Commit Graph

8839 Commits

Author SHA1 Message Date
Tianning Li
583ca34bf8 feat(stepfun): add step-3.7-flash model (#88082)
* feat(stepfun): add step-3.7-flash model and make it default

* fix(stepfun): set step-3.7-flash cacheRead cost to 0.04

* fix(stepfun): raise step-3.7-flash maxTokens to context limit

Output was artificially capped at 65536; StepFun docs set max_tokens
default to INF, bounded only by the 256K context window. Raise
step-3.7-flash maxTokens to 262144 on both stepfun and stepfun-plan,
matching contextWindow. Per models.dev anomalyco/models.dev#1903.
step-3.5-flash entries unchanged.

* fix(stepfun): zero step-plan step-3.7-flash cost for plan billing

Step Plan endpoint bills per subscription plan, not per token, matching
the sibling stepfun-plan/step-3.5-flash and step-3.5-flash-2603 entries
which already carry zero cost. Standard stepfun/step-3.7-flash keeps its
per-token rate. Per models.dev anomalyco/models.dev#1903, whose step-plan
providers omit cost entirely.

* docs(changelog): note StepFun 3.7 support

* style(stepfun): format provider table

* fix(stepfun): forward reasoning effort

* fix(stepfun): scope reasoning compat to 3.7

* test(stepfun): keep 3.5 reasoning compat unchanged

* fix(stepfun): carry off fallback through agent turns

* fix(stepfun): use documented token limit field

* fix(stepfun): match chat completions contract

* chore(stepfun): keep changelog release-owned

---------

Co-authored-by: Tianning Li <litianning@stepfun.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:14:46 +01:00
Vincent Koc
9bb946acc5 docs(codex): refresh harness compatibility snapshot 2026-07-08 23:07:20 -07:00
Peter Steinberger
5533d979d4 feat: add follow-up task suggestions (#102422)
* feat(tools): add follow-up task suggestions

* chore: leave changelog to release flow

* fix(tools): add task suggestion display metadata

* fix(tools): update task suggestion display snapshot

* docs: format task suggestion tool table

* test(gateway): expect compaction worktree workspace

* test(gateway): preserve configured compaction workspace

* fix(ui): translate task suggestions
2026-07-09 06:30:01 +01:00
Peter Steinberger
e2a4973edf docs(slack): explain voice input and audio clips (#102410)
* docs(slack): document voice input support

* docs: refresh generated map

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-08 21:28:49 -07:00
Jacob Tomlinson
9c86529e44 fix(comfy): allow private service hostnames (#99065)
* fix(comfy): allow private service hostnames

* fix(comfy): scope private hostname trust to origin

* test(comfy): use fetch-compatible response bodies

---------

Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-07-08 21:11:08 -05:00
Tobias Oort
0307deacfa feat(github-copilot): support GitHub Enterprise data-residency Copilot auth (#99221)
Adds GitHub Enterprise data-residency support to the existing bundled GitHub Copilot provider.

Maintainer proof:
- GitHub CI green on head 54010a6538
- `check-lint`, `check-additional-extension-bundled`, and `check-shrinkwrap` passed in CI
- local `pnpm lint:extensions:bundled`, `pnpm lint`, and focused GitHub Copilot Vitest passed
- AWS Crabbox proof passed
- live microsoft.ghe.com device-flow/token-exchange/model-catalog proof passed

Co-authored-by: Tobias Oort <tobias.oort@ict.nl>
Co-authored-by: Gio Della-Libera <235387111+giodl73-repo@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-07-08 18:59:41 -07:00
Vincent Koc
6630138598 chore(plugin-sdk): refresh API baseline 2026-07-08 17:51:24 -07:00
Peter Steinberger
eae3fc1a79 feat(xai): add Grok 4.5 support (#102316)
* feat(xai): add Grok 4.5 support

* chore: leave release notes to release automation
2026-07-09 01:39:03 +01:00
Gio Della-Libera
7d82e5b658 Doctor: audit lint default selection (#100361)
Summary:
- audit Doctor lint default selection after the full lint-family backfill
- make legacy state, skills readiness, session transcripts, and session snapshots explicit-only for default lint
- document default lint vs --all/--only and keep plugin/SDK public contracts unchanged

Validation:
- Galin review: no blocking findings
- maintainer accepted the default-lint compatibility tradeoff in PR comment
- exact-head hosted gates passed for d5d88a0db1: CI#28976811444 and Workflow Sanity#28976811343
- local broad pnpm check was blocked by a shrinkwrap guard failure that reproduces on origin/main and is unrelated to this five-file Doctor diff

Co-authored-by: Gio Della-Libera <235387111+giodl73-repo@users.noreply.github.com>
2026-07-08 14:34:57 -07:00
Sally O'Malley
b81666ca6a Fix container image upgrade migrations before gateway readiness (#101881)
* run all 'openclaw upgrade' migrations with container image upgrades

Signed-off-by: sallyom <somalley@redhat.com>

* fix: block gateway startup on plugin repair warnings

Signed-off-by: sallyom <somalley@redhat.com>

---------

Signed-off-by: sallyom <somalley@redhat.com>
2026-07-08 14:19:05 -04:00
Gio Della-Libera
aa27ae9d9f policy: preview review-required gateway repairs (#99776)
* policy: preview review-required gateway repairs

* docs(policy): document gateway review previews

* docs(policy): document gateway review previews

* docs(policy): document gateway review previews

* docs(policy): document gateway review previews

---------

Co-authored-by: Gio Della-Libera <giodl@microsoft.com>
2026-07-08 10:44:56 -07:00
Peter Steinberger
4bf70be01a feat(secrets): egress-time credential injection with process-local sentinels (#102009)
* feat(secrets): resolve SecretRef model credentials at egress via process-local sentinels

SecretRef-managed model-provider credentials now travel as opaque
oc-sent-v1 sentinels through auth storage, stream options, and SDK
config; the guarded model fetch injects real values into headers and
URLs immediately before the SSRF-guarded send and fails closed on
unknown sentinels. packages/ai adapters converge on the host guarded
fetch where the SDK supports custom fetch and unwrap at construction
where it does not. Resolved values (and their percent-encoded forms)
register for exact-value log redaction. Kill switch:
OPENCLAW_SECRET_SENTINELS=off. Also fixes a pre-existing unhandled
rejection race in capNonOkResponseBodyLazily (pipeThrough writer leak).

* test(plugin-sdk): update public surface budget
2026-07-08 12:56:41 +01:00
Pavan Kumar Gondhi
5f04dc97e6 Harden jq safe-bin semantics (#102032) 2026-07-08 15:43:37 +05:30
Tran Quang
19f7b72a74 fix(voice-call): preserve per-call agent routing (#77763)
* fix(voice-call): preserve per-call agent routing

Co-authored-by: Tran Quang <randytran8800@gmail.com>

* chore: keep release notes in PR metadata

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-08 07:06:35 +01:00
Jason (Json)
4e84981402 feat(crestodian): guide providerless model setup (#101887)
* feat(crestodian): guide providerless model setup

* fix(crestodian): avoid TUI message shadowing

* fix(crestodian): tighten provider setup handoff

* fix(crestodian): simplify model setup result

* fix(crestodian): audit committed config hash

* fix(crestodian): contain embedded wizard exits

* test(crestodian): auto-clean operation temp dirs
2026-07-07 19:24:54 -06:00
Vincent Koc
c96c60d22d chore(plugin-sdk): refresh API baseline hash 2026-07-08 02:27:34 +02:00
Jason (Json)
2fbd4cdcba fix(installer): complete first-run onboarding (#101901)
* fix(installer): complete first-run onboarding

* docs(installer): document finalization paths

* fix(installer): honor verify without tty

* fix(installer): align config finalization
2026-07-07 18:23:56 -06:00
Omar Shahine
91a0ebbce6 Improve iMessage imsg setup and skill ownership (#101407)
Co-authored-by: Omar Shahine <10343873+omarshahine@users.noreply.github.com>
2026-07-07 14:13:37 -07:00
Peter Steinberger
6235344006 fix(ui): stop flashing the login gate on dashboard load when credentials are stored (#101849)
First connects backed by stored auth (URL/session token, password, or an
approved device token) now paint a small wiggling OpenClaw mark (delayed
fade-in, reduced-motion aware) until the hello resolves. The login gate
still owns credential-less first opens, rejected credentials, and manual
gate submissions.

Closes #101847
2026-07-07 19:40:30 +01:00
Gio Della-Libera
41425bf094 policy: repair denied gateway http endpoints (#99731)
* policy: repair denied gateway http endpoints

* docs(policy): describe gateway http repairs

---------

Co-authored-by: Gio Della-Libera <giodl@microsoft.com>
2026-07-07 11:26:54 -07:00
Peter Steinberger
a6768d9de5 feat(cron): event triggers — polled condition-watcher scripts via code mode (#101195)
* feat(cron): add headless code-mode driver and trigger-script evaluator

Part A of cron event triggers: runCodeModeScriptHeadless runs a script
to completion (exec/settle/resume, no snapshots, no session), plus the
cron-facing evaluator with per-job tool catalog cache, semaphore, 16KB
state cap, and closed failure taxonomy.

* fix(cron): correct trigger-script bootstrap flags and cache narrowing

* feat(cron): add event triggers (polled condition-watcher scripts)

Part B: trigger field on cron jobs gated by cron.triggers.enabled;
timer evaluates the script each due tick, quiet ticks leave no run
history, fired runs append the script message to the payload; once
semantics, min-interval floor, SQLite columns, RPC/CLI/agent-tool
surfaces, and docs.

* fix(cron): propagate triggerEval through startup catch-up outcomes

* fix(cron): honor cron staggering on quiet trigger ticks; fix trigger test types

* fix(cron): reject with Error reason in trigger-script abort test

* fix(cron): regenerate protocol/docs/snapshot artifacts and break madge cycle for trigger types

CI fixes for #101195: trigger evaluator result types move to the cron
types leaf (madge cycle), cron tool schema inventory gains trigger,
Swift protocol bindings + docs map + Linux prompt snapshots regenerated.

* fix(cron): drop underscore-dangle names in trigger code sync assert

* fix(cron): adopt registerHeadlessToolSearchCatalog after tool-search symbol localization

Upstream #101831 made registerToolSearchCatalog module-private; fold the
headless ref-only catalog registration into one public seam.
2026-07-07 19:12:38 +01:00
Peter Steinberger
21f251220f feat(ui): redesign gateway connection-lost banner as floating pill (#101812) 2026-07-07 19:00:29 +01:00
Shakker
a3477eafb9 docs: update Control UI MCP settings route 2026-07-07 16:53:48 +01:00
Peter Steinberger
a7faec8ca1 fix(gateway): support native Windows exec approvals (#101669)
* fix(gateway): support native Windows exec approvals

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

* chore: defer changelog entry to release

* test: use tracked approvals temp directories

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 14:50:59 +01:00
Peter Steinberger
7c0a7c8be2 fix(agents): keep exec visible for lean local models (#101607)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 12:46:26 +01:00
Peter Steinberger
bd7da9decd fix(browser): keep upload errors specific (#101465) 2026-07-07 12:35:27 +01:00
Vincent Koc
1805f7ee17 chore(plugin-sdk): refresh api baseline hash 2026-07-07 13:30:20 +02:00
Peter Steinberger
454fccd784 fix(browser): keep screenshots private by default (#101434)
* fix(browser): keep screenshots private by default

* fix(browser): preserve screenshot share handles

* fix(browser): stage explicit screenshot shares

* test(browser): avoid screenshot share temp files
2026-07-07 11:56:49 +01:00
Peter Steinberger
942b449661 fix(exec): keep pending approval warnings truthful (#101561)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 11:30:41 +01:00
Peter Steinberger
5a234d61fa feat(ui): redesign dashboard chrome with tiny top bar and sidebar search (#101497)
* feat(ui): redesign dashboard chrome with tiny top bar and sidebar search

Move the sidebar toggle to the top bar as a macOS-style panel button
(collapse on desktop, drawer on tablet/mobile), move search into a
sidebar field that opens the command palette, and move the color-mode
toggle into the sidebar footer. Shrink the top bar to 44px, make the
terminal toggle a quiet ghost button, and drop the shadow plate behind
the macOS titlebar brand mark so the transparent mascot renders bare.
Adds the missing common.colorModeOption i18n key (theme buttons were
announcing the raw key) and removes the dead theme-orb styles.

* fix(ui): translate common.colorModeOption across locale bundles

The i18n sync initially recorded English fallbacks for the new key,
which the ships-no-recorded-English-fallbacks gate rejects. Regenerated
with a real translation provider; all 20 locales now carry translated
values (fallbacks=0).

* refactor(ui): unify the topbar sidebar toggle into one button

One button drives both modes: rail collapse on desktop and the
slide-over drawer at the ≤1100px breakpoint, decided via matchMedia
(with the legacy addListener fallback used elsewhere in bootstrap).
Replaces the previous pair of CSS-swapped buttons.
2026-07-07 10:57:45 +01:00
brokemac79
037412ec7d ci(mantis): add web UI chat proof lane (#100472)
* ci(mantis): add web ui chat proof lane

* ci(mantis): tighten web ui proof candidate parsing

* ci: tighten Mantis Web UI proof lane

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 10:54:35 +01:00
Peter Steinberger
a2a68d154b fix(agent): preserve explicit recipient sessions (#101507)
* fix(agent): honor recipient session routing

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: pingfanfan <pingfan.work@gmail.com>

* fix(agent): preserve canonical recipient routes

* fix(agent): require exact recipient routes

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>

Co-authored-by: pingfanfan <pingfan.work@gmail.com>

* fix(agent): harden recipient route resolution

* fix(imessage): require canonical recipient handles

* fix(agent): refine provider recipient exactness

* fix(agent): bound direct alias session routing

* fix(signal): preserve direct alias route type

* fix(agent): honor binding-scoped recipient sessions

* fix(routing): honor configured main session aliases

* fix(clickclack): align account-owned session routes

* fix(twitch): preserve canonical recipient sessions

* fix(routing): isolate stable outbound identities

* chore: defer recipient session changelog

* fix(sms): use dedicated channel SDK facade

---------

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: pingfanfan <pingfan.work@gmail.com>
2026-07-07 10:07:13 +01:00
Alex Knight
d09469c7a6 fix: show exported tool results in trace viewers (#101371)
* fix: show exported tool results in trace viewers

* fix(diagnostics-otel): emit semconv response key and execute_tool identity so trace viewers show tool results

---------

Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>
2026-07-07 17:14:30 +10:00
Jason (Json)
f7e962d6e3 feat(cli): add openclaw promos to discover and claim ClawHub promotional model offers (#100236)
* feat: add openclaw promos CLI for ClawHub promotional model offers

* fix: harden promos claim auth validation and sanitize remote promo text

* fix: enforce promo window client-side and validate slug contract

* fix: shell-safe model ref contract and explicit --api-key override

* fix: hold promotion aliases to the models alias contract

* docs: document argv-credential contract and env alternative for promos claim

* fix: enforce provider plugin enablement on the credential-reuse claim path

* fix: require plugin install before credential-reuse shortcut in promos claim

* fix: run runtime plugin repair on promo defaults and harden identifier parsing

* fix: distinct message for contract-invalid promo aliases

* fix(cli): validate promotion plugin contracts

* fix(cli): recheck promotion window before claim

* feat(cli): surface ClawHub promotions in models list via the hosted feed

Passive discovery for promotional model offers. A cadence-gated (24h),
fail-silent conditional GET of ClawHub's immutable promotions feed
snapshot (If-None-Match -> 304, short 2.5s timeout, unauthenticated so
CDN caches stay unfragmented) is cached in two new shared-state-DB
tables, fully separate from update_check_state. models list renders an
'Available via promotion' group for live offers whose models are not in
the user's configured set (including the zero-row fresh-install path),
tags claimed models promo / promo ended from provenance recorded at
claim time, and prints a one-time notice per newly seen offer; promos
list and claim mark offers as seen. Machine outputs stay clean, snapshot
sequence is monotonic against stale edges, and claims still revalidate
against the live API so the kill switch always wins.

* style: satisfy lint on promotions feed additions

no-useless-fallback-in-spread on the optional request headers and
no-map-spread in claim-provenance row mapping.

* fix(cli): harden promotions feed cache

* fix(cli): honor live promotion validity
2026-07-07 01:10:42 -06:00
Vincent Koc
27e8ea10eb docs(talk): format realtime model table 2026-07-06 23:22:33 -07:00
Vincent Koc
9a872a22d7 docs(openai): note realtime 2.1 mini override 2026-07-06 23:22:33 -07:00
Vincent Koc
6e6d1aac4c test(openai): add focused realtime live smoke 2026-07-06 23:22:33 -07:00
Vincent Koc
f0564943a7 docs(openai): refresh realtime 2.1 examples 2026-07-06 23:22:33 -07:00
Peter Steinberger
01d6ea1f0e feat(browser): expose agent download actions (#101369)
* feat(browser): expose agent download actions

Co-authored-by: changcy <742592895@qq.com>

* chore: keep release notes in PR context

---------

Co-authored-by: changcy <742592895@qq.com>
2026-07-07 06:17:52 +01:00
Josh Lehman
5d9a2b114f feat(context-engine): report compaction successors as typed session targets (#101182) 2026-07-06 22:14:46 -07:00
Jodok Batlogg
a2f95de750 feat(voice-call): support Twilio regions (#95832)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Jodok Batlogg <158125+jodok@users.noreply.github.com>
2026-07-07 06:05:31 +01:00
Vincent Koc
f643c9b2f8 perf(ci): raise Node shard parallelism to 28 (#101174) 2026-07-06 21:59:22 -07:00
Peter Steinberger
90b680435a fix(minimax): clarify TTS volume boundary (#101359)
Co-authored-by: Quratulain-bilal <umayaimanshah@gmail.com>
2026-07-07 05:53:08 +01:00
Peter Steinberger
e5798e5477 refactor(codex): raise app-server floor to 0.142, drop range compat, fix deferred spawn_agent steering (#101221)
* refactor(codex): raise app-server floor to 0.142 and drop range-compat protocol paths

* refactor(codex): model subagent mirror state as one map

* style(codex): format event-projector

* test(codex): drop unused shared-client test import

* refactor(codex): drop v1-era notification field aliases

* fix(codex): teach models to load deferred native spawn_agent via tool_search

* docs(codex): realign harness config tables

* docs(changelog): note Codex app-server protocol update
2026-07-07 05:48:53 +01:00
Vincent Koc
d39d57edc3 ci(sdk): refresh plugin api baseline hash 2026-07-07 06:46:57 +02:00
Jesse Merhi
4112e3a0f3 Add native Signal reply quotes (#95718)
* feat(signal): quote native replies

* Fix Signal native reply edge cases

* fix(signal): tighten native reply quotes

* fix(signal): harden native reply quotes

* fix(signal): preserve approval reaction state

* fix(signal): target native replies to edited messages

* fix(signal): preserve plugin approval reaction kind

* fix(signal): keep edit event reply ids distinct
2026-07-07 13:49:13 +10:00
Peter Steinberger
654029892d feat(browser): pair the Chrome extension directly to a remote gateway (#101127)
* feat(browser): direct extension→gateway relay path for remote Chrome (#53599)

Let the OpenClaw Chrome extension pair directly to a remote gateway over
wss:// with no OpenClaw node host on the browser machine — the managed-hosting
path from #53599 (extension is the only thing installed on the laptop).

- Gateway route /browser/extension registered by the browser plugin with
  auth:"plugin" + no nodeCapability, so the gateway does not pre-enforce token
  auth (browser WebSockets cannot send an Authorization header). The upgrade
  handler self-validates the host-local relay secret from ?token=, origin-checks
  chrome-extension://, resolves the extension profile, then attaches the socket
  to the same ExtensionRelayBridge the loopback relay uses. All CDP synthesis,
  tab-group scoping, and the in-process Playwright /cdp client are unchanged.
- `openclaw browser extension pair --gateway-url wss://host` prints a
  wss://host/browser/extension#<secret> string; the path ends in /extension so
  the extension's existing pairing parser accepts it with zero extension code
  changes.
- relay-server: extract attachExtensionWebSocket + export requestToken /
  isAllowedExtensionOrigin / EXTENSION_RELAY_MAX_PAYLOAD_BYTES so loopback and
  gateway paths share one bind + one frame cap.
- runtime-lifecycle: dispose the shared gateway WebSocketServer on shutdown.
- docs: three remote topologies (same host / direct-to-gateway / via node host).

Coverage: 6 unit tests for the handler's path/503/403/404/401/attach branches.
The full extension→bridge→CDP→Chrome loop over /browser/extension was live-proven
with a real Chrome + the built extension. The real gateway upgrade→handleUpgrade
dispatch for an auth:"plugin" unprotected route is verified against core
(server-http.ts, plugins-http.ts, route-auth.ts).

* fix(browser): harden remote extension pairing
2026-07-07 04:31:52 +01:00
Ayaan Zaidi
b2baf799b4 fix(agents): bound finalize hook hangs after compaction retry
Behavior: a plugin before_agent_finalize hook that never resolves could previously freeze an agent run forever after a successful compaction retry, with no errors and no recovery from a gateway restart; this was the frozen-runner mechanism behind #84777. before_agent_finalize now has the same 15s default budget as sibling modifying hooks and fails open with the original final answer, converting the freeze into a bounded delay.

Surface: plugin hook runner defaults (src/plugins/hooks.ts), docs/plugins/hooks.md.

Refs #84777.
2026-07-07 03:16:57 +00:00
Peter Steinberger
21d919deb8 fix(onboard): keep the wizard alive through provider auth failures and polish standalone install UX (#100632)
Fixes rough edges in the standalone install flow (install.sh -> openclaw onboard), found and verified by running the flow in a clean container and on a clean macOS Tahoe VM:

- Provider auth setup failures (e.g. the preselected "Anthropic Claude CLI" option on a host without a Claude CLI login) no longer kill the whole wizard. The interactive wizard notes the error and returns to the provider picker; explicit --auth-choice automation still fails fast.
- Onboarding config now persists before the channel/search/skills steps, so a crash or cancel during channel pairing no longer loses auth + gateway decisions.
- With model auth skipped, finalize no longer auto-sends the "Wake up, my friend!" message (which always failed with a provider auth error). The hatch seed is gated on usable model credentials and a "Model auth missing" note explains the next step.
- Search provider picker no longer labels non-key credentials (e.g. SearXNG base URL) as "API key required".
- install.sh no longer warns "PATH missing npm global bin dir" with manual fix steps after it already persisted the export line; it reports the PATH was updated and how to reload the current shell.
- Removed the dead interactive hooks onboarding step (setupInternalHooks); quickstart enables default hooks silently.

Verified live per fix in a clean Debian/Node 24 container and on a clean macOS 26.5 Parallels VM (wizard re-prompt, SearXNG label), plus wizard/onboard test suites and tsgo:core.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
2026-07-07 04:11:23 +01:00
Kevin Lin
e3c40efeb0 feat(update): notify extended-stable availability (#100438)
* docs(update): clarify extended-stable notifications

* feat(update): notify extended-stable availability

* fix(update): isolate notification state

* fix(docs): align update channel table

* fix(update): refresh after channel switch

* fix(update): satisfy notification checks

* test(update): prove loopback notification path

* test(update): fix loopback server lifecycle

* fix(update): refresh extended stable without cache

* fix(update): retain extended stable throttle marker
2026-07-06 19:57:03 -07:00