Commit Graph

66965 Commits

Author SHA1 Message Date
Peter Steinberger
12f7d9c784 fix(slack): honor configured App Home command
Co-authored-by: Jonathan Tsai <jontsai@users.noreply.github.com>
2026-07-11 17:47:25 -07:00
Alix-007
e7c3f7be6c fix(discord): add timeouts to PluralKit lookup requests (#104121)
* fix(discord): add timeouts to PluralKit lookup requests

* fix(discord): bound PluralKit preflight cancellation

* docs(changelog): note PluralKit lookup deadline

* chore: keep changelog release-owned

* test(discord): reject PluralKit aborts with errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:44:52 -07:00
Peter Steinberger
a37962e90c refactor(cron): compress trigger tool guidance (#104826) 2026-07-11 17:42:49 -07:00
Vincent Koc
12f6a79481 fix(test): contain TUI validation abort teardown 2026-07-12 08:40:22 +08:00
Vincent Koc
c2819d5cfa test(gateway): expect provider policy context 2026-07-12 08:40:22 +08:00
Vincent Koc
d826581d26 test(gateway): mock provider policy surface 2026-07-12 08:40:22 +08:00
Vincent Koc
38b2494bfc test(lint): allow external public surface loader 2026-07-12 08:40:22 +08:00
Vincent Koc
bbdb24a278 test(agents): mock provider policy surface 2026-07-12 08:40:22 +08:00
Vincent Koc
16a647041c fix(providers): load trusted external thinking policies 2026-07-12 08:40:22 +08:00
Erick Kinnee
43634f616b fix(control-ui): use canonical thinkingDefault key in Quick Config (#104523)
* fix(control-ui): use canonical thinkingDefault key in Quick Config

The Control UI Quick Config panel was reading and writing the
non-canonical key agents.defaults.thinkingLevel, which is rejected
by the gateway's strict Zod schema with INVALID_REQUEST errors.

Fix: read from and write to agents.defaults.thinkingDefault instead.
The schema already defines this key and the runtime already reads it
at cfg.agents?.defaults?.thinkingDefault, so this is purely a UI path
correction with zero runtime changes.

The fast-mode control is left unchanged pending a maintainer decision
on its intended scope (per-agent, per-model, or new global default).

Refs #104501

* test(control-ui): prove quick thinking persistence

* docs(changelog): note Quick Config thinking fix

* chore: keep changelog release-owned

---------

Co-authored-by: Erick Kinnee <erick@ekinnee.dev>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:40:11 -07:00
Peter Steinberger
82667a66e5 feat(ui): editable file panel with CodeMirror and sessions.files.set hash-CAS writes (#104757)
* feat(gateway): add sessions.files.set workspace file write with hash CAS (#104698)

* feat(ui): CodeMirror file editor panel with CAS save + clickable tool-card paths (#104698)

* fix(gateway): issue the file CAS hash only for strict-UTF-8 text (#104698)

* docs(web): document the editable file detail panel (#104698)

* fix(gateway,ui): round-trip BOM and CRLF bytes through the file editor (#104698)

* fix(ui): keep mixed-line-ending files read-only in the file editor (#104698)

* fix(ui): re-gate editability when a conflict reload returns non-editable content (#104698)

* fix(gateway): reject NUL bytes in sessions.files.set replacement content (#104698)

* fix(gateway,ui): regenerate protocol bindings, fix prod types and lint for file editor (#104698)
2026-07-11 17:36:28 -07:00
Vincent Koc
39e2da5bb6 fix(cli): cap usage cost RPC timeout (#104823) 2026-07-12 08:36:23 +08:00
llagy007
d8bcd014c7 fix(signal): align supported message actions (#104788)
* fix(signal): align supported message actions

* test(signal): clarify supported message actions

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:34:07 -07:00
litang9
a0c4c31a17 fix(feishu): configure websocket ping timeout (#103763) 2026-07-11 17:31:59 -07:00
Peter Steinberger
04f945fabe feat(cloud-workers): durable transcript commit protocol for worker sessions (#104809)
* feat(cloud-workers): add transcript commit protocol

* feat(cloud-workers): persist transcript commit replay state

* feat(cloud-workers): apply transcript commits to sessions

* fix(cloud-workers): harden transcript commit admission

* fix(cloud-workers): recover branched transcript commits

* fix(cloud-workers): preserve diagnostic semantics
2026-07-11 17:29:07 -07:00
Peter Steinberger
2e6c1090c1 fix: quiet expected live updater warnings (#104813) 2026-07-11 17:27:01 -07:00
Peter Steinberger
3255b3218a feat: unify external sessions with native catalog pagination (#104717)
* feat(gateway): add generic sessions.catalog surface with plugin SDK registration seam

* feat(agents): support one-shot forked CLI session resume with successor rebinding

* feat(anthropic): adopt local Claude CLI sessions into native chats via catalog continue

* feat(codex): register the session catalog provider independently of supervision

* refactor(ui): delete the retired custom Claude/Codex session tab views

* feat(ui): render external session catalogs as native sidebar sessions and chat panes

* docs: describe the unified native session catalog

* fix: harden forked CLI resume and catalog transcript mapping after review

* fix: satisfy strict typecheck for catalog source guard and imported message cast

* chore(i18n): regenerate session catalog locales

* fix(codex): simplify session source guard type

* fix(ui): paginate sidebar session catalogs

* chore(i18n): refresh catalog metadata after main merge

* fix(ui): harden session catalog pagination refresh

* test(agents): use sqlite session accessor in fork tests

* fix(ci): refresh session catalog generated surfaces

* fix(ui): align session catalog locales

* fix: address session catalog review findings

* fix(sessions): roll back failed plugin catalog adoption

* test(sessions): preserve CLI binding literals

* fix(ui): restore native session pagination label

* docs: note external session catalogs

* Revert "docs: note external session catalogs"

This reverts commit cfb503f160.
2026-07-11 17:26:26 -07:00
NIO
9c0c932c33 fix(mcp): bound short-lived OAuth requests (#103704)
* fix(mcp): bound CLI OAuth login through guarded fetch timeout

* fix(mcp): bound OAuth request lifecycles

Co-authored-by: NIO <nocodet@mail.com>

* fix(mcp): preserve caller cancellation

* test(mcp): centralize timeout rejection capture

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: NIO <nocodet@mail.com>
2026-07-11 17:22:55 -07:00
snowzlmbot
be373ea516 improve(android): show provider-configured model details (#101912)
* feat(android): show provider model inventory

Co-authored-by: snowzlmbot <293528334+snowzlmbot@users.noreply.github.com>

* fix(gateway): project provider inventory routes

* style(android): satisfy provider inventory ktlint

* chore(android): sync provider inventory i18n

* style(android): finish provider inventory formatting

* fix(android): harden provider inventory refresh

* test(gateway): type provider inventory fixture

* chore(protocol): regenerate Swift model choice

* chore(android): sync provider inventory i18n

* test(gateway): pin provider inventory discovery mode

* chore(android): sync provider inventory landing

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: snowzlmbot <293528334+snowzlmbot@users.noreply.github.com>
2026-07-11 17:22:16 -07:00
Peter Steinberger
b5251c4274 fix(sessions): read zstd transcript archives through a materialized cache (#104795)
* fix(sessions): read zstd transcript archives through a materialized cache

Compressed archives were discovered but unreadable: the reset-archive
header probe read raw zstd bytes and every JSONL reader parsed them as
malformed lines, so compressed archives silently contributed zero
history and zero usage. Archives are write-once, so they materialize
once into a plain JSONL cache under the OpenClaw tmp dir and every
downstream reader (index, tail chunks, probes, usage scans) works
unchanged; the usage scanner also decompresses directly for whole-file
iteration.

* fix(sessions): keep usage byte-range semantics for compressed archives

Route zstd archive usage reads through the materialized plain-JSONL
cache so persisted incremental-scan offsets always measure decompressed
bytes; the whole-file decompress branch ignored requested ranges and
could overcount archived usage.

* fix(sessions): normalize compressed archives to decompressed space at usage discovery

Sizes, incremental offsets, and cache signatures for zstd archives now
all measure the materialized plain-JSONL cache, closing the truncation
window when persisted offsets from the compressed path met decompressed
reads.

* fix(sessions): gate the archive read cache on source identity

Every materialized-cache hit now stats the source archive: a deleted or
budget-evicted archive scrubs its cache entries instead of serving
stale plaintext, and the cache name carries the source size so a
same-path rewrite can never alias.

* fix(sessions): include source mtime in the archive cache identity

Same-path same-size rewrites can no longer alias a stale plaintext
cache entry; any source change mints a new cache name and the previous
entries are scrubbed on the next materialization.

* fix(sessions): bound and isolate the materialized archive cache

Cache entries expire on a 24h TTL sweep so budget-evicted archives
cannot leave plaintext copies behind, stale-identity scrubbing skips
the live identity and in-flight temp files, and unique temp names plus
last-rename-wins make concurrent materialization race-free.

* fix(sessions): drop useless probe-path initializer flagged by lint
2026-07-11 17:20:32 -07:00
Vincent Koc
603ce7e84d test(ci): cover OCM release pin 2026-07-12 08:16:22 +08:00
Vincent Koc
65695bc5bb ci(perf): pin OCM v0.2.25 2026-07-12 08:16:22 +08:00
Peter Steinberger
4e50f1ebc2 ci: allow frozen UI fixture headroom (#104805) 2026-07-11 17:14:06 -07:00
Sarah Fortune
fd37c0318d fix(slack): prefer configured slash command (#104736)
* fix(slack): preserve resolved secrets for slash replies

* fix(slack): register configured slash command with native commands

* fix(slack): preserve slash config refresh semantics

* refactor(slack): keep slash fix focused

---------

Co-authored-by: Sarah Fortune <sarah.fortune@gmail.com>
2026-07-11 17:14:02 -07:00
Alix-007
78a98a7efa fix(telegram): add timeouts to getChat lookup requests (#104289)
* fix(telegram): add timeouts to getChat lookup requests

* fix(telegram): reuse shared timeout abort helper
2026-07-11 17:13:14 -07:00
chengzhichao-xydt
dfeb15261d fix(agents): keep tool_search_code stderr tail UTF-16 safe (#104767)
* fix(agents): keep tool_search_code stderr tail UTF-16 safe

* test(agents): add real child-exit UTF-16 safety proof

* test(agents): focus stderr UTF-16 regression

---------

Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:08:56 -07:00
Peter Steinberger
4e4cca2b99 fix(agents): surface utility-model narration failures and show the utility model in models status (#104770)
* fix(agents): surface utility-model narration failures and show the utility model in models status

Narration failures were verbose-only, so a dead utility-model credential
silently degraded channel progress drafts back to raw tool lines. The
narrator now warns once per turn when it disables after consecutive
failures, naming the utility model + auth profile, and openclaw models
status renders the resolved utility model (config / provider default /
disabled) in human and JSON output.

Formatting verified remotely via Testbox format:check (hook bypassed:
no node_modules in this worktree).

Fixes #104764

* fix(models): include the utility model in models status auth analysis

The utility ref was rendered but not registered as a provider use, so
missing utility-provider auth kept --check green (Codex review P2).
Utility completions ride the plain API path like image models.

Formatting verified remotely via Testbox format:check.

* fix(models): register the utility model only for otherwise-unused providers

main's route analysis reports per-model issues; a same-provider utility
ref duplicated route reports (CI: incompatible-routes test). Shared
providers are already analyzed via their configured uses; utility-only
providers still enter the analysis so they stay visible to status.

Formatting verified remotely via Testbox format:check.

* fix(models): always analyze the utility model route in models status

Same-provider dedupe hid the documented incident class: an OAuth-healthy
primary says nothing about the utility model's plain API route (Codex
review round 3). The openai route-test fixture now pins utilityModel off
so route tests stay focused on their configured models, and a dedicated
test covers the OAuth-primary/api-key-utility scenario.

Formatting verified remotely via Testbox format:check.

* fix(models): give the utility model full text-route analysis in models status

Uses without codex fallback previously skipped per-model route
resolution (image-auth scoping), so the utility ref never produced
missing-auth route issues. Route scope is now explicit: text uses get
evaluateModelAuth, image uses keep provider-wide availability.

Formatting verified remotely via Testbox format:check.

* fix(models): probe the configured utility model and document source labels

--probe candidates now include the utility ref so utility-only providers
probe the actual configured model instead of an arbitrary catalog entry
(Codex review round 4). Inline comment records that the status resolver
never falls back to the primary, so 'provider default' labels are exact.

Formatting verified remotely via Testbox format:check.

* fix(models): canonicalize the reported utility ref and dedupe route diagnostics

utilityModel accepts aliases, so status now reports the resolved
provider/model instead of the raw alias, and identical route issues from
overlapping primary/utility refs collapse to one entry (Codex round 5).

Formatting verified remotely via Testbox format:check.
2026-07-11 17:08:19 -07:00
Igor Guarisma
4147345bcd feat(android): show agent avatar instead of first-letter badge (#103248)
* feat(android): render configured agent avatars

Co-authored-by: Igor Guarisma <igor.guarisma@gmail.com>

* style(android): satisfy avatar ktlint

* style(android): fix avatar test formatting

* style(android): align avatar test indentation

* fix(android): initialize safe image client first

* chore(android): sync avatar i18n inventory

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:07:46 -07:00
Ted Li
dbe53d6212 fix(cli): avoid zero usage cost during cache refresh (#103998)
* fix(cli): wait for usage-cost cache refresh

* test(cli): type usage cost handler response

* fix(cli): honor usage-cost timeout budget

* fix(cli): give usage audit a complete settle budget

* fix(cli): wait through stale usage caches

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:07:37 -07:00
RickLin
c749d714e9 fix(config): register zod locale explicitly so packaged builds keep real validation messages (#104026)
zod@4 declares sideEffects:false, so bundlers tree-shake the classic entry's
implicit config(en()) locale registration and every issue in a built dist
falls back to the bare "Invalid input" message. Users hit unactionable
errors like "agents.defaults: Invalid input" (#89445, #103956) and
message-text-keyed issue filtering in validation.ts diverges from source
behavior. Register the English locale explicitly next to the config schemas;
zod keeps its config on globalThis, so one call covers the whole process.

Fixes #104014
2026-07-12 08:06:58 +08:00
wuqxuan
dfa9569ca7 fix(google): exclude versioned Gemini client header from memory identity (#104759)
* fix(google): exclude versioned Gemini client header from memory identity

* test(google): focus memory identity coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:06:21 -07:00
Peter Steinberger
0fbd28476e fix: fence live updater maintenance (#104802) 2026-07-11 17:05:35 -07:00
qingminlong
c59e24647c fix(agents): reject invalid goal token budgets (#104534)
* fix(agents): reject invalid goal token budgets

* test(agents): update goal assertion for session accessor

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:05:04 -07:00
mushuiyu886
d886059520 fix(line): preserve Unicode boundaries in recipient errors (#104109) 2026-07-11 17:03:58 -07:00
xingzhou
57c2d65ad5 fix(apps): reconcile slow Apple chat replies (#97722)
* fix(apps): reconcile slow chat replies

Co-authored-by: zhang-guiping <zhang.guiping@xydigit.com>

* style(apps): wrap wait diagnostic

* chore(apps): refresh native i18n inventory

* chore: leave changelog release-owned

* style(apps): normalize Swift modifiers

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:01:40 -07:00
llagy007
7027d2c227 fix(browser): reject non-page json new targets (#104129)
* fix(browser): reject non-page json new targets

* fix(browser): adopt only validated raw CDP targets

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:58:43 -07:00
Peter Steinberger
3f7c78319a fix(ci): enforce Docker E2E boundary guard (#104797) 2026-07-11 16:56:46 -07:00
Peter Steinberger
02dc25a1b5 feat(gateway): persist operator approvals (#103579)
* feat(gateway): persist operator approvals

* fix(gateway): preserve approval ids exactly

* fix(gateway): enforce approval reviewer bindings

* fix(gateway): reconcile durable approvals with exec revocation hardening

Map #103515 semantics onto the durable lifecycle: resolutionSource and
one-shot consumeAskFallback stay process-local record facts, trusted
auto-review resolves through the durable CAS as a runtime resolver, and
lost races settle with the winner's operator source. Also: derive the
audience walker cap from the store cap, report APPROVAL_ALREADY_RESOLVED
for a resolve that loses the CAS race, document approval.get/resolve in
the protocol docs, and regenerate Swift models on the new base.

* fix(approvals): validate resolver kind

* docs(approvals): explain malformed verdict denial

* fix(protocol): regenerate approval models after rebase

* chore: leave changelog entry to release generation

* fix(gateway): preserve approval registration boundaries

* test(gateway): prove multi-device approval races

* test(gateway): keep approval order assertion stable

* docs: index operator approval architecture

* fix(protocol): bound approval declaration exports
2026-07-11 16:53:49 -07:00
qingminlong
8e216310b8 fix(parallel): stop MCP search when initialized ack fails (#104554)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-12 07:52:23 +08:00
Peter Steinberger
f929fd9865 feat(ui): chat background-tasks rail detects running work eagerly and shows live tool activity (#104776)
* feat(ui): detect background tasks eagerly and show live tool activity in the chat rail

Track tool-start counts and the last tool name per task run in the task
registry, persist them on task_runs, and expose them as additive optional
TaskSummary fields. The chat background-tasks rail now loads its snapshot
eagerly so the collapsed toggle badge detects running work immediately,
and rows show a live elapsed timer, tool-use count, and the tool
currently in use (run duration for finished rows).

Issue: #104775

* fix(ui): translate background-task activity strings and refresh generated protocol models

The singular tool-use label is literal ("1 tool use") because several
locales legitimately drop the count placeholder in singular forms, which
fail-closes the placeholder guard in the i18n sync. Locale bundles are
the authenticated ui:i18n:sync output (fallbacks=0); GatewayModels.swift
is protocol:gen:swift output for the new TaskSummary fields.

* chore(ui): refresh i18n raw-copy baseline after rebase
2026-07-11 16:51:48 -07:00
Peter Steinberger
447c9868c3 fix(cron): make condition watcher authoring reliable (#104787)
* fix(cron): teach agents condition watcher contract

* chore: defer cron note to release closeout
2026-07-11 16:50:39 -07:00
Peter Steinberger
fb08d3b631 ci: avoid retries in frozen UI tests (#104790) 2026-07-11 16:46:04 -07:00
Harjoth Khara
b2cd0e428d fix(workboard): preserve active claim error precedence (#104065)
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-12 07:45:25 +08:00
Peter Steinberger
5c7e1341ab fix: fail crabbox lease-claim refusals (#104789) 2026-07-11 16:44:47 -07:00
NianJiu
d1f614c9e6 feat(android): add system share target (#104571)
* feat(android): receive system shares safely

Co-authored-by: NianJiuZst <3235467914@qq.com>

* fix(android): preserve share FIFO in composer

* fix(android): serialize cross-task share imports

* chore(android): sync share import i18n

* fix(android): retry shares in resumed composer

* chore(android): sync resumed share i18n

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:44:34 -07:00
moguangyu5-design
1a1d7aa45e fix(scripts): make clawlog default behavior match documented usage (#104059)
* fix(scripts): make clawlog default behavior match documented usage

Running scripts/clawlog.sh with no arguments was printing the usage help
instead of the documented default behavior (last 50 lines from the past 5
minutes). Remove the early no-args help branch so the defaults are used.

Also validate that options requiring a value (-n, -l, -c, -s, -o) actually
receive one, preventing an unbound-variable abort under set -u.

Fixes #104058

* fix(scripts): preserve dash-prefixed operands in clawlog and add regression tests

ClawSweeper review feedback on #104059 noted that the missing-value
guards introduced in the previous commit also rejected valid operands
beginning with a dash (e.g., search text '-failed' or an output file
named '-debug.log'). Narrow the guards so they only reject genuinely
missing operands, not dash-prefixed values.

Add focused regression coverage in test/scripts/clawlog.test.ts for:
- no-argument default behavior
- missing values for -n/-l/-c/-s/-o
- acceptance of dash-prefixed operands
- --help still printing usage

Related: #104058

* test(scripts): isolate clawlog command execution

* test(clawlog): use managed temp directories

---------

Co-authored-by: moguangyu5-design <moguangyu5-design@users.noreply.github.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-12 07:44:25 +08:00
ZOOWH
fb702e5cae fix(memory): harden embedding batch workflows (#103472)
* fix(memory): harden embedding batch workflows

Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>

* test(memory): align batch redaction expectation

* test(memory): tighten batch dependency types

* refactor(google): clarify batch state control flow

* test(google): make batch stage fallback lint-safe

* build(plugin-sdk): refresh memory batch surface budget

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>
2026-07-11 16:43:58 -07:00
Peter Steinberger
847460600f feat(macos): redesign device-code sign-in (#104766)
* feat(macos): redesign device-code sign-in

* chore(i18n): refresh native string inventory

* fix(macos): localize device-code completion action

* fix(auth): preserve device-code fallback copy

* fix(xai): report browser launch accurately
2026-07-11 16:43:21 -07:00
Vincent Koc
0ea7b2a543 ci(perf): pin optimized Kova evaluator (#104772) 2026-07-12 07:42:35 +08:00
Vincent Koc
2adaf8b3b5 test(auth): type session update options 2026-07-12 07:40:35 +08:00