* fix(oc-path): report UTF-8 byte counts in set command output
Use Buffer.byteLength(newBytes, 'utf8') instead of string.length
for bytesWritten and dry-run byte reports. JavaScript's string.length
counts UTF-16 code units which undercounts multi-byte characters
when writing UTF-8 files.
Co-Authored-By: Claude <noreply@anthropic.com>
* test(oc-path): cover human UTF-8 dry-run count
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(qa-lab): keep telegram QA progress detail truncation UTF-16 safe
Replaces .slice(0, TELEGRAM_QA_PROGRESS_DETAIL_LIMIT - 3) with
truncateUtf16Safe() so that emoji straddling the length boundary do not
produce lone surrogates that render as � in Telegram QA progress output.
The existing code-unit limit remains unchanged.
* fix(qa-lab): tighten UTF-16 regression case to actually cross the cut
Use 236 ASCII prefix so the raw .slice(0, 237) keeps only the high
surrogate of the emoji at indices [236, 237]. With 237 ASCII prefix the
old formatter excluded the whole emoji and the test never exercised the
defect.
ClawSweeper P2 fix: the regression test now fails on current main's
raw .slice and passes with truncateUtf16Safe.
* test(qa-lab): tighten UTF-16 truncation controls
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* feat(openai): recognize GPT-Live realtime models and fail closed with guidance
OpenAI's gpt-live-1/gpt-live-1-mini full-duplex voice models are API
early-access only and use a WebRTC-only quicksilver session protocol with
handoff-based agent delegation that OpenClaw's realtime transports do not
implement yet. Configuring a gpt-live-* model now produces actionable
configuration errors on the realtime WebSocket bridge and Talk browser
sessions instead of opaque provider errors or audio-only sessions without
agent access. GA gpt-realtime behavior unchanged; default model stays
gpt-realtime-2.1.
Related: #104683
* test(openai): narrow browser session union before asserting offerUrl
* fix(slack): use endsWith instead of includes for _all_ action_id matching
* fix(slack): codify bulk action IDs and add confirmation regressions
Extract isSlackBulkActionId() with the documented _all suffix grammar,
use it for bulk-row detection, and add whole-path chat.update tests for
bulk-row cleanup plus deploy_all_services false-positive control.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(slack): use OpenClaw bulk block marker instead of _all suffix
Replace global endsWith("_all") bulk detection with an explicit
openclaw:bulk: block_id prefix and closed action IDs, export a shared
producer helper, and add live Slack chat.update proof for bulk-row
removal and deploy_all_services preservation.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(slack): keep bulk contract private and add legacy upgrade path
Drop speculative bulk-action exports from the Slack plugin API, keep
accepted ID collections private and immutable, and recognize legacy bare
select_all/deselect_all rows while still rejecting deploy_all_services
false positives.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(slack): drop unsupported bare bulk compatibility branch
Remove the legacy select_all/deselect_all classifier that overmatched
single-ID and duplicate-ID rows, and add negative whole-path regressions
preserving unrelated custom action rows.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(slack): remove unsupported bulk-row cleanup heuristic
Delete the undocumented bulk-row inference and namespaced replacement
contract. Confirmation updates now replace only the selected actions row
and preserve every other authored Block Kit row.
* refactor(slack): tighten interaction confirmation fix
* chore(changelog): preserve historical TTS entries
* chore(slack): move release note to PR body
---------
Co-authored-by: zw-xysk <zw-xysk@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(crabbox): preserve UTF-16 boundaries in CLI failure detail truncation
commandDetail replaced raw .slice(0, MAX_ERROR_DETAIL_CHARS) with
truncateUtf16Safe on the whitespace-compressed error detail output.
A 511-code-unit prefix with an emoji at the boundary produces a lone
high surrogate (U+D83D) on current main; the shared surrogate-aware
helper backs the cut up to preserve well-formed UTF-16.
* fix(crabbox): add provider-path UTF-16 regression test for inspect boundary
The existing test exercised commandDetail directly; ClawSweeper's P1
requires proof through the real provider boundary. The new test calls
provider.inspect() with a CLI runner that returns 511 ASCII + emoji in
stderr, proving commandDetail → truncateUtf16Safe works through the
full inspect → commandError → commandDetail chain.
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor(crabbox): keep error proof on provider path
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(outbound): preserve backticks on <code> tags with attributes
The plain-text sanitizer only matched bare <code> openers, so attributed
variants such as <code class="language-ts"> lost their backtick wrapping
and were stripped to raw text before channel delivery.
Allow optional attributes on the opening <code> tag, consistent with the
existing handling for <h[1-6]> and <li> in the same function.
Fixes#104117
* fix(outbound): preserve attributed inline formatting
Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
* test(outbound): compact attributed tag coverage
* fix(outbound): normalize attributed formatting tags
* docs(outbound): clarify attribute normalization invariant
* fix(outbound): preserve native formatting semantics
* docs(plugin-sdk): document sanitizer markup styles
* docs(plugin-sdk): refresh docs map
---------
Co-authored-by: moguangyu5-design <moguangyu5-design@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
* fix(file-transfer): audit dir fetch archive size
* test(file-transfer): guard dir fetch audit archive test on Windows
* test(file-transfer): format dir fetch audit guard
* fix(file-transfer): verify directory archive audit metadata
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>