Summary:
- The PR enables Slack draft preview streaming for flat DMs in all non-off modes, updates Slack streaming tests/docs/config metadata/changelog, and refreshes small guard baselines.
- Reproducibility: yes. source-reproducible on current main: the helper returns false for `mode: "partial"` in ... current test asserts that disabled path. I did not run tests because this review was explicitly read-only.
Automerge notes:
- Ran the ClawSweeper repair loop before final review.
- Included post-review commit in the final squash: fix(slack): enable preview streaming in flat DMs (replyToMode: off)
- Included post-review commit in the final squash: fix(clawsweeper): address review for automerge-openclaw-openclaw-5654…
Validation:
- ClawSweeper review passed for head 52e5d74ef9.
- Required merge gates passed before the squash merge.
Prepared head SHA: 52e5d74ef9
Review: https://github.com/openclaw/openclaw/pull/76330#issuecomment-4365017023
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Co-authored-by: bob <637186+HangGlidersRule@users.noreply.github.com>
Summary:
- The PR adds a 2026.5.2 doctor repair pass for actively used configured downloadable plugins, prefers ClawHub ... pm fallback, records installed plugin state, extends upgrade-survivor coverage, and updates docs/changelog.
- Reproducibility: yes. Static inspection of current main and the PR head gives a high-confidence reproduction ... d-plugin install pass, while the PR tests the new repair-only path, success stamping, and warning behavior.
ClawSweeper fixups:
- Included follow-up commit: test: cover configured plugin install update path
- Included follow-up commit: test: isolate channel option metadata cache
- Included follow-up commit: fix: keep configured plugin repair scoped
Validation:
- ClawSweeper review passed for head d3519ce42c.
- Required merge gates passed before the squash merge.
Prepared head SHA: d3519ce42c
Review: https://github.com/openclaw/openclaw/pull/76129#issuecomment-4364120658
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Adds validated gateway.controlUi.chatMessageMaxWidth support for grouped Control UI chat messages, carries it through the Gateway bootstrap payload into UI state, applies it as a CSS custom property, and documents the setting while preserving the existing default width.
Fixes#67935.
Validation:
- Targeted config, gateway, and Control UI tests passed locally.
- Config schema/docs checks passed.
- Testbox changed-file gate passed.
- GitHub CI and security checks are green on cea25a4ca9.
Fixes#75452.
Heartbeat runs can use a per-turn model override via agents.defaults.heartbeat.model. Before this change, the run metadata was written back to the shared session store, so the next normal turn could inherit the heartbeat provider/model and a smaller context window.
This lands the contributor fix plus maintainer polish:
- preserve existing session runtime model/provider/context metadata when persisting heartbeat turns
- avoid creating invalid provider/model pairs for legacy model-only session entries
- leave empty prior runtime state unset for heartbeat-only turns
- keep normal non-heartbeat runtime persistence unchanged
- add focused regression coverage for the session-store edge cases
- refresh heartbeat docs and changelog attribution
Validation:
- pnpm test src/agents/command/session-store.test.ts src/agents/openclaw-tools.session-status.test.ts
- pnpm exec oxfmt --check --threads=1 src/agents/agent-command.ts src/agents/command/session-store.ts src/agents/command/session-store.test.ts CHANGELOG.md docs/gateway/heartbeat.md
- git diff --check
- GitHub checks on 42a00dcf38: clean; no active checks and no relevant failures
Duplicate PR #75567 was already closed; #75557 is the canonical fix.
Simplify plugin installation and runtime loading around package-manager-owned dependencies, with Jiti reserved for local/TS fallback paths.
Also scans npm plugin install roots so hoisted transitive dependencies are covered by dependency denylist and node_modules symlink checks.
Add inline docker build commands for npm-installed users who don't have the
source checkout scripts. Update all docs referencing sandbox-setup.sh,
sandbox-common-setup.sh and sandbox-browser-setup.sh to note they are
source-checkout-only and link to the new inline instructions.
Fixes#75485.
Adds `agents.defaults.skipOptionalBootstrapFiles` for optional workspace bootstrap files, validates the supported filenames, and propagates the option through workspace bootstrap callers.
Also preserves legacy setup detection when `USER.md` or `IDENTITY.md` are intentionally skipped, documents the config field, and includes focused regression coverage.
Landing follow-up included small CI unblockers for current-base drift: removing an unused Brave runtime dependency, fixing Telegram RTT lint, and preserving compatible gateway-bindable plugin registry cache reuse when runtime ensures disable bundled dependency installation.
Adds the SDK-facing tools.invoke Gateway RPC for #74705.
Reuses the /tools/invoke policy path for tool policy, deny-list, owner filtering, before-tool-call hooks, session/agent scoping, and plugin approval handling. Returns typed SDK approval/refusal/success results while preserving HTTP compatibility and uses idempotencyKey as the stable tool-call id.
Includes protocol schema exports, method scope/list registration, SDK helper/types, docs, generated Swift models, tests, and changelog credit.
Summary:
- The PR adds payment-credential redaction patterns and a key-aware structured field redaction helper, wires it into tool payload sanitization, and updates focused tests, logging docs, and the changelog.
ClawSweeper fixups:
- No separate fixup commits were needed after automerge opt-in.
Validation:
- ClawSweeper review passed for head 5f5f1fadbb.
- Required merge gates passed before the squash merge.
Prepared head SHA: 5f5f1fadbb
Review: https://github.com/openclaw/openclaw/pull/75230#issuecomment-4355538755
Co-authored-by: stainlu <stainlu@newtype-ai.org>
