd
fix(deepseek): expose V4 max thinking levels ( #73008 )
...
Merged via squash.
Prepared head SHA: ef561a59de183861985+ai-hpc@users.noreply.github.com >
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com >
Reviewed-by: @hxy91819
2026-04-30 23:34:05 +08:00
Peter Steinberger
0f120c09ba
fix(agents): bound subagent orphan recovery
2026-04-30 14:43:18 +01:00
Vincent Koc
ad7fa6c387
docs(tools): note explicit alsoAllow needed under restrictive profiles ( 4aa08e9d79)
2026-04-30 05:38:28 -07:00
Otto Deng
8ca1f6d590
fix(skills): scan grouped skill directories
...
* fix(skills): scan nested subdirectories for grouped skill layouts
Previously, skill discovery only checked immediate children of the
skills root for SKILL.md files. Skills organized in subdirectories
(e.g. ~/.openclaw/skills/coze/koze-retrieval/SKILL.md) were silently
ignored.
Now, when an immediate child directory does not contain a SKILL.md,
its own children are checked one level deeper. This supports grouped
skill layouts while keeping the scan depth bounded (max 2 levels) to
avoid unbounded filesystem traversal.
The existing per-source skill count limits and containment checks
still apply to nested discoveries.
Fixes #56915
* test(skills): cover nested grouped skill discovery
* fix(skills): cache contained-path checks and cap nested scans
- Reuse skillDirRealPath captured during the collection phase so the load
loop no longer re-runs resolveContainedSkillPath on the same directory.
- Apply the per-root candidate cap (and the matching warning log) when
descending into nested grouped skill directories, matching the outer
scan's behavior.
Addresses Greptile P2 feedback on PR #72534 .
* fix(skills): load grouped skill directories under skills roots
* fix(clownfish): address review for ghcrawl-156697-autonomous-smoke (1)
---------
Co-authored-by: Otto Deng <otto@ottodeng.com >
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com >
Co-authored-by: Otto Deng <ottodeng2@github.local >
2026-04-29 23:56:19 -07:00
Peter Steinberger
30a2b3049a
feat: default active steering to batched delivery
2026-04-30 01:22:43 +01:00
Peter Steinberger
4a6e10ece8
feat: default queueing to steer
2026-04-29 22:48:10 +01:00
Jeff
9b6670d5c9
fix(ssrf): allow IPv6 fake-ip SSRF opt-in
...
Allow trusted fake-IP proxy stacks to opt into IPv6 unique-local SSRF resolution without opening broader private-network access.
2026-04-29 20:31:17 +01:00
Peter Steinberger
8a06db084d
fix(models): hide unauthenticated catalog entries
2026-04-29 18:05:34 +01:00
Vyctor Huggo Przozwski da Silva
df0074768c
fix(exec): reject invalid host targets ( #74468 )
...
* fix(exec): reject invalid host targets
* docs(changelog): credit exec host validation contributor
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-04-29 17:25:45 +01:00
Peter Steinberger
e6cd90e3fd
fix(agents): keep OAuth auth read-through
2026-04-29 11:54:28 +01:00
Peter Steinberger
93d5cd1015
fix: honor configured xhigh thinking compat ( #74273 )
...
* fix: honor configured xhigh thinking compat
* test: update agent command model selection mock
2026-04-29 11:35:03 +01:00
Peter Steinberger
548c280eff
fix(discord): keep exec approval fallbacks reachable
2026-04-29 06:29:44 +01:00
Peter Steinberger
2b0b614417
docs(plugins): clarify clawhub npm migration
2026-04-29 06:09:34 +01:00
Peter Steinberger
5a9c0efa54
fix(tasks): clean orphaned parent-owned acp sessions
2026-04-29 04:35:06 +01:00
nighty
6e31de5847
docs: fix custom skill naming example
...
Fix the custom skill docs example so the folder and SKILL.md frontmatter use the same hyphen-case name.
2026-04-28 20:15:36 -07:00
pashpashpash
4aa8da3756
Route sensitive group commands to the owner privately ( #73872 )
...
* fix(commands): route sensitive group approvals privately
* fix(commands): require owner private routes
* test(commands): cover owner-derived Telegram diagnostics routing
2026-04-29 09:27:18 +09:00
pashpashpash
43fa40a35d
fix(telegram): use owners for exec approvals ( #73852 )
2026-04-29 08:34:46 +09:00
Patrick Erichsen
a235a487d0
docs: add clawhub rescan recovery guidance ( #73414 )
...
* docs: add clawhub rescan recovery guidance
* docs: clarify clawhub rescan wording
2026-04-28 16:34:00 -07:00
pashpashpash
6ce1058296
Wire diagnostics through the core chat command ( #72936 )
...
* feat: wire codex diagnostics feedback
* fix: harden codex diagnostics hints
* fix: neutralize codex diagnostics output
* fix: tighten codex diagnostics safeguards
* fix: bound codex diagnostics feedback output
* fix: tighten codex diagnostics throttling
* fix: confirm codex diagnostics uploads
* docs: clarify codex diagnostics add-on
* fix: route diagnostics through core command
* fix: tighten diagnostics authorization
* fix: pin diagnostics to bundled codex command
* fix: limit owner status in plugin commands
* fix: scope diagnostics confirmations
* fix: scope codex diagnostics cooldowns
* fix: harden codex diagnostics ownership scopes
* fix: harden diagnostics command trust and display
* fix: keep diagnostics command trust internal
* fix: clarify diagnostics exec boundary
* fix: consume codex diagnostics confirmations atomically
* test: include codex diagnostics binding metadata
* test: use string codex binding timestamps
* fix: keep reserved command trust host-only
* fix: harden diagnostics trust and resume hints
* wire diagnostics through exec approval
* fix: keep diagnostics tests aligned with bundled root trust
* fix telegram diagnostics owner auth
* route trajectory exports through exec approval
* fix trajectory exec command encoding
* fix telegram group owner auth
* fix export trajectory approval hardening
* fix pairing command owner bootstrap
* fix telegram owner exec approvals
* fix: make diagnostics approval flow pasteable
* fix: route native sensitive command followups
* fix: invoke diagnostics exports with current cli
* fix: refresh exec approval protocol models
* fix: list codex diagnostics from thread bindings
* fix: fold codex diagnostics into exec approval
* fix: preserve diagnostics approval line breaks
* docs: clarify diagnostics codex workflow
2026-04-29 07:40:37 +09:00
Peter Steinberger
5dfc14d49b
fix(tasks): close stale terminal acp sessions
2026-04-28 21:03:55 +01:00
Peter Steinberger
0dcab4e347
fix(agents): harden bootstrap and ACP session routing
2026-04-28 20:47:34 +01:00
Gabriel Kripalani
17ef9ef895
feat(openrouter): add video generation provider ( #72700 )
...
Adds OpenRouter video generation via video_generate, with hardened async polling/download handling, docs, and regression coverage.
Validation:
- pnpm test src/plugins/plugin-lookup-table.test.ts src/secrets/target-registry.fast-path.test.ts src/gateway/server-startup-post-attach.test.ts extensions/openrouter/video-generation-provider.test.ts src/video-generation/live-test-helpers.test.ts src/media-generation/provider-capabilities.contract.test.ts src/agents/pi-embedded-helpers/failover-matches.test.ts src/plugins/manifest-metadata-scan.test.ts src/agents/openai-transport-stream.test.ts src/media-understanding/openai-compatible-audio.test.ts src/agents/schema-normalization-runtime-contract.test.ts src/agents/provider-request-config.test.ts src/plugin-sdk/provider-stream.test.ts src/agents/pi-embedded-runner/run/attempt.spawn-workspace.websocket.test.ts -- --reporter=verbose
- OPENCLAW_LIVE_TEST=1 OPENCLAW_LIVE_TEST_QUIET=0 OPENCLAW_LIVE_VIDEO_GENERATION_MODELS=openrouter/google/veo-3.1-fast pnpm test:live src/video-generation/video-generation.live.test.ts -- --runInBand
Co-authored-by: notamicrodose <gabrielkripalani@me.com >
2026-04-28 10:57:31 +01:00
Peter Steinberger
169dba2042
fix(skills): require opt-in for coding-agent
2026-04-28 09:24:24 +01:00
Peter Steinberger
78a12706ec
fix(docs): make docs formatter mintlify-safe
2026-04-28 08:13:21 +01:00
Peter Steinberger
424560c6c2
docs: normalize mintlify component closings
2026-04-28 07:54:15 +01:00
Peter Steinberger
ad57a6d616
docs: replace reactions cache bust with prose
2026-04-28 07:37:14 +01:00
Peter Steinberger
e388f289bf
docs: refresh reactions source cache key
2026-04-28 07:36:13 +01:00
Peter Steinberger
738f5f7508
fix: prevent channel login exec wedges
2026-04-28 05:16:43 +01:00
Peter Steinberger
ab95812d65
fix: record model fallback steps in trajectories
2026-04-28 05:08:34 +01:00
Peter Steinberger
093dba3806
fix(acpx): bundle Codex ACP adapter
2026-04-28 04:39:41 +01:00
Peter Steinberger
0294aebe6f
feat(providers): add DeepInfra provider plugin ( #73038 )
...
* feat(providers): add DeepInfra provider plugin
* feat(deepinfra): add media provider surfaces
* fix(deepinfra): satisfy provider boundary checks
* docs: add gitcrawl maintainer skill
* test: include deepinfra in live media sweeps
* fix: remove stale tts contract import
2026-04-28 01:12:54 +01:00
Peter Steinberger
32d76e2429
fix(memory): bound lancedb recall embedding queries
2026-04-28 00:58:30 +01:00
Peter Steinberger
2fbbc6e2fa
docs: clarify plugin disable doctor behavior
2026-04-28 00:07:02 +01:00
Olamiposi
c51e315f3a
docs: clarify messaging vs full tool profiles ( #39954 )
...
* docs: clarify messaging vs full tool profiles
* docs: normalize tools.profile references
* docs: clarify messaging and full tool profiles
---------
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com >
2026-04-27 15:44:17 -07:00
Peter Steinberger
d519dc6976
docs(channels): add channel docking concept
2026-04-27 22:37:58 +01:00
Peter Steinberger
582debbec8
docs(channels): explain dock commands
2026-04-27 22:32:44 +01:00
Peter Steinberger
1eea534ddb
fix(channels): handle generated dock commands
2026-04-27 21:59:15 +01:00
Peter Steinberger
a2b84e98e9
fix: clean up trajectory sidecars
2026-04-27 20:58:28 +01:00
Peter Steinberger
2f488b7e7a
docs: clarify ClawHub plugin discovery
2026-04-27 20:26:49 +01:00
kakahu
d70808433d
Add structured Matrix approval metadata ( #72432 )
...
Merged via squash.
Prepared head SHA: 0e06533dff17962485+kakahu2015@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-04-27 14:52:02 -04:00
Val Alexander
f7797ca62b
chore: remove coven extension
2026-04-27 13:22:32 -05:00
Val Alexander
fc8ccde542
feat(acp): add opt-in Coven runtime bridge
...
Add the opt-in Coven ACP runtime bridge as a bundled extension while keeping ACPX as the default path.
Security hardening included before merge:
- fail closed by default instead of silently falling back;
- bounded health/socket requests and daemon response sizes;
- fixed Coven socket trust anchor and symlink/path validation;
- reject untrusted harness/session/event ids before exposing them;
- sanitize daemon-controlled terminal/status/error strings;
- use incremental event polling with bounded dedupe state;
- clean up launched Coven sessions before fallback when daemon ids are invalid.
Validation:
- pnpm test extensions/coven/src/config.test.ts extensions/coven/src/client.test.ts extensions/coven/src/runtime.test.ts
- pnpm check:changed
- GitHub CI green on a64eac20b9
2026-04-27 12:22:29 -05:00
Vincent Koc
efc3a52947
fix(sessions_spawn): tolerate ACP-only fields for subagent runtime
...
Preserve contributor credit and land the narrowed sessions_spawn ACP-field handling with follow-up transcript redaction and ACP resume ownership hardening. Targeted Blacksmith validation passed for the touched sessions/ACP tests.
2026-04-27 09:42:24 -07:00
Peter Steinberger
d69eeeb2a8
fix: skip test-only plugin install scan findings
2026-04-27 15:00:55 +01:00
Peter Steinberger
1f7b7c249a
fix(google-meet): grant browser media permissions
2026-04-27 14:54:07 +01:00
Peter Steinberger
2e99c1d227
fix(subagents): enforce explicit spawn allowlists
2026-04-27 14:53:17 +01:00
Peter Steinberger
e035300d8e
fix(acp): allow manual spawn with dispatch paused
2026-04-27 14:40:12 +01:00
Peter Steinberger
c00ef238be
docs(tools): clarify sessions_spawn profile gating
2026-04-27 14:31:54 +01:00
Peter Steinberger
f6bda8d36b
refactor(providers): share Claude thinking profiles
2026-04-27 14:23:12 +01:00
Peter Steinberger
67a447c175
refactor: tighten plugin runtime sdk boundaries
2026-04-27 14:15:53 +01:00
