Add inline docker build commands for npm-installed users who don't have the
source checkout scripts. Update all docs referencing sandbox-setup.sh,
sandbox-common-setup.sh and sandbox-browser-setup.sh to note they are
source-checkout-only and link to the new inline instructions.
Fixes#75485.
Adds `agents.defaults.skipOptionalBootstrapFiles` for optional workspace bootstrap files, validates the supported filenames, and propagates the option through workspace bootstrap callers.
Also preserves legacy setup detection when `USER.md` or `IDENTITY.md` are intentionally skipped, documents the config field, and includes focused regression coverage.
Landing follow-up included small CI unblockers for current-base drift: removing an unused Brave runtime dependency, fixing Telegram RTT lint, and preserving compatible gateway-bindable plugin registry cache reuse when runtime ensures disable bundled dependency installation.
Adds the SDK-facing tools.invoke Gateway RPC for #74705.
Reuses the /tools/invoke policy path for tool policy, deny-list, owner filtering, before-tool-call hooks, session/agent scoping, and plugin approval handling. Returns typed SDK approval/refusal/success results while preserving HTTP compatibility and uses idempotencyKey as the stable tool-call id.
Includes protocol schema exports, method scope/list registration, SDK helper/types, docs, generated Swift models, tests, and changelog credit.
Summary:
- The PR adds payment-credential redaction patterns and a key-aware structured field redaction helper, wires it into tool payload sanitization, and updates focused tests, logging docs, and the changelog.
ClawSweeper fixups:
- No separate fixup commits were needed after automerge opt-in.
Validation:
- ClawSweeper review passed for head 5f5f1fadbb.
- Required merge gates passed before the squash merge.
Prepared head SHA: 5f5f1fadbb
Review: https://github.com/openclaw/openclaw/pull/75230#issuecomment-4355538755
Co-authored-by: stainlu <stainlu@newtype-ai.org>
Summary:
- The PR removes the auto-reply runtime warning for visible-reply defaults, adds doctor preview warnings and tests for message-tool visibility policy mismatches, and updates the group/channel docs and changelog wording.
ClawSweeper fixups:
- No separate fixup commits were needed after automerge opt-in.
Validation:
- ClawSweeper review passed for head 1f96b3b568.
- Required merge gates passed before the squash merge.
Prepared head SHA: 1f96b3b568
Review: https://github.com/openclaw/openclaw/pull/75367#issuecomment-4357475980
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Keep async music generation completions on the requester-session wake path even when direct-send completion is enabled.
Also aligns config help, generated schema text, public docs, and the changelog so tools.media.asyncCompletion.directSend no longer claims to direct-send music completions.
Verification:
- pnpm test src/agents/tools/music-generate-background.test.ts src/agents/tools/video-generate-background.test.ts
- pnpm exec oxfmt --check --threads=1 src/agents/tools/media-generate-background-shared.ts src/agents/tools/music-generate-background.ts src/agents/tools/music-generate-background.test.ts src/config/schema.help.ts src/config/types.tools.ts docs/automation/tasks.md docs/gateway/config-tools.md CHANGELOG.md
- pnpm config:schema:check
- pnpm config:docs:check
- pnpm check:changelog-attributions
- git diff --check
- OPENCLAW_TESTBOX=1 pnpm check:changed
Derive context-window guard thresholds from the effective model window, keeping 10% hard-min and 20% warning ratios with 4k/8k floors.
Stop the embedded runner from forcing old fixed guard overrides so runtime admission uses the dynamic resolver.
Validation:
- CI run 25151866833 passed, including build-artifacts and checks-node-channels.
- Parity gate 25151866868 passed.
- Testbox pnpm test:channels passed: 54 files / 433 tests.
Fixes#42999.
Prepared head SHA: 9c80383639
Add reasoningDefault support under agents.defaults and preserve the existing per-agent/session/inline override order.
Includes authorization gating for configured reasoning state, /status coverage, config schema/docs baseline updates, and regression tests for the reply and status paths. Also carries the related cron startup-run preservation fix and CI test stabilization needed for this PR branch.
Validated locally with pnpm check:changed, the focused Vitest bundle for touched gateway/cron/auto-reply/plugin-sdk/tooling tests, pnpm config:docs:check, and git diff --check. GitHub checks are green on the merged head; Greptile latest visible review is 4/5 with no P0/P1 findings.
For c2d31a5e59: docs/gateway/security/index.md "External content
special-token sanitization" section already mentions the outbound
sanitizer with `<tool_call>` and `<function_calls>` examples, but it
predates the new internal-runtime-scaffolding stripping that targets
`<system-reminder>` and `<previous_response>` tags. Adds those two tags
as explicit examples and notes the final channel delivery boundary so
operators reading the security page see the same coverage exposed by
the c2d31a5e59 sanitizer.
Add opt-in `sandbox.docker.gpus` config plumbing for Docker sandbox containers.
- thread the optional GPU passthrough field through config types, schema, resolution, and Docker create args
- reject empty config values and emit `--gpus` as a separate Docker argv pair
- document the Docker-only behavior and credit the original contributor in the changelog
Fixes#57976.
Carries forward #58124 from @cyan-ember.
Co-authored-by: cyan-ember <5855097+cyan-ember@users.noreply.github.com>
For 47dc9f7fc0: docs/gateway/sandboxing.md now warns under "Build the default
image" that OpenClaw no longer silently retags plain debian:bookworm-slim as
openclaw-sandbox:bookworm-slim when the default image is missing. Sandbox runs
fail with a build instruction so the python3 tooling required by sandbox
write/edit helpers is preserved instead of being silently dropped.
- docs/concepts/model-providers.md: add proxy-route shaping rule for the
09ec5d2c4d fix that suppresses implicit Anthropic beta headers
(`claude-code-20250219`, `interleaved-thinking-2025-05-14`, OAuth markers)
on non-direct endpoints, parallel to the existing OpenAI
`compat.supportsDeveloperRole` rule.
- docs/gateway/cli-backends.md: add a "Fallback prelude from claude-cli
sessions" section for a96f1fa5ef so users know that non-CLI fallback
candidates after a claude-cli failure are now seeded with a context prelude
harvested from Claude Code's `~/.claude/projects/` JSONL (preferring the
latest `/compact` summary, coalescing tool blocks, skipping same-provider
`--resume` fallbacks).
