Commit Graph

15644 Commits

Author SHA1 Message Date
Peter Steinberger
5a6d684019 fix(browser): apply profile proxy policy to tab list redaction (#104715)
* fix(browser): apply profile proxy policy to tab list redaction

* test(browser): cover proxy tab redaction route proof

* test(browser): streamline proxy tab redaction coverage

* fix(browser): scope proxy inference to managed profiles

---------

Co-authored-by: llagy007 <0668001470@xydigit.com>
2026-07-11 14:47:02 -07:00
wings1029
5b5a5bcc26 fix(oc-path): report UTF-8 byte counts in set command output (#104496)
* fix(oc-path): report UTF-8 byte counts in set command output

Use Buffer.byteLength(newBytes, 'utf8') instead of string.length
for bytesWritten and dry-run byte reports. JavaScript's string.length
counts UTF-16 code units which undercounts multi-byte characters
when writing UTF-8 files.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(oc-path): cover human UTF-8 dry-run count

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:39:06 -07:00
wangmiao0668000666
3a4aa5fa16 fix(qa-lab): keep telegram QA progress detail truncation UTF-16 safe (#104576)
* fix(qa-lab): keep telegram QA progress detail truncation UTF-16 safe

Replaces .slice(0, TELEGRAM_QA_PROGRESS_DETAIL_LIMIT - 3) with
truncateUtf16Safe() so that emoji straddling the length boundary do not
produce lone surrogates that render as � in Telegram QA progress output.
The existing code-unit limit remains unchanged.

* fix(qa-lab): tighten UTF-16 regression case to actually cross the cut

Use 236 ASCII prefix so the raw .slice(0, 237) keeps only the high
surrogate of the emoji at indices [236, 237]. With 237 ASCII prefix the
old formatter excluded the whole emoji and the test never exercised the
defect.

ClawSweeper P2 fix: the regression test now fails on current main's
raw .slice and passes with truncateUtf16Safe.

* test(qa-lab): tighten UTF-16 truncation controls

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:37:45 -07:00
llagy007
4bf4cacb37 fix(browser): guard act hooks on current tab URL (#104095)
* fix(browser): guard act hooks on current tab URL

* test(browser): align navigation policy hook mock

* test(browser): exercise real hook navigation guard

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:27:34 -07:00
llagy007
85a8f4ba8d fix(browser): run mutation guard before JSON parsing (#104677)
* fix(browser): run mutation guard before JSON parsing

* test(browser): cover auth in mutation guard ordering

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:05:38 -07:00
Peter Steinberger
a21a08c504 feat(openai): recognize GPT-Live realtime models and fail closed with guidance (#104695)
* feat(openai): recognize GPT-Live realtime models and fail closed with guidance

OpenAI's gpt-live-1/gpt-live-1-mini full-duplex voice models are API
early-access only and use a WebRTC-only quicksilver session protocol with
handoff-based agent delegation that OpenClaw's realtime transports do not
implement yet. Configuring a gpt-live-* model now produces actionable
configuration errors on the realtime WebSocket bridge and Talk browser
sessions instead of opaque provider errors or audio-only sessions without
agent access. GA gpt-realtime behavior unchanged; default model stays
gpt-realtime-2.1.

Related: #104683

* test(openai): narrow browser session union before asserting offerUrl
2026-07-11 13:53:45 -07:00
Peter Steinberger
549b1baef3 fix(browser): finalize role snapshot budgets (#104689) 2026-07-11 13:35:21 -07:00
Peter Steinberger
8fe6ac7fb9 refactor: remove pre-2026.4 compatibility shims and legacy migrations (#104650)
* refactor(matrix): retire pre-2026.4 legacy crypto and flat-storage migrations

* refactor(cli): drop pre-tsdown daemon-cli dist compat shim from the build

* refactor(diffs): remove deprecated image*/format tool params and output aliases

* refactor(ui): drop pre-gateway-scoped localStorage readers and legacy theme map

* refactor: remove assorted pre-2026.4 compat shims and deprecated aliases

* fix(discord): map legacy thread-binding fields in the doctor JSON import

* fix(msteams): keep bot read fallback for legacy imported conversation rows

* test(msteams): cover legacy bot-only imported conversation references

* fix(ui): keep channel-prefixed session key display fallback

* chore: refresh native i18n inventory and build-docker step count

* chore(matrix): drop now-unused migration-config module

* chore: re-pin plugin SDK public export budget after compat removals

* chore: refresh native i18n inventory after rebase

* chore: re-pin plugin SDK callable budget and refresh i18n inventory after rebase
2026-07-11 13:22:27 -07:00
zw-xysk
a4c1e22731 fix(slack): preserve unrelated action rows after interactions (#103445)
* fix(slack): use endsWith instead of includes for _all_ action_id matching

* fix(slack): codify bulk action IDs and add confirmation regressions

Extract isSlackBulkActionId() with the documented _all suffix grammar,
use it for bulk-row detection, and add whole-path chat.update tests for
bulk-row cleanup plus deploy_all_services false-positive control.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(slack): use OpenClaw bulk block marker instead of _all suffix

Replace global endsWith("_all") bulk detection with an explicit
openclaw:bulk: block_id prefix and closed action IDs, export a shared
producer helper, and add live Slack chat.update proof for bulk-row
removal and deploy_all_services preservation.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(slack): keep bulk contract private and add legacy upgrade path

Drop speculative bulk-action exports from the Slack plugin API, keep
accepted ID collections private and immutable, and recognize legacy bare
select_all/deselect_all rows while still rejecting deploy_all_services
false positives.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(slack): drop unsupported bare bulk compatibility branch

Remove the legacy select_all/deselect_all classifier that overmatched
single-ID and duplicate-ID rows, and add negative whole-path regressions
preserving unrelated custom action rows.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(slack): remove unsupported bulk-row cleanup heuristic

Delete the undocumented bulk-row inference and namespaced replacement
contract. Confirmation updates now replace only the selected actions row
and preserve every other authored Block Kit row.

* refactor(slack): tighten interaction confirmation fix

* chore(changelog): preserve historical TTS entries

* chore(slack): move release note to PR body

---------

Co-authored-by: zw-xysk <zw-xysk@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 13:16:25 -07:00
Peter Steinberger
e34bff2276 refactor(plugin-sdk): collapse internal config-schema facade usage onto one module (#104665) 2026-07-11 13:00:53 -07:00
Peter Steinberger
8310c565e0 feat(onboarding): add provider sign-in (#104502)
* feat(onboarding): add provider sign-in flows

* fix(oauth): keep callback compatibility

* fix(onboarding): reconcile lost auth outcomes

* fix(onboarding): lock auth cancellation at commit

* fix(onboarding): close provider auth lifecycle gaps

* fix(onboarding): make terminal auth failures dismissable

* fix(onboarding): satisfy native app checks

* fix(onboarding): reconcile absent auth sessions

* fix(onboarding): bound provider auth sessions

* fix(onboarding): open provider auth links safely

* test(onboarding): use scanner-safe auth fixtures

* revert: keep established onboarding auth fixtures

* fix(onboarding): close provider auth cancellation gaps

* fix(gateway): retain uncollected wizard results

* fix(onboarding): bind provider reconciliation attempt

* fix(i18n): avoid guessing moved string identities

* style(onboarding): normalize remote auth choices efficiently

* fix(protocol): refresh optional provider auth choices

* test(gateway): cover provider auth dispatch order

* refactor(macos): split onboarding setup support

* fix(macos): refresh merged native checks
2026-07-11 13:00:17 -07:00
NIO
9b430fd6f6 fix(zalo): bound stalled inbound media header waits (#104578)
* fix(zalo): bound stalled inbound media header waits

* test(zalo): type inbound media mock to runtime contract

* test(zalo): return complete saved media metadata

---------

Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 12:59:58 -07:00
NIO
3db62b9373 fix(clawrouter): guard usage snapshot fetch against SSRF redirects (#104592)
* fix(clawrouter): guard usage snapshot fetch against SSRF redirects

* fix(clawrouter): preserve guarded proxy usage

---------

Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 12:58:38 -07:00
Peter Steinberger
84a52b3534 fix(browser): budget sequential action watchdogs (#104659)
* fix(browser): budget sequential action watchdogs

* chore: leave browser release note to release flow
2026-07-11 12:56:00 -07:00
wangmiao0668000666
c155e4dbd8 fix(crabbox): preserve UTF-16 boundaries in CLI failure detail truncation (#104612)
* fix(crabbox): preserve UTF-16 boundaries in CLI failure detail truncation

commandDetail replaced raw .slice(0, MAX_ERROR_DETAIL_CHARS) with
truncateUtf16Safe on the whitespace-compressed error detail output.
A 511-code-unit prefix with an emoji at the boundary produces a lone
high surrogate (U+D83D) on current main; the shared surrogate-aware
helper backs the cut up to preserve well-formed UTF-16.

* fix(crabbox): add provider-path UTF-16 regression test for inspect boundary

The existing test exercised commandDetail directly; ClawSweeper's P1
requires proof through the real provider boundary.  The new test calls
provider.inspect() with a CLI runner that returns 511 ASCII + emoji in
stderr, proving commandDetail → truncateUtf16Safe works through the
full inspect → commandError → commandDetail chain.

Co-Authored-By: Claude <noreply@anthropic.com>

* refactor(crabbox): keep error proof on provider path

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 12:50:47 -07:00
Peter Steinberger
76b8550afc refactor(channels): migrate internal callers onto the message-access ingress engine (#104647) 2026-07-11 12:33:44 -07:00
qingminlong
47751c117c fix(discord): bound ffmpeg stderr by bytes (#104230) 2026-07-11 12:23:32 -07:00
xingzhou
03558dc008 fix(openrouter): Fusion prompt corrupts boundary emoji in model IDs (#104433)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-11 12:11:36 -07:00
Peter Steinberger
1879980e52 fix(qqbot): share passive reply budget (#104634)
* fix(qqbot): share passive reply budget

* chore(qqbot): leave release notes to release flow
2026-07-11 12:10:24 -07:00
dwc1997
87261fd0b1 fix(browser): keep Chrome stderr hint tail UTF-16 safe (#104603)
* fix(browser): keep Chrome stderr hint tail UTF-16 safe

* test(browser): simplify Chrome stderr failure coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 12:10:22 -07:00
moguangyu5-design
aa12e71de7 fix(outbound): preserve attributed inline formatting (#104118)
* fix(outbound): preserve backticks on <code> tags with attributes

The plain-text sanitizer only matched bare <code> openers, so attributed
variants such as <code class="language-ts"> lost their backtick wrapping
and were stripped to raw text before channel delivery.

Allow optional attributes on the opening <code> tag, consistent with the
existing handling for <h[1-6]> and <li> in the same function.

Fixes #104117

* fix(outbound): preserve attributed inline formatting

Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>

* test(outbound): compact attributed tag coverage

* fix(outbound): normalize attributed formatting tags

* docs(outbound): clarify attribute normalization invariant

* fix(outbound): preserve native formatting semantics

* docs(plugin-sdk): document sanitizer markup styles

* docs(plugin-sdk): refresh docs map

---------

Co-authored-by: moguangyu5-design <moguangyu5-design@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
2026-07-11 12:03:11 -07:00
Peter Steinberger
6bd14d9129 test(channels): extend bundled artifact parity and add plugin-shape contract suite (#104618) 2026-07-11 11:44:34 -07:00
Peter Steinberger
fe3884a7ad fix(telegram): keep streamed final pages on word boundaries (#104608)
* fix(telegram): align draft final pagination

* chore: drop release-owned changelog entry

* style(telegram): format pagination parity test
2026-07-11 11:44:09 -07:00
NIO
473df17bd7 fix(feishu): add 30 s request timeout to streaming-card API calls (#102948)
* fix(feishu): bound streaming-card API requests with a 30s timeout

* fix(feishu): honor configured streaming timeout

Signed-off-by: sallyom <somalley@redhat.com>

* test(feishu): declare streaming mock credentials

Signed-off-by: sallyom <somalley@redhat.com>

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: sallyom <somalley@redhat.com>
2026-07-11 14:35:42 -04:00
Peter Steinberger
1a8d9d5f15 fix(browser): allow host-local profile administration (#104616) 2026-07-11 11:28:58 -07:00
Sally O'Malley
cdb58cafb5 fix(migrations): converge recoverable legacy state (#104529)
Signed-off-by: sallyom <somalley@redhat.com>
2026-07-11 11:19:12 -07:00
Peter Steinberger
c648ed0299 test(release): harden prerelease timing contracts (#104606)
* test(release): harden prerelease timing contracts

* test(whatsapp): satisfy task barrier lint
2026-07-11 11:11:31 -07:00
Peter Steinberger
ea2b558e5e fix(browser): prevent stale profile resurrection (#104601)
* fix(browser): serialize profile lifecycle

* refactor(browser): tighten lifecycle cleanup

* chore(browser): keep release note in PR

* test(browser): keep temp fixtures inside plugin

* test(browser): use preferred temp root
2026-07-11 11:06:07 -07:00
Peter Steinberger
d4adddbe9c refactor(retry): add full-jitter mode and adopt it for mattermost client retries (#104594) 2026-07-11 10:56:54 -07:00
Peter Steinberger
8bebdd0d03 test(matrix): delivery trace goldens for generation-scoped edit streaming (#104596) 2026-07-11 10:55:27 -07:00
Peter Steinberger
e9b7a9a912 fix(memory): search by filenames and paths (#104449)
Co-authored-by: Pick-cat <huang.ting3@xydigit.com>
2026-07-11 10:54:34 -07:00
Peter Steinberger
554f253cb0 test(qqbot): delivery trace goldens for replace-mode streaming and reply budget (#104582) 2026-07-11 10:54:15 -07:00
qingminlong
9000c9bfe3 fix(file-transfer): audit dir fetch archive size (#104536)
* fix(file-transfer): audit dir fetch archive size

* test(file-transfer): guard dir fetch audit archive test on Windows

* test(file-transfer): format dir fetch audit guard

* fix(file-transfer): verify directory archive audit metadata

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 10:50:51 -07:00
NIO
18e8713b99 fix(google): stream Gemini batch JSONL output instead of res.text() (#102974)
* fix(google): stream Gemini batch JSONL output instead of res.text()

* fix(google): avoid Promise executor return in batch stream test

---------

Co-authored-by: NIO <nocodet@mail.com>
2026-07-11 13:48:13 -04:00
Peter Steinberger
de8cfd2bf2 test(slack): delivery trace goldens for buffered native streaming and block finals (#104583) 2026-07-11 10:32:54 -07:00
Peter Steinberger
444d7dfb1a test(telegram): delivery trace goldens for the edit-preview lifecycle (#104581) 2026-07-11 10:31:46 -07:00
Peter Steinberger
96f0983a85 fix(onboarding): skip setup for configured gateways and require inference first (#102883)
* fix(crestodian): keep onboarding RPCs restart-safe

* fix(profiles): isolate approval state migrations

* fix(crestodian): bypass configured gateway setup

* test(crestodian): type onboarding mocks

* fix(onboarding): require inference before Crestodian

* fix(onboarding): enforce verified inference handoff

* fix(macos): reset setup on gateway endpoint edits

* chore(i18n): refresh native source inventory

* fix(gateway): keep socket on request cancellation

* test(packaging): require workspace templates

* fix(onboarding): bind setup to verified inference

* fix(onboarding): align inference gate contracts

* fix(crestodian): classify concurrent policy rejection

* test(crestodian): expect registry restoration

* fix(onboarding): bind setup to configured gateways

* fix(codex): preserve startup phase deadlines

* test(crestodian): match fail-closed policy ordering

* test(onboarding): assert bound gateway handoff

* fix(codex): bind runtime resolution to spawn cwd

* test(crestodian): assert policy rejection order

* fix(cli): preserve gateway routing across restarts

* fix(macos): fail closed during gateway edits

* test(macos): cover gateway route generation races

* chore: keep release notes out of onboarding PR

* fix(ci): refresh onboarding generated checks

* style(swift): align gateway channel formatting

* fix(ci): refresh plugin SDK surface budgets

* fix(ci): resync native string inventory

* refactor(swift): split gateway channel support

* test(doctor): isolate plugin compatibility registry

* test(macos): isolate gateway onboarding fixtures

* test(macos): assert gateway lease health ordering

* fix(codex): reconcile computer-use startup changes
2026-07-11 10:25:14 -07:00
Peter Steinberger
702ba19e3a test(msteams): delivery trace goldens for native append streaming (#104573) 2026-07-11 10:18:49 -07:00
qingminlong
fdf5812817 fix(file-transfer): reject oversized inline file writes before node dispatch (#104556)
* fix(file-transfer): cap inline file write payloads

* fix(file-transfer): validate inline base64 before decoding

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 10:16:22 -07:00
qingminlong
f348b291bc fix(workboard): scope default positions by board (#104410) 2026-07-11 10:16:18 -07:00
NIO
a498fc511e fix(file-transfer): keep bounded stderr tail UTF-16 safe end-to-end (#104151)
Co-authored-by: NIO <nocodet@mail.com>
2026-07-11 13:06:17 -04:00
NIO
ab9a1c9a84 fix(voice-call): use sliceUtf16Safe for bounded child output tail cap (#104260)
Co-authored-by: NIO <nocodet@mail.com>
2026-07-11 13:05:16 -04:00
qingminlong
834c146958 fix(browser): reject hex click coordinates in act route (#104440)
* fix(browser): reject hex click coordinates in act route

* refactor(browser): use route parser for click coordinates

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 09:56:09 -07:00
Peter Steinberger
7ef22875ad fix(slack): preserve canonical block receipts (#104563) 2026-07-11 09:51:02 -07:00
Peter Steinberger
57af2bbff0 fix: clear remaining release validation blockers (#104555)
* test: align provider tool call lifecycles

* test: isolate plugin install repair migrations

* fix: accept catalog temperature compatibility

* fix: disable GPT-5.6 tool reasoning on completions

* style: avoid shadowed stream model
2026-07-11 09:32:16 -07:00
Peter Steinberger
5ca46a6554 feat(cloud-workers): pinned SSH tunnel runtime and provider-owned key resolution (#104553)
* feat(cloud-workers): add pinned SSH tunnel runtime

* feat(crabbox): resolve cloud worker SSH identities

* docs(cloud-workers): document SSH tunnel contracts
2026-07-11 09:26:08 -07:00
Peter Steinberger
934a974c29 feat(slack): support native data visualizations (#104539) 2026-07-11 09:18:39 -07:00
Kevin Lin
b769964e82 feat(codex): support workspace-directory plugins (#104188)
* feat(codex): support workspace directory plugins

* fix(codex): contain workspace catalog failures

* chore(config): refresh documentation baseline
2026-07-11 09:04:55 -07:00
Peter Steinberger
4271b82fd1 test: align plugin prerelease expectations (#104542)
* test: align plugin prerelease expectations

* style: format browser doctor test
2026-07-11 09:00:56 -07:00
Peter Steinberger
c3b426f280 feat: add Claude session fleet (#104528)
* feat: add Claude session fleet

* chore: leave release notes to release automation

* chore: refresh generated catalogs

* fix: satisfy session catalog lint gates
2026-07-11 08:22:59 -07:00