* fix(ci): register local-audio-acceleration doctor contribution and wrap overlong MLX log line
* fix(ci): keep MLX log line under 120 cols and resync native i18n inventory
* chore: nudge PR head sync
* fix(mac): use throwing safe read in MLX transport readability handler
Adds a git-backed session diff panel to the Control UI, complementing the existing PR status chips.
New sessions.diff gateway method (operator.read): resolves the session checkout and returns structured per-file diffs (status, renames, +/- counts, capped unified patch) of branch + uncommitted + untracked work against the default-branch merge base. Hardened against git textconv execution and hardlinked out-of-tree content leaks; handles repos before their first commit via the empty-tree base.
Control UI renders a "Changes" panel in the chat detail sidebar with collapsible per-file diffs, hunk-gap markers, stat chips, and untracked/binary badges, gated on gateway method advertisement. Schemas additive (Swift models regenerated), 20 locales translated.
Closes#104182
* fix(install): harden stdin consumers to prevent pipe corruption in curl | bash
Redirect stdin from /dev/null for non-interactive subprocesses (npm install,
openclaw daemon restart, openclaw plugins update, openclaw dashboard) and
from /dev/tty for interactive ones (openclaw onboard in bootstrap). Also
protect the fallback paths in run_with_spinner and run_quiet_step.
This prevents subprocesses from consuming the script stream when the
installer is piped via curl | bash, which causes truncated function names
and hangs (reported in #73814).
Unlike the global pipe guard in #82918 (closed as too broad), this approach
has no detection heuristics and no re-execution. Each subprocess simply gets
the correct stdin for its purpose.
Fixes#73814
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
* chore: retrigger proof evaluation
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
* fix: redirect stdin in run_with_spinner raw-mode fallback
The success-path raw-mode fallback in run_with_spinner invoked the
command with inherited stdin. In a curl | bash scenario, this allowed
the child process to consume bytes from the script stream, causing
truncation. Add < /dev/null to match the other two fallback paths.
* retrigger proof check
* fix(test): update gum fallback assertion for stdin redirect
* fix: redirect gum-wrapped stdin and preserve TTY for interactive commands
Address ClawSweeper P1 and P2 findings:
- P1: Redirect stdin from /dev/null on the normal gum spin path so child
commands cannot consume the piped script stream (gum v0.17.0 passes
os.Stdin to wrapped commands).
- P2: Use is_non_interactive_shell to conditionally redirect stdin in
fallback paths. When running interactively (bash install.sh), commands
that need user input (e.g. Homebrew prompts) keep terminal stdin.
When piped (curl | bash), stdin is redirected from /dev/null.
- P2: Revert labeler.yml changes to keep the PR focused on installer
stdin safety. Size-label best-effort handling belongs in a separate PR.
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
* chore: retrigger proof evaluation
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
* retrigger proof check
* fix: base stdin isolation on stdin TTY check, not stdout
Replace is_non_interactive_shell with needs_stdin_isolation for stdin
redirection decisions. The new function checks stdin directly (! -t 0)
and NO_PROMPT, without checking stdout (-t 1). This ensures that
stdout redirection (e.g. install.sh > log.txt) does not suppress
interactive prompts when stdin is a terminal.
* test(install): add stdin isolation and NO_PROMPT coverage
Three focused tests for the needs_stdin_isolation function:
1. Verify needs_stdin_isolation returns true when stdin is piped
(the core curl|bash scenario).
2. Verify needs_stdin_isolation returns true when NO_PROMPT=1 is set
(explicit non-interactive override).
3. Verify run_quiet_step redirects subprocess stdin to /dev/null
when running in a piped context, preventing script consumption.
* test(install): strengthen stdin isolation test with sentinel data
Replace the weak TTY check (which passes even without the fix since
the test pipe is also non-TTY) with a sentinel-based test: pipe
SENTINEL_DATA on stdin and verify the child process reads nothing,
proving run_quiet_step actually redirects stdin to /dev/null.
* test(install): add counterproof and cat-based stdin isolation tests
Add two new tests to prove the stdin isolation fix is necessary and
works correctly:
- counterproof: demonstrates that pipe data DOES leak to the child
when stdin is not redirected through run_quiet_step, proving the
/dev/null redirect is the isolation barrier
- cat-based test: uses cat (reads all of stdin) instead of read -t 1
(timeout-based) for a deterministic assertion that run_quiet_step
produces empty stdin
* fix: gate gum spin stdin redirect on needs_stdin_isolation
The gum spin command unconditionally redirected stdin from /dev/null,
which also killed interactive prompts for direct installs since gum
v0.17 passes os.Stdin to the wrapped command. Now only redirect
stdin when needs_stdin_isolation returns true (piped install context).
Adds focused tests verifying both paths: piped installs get /dev/null
redirect, direct interactive installs preserve terminal stdin.
* test: assert gum stdin is not /dev/null for direct interactive installs
The direct gum runtime test now reads the child command's stdin-source
log file and asserts stdin was NOT /dev/null, using device:inode
comparison (stat -f on macOS, stat -c on Linux) for reliable detection
across both platforms.
* retrigger proof check
* retrigger proof check with real installer evidence
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
* fix(install): preserve interactive post-install stdin
* fix(install): route piped prompts through controlling tty
* fix(install): keep quiet piped steps noninteractive
* fix(install): avoid hidden prompts with redirected output
* fix(install): preserve visible prompt output state
---------
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
* fix(ui): resolve global-alias session kinds for chat avatar mode
* fix(ui): borrow only the session kind from alias-matched global rows
* fix(ui): gate the global-row kind fallback on configured global scope
* fix(ui): classify global-scope aliases without requiring a listed row
Hovering a model row in the chat model picker showed a tooltip that just
echoed the row's own label. The shared openclaw-tooltip now skips opens
whose content is already fully visible inside the trigger, while keeping
the full-text tooltip for clipped/ellipsized labels.
* feat(ui): add Open PR, Open in editor, and numbered group shortcuts to the session menu
* fix(ui): lift session menu to popover top layer and use shadow tokens
* fix(logs): clean up gateway and channel startup/shutdown log output
Scope Discord slash-command deploy REST diagnostics to command routes so
concurrent startup traffic (voice-state probes, channel lookups) keeps its
owner's error handling; make per-request deploy error lines verbose-only and
drop JSON bodies that only repeat message+code. Log allowlist summaries one
line per call so unresolved lines keep their timestamp/subsystem prefix, and
skip identity lookups that resolved to themselves. Remove embedded subsystem
prefixes, demote routine signal/shutdown/force/postbuild/diag chatter to
debug or verbose, merge the duplicate Control UI build notices, drop doctor's
duplicate backup line, and name the config surface or platform limit in the
transcripts autoStart and command-limit warnings.
Fixes#104163
* fix(slack): keep bare-name allowlist resolutions in startup log summary
Only omit identity lookups where the input already is the resolved id;
name-based lookups that translated to an id stay logged even when the
display name matches the input.
* fix(telegram): keep isolated-ingress readiness marker on the runtime log
test/e2e/qa-lab telegram-bot-token-runtime waits for this line via the
injected RuntimeEnv.log; verbose-only logging would deterministically time
out that live proof. Comment the contract at the call site.
* feat(android): durable offline chat with attachments and history-proof retirement
Every chat send is journaled to the per-gateway Room outbox before any
network attempt, so process death always has one durable recovery owner.
Rows survive gateway ACKs as 'accepted' and retire only once the turn is
proven in canonical chat.history by idempotency key; ambiguous outcomes
(lost ACK, kill mid-send, gateway restart before the transcript write)
park as delivery-unconfirmed for explicit retry, per the fail-closed
model #103273 landed. An unproven accepted head briefly holds only its
own session's queue, and retrying a parked head re-orders still-queued
successors behind it. Offline sends now accept picked images and voice
notes; attachment bytes persist as chunked BLOBs (512 KB chunks, 8 MB
per message, 48 MB per gateway) admitted and retired atomically with
their row. Pre-hello 'main' rows pin to the canonical session at first
dispatch so later default-agent changes cannot retarget captured input;
slash commands are connection-gated by a persisted epoch (legacy queued
command rows migrate to a never-matching sentinel) and never auto-replay
across reconnects. The Room store moves to schema v4 on top of v3's
data-parking migration, adding the epoch column and attachment tables
while preserving queued rows. The queued->sending claim is an atomic
compare-and-set shared by the direct dispatch and the flush loop, the
direct path waits for the startup recovery sweep before claiming, and
failed reconnect attempts republish outbox rows so queued sends stay
visible on offline cold starts.
Proof: 1151 Android unit tests and :app:ktlintCheck green (new
migration, storage, and controller coverage for admission, restarts,
claims, pinning, gating, ordering, and byte round-trips); a live
emulator scenario on the pre-integration build queued text+image
offline, survived force-stop plus a device reboot, resent exactly once
on reconnect (single <rowId>:user turn in the gateway transcript), and
drained the outbox after canonical-history confirmation.
Closes#104087.
* fix(android): rearm outbox recovery when direct-send state persistence fails
* fix(android): keep direct dispatch alive across caller cancellation
The direct send's network phase now runs in the controller scope, so a
cancelled UI scope (leaving the chat screen mid-send) can no longer
strand a claimed row in 'sending' with no user action available; the
dispatch completes and settles the row exactly once. Direct-path state
persistence failures also re-arm the startup recovery sweep, mirroring
the flush path's fail-closed handling.
* fix(android): hand claim-persistence failures to the flush lane
A direct-send claim that fails to persist no longer reads as a lost race:
the admitted row is handed to the flush lane so a healthy connection still
delivers it, and the flush path's fail-closed handling owns any repeated
storage failure instead of the UI reporting success with no active owner.
* fix(android): enforce connection gating and fail-closed parking on every send path
The direct dispatch now rechecks a slash command's connection epoch after
its durable claim, so a reconnect between admission and dispatch parks the
command instead of replaying it on the new connection. Parking a stale
gated row only counts once the write persists; a storage failure drops
health, re-arms recovery, and halts the flush pass instead of spinning or
dispatching the stale row.
* fix(android): recognize gateway-acknowledged run ids in outbox ownership checks
A chat.send ACK can return a run id that differs from the row's
idempotency key (the direct path transfers local run ownership to it).
Ownership, in-flight, backlog, and timeout-park checks now consider both
ids, so reconciliation can no longer park — and Retry can no longer
duplicate — a turn that is still running on the gateway.
* fix(android): close remaining ack-ownership and persistence-failure gaps in the outbox
Flushed sends acked under a divergent run id now transfer local run
ownership like the direct path, so live runs cannot time out and surface
spurious errors for delivered turns. A session pin that cannot persist
stops the dispatch while the row is still safely queued. Reconcile and
timeout parking only report changes their writes actually persisted,
failing closed on storage errors.
* docs(android): record why acknowledged run ids stay in-memory
* [AI] fix(session-memory): forward hook config model to LLM slug generator
When llmSlug is enabled with a model override in the session-memory hook
config, that model was ignored — slug generation always resolved the
agent default model via resolveDefaultModelForAgent.
Add an optional model parameter to generateSlugViaLLM and pass
hookConfig.model from the session-memory handler. When a hook model is
provided, only the model is forwarded (provider is omitted) so
runEmbeddedAgent's built-in resolveInitialEmbeddedRunModel chain handles
alias, provider-qualified ref, and bare-name resolution through a single
source of truth — avoiding the routing drift that blocked prior PRs.
Fixes#89551
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* fix(session-memory): centralize slug model resolution
Honor the session-memory slug model override while keeping default, alias, and provider-qualified model selection in the embedded runner.
Co-authored-by: SunnyShu <shu.zongyu@xydigit.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>