Commit Graph

64711 Commits

Author SHA1 Message Date
Dallin Romney
5af7ba92ce refactor: consolidate byte-size formatting (#99768)
* refactor: consolidate byte-size formatting

* fix: stabilize byte formatter import boundary

* fix: keep byte formatter within SDK budget

* fix: emit byte formatter package entry

* refactor: trim byte formatter surface

* fix: use narrow byte formatter import

* refactor: remove byte formatter dependency changes

* fix: refresh rebased byte formatter baseline
2026-07-06 09:26:04 -07:00
Dallin Romney
b29d472e41 refactor(qa): add canonical live channel adapters (#99707) 2026-07-06 09:24:34 -07:00
Peter Steinberger
1af9cbe904 perf(test): avoid duplicate legacy migration scans 2026-07-06 12:22:25 -04:00
Huvee
edbf204537 fix(memory-wiki): fail with a readable error when the shared memory manager violates the contract (#100902)
searchMemoryWiki called sharedMemoryManager.search() and getMemoryWikiPage
called manager.readFile() with only a truthiness guard. A memory plugin
whose runtime returns a manager that does not implement the
MemorySearchManager contract crashed shared-backend wiki search with
"sharedMemoryManager.search is not a function" from inside the bundle --
@mem0/openclaw-mem0 <= 1.0.14 registered exactly such a partial manager
(status/probeEmbeddingAvailability/close only).

Guard both call sites and throw an actionable error instead: name the
missing contract method and point at search.backend="local" for wiki-only
access.
2026-07-06 09:20:43 -07:00
Peter Steinberger
0a488bd30b fix: device pairing floods stacked approval alerts for a retrying device and stale approvals no-op (#100976)
* fix(gateway): stop device pairing approval alert floods from retrying devices

A device retrying with a broken token minted a new pending requestId (and
approval alert broadcast) every 5-minute TTL window because refresh preserved
ts and expiry keyed on ts. Pending requests now stay alive via an internal
refreshedAtMs keepalive (ts still owns ordering/--latest), superseded device
requests broadcast device.pair.resolved like node pairing already did, and the
Mac app keeps one alert per device, closes superseded visible alerts, and
resyncs its queue when approving a stale request.

Closes #100974

* chore: satisfy swiftformat and refresh native i18n inventory for pairing prompter changes
2026-07-06 17:20:06 +01:00
Sahibzada
5e22787ba1 fix(sessions): clean stale atomic-write temps on startup (#90503)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:18:05 +01:00
Peter Steinberger
7853aa35a4 feat(ios): per-gateway custom headers for gateways behind authenticating proxies (#100768)
* feat(ios): support per-gateway custom headers for proxied gateway connections

Per-gateway custom request headers (Cloudflare Access-style service tokens)
for gateways behind authenticating reverse proxies. Headers are credentials:
Keychain-stored per gateway stableID, masked in settings UI, injected on the
WebSocket upgrade at connect time via a provider so edits apply on the next
reconnect without re-pairing. Reserved handshake headers and control chars
are sanitized out. TLS pinning and pairing flows unchanged. Push relay and
other non-gateway destinations proven header-free by regression test.

Related: #100698

* chore(ios): sync native i18n inventory for custom header strings

* fix(ios): harden gateway custom headers

* chore(ios): resync native i18n inventory

* fix(ios): validate custom header names
2026-07-06 17:17:07 +01:00
Peter Steinberger
161e66f7bd fix(ui): move Worktrees page from the sidebar into Settings navigation (#100995) 2026-07-06 17:16:39 +01:00
Peter Steinberger
61a29a7836 feat(android): read-only workspace Files browser with preview and share (#100776)
* feat(android): add read-only workspace Files browser with preview and share

* fix(android): degrade malformed base64 image payloads to no-preview instead of crashing

* fix(android): keep workspace paths verbatim from the gateway

* test(android): cover the overview Files card in shell logic tests

* fix(android): reset workspace browser across agents

* fix(android): isolate workspace share exports

* docs(android): note workspace file browser

* chore(i18n): refresh Android Files inventory

* docs(android): refresh workspace files map
2026-07-06 17:14:38 +01:00
Huvee
ddddb3dec1 fix(memory-wiki): drop malformed public artifacts and honor readMemoryArtifacts in status (#100900)
Two crashes when a memory plugin misbehaves in bridge mode:

- listActiveMemoryPublicArtifacts sorted plugin-returned artifacts
without
  validating them; an artifact missing any of the string fields the
  comparator dereferences (kind, workspaceDir, relativePath,
absolutePath,
  contentType) crashed wiki status and every other bridge consumer with
  "Cannot read properties of undefined (reading 'localeCompare')".
  @mem0/openclaw-mem0 <= 1.0.14 shipped record-shaped artifacts with
none
  of those fields, typed against a drifted SDK stub. Validate the shape,
  drop malformed entries (and non-array listings), and warn once naming
  the offending plugin -- the same treatment agentIds already got.

- resolveMemoryWikiStatus gated artifact counting on vaultMode/enabled
but
  not bridge.readMemoryArtifacts, so the wiki.status gateway method
still
  enumerated artifacts (and hit the crash above) with the flag off, even
  though the sync path (bridge.ts) and CLI gateway routing honor it. The
  documented workaround therefore never worked for the wiki_status agent
  tool. Add the flag to the gate; the count reports null when imports
are
  disabled, matching non-bridge modes.
2026-07-06 09:14:21 -07:00
Masato Hoshino
f36d170bc6 fix(agents): retry transient filesystem races when reading workspace bootstrap files (#100910)
* fix(agents): retry transient filesystem races when reading workspace bootstrap files

* fix(agents): retry transient boundary resolution

---------

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-06 16:12:04 +00:00
SunnyShu
e580ed2f71 fix(sessions): exclude done sessions from transcript freshness rollover guard (#99985)
* [AI] fix(sessions): exclude done sessions from transcript freshness rollover guard

Exclude status: "done" from resolveTerminalMainSessionTranscriptRegistryCheck alongside the already-excluded status: "failed". Successful main sessions should stay reusable for the next user message even when transcript mtime slightly exceeds registry updatedAt.

Updated test expectations in:
- src/gateway/server-methods/agent.test.ts (split it.each into done-reuse + endedAt-only-rotate)
- src/commands/agent.session.test.ts (split into done-reuse + endedAt-only-rotate)
- src/auto-reply/reply/session.test.ts (default-done case now expects reuse)

Related to #99964

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(ts): fix TypeScript error in endedAt-only test scenario type

Remove the conditional status spread that TS cannot resolve when
status is absent from the scenario type, and add 'as const' for
narrowed literal inference.

* [AI] fix(comment): correct mtime direction in done exclusion comment

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* review: separate failed/done rationale in comment

* fix(sessions): reuse completed main transcripts

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:09:55 +01:00
sunlit-deng
de1bac6bc0 fix(discord): bound gateway websocket payloads (#99998)
* fix(discord): bound gateway websocket payloads

* fix(discord): raise gateway payload cap for large events

* refactor(discord): centralize gateway websocket policy

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:09:38 +01:00
machine3at
1021784c85 fix(telegram): stop local listener and bot on retry loop non-recoverable error (#100863)
* fix(telegram): stop local listener and bot on retry loop non-recoverable error

* fix(telegram): reuse webhook shutdown on setup failure

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:09:34 +01:00
cxbAsDev
5d3044f883 fix(auto-reply): handle stderr stream errors in sandbox media scpFile (#100861)
* fix(auto-reply): handle stderr stream errors in sandbox media scpFile

* chore(proof): add real behavior proof for stage-sandbox-media scp stderr stream errors

* chore(proof): fix promise executor lint in stage-sandbox-media proof

* fix(media): keep scp completion authoritative

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:09:15 +01:00
chenxiaoyu209
f28e0d6e99 fix(openai): strip status from replayed input items for custom openai-responses endpoints (#100831)
* fix(openai): strip status from replayed input items for custom openai-responses endpoints

* fix(openai): narrow replay status stripping

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:08:55 +01:00
maweibin
586107002a fix(runtime): throw typed ExitError instead of generic Error for simulated exit (#97796) (#97803)
createNonExitingRuntime.exit() threw a generic Error, making it
impossible for upstream try-catch to distinguish a simulated process
exit from a real runtime crash. Added an ExitError class (internal-only,
not exported from SDK) that callers can check via instanceof.

ExitError is kept internal to avoid expanding the public plugin SDK
API surface without maintainer approval. Tests import directly from
./runtime.js.

Fixes #97796.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-06 16:07:32 +00:00
machine3at
dbb70549be fix(telegram): pass proxy and apiRoot config when resolving runtime target usernames (#100868)
* fix(telegram): pass proxy and apiRoot config when resolving runtime target usernames

* fix(protocol,telegram): fix duplicate worktree exports and update resolveTargets test types

* fix(telegram): honor runtime routing in target resolution

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:06:18 +01:00
Peter Steinberger
255b7631e6 fix(android): keep chat model selection synchronized (#100985)
* fix(android): harden chat model selection

* fix(android): bound model metadata retries

* fix(android): preserve newer model selections

* chore: leave changelog to release workflow

* chore: sync native i18n inventory
2026-07-06 17:06:02 +01:00
cxbAsDev
ec8129ef12 fix(node-host): handle stdout/stderr stream errors in runCommand (#100849)
* fix(node-host): handle stdout/stderr stream errors in runCommand

* chore(proof): add real behavior proof for node-host runCommand stream errors

* fix(node-host): wait for child exit after stdout/stderr stream errors

* fix(node-host): lint and type errors in proof script and test

* fix(node-host): bound stream-error command shutdown

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:05:41 +01:00
machine3at
f1fb19351a fix(cron): do not set delivery mode to announce when disabling best-effort on payload edits (#100846)
* fix(cron): do not set delivery mode to announce when disabling best-effort on payload edits

* fix(cron-cli): update sibling test to expect undefined mode on no-best-effort-deliver

* fix(cron): preserve delivery mode when disabling best effort

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:05:22 +01:00
cxbAsDev
32cc9b08e6 fix(ssh-tunnel): ignore stderr stream errors during teardown (#100855)
* fix(ssh-tunnel): ignore stderr stream errors during teardown

* chore(proof): add real behavior proof for ssh-tunnel stderr stream errors

* chore(proof): fix promise executor lint in ssh-tunnel proof

* test(ssh-tunnel): keep stream error proof in regression suite

* test(ssh): cover active stream errors

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 09:03:29 -07:00
Peter Steinberger
d9bce26fd7 feat(crestodian): AI-only conversation with model-judged approvals (#100656)
* feat(crestodian): AI-only conversation with model-judged approvals

Every chat message now routes to the AI (agent loop, then planner); the
typed grammar is a single anchored command language used only as the
no-model deterministic fallback and for rescue/one-shot, so natural
language can no longer misparse into operations. Approval of pending
mutations is judged from the user's own words by a host-run classifier
(closed-list fast path, single-shot model judgment, fail-closed), never
by the conversation model. New connect_channel/open_agent ring-zero tool
directives let the AI start the hosted channel wizard and agent handoff.
Chat turns are serialized, stale host proposals are cleared once the
agent loop owns the conversation, sensitive config-set values are
redacted from AI-visible history, and Gemini CLI joins the overview,
models output, prompts, and local backend ladder.

Fixes #100604

* test(crestodian): cover AI-only turns, approval intents, directives, and anchored grammar

* docs(crestodian): AI-only conversation, natural approvals, Gemini fallback

* test(crestodian): classify decline via text classifier in agent-loop seam

* fix(crestodian): correct textResult arity and directive handoff type

* fix(crestodian): keep exact sensitive config-set commands off every model path
2026-07-06 17:02:52 +01:00
github-actions[bot]
4c38d89c0c chore(i18n): refresh native locales 2026-07-06 16:02:42 +00:00
Vincent Koc
8fc88be216 refactor(workboard): localize private store types (#100989) 2026-07-06 09:01:01 -07:00
Vincent Koc
123ec165bb fix(codex): extend native hook relay timeout 2026-07-06 08:59:04 -07:00
Peter Steinberger
dc600d4a77 feat(diffs): changed-files summary nav for multi-file patch diffs (#100753)
* feat(diffs): add changed-files summary nav for multi-file patch diffs

* docs: regenerate docs map for diffs multi-file navigation section

* fix(diffs): respect reduced motion in summary navigation
2026-07-06 16:55:56 +01:00
Yzx
8547682dd6 fix(discord): keep default account online when adding named accounts (#96401)
* fix(discord): keep default SecretRef active with named accounts

* fix(discord): align implicit default secret surfaces

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 16:51:04 +01:00
Huang Wanjia
9375f7f0bf fix: keep /steer working for active runs (#100803)
* fix: honor active run flags for steer command

* test(ui): simplify steer e2e fixture

* test(ui): preserve mock session row types

---------

Co-authored-by: martin <huangtongxuedev@outlook.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 16:50:12 +01:00
Shakker
67ec544884 fix: keep new sidebar sessions visible (#100981) 2026-07-06 16:48:53 +01:00
Zechen Wang
1de014bc7f fix(acp): catch unhandled rejection from handleGatewayEvent in event callback (#100558)
* fix(acp): catch unhandled rejection from handleGatewayEvent in event callback

* fix(acp): catch unhandled rejection from handleGatewayEvent

* test(acp): add regression test for handleGatewayEvent error boundary

Verifies that when handleChatEvent throws, handleGatewayEvent catches the
error, logs it via this.log(), and does not reject.

* chore: remove committed PR body artifact

* fix(acp): contain rejected gateway events

* chore: defer ACP release note

* refactor(acp): simplify gateway rejection boundary

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 16:47:48 +01:00
Goutam Adwant
b82e3c1481 fix(gateway): hot-reload browser profile config (#93827)
* fix(gateway): hot-reload browser profile config

* refactor(gateway): cache reload rule specificity

* fix(gateway): pin reload policy to gateway registry

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 16:43:34 +01:00
Peter Steinberger
30e5dfcf02 feat(gateway): read-only agents.workspace list/get browsing RPCs (#100738)
* feat(gateway): add read-only agents.workspace list/get browsing RPCs

* fix(gateway): gate workspace image reads on sniffed magic bytes, not extension

* fix(gateway): tighten workspace browsing boundary

* docs(gateway): clarify workspace read trust scope

* chore(gateway): leave release notes to release flow
2026-07-06 16:41:24 +01:00
Peter Steinberger
add5c513ae feat(ui): stable session order, palette-only search, and macOS titlebar brand for the sidebar (#100648)
* feat(ui): declutter the sidebar — pinned/chats groups, stable ordering, palette session search, titlebar brand in macOS app

- Sessions split into Pinned and Chats groups; pins are exempt from the
  nine-row recency cap and the open session highlights in place instead of
  hoisting to the top, so clicking a row no longer reshuffles the list.
- The command palette (Cmd+K) is the single search: it queries sessions
  across agents server-side and lists matching chats next to nav commands;
  the sidebar session-picker popover and its magnifier are removed, and the
  topbar search pill shrinks to an icon button.
- The sidebar brand row is gone: web keeps the breadcrumb wordmark, and the
  macOS app shows a compact brand mark in the native titlebar strip next to
  the traffic lights (CSS-gated on the injected openclaw-native-macos class).
- The agent filter dropdown becomes a compact scope chip in the Chats group
  header; the welcome badge drops its duplicate claw logo.
- Footer collapses to one icon row (status dot, settings, docs, pairing,
  mobile theme switch); default pinned nav routes are now Overview-only and
  the Recent-collapse preference is retired.

* test(ui): keep sidebar hover-reveal proof before the stability click; refresh locale metadata

Clicking the row leaves :focus-within on it, which keeps the management
actions visible; the hidden-actions assertion must run first.

* test(ui): archive an idle session in the sidebar e2e; assert running rows stay archive-disabled

* fix(ui): drop stale and hidden rows from palette session search

Invalidate the in-flight search and clear results on every query change so a
late-resolving previous-query request cannot leave stale rows selectable, and
run results through getVisibleSessionRows so archived/global/unknown/cron/
subagent rows stay hidden like the sidebar list. Codex review findings.

* fix(ui): over-fetch palette session search so hidden rows cannot starve visible matches

Exclude global/unknown rows server-side and fetch a full 50-row page before
applying the sidebar's hidden-row filter, keeping the 10-row display cap.
Codex review finding.

* chore(i18n): refresh sidebar locale metadata after rebase

* fix(ui): bound command palette session search

* docs: defer release notes to release generation
2026-07-06 16:38:26 +01:00
Vincent Koc
e311943700 refactor(telegram): localize private implementation types (#100975) 2026-07-06 08:37:16 -07:00
Peter Steinberger
063eeb69f3 feat(android): support opt-in background location (#100967)
* feat(android): support background location

Co-authored-by: Iori Kojima <iori@iori.dev>

* chore(android): refresh native i18n inventory

* docs(android): move release note to app changelog

---------

Co-authored-by: Iori Kojima <iori@iori.dev>
2026-07-06 16:36:58 +01:00
Harjoth Khara
7a9f43dbb6 fix(gateway): dedupe MCP schema conflict warnings (#98821)
* fix(gateway): dedupe MCP schema conflict warnings

* fix(gateway): attribute MCP loopback schema warnings per tool

Key the loopback schema-warning dedupe on the full message (which now names
the tool as "<tool>.<field>") instead of the bare field name. Two different
tools that conflict on the same common field (action/id/type) each surface a
warning again, and the emitted line is attributable to a tool. Also route the
previously-un-deduped malformed-variant warning through the same helper so it
no longer floods on every rebuild.
2026-07-06 08:36:20 -07:00
github-actions[bot]
bdc98f482a chore(i18n): refresh native locales 2026-07-06 15:34:33 +00:00
Peter Steinberger
7c470e158b perf(test): isolate provider auth policy normalization 2026-07-06 11:34:18 -04:00
cxbAsDev
9606fe4323 fix(cli): handle stdout/stderr stream errors in execFileUtf8Tail (#100850)
* fix(cli): handle stdout/stderr stream errors in execFileUtf8Tail

* chore(proof): add real behavior proof for logs-cli runtime stream errors

* chore(proof): fix promise executor lint in logs-cli proof

* fix(cli): terminate log tail children on stream errors

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-06 08:24:43 -07:00
Masato Hoshino
a327cec143 fix(discord): surface failed bulk reaction removals instead of false success (#90038) 2026-07-06 16:21:53 +01:00
dorukardahan
919811cf85 fix(cli): exit bounded hooks commands (#76922)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 16:21:17 +01:00
Brian Bell
bacb33a909 fix: keep Bedrock live smoke on Bedrock runtime (#99607)
* fix: preserve Bedrock live API providers

* fix: derive Bedrock smoke region from AWS config

* fix: honor Bedrock discovery region in smoke

* fix: keep Bedrock live smoke on Bedrock runtime

---------

Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
2026-07-06 08:19:42 -07:00
Peter Steinberger
c0a0c22086 docs: add X-verified builds and devtools to showcase
Second sweep: 13 cards from the openclaw.ai X showcase and Discord
maintainer channel — car negotiation, flight check-in, insurance
claim, Idealista skill, tokenomics cost tracker, Excalidraw
diagrams, GA4 skill, X post pipeline, lab results to Notion,
Pebble Ring voice, creator media studio, HomePod skill, holo cube,
macOS menu bar app — plus a Related link to the full X showcase.
oxfmt 0.57.0 --check passed; hook bypassed (no node_modules in
worktree).
2026-07-06 08:16:12 -07:00
Peter Steinberger
8582895ca7 fix(android): finish onboarding after permission reapproval (#100959)
* fix(android): finish onboarding after permission reapproval

* chore(android): sync onboarding i18n inventory
2026-07-06 16:13:48 +01:00
Shakker
ece23c4d3d fix: translate sidebar sort labels 2026-07-06 16:09:44 +01:00
Shakker
2a02379e7d fix: preserve sidebar session position 2026-07-06 16:09:44 +01:00
vyctorbrzezowski
a03c828cad fix(ui): keep sidebar session order stable 2026-07-06 16:09:44 +01:00
Vincent Koc
0ecfc522db refactor(ui): trim unused type surface (#100952)
Fixes #100951
2026-07-06 08:04:18 -07:00
Peter Steinberger
fbf574ad9d perf(memory): skip FTS-only plugin discovery 2026-07-06 11:02:05 -04:00