Peter Steinberger
bce643a0bd
refactor(security): enforce account-scoped pairing APIs
2026-02-26 21:57:52 +01:00
Peter Steinberger
d6eefe2e75
style: format auth boundary updates
2026-02-26 18:50:47 +01:00
Peter Steinberger
64de4b6d6a
fix: enforce explicit group auth boundaries across channels
2026-02-26 18:49:16 +01:00
Peter Steinberger
cd80c7e7ff
refactor: unify dm policy store reads and reason codes
2026-02-26 17:47:57 +01:00
damaozi
c6bb7b0c04
fix(whatsapp): groupAllowFrom sender filter bypassed when groupPolicy is allowlist ( #24670 )
...
(cherry picked from commit af06ebd9a6
2026-02-24 04:20:30 +00:00
Peter Steinberger
ebde897bb8
fix: add dmScope route guard regression tests ( #24949 ) (thanks @kevinWangSheng)
2026-02-24 03:55:29 +00:00
shenghui kevin
57783680ad
fix(whatsapp): guard updateLastRoute when dmScope isolates DM sessions
...
When session.dmScope is set to 'per-channel-peer', WhatsApp DMs correctly
resolve isolated session keys, but updateLastRouteInBackground unconditionally
wrote lastTo to the main session key. This caused reply routing corruption
and privacy violations.
Only update main session's lastRoute when the DM session actually IS
the main session (sessionKey === mainSessionKey).
Fixes #24912
2026-02-24 03:55:29 +00:00
Peter Steinberger
b5881d9ef4
fix: avoid WhatsApp silent turns with final-only delivery ( #24962 ) (thanks @SidQin-cyber)
2026-02-24 03:47:20 +00:00
SidQin-cyber
3d22af692c
fix(whatsapp): suppress reasoning/thinking content from WhatsApp delivery
...
The deliver callback in process-message.ts was forwarding all payload
kinds (tool, block, final) to WhatsApp. Block payloads contain the
model's reasoning/thinking content, which should only be visible in
the internal web UI. This caused chain-of-thought to leak to end users
as separate WhatsApp messages.
Add an early return for non-final payloads so only the actual response
is delivered to the WhatsApp channel, matching how Telegram already
filters by info.kind === "final".
Fixes #24954
Fixes #24605
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-02-24 03:47:20 +00:00
Peter Steinberger
d116bcfb14
refactor(runtime): consolidate followup, gateway, and provider dedupe paths
2026-02-22 14:08:51 +00:00
Peter Steinberger
0bd9f0d4ac
fix: enforce strict allowlist across pairing stores ( #23017 )
2026-02-22 00:00:23 +01:00
Peter Steinberger
b8b43175c5
style: align formatting with oxfmt 0.33
2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c
style: run oxfmt and fix gate failures
2026-02-18 01:29:02 +00:00
cpojer
d0cb8c19b2
chore: wtf.
2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2
chore(format)
2026-02-16 23:20:16 -05:00
cpojer
90ef2d6bdf
chore: Update formatting.
2026-02-17 09:18:40 +09:00
Peter Steinberger
93ca0ed54f
refactor(channels): dedupe transport and gateway test scaffolds
2026-02-16 14:59:31 +00:00
Vignesh Natarajan
6957354d48
fix (telegram/whatsapp): use account-scoped pairing allowlists
2026-02-15 19:10:06 -08:00
Peter Steinberger
74294a4653
perf(test): consolidate web auto-reply suites
2026-02-15 23:14:42 +00:00
Mr. Guy
e927fd1e35
fix: allow agent workspace directories in media local roots ( #17136 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7545ef1e19255743668+MisterGuy420@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-02-15 10:53:45 -05:00
Peter Steinberger
10e6d926bc
refactor(web): dedupe group gating history capture
2026-02-15 05:36:39 +00:00
Peter Steinberger
9eb749b0a6
test(web): stabilize processMessage inbound contract cleanup
2026-02-15 00:26:41 +00:00
Peter Steinberger
a6fda4ae8e
test(web): stabilize processMessage inbound contract cleanup
2026-02-15 00:26:41 +00:00
Peter Steinberger
a2b6a064f7
test: fix processMessage contract test lint
2026-02-14 23:16:37 +00:00
Peter Steinberger
fb1d8f8361
perf(test): consolidate web auto-reply suites
2026-02-14 23:16:37 +00:00
Peter Steinberger
53273b490b
fix(auto-reply): prevent sender spoofing in group prompts
2026-02-10 00:44:38 -06:00
juanpablodlc
8d96955e19
fix(routing): make bindings dynamic by calling loadConfig() per-message ( #11372 )
2026-02-09 00:34:55 -06:00
max
223eee0a20
refactor: unify peer kind to ChatType, rename dm to direct ( #11881 )
...
* fix: use .js extension for ESM imports of RoutePeerKind
The imports incorrectly used .ts extension which doesn't resolve
with moduleResolution: NodeNext. Changed to .js and added 'type'
import modifier.
* fix tsconfig
* refactor: unify peer kind to ChatType, rename dm to direct
- Replace RoutePeerKind with ChatType throughout codebase
- Change 'dm' literal values to 'direct' in routing/session keys
- Keep backward compat: normalizeChatType accepts 'dm' -> 'direct'
- Add ChatType export to plugin-sdk, deprecate RoutePeerKind
- Update session key parsing to accept both 'dm' and 'direct' markers
- Update all channel monitors and extensions to use ChatType
BREAKING CHANGE: Session keys now use 'direct' instead of 'dm'.
Existing 'dm' keys still work via backward compat layer.
* fix tests
* test: update session key expectations for dmdirect migration
- Fix test expectations to expect :direct: in generated output
- Add explicit backward compat test for normalizeChatType('dm')
- Keep input test data with :dm: keys to verify backward compat
* fix: accept legacy 'dm' in session key parsing for backward compat
getDmHistoryLimitFromSessionKey now accepts both :dm: and :direct:
to ensure old session keys continue to work correctly.
* test: add explicit backward compat tests for dmdirect migration
- session-key.test.ts: verify both :dm: and :direct: keys are valid
- getDmHistoryLimitFromSessionKey: verify both formats work
* feat: backward compat for resetByType.dm config key
* test: skip unix-path Nix tests on Windows
2026-02-09 09:20:52 +09:00
mudrii
5d82c82313
feat: per-channel responsePrefix override ( #9001 )
...
* feat: per-channel responsePrefix override
Add responsePrefix field to all channel config types and Zod schemas,
enabling per-channel and per-account outbound response prefix overrides.
Resolution cascade (most specific wins):
L1: channels.<ch>.accounts.<id>.responsePrefix
L2: channels.<ch>.responsePrefix
L3: (reserved for channels.defaults)
L4: messages.responsePrefix (existing global)
Semantics:
- undefined -> inherit from parent level
- empty string -> explicitly no prefix (stops cascade)
- "auto" -> derive [identity.name] from routed agent
Changes:
- Core logic: resolveResponsePrefix() in identity.ts accepts
optional channel/accountId and walks the cascade
- resolveEffectiveMessagesConfig() passes channel context through
- Types: responsePrefix added to WhatsApp, Telegram, Discord, Slack,
Signal, iMessage, Google Chat, MS Teams, Feishu, BlueBubbles configs
- Zod schemas: responsePrefix added for config validation
- All channel handlers wired: telegram, discord, slack, signal,
imessage, line, heartbeat runner, route-reply, native commands
- 23 new tests covering backward compat, channel/account levels,
full cascade, auto keyword, empty string stops, unknown fallthrough
Fully backward compatible - no existing config is affected.
Fixes #8857
* fix: address CI lint + review feedback
- Replace Record<string, any> with proper typed helpers (no-explicit-any)
- Add curly braces to single-line if returns (eslint curly)
- Fix JSDoc: 'Per-channel' → 'channel/account' on shared config types
- Extract getChannelConfig() helper for type-safe dynamic key access
* fix: finish responsePrefix overrides (#9001 ) (thanks @mudrii)
* fix: normalize prefix wiring and types (#9001 ) (thanks @mudrii)
---------
Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com >
2026-02-04 16:16:34 -05:00
cpojer
935a0e5708
chore: Enable typescript/no-explicit-any rule.
2026-02-02 16:18:09 +09:00
cpojer
f06dd8df06
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
cpojer
5ceff756e1
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
cpojer
15792b153f
chore: Enable more lint rules, disable some that trigger a lot. Will clean up later.
2026-01-31 16:04:04 +09:00
Peter Steinberger
9a7160786a
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
Ayaan Zaidi
b6a3a91edf
fix: wire per-account dm scope guidance ( #3095 ) (thanks @jarvis-sam)
2026-01-28 11:42:33 +05:30
Peter Steinberger
6d16a658e5
refactor: rename clawdbot to moltbot with legacy compat
2026-01-27 12:21:02 +00:00
Peter Steinberger
458e731f8b
fix: newline chunking across channels
2026-01-25 04:11:36 +00:00
Peter Steinberger
1113f17d4c
refactor: share reply prefix context
2026-01-23 23:34:30 +00:00
Peter Steinberger
521ea4ae5b
refactor: unify pending history helpers
2026-01-23 23:33:32 +00:00
Peter Steinberger
892197c43e
refactor: reuse ack reaction helper for whatsapp
2026-01-23 22:24:31 +00:00
Peter Steinberger
b77e730657
fix: add per-channel markdown table conversion ( #1495 ) (thanks @odysseus0)
2026-01-23 18:39:25 +00:00
Peter Steinberger
690bb192e6
style: format code
2026-01-18 19:36:46 +00:00
Peter Steinberger
744d1329cb
feat: make inbound envelopes configurable
...
Co-authored-by: Shiva Prasad <shiv19@users.noreply.github.com >
2026-01-18 18:50:37 +00:00
Peter Steinberger
82e49af5a7
fix: resolve plugin tool meta typing
2026-01-18 04:24:16 +00:00
Peter Steinberger
0d9172d761
fix: persist session origin metadata
2026-01-18 03:41:51 +00:00
Peter Steinberger
34590d2144
feat: persist session origin metadata across connectors
2026-01-18 02:42:10 +00:00
Peter Steinberger
69ba2765de
refactor(security): harden CommandAuthorized plumbing
2026-01-17 10:19:34 +00:00
Peter Steinberger
b6ea5895b6
fix: gate image tool and deepgram audio payload
2026-01-17 09:34:40 +00:00
Peter Steinberger
13b931c006
refactor: prune legacy group prefixes
2026-01-17 08:47:25 +00:00
Peter Steinberger
56f3a2de25
fix(security): default-deny command execution
2026-01-17 08:28:09 +00:00
