Commit Graph

14824 Commits

Author SHA1 Message Date
Dallin Romney
194dd6fe50 refactor(security): consolidate secret primitives (#99746)
* refactor(security): consolidate secret primitives

* fix(plugin-sdk): align secret display metadata

* chore(plugin-sdk): refresh API baseline after rebase

* refactor(security): trim secret primitive consolidation
2026-07-04 16:38:13 -07:00
Dallin Romney
dc3b5df684 refactor(types): remove redundant local aliases (#100061)
* refactor(models): remove redundant generation model ref alias

* refactor(types): remove redundant local aliases

* refactor(types): preserve shipped model ref type
2026-07-04 16:34:47 -07:00
Peter Steinberger
be8b5f6c4f fix(slack): preserve custom identity while streaming (#100084)
Use supported chat.startStream authorship and avoid edit-based previews when custom identity cannot stream.

Co-authored-by: MoerAI <friendnt@g.skku.edu>
2026-07-04 18:56:36 -04:00
Peter
526c024fc0 fix(slack): preserve interaction thread status (#82895)
* fix(slack): preserve interaction thread status

Co-authored-by: Intern Dev <dev@wukongai.io>

* test(slack): type message thread timestamps

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Intern Dev <dev@wukongai.io>
2026-07-04 18:56:11 -04:00
Shakker
65e12328aa feat: refactor the Control UI architecture
Refactor the Control UI around route-owned page lifecycle and state while preserving existing behavior and design.

Prepared head SHA: bd51b6fa76
Co-authored-by: Shakker <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
2026-07-04 23:19:38 +01:00
Gio Della-Libera
144e5894f6 fix(policy): honor node command deny overrides 2026-07-04 15:06:10 -07:00
Gio Della-Libera
997f74f42b policy: cover gateway node commands 2026-07-04 15:06:10 -07:00
xingzhou
27d6c88167 feat: add utility models and generated session titles (#87643)
* feat: add utility model session titles

* docs: clarify utility model calls

* fix: budget utility title reasoning

* docs: refresh config baseline

* docs: refresh plugin sdk baseline

* docs: refresh plugin sdk baseline

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 17:24:51 -04:00
Peter Steinberger
bbb744269f test: make the local pnpm test gate green on macOS hosts (#100069)
Fixes 21 macOS-only failing test cases across three classes: canonicalized fixture roots (macOS /var -> /private/var tmpdir symlink vs production realpathing), load-tolerant process-spawn tests (content-gated pid files, readiness-sequenced kill windows, bounded-window timer assertions), and cross-file worker leak guards (skip-channel env, gateway token env, imessage runtime singleton). Test-only; no production changes. Fixes #100025.
2026-07-04 17:17:42 -04:00
Jason (Json)
0221544190 fix(release): block stale Codex runtime pins (#100015)
Prevents opted-in plugin runtime dependencies from being published with stale
registry pins. The same freshness assertion now guards both npm and ClawHub
release paths, including the managed Codex runtime.

Prepared head SHA: d5d0ecba4b
Reviewed-by: @fuller-stack-dev

Closes #99951
2026-07-04 15:13:31 -06:00
Dizesales
ff58d23e8f fix(telegram): resolve local Bot API container file paths against trustedLocalFileRoots [AI-assisted] (#91984)
* fix(telegram): resolve local Bot API container file paths against trustedLocalFileRoots

When the self-hosted telegram-bot-api server runs with --local inside a
container, getFile returns absolute file_path values rooted at the
container data dir (/var/lib/telegram-bot-api/...). The host process
mounts that volume at a different path, so the absolute path never
matches a trustedLocalFileRoots entry and inbound media fails to
materialize (messages reach the agent as bare <media:document>
placeholders without bytes).

Map container-absolute paths back to relative candidates and resolve
them under each trusted root, trying both with and without the
per-token directory segment the local server uses. Relative file_path
values are now also resolved against trusted roots before falling back
to the HTTP file endpoint, which keeps large-file (>20MB) local-mode
downloads working.

Path traversal protections: candidates are normalized, NUL bytes and
dot-segments are rejected, and reads stay behind the trusted-roots
file-access sandbox.

AI-assisted (Claude Code), validated with targeted vitest run.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

Co-Authored-By: Dizesales <269209351+Dizesales@users.noreply.github.com>

* fix(telegram): map local Bot API container media paths

Co-authored-by: Lucas Magalhaes <ellucasrj@gmail.com>

* chore(config): refresh channel metadata

---------

Co-authored-by: Lucas Magalhaes <ellucasrj@gmail.com>
Co-authored-by: Dizesales <269209351+Dizesales@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 17:07:51 -04:00
grifjef
7a0188cbd2 fix(memory-core): treat dreaming fence marker lines as inside-fence in promotion guard (#83718)
The lineRangeOverlapsDreamingFence guard tracked insideFence state from
the marker lines but did not flag ranges that included the marker lines
themselves. A relocated promotion range that ended on a start marker,
began on an end marker, or covered only a marker line passed the guard,
and the snippet built from those raw lines carried the marker text into
MEMORY.md.

Treat marker lines as inside-fence content for range overlap purposes
and add unit + integration coverage. The integration test exercises the
real applyShortTermPromotions path: pre-patch a recall whose stored
snippet is the start-marker text produces a 'Promoted From Short-Term
Memory' entry containing the literal marker; post-patch the same input
yields applied=0 and no MEMORY.md write. Refs #80613.
2026-07-04 13:01:04 -07:00
Vincent Koc
2f6459093a improve(web-fetch): speed up provider fallback loading (#98559)
* perf(web-fetch): add web fetch benchmark

* perf(web-fetch): cache provider fallback resolution

* perf(firecrawl): avoid duplicate scrape payload wrapping

* perf(web-readability): reuse void tag lookup

* fix(web-fetch): keep provider cache live

* fix(web-fetch): invalidate provider cache on registry swap

* perf(web-fetch): reduce html extraction overhead

* fix(web-fetch): bound provider discovery cache

* perf(web-fetch): avoid full plugin load on fallback
2026-07-04 12:47:10 -07:00
Dallin Romney
6c53dfa1df refactor(infra): consolidate bounded HTTP body reads (#99744)
* refactor(infra): consolidate bounded HTTP body reads

* fix(plugin-sdk): preserve HTTP body export boundaries
2026-07-04 12:15:57 -07:00
Peter Steinberger
614e87cce1 chore: update dependencies (#100027) 2026-07-04 14:56:50 -04:00
Peter Steinberger
77f0f40bb1 fix(telegram): surface inbound media fetch failures (#100051) 2026-07-04 14:54:43 -04:00
notask-007
94ff3c6b85 fix(slack): include attachment text in thread context (#97727)
* fix(slack): include attachment text in thread context

* fix(slack): cover attachment block fallback

* fix(slack): collect full block thread text

* refactor(slack): share thread block text extraction

Co-authored-by: notask-007 <37237335+chthtlo@users.noreply.github.com>

---------

Co-authored-by: notask-007 <>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 14:49:43 -04:00
Dallin Romney
939f9aeff5 test(qa): record Matrix route state inventory (#100039) 2026-07-04 11:48:18 -07:00
Dallin Romney
dbdaad1c2e refactor(providers): table-drive paired catalogs (#99777) 2026-07-04 11:35:55 -07:00
Peter Steinberger
6df0fb818d feat: add session thread management (#98510)
* feat: add session thread management

Squash of codex/thread-management (025aefc3ad1) onto origin/main:
pin/archive/rename sessions via sessions.patch, archived-aware
sessions.list, lifecycle fencing, read-only archived chat, SDK +
Swift protocol support, Control UI session management.

* refactor(ui): minimal session rows with hover-revealed management

Chat picker and sidebar recents share session-row primitives: single-line
rows, relative timestamps, rename/archive/pin revealed on hover or focus,
accent pin badge for pinned rows, and an active-run spinner in the trail
slot. Sidebar floats pinned sessions above recency via the shared
comparator and gains archive/pin actions through the unified sessions-view
patch fallback. Archive eligibility is one shared policy
(canArchiveSessionRow); the sidebar/picker active-run tooltip now uses the
real sessionsView.activeRun locale key.

* fix: align session admission with mailbox-era main

Integration fixes after rebasing onto current main: sessions_list mailbox
test expectations learn the archived/pinned row fields and archived:false
list param; gateway agent admission treats a session as deleted only when
both the requested and canonical alias sets miss it (legacy bare-main
stores and exec-approval followups read under different spellings); cron
persist tests keep a consistent store across claim-guarded persist calls;
the ACP abort hook test asserts abort propagation instead of signal
identity; drop dead lifecycle writes flagged by no-useless-assignment and
fix the promise-executor return in the codex compact test.

* fix(qa): align UI e2e and shard fixtures with redesigned session rows

Sidebar session rows are wrapper divs with an inner link now: update the
navigation browser tests and chat-flow Playwright selectors. Seed a real
per-test session store for the auto-fallback admission guard instead of
depending on leftover host files at /tmp/sessions.json. Teach the
test-projects routing fixture about the suites that newly import the
shared temp-dir helper. Document the Codex thread-format contract for
archivedAt/pinnedAt (flag derived from server-stamped timestamp, epoch ms
here vs Codex epoch seconds) at the type and in the session docs.

* test: route auto-fallback suite through temp-dir helper plans

The auto-fallback suite now imports the shared temp-dir helper for its
seeded session store, so the top-level helper routing fixture must list
it in the auto-reply plan.
2026-07-04 14:30:47 -04:00
sunlit-deng
3644946230 fix(acpx): handle MCP proxy stdio pipe errors (#99852)
* fix(acpx): handle MCP proxy stdio pipe errors

* fix(acpx): handle proxy stdout pipe failures

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-04 11:30:23 -07:00
Peter Steinberger
7a92c473c1 test(qqbot): fix macOS-only outbound media test failures
The scoped outbound media tests added in #92872 assert raw mkdtemp paths,
but prod resolvers canonicalize roots, so on macOS the /var -> /private/var
tmpdir symlink made three tests fail (green on Linux CI). Realpath the tmp
roots like sibling tests, and export the real UploadDailyLimitExceededError
from the outbound-dispatch sender.js mock so prod instanceof checks in error
paths hit real assertions instead of vitest's missing-export guard.

Also add AGENTS.md test guidance covering both patterns.
2026-07-04 19:20:22 +01:00
Dallin Romney
d96db362bd refactor(voice-call): reuse webhook path normalization (#99766) 2026-07-04 10:53:07 -07:00
Peter Steinberger
0869edc23b fix(slack): stop logging inbound message previews (#96312) 2026-07-04 13:14:09 -04:00
ash
b0476e5c8e fix(slack): include assistant loading messages (#85507)
* fix(slack): include assistant loading messages

* fix(slack): preserve assistant status wording

* fix(slack): preserve assistant status wording

* fix(slack): preserve assistant status wording

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 13:13:11 -04:00
Jonathan Tsai
6169e5ddae fix(slack): allow channel-id reads for name-allowlisted channels (#95313)
* fix(slack): allow channel-id reads for name-allowlisted channels

* fix(slack): trust API lookup for read target names

* fix(slack): resolve name-allowlisted reads safely

Co-authored-by: Jonathan Tsai <jontsai@users.noreply.github.com>

* fix(slack): resolve name-allowlisted reads safely

* fix(slack): resolve name-allowlisted reads safely

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 12:03:34 -04:00
ZOOWH
f683c9e9bd fix(slack): restore native presentation delivery (#95463)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 11:06:08 -04:00
Mason Huang
4287d2629f [codex] fix(copilot): preserve BYOK bearer auth through proxy (#99955)
Summary:
- Merged [codex] fix(copilot): preserve BYOK bearer auth through proxy after ClawSweeper review.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head ef753a9929.
- Required merge gates passed before the squash merge.

Prepared head SHA: ef753a9929
Review: https://github.com/openclaw/openclaw/pull/99955#issuecomment-4882241627

Co-authored-by: Mason Huang <masonxhuang@tencent.com>
Approved-by: hxy91819
2026-07-04 13:48:27 +00:00
Vincent Koc
787f3a2ce5 test(channels): align outbound delivery assertions 2026-07-04 15:13:16 +02:00
Peter Steinberger
706443c79b fix(slack): remove unused unsafe auth fetch helper (#99944)
* fix(slack): remove unused unsafe auth fetch helper

Co-authored-by: liyuanbin <li.yuanbin1@xydigit.com>

* fix(slack): remove unused unsafe auth fetch helper

---------

Co-authored-by: liyuanbin <li.yuanbin1@xydigit.com>
2026-07-04 08:21:32 -04:00
Peter Steinberger
65e2819136 fix(slack): warn when bot token authenticates as user (#99931)
Co-authored-by: luyifan <al3060388206@gmail.com>
2026-07-04 07:04:30 -04:00
qingminlong
bd2740fedc fix(slack): preserve time colons in interactive labels (#99877)
* fix(slack): preserve time colons in button labels

* fix(slack): preserve clock labels in interactive replies

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 03:14:13 -07:00
Peter Steinberger
82610d3b15 feat(whatsapp): add requester-bound MeowCaller calls (#99635)
* feat(whatsapp): add requester-bound MeowCaller calls

* fix(whatsapp): align MeowCaller CLI contract

* test(whatsapp): narrow MeowCaller audio path

* fix(whatsapp): budget MeowCaller setup phases

* feat(whatsapp): gate experimental calls

* fix(whatsapp): use managed call temp storage

* fix(whatsapp): preserve channel entry boundary
2026-07-04 02:19:28 -07:00
Peter Steinberger
be95bb72d4 refactor: consolidate core stream cleanup, watchdog locality, and approval text duplication (#99901)
* refactor(infra): share guarded body-stream cleanup across fetch consumers

* refactor(agents): extract shared runtime model locality for llm watchdogs

* refactor(auto-reply): share exec approval route resolution between command handlers

* refactor(plugin-sdk): share approval reaction hint text helpers

* refactor(plugin-sdk): share planned migration target resolution

* refactor(infra): use canonical sleep helper in backup retry

* docs(plugins): mention shared migration targets and reaction hint helpers

* chore(plugin-sdk): pin surface budgets for reaction hint and migration target helpers
2026-07-04 02:08:35 -07:00
Peter Steinberger
eafe2a8d0b refactor: consolidate duplicated plugin state and doctor migration plumbing onto SDK seams (#99850)
* refactor(plugin-sdk): add createPersistentDedupeCache and migrate channel presence caches

* refactor(matrix): adopt SDK approval reaction target store

* refactor(plugin-sdk): share doctor legacy-state migration fs helpers

* refactor(memory-core): dedupe qmd cache entry envelope validation

* chore(plugin-sdk): pin surface budgets for shared dedupe and doctor helpers

* test(matrix): use future approval expiry fixtures for reaction targets

* test(matrix): use future approval expiry fixtures for reaction targets
2026-07-04 01:51:03 -07:00
Peter Steinberger
3d6a2216ea feat(codex): share native threads across Codex clients (#99821)
* feat(codex): share native threads across clients

* test(codex): track coexistence temp dirs

* fix(codex): preserve native source on thread forks

* test(codex): use public temp fixtures

* fix(codex): preserve owner context for deferred tools

* fix(codex): forward owner identity to dynamic tools

* fix(codex): forward owner status to harness attempts

* docs(security): document shared Codex home

* docs(security): document shared Codex home

* docs(security): document shared Codex home
2026-07-04 01:43:21 -07:00
Peter Steinberger
55d0d037bf test(codex): expect canonical assistant text blocks in mirrored history
Session ingest has normalized legacy assistant string content into
[{ type: "text" }] blocks since #98908, which updated the core
cli-runner session-history analog but missed this extension file.
The suite only runs in full local runs and the dispatch-only
plugin-prerelease lane, so push/PR CI stayed green while local
scripts/pr prepare-gates failed on any OS.

refs #99857
2026-07-04 09:15:14 +01:00
xingzhou
741d9524be fix: outbound recovery can replay already sent replies (#99600)
* fix(outbound): avoid replaying sent recovery deliveries

* fix(outbound): persist recovery send state before ack

Co-authored-by: zhang-guiping <zhang.guiping@xydigit.com>

* fix(outbound): preserve partial send evidence across adapters

* test(line): cover multi-send delivery progress

* fix(outbound): preserve repeated receipt result multiplicity

* test(heartbeat): expect delivery progress callback

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 01:09:12 -07:00
Vincent Koc
d226afbc5c test(telegram): type inbound body fixture 2026-07-04 09:19:04 +02:00
Ayaan Zaidi
a845c0e93e fix(telegram): carry inbound addressing fact 2026-07-04 00:03:14 -07:00
Ayaan Zaidi
f48ff25b3b fix(telegram): unify rich plain fallback 2026-07-03 23:57:08 -07:00
Ayaan Zaidi
5c83b74235 fix(telegram): normalize outbound rich html 2026-07-03 23:57:08 -07:00
Sachintha Bhashitha
02b529a8cc fix(line): truncate outbound altText, location, menu, and code fields on code point boundaries (#98994)
* fix(line): truncate outbound altText, location, menu, and code fields on code-point boundaries

* fix(line): use safe truncation for receipt card altText

* fix(line): count rich menu limits by grapheme

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-03 23:46:13 -07:00
Dallin Romney
9d68f877ac test(qa): run gateway and MCP scenarios over real transports (#99735) 2026-07-03 20:26:16 -07:00
Dallin Romney
3b4092dbaa test: add executable runtime fixture canaries (#99737)
* test(qa): add runtime fixture canaries

* test(voice-call): track fixture temp directories
2026-07-03 20:22:40 -07:00
Dallin Romney
19035bdca1 fix(qa): avoid startup prewarm contention (#99368) 2026-07-03 20:14:58 -07:00
Dallin Romney
80d129212c refactor: consolidate deferred promise construction (#99755) 2026-07-03 19:55:00 -07:00
Dallin Romney
febc70036f refactor: consolidate exact boolean coercion (#99750)
* refactor: consolidate exact boolean parsing

* test: fix normalization subpath resolution

* fix: resolve normalization boolean subpath
2026-07-03 19:42:06 -07:00
Eva
faa4f4782e fix: keep OpenClaw control tools available when tool_search misroutes (#99561)
* fix(codex): keep OpenClaw control tools direct

* test(codex): refresh direct-tool prompt snapshots

* fix(codex): keep heartbeat direct only when available

* fix(codex): keep heartbeat tool schema stable

---------

Co-authored-by: Eva <eva@100yen.org>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-07-03 21:34:32 -05:00
Peter Steinberger
8250b8d02e fix(providers): resolve ClawRouter auth-profile models (#99759) 2026-07-03 19:27:46 -07:00