Peter Steinberger
8bdda7a651
fix(security): keep DM pairing allowlists out of group auth
2026-02-26 12:58:18 +01:00
Peter Steinberger
caace61ba1
chore: bump versions to 2026.2.26
2026-02-26 12:11:02 +01:00
Gustavo Madeira Santana
1ffc319831
Doctor: keep allowFrom account-scoped in multi-account configs
2026-02-26 05:34:58 -05:00
Onur Solmaz
a7d56e3554
feat: ACP thread-bound agents ( #23580 )
...
* docs: add ACP thread-bound agents plan doc
* docs: expand ACP implementation specification
* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup
* feat(acp): add /acp commands and Discord spawn gate
* ACP: add acpx runtime plugin backend
* fix(subagents): defer transient lifecycle errors before announce
* Agents: harden ACP sessions_spawn and tighten spawn guidance
* Agents: require explicit ACP target for runtime spawns
* docs: expand ACP control-plane implementation plan
* ACP: harden metadata seeding and spawn guidance
* ACP: centralize runtime control-plane manager and fail-closed dispatch
* ACP: harden runtime manager and unify spawn helpers
* Commands: route ACP sessions through ACP runtime in agent command
* ACP: require persisted metadata for runtime spawns
* Sessions: preserve ACP metadata when updating entries
* Plugins: harden ACP backend registry across loaders
* ACPX: make availability probe compatible with adapters
* E2E: add manual Discord ACP plain-language smoke script
* ACPX: preserve streamed spacing across Discord delivery
* Docs: add ACP Discord streaming strategy
* ACP: harden Discord stream buffering for thread replies
* ACP: reuse shared block reply pipeline for projector
* ACP: unify streaming config and adopt coalesceIdleMs
* Docs: add temporary ACP production hardening plan
* Docs: trim temporary ACP hardening plan goals
* Docs: gate ACP thread controls by backend capabilities
* ACP: add capability-gated runtime controls and /acp operator commands
* Docs: remove temporary ACP hardening plan
* ACP: fix spawn target validation and close cache cleanup
* ACP: harden runtime dispatch and recovery paths
* ACP: split ACP command/runtime internals and centralize policy
* ACP: harden runtime lifecycle, validation, and observability
* ACP: surface runtime and backend session IDs in thread bindings
* docs: add temp plan for binding-service migration
* ACP: migrate thread binding flows to SessionBindingService
* ACP: address review feedback and preserve prompt wording
* ACPX plugin: pin runtime dependency and prefer bundled CLI
* Discord: complete binding-service migration cleanup and restore ACP plan
* Docs: add standalone ACP agents guide
* ACP: route harness intents to thread-bound ACP sessions
* ACP: fix spawn thread routing and queue-owner stall
* ACP: harden startup reconciliation and command bypass handling
* ACP: fix dispatch bypass type narrowing
* ACP: align runtime metadata to agentSessionId
* ACP: normalize session identifier handling and labels
* ACP: mark thread banner session ids provisional until first reply
* ACP: stabilize session identity mapping and startup reconciliation
* ACP: add resolved session-id notices and cwd in thread intros
* Discord: prefix thread meta notices consistently
* Discord: unify ACP/thread meta notices with gear prefix
* Discord: split thread persona naming from meta formatting
* Extensions: bump acpx plugin dependency to 0.1.9
* Agents: gate ACP prompt guidance behind acp.enabled
* Docs: remove temp experiment plan docs
* Docs: scope streaming plan to holy grail refactor
* Docs: refactor ACP agents guide for human-first flow
* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow
* Docs/Skill: add OpenCode and Pi to ACP harness lists
* Docs/Skill: align ACP harness list with current acpx registry
* Dev/Test: move ACP plain-language smoke script and mark as keep
* Docs/Skill: reorder ACP harness lists with Pi first
* ACP: split control-plane manager into core/types/utils modules
* Docs: refresh ACP thread-bound agents plan
* ACP: extract dispatch lane and split manager domains
* ACP: centralize binding context and remove reverse deps
* Infra: unify system message formatting
* ACP: centralize error boundaries and session id rendering
* ACP: enforce init concurrency cap and strict meta clear
* Tests: fix ACP dispatch binding mock typing
* Tests: fix Discord thread-binding mock drift and ACP request id
* ACP: gate slash bypass and persist cleared overrides
* ACPX: await pre-abort cancel before runTurn return
* Extension: pin acpx runtime dependency to 0.1.11
* Docs: add pinned acpx install strategy for ACP extension
* Extensions/acpx: enforce strict local pinned startup
* Extensions/acpx: tighten acp-router install guidance
* ACPX: retry runtime test temp-dir cleanup
* Extensions/acpx: require proactive ACPX repair for thread spawns
* Extensions/acpx: require restart offer after acpx reinstall
* extensions/acpx: remove workspace protocol devDependency
* extensions/acpx: bump pinned acpx to 0.1.13
* extensions/acpx: sync lockfile after dependency bump
* ACPX: make runtime spawn Windows-safe
* fix: align doctor-config-flow repair tests with default-account migration (#23580 ) (thanks @osolmaz)
2026-02-26 11:00:09 +01:00
Gustavo Madeira Santana
dfa0b5b4fc
Channels: move single-account config into accounts.default ( #27334 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 50b57718085599352+gumadeiras@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-02-26 04:06:03 -05:00
Sid
c289b5ff9f
fix(config): preserve agent-level apiKey/baseUrl during models.json merge ( #27293 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 6b4b37b03d201593046+Sid-Qin@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-02-26 03:46:36 -05:00
yinghaosang
92c309f2e1
docs: fix wrong Providers link in configuration examples
2026-02-26 02:41:07 -06:00
Gustavo Madeira Santana
96c7702526
Agents: add account-scoped bind and routing commands ( #27195 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: ad35a458a55599352+gumadeiras@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-02-26 02:36:56 -05:00
Gustavo Madeira Santana
f08fe02a1b
Onboarding: support plugin-owned interactive channel flows ( #27191 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 53872cf8e75599352+gumadeiras@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-02-26 01:14:57 -05:00
Gustavo Madeira Santana
91a3f0a3fe
pairing: enforce strict account-scoped state
2026-02-26 00:31:24 -05:00
Peter Steinberger
35976da7a0
fix: harden Docker/GCP onboarding flow ( #26253 ) (thanks @pandego)
2026-02-26 04:46:18 +00:00
pandego
e8197404d0
Docker/docs: reduce docker build OOM risk on small GCP hosts
2026-02-26 04:46:18 +00:00
Peter Steinberger
cb3e5c35b0
docs: fix onboarding markdown list spacing
2026-02-26 05:23:30 +01:00
Peter Steinberger
4ada143794
docs(heartbeat): add directPolicy to config examples
2026-02-26 03:59:38 +01:00
Peter Steinberger
8a006a3260
feat(heartbeat): add directPolicy and restore default direct delivery
2026-02-26 03:57:03 +01:00
Peter Steinberger
b8bb8ab3ca
docs: clarify personal-by-default onboarding security notice
2026-02-26 02:59:34 +01:00
Peter Steinberger
c736f11a16
fix(gateway): harden browser websocket auth chain
2026-02-26 01:22:49 +01:00
Peter Steinberger
e56b0cf1a0
fix: enforce telegram reaction authorization
2026-02-26 01:03:03 +01:00
Peter Steinberger
42f455739f
fix(security): clarify denyCommands exact-match guidance
2026-02-26 00:55:35 +01:00
Peter Steinberger
eb73e87f18
fix(session): prevent silent overflow on parent thread forks ( #26912 )
...
Lands #26912 from @markshields-tl with configurable session.parentForkMaxTokens and docs/tests/changelog updates.
Co-authored-by: Mark Shields <239231357+markshields-tl@users.noreply.github.com >
2026-02-25 23:54:02 +00:00
Peter Steinberger
8f3310000a
refactor(macos): remove anthropic oauth onboarding flow
2026-02-26 00:17:03 +01:00
Peter Steinberger
8f5f599a34
docs(security): note narrow filesystem roots for tool access
2026-02-25 05:10:10 +00:00
Peter Steinberger
52d933b3a9
refactor: replace bot.molt identifiers with ai.openclaw
2026-02-25 05:03:24 +00:00
Peter Steinberger
480cc4b85c
chore: roll to 2026.2.25 unreleased
2026-02-25 03:35:33 +00:00
Peter Steinberger
069c495df6
docs: clarify pairing commands in faq and troubleshooting
2026-02-25 02:50:17 +00:00
Peter Steinberger
c2a837565c
docs: fix configure section example
2026-02-25 02:44:49 +00:00
Peter Steinberger
bfafec2271
docs: expand doctor and devices CLI references
2026-02-25 02:41:13 +00:00
Peter Steinberger
a12cbf8994
docs: refresh CLI and trusted-proxy docs
2026-02-25 02:40:12 +00:00
Peter Steinberger
24d7612ddf
refactor(heartbeat): harden dm delivery classification
2026-02-25 02:13:07 +00:00
Peter Steinberger
a805d6b439
fix(heartbeat): block dm targets and internalize blocked prompts
2026-02-25 02:05:45 +00:00
Peter Steinberger
eb4a93a8db
refactor(sandbox): share container-path utils and tighten fs bridge tests
2026-02-25 01:59:53 +00:00
Peter Steinberger
e2362d352d
fix(heartbeat): default target none and internalize relay prompts
2026-02-25 01:28:47 +00:00
Peter Steinberger
ee6fec36eb
docs(discord): document DAVE defaults and decrypt recovery
2026-02-25 00:28:06 +00:00
Peter Steinberger
9cd50c51b0
fix(discord): harden voice DAVE receive reliability ( #25861 )
...
Reimplements and consolidates related work:
- #24339 stale disconnect/destroyed session guards
- #25312 voice listener cleanup on stop
- #23036 restore @snazzah/davey runtime dependency
Adds Discord voice DAVE config passthrough, repeated decrypt failure
rejoin recovery, regression tests, docs, and changelog updates.
Co-authored-by: Frank Yang <frank.ekn@gmail.com >
Co-authored-by: Do Cao Hieu <admin@docaohieu.com >
2026-02-25 00:19:50 +00:00
Peter Steinberger
b4010a0b62
fix(zalo): enforce group sender policy in groups
2026-02-24 23:30:43 +00:00
Peter Steinberger
9fccf60733
refactor(synology-chat): centralize DM auth and fail fast startup
2026-02-24 23:28:40 +00:00
Peter Steinberger
14b6eea6e3
feat(sandbox): block container namespace joins by default
2026-02-24 23:20:34 +00:00
Peter Steinberger
0ee30361b8
fix(synology-chat): fail closed empty allowlist
2026-02-24 23:18:17 +00:00
Peter Steinberger
b67e600bff
fix(security): restrict default safe-bin trusted dirs
2026-02-24 23:13:37 +00:00
Peter Steinberger
e806b34779
chore: remove changelog add helper script
2026-02-24 15:33:09 +00:00
Peter Steinberger
d18ae2256f
refactor: unify channel plugin resolution, family ordering, and changelog entry tooling
2026-02-24 15:15:22 +00:00
Peter Steinberger
370d115549
fix: enforce workspaceOnly for native prompt image autoload
2026-02-24 14:47:59 +00:00
zzzz
31b1b20b3c
docs: add WeChat community plugin listing
...
Add @icesword760/openclaw-wechat to the community plugins page.
This plugin connects OpenClaw to WeChat personal accounts via
WeChatPadPro (iPad protocol) with support for text, image, and
file exchange.
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-02-24 08:41:28 -06:00
Peter Steinberger
8cc841766c
docs(security): enumerate dangerous config parameters
2026-02-24 14:25:43 +00:00
Peter Steinberger
4d124e4a9b
feat(security): warn on likely multi-user trust-model mismatch
2026-02-24 14:03:19 +00:00
Peter Steinberger
2bad30b4d3
chore(release): bump version to 2026.2.24
2026-02-24 13:42:43 +00:00
Peter Steinberger
8ea936cdda
docs: clarify prompt caching intro
2026-02-24 05:22:00 +00:00
Peter Steinberger
8c5cf2d5b2
docs(subagents): document default runTimeoutSeconds config ( #24594 ) (thanks @mitchmcalister)
2026-02-24 04:22:43 +00:00
Kriz Poon
1fdaaaedd3
Docs: clarify Chrome extension relay port derivation (gateway + 3)
2026-02-24 04:16:08 +00:00
Peter Steinberger
aea28e26fb
fix(auto-reply): expand standalone stop phrases
2026-02-24 04:02:43 +00:00
