vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-18 21:04:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
49,997 Commits 1,843 Branches 149 Tags
2bdbf240a92de26a46dd176acdb85f0c4e7e7bc3
Commit Graph

1450 Commits

Author SHA1 Message Date
Gio Della-Libera
9aec9200f1 fix(agents): honor OPENCLAW_WORKSPACE_DIR fallback (#81447) 
Co-authored-by: Gio Della-Libera <giodl@microsoft.com>
 2026-05-15 22:32:02 -07:00
Brad
372a8e4d22 Add wait mode for manual cron runs (#81929) 
Adds wait mode for manual cron runs, exact run-id lookup for cron run logs, protocol/Swift schema support, and docs/changelog coverage.
 2026-05-15 20:17:48 -07:00
Peter Steinberger
b08e0da25b fix: clarify provider timeout ceiling 2026-05-16 01:08:07 +01:00
Josh Avant
64b94daf92 Fix gateway auth logout aborting active runs (#82346) 
* fix gateway auth logout aborts active runs

* docs changelog for auth logout abort fix

* test fix auth logout typecheck

* test fix auth profile mock shape
 2026-05-15 18:36:49 -05:00
Peter Steinberger
628c753f3b docs: document wildcard runtime policy 2026-05-15 20:50:49 +01:00
Sergio Cadavid
472523360d fix(codex): scope user MCP servers by agent (#82180) 2026-05-15 20:17:16 +01:00
Peter Steinberger
41810a462e fix(discord): suppress link embeds by default 
* fix(discord): suppress link embeds by default

* fix(discord): handle missing stream config
 2026-05-15 15:22:54 +01:00
Peter Steinberger
2ea0c6c929 docs(slack): align unfurl default docs (#82123) 2026-05-15 13:25:52 +01:00
Peter Steinberger
cd91bd9a1e docs: document admin HTTP RPC plugin 2026-05-15 11:44:58 +01:00
Kaspre
44840007d4 fix(agents): scope custom provider baseUrl SSRF trust by origin (#80751) 
* fix(agents): scope provider SSRF trust by origin

* fix(provider): preserve explicit private-network deny

* docs(provider): document exact-origin SSRF trust

* test(provider): cover exact-origin SSRF edges

* docs(provider): align local model private-origin guidance

* refactor(ssrf): keep policy merging in infra

* test(ssrf): cover exact-origin trust through guard

* test(ssrf): block sibling private-origin redirects

* fix(provider): keep loopback trust origin-scoped

* fix(provider): block metadata origin trust

* fix(ssrf): keep metadata rebinding blocked

* fix(ssrf): block cloud metadata origins

* fix(ssrf): block ipv6 metadata origins

* fix(ssrf): block embedded metadata origins

* test(ssrf): cover embedded link-local metadata

* test(provider): cover custom anthropic proxy classification

* test(provider): widen transport policy mock

* test(plugin-sdk): assert metadata-IP allowedOrigins entries are rejected

Plugin authors can construct an SsrFPolicy that lists any well-formed
http(s) origin in allowedOrigins. The abuse-resistance lives one layer
deeper, in resolvePinnedHostnameWithPolicy's metadata/link-local block.
Add an SDK-level smoke test asserting that contract directly:

- AWS/Alibaba IMDS IPv4 literals, GCP metadata canonical hostname,
  IPv6 ULA metadata literal, and non-metadata link-local IPv4 entries
  build a policy via ssrfPolicyFromHttpBaseUrlAllowedOrigin and are
  then rejected at resolvePinnedHostnameWithPolicy.
- DNS rebinding from a trusted private DNS origin to a metadata IP is
  rejected even when the request hostname is origin-trusted.

This would fail if the SDK helper or resolveSsrFPolicyForUrl ever
short-circuited past the metadata block.

* chore(docs): regenerate baselines after upstream rebase

upstream/main moved between rebases; the merged source state for the
PR's `src/config/schema.help.ts` change and the upstream plugin-sdk
surface changes both produce different hashes than the committed
baselines, so `config:docs:check` and `plugin-sdk:api:check` would fail.

Regenerated via `pnpm config:docs:gen` + `pnpm plugin-sdk:api:gen` on
Crabbox; both baselines verified with their respective `--check`
generators.

* test(plugin-sdk): assert SSRF blocked error class

* fix(lint): satisfy exact-origin PR lint rules

* docs: clarify custom provider origin trust

* chore(docs): refresh plugin sdk api baseline

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-05-15 11:00:29 +01:00
Peter Steinberger
e30be460e1 fix: shorten stalled Codex recovery window 2026-05-15 10:19:37 +01:00
Val Alexander
930852af29 feat(agents): support per-agent bootstrap profiles 
Summary:\n- Add optional per-agent bootstrap profile overrides for contextInjection, bootstrapMaxChars, and bootstrapTotalMaxChars.\n- Resolve per-agent bootstrap profile settings before agents.defaults and thread the resolved session agent through embedded, compact, CLI, and /context diagnostic paths.\n- Update schema/help/docs/changelog plus focused runtime, schema, and /context regression coverage.\n\nVerification:\n- Local focused auto-reply tests and formatter checks passed.\n- Local pnpm check:changed passed before landing follow-ups.\n- Local Node 24 pnpm check:test-types passed after merging latest main into the PR branch.\n- GitHub PR state CLEAN at 0ff12062840f42daf2666c5fabb127c3f7631669.\n- ClawSweeper re-review completed successfully with no actionable repair finding.\n\nFixes #69966.
 2026-05-15 02:42:21 -05:00
Peter Steinberger
b830beb34b fix: surface update restart and plugin repair guidance 2026-05-15 07:32:29 +01:00
Kaspre
57e699a09a fix(config): rotate clobber snapshots at cap 2026-05-15 06:48:03 +01:00
B.K.
22a0ca9e3b fix: hand off managed update run self-updates 
Route managed LaunchAgent package self-updates through the post-exit CLI handoff path and persist handoff helper failures through the update restart sentinel so agent-invoked updates cannot stay pending indefinitely.

Add handoff ownership guards for stale helpers, atomic helper sentinel writes, and regression coverage for unrelated and newer pending sentinels.

Fixes #81894.

Co-authored-by: B.K. <bandark@mac.com>
 2026-05-15 06:12:57 +01:00
Gado
83b8289ee2 feat: WhatsApp status reactions, new emoji categories, self-explanatory defaults (#59077) (#80612) 
Merged via squash.

Prepared head SHA: 25e0a7a9fd
Co-authored-by: gado-ships-it <276509604+gado-ships-it@users.noreply.github.com>
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com>
Reviewed-by: @velvet-shark
 2026-05-14 14:37:23 +02:00
Peter Steinberger
a0f35574d0 Remove codex-cli backend and migrate to Codex runtime 
Remove the bundled codex-cli backend, migrate legacy codex-cli refs and runtime pins to the Codex app-server runtime, and update live/backend workflow coverage for the supported CLI lanes.
 2026-05-14 10:07:18 +01:00
Peter Steinberger
81b239dc98 build: externalize slack openshell vertex plugins 2026-05-14 07:46:58 +01:00
Bek
aa39107261 docs: align Slack docs for socket mode and troubleshooting (#81647) 2026-05-14 00:34:30 -04:00
Val Alexander
6a41a54212 fix(macos): harden direct gateway TLS pinning 
Summary:
- Require macOS system trust before saving and accepting first-use direct `wss://` gateway TLS pins.
- Honor `gateway.remote.tlsFingerprint` in macOS direct node-mode TLS params.
- Add focused Swift coverage and update remote gateway docs/changelog.

Verification:
- Local: swiftformat --lint on touched Swift files.
- Local: git diff --check HEAD~1..HEAD.
- Local: swift test --package-path apps/shared/OpenClawKit --filter GatewayTLSPinningTests.
- Local: swift test --package-path apps/macos --filter 'MacNodeModeCoordinatorTests|GatewayEndpointStoreTests'.
- Local: PATH=/Users/buns/.nvm/versions/node/v24.13.0/bin:$PATH pnpm docs:list.
- CI: macos-node, macos-swift, check-docs, security-fast, security-scm-fast, security-dependency-audit, Opengrep OSS, and changed-path checks passed on PR head cf383fc047.

Fixes #50642.
Supersedes #50643.
 2026-05-13 21:30:22 -05:00
Peter Steinberger
150bebcd0c fix(gateway): require v4 chat deltas 2026-05-13 16:06:37 +01:00
samzong
10315ce215 fix(gateway): add incremental chat delta payloads 2026-05-13 16:06:37 +01:00
Pavan Kumar Gondhi
418d7afb33 gateway: pass Talk session scope to resolver [AI] (#81379) 
* fix: pass talk session visibility scope

* addressing review-skill

* addressing review-skill

* addressing codex review

* addressing codex review

* addressing codex review

* addressing codex review

* addressing codex review

* addressing codex review

* addressing claude review

* addressing ci

* docs: add changelog entry for PR merge
 2026-05-13 20:09:03 +05:30
Peter Steinberger
5ac6b600de docs(channels): document bot loop protection 2026-05-13 14:59:47 +01:00
Peter Steinberger
d00e9eba65 docs: add ds4 provider guide 2026-05-13 14:45:34 +01:00
Pavan Kumar Gondhi
b17e77a22b Require approval for setup-code device pairing [AI] (#81292) 
* fix: require approval for setup-code bootstrap pairing

* addressing review-skill

* addressing codex review

* addressing codex review

* addressing codex review

* addressing codex review

* addressing codex review

* addressing ci

* addressing ci

* docs: add changelog entry for PR merge
 2026-05-13 18:48:44 +05:30
Jason
70df2b8fe2 feat: steer mid-turn prompts by default (#77023) 
Summary:
- Default active-run queueing to steer while preserving explicit followup/collect modes.
- Keep `/steer` fallback behavior and migrate retired queue steering config.
- Await Codex app-server steering acceptance so rejected/aborted steering can fall back safely.
- Route active subagent announcements through intentional acceptance-aware steering, with legacy queue helpers deprecated for delivery decisions.

Verification:
- git diff --check
- rg -n "^(<<<<<<<|=======|>>>>>>>|\|\|\|\|\|\|\|)" CHANGELOG.md docs src extensions || true
- pnpm test src/agents/subagent-announce-dispatch.test.ts src/agents/subagent-announce-delivery.test.ts src/agents/pi-embedded-runner/runs.test.ts src/agents/subagent-announce.format.e2e.test.ts src/agents/subagent-announce.test.ts
- pnpm test src/auto-reply/reply/commands-steer.test.ts src/auto-reply/reply/queue/settings.test.ts src/auto-reply/reply/queue-policy.test.ts src/auto-reply/reply/agent-runner.runreplyagent.e2e.test.ts src/auto-reply/reply/get-reply-run.media-only.test.ts extensions/codex/src/app-server/run-attempt.test.ts -- -t "queued steering|explicit all-mode steering|flushes pending default queued steering|rejects queued steering|resolveActiveRunQueueAction|resolveQueueSettings|handleSteerCommand"

Co-authored-by: fuller-stack-dev <263060202+fuller-stack-dev@users.noreply.github.com>
 2026-05-13 14:00:11 +01:00
Peter Steinberger
694ca50e97 Revert "refactor: move runtime state to SQLite" 
This reverts commit f91de52f0d.
 2026-05-13 13:33:38 +01:00
Peter Steinberger
f91de52f0d refactor: move runtime state to SQLite 
* refactor: remove stale file-backed shims

* fix: harden sqlite state ci boundaries

* refactor: store matrix idb snapshots in sqlite

* fix: satisfy rebased CI guardrails

* refactor: store current conversation bindings in sqlite table

* refactor: store tui last sessions in sqlite table

* refactor: reset sqlite schema history

* refactor: drop unshipped sqlite table migration

* refactor: remove plugin index file rollback

* refactor: drop unshipped sqlite sidecar migrations

* refactor: remove runtime commitments kv migration

* refactor: preserve kysely sync result types

* refactor: drop unshipped sqlite schema migration table

* test: keep session usage coverage sqlite-backed

* refactor: keep sqlite migration doctor-only

* refactor: isolate device legacy imports

* refactor: isolate push voicewake legacy imports

* refactor: isolate remaining runtime legacy imports

* refactor: tighten sqlite migration guardrails

* test: cover sqlite persisted enum parsing

* refactor: isolate legacy update and tui imports

* refactor: tighten sqlite state ownership

* refactor: move legacy imports behind doctor

* refactor: remove legacy session row lookup

* refactor: canonicalize memory transcript locators

* refactor: drop transcript path scope fallbacks

* refactor: drop runtime legacy session delivery pruning

* refactor: store tts prefs only in sqlite

* refactor: remove cron store path runtime

* refactor: use cron sqlite store keys

* refactor: rename telegram message cache scope

* refactor: read memory dreaming status from sqlite

* refactor: rename cron status store key

* refactor: stop remembering transcript file paths

* test: use sqlite locators in agent fixtures

* refactor: remove file-shaped commitments and cron store surfaces

* refactor: keep compaction transcript handles out of session rows

* refactor: derive transcript handles from session identity

* refactor: derive runtime transcript handles

* refactor: remove gateway session locator reads

* refactor: remove transcript locator from session rows

* refactor: store raw stream diagnostics in sqlite

* refactor: remove file-shaped transcript rotation

* refactor: hide legacy trajectory paths from runtime

* refactor: remove runtime transcript file bridges

* refactor: repair database-first rebase fallout

* refactor: align tests with database-first state

* refactor: remove transcript file handoffs

* refactor: sync post-compaction memory by transcript scope

* refactor: run codex app-server sessions by id

* refactor: bind codex runtime state by session id

* refactor: pass memory transcripts by sqlite scope

* refactor: remove transcript locator cleanup leftovers

* test: remove stale transcript file fixtures

* refactor: remove transcript locator test helper

* test: make cron sqlite keys explicit

* test: remove cron runtime store paths

* test: remove stale session file fixtures

* test: use sqlite cron keys in diagnostics

* refactor: remove runtime delivery queue backfill

* test: drop fake export session file mocks

* refactor: rename acp session read failure flag

* refactor: rename acp row session key

* refactor: remove session store test seams

* refactor: move legacy session parser tests to doctor

* refactor: reindex managed memory in place

* refactor: drop stale session store wording

* refactor: rename session row helpers

* refactor: rename sqlite session entry modules

* refactor: remove transcript locator leftovers

* refactor: trim file-era audit wording

* refactor: clean managed media through sqlite

* fix: prefer explicit agent for exports

* fix: use prepared agent for session resets

* fix: canonicalize legacy codex binding import

* test: rename state cleanup helper

* docs: align backup docs with sqlite state

* refactor: drop legacy Pi usage auth fallback

* refactor: move legacy auth profile imports to doctor

* refactor: keep Pi model discovery auth in memory

* refactor: remove MSTeams legacy learning key fallback

* refactor: store model catalog config in sqlite

* refactor: use sqlite model catalog at runtime

* refactor: remove model json compatibility aliases

* refactor: store auth profiles in sqlite

* refactor: seed copied auth profiles in sqlite

* refactor: make auth profile runtime sqlite-addressed

* refactor: migrate hermes secrets into sqlite auth store

* refactor: move plugin install config migration to doctor

* refactor: rename plugin index audit checks

* test: drop auth file assumptions

* test: remove legacy transcript file assertions

* refactor: drop legacy cli session aliases

* refactor: store skill uploads in sqlite

* refactor: keep subagent attachments in sqlite vfs

* refactor: drop subagent attachment cleanup state

* refactor: move legacy session aliases to doctor

* refactor: require node 24 for sqlite state runtime

* refactor: move provider caches into sqlite state

* fix: harden virtual agent filesystem

* refactor: enforce database-first runtime state

* refactor: rename compaction transcript rotation setting

* test: clean sqlite refactor test types

* refactor: consolidate sqlite runtime state

* refactor: model session conversations in sqlite

* refactor: stop deriving cron delivery from session keys

* refactor: stop classifying sessions from key shape

* refactor: hydrate announce targets from typed delivery

* refactor: route heartbeat delivery from typed sqlite context

* refactor: tighten typed sqlite session routing

* refactor: remove session origin routing shadow

* refactor: drop session origin shadow fixtures

* perf: query sqlite vfs paths by prefix

* refactor: use typed conversation metadata for sessions

* refactor: prefer typed session routing metadata

* refactor: require typed session routing metadata

* refactor: resolve group tool policy from typed sessions

* refactor: delete dead session thread info bridge

* Show Codex subscription reset times in channel errors (#80456)

* feat(plugin-sdk): consolidate session workflow APIs

* fix(agents): allow read-only agent mount reads

* [codex] refresh plugin regression fixtures

* fix(agents): restore compaction gateway logs

* test: tighten gateway startup assertions

* Redact persisted secret-shaped payloads [AI] (#79006)

* test: tighten device pair notify assertions

* test: tighten hermes secret assertions

* test: assert matrix client error shapes

* test: assert config compat warnings

* fix(heartbeat): remap cron-run exec events to session keys (#80214)

* fix(codex): route btw through native side threads

* fix(auth): accept friendly OpenAI order for Codex profiles

* fix(codex): rotate auth profiles inside harness

* fix: keep browser status page probe within timeout

* test: assert agents add outputs

* test: pin cron read status

* fix(agents): avoid Pi resource discovery stalls

Co-authored-by: dataCenter430 <titan032000@gmail.com>

* fix: retire timed-out codex app-server clients

* test: tighten qa lab runtime assertions

* test: check security fix outputs

* test: verify extension runtime messages

* feat(wake): expose typed sessionKey on wake protocol + system event CLI

* fix(gateway): await session_end during shutdown drain and track channel + compaction lifecycle paths (#57790)

* test: guard talk consult call helper

* fix(codex): scale context engine projection (#80761)

* fix(codex): scale context engine projection

* fix: document Codex context projection scaling

* fix: document Codex context projection scaling

* fix: document Codex context projection scaling

* fix: document Codex context projection scaling

* chore: align Codex projection changelog

* chore: realign Codex projection changelog

* fix: isolate Codex projection patch

---------

Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org>
Co-authored-by: Josh Lehman <josh@martian.engineering>

* refactor: move agent runtime state toward piless

* refactor: remove cron session reaper

* refactor: move session management to sqlite

* refactor: finish database-first state migration

* chore: refresh generated sqlite db types

* refactor: remove stale file-backed shims

* test: harden kysely type coverage

# Conflicts:
#	.agents/skills/kysely-database-access/SKILL.md
#	src/infra/kysely-sync.types.test.ts
#	src/proxy-capture/store.sqlite.test.ts
#	src/state/openclaw-agent-db.test.ts
#	src/state/openclaw-state-db.test.ts

* refactor: remove cron store path runtime

* refactor: keep compaction transcript handles out of session rows

* refactor: derive embedded transcripts from sqlite identity

* refactor: remove embedded transcript locator handoff

* refactor: remove runtime transcript file bridges

* refactor: remove transcript file handoffs

* refactor: remove MSTeams legacy learning key fallback

* refactor: store model catalog config in sqlite

* refactor: use sqlite model catalog at runtime

# Conflicts:
#	docs/cli/secrets.md
#	docs/gateway/authentication.md
#	docs/gateway/secrets.md

* fix: keep oauth sibling sync sqlite-local

# Conflicts:
#	src/commands/onboard-auth.test.ts

* refactor: remove task session store maintenance

# Conflicts:
#	src/commands/tasks.ts

* refactor: keep diagnostics in state sqlite

* refactor: enforce database-first runtime state

* refactor: consolidate sqlite runtime state

* Show Codex subscription reset times in channel errors (#80456)

* fix(codex): refresh subscription limit resets

* fix(codex): format reset times for channels

* Update CHANGELOG with latest changes and fixes

Updated CHANGELOG with recent fixes and improvements.

* fix(codex): keep command load failures on codex surface

* fix(codex): format account rate limits as rows

* fix(codex): summarize account limits as usage status

* fix(codex): simplify account limit status

* test: tighten subagent announce queue assertion

* test: tighten session delete lifecycle assertions

* test: tighten cron ops assertions

* fix: track cron execution milestones

* test: tighten hermes secret assertions

* test: assert matrix sync store payloads

* test: assert config compat warnings

* fix(codex): align btw side thread semantics

* fix(codex): honor codex fallback blocking

* fix(agents): avoid Pi resource discovery stalls

* test: tighten codex event assertions

* test: tighten cron assertions

* Fix Codex app-server OAuth harness auth

* refactor: move agent runtime state toward piless

* refactor: move device and push state to sqlite

* refactor: move runtime json state imports to doctor

* refactor: finish database-first state migration

* chore: refresh generated sqlite db types

* refactor: clarify cron sqlite store keys

* refactor: remove stale file-backed shims

* refactor: bind codex runtime state by session id

* test: expect sqlite trajectory branch export

* refactor: rename session row helpers

* fix: keep legacy device identity import in doctor

* refactor: enforce database-first runtime state

* refactor: consolidate sqlite runtime state

* build: align pi contract wrappers

* chore: repair database-first rebase

* refactor: remove session file test contracts

* test: update gateway session expectations

* refactor: stop routing from session compatibility shadows

* refactor: stop persisting session route shadows

* refactor: use typed delivery context in clients

* refactor: stop echoing session route shadows

* refactor: repair embedded runner rebase imports

# Conflicts:
#	src/agents/pi-embedded-runner/run/attempt.tool-call-argument-repair.ts

* refactor: align pi contract imports

* refactor: satisfy kysely sync helper guard

* refactor: remove file transcript bridge remnants

* refactor: remove session locator compatibility

* refactor: remove session file test contracts

* refactor: keep rebase database-first clean

* refactor: remove session file assumptions from e2e

* docs: clarify database-first goal state

* test: remove legacy store markers from sqlite runtime tests

* refactor: remove legacy store assumptions from runtime seams

* refactor: align sqlite runtime helper seams

* test: update memory recall sqlite audit mock

* refactor: align database-first runtime type seams

* test: clarify doctor cron legacy store names

* fix: preserve sqlite session route projections

* test: fix copilot token cache test syntax

* docs: update database-first proof status

* test: align database-first test fixtures

* docs: update database-first proof status

* refactor: clean extension database-first drift

* test: align agent session route proof

* test: clarify doctor legacy path fixtures

* chore: clean database-first changed checks

* chore: repair database-first rebase markers

* build: allow baileys git subdependency

* chore: repair exp-vfs rebase drift

* chore: finish exp-vfs rebase cleanup

* chore: satisfy rebase lint drift

* chore: fix qqbot rebase type seam

* chore: fix rebase drift leftovers

* fix: keep auth profile oauth secrets out of sqlite

* fix: repair rebase drift tests

* test: stabilize pairing request ordering

* test: use source manifests in plugin contract checks

* fix: restore gateway session metadata after rebase

* fix: repair database-first rebase drift

* fix: clean up database-first rebase fallout

* test: stabilize line quick reply receipt time

* fix: repair extension rebase drift

* test: keep transcript redaction tests sqlite-backed

* fix: carry injected transcript redaction through sqlite

* chore: clean database branch rebase residue

* fix: repair database branch CI drift

* fix: repair database branch CI guard drift

* fix: stabilize oauth tls preflight test

* test: align database branch fast guards

* test: repair build artifact boundary guards

* chore: clean changelog rebase markers

---------

Co-authored-by: pashpashpash <nik@vault77.ai>
Co-authored-by: Eva <eva@100yen.org>
Co-authored-by: stainlu <stainlu@newtype-ai.org>
Co-authored-by: Jason Zhou <jason.zhou.design@gmail.com>
Co-authored-by: Ruben Cuevas <hi@rubencu.com>
Co-authored-by: Pavan Kumar Gondhi <pavangondhi@gmail.com>
Co-authored-by: Shakker <shakkerdroid@gmail.com>
Co-authored-by: Kaspre <36520309+Kaspre@users.noreply.github.com>
Co-authored-by: dataCenter430 <titan032000@gmail.com>
Co-authored-by: Kaspre <kaspre@gmail.com>
Co-authored-by: pandadev66 <nova.full.stack@outlook.com>
Co-authored-by: Eva <admin@100yen.org>
Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org>
Co-authored-by: Josh Lehman <josh@martian.engineering>
Co-authored-by: jeffjhunter <support@aipersonamethod.com>
 2026-05-13 13:15:12 +01:00
Lellansin Huang
78e03e3004 fix(gateway): forward OpenAI sampling params 
- Forward temperature and top_p through OpenAI-compatible chat and responses gateway paths.
- Return OpenAI-compatible 400 errors for invalid sampling params and provider validation failures instead of collapsing them to 500s.
- Add regression coverage and changelog credit.

Co-authored-by: lellansin <lellansin@gmail.com>
 2026-05-13 08:35:48 +01:00
Edward Abrams
b247b1432f fix(heartbeat): multi-agent cadence — parallel broadcast, per-agent busy check, prompt assembly, connect-timeout, doctor warning (#80470) 
* fix(heartbeat): unblock beads cadence — parallel broadcast, agent-scoped busy check, full HEARTBEAT.md prompt, connect-timeout, doctor warning

* docs(changelog): note heartbeat cadence fixes

* fix(heartbeat): address review feedback

* fix(heartbeat): append HEARTBEAT.md directives to commitment-only task dispatch (review feedback)

* docs(changelog): extend heartbeat fix entry — commitment-only task dispatch path (review feedback)

* fix(heartbeat): clear connect timer on synchronous baseFn throw (review feedback)

When the provider stream function passed to streamWithIdleTimeout throws

synchronously during setup, the connect watchdog timer was left armed

and could fire onIdleTimeout later with a stale error, keeping the

process open past the real failure. Wrap the synchronous baseFn(...)

invocation in a try/catch that clears the connect timer before

rethrowing, and add a regression test that asserts onIdleTimeout is

not invoked after the synchronous throw.

* docs(changelog): note round-4 heartbeat fix (review feedback)

Bump the heartbeat fixes list from six to seven and document the

synchronous-baseFn-throw connect-timer cleanup added in the prior

commit.

* fix(heartbeat): honor omitted doctor target (review feedback)

* fix(heartbeat): merge doctor heartbeat defaults (review feedback)

Teach the heartbeat session-target doctor warning to enumerate the same agents as the runtime heartbeat runner and merge agents.defaults.heartbeat with per-agent overrides before checking pinned sessions.

Add regression coverage for default-only heartbeat.session pins and explicit agent heartbeat entries that inherit the default session.

Validation:
- pnpm test src/commands/doctor-heartbeat-session-target.test.ts
- pnpm tsgo:core
- pnpm tsgo:core:test
- pnpm config:schema:check
- pnpm exec oxlint src/commands/doctor-heartbeat-session-target.ts src/commands/doctor-heartbeat-session-target.test.ts
- pnpm exec oxfmt --check src/commands/doctor-heartbeat-session-target.ts src/commands/doctor-heartbeat-session-target.test.ts
- git diff --check

Beads: openclaw-8zp

* test(heartbeat): avoid redundant doctor assertion (review feedback)

The CI lint shard flags the non-null assertion in the heartbeat doctor regression test. Keep the same test setup while using an explicit guard so the test still narrows the fixture before mutating the heartbeat entry.

Validation:
- pnpm exec oxlint src/commands/doctor-heartbeat-session-target.test.ts
- pnpm test src/commands/doctor-heartbeat-session-target.test.ts
- pnpm tsgo:core:test
- git diff --check

Beads: openclaw-8zp

* docs(config): refresh baseline after heartbeat branch update

* fix(heartbeat): narrow doctor session warnings (review feedback)
 2026-05-12 14:36:25 -07:00
clawsweeper[bot]
d44553dade fix(gateway): wire max_completion_tokens/max_tokens through openai-http (#81013) 
Summary:
- The branch adds Chat Completions token-cap fields to the Gateway request type, forwards them as agent stream parameters, and documents/tests the behavior.
- Reproducibility: yes. Source inspection gives a high-confidence current-main path: send `max_completion_toke ... tokens` to `/v1/chat/completions` and observe that the current handler never sets `streamParams.maxTokens`.

Automerge notes:
- PR branch already contained follow-up commit before automerge: fix(gateway): wire max_completion_tokens/max_tokens through openai-http

Validation:
- ClawSweeper review passed for head a9c39f7d4a.
- Required merge gates passed before the squash merge.

Prepared head SHA: a9c39f7d4a
Review: https://github.com/openclaw/openclaw/pull/81013#issuecomment-4430303959

Co-authored-by: Bingsen <dingheng.huang@urbanic.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
 2026-05-12 12:08:07 +00:00
Super Zheng
a92d5fe77d feat(agents): make run loop retry limits configurable in openclaw.json (#80661) 
Merged via squash.

Prepared head SHA: d595d51a5a
Co-authored-by: medns <1575008+medns@users.noreply.github.com>
Co-authored-by: odysseus0 <8635094+odysseus0@users.noreply.github.com>
Reviewed-by: @odysseus0
 2026-05-12 04:43:12 -07:00
Pavan Kumar Gondhi
da6f32bedf fix(gateway): honor minimal discovery mode for wide-area DNS-SD [AI] (#80903) 
* fix: respect discovery mode for wide-area cli path

* addressing codex review

* docs: add changelog entry for PR merge
 2026-05-12 16:03:50 +05:30
Alex Naidis
a290cd633f fix(doctor): repair managed plugin peer links 
Repair managed npm plugin OpenClaw peer links across doctor, install, and update flows.

- relink `peerDependencies.openclaw` packages under managed npm roots during doctor repair
- make read-only doctor preview broken peer links with a `doctor --fix` hint
- reject target plugin installs when their own peer link cannot be repaired, without blocking unrelated installs for stale sibling packages
- preserve update warning behavior for unrepairable package-local `node_modules`

Verification:
- `pnpm test src/plugins/plugin-peer-link.test.ts src/plugins/install.test.ts src/plugins/install.npm-spec.test.ts src/plugins/update.test.ts src/commands/doctor-plugin-registry.test.ts src/commands/doctor/repair-sequencing.test.ts -- --reporter=verbose`
- `pnpm exec oxfmt --check --threads=1 ...`
- `git diff --check`
- Crabbox/Testbox `tbx_01krde1jx199rnpm2rv1rdcj76`: focused tests + `pnpm check:changed`, exit 0
- Real CLI proof in PR body: read-only `openclaw doctor` warning plus `openclaw doctor --fix` symlink repair

Thanks @TheCrazyLex.
 2026-05-12 07:49:08 +01:00
Kevin Lin
8954c03231 fix(codex): default plugin destructive actions on (#80792) 2026-05-11 16:50:15 -07:00
Kevin Lin
f5b0eca12a docs: reorganize tools automation nav (#80116) 
* docs: reorganize tools automation nav

* docs: add nav spec glossary terms

* docs: refresh nav spec validation

* docs: keep capabilities nav grouped

* docs: refactor tools overview

* docs: restore tools overview coverage

* add doc refactor skill

* docs: mark refactored docs schema

* docs: remove refactor specs from pr

* docs: rename tools overview header
 2026-05-11 15:59:27 -07:00
Val Alexander
51b73b39a8 fix(auth): align operator bootstrap scopes 
Preserve full shared-token operator sessions while reusing bootstrap/cached device-token scopes for handoff reconnects.

Surface device-token scope mismatches as AUTH_SCOPE_MISMATCH and stop reconnect retry loops without clearing valid stored tokens.

Fixes #79292.
Supersedes #79314, #79296, #79295.
 2026-05-11 14:14:33 -05:00
AI-HUB
578fad471a docs(subagents): document announce timeout (#75509) 
Document agents.defaults.subagents.announceTimeoutMs in the sub-agent and configuration references, and align the exported type comment with the runtime default.

Thanks @akrimm702.

Co-authored-by: AI-HUB <144416483+akrimm702@users.noreply.github.com>
 2026-05-11 19:33:50 +01:00
jesse-merhi
79c2ed9065 feat: make exec command highlighting optional 2026-05-12 03:59:30 +10:00
samzong
380a679313 feat(cron): add direct job lookup 
Signed-off-by: samzong <samzong.lu@gmail.com>
 2026-05-11 18:47:46 +01:00
Omar Shahine
efc8641393 fix: add channel status filtering (#80706) 
Summary:
- Add `openclaw channels status --channel <name>` filtering through CLI, gateway protocol, and fallback status rendering.
- Document the BlueBubbles-to-iMessage cutover path so operators can probe iMessage without starting both monitors.
- Refresh generated Swift protocol model for the new optional channel status parameter.

Verification:
- `pnpm test src/gateway/server-methods/channels.status.test.ts src/commands/channels.status.command-flow.test.ts src/cli/program/routes.test.ts -- --reporter=verbose`
- `CI=true pnpm check:docs`
- `pnpm protocol:check`
- `git diff --check`
- `node scripts/check-changelog-attributions.mjs`
- CI head `45b27e3866`: focused/docs/protocol shards green locally; GitHub broad/scanner jobs queued for runners at merge attempt time; `Real behavior proof` failure is the maintainer-ignorable external-real-proof complaint.
 2026-05-11 18:44:54 +01:00
Peter Steinberger
694f40fcee fix: constrain Codex app-server sandbox 2026-05-11 18:23:00 +01:00
Jerran C.
530b892f06 feat(tools): add per-sender tool policies (#66933) 
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-05-11 18:01:39 +01:00
FullerStackDev
b8e9492086 fix(bonjour): back off probing watchdog repairs 2026-05-11 15:42:39 +01:00
Lellansin
0e6aca34db fix(gateway): align OpenAI chat completions tool protocol 
fix(gateway): remove unnecessary type assertion in buildAgentPrompt

fix(gateway): reject unsupported forced tool_choice modes

tool_choice=required and named function tool_choice are now rejected
with invalid_request_error until hard enforcement is implemented
at the agent runtime layer. Only auto and none remain supported.

docs: update Chat Completions tool_choice contract to match rejection behavior

Only auto and none are currently accepted; required and named
function tool_choice are rejected until hard enforcement exists.
 2026-05-11 13:06:05 +01:00
Peter Steinberger
d90ab9a13f feat(session): raise ping-pong turn ceiling 
Co-authored-by: Thirumalesh <thirumaleshpinninti@gmail.com>
 2026-05-11 04:24:19 +01:00
Peter Steinberger
15cf49222f build: refresh deps and route testbox through crabbox 2026-05-11 03:41:00 +01:00
Peter Steinberger
3f815fad12 fix(gateway): widen native protocol compatibility 2026-05-11 01:38:23 +01:00
Vincent Koc
8dc221121c docs(gateway): fix configuration-examples to use schema-correct agents.defaults paths 
The page used the legacy top-level agent: { ... } shape and a top-level
identity: { ... } block. Both are rejected by OpenClawSchema today
(see src/config/zod-schema.ts and the legacy rejection test in
src/config/config.legacy-config-detection.accepts-imessage-dmpolicy.test.ts).

Fixes:
- 6 examples: agent: { workspace, model, elevated } -> agents.defaults.*
- agents.defaults.elevated.enabled (non-existent) -> agents.defaults.elevatedDefault (off|on|ask|full per src/config/zod-schema.agent-defaults.ts:245)
- top-level identity: blocks moved into agents.list[].identity (canonical form per docs/gateway/config-agents.md and AgentEntrySchema)
- Expanded example identity merged into the existing main agent entry rather than a duplicate agents: block
 2026-05-11 08:20:45 +08:00