Peter Steinberger
c443469452
test: add plugin install docker e2e lanes
2026-05-09 06:06:08 -04:00
Peter Steinberger
4883a0e6c4
chore: update workspace dependencies
2026-05-09 10:58:36 +01:00
Peter Steinberger
beaecbcad4
refactor: use PI Codex Responses transport ( #79726 )
...
Routes explicit OpenAI Codex Responses runs through PI's native WebSocket-capable transport and removes the custom OpenClaw WebSocket implementation.
2026-05-09 05:40:30 -04:00
Peter Steinberger
9385eaaf88
chore(release): prepare 2026.5.8
2026-05-09 08:05:17 +01:00
Peter Steinberger
a4b17d65a8
refactor: consolidate message delivery API
2026-05-09 07:04:04 +01:00
Peter Steinberger
b34cf2f1a2
fix: externalize matrix plugin
2026-05-09 06:38:29 +01:00
Shakker
5d335dd603
fix: pin fast-uri audit dependency
2026-05-08 23:19:34 +01:00
Peter Steinberger
6a4069dead
fix: share plugin runtime helpers
...
Consolidate shared plugin runtime MIME/schema helpers, preserve canonical runtime behavior, and guard QQBot STT fetches.
2026-05-08 00:28:43 +01:00
Vincent Koc
c97998ce21
chore(channels): remove bluebubbles bundled surface
2026-05-07 12:52:48 -07:00
jesse-merhi
dd0a9bf869
lint: replace raw socket guard with codeql
2026-05-08 01:18:04 +10:00
jesse-merhi
9cc5e49e65
lint: replace proxy mutation guard with opengrep
2026-05-08 01:18:04 +10:00
jesse-merhi
f4797921ac
lint: classify raw socket callsites
2026-05-08 01:18:04 +10:00
Peter Steinberger
a68ad39877
ci(release): speed up beta publish path
2026-05-07 15:02:24 +01:00
Peter Steinberger
955b025697
feat: add native sqlite Kysely dialect
...
Add an owned Kysely dialect for native node:sqlite, raise the Node 22 floor to 22.16+ for StatementSync.columns(), and cover select/returning/stale insert id behavior.
2026-05-07 13:07:03 +01:00
Peter Steinberger
113761ab57
build: update fs-safe dependency
2026-05-07 12:15:51 +01:00
Peter Steinberger
66b02c91b1
fix: build canvas assets for docker package build
2026-05-07 09:07:18 +01:00
Peter Steinberger
330ba1fa31
refactor: move canvas to plugin surfaces
2026-05-07 09:07:18 +01:00
Peter Steinberger
252a76d25c
refactor: stage external output writes through fs-safe
2026-05-07 06:05:24 +01:00
Sarah Fortune
7d5d01b4f9
chore(deps): bump @openclaw/fs-safe pin to 3412e03 ( #78670 )
...
Pulls in 26 commits since the previous pin (3c50873):
- fix(workspace): add packages field so pnpm prepare succeeds
(openclaw/fs-safe#10 ) — unblocks fresh installs that were failing
with ERR_PNPM_INVALID_WORKSPACE_CONFIGURATION during the prepare step
pnpm runs inside the github-hosted dep tarball.
- Filesystem boundary-guard hardening: centralized boundary primitives,
guarded fallback handles, prune/trash race fixes, durable queue id
validation, archive staged-merge fixes, public path mode preservation.
- json: avoid copy fallback symlink writes.
- temp: keep helpers in private dirs; preserve workspace leaf filename
contract.
Verification:
- corepack pnpm install — clean install, no prepare error.
- pnpm openclaw setup — wrote ~/.openclaw/openclaw.json, workspace, and
sessions dirs.
- pnpm test src/infra/{fs-safe,boundary-file-read,fs-safe-defaults,
fs-safe-import-boundary}.test.ts — 37/37 passed.
2026-05-06 19:47:14 -07:00
Vincent Koc
2ab74e9ef7
fix(deps): pin fs-safe with full git sha
2026-05-06 15:22:59 -07:00
Sally O'Malley
3be4251f21
fix(deps): bump basic-ftp ( #78637 )
...
* fix(deps): bump basic-ftp
Signed-off-by: sallyom <somalley@redhat.com >
* docs: note basic-ftp advisory fix
Signed-off-by: sallyom <somalley@redhat.com >
---------
Signed-off-by: sallyom <somalley@redhat.com >
2026-05-06 17:31:12 -04:00
Peter Steinberger
0b88d6286c
chore: bump version to 2026.5.6
2026-05-06 09:47:34 +01:00
Vincent Koc
f8bb00bb8b
fix(deps): override vulnerable ip-address
2026-05-05 23:59:43 -07:00
Peter Steinberger
8f3a34e2a1
refactor: share fs-safe JSON helpers
2026-05-06 07:40:10 +01:00
Peter Steinberger
20163313af
fix: resolve fs-safe post-land fallout
2026-05-06 02:41:36 +01:00
Peter Steinberger
538605ff44
[codex] Extract filesystem safety primitives ( #77918 )
...
* refactor: extract filesystem safety primitives
* refactor: use fs-safe for file access helpers
* refactor: reuse fs-safe for media reads
* refactor: use fs-safe for image reads
* refactor: reuse fs-safe in qqbot media opener
* refactor: reuse fs-safe for local media checks
* refactor: consume cleaner fs-safe api
* refactor: align fs-safe json option names
* fix: preserve fs-safe migration contracts
* refactor: use fs-safe primitive subpaths
* refactor: use grouped fs-safe subpaths
* refactor: align fs-safe api usage
* refactor: adapt private state store api
* chore: refresh proof gate
* refactor: follow fs-safe json api split
* refactor: follow reduced fs-safe surface
* build: default fs-safe python helper off
* fix: preserve fs-safe plugin sdk aliases
* refactor: consolidate fs-safe usage
* refactor: unify fs-safe store usage
* refactor: trim fs-safe temp workspace usage
* refactor: hide low-level fs-safe primitives
* build: use published fs-safe package
* fix: preserve outbound recovery durability after rebase
* chore: refresh pr checks
2026-05-06 02:15:17 +01:00
Peter Steinberger
8bfabd6bb1
feat: add channel message lifecycle sdk
2026-05-06 01:46:42 +01:00
Kevin Lin
81349cdc2a
feat: improve Codex skill migration selection ( #77597 )
...
* feat: improve Codex skill migration selection
* docs: add Codex migration changelog entry
* fix codex skill migration bulk toggles
* fix codex migration skip selection
* fix codex migration skip option order
* fix: handle codex migration shortcut toggles
* fix codex migration shortcut reconciliation
* fix: unblock Codex migration CI
2026-05-05 16:41:26 -07:00
Patrick Erichsen
8aa7b7a4ca
Tolerate corrupt plugins during update ( #77706 )
...
* fix(update): tolerate corrupt plugin state
* fix(update): preserve corrupt plugin proof state
* fix(update): narrow corrupt plugin warnings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-05-05 14:18:26 -07:00
Andrew Porter
9abf01faf0
feat(DX): Add Out-of-the-Box Support for Debugging in VSCode-Based IDEs ( #45710 )
...
Merged via squash.
Prepared head SHA: dd5c0c59f27257907+SwissArmyBud@users.noreply.github.com >
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com >
Reviewed-by: @jalehman
2026-05-05 12:41:28 -07:00
Peter Steinberger
c37871e77b
chore(release): bump version to 2026.5.5
2026-05-05 17:23:39 +01:00
Vincent Koc
2de0113608
test(update): cover authenticated restart updates
2026-05-04 21:58:47 -07:00
Peter Steinberger
47411f7c52
build: bump axios override
2026-05-05 01:51:23 +01:00
Vincent Koc
44a10ceea2
test(live): run cache probe with node
2026-05-04 17:16:47 -07:00
Vincent Koc
a491090b48
fix(release): refresh plugin sdk api gate
...
Refresh release baseline hashes and raise the Plugin SDK API baseline heap cap so release preflight reports real drift instead of OOMing.
2026-05-04 17:13:47 -07:00
Kevin Lin
cb9824d6b4
test: add slack onboarding channel smoke ( #77575 )
2026-05-04 16:51:34 -07:00
Vincent Koc
cf1bd30509
test(plugins): add kitchen sink rpc walk
2026-05-04 16:48:02 -07:00
Vincent Koc
9eed48fde5
test(docker): align published upgrade timeout
2026-05-04 16:17:51 -07:00
Peter Steinberger
8ee08b2b77
chore: update dependencies
2026-05-04 23:07:09 +01:00
Vincent Koc
ed1089f822
test(plugins): source Testbox auth for kitchen sink live
2026-05-04 14:07:03 -07:00
Vincent Koc
e2eb8e3cfe
test(plugins): harden kitchen sink live gauntlet
2026-05-04 14:01:59 -07:00
Jesse Merhi
d5b0083300
fix: proxy direct APNs HTTP2 sessions ( #74905 )
...
Summary:
- This PR routes direct APNs HTTP/2 sends through an APNs allowlisted managed-proxy CONNECT wrapper, adds APNs proxy validation/docs/guardrails, and expands regression and live-test coverage.
- Reproducibility: yes. source-reproducible: current main `sendApnsRequest()` still uses raw `http2.connect(au ... nly covers HTTP/global-agent/Undici hooks. I did not run a live APNs reproduction in this read-only review.
Automerge notes:
- PR branch already contained follow-up commit before automerge: test: guard raw HTTP2 APNs connections
- PR branch already contained follow-up commit before automerge: test: guard raw HTTP2 with OpenGrep
- PR branch already contained follow-up commit before automerge: lint: ban raw HTTP2 imports
- PR branch already contained follow-up commit before automerge: fix: use managed proxy state for APNs
- PR branch already contained follow-up commit before automerge: test: exercise APNs active proxy state
- PR branch already contained follow-up commit before automerge: fix: reject conflicting managed proxy activation
Validation:
- ClawSweeper review passed for head dab7c86a75dab7c86a75https://github.com/openclaw/openclaw/pull/74905#issuecomment-4350181159
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com >
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
2026-05-04 11:04:17 +00:00
Peter Steinberger
5397667272
chore(release): prepare 2026.5.4
2026-05-04 10:09:55 +01:00
Peter Steinberger
d8da04e58e
chore: improve beta smoke release tooling
2026-05-04 07:28:57 +01:00
Otto Deng
df5c453625
fix(workspace): allow @whiskeysockets/libsignal-node in onlyBuiltDependencies ( #76539 )
...
pnpm v9+ defaults blockExoticSubdeps=true, which rejects
@whiskeysockets/libsignal-node — a tarball-URL subdep of
@whiskeysockets/baileys. This silently breaks the WhatsApp channel and
silences all inbound agent replies on fresh installs.
Add @whiskeysockets/libsignal-node to onlyBuiltDependencies in both
package.json and pnpm-workspace.yaml — the same exemption already used
for @whiskeysockets/baileys itself.
Fixes #76539 .
2026-05-03 16:49:36 -07:00
Peter Steinberger
ad1ccd671b
chore: move oxlint tsconfigs under config
2026-05-03 15:12:06 +01:00
Peter Steinberger
e7bb5d6ddf
chore: move swift configs under config
2026-05-03 14:51:56 +01:00
Peter Steinberger
d0f0fe97a6
chore: move root tool configs
2026-05-03 14:42:56 +01:00
Peter Steinberger
4760ee4055
chore: remove root assets
2026-05-03 13:20:26 +01:00
Peter Steinberger
adc4fd453b
chore: move test tsconfigs
2026-05-03 12:56:52 +01:00
