Commit Graph

21170 Commits

Author SHA1 Message Date
Peter Steinberger
a3aa13df9b fix: prevent embedded runs from lowering undici timeouts 2026-04-24 00:34:47 +01:00
Patrick Erichsen
ef88cabe39 fix(control ui): accept paired device token for assistant media auth (#70741)
* fix control ui assistant media auth

* test control ui device token read routes

* defer assistant attachment blob downloads

* fix grouped render rebase merge

* evict stale assistant attachment blob urls

* fix assistant media device token query auth
2026-04-23 16:31:11 -07:00
Otto Deng
de3f3b8f93 feat(openai): pass image output options (#70503)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Otto Deng <ottodeng@users.noreply.github.com>
2026-04-24 00:17:12 +01:00
Peter Steinberger
f0a7a85e7a feat(agents): add generation tool timeouts 2026-04-24 00:05:38 +01:00
Tak Hoffman
07049c8eba fix(models): support Codex model add metadata (#70820) 2026-04-23 18:02:04 -05:00
Peter Steinberger
6259f6addc fix: harden provider and gateway test seams 2026-04-23 23:48:04 +01:00
Vincent Koc
1daa552d5f refactor(qr): share PNG data URL helpers (#70784) 2026-04-23 15:41:45 -07:00
Peter Steinberger
467fcb1791 test(openai): add docker image auth e2e 2026-04-23 23:13:19 +01:00
Peter Steinberger
f523bbfcd1 fix: align claude cli permissions with exec policy
Derive Claude CLI bypass mode from OpenClaw exec YOLO policy, preserve raw Claude permission-mode overrides, update docs/changelog, and cover global/per-agent policy behavior.
2026-04-23 23:11:34 +01:00
Peter Steinberger
9632283d5d test: update browser changed-run expectation 2026-04-23 22:35:33 +01:00
Vincent Koc
f718ba6601 fix(agents): preserve Codex model capacity guidance 2026-04-23 14:29:34 -07:00
Peter Steinberger
f0300253c1 fix: add agent hook history helpers 2026-04-23 22:29:26 +01:00
Vincent Koc
51f9f94cc3 fix(hooks): harden cli transcript loading (#70786) 2026-04-23 14:25:27 -07:00
Devin Robison
bceda6089a fix(gateway): fail closed on runtime config edits (#70726)
* fix(gateway): fail closed on runtime config edits

* changelog + telegram topic requireMention depth

Append a user-facing Unreleased/Fixes entry describing the fail-closed
gateway config-mutation allowlist, and extend the allowlist so Telegram
topic-level paths like
channels.telegram.groups.<group>.topics.<topic>.requireMention stay
agent-tunable instead of being rejected as protected after this change.
2026-04-23 15:23:44 -06:00
Peter Steinberger
02a8c13501 fix(codex): stop materializing auth bridges 2026-04-23 22:23:21 +01:00
aalekh-sarvam
d40dd9088e feat(memory): configurable local embedding contextSize (default 4096) (#70544)
node-llama-cpp defaults contextSize to "auto", which on large embedding
models like Qwen3-Embedding-8B (trained context 40,960) inflates gateway
VRAM from ~8.8 GB to ~32 GB and causes OOM on single-GPU hosts that share
the gateway with an LLM runtime.

Expose memorySearch.local.contextSize in openclaw.json (number | "auto"),
default to 4096 which comfortably covers typical memory-search chunks
(128–512 tokens) while keeping non-weight VRAM bounded.

Closes #69667.
2026-04-23 14:21:53 -07:00
Peter Steinberger
2f14461976 test(openai): cover automatic image auth readiness 2026-04-23 22:14:55 +01:00
Peter Steinberger
58bde71908 fix: collapse qmd startup memory log 2026-04-23 22:12:01 +01:00
Vincent Koc
f1ad5e27e0 fix(agents): surface OpenAI model capacity errors 2026-04-23 14:04:35 -07:00
EVA
137dbc71f0 feat: expose harness selection decisions (#70760)
Codex harness selection now keeps the decision helper internal, logs debug-only selection reasons and candidates, and documents `/status` as the primary user-facing signal.

Thanks @100yenadmin.

Co-authored-by: Eva <eva@100yen.org>
2026-04-23 21:57:09 +01:00
Peter Steinberger
10202f9279 fix(codex): approve bundled MCP loopback tools 2026-04-23 21:55:36 +01:00
Peter Steinberger
5314042990 fix(gateway): normalize MCP object schemas 2026-04-23 21:55:36 +01:00
Devin Robison
873dce178d fix(gateway): block webchat session compaction mutations (#70716)
* fix(gateway): block webchat session compaction mutations

* docs(changelog): note webchat compaction guard (#70716)
2026-04-23 14:50:35 -06:00
Peter Steinberger
a5ea24757c fix: enforce silent group replies after reactions 2026-04-23 21:42:17 +01:00
Peter Steinberger
f5042adf27 feat: add forked subagent context 2026-04-23 21:28:58 +01:00
Peter Steinberger
abedf9c1f4 fix(acpx): remove codex auth file fallback 2026-04-23 21:26:46 +01:00
Peter Steinberger
f6336c5521 fix(openai): retire removed Codex Spark model 2026-04-23 21:16:46 +01:00
Vincent Koc
ea25d7ed5b fix(qr): replace qrcode-terminal with qrcode-tui
Replace legacy qrcode-terminal usage with shared qrcode-tui media helpers, bound QR PNG rendering options, and raise bundled plugin host floors for the new SDK runtime surface.
2026-04-23 13:06:14 -07:00
Peter Steinberger
058e6f588a fix(openai): align Codex fallback with GPT-5.5 2026-04-23 21:03:26 +01:00
Peter Steinberger
648422a6c1 fix(openai): send image edits as multipart uploads (#70657) 2026-04-23 20:48:55 +01:00
Peter Steinberger
ff56a9d41b test(openai): prefer canonical GPT refs 2026-04-23 20:47:39 +01:00
Peter Steinberger
384eb6bc66 feat(openai): use canonical GPT refs for Codex OAuth 2026-04-23 20:47:38 +01:00
Peter Steinberger
6fc8913223 refactor(auto-reply): extract effective reply route resolution 2026-04-23 20:40:27 +01:00
Vincent Koc
f40f8a60cc fix(agents): harden cli runner hook followups (#70747)
* fix(agents): harden cli runner hook followups

* fix(agents): harden cli runner hook followups

* fix(agents): harden cli runner hook followups

* fix(agents): harden cli runner hook followups

* fix(agents): harden cli runner hook followups

* fix(agents): harden cli runner hook followups
2026-04-23 12:32:30 -07:00
Peter Steinberger
e93b3f60fa fix: harden openclaw peer dependency installs (#70462) 2026-04-23 20:28:02 +01:00
Anish Kataria
44820f859e fix(plugin-sdk): scan dependency tree before materialising openclaw symlink
The dependency-tree security scan rejects node_modules symlinks whose
targets resolve outside the install root. Our trusted host-to-plugin
symlink violates that rule by design, so running the scan AFTER
linkOpenClawPeerDependencies would fail every install with
SECURITY_SCAN_FAILED.

Reorder afterInstall so the scan runs first (walking only the plugin's
own staged source, catching any pre-existing malicious openclaw-named
symlink a source might smuggle in), then the trusted link is
materialised on the now-safe tree.

Also use braces on guard clauses in the new unit tests to satisfy the
oxlint no-unreachable-single-statement-if rule.
2026-04-23 20:28:02 +01:00
Anish Kataria
56dd249a07 test(plugin-sdk): add unit tests for linkOpenClawPeerDependencies
Tests three cases via installPluginFromDir:
- symlink created when peerDependencies declares openclaw
- no symlink when peer list is empty
- idempotent re-install replaces existing symlink
- warns and skips when host root cannot be resolved

Also removes the single-element Set in favour of a direct name
comparison (peerName === "openclaw"), and adds Closes #54428 to
address the same root cause in the weixin connector.

Closes #54428
2026-04-23 20:28:02 +01:00
anish k
2e9c1faef6 fix(plugin-sdk): symlink openclaw peerDependencies after plugin install
## Summary

Signed-off-by: anish k <ak8686@princeton.edu>
2026-04-23 20:28:02 +01:00
Peter Steinberger
ce933f3bbc fix(auto-reply): honor recovered system-event reply routes 2026-04-23 20:27:39 +01:00
wzfukui
87a08dd4c2 fix(auto-reply): route exec-event replies via persisted delivery context 2026-04-23 20:27:39 +01:00
Peter Steinberger
cd5bc2fc93 test(openai): cover GPT-5.5 defaults 2026-04-23 20:19:15 +01:00
Peter Steinberger
a36903b94c feat(openai): default to GPT-5.5 2026-04-23 20:19:15 +01:00
Peter Steinberger
54731492a2 fix(gateway): persist webchat images as managed media (#70719)
* fix(gateway): persist webchat images as managed media

* fix(ui): keep managed image auth same-origin

* docs: note managed webchat image fix
2026-04-23 20:17:41 +01:00
Devin Robison
4c09f4a812 test(plugins): place shadow setup-api where the old cwd-fallback would actually resolve it 2026-04-23 20:17:21 +01:00
Devin Robison
993781e6e6 fix(plugins): ignore cwd setup-api fallback 2026-04-23 20:17:21 +01:00
YDYK
61e9e86d69 fix(plugins): use module path for bundled jiti loads 2026-04-23 20:13:13 +01:00
Peter Steinberger
1d980cca6f perf: trim cli prepare hook tests 2026-04-23 20:07:35 +01:00
Vincent Koc
7d30894c4a fix(anthropic): stop forcing claude permission bypass 2026-04-23 12:03:00 -07:00
Peter Steinberger
8a4761fe95 test: align approval and pairing expectations 2026-04-23 20:01:57 +01:00
Vincent Koc
cad102c3ca fix(android): require private IP cleartext pairing 2026-04-23 11:56:47 -07:00