Commit Graph

37493 Commits

Author SHA1 Message Date
Peter Steinberger
1b3af45657 fix(gateway): admit reconnect delivery drains (#104143) 2026-07-10 22:33:33 -07:00
Peter Steinberger
81a201df26 feat: add portable table presentation blocks (#103583)
* feat(presentation): add portable table blocks

* chore(presentation): refresh generated contracts

* fix(slack): preserve table fallback payloads

* docs(changelog): note portable message tables

* fix(presentation): preserve cross-channel fallback delivery

* chore(plugin-sdk): refresh rebased contracts

* test(slack): align accessibility expectations

* fix(presentation): harden cross-channel fallback delivery

* chore(plugin-sdk): refresh rebased contracts

* docs(changelog): defer portable table release note

* fix(presentation): satisfy extension lint

* chore(plugin-sdk): refresh surface budgets

* fix(telegram): preserve reactions after progress replies

* fix(slack): preserve rendered preview fallback text

* fix(feishu): preserve oversized presentation fallbacks

* docs(changelog): note portable message tables

* docs(changelog): defer portable table release note

* chore(plugin-sdk): refresh rebased contracts

---------

Co-authored-by: Peter Steinberger <steipete@openai.com>
2026-07-10 22:29:13 -07:00
Peter Steinberger
fc44e18e5e fix(cron): publish removals after durable commit (#104130)
* fix(cron): publish removals after durable commit

* test(cron): cover skipped removal persistence
2026-07-10 22:28:38 -07:00
Ayaan Zaidi
79bfa3771c refactor(gateway): centralize agent wait lifecycle (#104147)
* refactor(gateway): centralize agent wait lifecycle
* fix(gateway): preserve agent wait freshness

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-07-11 10:56:40 +05:30
Peter Steinberger
58b0ec9e50 feat(gateway): auto-approve node pairing via SSH device-key verification (#104180) 2026-07-10 22:23:10 -07:00
Peter Steinberger
465646a68e feat(gateway): summarize startup outcomes (#104183) 2026-07-10 22:20:59 -07:00
Josh Avant
487ab99dc2 fix(sessions): preserve active work during maintenance (#104137) 2026-07-11 00:16:37 -05:00
Peter Steinberger
36e0ac3576 fix(logs): clean up gateway and channel startup/shutdown log output (#104174)
* fix(logs): clean up gateway and channel startup/shutdown log output

Scope Discord slash-command deploy REST diagnostics to command routes so
concurrent startup traffic (voice-state probes, channel lookups) keeps its
owner's error handling; make per-request deploy error lines verbose-only and
drop JSON bodies that only repeat message+code. Log allowlist summaries one
line per call so unresolved lines keep their timestamp/subsystem prefix, and
skip identity lookups that resolved to themselves. Remove embedded subsystem
prefixes, demote routine signal/shutdown/force/postbuild/diag chatter to
debug or verbose, merge the duplicate Control UI build notices, drop doctor's
duplicate backup line, and name the config surface or platform limit in the
transcripts autoStart and command-limit warnings.

Fixes #104163

* fix(slack): keep bare-name allowlist resolutions in startup log summary

Only omit identity lookups where the input already is the resolved id;
name-based lookups that translated to an id stay logged even when the
display name matches the input.

* fix(telegram): keep isolated-ingress readiness marker on the runtime log

test/e2e/qa-lab telegram-bot-token-runtime waits for this line via the
injected RuntimeEnv.log; verbose-only logging would deterministically time
out that live proof. Comment the contract at the call site.
2026-07-10 22:13:33 -07:00
SunnyShu
a6bdc8092b fix(session-memory): honor configured slug model (#97007)
* [AI] fix(session-memory): forward hook config model to LLM slug generator

When llmSlug is enabled with a model override in the session-memory hook
config, that model was ignored — slug generation always resolved the
agent default model via resolveDefaultModelForAgent.

Add an optional model parameter to generateSlugViaLLM and pass
hookConfig.model from the session-memory handler. When a hook model is
provided, only the model is forwarded (provider is omitted) so
runEmbeddedAgent's built-in resolveInitialEmbeddedRunModel chain handles
alias, provider-qualified ref, and bare-name resolution through a single
source of truth — avoiding the routing drift that blocked prior PRs.

Fixes #89551

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(session-memory): centralize slug model resolution

Honor the session-memory slug model override while keeping default, alias, and provider-qualified model selection in the embedded runner.

Co-authored-by: SunnyShu <shu.zongyu@xydigit.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 22:08:12 -07:00
xingzhou
e009a41410 fix(agents): repair orphaned queued turns before assembly (#90759)
* fix(agent): keep orphaned user turns contextual
* test(agent): prove orphan repair targets active prompt
* fix(agent): repair orphaned user behind session metadata
* fix(agent): satisfy orphan repair CI types
* fix(agent): preserve orphan repair state entries
* fix(agent): filter repaired orphan from assembled history
* fix(embedded-agent): repair orphan session entry types
* fix(embedded-agent): remap replayed metadata labels
* fix(embedded-agent): skip dangling replay labels
* fix(agents): repair orphan history before assembly

---------

Co-authored-by: 张贵萍0668001030 <zhang.guiping@xydigit.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-07-11 09:56:40 +05:30
Ayaan Zaidi
fab69517b3 fix(auto-reply): key command-turn reply operations to the source session 2026-07-11 09:26:25 +05:30
qingminlong
cd7a21787f fix(computer): reject malformed numeric input before node actions (#103642) 2026-07-10 20:50:26 -07:00
Haaai
667a5d9a63 fix(agents): guide node discovery before describe (#51926)
* fix(agents): guide node discovery before describe

Co-authored-by: Liuhaai <haixiang@iotex.io>

* test(agents): refresh node tool prompt snapshots

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 20:45:20 -07:00
Deepak Jain
612e1b94b7 fix(exec): clarify node approval recovery (#91280)
* fix(exec): clarify node approval recovery

Co-authored-by: Deepak Jain <deepujain@gmail.com>

* chore(pr): keep release notes in PR context

* fix(exec): describe dashboard URL handoff

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 20:40:53 -07:00
Sasan
dc097be00d fix(doctor): follow symlinked launcher when locating sandbox setup scripts (#90942)
* fix(doctor): follow symlinked launcher when locating sandbox setup scripts

* refactor(doctor): reuse shared package-root resolver for sandbox scripts

resolveSandboxScript hand-rolled its own cwd/argv1/realpath candidate
scan, duplicating openclaw-root discovery. Reuse resolveOpenClawPackageRootSync,
which already follows the symlinked launcher via realpath and handles
node_modules/.bin and version-manager links, then look for scripts/ under
the resolved package root. Resolves the duplicate-discovery review finding.

* fix(doctor): keep searching cwd for sandbox scripts when first package root lacks them

resolveSandboxScript stopped at the first openclaw package root the shared
resolver returned. argv1 candidates resolve before cwd, so an installed/published
root (package.json present, scripts/ dropped by the npm files allowlist) shadowed
a valid source-checkout cwd and made doctor --fix return null.

- add resolveOpenClawPackageRootsSync: all distinct roots in candidate order
- resolveSandboxScript returns the first root that actually contains the script
- resolveOpenClawPackageRootSync now delegates to the plural (behavior unchanged)
- test: source-checkout cwd shadowed by an installed argv1 root without scripts/
2026-07-11 11:36:02 +08:00
Josh Avant
fbd330b7aa fix(channels): honor configured read target policies (#99905)
* fix(channels): enforce configured read targets

* test(channels): align policy checks with boundaries

* fix: bind channel reads to trusted turn context

* test: satisfy gateway lint

* fix: narrow message action channel imports

* fix(feishu): authorize message reads before provider access

* fix(slack): await reaction clear authorization

* fix(channels): align provider action contracts

* fix(matrix): read direct-room account data before sync

* fix(channels): reject unsupported attachment actions early

* fix: restore trusted operator conversation reads

* fix(matrix): authorize pin actions before provider reads

* fix: preserve trusted channel read workflows

* fix(discord): resolve current channel ids consistently

* fix(agents): preserve message action turn capability

* fix(plugins): enforce host-owned read provenance

* fix(channels): harden Teams and Discord read policy

* fix(channels): preserve exact-current action compatibility

* fix(imessage): authorize trusted current chat aliases

* fix(channels): preserve normalized current aliases

* fix(channels): preserve external current target aliases

* fix: reconcile channel policy with current main

* fix(discord): isolate DM read policy

* fix(channels): enforce provider read gates

* fix(gateway): await serialized message action identity tokens

* fix(ci): refresh channel protocol contracts
2026-07-10 22:29:37 -05:00
Peter Steinberger
05ebaf41f6 fix(tool-call-repair): bound serialized stream normalization (#104100)
* fix(tool-call-repair): bound serialized stream normalization

Co-authored-by: wuqingxuan <wu.qingxuan@xydigit.com>
Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
Co-authored-by: qingminlong <qing.minlong@xydigit.com>
Co-authored-by: WangYan <wang.yan29@xydigit.com>

* fix(tool-call-repair): preserve strict scan narrowing

* fix(tool-call-repair): lint serialized name validation

* fix(tool-call-repair): replay split suffix whitespace

* fix(tool-call-repair): cap complete-call whitespace

* test(tool-call-repair): assert bounded whitespace replay

---------

Co-authored-by: wuqingxuan <wu.qingxuan@xydigit.com>
Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
Co-authored-by: qingminlong <qing.minlong@xydigit.com>
Co-authored-by: WangYan <wang.yan29@xydigit.com>
2026-07-10 20:00:11 -07:00
Peter Steinberger
2cc8bb40fd fix(plugins): quiet trusted discovery warning (#104097) 2026-07-10 19:53:03 -07:00
haruai
c2301d8e53 fix(gateway): preserve local access for specific binds (#98479)
* fix: prefer loopback for local tailnet dashboard

* fix(gateway): preserve local access for specific binds

---------

Co-authored-by: haruaiclone-droid <281899875+haruaiclone-droid@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 19:18:47 -07:00
Peter Steinberger
7b5854bee8 feat(webui): reintroduce opt-in AI purpose titles for tool calls (#103989)
* feat(webui): reintroduce opt-in AI purpose titles for tool calls

Restores the chat.toolTitles path removed in #103821, gated behind the new
gateway.controlUi.toolTitles opt-in (default false) so tool rendering stays
fully deterministic with no background model calls unless an operator enables
it. Disabled gateways answer { titles: {}, disabled: true } without loading
the completion runtime, and clients stop asking for the session.

When enabled, titles use canonical utility-model routing: an explicit
utilityModel (operator-chosen provider, like every utility task), else the
session provider's declared small-model default, honoring per-session model
overrides and auth profiles; utilityModel "" disables titles and malformed
refs fail closed — never the primary model. Tool inputs are redacted with the
tools-mode redactor before cache keys or prompts, caller ids are bounded and
never reach the model, and results cache in the per-agent SQLite
cache_entries so repeat views never re-bill.

Also completes two crestodian model-input mock factories that leaked into
sibling tests under shared-registry CI shards.

Fixes #103987

* fix(webui): redact tool-title inputs before truncation
2026-07-10 19:18:02 -07:00
Peter Steinberger
2a12c9916a feat(browser): import Chrome-family system-profile cookies into managed profiles (#104057)
* feat(browser): import Chrome-family system-profile cookies into managed profiles

Import cookies from a real Chrome/Brave/Edge/Chromium system profile (macOS)
into a fresh OpenClaw-managed browser profile so the agent can browse as the
signed-in user. Reads the source Cookies DB via a coherent VACUUM INTO snapshot,
decrypts v10 AES-128-CBC values with the Safe Storage Keychain key (one Touch ID
consent), maps rows to Playwright cookies (FILETIME expiry, SameSite, M124+
domain-hash prefix strip, CHIPS skipped), and best-effort injects them via
addCookies into a mock-keychain profile so they persist without further prompts.
Decrypted values are never logged or returned.

Exposed as agent tool action=importprofile, CLI system-profiles/import-profile,
and POST /profiles/import; action=profiles surfaces importable systemProfiles.
Listing and import are pinned host-local at every surface (gateway, browser
tool, node proxy) since they read the local Keychain and Chrome profiles.
Malformed domain filters fail closed via a shared validator. Gated by
browser.allowSystemProfileImport (default on). Imports cookies only.

* fix(browser): satisfy CI lint (OpenClaw temp dir, Unicode control-char class)

Use resolvePreferredOpenClawTmpDir() instead of os.tmpdir() for the cookie DB
snapshot (messaging/channel runtime tmpdir guard), and match control characters
via the Unicode \p{Cc} class instead of a literal control-char range so the
CLI table sanitizer passes the no-control-regex lint.
2026-07-10 19:15:52 -07:00
Peter Steinberger
425c5b9f26 fix(macos): reject revoked forwarded exec approvals (#103968)
* fix(macos): reject revoked forwarded exec approvals

* fix(macos): split approval plan validation

* chore(i18n): refresh native source lines
2026-07-10 19:01:17 -07:00
Josh Avant
3bcb90b2d0 fix(anthropic): stage thinking signatures until block stop (#104043) 2026-07-10 20:54:37 -05:00
qingminlong
eccd4f02f8 fix(skill-workshop): reject invalid proposal list limits (#103496)
* fix(skill-workshop): reject invalid proposal list limits

* refactor(skill-workshop): validate list params before storage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:26:12 -07:00
Peter Steinberger
57a3b1e99d fix(tui): preserve UTF-16 pairs in long tokens (#104024) 2026-07-10 18:03:40 -07:00
James Armstead
65cc86f45c Refresh MCP OAuth auth-profile tokens (#96120)
* Refresh MCP OAuth auth-profile tokens

* Rotate Codex MCP binding on bearer changes

* Preserve agent scope for MCP auth profiles

* Preserve Codex MCP tool filters

* Keep Codex MCP projection helper local-only

* Fix Codex projection package boundary artifacts

* Revert "Fix Codex projection package boundary artifacts"

This reverts commit 13bcaed3da.

* Revert "Keep Codex MCP projection helper local-only"

This reverts commit 19751f4922.

* Trigger CI rerun for OAuth MCP PR

* Fail closed for remote Codex MCP bearer projection

* Fix MCP OAuth bearer token projection

* fix: project MCP-native OAuth credentials

* fix: align MCP SDK surface budget

* fix(mcp): keep agents available before OAuth login

---------

Co-authored-by: Josh Lehman <josh@martian.engineering>
2026-07-10 17:49:43 -07:00
Peter Steinberger
31703debcb fix: sanitize oversized plugin command arguments (#104015) 2026-07-11 01:43:52 +01:00
qingminlong
6e0d590bd8 fix(agent-core): avoid a crash when empty output has a negative line limit (#103425)
* fix(agent-core): avoid empty truncation crash

* refactor(agent-core): simplify empty truncation handling

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-11 01:41:00 +01:00
soldforaloss
0e05973657 fix(tasks): treat blank JSON filters as absent (#103981)
* fix(tasks): normalize blank JSON filters

* fix(tasks): reuse optional string normalization

* fix(tasks): share blank filter normalization

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-10 17:40:11 -07:00
Peter Steinberger
3ec2a50d6c fix(exec): prevent revoked policy from authorizing delayed node runs (#103950)
* fix(cli): fail closed on exec policy rollback races

* refactor(cli): reuse canonical exec policy ordering

* fix(exec): bind delayed approvals to prepared policy

* fix(macos): revalidate delayed exec approvals

* fix(exec): align approval snapshot validation gates
2026-07-11 01:37:37 +01:00
Josh Lehman
f68af64846 fix(auto-reply): queue unsupported transcript steering (#103916) 2026-07-10 17:34:31 -07:00
Peter Steinberger
25c216ab1e fix: keep gateway watch detached in limited terminals (#104009) 2026-07-11 01:33:47 +01:00
Peter Steinberger
920b29bdd5 test(crestodian): preserve model input mock exports (#103999) 2026-07-11 01:19:11 +01:00
Peter Steinberger
6d39ec5152 feat(ui): collapse session PR chips and add a CI monitoring popover (#103853)
* feat(ui): collapse session PR chips and add a CI monitoring popover

* chore(i18n): translate session PR chip strings

* docs(gateway): note Control UI contract shapes ship in lockstep

* chore(i18n): regenerate locale bundles after rebase
2026-07-11 00:37:06 +01:00
Peter Steinberger
2f9cb92006 fix(tasks): show registry restore errors in console (#103976) 2026-07-11 00:10:14 +01:00
xingzhou
babc287afe fix(slack): time out stalled external file uploads (#103442)
* fix(slack): time out stalled external file uploads

* fix(slack): scope external upload timeout

* fix(slack): restrict external upload transport

* fix(slack): restrict external upload transport

* fix(slack): preserve external upload retry safety

* test(slack): use compatible guarded fetch runtime

* test(plugin-sdk): update public export baseline

* fix(slack): harden external upload delivery

* refactor(slack): isolate upload completion

Keep ordinary Enterprise Grid traffic on the Bolt listener client. Use a team-scoped no-retry client only for one-shot external upload completion, while preserving the bounded raw-upload timeout and safe durable replay classification.

* fix(slack): refresh upload release metadata

* chore(slack): leave release notes release-owned

* fix(slack): classify failed uploads before completion

* fix(slack): keep upload completion untimed

* test(plugin-sdk): refresh public export baseline

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:52:35 +01:00
Bek
91ac7ca700 fix(tasks): repair legacy delivery statuses (#103946)
* fix(tasks): repair legacy delivery statuses

* docs(changelog): note task state migration repair

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:49:22 +01:00
Peter Steinberger
a0354e5243 fix(onboarding): make fresh AI setup reliable and transparent (#103962)
* fix(onboarding): harden inference setup

* fix(mac): preserve setup request cancellation

* test(crestodian): align setup audit expectation

* test(crestodian): cover approval persistence warning

* fix(crestodian): preserve setup credentials and success

* chore(pr): leave changelog to release flow

* fix(onboarding): repair native CI gates
2026-07-10 23:44:53 +01:00
qingminlong
4f1f7c6fb0 fix(nodes): resolve Unicode browser node names when configured by display name (#103548)
* fix-nodes-unicode-browser-node-names

* fix(nodes): preserve compact browser node selectors

* fix(nodes): normalize unicode node names canonically

* fix(nodes): scope compact browser selectors

* fix(nodes): preserve meaningful unicode marks

* chore: leave changelog updates to release automation

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:32:28 +01:00
SunnyShu
90250dcc9a fix(auth): repair stale orders and token health rollups (#98105)
* fix(auth): preserve token health after OAuth migration

After a user migrates from OAuth to a token/setup-token credential, the
gateway model-auth rollup reported the provider as missing, producing a
false "model auth expired" warning.

Rename aggregateOAuthStatus → aggregateRefreshableAuthStatus and
extract aggregateProfileStatus helper. OAuth remains authoritative when
present; token credentials are the fallback when no effective OAuth
profile exists. Empty effectiveProfiles stays authoritative (missing).
Token fallback applies regardless of expectsOAuth flag.

Fixes #97996

Co-authored-by: SunnyShu0925 <SunnyShu0925@users.noreply.github.com>

* test(auth): use fake token fixture

* fix(doctor): repair stale auth profile orders

* fix(doctor): inspect retained auth profile stores

* fix(doctor): harden retained auth store proof

---------

Co-authored-by: SunnyShu0925 <SunnyShu0925@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:11:01 +01:00
Peter Steinberger
3f402f2c48 fix(telegram): suppress replies superseded during adoption (#103965)
* fix(telegram): preserve supersession through async adoption

* fix(auto-reply): stop superseded queued turns after adoption

* test(telegram): use dispatcher delivery return type
2026-07-10 23:10:05 +01:00
xingzhou
6f6c802ea5 fix(infra): keep restart log tails UTF-16 safe (#103757) 2026-07-10 22:50:25 +01:00
Peter Steinberger
c3cd3a15d1 fix(nodes): correct system.which examples (#103960) 2026-07-10 22:45:54 +01:00
Peter Steinberger
d92d5774f5 fix(node): report Mac exec policy defaults (#103945) 2026-07-10 22:07:44 +01:00
pick-cat
997a564c28 fix(agents): apply stale-run liveness check to aborted subagent orphan recovery (#90817)
* fix(agents): apply stale-run liveness to aborted subagent orphan recovery

Skip stale unended subagent runs during orphan recovery and registry
restore, even when they carry abortedLastRun. Previously, restart-aborted
runs were exempt from the stale-unended age check, allowing hours-old
aborted child sessions to be resurrected after long downtime.

Fixes #90766

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(agents): finalize stale aborted runs instead of only skipping them

Previously the stale-run check in recoverOrphanedSubagentSessions only
incremented the skipped counter. Stale active runs were left unended
because scheduleOrphanRecovery only retries failedRuns, not skipped runs.

Now stale runs are finalized via finalizeInterruptedSubagentRun so they
don't remain orphaned in the registry.

Ref: #90766 review feedback

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(agents): await stale-run finalization in orphan recovery

Await finalizeInterruptedSubagentRun for stale aborted runs and report
failedRuns when finalization does not update the registry, so the
scheduler retry path can recover from finalization failures.

Co-authored-by: Cursor <cursoragent@cursor.com>

* test(agents): faithful restart-path proof for stale orphan recovery

Drive the real recoverOrphanedSubagentSessions against the real subagent
registry, the real isStaleUnendedSubagentRun policy, and a real on-disk
session store, mocking only the outbound gateway transport and transcript
reader. Proves finalizeInterruptedSubagentRun actually ends the stale
aborted run in the registry (endedAt set, outcome error) instead of
resuming it, while a fresh aborted run still resumes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: amend author email

* fix(agents): scope orphan finalization to run generation

* fix(agents): preserve stale restart recovery ownership

* test(agents): isolate restart recovery scheduling

* fix(agents): make stale restart finalization durable

* fix(agents): keep stale retries generation-scoped

* test(agents): await restart recovery scheduling

* fix(agents): verify interrupted finalization

* fix(agents): defer interrupted finalization during restart

* fix(agents): preserve lifecycle type narrowing

* style(agents): use nonmutating recovery ordering

* chore: keep release note in PR body

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Pick-cat <266665499+Pick-cat@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 21:56:57 +01:00
Peter Steinberger
b81cc598bf fix(cli): run remote node commands through bundled MCP (#103936)
* fix(cli): expose node exec to bundled MCP

* fix(cli): preserve MCP exec run context

* fix(gateway): honor sender policy for CLI node exec

* fix(cli): bind canonical sender policy identity

* fix(gateway): bind CLI node exec policy context

* fix(cli): type policy provenance inputs

* fix(cli): preserve elevated node exec policy

* fix(cli): preserve spawned policy provenance

* chore: keep release note in PR
2026-07-10 21:51:34 +01:00
Peter Steinberger
9b1c36d23c fix: prevent exec approval revocation races (#103515)
* fix(security): serialize exec approval mutations

* fix(security): preserve additive approval writes

* test(cli): expect normalized approval shape

* fix(security): preserve exec approval compatibility

* test(security): exercise locked approval initialization

* test(security): mock serialized approval helpers

* test(exec): derive enforced command path from plan

* fix(gateway): always return approval CAS conflicts

* fix(macos): serialize exec approvals writes

* fix(security): repair approval build errors

* fix(security): serialize exec approval mutations

* fix(security): fail closed on approval persistence errors

* test(security): cover detached approval persistence failures

* fix(security): harden exec approval state

* style(macos): format exec approval sources

* fix(security): complete exec approval hardening

Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>

* fix(macos): preserve approved login-shell semantics

* fix(macos): keep login shell approvals one-shot

* fix(security): linearize exec authorization

Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>

* fix(security): preserve durable approval basis

Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>

* fix(security): bind exec grants to current policy

Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>

* test(security): fix exec revocation fixtures

* test(security): align gateway approval fixtures

* fix(macos): return approval decisions

* chore(i18n): sync native approval strings

* test(security): align approval hardening fixtures

* test(node): authorize completed event fixture

* test(security): fix approval decision fixtures

* test(security): await durable approval visibility

* fix(exec): preserve concurrent approval grants

* fix(exec): address exact-head CI failures

* fix(exec): preserve concurrent approval promotions

* fix(exec): make Swift shutdown state explicit

* test(macos): handle approval read failures

* fix(macos): harden approval socket paths

* fix(macos): preserve exact shell payload bytes

* test(macos): make approval fixtures explicit

* test(macos): fix approval suite compilation

* fix(macos): bound approval socket JSONL reads

* chore: move exec approval note to release process

* chore: move exec approval note to release process

---------

Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
2026-07-10 21:35:05 +01:00
Peter Steinberger
941bbec619 fix(cli): keep owner tools in local agent runs (#103922)
* fix(cli): preserve owner tools for local agent runs

* chore: leave changelog to release automation
2026-07-10 21:31:32 +01:00
Vincent Koc
99e1a6081b fix(gateway): restore suspension validation (#103925) 2026-07-10 13:20:45 -07:00
Josh Avant
5dffe21a12 fix(agents): preserve provider replay signatures (#103628) 2026-07-10 15:13:50 -05:00