Commit Graph

15644 Commits

Author SHA1 Message Date
davelutztx
8aaf9fc6bc fix(discord): send fresh final messages after previews (#99711)
* fix(discord): send fresh final messages after previews

* fix(discord): suppress broadcast mentions on fresh finals

* docs(changelog): note Discord streamed final fix

* fix(discord): stabilize targeted mention policy

---------

Co-authored-by: Dave Lutz <dave@lutzfamily.net>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 19:14:09 +01:00
Ben.Li
6bc661ce14 fix(msteams): bound Bot Framework attachmentInfo JSON response reads (#99125)
* fix(msteams): bound Bot Framework attachmentInfo JSON response reads

* test(msteams): prove attachmentInfo stream cancellation
2026-07-06 19:07:24 +01:00
xingzhou
f805bb4e02 fix(feishu): avoid mention forwarding when bot open id is unavailable (#100891)
* fix(feishu): avoid forwarding mentions without bot open id

* fix(feishu): require bot identity for mention forwarding

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 18:54:02 +01:00
Peter Steinberger
b3e68a093c fix(lmstudio): honor embedding preload context (#100750)
Co-authored-by: Zakaria Rahali <zakariarahali288@gmail.com>
Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
2026-07-06 18:28:48 +01:00
Vincent Koc
3ad77774f0 fix: carry 2026.7.1 stability repairs into main (#101043)
* fix(telegram): throttle reconnect delivery drains

(cherry picked from commit 7182c74d04)

* fix(agents): honor aborts during session lock acquisition

(cherry picked from commit 6443c2a552)

* fix(cli): prefer installed launcher package roots

(cherry picked from commit 37e1b324db)

* fix(e2e): allow Linux onboarding to finish

(cherry picked from commit 88192552a0)

* fix(e2e): scrub single-plugin allowlists on Windows

(cherry picked from commit bee5dee521)

* fix(e2e): preserve Windows config shape during updates

(cherry picked from commit a580a7fe3f)
2026-07-06 10:17:36 -07:00
Vincent Koc
bf8626c0e9 feat(providers): add LongCat API support (#100501)
* fix(ai): honor provider reasoning compatibility

* feat(longcat): add hosted provider plugin

* chore(longcat): register package metadata

* docs(longcat): add provider setup guide

* docs(longcat): document self-hosted model routing

* refactor(longcat): externalize provider plugin

* chore(longcat): add npm release artifacts
2026-07-06 10:07:08 -07:00
NIO
db334b3cf7 fix(qa-channel): bound bus JSON response reads (#99169)
Co-authored-by: NIO <nocodet@mail.com>
2026-07-06 13:02:42 -04:00
NIO
2e967ea61d fix(google): bound OAuth JSON response reads (#97587)
Co-authored-by: NIO <nocodet@mail.com>
2026-07-06 13:01:25 -04:00
Gio Della-Libera
5b06eba9fe policy: repair required deny tool findings (#99700) 2026-07-06 09:56:03 -07:00
Peter Steinberger
bfb89d3ea6 fix(discord): limit implicit reply fanout (#100784)
* fix(discord): limit implicit reply fanout

Co-authored-by: qingminlong <qing.minlong@xydigit.com>

* fix(discord): preserve oversized fallback fanout

* refactor(discord): make reply metadata per-message

* fix(discord): keep reply receipts serializable

* docs(changelog): defer Discord entry to release

* refactor(discord): model native reply fanout

---------

Co-authored-by: qingminlong <qing.minlong@xydigit.com>
2026-07-06 17:55:23 +01:00
cxbAsDev
68487e4c1e fix(codex): honor timeoutSeconds for dynamic tool calls when timeoutMs is absent (#100722)
* fix(codex): honor timeoutSeconds for dynamic tool calls when timeoutMs is absent

* fix(codex): enforce integer timeoutSeconds and cover side-question path

* chore(proof): extend codex timeoutSeconds proof to side-question path and fractional rejection

* fix(codex): leave headroom when arming watchdog from timeoutSeconds

* fix(codex): preserve dynamic tool timeout budgets

* test(codex): satisfy dynamic tool response types

* test(codex): type structured timeout promise

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:52:51 +01:00
Mukunda Rao Katta
675045f49f fix(browser): read Windows Chrome version from build dir in doctor (#87937)
* fix(browser): read Windows Chrome version metadata

Read PE ProductVersion before a conservative unambiguous install-layout fallback, without interpolating configured paths into PowerShell code.\n\nCo-authored-by: Mukunda Rao Katta <mukunda.vjcs6@gmail.com>

* style(browser): clarify Windows version probe

* fix(browser): use trusted Windows PowerShell path

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:50:34 +01:00
ZZIPP
979d198fd1 fix(media): recognize m2a as MPEG audio (#92167)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:48:37 +01:00
Peter Steinberger
cc147c6a40 test(discord): align websocket mock constructor type 2026-07-06 12:30:35 -04:00
Dallin Romney
5af7ba92ce refactor: consolidate byte-size formatting (#99768)
* refactor: consolidate byte-size formatting

* fix: stabilize byte formatter import boundary

* fix: keep byte formatter within SDK budget

* fix: emit byte formatter package entry

* refactor: trim byte formatter surface

* fix: use narrow byte formatter import

* refactor: remove byte formatter dependency changes

* fix: refresh rebased byte formatter baseline
2026-07-06 09:26:04 -07:00
Dallin Romney
b29d472e41 refactor(qa): add canonical live channel adapters (#99707) 2026-07-06 09:24:34 -07:00
Huvee
edbf204537 fix(memory-wiki): fail with a readable error when the shared memory manager violates the contract (#100902)
searchMemoryWiki called sharedMemoryManager.search() and getMemoryWikiPage
called manager.readFile() with only a truthiness guard. A memory plugin
whose runtime returns a manager that does not implement the
MemorySearchManager contract crashed shared-backend wiki search with
"sharedMemoryManager.search is not a function" from inside the bundle --
@mem0/openclaw-mem0 <= 1.0.14 registered exactly such a partial manager
(status/probeEmbeddingAvailability/close only).

Guard both call sites and throw an actionable error instead: name the
missing contract method and point at search.backend="local" for wiki-only
access.
2026-07-06 09:20:43 -07:00
Huvee
ddddb3dec1 fix(memory-wiki): drop malformed public artifacts and honor readMemoryArtifacts in status (#100900)
Two crashes when a memory plugin misbehaves in bridge mode:

- listActiveMemoryPublicArtifacts sorted plugin-returned artifacts
without
  validating them; an artifact missing any of the string fields the
  comparator dereferences (kind, workspaceDir, relativePath,
absolutePath,
  contentType) crashed wiki status and every other bridge consumer with
  "Cannot read properties of undefined (reading 'localeCompare')".
  @mem0/openclaw-mem0 <= 1.0.14 shipped record-shaped artifacts with
none
  of those fields, typed against a drifted SDK stub. Validate the shape,
  drop malformed entries (and non-array listings), and warn once naming
  the offending plugin -- the same treatment agentIds already got.

- resolveMemoryWikiStatus gated artifact counting on vaultMode/enabled
but
  not bridge.readMemoryArtifacts, so the wiki.status gateway method
still
  enumerated artifacts (and hit the crash above) with the flag off, even
  though the sync path (bridge.ts) and CLI gateway routing honor it. The
  documented workaround therefore never worked for the wiki_status agent
  tool. Add the flag to the gate; the count reports null when imports
are
  disabled, matching non-bridge modes.
2026-07-06 09:14:21 -07:00
sunlit-deng
de1bac6bc0 fix(discord): bound gateway websocket payloads (#99998)
* fix(discord): bound gateway websocket payloads

* fix(discord): raise gateway payload cap for large events

* refactor(discord): centralize gateway websocket policy

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:09:38 +01:00
machine3at
1021784c85 fix(telegram): stop local listener and bot on retry loop non-recoverable error (#100863)
* fix(telegram): stop local listener and bot on retry loop non-recoverable error

* fix(telegram): reuse webhook shutdown on setup failure

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:09:34 +01:00
machine3at
dbb70549be fix(telegram): pass proxy and apiRoot config when resolving runtime target usernames (#100868)
* fix(telegram): pass proxy and apiRoot config when resolving runtime target usernames

* fix(protocol,telegram): fix duplicate worktree exports and update resolveTargets test types

* fix(telegram): honor runtime routing in target resolution

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:06:18 +01:00
Vincent Koc
8fc88be216 refactor(workboard): localize private store types (#100989) 2026-07-06 09:01:01 -07:00
Vincent Koc
123ec165bb fix(codex): extend native hook relay timeout 2026-07-06 08:59:04 -07:00
Peter Steinberger
dc600d4a77 feat(diffs): changed-files summary nav for multi-file patch diffs (#100753)
* feat(diffs): add changed-files summary nav for multi-file patch diffs

* docs: regenerate docs map for diffs multi-file navigation section

* fix(diffs): respect reduced motion in summary navigation
2026-07-06 16:55:56 +01:00
Yzx
8547682dd6 fix(discord): keep default account online when adding named accounts (#96401)
* fix(discord): keep default SecretRef active with named accounts

* fix(discord): align implicit default secret surfaces

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 16:51:04 +01:00
Goutam Adwant
b82e3c1481 fix(gateway): hot-reload browser profile config (#93827)
* fix(gateway): hot-reload browser profile config

* refactor(gateway): cache reload rule specificity

* fix(gateway): pin reload policy to gateway registry

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 16:43:34 +01:00
Vincent Koc
e311943700 refactor(telegram): localize private implementation types (#100975) 2026-07-06 08:37:16 -07:00
Masato Hoshino
a327cec143 fix(discord): surface failed bulk reaction removals instead of false success (#90038) 2026-07-06 16:21:53 +01:00
rhclaw
0251e8ef7f fix(browser): preserve HTTP status in node-proxied browser errors (#89086)
* fix(browser): preserve HTTP status in node-proxied browser errors

The node browser proxy (runBrowserProxyCommand) collapsed a >=400 browser-route
response into new Error(<body.error>), dropping the HTTP status. That error
crosses the node.invoke boundary as a plain string (Error properties are not
preserved over the RPC), so the gateway's stale-target retry classifier — which
keys off a leading <status>: token (msg.includes("404:") && msg.includes("tab
not found")) — never matches a node-proxied "tab not found". The drop-targetId
retry never fires and the stale-targetId error surfaces to the agent instead.

Prefix the status onto the message ("404: tab not found", "403: action
targetId must match request targetId") so the existing gateway classification
and retry work through the node proxy. Pure formatting change in the >=400
branch; validation/timeout error paths are untouched.

Tests: extensions/browser invoke-browser suite — 14/14 pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fix(browser): harden node proxy status errors

* docs(changelog): credit browser proxy status fix

* chore: defer browser proxy release note

---------

Co-authored-by: rhclaw <260109027+rhclaw@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 15:55:39 +01:00
Vincent Koc
94a0d2ec3b test: align shifted main assertions (#100897) 2026-07-06 07:24:26 -07:00
mushuiyu886
9042e8020f fix(memory): fall back to wiki for missing all-corpus reads (#100904)
* Fix memory_get all supplement fallback

* refactor(memory): use typed missing-read contract

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-06 07:19:51 -07:00
Vincent Koc
25a7708f19 fix(feishu): send card JSON message params as cards (#100883)
* fix(feishu): send plain card JSON as interactive cards

Co-authored-by: martingarramon <263922628+martingarramon@users.noreply.github.com>

* fix(clownfish): address review for gitcrawl-21-autonomous-drip-20260706 (1)

Co-authored-by: martingarramon <263922628+martingarramon@users.noreply.github.com>

* fix(feishu): preserve native card compatibility

Reported-by: @ZenoRewn
Co-authored-by: martingarramon <263922628+martingarramon@users.noreply.github.com>

* fix(feishu): fix native card fallback precedence

* fix(feishu): fix native card fallback precedence

---------

Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
Co-authored-by: martingarramon <263922628+martingarramon@users.noreply.github.com>
2026-07-06 06:22:36 -07:00
xingzhou
5aa7c6267c fix(irc): monitor stays disconnected after IRC socket closes (#100799) 2026-07-06 06:07:12 -07:00
Vincent Koc
6418e196b1 refactor: remove unused internal exports (#100882) 2026-07-06 05:59:18 -07:00
Jesse Merhi
5cd71db85e fix(diagnostics-otel): route OTLP exports through env proxy
* fix(diagnostics-otel): route OTLP exports through env proxy

* fix(diagnostics-otel): harden OTLP proxy agent options

* fix(ci): refresh rebased gateway checks

* fix(ci): avoid proxy boundary scan
2026-07-06 22:52:22 +10:00
Vincent Koc
c3501761da test(qa): allow deleted progress in private final check 2026-07-06 05:49:48 -07:00
Peter Steinberger
ce36a13ad2 fix(browser): foreground tabs before screenshots (#100857)
Co-authored-by: Spencer Fuller <spencer.p.fuller@gmail.com>
2026-07-06 12:57:45 +01:00
Vincent Koc
e7d43db52f test(codex): make side tool abort test deterministic 2026-07-06 13:47:54 +02:00
Peter Steinberger
f53346944d feat: correlate native search outcomes in audit history (#98704)
* feat: correlate native search outcomes in audit history

Metadata-only audit ledger for agent runs and tool actions in the shared
state DB: stable event identity, closed action/status/error vocabularies,
one-way-hashed tool-call ids, never-inferred terminal outcomes for native
web-search (explicit completed/failed only; otherwise unknown), bounded
retention, audit.list gateway RPC and openclaw audit CLI. Squashed from
the 82-commit audit stack for replay onto current main.

* feat(audit): add audit.enabled config gate (default on)

The metadata-only audit ledger records by default: an audit trail enabled
only after an incident cannot explain the incident, and the rows are
strictly less sensitive than the transcripts every install already
stores. audit.enabled=false stops new writes at the gateway subscription
seam; audit.list and openclaw audit keep serving existing records until
they expire. Documented in the configuration reference, protocol page,
and CLI reference.

* fix: repair full-matrix CI findings after rebase

- break the dynamic-tools/dynamic-tool-execution import cycle by
  extracting resolveCodexToolAbortTerminalReason into a leaf module
- restore main's session-worktree protocol exports lost in the
  index.ts auto-merge
- register the audit event writer worker as a knip entry point
- docs table formatting; subagent wait-cancellation test scoped to its
  audit intent (outcome + timing) and advanced past main's new
  lifecycle-timeout retry grace
2026-07-06 12:30:12 +01:00
Peter Steinberger
827402243d feat: add Anthropic and OpenAI cost history (#100672)
* feat(providers): add admin cost history

* fix(ui): sync cron raw-copy baseline

* fix(usage): harden provider cost credentials

* fix(ui): refresh raw-copy baseline

* docs: refresh documentation map

* fix(ci): sync provider usage baselines

* fix(ui): hide zero-cost history bars

* docs(changelog): defer provider cost note
2026-07-06 12:06:55 +01:00
Ishan Godawatta
a53565f6df fix: normalise wiki lint targets (#100017)
* fix: normalise wiki lint targets

* fix: preserve wiki title queries
2026-07-06 04:03:15 -07:00
Peter Steinberger
e1595d5a96 fix(browser): clean up peer-scoped tabs on reset (#100792)
Co-authored-by: FMLS <kfliuyang@gmail.com>
2026-07-06 11:56:47 +01:00
Vincent Koc
17777b3a9f refactor: remove proven dead code across runtime surfaces (#100823)
* refactor: remove unused internal helpers

* refactor(ui): remove unused compatibility helpers

* refactor(android): remove unused talk cleanup shim

* refactor(android): remove orphaned legacy UI

* refactor: remove unused private exports

* refactor(docs-i18n): remove dead matcher and satisfy lint
2026-07-06 03:31:19 -07:00
xydt-tanshanshan
738654d20c fix(memory): add batch completed log after embedding batch finishes (#94732)
* [AI] fix(memory): add batch completed and batch failed logs for embedding ops

The embedBatchWithRetry function logged 'batch start' but never logged
'batch completed' or 'batch failed' after the embedding batch call,
leaving operators with no post-request feedback. When batches hang or
time out, only 'batch start' appears in logs with no diagnostic signal.

Add 'batch completed' log after runEmbeddingOperationWithTimeout success
and 'batch failed' log in the catch handler. This is an observability
improvement, not a functional fix for the underlying hang (#93312).

Related to #93312

* [AI] fix(memory): use formatErrorMessage for embedding batch error log

Replace String(err) with formatErrorMessage(err) in the batch failed
catch handler to redact sensitive provider error text (e.g. API keys
and tokens embedded in error messages) before logging.

Related to #94732

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-06 03:10:51 -07:00
Alex Knight
3221d43d89 fix(openai): image generation unavailable when openai provider set via config apiKey + custom baseUrl (#100745)
* fix(openai): treat a config apiKey as configured for image generation

The openai image provider's isConfigured only consulted env vars / auth
profiles (isProviderApiKeyConfigured) and considered a config apiKey only
inside that env/profile-gated branch. A provider apiKey supplied directly in
config (models.providers.openai.apiKey) — e.g. an AI-gateway token alongside a
custom baseUrl — was reported as not-configured, even though the generate path
resolves exactly that credential via resolveApiKeyForProvider and honors the
config baseUrl. This made image generation behave differently from chat models,
which authenticate purely from provider config.

Recognize a config apiKey as configured so image generation works purely from
config, like chat, with no OPENAI_API_KEY env var or auth profile. Env/profile
and Codex/ChatGPT-OAuth branches are unchanged. Formatting verified with oxfmt
--check (no node_modules in this worktree); full tests run in CI/Testbox.

* fix(openai): require a non-empty config apiKey for image readiness

* fix(openai): normalize config apiKey readiness via hasConfiguredSecretInput

---------

Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>
2026-07-06 19:54:44 +10:00
Alex Knight
7634c8118b fix(google): image generation unavailable when google provider set via config apiKey + custom baseUrl (#100779)
* fix(google): image generation unavailable when google provider set via config apiKey + custom baseUrl

* test(google): satisfy required baseUrl in provider config fixture

* fix(google): normalize config apiKey readiness via hasConfiguredSecretInput

---------

Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>
2026-07-06 19:54:10 +10:00
lzw112
22dfb15048 fix(telegram): add missing 'action' retry context for sendChatAction (#100762)
* fix(telegram): add missing 'action' retry context for sendChatAction

* fix(telegram): cover all sendChatAction retry paths

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-06 02:33:57 -07:00
Vincent Koc
c9abc75884 refactor: remove dead code and consolidate repeated paths (#100650)
* refactor(search): reuse provider setup finalizer

* refactor(android): remove unused helpers

* refactor(apps): remove unused Swift declarations

* refactor(diagnostics): reuse private reply delivery

* refactor(memory): reuse raw short-term store writer

* refactor(logbook): reuse batch row mapping

* refactor(scripts): centralize oxlint format policy

* refactor(memory): share qmd cache context hashing

* refactor(doctor): share auth issue classification

* chore(i18n): refresh native source inventory
2026-07-06 02:24:37 -07:00
Lu Wang
314c53b814 fix(telegram): extract canonical rich block text (#100570) 2026-07-06 09:12:25 +00:00
Peter Steinberger
d6801f23d4 feat(browser): restore driver "extension" via a loopback Chrome extension relay (no remote-debugging prompt) (#100619)
* feat(browser): restore driver "extension" via loopback Chrome extension relay

Reintroduces browser profile driver "extension" (removed in 2026.3.22) as a
loopback relay that drives the user's signed-in Chrome through an MV3 extension
instead of the remote-debugging port. This avoids Chrome's blocking "Allow
remote debugging?" prompt, which cannot be clicked when the operator drives
OpenClaw from a phone. Automated tabs live in an "OpenClaw" tab group (the
consent boundary), mirroring the Codex/Claude-in-Chrome model.

- relay bridge synthesizes the CDP browser target surface for Playwright
  connectOverCDP and forwards session-scoped commands to chrome.debugger
- relay server binds loopback only; both sides authenticate with a token
  derived (HMAC-SHA256) from gateway auth, so the raw credential never reaches
  Chrome; extension origin + loopback Host checks guard the upgrade
- built-in "chrome" profile; distinct relay ports per extension profile;
  relay reconciles on auth rotation / cdpPort change and prunes removed profiles
- doctor + status surface the extension transport; doctor keeps repairing the
  retired relay endpoint URL on legacy "extension" profiles

Refs #53599

* feat(browser): bundle the OpenClaw MV3 Chrome extension

Thin MV3 extension (chrome-extension/): a WebSocket client to the loopback
relay plus chrome.debugger forwarding and OpenClaw tab-group management. All
CDP target synthesis lives server-side in the relay bridge, so the extension
stays a dumb transport (the removed 2026.3 extension put that logic in a
1000-line untestable service worker). Popup handles pairing and per-tab share
toggle; `openclaw browser extension path|pair` load and pair it. A build copy
hook stages it into dist so the load path is stable.

Refs #53599

* docs(browser): document the Chrome extension profile

Adds docs/tools/chrome-extension for the restored extension driver (install,
pair, tab-group consent model, security posture) and wires it into the browser
docs profile section and nav.

Refs #53599

* feat(browser): make the extension relay work on remote browser nodes

Derives the relay auth token from a host-local secret in the credentials dir
(created on first use) instead of gateway auth. Each machine that runs a
browser — the gateway host and every browser node host — owns its own token, so
the extension pairs with whichever machine hosts its Chrome and no gateway
credential travels to a node. The node host already runs the shared browser
control bootstrap, so this is all that was missing for cross-machine control.

Also removes the "relay needs gateway auth before it can start" failure mode:
startup and `openclaw browser extension pair` ensure the secret exists.

Refs #53599

* fix(browser): harden relay secret creation and satisfy CI lint/typecheck

- Make the host-local relay secret creation atomic (O_CREAT|O_EXCL + adopt the
  winner on EEXIST) so the gateway service and `extension pair` CLI cannot mint
  divergent tokens on a fresh host (would 401 until restart); credentials dir
  created mode 0700. (adversarial review finding)
- Resolve type-aware oxlint findings across the relay + extension: unknown catch
  vars, addEventListener over ws.on* in the MV3 worker, void async listeners,
  drop useless returns/spreads, Object.assign over map-spread, safe ws frame
  decode (Buffer[]/ArrayBuffer), toSorted.
- Add extensionRelayDefaultPort/extensionRelayPorts to remaining test config
  literals; type the extension relay-core module (.d.ts, excluded from dist);
  regenerate docs_map.

* fix(browser): satisfy OpenGrep security policy on the relay

- Hash both operands before timingSafeEqual so token comparison has no
  length short-circuit (GHSA-JJ6Q-RRRF-H66H).
- Bound the relay WebSocketServer with maxPayload (64 MiB, headroom for CDP
  screenshots/bodies) against oversized frames (GHSA-VW3H-Q6XQ-JJM5).
- Rewrite the config test env helper to avoid the skill-env-host-injection
  shape (GHSA-82G8-464F-2MV7); it is a test-only env swap.
2026-07-06 10:08:27 +01:00