Commit Graph

66965 Commits

Author SHA1 Message Date
Peter Steinberger
ae2c6117d3 feat(ui): full-page New session screen with gateway folder browser (#104238)
* feat(gateway): add admin-only fs.listDir host directory listing

* feat(ui): replace new-session dialog with full-page /new screen and folder browser

* fix(ui): drop unnecessary template literal in new-session page

* refactor(ui): rename request token locals for review-bundle hygiene

* fix(ui): preserve typed draft on agent hydration and clear stale folder listings

* fix(ui): gate new-session submit on agent hydration and keep live folder edits

* test(ui): use exact textbox selector in new-session e2e

* test(ui): deep-link new-session e2e so agents.list override supplies workspace

* chore(i18n): translate new-session strings and refresh native inventory

* chore(i18n): reconcile locale metadata after rebase
2026-07-11 00:10:48 -07:00
Peter Steinberger
efc8f05cc2 fix(release): allow Telegram preload in workers (#104252) 2026-07-11 00:09:35 -07:00
Peter Steinberger
1e660ac7b2 fix: preserve runtime plugin assets after build (#104229) 2026-07-11 00:07:59 -07:00
Peter Steinberger
5228183ce2 fix(ci): register local-audio-acceleration doctor contribution and wrap overlong MLX log line (#104233)
* fix(ci): register local-audio-acceleration doctor contribution and wrap overlong MLX log line

* fix(ci): keep MLX log line under 120 cols and resync native i18n inventory

* chore: nudge PR head sync

* fix(mac): use throwing safe read in MLX transport readability handler
2026-07-11 00:04:50 -07:00
Peter Steinberger
637256ed30 fix: register local audio doctor contribution (#104242) 2026-07-10 23:58:34 -07:00
Peter Steinberger
1d72c0f423 feat(ui): session diff panel showing a session checkout's changes in chat (#104184)
Adds a git-backed session diff panel to the Control UI, complementing the existing PR status chips.

New sessions.diff gateway method (operator.read): resolves the session checkout and returns structured per-file diffs (status, renames, +/- counts, capped unified patch) of branch + uncommitted + untracked work against the default-branch merge base. Hardened against git textconv execution and hardlinked out-of-tree content leaks; handles repos before their first commit via the empty-tree base.

Control UI renders a "Changes" panel in the chat detail sidebar with collapsible per-file diffs, hunk-gap markers, stat chips, and untracked/binary badges, gated on gateway method advertisement. Schemas additive (Swift models regenerated), 20 locales translated.

Closes #104182
2026-07-10 23:57:55 -07:00
Peter Steinberger
dfa31af0d4 docs(plugins): document safe external cron projection (#104227)
* docs(plugins): document safe cron projection

* docs(plugins): serialize cron projection revisions

* docs: refresh generated map

* docs(plugins): cancel stale cron projections
2026-07-10 23:26:40 -07:00
Peter Steinberger
ab8da6de1a docs: align PR gate policy 2026-07-11 07:20:53 +01:00
Peter Lee
99ddde8726 fix(voice-call): consolidate webhook logs on the injected plugin logger and assert transcript privacy boundary (#103555)
* fix(voice-call): redact transcript and AI response content from webhook logs

* fix(voice-call): wrap catch error in record for subsystem logger meta param

* fix(voice-call): consolidate webhook diagnostics on the injected logger and assert privacy boundary in tests

* fix(voice-call): restore [voice-call] attribution on shared plugin logger wrapper

* fix(voice-call): narrow optional debug callback before constructing wrapper

* test(voice-call): consolidate privacy assertions

* test(voice-call): share transcript privacy assertions

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:05:34 -07:00
Peter Steinberger
49b58288d3 feat(plugins): add cron reconciliation lifecycle hook (#104191)
* feat(plugins): add cron reconciliation lifecycle hook

* chore(plugin-sdk): refresh api baseline

* fix(plugin-sdk): update public export budget
2026-07-10 23:05:12 -07:00
Sebastien Tardif
1fa1507fc4 fix(install): harden stdin consumers to prevent pipe corruption in curl | bash (#87799)
* fix(install): harden stdin consumers to prevent pipe corruption in curl | bash

Redirect stdin from /dev/null for non-interactive subprocesses (npm install,
openclaw daemon restart, openclaw plugins update, openclaw dashboard) and
from /dev/tty for interactive ones (openclaw onboard in bootstrap). Also
protect the fallback paths in run_with_spinner and run_quiet_step.

This prevents subprocesses from consuming the script stream when the
installer is piped via curl | bash, which causes truncated function names
and hangs (reported in #73814).

Unlike the global pipe guard in #82918 (closed as too broad), this approach
has no detection heuristics and no re-execution. Each subprocess simply gets
the correct stdin for its purpose.

Fixes #73814

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

* chore: retrigger proof evaluation

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

* fix: redirect stdin in run_with_spinner raw-mode fallback

The success-path raw-mode fallback in run_with_spinner invoked the
command with inherited stdin. In a curl | bash scenario, this allowed
the child process to consume bytes from the script stream, causing
truncation. Add < /dev/null to match the other two fallback paths.

* retrigger proof check

* fix(test): update gum fallback assertion for stdin redirect

* fix: redirect gum-wrapped stdin and preserve TTY for interactive commands

Address ClawSweeper P1 and P2 findings:

- P1: Redirect stdin from /dev/null on the normal gum spin path so child
  commands cannot consume the piped script stream (gum v0.17.0 passes
  os.Stdin to wrapped commands).

- P2: Use is_non_interactive_shell to conditionally redirect stdin in
  fallback paths. When running interactively (bash install.sh), commands
  that need user input (e.g. Homebrew prompts) keep terminal stdin.
  When piped (curl | bash), stdin is redirected from /dev/null.

- P2: Revert labeler.yml changes to keep the PR focused on installer
  stdin safety. Size-label best-effort handling belongs in a separate PR.

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

* chore: retrigger proof evaluation

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

* retrigger proof check

* fix: base stdin isolation on stdin TTY check, not stdout

Replace is_non_interactive_shell with needs_stdin_isolation for stdin
redirection decisions. The new function checks stdin directly (! -t 0)
and NO_PROMPT, without checking stdout (-t 1). This ensures that
stdout redirection (e.g. install.sh > log.txt) does not suppress
interactive prompts when stdin is a terminal.

* test(install): add stdin isolation and NO_PROMPT coverage

Three focused tests for the needs_stdin_isolation function:

1. Verify needs_stdin_isolation returns true when stdin is piped
   (the core curl|bash scenario).
2. Verify needs_stdin_isolation returns true when NO_PROMPT=1 is set
   (explicit non-interactive override).
3. Verify run_quiet_step redirects subprocess stdin to /dev/null
   when running in a piped context, preventing script consumption.

* test(install): strengthen stdin isolation test with sentinel data

Replace the weak TTY check (which passes even without the fix since
the test pipe is also non-TTY) with a sentinel-based test: pipe
SENTINEL_DATA on stdin and verify the child process reads nothing,
proving run_quiet_step actually redirects stdin to /dev/null.

* test(install): add counterproof and cat-based stdin isolation tests

Add two new tests to prove the stdin isolation fix is necessary and
works correctly:

- counterproof: demonstrates that pipe data DOES leak to the child
  when stdin is not redirected through run_quiet_step, proving the
  /dev/null redirect is the isolation barrier
- cat-based test: uses cat (reads all of stdin) instead of read -t 1
  (timeout-based) for a deterministic assertion that run_quiet_step
  produces empty stdin

* fix: gate gum spin stdin redirect on needs_stdin_isolation

The gum spin command unconditionally redirected stdin from /dev/null,
which also killed interactive prompts for direct installs since gum
v0.17 passes os.Stdin to the wrapped command. Now only redirect
stdin when needs_stdin_isolation returns true (piped install context).

Adds focused tests verifying both paths: piped installs get /dev/null
redirect, direct interactive installs preserve terminal stdin.

* test: assert gum stdin is not /dev/null for direct interactive installs

The direct gum runtime test now reads the child command's stdin-source
log file and asserts stdin was NOT /dev/null, using device:inode
comparison (stat -f on macOS, stat -c on Linux) for reliable detection
across both platforms.

* retrigger proof check

* retrigger proof check with real installer evidence

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

* fix(install): preserve interactive post-install stdin

* fix(install): route piped prompts through controlling tty

* fix(install): keep quiet piped steps noninteractive

* fix(install): avoid hidden prompts with redirected output

* fix(install): preserve visible prompt output state

---------

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-11 14:00:53 +08:00
Vincent Koc
919b4fdc2c fix(media): verify local STT acceleration before prioritizing it (#104210)
* fix(media): observe local STT backend selection

* docs(media): explain local STT acceleration evidence

* fix(media): expand home paths in local STT discovery

* fix(media): scope local STT backend observations

* fix(security): avoid executing STT binaries during inspection

* fix(media): widen local STT selection state

* fix(security): ignore empty local STT PATH entries

* test(media): type local STT capability mocks

* test(media): isolate local STT PATH lookup

* style(cli): simplify local STT provider rows

* fix(cli): distinguish local STT fallback selection
2026-07-11 13:58:53 +08:00
Peter Lee
964a83b363 fix(voice-call): redact phone numbers in event logs via subsystem logger (#103547)
* fix(voice-call): redact phone numbers in event logs via subsystem logger

* fix(voice-call): add output-level privacy assertions that raw phone numbers are absent from event logs

* test(voice-call): consolidate privacy assertions

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 22:57:09 -07:00
Peter Steinberger
02cd9bf648 fix: suspension and restart wait for background execs (#104172)
* fix: block restart and suspension on background execs

* test: cover background exec suspension inspector
2026-07-10 22:56:17 -07:00
Peter Steinberger
b8502e1c0a test(gateway): prove suspension lifecycle in Docker (#104203) 2026-07-10 22:53:35 -07:00
Peter Steinberger
2ace363e98 feat: add live updater maintainer skill (#104202)
* feat: add live updater maintainer skill

* fix: restore updater dependencies before probes
2026-07-10 22:52:02 -07:00
Peter Steinberger
82abf7244d fix(codex): expose selectable node exec (#104198)
* fix(codex): expose selectable node exec

* chore: defer Codex node release note
2026-07-10 22:50:55 -07:00
Vincent Koc
96b1be10f5 feat(macos): keep MLX TTS model resident (#104200)
* test(macos): cover MLX helper packaging

* feat(macos): define framed MLX TTS protocol

* feat(macos): keep MLX TTS model resident

* feat(macos): reuse MLX TTS helper transport

* fix(macos): preserve MLX TTS fallback lifecycle

* chore(swift): lint MLX TTS protocol sources

* fix(macos): keep MLX helper input nonblocking

* test(macos): cover forced MLX helper shutdown

* fix(macos): fall back after MLX memory eviction

* fix(macos): discard canceled MLX audio
2026-07-11 13:45:27 +08:00
Peter Steinberger
87618930db fix(google-meet): align DTMF delay metadata (#104119)
* fix(google-meet): align DTMF delay metadata

Co-authored-by: llagy007 <0668001470@xydigit.com>

* chore: defer Google Meet release note

---------

Co-authored-by: llagy007 <0668001470@xydigit.com>
2026-07-10 22:43:28 -07:00
Peter Steinberger
10820e9c03 fix(ui): resolve global-alias session kinds for chat avatar mode (#104155)
* fix(ui): resolve global-alias session kinds for chat avatar mode

* fix(ui): borrow only the session kind from alias-matched global rows

* fix(ui): gate the global-row kind fallback on configured global scope

* fix(ui): classify global-scope aliases without requiring a listed row
2026-07-10 22:40:35 -07:00
Peter Steinberger
1a7827c020 fix(ui): suppress tooltips that repeat fully visible trigger text (#104193)
Hovering a model row in the chat model picker showed a tooltip that just
echoed the row's own label. The shared openclaw-tooltip now skips opens
whose content is already fully visible inside the trigger, while keeping
the full-text tooltip for clipped/ellipsized labels.
2026-07-10 22:40:17 -07:00
Peter Steinberger
afa3212e90 fix(release): stage Telegram QA inside runtime root (#104125) 2026-07-10 22:39:09 -07:00
Vincent Koc
daf3b86f45 Merge pull request #104181 from openclaw/fix/preserve-release-efficiency-history
chore(release): preserve efficiency change history
2026-07-11 13:35:30 +08:00
Peter Steinberger
35d6077db8 fix(gateway): admit plugin HTTP work during suspension (#104112)
* fix(gateway): admit plugin HTTP work during suspension

* test(gateway): remove unused suspension import

* docs: keep release notes in PR metadata

* fix(gateway): scope suspension route bypass
2026-07-10 22:34:57 -07:00
Peter Steinberger
1b3af45657 fix(gateway): admit reconnect delivery drains (#104143) 2026-07-10 22:33:33 -07:00
Peter Steinberger
6e9e64bd30 fix: current-tree package checks support unreleased versions (#104186)
* fix(ci): package unreleased QA builds safely

* style(ci): format QA changelog intent
2026-07-10 22:31:42 -07:00
Peter Steinberger
81a201df26 feat: add portable table presentation blocks (#103583)
* feat(presentation): add portable table blocks

* chore(presentation): refresh generated contracts

* fix(slack): preserve table fallback payloads

* docs(changelog): note portable message tables

* fix(presentation): preserve cross-channel fallback delivery

* chore(plugin-sdk): refresh rebased contracts

* test(slack): align accessibility expectations

* fix(presentation): harden cross-channel fallback delivery

* chore(plugin-sdk): refresh rebased contracts

* docs(changelog): defer portable table release note

* fix(presentation): satisfy extension lint

* chore(plugin-sdk): refresh surface budgets

* fix(telegram): preserve reactions after progress replies

* fix(slack): preserve rendered preview fallback text

* fix(feishu): preserve oversized presentation fallbacks

* docs(changelog): note portable message tables

* docs(changelog): defer portable table release note

* chore(plugin-sdk): refresh rebased contracts

---------

Co-authored-by: Peter Steinberger <steipete@openai.com>
2026-07-10 22:29:13 -07:00
Peter Steinberger
fc44e18e5e fix(cron): publish removals after durable commit (#104130)
* fix(cron): publish removals after durable commit

* test(cron): cover skipped removal persistence
2026-07-10 22:28:38 -07:00
Peter Steinberger
4b3d4020d3 fix(macos): offer CLI channels for unreleased builds (#104178)
* fix(macos): choose CLI channel for dev builds

* chore: leave release notes to automation

* chore(macos): sync native string inventory

* style(macos): wrap CLI channel guidance

* fix(macos): return CLI version policy
2026-07-10 22:27:57 -07:00
Ayaan Zaidi
79bfa3771c refactor(gateway): centralize agent wait lifecycle (#104147)
* refactor(gateway): centralize agent wait lifecycle
* fix(gateway): preserve agent wait freshness

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-07-11 10:56:40 +05:30
Vincent Koc
358d4cd4cc fix(pr): reject stale canonical wrapper code 2026-07-10 22:24:36 -07:00
Peter Steinberger
58b0ec9e50 feat(gateway): auto-approve node pairing via SSH device-key verification (#104180) 2026-07-10 22:23:10 -07:00
Peter Steinberger
dc42c893c3 improve(ios): redesign share extension compose sheet (#104187) 2026-07-10 22:22:15 -07:00
Vincent Koc
31484524a5 fix(release): preserve node across telegram qa masks (#104175) 2026-07-11 13:22:06 +08:00
Vincent Koc
2158873a3c fix(release): preserve canonical main PR provenance (#104166)
* fix(release): canonicalize changelog PR provenance

* fix(release): finalize changelog provenance policy

* fix(release): resolve canonical PRs from current main

* fix(release): support divergent beta baselines
2026-07-11 13:21:15 +08:00
Peter Steinberger
465646a68e feat(gateway): summarize startup outcomes (#104183) 2026-07-10 22:20:59 -07:00
Peter Steinberger
cb64117416 feat: session menu adds Open PR, Open in editor, and numbered group shortcuts (#104154)
* feat(ui): add Open PR, Open in editor, and numbered group shortcuts to the session menu

* fix(ui): lift session menu to popover top layer and use shadow tokens
2026-07-10 22:17:18 -07:00
Josh Avant
487ab99dc2 fix(sessions): preserve active work during maintenance (#104137) 2026-07-11 00:16:37 -05:00
Peter Steinberger
9f53f8a256 feat(macos): import local browser login (#104177)
* feat(macos): import local browser login

* chore: leave release notes to release workflow

* chore(macos): refresh native i18n inventory

* chore(macos): refresh native i18n inventory

* chore(macos): refresh native i18n inventory

* chore: sync release summary executable bit

* chore(macos): refresh native i18n inventory

* style(macos): wrap browser import result

* chore(macos): refresh native i18n inventory

* chore(macos): refresh native i18n inventory
2026-07-10 22:14:36 -07:00
Peter Steinberger
36e0ac3576 fix(logs): clean up gateway and channel startup/shutdown log output (#104174)
* fix(logs): clean up gateway and channel startup/shutdown log output

Scope Discord slash-command deploy REST diagnostics to command routes so
concurrent startup traffic (voice-state probes, channel lookups) keeps its
owner's error handling; make per-request deploy error lines verbose-only and
drop JSON bodies that only repeat message+code. Log allowlist summaries one
line per call so unresolved lines keep their timestamp/subsystem prefix, and
skip identity lookups that resolved to themselves. Remove embedded subsystem
prefixes, demote routine signal/shutdown/force/postbuild/diag chatter to
debug or verbose, merge the duplicate Control UI build notices, drop doctor's
duplicate backup line, and name the config surface or platform limit in the
transcripts autoStart and command-limit warnings.

Fixes #104163

* fix(slack): keep bare-name allowlist resolutions in startup log summary

Only omit identity lookups where the input already is the resolved id;
name-based lookups that translated to an id stay logged even when the
display name matches the input.

* fix(telegram): keep isolated-ingress readiness marker on the runtime log

test/e2e/qa-lab telegram-bot-token-runtime waits for this line via the
injected RuntimeEnv.log; verbose-only logging would deterministically time
out that live proof. Comment the contract at the call site.
2026-07-10 22:13:33 -07:00
Peter Steinberger
1c08d96d8b feat(android): durable offline chat with attachments and history-proof retirement (#104089)
* feat(android): durable offline chat with attachments and history-proof retirement

Every chat send is journaled to the per-gateway Room outbox before any
network attempt, so process death always has one durable recovery owner.
Rows survive gateway ACKs as 'accepted' and retire only once the turn is
proven in canonical chat.history by idempotency key; ambiguous outcomes
(lost ACK, kill mid-send, gateway restart before the transcript write)
park as delivery-unconfirmed for explicit retry, per the fail-closed
model #103273 landed. An unproven accepted head briefly holds only its
own session's queue, and retrying a parked head re-orders still-queued
successors behind it. Offline sends now accept picked images and voice
notes; attachment bytes persist as chunked BLOBs (512 KB chunks, 8 MB
per message, 48 MB per gateway) admitted and retired atomically with
their row. Pre-hello 'main' rows pin to the canonical session at first
dispatch so later default-agent changes cannot retarget captured input;
slash commands are connection-gated by a persisted epoch (legacy queued
command rows migrate to a never-matching sentinel) and never auto-replay
across reconnects. The Room store moves to schema v4 on top of v3's
data-parking migration, adding the epoch column and attachment tables
while preserving queued rows. The queued->sending claim is an atomic
compare-and-set shared by the direct dispatch and the flush loop, the
direct path waits for the startup recovery sweep before claiming, and
failed reconnect attempts republish outbox rows so queued sends stay
visible on offline cold starts.

Proof: 1151 Android unit tests and :app:ktlintCheck green (new
migration, storage, and controller coverage for admission, restarts,
claims, pinning, gating, ordering, and byte round-trips); a live
emulator scenario on the pre-integration build queued text+image
offline, survived force-stop plus a device reboot, resent exactly once
on reconnect (single <rowId>:user turn in the gateway transcript), and
drained the outbox after canonical-history confirmation.

Closes #104087.

* fix(android): rearm outbox recovery when direct-send state persistence fails

* fix(android): keep direct dispatch alive across caller cancellation

The direct send's network phase now runs in the controller scope, so a
cancelled UI scope (leaving the chat screen mid-send) can no longer
strand a claimed row in 'sending' with no user action available; the
dispatch completes and settles the row exactly once. Direct-path state
persistence failures also re-arm the startup recovery sweep, mirroring
the flush path's fail-closed handling.

* fix(android): hand claim-persistence failures to the flush lane

A direct-send claim that fails to persist no longer reads as a lost race:
the admitted row is handed to the flush lane so a healthy connection still
delivers it, and the flush path's fail-closed handling owns any repeated
storage failure instead of the UI reporting success with no active owner.

* fix(android): enforce connection gating and fail-closed parking on every send path

The direct dispatch now rechecks a slash command's connection epoch after
its durable claim, so a reconnect between admission and dispatch parks the
command instead of replaying it on the new connection. Parking a stale
gated row only counts once the write persists; a storage failure drops
health, re-arms recovery, and halts the flush pass instead of spinning or
dispatching the stale row.

* fix(android): recognize gateway-acknowledged run ids in outbox ownership checks

A chat.send ACK can return a run id that differs from the row's
idempotency key (the direct path transfers local run ownership to it).
Ownership, in-flight, backlog, and timeout-park checks now consider both
ids, so reconciliation can no longer park — and Retry can no longer
duplicate — a turn that is still running on the gateway.

* fix(android): close remaining ack-ownership and persistence-failure gaps in the outbox

Flushed sends acked under a divergent run id now transfer local run
ownership like the direct path, so live runs cannot time out and surface
spurious errors for delivered turns. A session pin that cannot persist
stops the dispatch while the row is still safely queued. Reconcile and
timeout parking only report changes their writes actually persisted,
failing closed on storage errors.

* docs(android): record why acknowledged run ids stay in-memory
2026-07-10 22:12:25 -07:00
SunnyShu
a6bdc8092b fix(session-memory): honor configured slug model (#97007)
* [AI] fix(session-memory): forward hook config model to LLM slug generator

When llmSlug is enabled with a model override in the session-memory hook
config, that model was ignored — slug generation always resolved the
agent default model via resolveDefaultModelForAgent.

Add an optional model parameter to generateSlugViaLLM and pass
hookConfig.model from the session-memory handler. When a hook model is
provided, only the model is forwarded (provider is omitted) so
runEmbeddedAgent's built-in resolveInitialEmbeddedRunModel chain handles
alias, provider-qualified ref, and bare-name resolution through a single
source of truth — avoiding the routing drift that blocked prior PRs.

Fixes #89551

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(session-memory): centralize slug model resolution

Honor the session-memory slug model override while keeping default, alias, and provider-qualified model selection in the embedded runner.

Co-authored-by: SunnyShu <shu.zongyu@xydigit.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 22:08:12 -07:00
Alix-007
8f8aad9ae6 fix(minimax): add timeouts to OAuth HTTP requests (#102862)
* fix(minimax): add timeouts to OAuth HTTP requests

* fix(minimax): remove duplicate OAuth abort signals

* refactor(minimax): keep OAuth timeout internal

* test(minimax): make OAuth timeout proof deterministic

---------

Co-authored-by: llagy009 <0668001470@xydigit.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 22:02:34 -07:00
Alix-007
b09f9b0482 fix(openrouter): apply request policy to video catalog requests (#102062)
* fix(openrouter): apply request policy to video catalog requests

* fix(openrouter): key video catalog cache by request policy

* test(openrouter): preserve auth literal types

* fix(openrouter): preserve catalog auth overrides

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 22:01:18 -07:00
Alix-007
c4f46baec3 fix(nextcloud-talk): add timeout to room info lookup (#102859)
* fix(nextcloud-talk): add timeout to room info lookup

* test(nextcloud-talk): assert room lookup deadline

Co-authored-by: llagy009 <0668001470@xydigit.com>

---------

Co-authored-by: llagy009 <0668001470@xydigit.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 21:59:32 -07:00
Vincent Koc
ebaa1123e9 chore(release): preserve efficiency change history 2026-07-10 21:50:24 -07:00
Vincent Koc
c47ceb0f3d improve(release): reuse exact-SHA validation evidence (#104162)
* perf(release): share changelog verification snapshots

* perf(release): reuse exact-SHA validation evidence

* feat(release): checkpoint candidate workflow state

* feat(release): watch CI transitions compactly

* fix(testbox): rotate stale reusable leases

* refactor(release): move CI verifier into scripts

* fix(release): preserve verifier executable mode

* fix(testbox): force noninteractive remote hydration

* perf(testbox): skip sync for proven clean heads

* fix(testbox): keep changed gates synchronized

* fix(testbox): isolate git state probes

* fix(testbox): isolate wrapper git commands

* fix(testbox): preserve git command contracts

* fix(release): validate reused SHA evidence

* fix(release): resume serialized plugin selections

* fix(testbox): sync source on every lease reuse

* fix(release): verify from trusted workflow checkout

* fix(release): gate evidence reuse on trusted lineage

* fix(release): support legacy verifier checkouts

* fix(testbox): export CI across shell snippets

* fix(release): revalidate reused evidence before publish

* fix(release): reject untrusted reuse before lookup

* fix(release): reuse SHA-pinned root evidence

* fix(ci): allow unreleased notes in QA packages

* fix(release): satisfy script lint contracts

* fix(release): handle Unicode workflow refs safely
2026-07-11 12:48:27 +08:00
xingzhou
6595d1756b fix(discord): stream multipart uploads (#102972)
* fix(discord): bound multipart REST uploads
* Preserve Discord media upload payload limits
* fix(discord): stream multipart uploads

---------

Co-authored-by: 张贵萍0668001030 <zhang.guiping@xydigit.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-07-11 10:10:41 +05:30
Vincent Koc
16ba8b5284 fix(release): handle Unicode workflow refs safely 2026-07-10 21:39:46 -07:00
Vincent Koc
5d742697f3 fix(release): satisfy script lint contracts 2026-07-10 21:34:37 -07:00