Commit Graph

8546 Commits

Author SHA1 Message Date
Jiaming Guo
456c48f368 fix(gateway): require admin scope for browser proxy invoke (#85916)
* fix(gateway): require admin scope for browser proxy invoke

* fix(gateway): document trusted node scopes

* fix(gateway): align browser scope test

* fix(gateway): satisfy node test lint

---------

Co-authored-by: Agustin Rivera <agustin@rivera-web.com>
2026-06-29 16:23:02 -07:00
Dallin Romney
5dae3d49e6 Update QA Lab Crabline integration (#97941)
* Update QA Lab Crabline integration

* Refresh docs map
2026-06-29 16:07:38 -07:00
Agustin Rivera
29f787f10e fix(memory): require privileged dreaming config changes (#97869)
* fix(memory): gate dreaming config changes

* fix(memory): document dreaming privilege gate

Explain that persistent dreaming toggles require channel owner status or Gateway admin scope, while status and help remain read-only.
2026-06-29 13:03:22 -07:00
Glenn-Agent
7e428797ec docs: add generated docs map (#95954)
* docs: add generated docs map

* docs: format docs map headings

* docs: separate docs map sections

* fix: satisfy docs map checks
2026-06-29 11:05:58 -07:00
Momo
db2488b6e3 fix(memory): record structured dreaming outcomes (#97723)
Summary:
- Merged fix(memory): record structured dreaming outcomes after ClawSweeper review.

Automerge notes:
- PR branch already contained follow-up commit before automerge: chore(plugin-sdk): update surface budgets

Validation:
- ClawSweeper review passed for head 9fa7d20a96.
- Required merge gates passed before the squash merge.

Prepared head SHA: 9fa7d20a96
Review: https://github.com/openclaw/openclaw/pull/97723#issuecomment-4831902831

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
2026-06-29 11:23:38 +00:00
wm0018
ff1e7e1305 docs(telegram): correct errorPolicy values and defaults 2026-06-29 01:20:44 -07:00
wm0018
293f0369d0 docs(feishu): remove nonexistent disabled dmPolicy option 2026-06-29 01:05:03 -07:00
Alex Knight
aeab5f8418 feat: improve model call telemetry 2026-06-29 15:21:53 +10:00
zhangqueping
15fc881281 fix(cli): clarify safe restart bounded-then-force behavior in help and docs 2026-06-28 19:18:13 -07:00
slammajamma28
68ad8dacc0 fix(docs): Fix formatting on permissions for Discord bot (#97584)
* Fix required formatting text permissions for Discord bot

* remove whitespace
2026-06-28 18:30:36 -07:00
Dallin Romney
4b8a0a8ecf Migrate Tool Search gateway E2E into QA Lab flow (#97478)
* test: migrate tool search gateway to QA flow

* test: use built SDK in tool search QA fixture

* test: fix tool search QA fixture lint

* test: gate tool search QA flow to mock provider

* Share QA Lab fixture utilities

* Tighten QA fixture helper defaults

* test: gate tool search QA flow mode
2026-06-28 18:16:15 -07:00
Arnav Panicker
8e69811560 docs(cli): clarify strict json parsing (#80981) 2026-06-28 14:19:19 -07:00
Gio Della-Libera
9bb004359e Add marketplace feed entries command (#96158)
Merged via squash.

Prepared head SHA: 1289a25156
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Reviewed-by: @giodl73-repo
2026-06-28 14:11:29 -07:00
JC
78029e43d2 fix(doctor): warn and document QMD session recall gates (#80947)
* Warn on QMD session recall export mismatch

* Clarify session transcript recall gates
2026-06-28 13:55:27 -07:00
黄伟浩
f4201578e5 fix(matrix): warn on accumulated token storage roots (#97353) 2026-06-28 12:34:52 -07:00
Yung-Chen Tang
f3bcee8b2e fix: clarify pinned plugin dry-run updates (#97282)
* fix: clarify pinned plugin dry-run updates

* fix(plugins): normalize pinned npm dry-run versions
2026-06-28 12:18:31 -07:00
Vincent Koc
b70d1aae57 ci(docker): publish releases to Docker Hub (#97122)
* ci(docker): publish releases to Docker Hub

* ci(docker): clarify beta image tags
2026-06-28 11:15:34 -07:00
Naseem Muhammad
9ff8510f52 fix path to Discord Developer Mode in setup guide (#97336) 2026-06-28 11:03:25 -07:00
Tirion Prole
928aa3ea7e [codex] Update Claude CLI billing docs (#96848)
* Update Claude CLI billing docs

* Sync Claude live testing billing note
2026-06-28 11:03:17 -07:00
Ben.Li
a5379472f7 feat(onboard): show setup timeline note (#97482)
* feat(onboard): show setup timeline note

* test(agents): stabilize retained lock CI flakes
2026-06-28 10:47:11 -07:00
Gio Della-Libera
102a65477e Add marketplace feed refresh command (#96155)
Merged via squash.

Prepared head SHA: 1614070e92
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Reviewed-by: @giodl73-repo
2026-06-28 10:29:15 -07:00
mushuiyu886
891096926e fix(opencode): restore Zen model catalog (#92495)
* fix(opencode): restore Zen model catalog

* fix(opencode): restore Zen transport routing

* fix(opencode): broaden Zen fallback catalog

* fix(opencode): correct Zen family routing

* fix(opencode): route Zen MiniMax through Anthropic

* fix(opencode): filter Zen live-only catalog rows

* fix(opencode): route MiniMax through Zen chat completions

* fix(opencode): omit unverified Zen model costs

* fix(opencode): align sampled Zen costs

* fix(opencode): keep Zen cost metadata required

* fix(opencode): keep Zen docs examples resolvable

* fix(opencode): move Zen catalog to provider discovery

* test(opencode): cover Zen discovery cache isolation

* fix(opencode): add Zen GLM-5.2 catalog coverage

* test(opencode): detect Zen catalog drift

Signed-off-by: sallyom <somalley@redhat.com>

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: sallyom <somalley@redhat.com>
2026-06-28 12:32:44 -04:00
Gio Della-Libera
70e0fd4d8b Add hosted catalog config profiles (#95981)
Merged via squash.

Prepared head SHA: ef4d81cd08
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Reviewed-by: @giodl73-repo
2026-06-28 07:53:32 -07:00
Josh Lehman
b5e9179063 docs: deprecate legacy session file helpers (#97494)
* docs: deprecate legacy session file helpers

* docs: update sdk deprecation budgets
2026-06-28 07:33:34 -07:00
Bek
9c95abd49d fix: seed Slack thread context after reset (#97100) 2026-06-28 02:36:53 -04:00
Josh Avant
07b934901a fix: scanned PDF pages reach chat vision models (#97354)
* fix: forward scanned PDF page images to chat models

* fix: remove stale reply option cast
2026-06-27 23:01:08 -05:00
Dallin Romney
7bbd09047b docs: simplify macOS app overview (#97120)
* docs: simplify macOS app docs

* docs: preserve macOS app detail links

* docs: address macOS review feedback
2026-06-27 16:04:30 -07:00
Shakker
461e551e85 test: clarify delegated Testbox proof status 2026-06-27 23:53:52 +01:00
Galin Iliev
dc575d148a fix: page sessions_history beyond truncated tails (#97101)
* Add sessions history offset pagination

* Fix sessions_history pagination after tool caps

* Fix sessions_history PR CI blockers

* Update sessions_history prompt snapshots

* Fix offset history projection windows

---------

Co-authored-by: Galin Iliev <5711535+galiniliev@users.noreply.github.com>
2026-06-27 15:30:49 -07:00
Milosz Jankiewicz
84bcd500c9 feat(xai): route OAuth login through device-code flow (#97249)
Route xAI OAuth through device-code sign-in so remote and headless hosts do not need a localhost callback. Preserve the legacy manual `xai-device-code` auth choice/method as a compatibility alias to the same device-code flow.

Also migrate stale xAI token endpoints on refresh and fail fast on structured refresh errors while keeping retries scoped to detected HTML/Cloudflare challenge responses.

Verification:
- `node scripts/run-vitest.mjs extensions/xai/index.test.ts extensions/xai/xai-oauth.test.ts`
- `node scripts/run-vitest.mjs src/cli/models-cli.test.ts -t 'maps --device-code'`
- `node scripts/run-vitest.mjs src/commands/auth-choice.test.ts -t 'removed provider auth choice'`
- Crabbox local-container live smoke on exact head `fef3cb24afb01cd1f69cf04ef67ed11d71dfadb3`: xAI discovery and device authorization returned 200.
- `$autoreview` after the live smoke: clean.

Co-authored-by: Jaaneek <Jaaneek@users.noreply.github.com>
Co-authored-by: fuller-stack-dev <263060202+fuller-stack-dev@users.noreply.github.com>
2026-06-27 10:02:57 -06:00
Kevin Lin
c5d34c8376 feat(codex): add always plugin approval mode (#97123)
* feat(codex): add always plugin approval mode

* fix(codex): normalize plugin approval decisions

* fix(codex): fail closed on layered approval overrides
2026-06-27 01:19:00 -07:00
mushuiyu886
65fec9d787 fix(voice-call): emit canonical session keys (#89884)
* fix(voice-call): scope generated session keys by agent

* docs(voice-call): document session key canonicalization

* test(voice-call): prove legacy session migration

* fix(voice-call): preserve canonical session ownership

* fix(sessions): isolate opaque nested identities

* fix(voice-call): preserve routing ownership

* fix(voice-call): enforce inbound route direction

* fix(sessions): preserve migration and policy boundaries

* fix(sessions): normalize ambiguous main aliases

* fix(sessions): preserve canonical peer and warning paths

* fix(sessions): exclude mixed-case scoped legacy keys

* fix(sessions): cover first-run plugin migration gaps

* fix(sessions): compare aliased store identities

* fix(sessions): coalesce aliased store ownership

* fix(sessions): defer ambiguous aliased migrations

* fix(sessions): preserve shared migration boundaries

* fix(sessions): preserve opaque peer ownership

* fix(sessions): reject ambiguous ownership shapes

* fix(sessions): preserve transcript rewrite keys

* fix(sessions): close routing and migration ambiguities

* fix(sessions): preserve plugin-owned ACP aliases

* fix(sessions): retain physical store ownership

* fix(sessions): restore configured store owners

* fix(sessions): reject malformed store owners

* fix(sessions): validate ACP store ownership

* fix(sessions): include canonical store owners

* fix(sessions): preserve final store symlinks

* fix(sessions): retain shared row owners

* fix(sessions): close legacy policy gaps

* fix(sessions): preserve aliases across migrations

* fix(sessions): resolve first-run store ownership

* fix(sessions): preserve hostile legacy keys

* fix(sessions): inspect unlisted store owners

* test(doctor): refresh migration harness

* fix(sessions): preserve opaque route segments

* fix(sessions): retain metadata during migration

* fix(sessions): fail closed on store alias uncertainty

* fix(sessions): defer aliased store rewrites

* fix(sessions): retain legacy row owners

* test(sessions): harden migration proof

* fix(sessions): migrate opaque agent keys

* chore(plugin-sdk): refresh API baseline

* fix(voice-call): reuse public routing parser

* fix(sessions): retain readable alias warnings

* fix(sessions): reject opaque nested routes

* fix(sessions): share strict delivery parsing

* test(voice-call): preserve malformed Matrix case

* fix(sessions): reject legacy peer overlap

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-06-27 01:29:58 +01:00
Patrick Erichsen
808c227edb feat: scaffold provider plugins from init (#94352)
* feat: scaffold provider plugins from init

* fix: satisfy plugin init scaffold CI guards

* fix: preserve plugin init id argument
2026-06-26 16:43:51 -07:00
Vincent Koc
a82902c725 ci: right-size runner registration caps (#97119) 2026-06-27 07:01:26 +08:00
Vincent Koc
689baa5c1e feat(i18n): add Hindi and Russian docs and Control UI locales 2026-06-26 15:01:15 -07:00
Bek
9636bea901 perf(memory): add QMD search diagnostics and runtime cache (#96655) 2026-06-26 16:16:12 -04:00
NIO
527f8f0cbb fix(image-gen): bound image generation provider JSON response reads (#96495)
* fix(image-gen): bound image generation provider JSON response reads

Route success JSON reads through readProviderJsonResponse (16 MiB cap)
in openrouter, google, fal, minimax, openai, and vydra image generation
providers to prevent OOM from oversized or hostile endpoint responses.
Mirrors the response-limit campaign already applied to other provider paths.

AI-assisted.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(image-gen): size bounded JSON caps for inline image payloads

Signed-off-by: sallyom <somalley@redhat.com>

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: sallyom <somalley@redhat.com>
2026-06-26 07:08:30 -04:00
Jesse Merhi
ec737ee74d fix: rebase clawhub install trust (#81364) 2026-06-26 18:33:19 +10:00
Gio Della-Libera
4fc504d321 Doctor: add lint --all (#96471)
* fix(doctor): keep audit scrub lint opt-in

* fix(doctor): keep audit lint defaults internal

* feat(doctor): add lint profiles
2026-06-25 22:26:42 -07:00
Kevin Lin
a6a4652c70 fix(codex): expose plugin apps after delayed inventory load (#96872)
* fix(codex): refresh missing plugin app inventory

* fix(codex): honor OpenClaw app enablement overrides
2026-06-25 21:10:02 -07:00
Renaud Cerrato
95b97e5b0b fix(exec): fail invalid explicit workdir before running (#94441)
* fix(exec): fail invalid explicit workdir before running

* test(exec): tighten invalid workdir regression

* fix(exec): clarify invalid workdir recovery

* refactor(exec): centralize workdir resolution

* test(exec): update invalid workdir assertion

* fix(exec): harden backend workdir contract

* fix(exec): map missing backend host workdirs

* fix(exec): reject control commands before workdir prep

* fix(exec): defer env hook until backend cwd validation

* chore(sdk): refresh plugin api baseline

* test(agents): drop redundant definition assertions

* test(exec): use real config workdirs

* test(exec): use tracked temp dirs

* test(openshell): keep temp setup local

* test: update temp-dir route fixture

---------

Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
2026-06-26 08:02:00 +10:00
Ben Badejo
b3ac552c82 fix(codex): prefer desktop app-server for Computer Use on macOS (#96730)
* fix(codex): prefer desktop app-server for Computer Use on macOS

* fix(codex): fall back from stale desktop app-server

---------

Co-authored-by: Benjamin Badejo <ben@benbadejo.com>
2026-06-25 14:28:20 -04:00
Radek Sienkiewicz
0247eab773 fix(cli): sync official plugins during update all (#96831)
Co-authored-by: ooiuuii <169449607+ooiuuii@users.noreply.github.com>
2026-06-25 20:13:37 +02:00
Yzx
7fefc5ff58 fix: cron stream stalls fail over before job timeout (#96096)
* fix(agents): cap cron stream idle stalls

* fix(agents): preserve cron hostname timeout

* fix: bound cron idle timeout local exceptions

* fix: bound cron idle timeout local exceptions

---------

Co-authored-by: Radek Sienkiewicz <mail@velvetshark.com>
2026-06-25 19:04:15 +02:00
zhang-guiping
5fccf06b5f fix(outbound): defer reserved-literal errors to async session-route resolver
In resolveAgentDeliveryPlanWithSessionRoute, reserved-literal errors from the
sync outbound target check are no longer treated as fatal. Instead, the path
proceeds to resolveOutboundSessionRoute which calls resolveMessagingTarget,
already fixed to do directory-first lookup before rejecting reserved literals.

This preserves configured Telegram directory entries named like reserved words
(current, self, this, me) through the explicit agent/gateway delivery path.

Update docs to reflect directory-first ordering.
2026-06-25 08:37:00 -07:00
张贵萍
56baf9d079 fix(outbound): reject reserved Telegram targets 2026-06-25 08:37:00 -07:00
Vincent Koc
56d95b18f4 fix(sdk): refresh plugin sdk api baseline 2026-06-25 06:51:02 +02:00
Dallin Romney
61d4ff782e docs: clarify maturity scorecard scoring (#96594)
* docs: clarify maturity scorecard scoring

* chore: split qa profile workflow change

* docs: keep maturity coverage values stable

* test: keep maturity renderer fixture in core boundary
2026-06-24 17:32:08 -07:00
joshavant
0a14444924 Bound successful provider response reads 2026-06-24 19:08:22 -05:00
Omar Shahine
f2af052cee perf(imessage): show typing sooner for slow replies (#95621)
Merged via squash.

Prepared head SHA: 65e9ad10fd
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Reviewed-by: @omarshahine
2026-06-24 15:31:48 -07:00