Peter Steinberger
5ca46a6554
feat(cloud-workers): pinned SSH tunnel runtime and provider-owned key resolution ( #104553 )
...
* feat(cloud-workers): add pinned SSH tunnel runtime
* feat(crabbox): resolve cloud worker SSH identities
* docs(cloud-workers): document SSH tunnel contracts
2026-07-11 09:26:08 -07:00
Peter Steinberger
ba826be268
test(channels): delivery trace harness with feishu and mattermost goldens ( #104478 )
2026-07-11 06:49:27 -07:00
Peter Steinberger
fa77fe10d5
chore: migrate active GPT-5.5 references to GPT-5.6 ( #104452 )
...
* chore(models): migrate active GPT-5.5 references
* test(workboard): expect GPT-5.6 Sol default
* chore: keep release notes in PR body
* test(models): align picker fixtures with Sol default
* test: update PDF default model expectation
* test(qa): migrate thinking smoke to Luna
* test(gateway): align mock catalog with Sol default
* ci: retrigger exact-head PR checks
* test(gateway): document default catalog invariant
2026-07-11 06:30:57 -07:00
Vincent Koc
89bde4ea79
test(plugin-sdk): stabilize catalog timeout assertion
2026-07-11 21:29:40 +08:00
Peter Steinberger
3f33f0bb5f
refactor(qqbot): adopt core typing keepalive loop with budget accounting intact ( #104438 )
...
* refactor(channels): adopt core typing keepalive loop
* chore(plugin-sdk): pin surface budget for typing keepalive re-export
2026-07-11 05:48:33 -07:00
Peter Steinberger
90e465833b
feat(gateway): durable cloud worker environments, provider SDK contract, and lifecycle RPCs ( #104401 )
...
* docs(plan): add cloud workers design plan
* feat(plugin-sdk): add cloud worker provider foundations
* feat(protocol): add worker environment lifecycle shapes
* feat(gateway): persist worker environment lifecycles
* test(gateway): pin environment inventory assertion for damaged worker store
* style(cloud-workers): satisfy lint and docs formatting
* fix(gateway): narrow worker environment type boundaries
* chore(plugin-sdk): account for WorkerProvider surface growth
* docs: regenerate docs map
2026-07-11 04:54:27 -07:00
saju01
cbc84767bd
fix(exec-approval): stop misattributing Allow Always unavailability to policy ( #97740 )
...
* fix(exec-approval): stop misattributing Allow Always unavailability to policy
Allow Always is dropped both when policy ask=always AND when a command is
non-persistable (e.g. shell redirect `2>&1` -> one-shot), but the prompt always
claimed 'effective approval policy requires approval every time'. That's
misleading for the non-persistable case (#97069 ). Reword to reason-neutral
'Allow Always is unavailable for this command.' across all approval surfaces,
update en + 20 locale bundles, refresh i18n meta, and the matching tests.
Closes #97069
* fix(exec-approval): stop misattributing Allow Always unavailability to policy
* test(ui): await exec approval render updates
* chore(ui): sync approval i18n metadata
---------
Co-authored-by: saju01 <saju01@users.noreply.github.com >
Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com >
2026-07-11 18:09:51 +08:00
Vincent Koc
1b3438d7ec
fix(plugin-runtime): keep local service config host-owned
2026-07-11 16:22:22 +08:00
Vincent Koc
e62c216d75
refactor(embeddings): inject local service acquisition
2026-07-11 16:22:22 +08:00
Vincent Koc
c58690804f
feat(plugin-sdk): expose provider local service leases
2026-07-11 16:22:22 +08:00
Peter Steinberger
f94a7dc183
feat(codex): supervise native Codex sessions ( #104045 )
...
* feat(codex): add native session supervision
* fix(codex): harden supervision integration
* fix(codex): preserve locked harness ownership
* fix(codex): fence native session archive
* fix(codex): revalidate archive binding ownership
* feat(codex): integrate supervision runtime
* feat(sessions): preserve harness-owned execution
* feat(sessions): persist harness ownership invariants
* feat(gateway): enforce harness-owned sessions
* feat(setup): enable detected Codex supervision
* feat(mac): expose supervised Codex sessions
* feat(ui): make Codex sessions actionable
* docs(codex): document session supervision
* test(codex): cover integration ownership
* chore(i18n): refresh supervision inventories
* fix(setup): finalize Codex activation atomically
* test(codex): narrow binding store update
* fix(sessions): preserve legacy model locks
* test(macos): serialize Codex catalog fixtures
* fix(sessions): preserve legacy lock admission
* chore(i18n): reconcile supervision metadata
* test(sessions): mark legacy lock fixture
* fix(macos): drain final Codex catalog frame
* docs: leave supervision note to release
* style(macos): satisfy Codex catalog type length
* chore: record session accessor seam owners
* fix(macos): honor configured Codex supervision
* fix(codex): preserve harness-owned model locks
* fix(codex): satisfy supervision lint gates
* chore(i18n): refresh native supervision inventory
* fix(codex): align supervision validation contracts
* fix(codex): close supervision boundary gaps
* fix(codex): preserve supervision activation contracts
* fix(codex): dispose standalone supervision runtime
* fix(codex): pin supervised source connection
* fix(plugins): bind delegated runs to exact session target
* fix(codex): scope supervised sessions to configured agents
* fix(codex): fingerprint effective supervision home
* fix(codex): normalize supervision plugin policy
* fix(codex): keep supervised bindings stable across upgrades
* fix(codex): guard all supervised binding connections
* fix(codex): preserve catalog filters and pending CAS identity
* fix(codex): preserve supervision identity for diagnostics
* fix(codex): bind uncertain commits to supervision connection
* fix(codex): satisfy supervision type boundaries
* fix(macos): reconcile current main validation
* fix(codex): handle absent runtime config in supervision
* fix(doctor): own local audio acceleration check
* fix(codex): satisfy integration lint gates
* fix(codex): satisfy lifecycle safety guards
2026-07-11 00:12:08 -07:00
Peter Steinberger
1b3af45657
fix(gateway): admit reconnect delivery drains ( #104143 )
2026-07-10 22:33:33 -07:00
Peter Steinberger
81a201df26
feat: add portable table presentation blocks ( #103583 )
...
* feat(presentation): add portable table blocks
* chore(presentation): refresh generated contracts
* fix(slack): preserve table fallback payloads
* docs(changelog): note portable message tables
* fix(presentation): preserve cross-channel fallback delivery
* chore(plugin-sdk): refresh rebased contracts
* test(slack): align accessibility expectations
* fix(presentation): harden cross-channel fallback delivery
* chore(plugin-sdk): refresh rebased contracts
* docs(changelog): defer portable table release note
* fix(presentation): satisfy extension lint
* chore(plugin-sdk): refresh surface budgets
* fix(telegram): preserve reactions after progress replies
* fix(slack): preserve rendered preview fallback text
* fix(feishu): preserve oversized presentation fallbacks
* docs(changelog): note portable message tables
* docs(changelog): defer portable table release note
* chore(plugin-sdk): refresh rebased contracts
---------
Co-authored-by: Peter Steinberger <steipete@openai.com >
2026-07-10 22:29:13 -07:00
xingzhou
e009a41410
fix(agents): repair orphaned queued turns before assembly ( #90759 )
...
* fix(agent): keep orphaned user turns contextual
* test(agent): prove orphan repair targets active prompt
* fix(agent): repair orphaned user behind session metadata
* fix(agent): satisfy orphan repair CI types
* fix(agent): preserve orphan repair state entries
* fix(agent): filter repaired orphan from assembled history
* fix(embedded-agent): repair orphan session entry types
* fix(embedded-agent): remap replayed metadata labels
* fix(embedded-agent): skip dangling replay labels
* fix(agents): repair orphan history before assembly
---------
Co-authored-by: 张贵萍0668001030 <zhang.guiping@xydigit.com >
Co-authored-by: Ayaan Zaidi <hi@obviy.us >
2026-07-11 09:56:40 +05:30
Peter Steinberger
05ebaf41f6
fix(tool-call-repair): bound serialized stream normalization ( #104100 )
...
* fix(tool-call-repair): bound serialized stream normalization
Co-authored-by: wuqingxuan <wu.qingxuan@xydigit.com >
Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com >
Co-authored-by: qingminlong <qing.minlong@xydigit.com >
Co-authored-by: WangYan <wang.yan29@xydigit.com >
* fix(tool-call-repair): preserve strict scan narrowing
* fix(tool-call-repair): lint serialized name validation
* fix(tool-call-repair): replay split suffix whitespace
* fix(tool-call-repair): cap complete-call whitespace
* test(tool-call-repair): assert bounded whitespace replay
---------
Co-authored-by: wuqingxuan <wu.qingxuan@xydigit.com >
Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com >
Co-authored-by: qingminlong <qing.minlong@xydigit.com >
Co-authored-by: WangYan <wang.yan29@xydigit.com >
2026-07-10 20:00:11 -07:00
James Armstead
65cc86f45c
Refresh MCP OAuth auth-profile tokens ( #96120 )
...
* Refresh MCP OAuth auth-profile tokens
* Rotate Codex MCP binding on bearer changes
* Preserve agent scope for MCP auth profiles
* Preserve Codex MCP tool filters
* Keep Codex MCP projection helper local-only
* Fix Codex projection package boundary artifacts
* Revert "Fix Codex projection package boundary artifacts"
This reverts commit 13bcaed3da .
* Revert "Keep Codex MCP projection helper local-only"
This reverts commit 19751f4922 .
* Trigger CI rerun for OAuth MCP PR
* Fail closed for remote Codex MCP bearer projection
* Fix MCP OAuth bearer token projection
* fix: project MCP-native OAuth credentials
* fix: align MCP SDK surface budget
* fix(mcp): keep agents available before OAuth login
---------
Co-authored-by: Josh Lehman <josh@martian.engineering >
2026-07-10 17:49:43 -07:00
xingzhou
babc287afe
fix(slack): time out stalled external file uploads ( #103442 )
...
* fix(slack): time out stalled external file uploads
* fix(slack): scope external upload timeout
* fix(slack): restrict external upload transport
* fix(slack): restrict external upload transport
* fix(slack): preserve external upload retry safety
* test(slack): use compatible guarded fetch runtime
* test(plugin-sdk): update public export baseline
* fix(slack): harden external upload delivery
* refactor(slack): isolate upload completion
Keep ordinary Enterprise Grid traffic on the Bolt listener client. Use a team-scoped no-retry client only for one-shot external upload completion, while preserving the bounded raw-upload timeout and safe durable replay classification.
* fix(slack): refresh upload release metadata
* chore(slack): leave release notes release-owned
* fix(slack): classify failed uploads before completion
* fix(slack): keep upload completion untimed
* test(plugin-sdk): refresh public export baseline
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-10 23:52:35 +01:00
Peter Steinberger
9b1c36d23c
fix: prevent exec approval revocation races ( #103515 )
...
* fix(security): serialize exec approval mutations
* fix(security): preserve additive approval writes
* test(cli): expect normalized approval shape
* fix(security): preserve exec approval compatibility
* test(security): exercise locked approval initialization
* test(security): mock serialized approval helpers
* test(exec): derive enforced command path from plan
* fix(gateway): always return approval CAS conflicts
* fix(macos): serialize exec approvals writes
* fix(security): repair approval build errors
* fix(security): serialize exec approval mutations
* fix(security): fail closed on approval persistence errors
* test(security): cover detached approval persistence failures
* fix(security): harden exec approval state
* style(macos): format exec approval sources
* fix(security): complete exec approval hardening
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com >
* fix(macos): preserve approved login-shell semantics
* fix(macos): keep login shell approvals one-shot
* fix(security): linearize exec authorization
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com >
* fix(security): preserve durable approval basis
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com >
* fix(security): bind exec grants to current policy
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com >
* test(security): fix exec revocation fixtures
* test(security): align gateway approval fixtures
* fix(macos): return approval decisions
* chore(i18n): sync native approval strings
* test(security): align approval hardening fixtures
* test(node): authorize completed event fixture
* test(security): fix approval decision fixtures
* test(security): await durable approval visibility
* fix(exec): preserve concurrent approval grants
* fix(exec): address exact-head CI failures
* fix(exec): preserve concurrent approval promotions
* fix(exec): make Swift shutdown state explicit
* test(macos): handle approval read failures
* fix(macos): harden approval socket paths
* fix(macos): preserve exact shell payload bytes
* test(macos): make approval fixtures explicit
* test(macos): fix approval suite compilation
* fix(macos): bound approval socket JSONL reads
* chore: move exec approval note to release process
* chore: move exec approval note to release process
---------
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com >
2026-07-10 21:35:05 +01:00
Peter Steinberger
1bcc4c5e70
feat(gateway): add cooperative host suspension ( #103618 )
...
* feat(gateway): add cooperative suspension preparation
* style: satisfy suspension lint checks
* test(gateway): reset work admission between shared suites
* fix(gateway): reject upgrades during suspension
* fix(gateway): preserve admitted work during suspension
* test(gateway): isolate suspension and restart state
* fix(gateway): close suspension false-ready gaps
* refactor(protocol): slim suspension declaration graph
* refactor(plugin-sdk): sever protocol registry edges
* fix(gateway): preserve admitted restart follow-ups
* fix(gateway): make suspension recovery fail closed
* fix(protocol): keep validation formatter re-export only
* test(gateway): simplify deferred fixture type
* style(gateway): clarify suspension entry name
* fix(gateway): retain detached work admission
2026-07-10 20:24:53 +01:00
Peter Steinberger
e1934d968e
fix(nodes): stop advertising a disabled browser proxy ( #103894 )
...
* fix(nodes): hide disabled browser proxy capability
* chore: defer node fix changelog to release
* chore: ratchet plugin SDK surface budget
2026-07-10 20:06:53 +01:00
Peter Steinberger
9b4c7c0991
test(openai): align auth contract with provider default ( #103760 )
2026-07-10 16:28:07 +01:00
JC
59e95fe3fd
feat: support GPT-5.6 Ultra across OpenClaw and Codex runtimes ( #98021 )
...
* feat: support GPT-5.6 Ultra across agent runtimes
Co-authored-by: J Cai <anyech@gmail.com >
* fix: keep harness projections discovery-free
* fix(codex): mirror V2 native subagent tasks
* chore: refresh plugin SDK surface budgets
* test: expose Ultra wire effort proof
* test(cron): avoid hoisted mock initialization race
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-10 15:23:24 +01:00
Yuval Dinodia
b7ab62c2cf
fix(mattermost): preserve text-block boundaries in draft preview ( #87322 ) ( #87449 )
...
* fix(mattermost): preserve text-block boundaries in draft preview (#87322 )
* fix(mattermost): preserve block preview boundaries
* fix(mattermost): reset progress at tool boundaries
* docs(plugin-sdk): refresh API baseline
* fix(mattermost): group parallel tool previews
* fix(mattermost): stage tool previews before awaits
* fix(mattermost): satisfy tool boundary return contract
* fix(mattermost): serialize preview block generations
Co-authored-by: Yuval Dinodia <yetvald@gmail.com >
* fix(mattermost): preserve complete block previews
* test(agents): align streaming assertions
* test(telegram): align reply pipeline mock
* fix(plugin-sdk): keep reply prefix options compatible
* test(mattermost): exercise threaded final participation
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-10 14:32:11 +01:00
Peter Steinberger
505f8ae6a3
fix(control-ui): harden workspace avatar projection ( #103657 )
...
* fix(control-ui): harden workspace avatar projection
Co-authored-by: LZY3538 <liu.zhenye@xydigit.com >
* refactor(gateway): remove dead avatar URL mapper
* test(control-ui): track avatar temp directories
---------
Co-authored-by: LZY3538 <liu.zhenye@xydigit.com >
2026-07-10 13:31:22 +01:00
Peter Steinberger
2c909212f1
fix(tool-call-repair): preserve stream content order after repair ( #103585 )
...
Keep byte-over-cap visible suffixes at their streamed content indexes when terminal message snapshots are normalized.
Co-authored-by: ZOOWH <ZOOWH@users.noreply.github.com >
2026-07-10 10:16:09 +01:00
wuqxuan
9e74dabad2
fix: parse zero-argument XML tool calls ( #103220 )
...
* fix: parse zero-argument XML tool calls
* fix(tool-call-repair): handle empty XML calls safely
---------
Co-authored-by: Peter Steinberger <peter@steipete.me >
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-10 07:39:23 +01:00
Pavan Kumar Gondhi
c70f3d0dae
fix: block unspecified trusted DNS targets ( #103075 )
2026-07-10 11:16:26 +05:30
Peter Steinberger
75dfd3dc09
feat(xai): support Grok Imagine Video 1.5 ( #103316 )
...
* feat(media): add per-model generation catalog metadata
* feat(xai): support Grok Imagine Video 1.5
* test(plugin-sdk): update public surface budget
2026-07-10 04:49:42 +01:00
Peter Steinberger
add2c586c2
feat(slack): support native chart presentations ( #102635 )
2026-07-10 04:05:23 +01:00
qingminlong
2fd0f88f62
fix: ignore invalid Retry-After HTTP dates ( #102987 )
...
* fix: ignore invalid Retry-After HTTP dates
* fix(ai): centralize strict Retry-After dates
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
Co-authored-by: Peter Steinberger <peter@steipete.me >
2026-07-10 04:02:44 +01:00
Ayaan Zaidi
04ff278a1d
refactor(device-bootstrap): close bootstrap purpose type
2026-07-10 07:53:37 +05:30
Ayaan Zaidi
c64db7c9c7
feat(plugin-sdk): export dashboard bootstrap helpers
2026-07-10 07:53:37 +05:30
Peter Steinberger
8b300e57f0
fix(browser): keep remote CDP credentials out of responses ( #103139 )
...
* fix(browser): contain remote CDP credentials
* fix(browser): probe authenticated discovery before attach
* chore: keep release note in PR metadata
2026-07-10 01:12:51 +01:00
Peter Steinberger
d185f9a0b4
fix(infra): preserve characters in truncated response snippets ( #103136 )
...
* fix(infra): preserve bounded response text characters
Co-authored-by: qingminlong <34085845+qingminglong@users.noreply.github.com >
* ci(plugin-sdk): refresh API baseline
---------
Co-authored-by: qingminlong <34085845+qingminglong@users.noreply.github.com >
2026-07-09 23:43:26 +01:00
VACInc
740e7687e8
fix(anthropic): don't crash models list when a configured Sonnet 5 model has no cost ( #102186 )
...
* fix(anthropic): don't crash models list when a configured Sonnet 5 model has no cost
applyAnthropicSonnet5Cost read params.model.cost.input unconditionally, so
'openclaw models list' aborted with 'Cannot read properties of undefined
(reading input)' whenever config supplied an anthropic Sonnet 5 model row
without cost metadata (e.g. an agents.defaults.models runtime binding).
Guard with optional chaining — a costless model now falls through and gets
the canonical Sonnet 5 cost applied.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com >
* fix(models): normalize missing Sonnet 5 costs
Co-authored-by: VACInc <3279061+VACInc@users.noreply.github.com >
* chore(plugin-sdk): refresh API baseline
* ci(plugin-sdk): update surface budgets
---------
Co-authored-by: VACInc <3279061+VACInc@users.noreply.github.com >
Co-authored-by: Claude Fable 5 <noreply@anthropic.com >
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-09 22:13:56 +01:00
Oliver Mee
ae11ea5ba9
feat(qwen): add Token Plan (Team Edition) provider ( #94419 )
...
* feat(qwen): add Token Plan provider
Co-authored-by: Oliver Mee <102673257+Omee11@users.noreply.github.com >
* docs: regenerate documentation map
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
Co-authored-by: Oliver Mee <102673257+Omee11@users.noreply.github.com >
2026-07-09 22:07:01 +01:00
Peter Steinberger
5ef269c2bb
fix: keep bounded Unicode text valid across UTF-16 boundaries ( #102823 )
...
* fix(text): keep bounded output UTF-16 safe
Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com >
Co-authored-by: 0668000539 <shu.zongyu@xydigit.com >
Co-authored-by: 张鹊平0668001085 <zhang.queping@xydigit.com >
Co-authored-by: 赵旺0668001248 <zhao.wang1@xydigit.com >
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com >
Co-authored-by: lizeyu-xydt <li.zeyu@xydigit.com >
* chore(changelog): defer release note to automation
* refactor(qa-lab): keep text helper behind SDK
---------
Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com >
Co-authored-by: 0668000539 <shu.zongyu@xydigit.com >
Co-authored-by: 张鹊平0668001085 <zhang.queping@xydigit.com >
Co-authored-by: 赵旺0668001248 <zhao.wang1@xydigit.com >
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com >
Co-authored-by: lizeyu-xydt <li.zeyu@xydigit.com >
2026-07-09 15:21:23 +01:00
Alix-007
65b2e7a4e3
fix(mattermost): add timeout to REST client requests ( #102027 )
...
* fix(mattermost): add timeout to REST client requests
* fixup: preserve Mattermost DM retry timeout
* test(mattermost): reuse hanging server helper
* test(mattermost): satisfy timeout lint
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-09 12:12:30 +01:00
Sally O'Malley
e595a8c0ac
Add Vault SecretRef plugin ( #89255 )
...
* Add Vault SecretRef plugin
Signed-off-by: sallyom <somalley@redhat.com >
* expand Vault setup to registered SecretRef targets
Signed-off-by: sallyom <somalley@redhat.com >
* fix(vault): use sdk secret target seam
* fix(vault): preserve auth profile target paths
* docs(vault): document plugin enable step
* fix(vault): make status provider-alias aware
* fix(vault): reject noncanonical secret ids
* fix(vault): separate resolver timeout deadlines
* fix(vault): forward private CA trust settings
* fix(secrets): preserve plugin policy boundaries
---------
Signed-off-by: sallyom <somalley@redhat.com >
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com >
2026-07-09 05:30:12 -05:00
kevinlin-openai
245b91b83d
feat(slack): support Enterprise Grid org installs ( #102372 )
...
* feat(slack): support Enterprise Grid org installs
* docs: refresh generated docs map
* fix(slack): satisfy enterprise routing CI
* fix(slack): accept org auth without app id
* docs(plugin-sdk): document channel policy hooks
* fix(slack): reuse canonical sender for enterprise replies
* test(slack): fix enterprise sender lint
---------
Co-authored-by: Kevin Lin <kevin@dendron.so >
2026-07-08 23:53:19 -07:00
qingminlong
b20b02a476
fix(tool-payload): enforce UTF-8 byte limits for serialized payloads ( #102450 )
...
* fix(tool-payload): reject oversized XML payload bytes
* fix(tools): enforce serialized payload byte limits
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-09 07:47:23 +01:00
Tobias Oort
0307deacfa
feat(github-copilot): support GitHub Enterprise data-residency Copilot auth ( #99221 )
...
Adds GitHub Enterprise data-residency support to the existing bundled GitHub Copilot provider.
Maintainer proof:
- GitHub CI green on head 54010a6538
- `check-lint`, `check-additional-extension-bundled`, and `check-shrinkwrap` passed in CI
- local `pnpm lint:extensions:bundled`, `pnpm lint`, and focused GitHub Copilot Vitest passed
- AWS Crabbox proof passed
- live microsoft.ghe.com device-flow/token-exchange/model-catalog proof passed
Co-authored-by: Tobias Oort <tobias.oort@ict.nl >
Co-authored-by: Gio Della-Libera <235387111+giodl73-repo@users.noreply.github.com >
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-07-08 18:59:41 -07:00
Vincent Koc
aad99747cd
fix(onboard): omit empty provider request settings
2026-07-08 17:26:29 -07:00
Tran Quang
19f7b72a74
fix(voice-call): preserve per-call agent routing ( #77763 )
...
* fix(voice-call): preserve per-call agent routing
Co-authored-by: Tran Quang <randytran8800@gmail.com >
* chore: keep release notes in PR metadata
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
Co-authored-by: Peter Steinberger <peter@steipete.me >
2026-07-08 07:06:35 +01:00
Vishal Dharmadhikari
d708df47a3
improve(google): identify OpenClaw Gemini API traffic ( #101834 )
2026-07-07 16:09:02 -06:00
machine3at
a00e9fc228
fix(ssrf): block loopback addresses for trusted hostname origins ( #100835 )
...
* fix(ssrf): block loopback addresses for trusted hostname origins
* fix(ssrf): allow loopback resolution for explicitly trusted loopback/localhost hostnames
* refactor(cron): remove unrelated cron session option changes from ssrf branch
* test(ssrf): add explicit loopback-origin allow tests to close ClawSweeper proof gap
* test(ssrf): add real gateway runtime proof script for loopback rebinding
* fix(ssrf): harden trusted-host loopback checks
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-07 11:08:51 +01:00
Peter Steinberger
a2a68d154b
fix(agent): preserve explicit recipient sessions ( #101507 )
...
* fix(agent): honor recipient session routing
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com >
Co-authored-by: pingfanfan <pingfan.work@gmail.com >
* fix(agent): preserve canonical recipient routes
* fix(agent): require exact recipient routes
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com >
Co-authored-by: pingfanfan <pingfan.work@gmail.com >
* fix(agent): harden recipient route resolution
* fix(imessage): require canonical recipient handles
* fix(agent): refine provider recipient exactness
* fix(agent): bound direct alias session routing
* fix(signal): preserve direct alias route type
* fix(agent): honor binding-scoped recipient sessions
* fix(routing): honor configured main session aliases
* fix(clickclack): align account-owned session routes
* fix(twitch): preserve canonical recipient sessions
* fix(routing): isolate stable outbound identities
* chore: defer recipient session changelog
* fix(sms): use dedicated channel SDK facade
---------
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com >
Co-authored-by: pingfanfan <pingfan.work@gmail.com >
2026-07-07 10:07:13 +01:00
xingzhou
de152b1f65
fix(plugin-sdk): align speech runtime packaging ( #89899 )
...
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-07-07 07:38:41 +01:00
Peter Steinberger
7b366e16b0
fix: Windows CLI backends fail through npm shims ( #101378 )
...
* fix(process): resolve Windows npm CLI shims directly
Co-authored-by: wendy-chsy <wan.wenyan@xydigit.com >
* docs(changelog): note Windows CLI shim fix
* docs(process): explain Windows shim boundary
* chore: keep release changelog owner-only
* test(process): isolate Windows shim resolution
* fix(process): classify Windows forwarding shims safely
---------
Co-authored-by: wendy-chsy <wan.wenyan@xydigit.com >
2026-07-07 06:57:16 +01:00
Josh Lehman
5d9a2b114f
feat(context-engine): report compaction successors as typed session targets ( #101182 )
2026-07-06 22:14:46 -07:00