Commit Graph

288 Commits

Author SHA1 Message Date
Peter Steinberger
7c954849e6 fix(google-meet): use strong caption epochs (#105221) 2026-07-12 10:20:50 +01:00
Peter Steinberger
218dcd815a feat(tooling): enforce noUncheckedIndexedAccess in the extensions lane (NUIA phase 4) (#105132)
* fix(extensions): make indexed access explicit across channel plugins

Transport-payload-safe burn-down: malformed Telegram/Discord/QQ/LINE
and sibling channel input keeps existing skip paths; no synthesized
fields, no new throws in delivery loops. Zalo escape sentinels preserve
literal matches instead of undefined replacements.

* fix(extensions): make indexed access explicit across provider and memory plugins

Stream and model iteration, tool-block guards, capture guards, and
sparse accumulators; singleton model reads carry named invariants.

* fix(extensions): make indexed access explicit across tooling plugins, flip the extensions lane

Remaining plugins (oc-path, qa-lab, browser, logbook, and siblings) plus
the tsconfig.extensions.json flag flip. Cleanup: logbook sampleFrames
NaN index at max=1, QA retry clamp at non-positive attempts, dead Canvas
probe and OpenShell no-op slice removed, twitch test setup leak excluded
from the prod lane.

* refactor(plugin-sdk): expose expectDefined via a focused SDK subpath

Extensions imported @openclaw/normalization-core directly, crossing the
external-plugin packaging boundary (it only worked because the runtime
builder bundles undeclared workspace helpers). expect-runtime joins the
canonical entrypoints JSON, generated exports, API baseline, docs, and
subpath contract test; all 78 extension imports now use the SDK seam.
Two scanner-shaped locals renamed for review-bundle hygiene.

* chore(plugin-sdk): raise surface budgets for the expect-runtime subpath

One new entrypoint with one callable export, added intentionally as the
packaging-honest seam for extension invariant helpers.
2026-07-12 09:17:31 +01:00
Shubhankar Tripathy
43e138cc66 feat(google-meet): retain the full caption transcript per session (#103387) (#103811)
* feat(google-meet): retain bounded transcripts

Co-authored-by: lonexreb <reach2shubhankar@gmail.com>

* chore: leave changelog to release tooling

* fix(google-meet): satisfy transcript CI checks

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-12 09:16:46 +01:00
llagy007
7ed7840c94 fix(google-meet): validate calendar Meet URLs (#104863)
* fix(google-meet): validate calendar meet urls

* fix(google-meet): share meet url normalization

* fix(google-meet): normalize Calendar Meet URLs

* fix(google-meet): keep calendar text fallback stable

* fix(google-meet): validate calendar text candidates

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-12 09:12:40 +01:00
llagy007
f6d11d0e29 fix(google-meet): guard node-host meet URLs (#104687) 2026-07-12 06:55:38 +01:00
Shubhankar Tripathy
86cd9786c8 fix(google-meet): actually leave the Meet call in the browser on leave (#103386) (#103522)
* fix(google-meet): leave browser calls on session end

Co-authored-by: lonexreb <reach2shubhankar@gmail.com>

* fix(google-meet): keep agent browser control in gateway

* chore(google-meet): move release note to pr

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-12 06:50:13 +01:00
llagy007
f8aa995856 fix(google-meet): validate chrome node policy params (#103752) 2026-07-11 04:00:28 -07:00
Peter Steinberger
7bf80dc2c6 chore(tooling): enforce formatting and refresh TypeScript checks (#104239)
* chore(tooling): enforce current formatter and refresh checks

* chore(tooling): keep release changelog formatter-owned

* chore(tooling): retain compatible Node type surface

* ci: enforce formatting for docs-only changes

* ci: isolate docs formatter check

* chore(tooling): apply updated lint and format rules

* chore(tooling): satisfy updated switch lint

* style(ui): apply Linux formatter layout

* test(doctor): match quiet local audio contribution

* test(doctor): assert quiet output only

* test(doctor): follow restored information contract
2026-07-11 01:09:51 -07:00
cxbAsDev
4fcee4f4fd fix(google-meet): force English UI when reusing existing Chrome tabs (#103719)
* fix(google-meet): force English UI when reusing existing Chrome tab

* fix(google-meet): narrow reused tab before forcing English UI

* test(google-meet): assert /navigate target id is adopted in reused tabs

* fix(google-meet): preserve active call tabs and normalize English before recovery

* fix(google-meet): preserve localized active tabs

* test(google-meet): avoid shadowing path import

* test(google-meet): align mocks with English-pinned tab reuse

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 00:11:00 -07:00
Peter Steinberger
87618930db fix(google-meet): align DTMF delay metadata (#104119)
* fix(google-meet): align DTMF delay metadata

Co-authored-by: llagy007 <0668001470@xydigit.com>

* chore: defer Google Meet release note

---------

Co-authored-by: llagy007 <0668001470@xydigit.com>
2026-07-10 22:43:28 -07:00
Peter Steinberger
dba64d574f chore(release): set version to 2026.7.2 2026-07-11 04:00:49 +01:00
Peter Steinberger
e8fcc93cd3 fix(talk): await realtime tool result delivery (#103268)
* fix(talk): await realtime tool result delivery

* fix(talk): terminally cancel queued results

* chore: keep release changelog out of PR

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-09 20:11:20 -07:00
lzyyzznl
57c468ca1b fix(google-meet): use truncateUtf16Safe for log value truncation (#102617)
* fix(google-meet): use truncateUtf16Safe for log value truncation

One .slice(0, 180) truncation site in the Google Meet extension
may cut UTF-16 surrogate pairs in half when the log value contains
multi-byte characters such as emoji. Replace it with
truncateUtf16Safe to keep the truncated output valid Unicode.

* test(google-meet): cover UTF-16 model log boundary

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:40:26 +01:00
wangmiao0668000666
51b4e78c33 fix(google-meet): bound Google API requests (#102149)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:39:34 +01:00
wangmiao0668000666
28bbbe4f60 fix(google-meet): bound Calendar event lookups (#102157)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 06:12:24 +01:00
wangmiao0668000666
624dfa6cf6 fix(google-meet): contain node host stream failures (#102105)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 05:59:35 +01:00
Peter Steinberger
f85d438164 fix(google-meet): keep Meet sessions on the agent that joined them (#102331)
* fix(google-meet): preserve routed agent across session reuse

* chore: defer google meet release note to release closeout

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-08 18:52:04 -07:00
Tran Quang
19f7b72a74 fix(voice-call): preserve per-call agent routing (#77763)
* fix(voice-call): preserve per-call agent routing

Co-authored-by: Tran Quang <randytran8800@gmail.com>

* chore: keep release notes in PR metadata

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-08 07:06:35 +01:00
Vincent Koc
827f2c4422 refactor(google-meet): localize internal declarations (#102010) 2026-07-07 21:02:55 -07:00
Alix-007
5fd5bf2aee fix(google-meet): handle stdout/stderr stream errors in local audio bridge (#101596)
* fix(google-meet): handle stdout/stderr stream errors in local audio bridge

* test(google-meet): prove command bridge stream errors
2026-07-07 18:36:20 -07:00
Vincent Koc
b88f80940a refactor: localize internal implementation symbols (#101831) 2026-07-07 10:23:36 -07:00
Vincent Koc
3d206140f3 refactor: localize internal implementation constants (#101758) 2026-07-07 08:34:13 -07:00
huangjianxiong
783c0aec50 fix(google-meet): bound JSON response body reads to prevent OOM (#98850)
* fix(google-meet): bound JSON response body reads to prevent OOM

Replace raw response.json() with readProviderJsonResponse (16 MiB cap)
across meet.ts, calendar.ts, and oauth.ts to prevent unbounded memory
allocation from oversized HTTP response bodies.

Also extract duplicated hasConfig check in createGoogleMeetSpace.

Test: loopback HTTP server test with 4 MiB oversized body + valid body.

* fix(test): prove readProviderJsonResponse bounds the 200 success path

Replace loopback server with synthetic Response objects. The oversized
test now returns HTTP 200 with a 17 MiB body — readProviderJsonResponse
rejects it at its 16 MiB cap, proving the bounded read fires on the
success path (not just the already-bounded 500 error path the old test
exercised).

Ref. https://github.com/openclaw/openclaw/pull/98850

* fix(test): add real HTTP transport integration tests for bounded JSON reads

- Add two vitest integration tests that start a real local TCP server,
  fetch through native HTTP transport, and verify readProviderJsonResponse
  correctly rejects oversized responses and passes normal ones.
- Existing synthetic-boundary tests unchanged.

Ref. https://github.com/openclaw/openclaw/pull/98850

* fix(test): wrap server.listen in promise executor to satisfy oxlint no-promise-executor-return

* fix(google-meet): add real SSRF-guard transport integration tests for bounded JSON reads

Adds two new integration tests that route meet.googleapis.com requests
through a local TCP server via spyOnGoogleMeetFetch, exercising the
actual fetchGoogleMeetSpace function end-to-end through the SSRF guard
mock. This addresses ClawSweeper review feedback requesting real
transport-level proof of the bounded read contract.

* fix(google-meet): preserve original fetch reference in spyOnGoogleMeetFetch to avoid recursion

The mockImplementation replaced globalThis.fetch, so calling fetch() inside
the mock called the mock itself. Capture globalThis.fetch before spying and
use the saved reference inside the implementation to avoid infinite recursion.

* fix(google-meet): add console.log debug output to loopback proof tests

Add structured console.log evidence markers to the four real HTTP
transport integration tests so that reviewers can see the bounded-read
contract working through actual TCP connections. Format matches the
established pattern from Alix-007's approved bound-read PRs.

* Revert "fix(google-meet): add console.log debug output to loopback proof tests"

This reverts commit e64c26d17e.

* fix(google-meet): tighten response body limits

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 02:34:08 -04:00
Dallin Romney
bfffa950d7 refactor(plugin-sdk): consolidate tool result helpers (#99740)
* refactor(plugin-sdk): consolidate tool result helpers

* docs(plugin-sdk): tighten tool result guidance

* refactor(feishu): use tool results directly
2026-07-04 16:50:44 -07:00
Peter Steinberger
614e87cce1 chore: update dependencies (#100027) 2026-07-04 14:56:50 -04:00
Chen Chia Yang
5342effebc fix(google-meet): force English Meet UI via hl=en so automation works on any locale (#89671)
Summary:
- The branch adds `forceMeetEnglishUi()` for Google Meet URLs, applies it to join/create browser opens, canonicalizes browser-created meeting links, and updates focused Google Meet tests.
- PR surface: Source +18, Tests +19. Total +37 across 6 files.
- Reproducibility: yes. Current main opens raw Meet URLs while the browser automation matches English-only lab ... R body provides after-fix CDP output showing non-English pages render expected English labels with `hl=en`.

Automerge notes:
- PR branch already contained follow-up commit before automerge: chore(tooling): add unused agent-cache-store files to knip optional a…
- PR branch already contained follow-up commit before automerge: fix(google-meet): repair non-Latin mic regex matching boundary
- PR branch already contained follow-up commit before automerge: revert(tooling): preserve current main deadcode allowlist guard
- PR branch already contained follow-up commit before automerge: revert(tooling): perfectly match origin/main deadcode list
- PR branch already contained follow-up commit before automerge: revert: match origin/main deadcode list exactly

Validation:
- ClawSweeper review passed for head 880a41b6f0.
- Required merge gates passed before the squash merge.

Prepared head SHA: 880a41b6f0
Review: https://github.com/openclaw/openclaw/pull/89671#issuecomment-4608725456

Co-authored-by: Chen Chia Yang <unayung@gmail.com>
Approved-by: hxy91819
2026-07-03 15:00:34 +00:00
Dallin Romney
59b08b4693 refactor(shared): consolidate remaining channel lazy loaders (#99302) 2026-07-02 19:08:11 -07:00
Vincent Koc
3e2646a786 fix(release): use workspace host deps in release lockfile
(cherry picked from commit d377c0f910)
2026-06-30 15:54:12 -07:00
Vincent Koc
66e676d29b chore(release): close out 2026.6.11 on main 2026-06-30 11:31:08 -07:00
Jiaming Guo
456c48f368 fix(gateway): require admin scope for browser proxy invoke (#85916)
* fix(gateway): require admin scope for browser proxy invoke

* fix(gateway): document trusted node scopes

* fix(gateway): align browser scope test

* fix(gateway): satisfy node test lint

---------

Co-authored-by: Agustin Rivera <agustin@rivera-web.com>
2026-06-29 16:23:02 -07:00
Yuval Dinodia
38ab207591 fix(google-meet): fall back to manual OAuth paste when callback port is occupied (#96492)
The Google Meet OAuth login binds a fixed localhost:8085 callback listener
and let listener failures propagate, so meet auth login aborted entirely when
port 8085 was already in use. The sibling Gemini CLI OAuth path already
recovers by switching to the manual copy/paste flow on EADDRINUSE/listen
errors; bring Google Meet to parity by catching listener errors and reusing
the existing manual-paste handler instead of failing the login.
2026-06-29 11:20:21 -07:00
Alix-007
2001b15f5b fix(google-meet): bound Drive document export reads to prevent OOM (#97620)
* fix(google-meet): bound Drive document export reads to prevent OOM

* test(google-meet): return full guarded fetch result

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-06-28 19:57:01 -07:00
Josh Avant
448b7c75b6 Stabilize Google Meet chrome-node launch config (#96908) 2026-06-25 22:11:57 -05:00
Vincent Koc
0671c08900 chore(release): close out 2026.6.10 on main (#96271)
* chore(release): close out 2026.6.10 on main

* chore(release): align native app metadata for 2026.6.10

* chore(release): sync Android 2026.6.10 notes

* docs(changelog): preserve 2026.6.9 history

* docs(changelog): preserve 2026.6.9 history
2026-06-24 11:51:14 +08:00
Patrick Erichsen
0feffda3fc fix(plugins): remove simpleicons icon color paths (#95987) 2026-06-23 12:16:02 -07:00
Patrick Erichsen
0a97f73402 feat: add bundled plugin icon manifest URLs (#95845) 2026-06-22 22:14:18 -07:00
Vincent Koc
b039e949b6 chore(release): close out 2026.6.9 2026-06-21 12:24:15 +08:00
Vincent Koc
917a0f3052 refactor(extensions): drop private alias exports 2026-06-19 21:43:24 +08:00
Vincent Koc
0de3d47195 fix(google-meet): bound google api error bodies 2026-06-19 14:06:36 +02:00
Vincent Koc
e55a637537 refactor(google-meet): dedupe bridge process cleanup 2026-06-18 12:30:19 +08:00
Vincent Koc
00d2452fac chore(release): refresh npm shrinkwrap versions 2026-06-17 07:32:37 +08:00
Vincent Koc
6774e7f259 chore(release): sync main to 2026.6.8 2026-06-17 07:25:30 +08:00
Shakker
920e6a8eec chore: set version 2026.6.9 2026-06-16 19:54:07 +01:00
Goutam Adwant
2c286c3465 fix(google-meet): declare realtime provider secret inputs (#93677)
* fix(google-meet): declare realtime provider secret inputs

* test(secrets): cover Google Meet installed manifest

---------

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-06-17 01:58:37 +08:00
Peter Steinberger
96e5812426 docs: document medium extension sources 2026-06-04 21:33:54 -04:00
Peter Steinberger
1878ca0820 chore(release): prepare 2026.6.2 beta 2026-06-04 00:06:52 +01:00
Peter Steinberger
e254346bc2 chore(release): prepare 2026.6.3 beta 2026-06-03 23:42:34 +01:00
Peter Steinberger
a14eacf372 chore(release): set version 2026.6.2 2026-06-01 23:06:55 +01:00
Peter Steinberger
8e28c773fe chore(release): prepare 2026.6.1 2026-06-01 10:30:15 +01:00
Peter Steinberger
27dde7a4d6 chore(lint): enable stricter error rules 2026-06-01 01:12:21 +01:00