The provider auth overview passed the caller's synthetic-auth object
through to the JSON payload. Status hands it the full runtime shape,
which also carries the raw credential, so structural typing let live
API keys/tokens ship in a diagnostic surface (#104713). Re-project to
the declared value/source fields at the overview boundary.
Fixes#104713
* feat(gateway): flag sessions with attached automations and disable bound cron jobs on archive
Session rows now carry hasAutomation, derived from a lifecycle-owned index
over the cron service's in-memory jobs; cron events push refreshed rows so
badges stay live. sessions.patch { archived: true } disables enabled cron
jobs bound to the session (locked binding re-check, internal/operator-admin
callers only); restore intentionally does not re-enable them.
Refs #104700
* feat(ui): sidebar session state slot and worktree/automation badges
The run spinner moves into a leading state slot shared with the unread dot,
keeping the timestamp visible during runs; muted fork/clock badges sit after
the title (outside the trail/action overlap so pinned rows and touch devices
keep them). New strings localized via ui:i18n:sync (English fallback pending
a keyed translation run).
Refs #104700
* test(gateway): pin cron binding broadcast test to the event mechanism
The shard shares one process; session-store state from earlier tests can make
the row load return null, which legitimately produces a keyless refresh
payload. Row-field projection stays covered by session-utils and
session-automation-index tests.
An unprobeable api-key choice left its flag/env literals unchecked while CI
stayed green (ClawSweeper finding). The probe now supplies a real agent dir
and placeholder preflight opts (sentinel still bound to the declared
optionKey only, preserving the key-correctness proof), so every api-key
method must reach resolveApiKey — this immediately exercised
cloudflare-ai-gateway's account/gateway preflight path.
Loading built plugin dists pulls large module graphs into the shared vitest
worker cache and broke co-resident vi.mock unit tests (memory-host-sdk
embeddings, checks-node-compact-large-2). An explicit dynamic import of the
surface loader trips the lane classifier's dynamic-import rule, moving the
file to the plugins project where dist loading is the norm.
Silent skip on missing runtime registration recreated the drift class the
test guards (ClawSweeper finding); capability-only plugins now must register
zero text providers to be exempt.
context_overflow and transient (timeout/server_error/overloaded) FailoverError
reasons now classify structurally like billing/rate_limit already do, instead
of relying on message text that may lack overflow or HTTP-status tokens. A
typed transient failure without a leading status token now takes the single
transient retry; typed context overflow suppresses the generic failure reply.
Part of #104219 (row 12).
gateway-startup-plugin-ids duplicated the built-in model-API set byte-for-byte
with nothing enforcing sync; provider-config-owner now owns it. New parity
test proves bundled provider manifests and runtime provider.auth declare the
same optionKey/cliFlag/envVar/method literals, guarding against silent
wizard-vs-runtime auth drift. Part of #104219 (row 12).
Drops the last non-doctor whole-store resolveSessionStoreEntry read in the
reply pipeline; exact working-set key plus accessor disk read match the
sibling refresh sites in runPreparedReply. Part of #104219 (seam 8).
* fix(core): make indexed access explicit in auto-reply, infra, and config
Part 1/3 of the src NUIA phase-3b burn-down (#104600): iteration and
destructuring over index reads, boundary guards on parsed input, and
named invariants. Config path walkers bind the path head once; SQLite
migration key handling is hoisted without query-shape changes.
* fix(core): make indexed access explicit in cli, gateway, commands, security, shared
Part 2/3: argv/token selection restructured, gateway event/attachment
invariants named, security parsers stay fail-closed (invariant
violations throw), edit-distance matrices access checked entries.
* fix(core): make indexed access explicit across remaining src surfaces
Part 3/3: channels, plugins, process, cron, plugin-sdk, media, logging,
tui, hooks, daemon, and small directories. Latent bug fixed: a tailnet
resolver could leak undefined through a string|null contract and now
fails with a descriptive local error.
* fix(core): keep optional boundaries optional after per-commit review
Review findings: expectDefined misused where absence is a legitimate
state. CLI --profile/route-args missing next tokens take their existing
miss paths; help normalization compares --help against the last
positional again; first-time plugin install spreads absent cfg.plugins;
denylist scan iterates manifest dependency entries instead of throwing
on omitted sections; tailnet resolver returns a guaranteed string at
the source instead of a caller-side undefined throw.
* refactor(core): closed-key provider labels and honest optional passthroughs
PROVIDER_LABELS becomes a satisfies-typed closed record (static reads
provably defined; dynamic lookups go through providerUsageLabel with
honest string|undefined). Status-scan overview passes its optional
params through unchanged instead of asserting them.
* fix(channels): make getChatChannelMeta honestly optional
The original signature claimed ChatChannelMeta while leaking undefined
on bundled channel id metadata drift; three of four callers already
handled absence. The return type now says so, and the one assuming
caller falls back to the raw channel label.
* fix(core): index-safety for post-rebase main drift
Covers the sqlite-sessions flip and auth-source-plan code that landed
mid-phase, plus the channel-validation test consuming the now honestly
optional getChatChannelMeta.
* refactor(channels): split chat-meta accessors along the SDK contract
getChatChannelMeta keeps its shipped plugin-SDK signature (defined for
bundled ids, fail-loud on impossible misses); new findChatChannelMeta
carries the drift-tolerant optional contract for core auto-enable and
formatting paths.
* fix(qa-channel): own channel metadata instead of a guaranteed-undefined catalog lookup
qa-channel spread getChatChannelMeta over an id that is never in the
bundled catalog, shipping an empty setup meta by accident; the fail-loud
SDK accessor exposed it. The channel now declares its metadata once.
* fix(gateway): heartbeat projection lookahead is optional at the transcript tail
expectDefined wrapped messages[i + 1] whose absence on the final message
is the normal case; the adjacent ternary already handled it. Restores
the plain optional read with an explicit guard in the pair condition.
* fix(plugin-sdk): channel plugin factory tolerates non-bundled channel ids again
createChannelPluginBase spreads bundled catalog meta for ANY channel id,
where absence is the normal case for external plugins; the resolver is
honestly optional again while the exported bundled-id accessor keeps the
fail-loud contract.
* fix(core): spreads of optional config sections stay optional
Fresh-setup and first-install paths (crestodian setup inference, hook
installs, agent config base, target agent models) legitimately lack the
section being rebuilt; spreading undefined is the shipped {} semantics.
Removes the remaining gratuitous assertion wraps found by tree audit.
* chore: remove dead sanitizeThinkingSignatures field from transcript policy
The sanitizeThinkingSignatures field on TranscriptPolicy and
AgentRuntimeTranscriptPolicy was orphaned when the google-antigravity
provider was removed in 382fe8009a. That commit deleted the only
consumer (sanitizeSessionHistory in google.ts) but left the field
declaration in both types and the default value, plus stale
references across test fixtures.
Remove the field from:
- TranscriptPolicy type and DEFAULT_TRANSCRIPT_POLICY (transcript-policy.ts)
- AgentRuntimeTranscriptPolicy (runtime-plan/types.ts)
- All test/mock/compact-harness references (14 sites)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* chore: remove blank lines from transcript policy cleanup
---------
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Colin <colin@solvely.net>
* feat(gateway): standalone approval deep-link page
Squash-rebased #103698 segment onto the typed-actions tip on current main.
Adds the tokenless /approve/{id} standalone approval UI served by the
gateway control-UI router, gateway-store ephemeral login fix (selectGateway
only on changed URL), and approval-page i18n strings.
Drift reconciliation: union-merged i18n translation-memory caches and
regenerated locale metadata via control-ui-i18n sync (33 approvalPage keys
remain English fallbacks in minor locales, as on the original branch).
(cherry picked from commit c82f56011bfe9f0debb8ebe052f14590c187340d)
(cherry picked from commit 80f5636a8b67a3d6a5f330620541a39d4ef3fe6f)
(cherry picked from commit a3e300d337a92bf1b593a0bb52b7ec4549910a21)
(cherry picked from commit 860ad01f9658bba54cb3d59644e5e1a032c0bb3f)
(cherry picked from commit d8b697b28a847950a1797da07fc0ae4c24928492)
(cherry picked from commit 8a654e3271fd5721358812f961a7a7bb386d6726)
(cherry picked from commit 2f776d2e7bf910271fcbd9697597f6f5478b0f30)
(cherry picked from commit 14e64e6e4d763be830830801eeec1a6f17441688)
(cherry picked from commit 4df9ec828d0034fdc76540ff0fe341e599b0f281)
(cherry picked from commit e52968f4ab)
(cherry picked from commit 7214fc25013966f99ff4b2d506aa2f5f789e2113)
(cherry picked from commit c6259ff79787c759c136086e1a54c9ead8e89539)
(cherry picked from commit a58d9f271d27481615f0c94a828704c563d5354f)
(cherry picked from commit dcf1cb6d98)
* fix(ui): preserve approval page gateway auth
* fix(ui): keep approval disconnects fail closed
* style(ui): format approval disconnect copy
* feat(fleet): per-cell disk limits, egress policy, backup/restore, logs, and doctor
- fleet create --disk <size> caps the container writable layer via --storage-opt;
unsupported storage backends fail create with an actionable support-matrix
error, and the limit replays across upgrade/restore through a fleet-owned
container label because Podman inspect has no HostConfig.StorageOpt.
- fleet create --network bridge|internal adds an opt-in no-egress mode on
Podman (published loopback port keeps working, verified live); Docker
internal cells are rejected fail-closed because Docker does not publish
loopback ports on internal networks.
- fleet backup/restore: per-tenant 0600 tar archives with manifest tenant
binding, symlink/hardlink rejection, byte and path-segment budgets,
root-bounded extraction, atomic no-overwrite publish, lease fencing, and
Gateway token rotation on restore; failures preserve displaced data and
never leave a force-stopped or half-started cell serving silently.
- fleet logs: ownership-asserted, bounded, token-redacted on both streams,
with a generation re-check so a concurrent restore cannot leak a rotated
token.
- fleet doctor: read-only per-cell audit of ownership labels, health,
hardening drift, loopback port binding, token presence, network egress
mode, and 0700 state-dir permissions; any failed finding exits nonzero.
Cross-runtime checks are grounded in live-verified Docker 28/Podman 4.9
inspect shapes (CapDrop vs EffectiveCaps, missing StorageOpt, missing
network containers map).
Related: #104436 (v1 shipped in #104527)
* fix(fleet): harden streamed log redaction and root restore ownership
- redacting stream writer honors target backpressure, retains secret-prefix
overlap across forced long-line flushes, and never splits a token between
emitted chunks
- root-invoked restores repair ownership for explicit non-root user mappings
instead of leaving root-owned 0700 state trees
- fleet logs merges the shipped --follow streaming surface (#104669) with the
v1.1 token-redaction contract
* fix(fleet): stream partial log lines live and report phase-accurate restore recovery paths
- the redacting log writer emits safe text on every chunk (retaining only a
possible token prefix) so unterminated progress output streams immediately
- restore failure notes distinguish pre-swap, displaced, and swapped states so
operators recover the correct tree, and an unavailable runtime inspection is
reported as an unverified replacement instead of silence
* fix(fleet): reject backslash archive paths, guard stderr pipes, and validate disk-limit labels in doctor
- restore/backup path rules reject literal backslashes so a tampered entry
cannot validate as one path and extract as another on POSIX
- fleet logs handles broken pipes on stderr as well as stdout
- fleet doctor fails malformed disk-limit labels that would break
upgrade/restore replay instead of reporting them as passing
The latest stable package exposes both names via the deprecated
openclaw/plugin-sdk/infra-runtime subpath. Compat now lives in the barrel
itself with the old substring semantics and a removal plan; core runtime no
longer uses them. Also converts the chat mapping switch to an if-chain for
switch-exhaustiveness lint.
FailoverReason timeout is the retryable-transient bucket and deliberately
swallows generic 5xx, so it cannot drive the user-facing timeout badge.
Rate-limit/overload/context mapping stays on the canonical reason; the
timeout badge now requires isTimeoutError. HTTP 500 badges stay unknown.
Deletes the naive substring detectErrorKind from infra/errors; the chat error
badge now maps resolveFailoverReasonFromError into the protocol errorKind set,
with refusal kept as a chat-local stop-reason check. Fixes drift where a Groq
TPM 413 showed context_length instead of rate_limit and quota/CJK/socket
errors showed unknown.
Part of #104219 (seam 5, slice 1).