Commit Graph

66965 Commits

Author SHA1 Message Date
Peter Steinberger
0074005682 feat(ui): add Model Providers settings page with auth, quota, and cost per provider (#104061) 2026-07-10 19:31:41 -07:00
Peter Steinberger
4b7a5a4e8b fix(installer): default to Node 22.22.2 (#104073) 2026-07-10 19:28:49 -07:00
WhatsSkiLL
5c38f62b27 [AI-assisted] Make Android chat thinking selection explicit (#103893) 2026-07-10 22:27:56 -04:00
xingzhou
85fa8af4bb fix(telegram): close evicted client-options cache transports after in-flight sends (#101783)
Long-running Telegram senders leaked HTTP transports: the client-options cache in extensions/telegram/src/send.ts created an owned undici dispatcher per account/network entry but evicted entries without closing it. Cache entries now own their transport; eviction retires the entry and closes the transport once the operation-level lease releases, so cache pressure never aborts an in-flight, retrying, or still-preparing send. Includes a real-socket e2e regression against a local Bot API server.

Co-authored-by: zhangguiping-xydt <zhangguiping-xydt@users.noreply.github.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-07-11 07:57:44 +05:30
soldforaloss
200e1df007 fix(exa): cache disabled content options separately (#103653)
* fix(exa): partition cache by disabled content options

* fix(exa): align cache keys with effective contents

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-11 10:25:22 +08:00
mushuiyu886
f5eacacea5 fix(memory-wiki): stop duplicate bridge imports under polling (#91828)
* fix(memory-wiki): coalesce concurrent source syncs

Co-authored-by: mushuiyu_xydt <yang.haoyu@xydigit.com>

* test(memory-wiki): track alias fixture cleanup

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 19:20:15 -07:00
Peter Steinberger
7febbad017 fix(release): dispatch Telegram QA with environment access (#104066) 2026-07-10 19:19:04 -07:00
haruai
c2301d8e53 fix(gateway): preserve local access for specific binds (#98479)
* fix: prefer loopback for local tailnet dashboard

* fix(gateway): preserve local access for specific binds

---------

Co-authored-by: haruaiclone-droid <281899875+haruaiclone-droid@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 19:18:47 -07:00
Peter Steinberger
e6671d9de0 fix(ui): adapt chat workspace rail and detail panel to narrow panes (#104033)
The workspace rail and message detail panel keyed layout off viewport
media queries, so narrow split-view panes and compact windows got
crushed side-by-side columns, and below 1120px the rail was
display:none with no way to reach workspace files.

Chat panes now measure their own width with a ResizeObserver: under
800px the rail presents as the existing bottom-dock strip (side-dock
controls hide), and when the chat + detail split has under 680px the
detail panel stacks below the thread with a horizontal resize divider.
The phone full-screen detail takeover is unchanged. Bottom-strip path
and summary rows no longer flex-shrink into clipped text.

Closes #104023
2026-07-10 19:18:35 -07:00
Peter Steinberger
7b5854bee8 feat(webui): reintroduce opt-in AI purpose titles for tool calls (#103989)
* feat(webui): reintroduce opt-in AI purpose titles for tool calls

Restores the chat.toolTitles path removed in #103821, gated behind the new
gateway.controlUi.toolTitles opt-in (default false) so tool rendering stays
fully deterministic with no background model calls unless an operator enables
it. Disabled gateways answer { titles: {}, disabled: true } without loading
the completion runtime, and clients stop asking for the session.

When enabled, titles use canonical utility-model routing: an explicit
utilityModel (operator-chosen provider, like every utility task), else the
session provider's declared small-model default, honoring per-session model
overrides and auth profiles; utilityModel "" disables titles and malformed
refs fail closed — never the primary model. Tool inputs are redacted with the
tools-mode redactor before cache keys or prompts, caller ids are bounded and
never reach the model, and results cache in the per-agent SQLite
cache_entries so repeat views never re-bill.

Also completes two crestodian model-input mock factories that leaked into
sibling tests under shared-registry CI shards.

Fixes #103987

* fix(webui): redact tool-title inputs before truncation
2026-07-10 19:18:02 -07:00
Peter Steinberger
2a12c9916a feat(browser): import Chrome-family system-profile cookies into managed profiles (#104057)
* feat(browser): import Chrome-family system-profile cookies into managed profiles

Import cookies from a real Chrome/Brave/Edge/Chromium system profile (macOS)
into a fresh OpenClaw-managed browser profile so the agent can browse as the
signed-in user. Reads the source Cookies DB via a coherent VACUUM INTO snapshot,
decrypts v10 AES-128-CBC values with the Safe Storage Keychain key (one Touch ID
consent), maps rows to Playwright cookies (FILETIME expiry, SameSite, M124+
domain-hash prefix strip, CHIPS skipped), and best-effort injects them via
addCookies into a mock-keychain profile so they persist without further prompts.
Decrypted values are never logged or returned.

Exposed as agent tool action=importprofile, CLI system-profiles/import-profile,
and POST /profiles/import; action=profiles surfaces importable systemProfiles.
Listing and import are pinned host-local at every surface (gateway, browser
tool, node proxy) since they read the local Keychain and Chrome profiles.
Malformed domain filters fail closed via a shared validator. Gated by
browser.allowSystemProfileImport (default on). Imports cookies only.

* fix(browser): satisfy CI lint (OpenClaw temp dir, Unicode control-char class)

Use resolvePreferredOpenClawTmpDir() instead of os.tmpdir() for the cookie DB
snapshot (messaging/channel runtime tmpdir guard), and match control characters
via the Unicode \p{Cc} class instead of a literal control-char range so the
CLI table sanitizer passes the no-control-regex lint.
2026-07-10 19:15:52 -07:00
Peter Steinberger
0ca8237905 fix(ui): keep raw ids out of sidebar session rows and stop WebKit section overlap (#104062) 2026-07-10 19:14:51 -07:00
Peter Steinberger
b7156ce688 fix(macos): drag the window from split-view pane headers (#104048)
* fix(macos): drag the window from split-view pane headers

In the macOS app, split-screen pane header rows (session title strip) now
start a native window drag instead of selecting the title text. The Control
UI posts an openclawWindowDrag script message on mousedown over passive
header chrome; the dashboard window validates the trusted main-frame source
and the in-flight left-mouse press before calling NSWindow.performDrag.
Pane headers are chrome, so they are also no longer text-selectable.

* refactor(macos): move the dashboard failure page out of the window controller

SwiftLint type_body_length: the drag-message handler pushed
DashboardWindowController past 800 lines; the failure-page HTML is
presentation-only and now lives in DashboardFailurePage.
2026-07-10 19:07:04 -07:00
Peter Steinberger
b29fe954f1 fix(macos): start existing CLI gateway during onboarding (#104051)
* fix(macos): start detected CLI gateway during onboarding

* chore(macos): refresh native i18n inventory
2026-07-10 19:02:51 -07:00
Peter Steinberger
425c5b9f26 fix(macos): reject revoked forwarded exec approvals (#103968)
* fix(macos): reject revoked forwarded exec approvals

* fix(macos): split approval plan validation

* chore(i18n): refresh native source lines
2026-07-10 19:01:17 -07:00
Peter Steinberger
f50293c9e7 fix: installer removes temporary files after failed commands (#104049)
* fix(installer): retain temp cleanup registrations

* chore: keep installer release notes release-owned
2026-07-10 18:54:56 -07:00
Josh Avant
3bcb90b2d0 fix(anthropic): stage thinking signatures until block stop (#104043) 2026-07-10 20:54:37 -05:00
Peter Steinberger
67e1d43911 fix(ui): preserve UTF-16 workshop previews (#104047) 2026-07-10 18:45:04 -07:00
Peter Steinberger
7ac8e2e227 fix(telegram): preserve UTF-16 model labels (#104037) 2026-07-10 18:32:04 -07:00
Peter Steinberger
070b7928fd fix(release): declare Telegram QA environment secrets (#104036) 2026-07-10 18:30:20 -07:00
Peter Steinberger
c34ada31c5 feat(ui): hover-revealed chat message meta with relative timestamps (#104035)
* feat(ui): hover-revealed chat message meta with relative timestamps

* fix(ui): derive relative chat timestamps from the injected clock

* fix(ui): date far-future chat timestamps instead of clamping to just now

* fix(ui): invalidate memoized chat thread on relative-time ticks

* fix(ui): keep relative-time ticks out of the chat live region
2026-07-10 18:30:01 -07:00
qingminlong
eccd4f02f8 fix(skill-workshop): reject invalid proposal list limits (#103496)
* fix(skill-workshop): reject invalid proposal list limits

* refactor(skill-workshop): validate list params before storage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:26:12 -07:00
chenyangjun-xy
b58029f4fd fix(telegram): preserve outbound prompt context projections (#102469)
* fix(telegram): preserve outbound prompt context projections

Co-authored-by: 陈杨俊0668000971 <chen.yangjun@xydigit.com>

* fix(telegram): satisfy legacy sender lint

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:25:54 -07:00
Peter Steinberger
d6f07f36db fix(memory-wiki): prevent partial failures during concurrent agent writes (#103408)
* fix(memory-wiki): serialize concurrent apply transactions

* chore(memory-wiki): leave release note to release workflow
2026-07-10 18:22:51 -07:00
Peter Steinberger
790cd2aff2 fix(twitch): preserve UTF-16 pairs in outbound chunks (#104030) 2026-07-10 18:20:29 -07:00
llagy007
a1571f2118 fix(browser): normalize local dispatch request paths (#103727)
* fix(browser): normalize local dispatch request paths

* refactor(browser): inline request path normalization

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:10:26 -07:00
WhatsSkiLL
db817e72ce [AI-assisted] Simplify Android Canvas standby surface (#104001)
* [AI-assisted] Simplify Android Canvas standby surface

* chore(android): sync native i18n inventory

---------

Co-authored-by: IWhatsskill <284122573+IWhatsskill@users.noreply.github.com>
2026-07-10 21:07:56 -04:00
Peter Steinberger
df067770d7 fix(mac): deflake exec-approvals socket guard test and create state dir with 0700 directly (#104028) 2026-07-10 18:07:35 -07:00
Peter Steinberger
57a3b1e99d fix(tui): preserve UTF-16 pairs in long tokens (#104024) 2026-07-10 18:03:40 -07:00
Peter Steinberger
f0facb4cca fix(release): raise Telegram attestor buffer (#104025) 2026-07-10 18:03:26 -07:00
Josh Avant
d777460966 fix(slack): apply sender policy to group DMs (#104007) 2026-07-10 19:57:58 -05:00
Peter Steinberger
46692355c9 feat(ui): add a background tasks pane to chat panes (#104010)
* feat(ui): add background tasks rail to chat panes

* chore(i18n): sync control-ui locale bundles

* fix(ui): match gateway owner-key task scoping and hide tasks rail on narrow viewports

* chore(i18n): translate background tasks rail strings
2026-07-10 17:56:25 -07:00
Peter Steinberger
ace6f65510 docs(changelog): credit landed fixes 2026-07-10 20:55:36 -04:00
Sebastien Tardif
95b205eac2 fix(installer): clean temporary files on failure (#103725) 2026-07-10 17:53:23 -07:00
Masato Hoshino
2a69149566 fix(clickclack): sanitize outbound assistant text (#103142) 2026-07-10 17:52:37 -07:00
clawSean
e44f04c50e fix(sms): normalize Twilio RCS webhook senders (#102373)
Co-authored-by: clawSean <260045960+clawSean@users.noreply.github.com>
2026-07-10 17:51:47 -07:00
James Armstead
65cc86f45c Refresh MCP OAuth auth-profile tokens (#96120)
* Refresh MCP OAuth auth-profile tokens

* Rotate Codex MCP binding on bearer changes

* Preserve agent scope for MCP auth profiles

* Preserve Codex MCP tool filters

* Keep Codex MCP projection helper local-only

* Fix Codex projection package boundary artifacts

* Revert "Fix Codex projection package boundary artifacts"

This reverts commit 13bcaed3da.

* Revert "Keep Codex MCP projection helper local-only"

This reverts commit 19751f4922.

* Trigger CI rerun for OAuth MCP PR

* Fail closed for remote Codex MCP bearer projection

* Fix MCP OAuth bearer token projection

* fix: project MCP-native OAuth credentials

* fix: align MCP SDK surface budget

* fix(mcp): keep agents available before OAuth login

---------

Co-authored-by: Josh Lehman <josh@martian.engineering>
2026-07-10 17:49:43 -07:00
qingminlong
5c77724ff8 fix(canvas): validate A2UI JSONL centrally (#103713) 2026-07-11 01:48:37 +01:00
Vincent Koc
1a9d09a238 fix(release): avoid worker lint suppressions 2026-07-10 17:47:32 -07:00
Vincent Koc
05a09b464c fix(release): satisfy task graph lint 2026-07-10 17:47:32 -07:00
Vincent Koc
e6bde5599d fix(release): keep correction tags at base version 2026-07-10 17:47:32 -07:00
Vincent Koc
90ad9251df fix(pr): support rebase landings 2026-07-10 17:47:32 -07:00
Vincent Koc
6f9afda10c fix(release): align plugin shrinkwrap scope 2026-07-10 17:47:32 -07:00
Vincent Koc
e4670c55e0 chore(release): keep root changelog release-owned 2026-07-10 17:47:32 -07:00
Vincent Koc
89bb79f6ae fix(pr): allow merge-commit landings 2026-07-10 17:47:32 -07:00
Vincent Koc
eefd6248f4 fix(release): manage tracked private shrinkwraps 2026-07-10 17:47:32 -07:00
Vincent Koc
968c9549b4 fix(release): avoid pnpm bootstrap in version prep 2026-07-10 17:47:32 -07:00
Vincent Koc
3bbed6e82e fix(release): align Vault plugin version 2026-07-10 17:47:32 -07:00
Vincent Koc
a960b5f3aa fix(release): keep JSON output machine-readable 2026-07-10 17:47:32 -07:00
Vincent Koc
38abdb64e8 fix(release): serialize root package generation 2026-07-10 17:47:32 -07:00