Commit Graph

66940 Commits

Author SHA1 Message Date
Peter Steinberger
05aecc1d6f feat: show Codex transcripts in the sidebar (#104437)
* feat: show Codex transcripts in sidebar

* fix: clear Codex sidebar on Gateway switch

* chore: leave release notes to release workflow

* chore: refresh native i18n inventory

* fix: satisfy macOS Codex node lint

* fix: refresh native localization inventory

* docs: refresh documentation map

* chore: refresh UI locale metadata
2026-07-11 05:39:29 -07:00
haruai
597de699d0 fix: route node policy plugin approvals (#98561)
* fix: route node policy plugin approvals

* refactor(gateway): simplify node approval routing

* fix(gateway): preserve node approval routes

* chore(protocol): refresh node invoke model

---------

Co-authored-by: haruaiclone-droid <281899875+haruaiclone-droid@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 05:37:45 -07:00
Vincent Koc
4977dc7897 improve(ci): let Kova own diagnostic build profiles (#104459)
* perf(ci): delegate Kova build profile selection

* fix(ci): repin Kova diagnostic contract
2026-07-11 20:35:06 +08:00
pick-cat
0ca6880f3d fix(tools): reject malformed availability expressions (#92411)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 05:32:22 -07:00
qingminlong
3ed8143495 fix(gateway): cap history when numeric limit is huge (#104263)
* fix(gateway): cap oversized history limits

* refactor(gateway): simplify oversized history limits

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 05:24:54 -07:00
Peter Steinberger
a4ee15a851 fix(release): validate Telegram launcher syntax (#104455) 2026-07-11 05:13:44 -07:00
qingminlong
08da0d3861 fix(code-mode): report UTF-8 API file byte counts (#104244)
* fix(code-mode): report UTF-8 API file byte counts

* fix(code-mode): report UTF-8 API file byte counts

* chore(changelog): keep release notes release-owned

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 05:10:46 -07:00
Peter Steinberger
b2a6408964 build(android): eliminate Gradle and manifest warnings (#104451) 2026-07-11 05:08:45 -07:00
Peter Steinberger
1285fd6db4 fix(whatsapp): keep pre-connect recovery replayable (#104450) 2026-07-11 05:03:59 -07:00
Ayaan Zaidi
f02673882c fix(agents): keep CLI terminal-reason classification non-throwing
Run errors can expose hostile getters; classification must not replace the
original failure or suppress its terminal event. Matches the containment
contract of isProviderTimeoutError in the same module.
2026-07-11 17:32:13 +05:30
Ayaan Zaidi
d3a8eb8a1c refactor(agents): converge CLI tool terminal reason onto run-termination
One shared resolveCliToolTerminalReason owns the timed_out/cancelled/failed
decision for one-shot and live CLI runners; abort-signal lifecycle fields are
authoritative, error shape is the fallback. Deletes both local derivations.
Fixes live-path drift where a timeout abort delivered as a generic AbortError
was reported as cancelled instead of timed_out.

Part of #104219 (seam 3).
2026-07-11 17:32:13 +05:30
Peter Steinberger
5325c4a786 feat(ui): redesign queued-message list as compact composer-width rows (#104445) 2026-07-11 04:59:14 -07:00
xingzhou
745cfc028e fix(codex): bound shared app-server startup waits (#89442)
* fix(codex): isolated cron reports Codex startup stalls

* fix(codex): isolated cron reports Codex startup stalls

* fix(codex): bound shared app-server startup waits

Co-authored-by: 张贵萍0668001030 <zhang.guiping@xydigit.com>

* test(codex): satisfy startup lifecycle checks

* test(codex): align deferred auth test type

* test(codex): type auth mock as async void

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 04:58:55 -07:00
Vincent Koc
2d1a8bd6df perf(ci): build focused Kova runtime package 2026-07-11 19:57:54 +08:00
Vincent Koc
451d6314fc refactor(build): expose prepack finalization 2026-07-11 19:57:54 +08:00
Peter Steinberger
9523a52871 fix(ui): stop sidebar session sections from painting over each other in short windows (#104447) 2026-07-11 04:57:15 -07:00
Peter Steinberger
6c415c44c9 refactor(ui): style the new-session draft as the chat composer shell (#104448)
* refactor(ui): style new-session draft as the chat composer shell

* fix(ui): guard new-session Enter send against IME keyCode 229
2026-07-11 04:55:53 -07:00
Peter Steinberger
90e465833b feat(gateway): durable cloud worker environments, provider SDK contract, and lifecycle RPCs (#104401)
* docs(plan): add cloud workers design plan

* feat(plugin-sdk): add cloud worker provider foundations

* feat(protocol): add worker environment lifecycle shapes

* feat(gateway): persist worker environment lifecycles

* test(gateway): pin environment inventory assertion for damaged worker store

* style(cloud-workers): satisfy lint and docs formatting

* fix(gateway): narrow worker environment type boundaries

* chore(plugin-sdk): account for WorkerProvider surface growth

* docs: regenerate docs map
2026-07-11 04:54:27 -07:00
llagy007
6036413766 fix(plugins): honor empty document extractor scope (#103731)
* fix(plugins): honor empty document extractor scope

* fix(plugins): honor empty document extractor scope

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-11 19:52:19 +08:00
xingzhou
af80736057 fix(qa-lab): keep bounded web snapshots UTF-16 safe (#104249)
* fix(qa-lab): keep bounded web snapshots UTF-16 safe

* fix(qa-lab): keep diagnostic truncation UTF-16 safe

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 04:49:00 -07:00
NianJiu
d85e8a5f23 fix(android): restore sticky node service (#104226)
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
2026-07-11 04:45:43 -07:00
NianJiu
26dc42aa37 fix(android): cancel expired node invokes (#104225)
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
2026-07-11 04:43:00 -07:00
Peter Steinberger
651aab87f3 fix(release): wait for Telegram proc visibility (#104439) 2026-07-11 04:40:27 -07:00
Peter Steinberger
d5fe0c5e73 feat(ui): multi-select sessions in the sidebar with batch menu actions (#104416)
* feat(ui): multi-select sessions in the sidebar with batch menu actions

* chore(i18n): sync locale bundles for sidebar multi-select strings

* docs(control-ui): document sidebar session multi-select and batch menu
2026-07-11 04:38:05 -07:00
Peter Steinberger
1d84acf2c3 test(macos): remove Swift warning and timing flake (#104434) 2026-07-11 04:30:35 -07:00
Peter Steinberger
2d319961d5 fix(browser): block interaction-triggered navigation SSRF (#104254)
* fix(browser): guard interaction navigation requests

* fix(browser): preserve pages on blocked navigation

* fix(browser): enforce interaction navigation policy

* test(browser): type navigation guard fixtures

* fix(browser): execute guarded wait predicates

* style(browser): satisfy interaction lint

* fix(browser): guard hover drag and scroll navigation

* fix(browser): type policy check outcomes

* test(browser): type navigation guard mocks

* fix(browser): preserve proxy policy for guarded interactions

* fix(browser): carry navigation policy through actions

* fix(browser): retain policy for existing-session guards

* fix(browser): guard existing-session waits

* test(browser): avoid shadowed guard pages

* fix(browser): expose scroll action to agents

* fix(browser): disable speculative managed preconnects

* docs(browser): bound managed preconnect hardening

* fix(browser): keep wait behavior outside interaction guards

* chore(browser): leave release notes to release automation

* fix(browser): guard all interaction navigations
2026-07-11 04:30:33 -07:00
Peter Steinberger
3902adf9f6 refactor(channels): adopt core retryAsync for hand-rolled retry loops (#104431) 2026-07-11 04:30:21 -07:00
Peter Steinberger
5a26748c3e fix(commitments): isolate extraction batches by agent (#104426)
* fix(commitments): isolate extraction batches by agent

* chore: leave release notes to release workflow
2026-07-11 04:23:30 -07:00
llagy007
cba9ffb177 fix(memory): skip blank search provider bootstrap (#103728)
* fix(memory): skip blank search provider bootstrap

* refactor(memory): simplify blank search preflight

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-11 04:19:40 -07:00
Peter Steinberger
c49e5c480d fix(agents): keep exec finalization suspension-safe (#104419) 2026-07-11 04:16:21 -07:00
Vincent Koc
cce2d39d0c fix(ci): preserve performance target compatibility 2026-07-11 19:13:52 +08:00
Vincent Koc
163227a0af perf(ci): use source performance build profile 2026-07-11 19:13:52 +08:00
Vincent Koc
6013e78f5a perf(build): add source performance profile 2026-07-11 19:13:52 +08:00
Peter Steinberger
234e8f4fae test(discord): exercise multipart proxy fetch path (#104421) 2026-07-11 04:13:00 -07:00
Peter Steinberger
93fcfa40ee fix(release): wait for Telegram proc marker (#104418) 2026-07-11 04:12:44 -07:00
llagy007
f8aa995856 fix(google-meet): validate chrome node policy params (#103752) 2026-07-11 04:00:28 -07:00
Peter Steinberger
8756cc4a3b fix(googlechat): keep off-mode replies out of threads (#104402)
* fix(googlechat): align reply and typing targets

Co-authored-by: Jai Govindani <jai.g@ewa-services.com>

Co-authored-by: Neerav Makwana <261249544+neeravmakwana@users.noreply.github.com>

Co-authored-by: banddude <127166397+banddude@users.noreply.github.com>

Co-authored-by: Novan Adrian <novan.adrian@qasir.id>

* chore(googlechat): leave changelog to release automation

* style(googlechat): apply canonical formatting

* chore(googlechat): leave changelog to release automation

* style(googlechat): keep monitor imports canonical

* style(googlechat): keep monitor imports canonical

---------

Co-authored-by: Novan Adrian <novan.adrian@qasir.id>
2026-07-11 03:57:16 -07:00
qingminlong
b322a8e311 fix(gateway): stop watch result after invalid body (#104293) 2026-07-11 03:57:07 -07:00
Peter Steinberger
fe608a8dcb fix(ui): give sidebar build chip breathing room from the status dot (#104411) 2026-07-11 03:56:15 -07:00
Peter Steinberger
b4a9a4c3d4 fix(mac): silence lock result warning (#104408) 2026-07-11 03:53:28 -07:00
Peter Steinberger
cfd2dc2346 fix(telegram): mark durable webhook acceptance (#104407) 2026-07-11 03:51:39 -07:00
Peter Steinberger
7ec0d4abb8 chore: update Peekaboo to 3.9.0 (#104398)
* build(macos): update Peekaboo to 3.9.0

* chore: keep release notes in PR body

* fix(macos): trust current Peekaboo release signers
2026-07-11 03:44:13 -07:00
Peter Steinberger
591bb49d67 fix(release): tolerate exited Telegram proc probe (#104400) 2026-07-11 03:40:56 -07:00
Peter Steinberger
de282b4d0d refactor(matrix): adopt core claimable dedupe with doctor-owned state migration (#104391)
* refactor(matrix): adopt core claimable dedupe for inbound events

* fix(matrix): migrate legacy inbound dedupe markers via doctor

* fix(matrix): single-pool dedupe namespace and capacity-aware legacy import

* fix(matrix): keep unreadable legacy dedupe JSON in place during doctor import
2026-07-11 03:38:54 -07:00
Peter Steinberger
4fc147105b fix(ui): delay scrolling truncated session titles (#104392)
* fix(ui): delay session title hover scroll

* chore: keep release notes out of PR
2026-07-11 03:36:49 -07:00
Peter Steinberger
e683a974ba fix(gateway): track cron settlement recovery during suspend (#104397)
* fix(gateway): track cron settlement recovery during suspend

* test(gateway): cover rotated cron recovery admission
2026-07-11 03:35:13 -07:00
Peter Steinberger
0af8467137 feat(workspaces): add agent-composable Workspaces (#104139)
* feat(dashboard): modular dashboard — workspace store, Workspaces tab, sandboxed custom widgets

Squashes openclaw/openclaw#101094 + #101097 + #101098 onto current main and
applies the maintainer review fixes to the backend control plane.

Co-authored-by: 100yenadmin <239388517+100yenadmin@users.noreply.github.com>

* fix(dashboard): UI review fixes — grid, error boundary, embed sandbox, locale

* fix(dashboard): make the CLI and agent broadcasts actually reachable

Three defects only a live run surfaces, all invisible to the unit suites:

- The plugin claimed the CLI command name `dashboard`, which core already owns
  (it opens the Control UI). A plugin CLI group that overlaps a core command is
  dropped at registration behind a `logger.debug`, so the entire CLI face was
  unreachable while `cli.test.ts` kept passing against its own Commander
  program. Renamed to `openclaw workspaces`, matching the tab it drives.

- The manifest never declared `activation.onCommands`, so the CLI root resolved
  to no owning plugin even once the name was free.

- `dashboard.widget.approve` needs `operator.approvals`; the CLI asked for
  `operator.write` on every call. It now requests the approvals scope only for
  the approve call, matching `operator-approvals-client.ts`.

Also: agent tools resolved their broadcast from the plugin runtime's
gateway-request scope, an AsyncLocalStorage set only around gateway RPCs and
plugin HTTP routes. An agent turn started from a channel, cron, or heartbeat
therefore wrote the document without emitting `plugin.dashboard.changed`, so an
open Control UI never saw the edit — the feature's headline promise. The gateway
broadcast is server-lifetime, so the plugin now remembers it in a single slot and
agent tools fall back to it.

* docs(web): document dashboard workspaces, provenance, and the custom-widget sandbox

* fix(dashboard): agent-tool ergonomics + close two approval-boundary gaps

From a source-blind agent driving the dashboard_* tools with nothing but their
schemas, and from a Codex review of the hardening delta.

- dashboard_widget_update could never succeed. It passed its whole parameter
  record to the patch reader, whose allowlist rejects the very `tab`/`id` keys
  the tool's own schema marks required, so every call died on
  "unexpected param: tab". Its test only ran Value.Check against the schema and
  never executed the tool.
- dashboard_data_read surfaced an `rpc` binding as a thrown error, though its
  description promised `binding_client_resolved`. It now returns that as a
  result the model can act on.
- Valid widget kinds and the rpc allowlist were undiscoverable: a model saw only
  "builtin:<name> or custom:<name>" and "Allowlisted gateway read method", then
  brute-forced ~40 calls against errors that named no alternatives. Both schemas
  and both validator errors now enumerate them, and the kind description says
  what each builtin renders and which binding id it reads. widget_move documents
  that grid and toTab are exclusive; widget_scaffold says an operator must
  approve, because no agent tool can.
- workspace.replace could mint a pending registry entry for a name that was
  never scaffolded. An operator could then approve a widget whose code did not
  exist yet, and the agent could write it afterwards. Registry entries now come
  from dashboard_widget_scaffold and nowhere else, and approve refuses a name
  with no manifest on disk.
- dashboard.widget.approve answered with the whole workspace document, so a
  connection holding only operator.approvals could read it through the approvals
  door. It now returns the registry entry it changed.

* fix(dashboard): approval pins the code it approves

Codex review found the scaffold-before-approval gate still nameable rather than
binding: approve only proved that widget.json parsed, and the Control UI loaded a
hardcoded index.html rather than the manifest's entrypoint. An agent could
scaffold a widget, win approval on an innocuous or absent entrypoint, then write
the real payload afterwards — code appearing after the human said yes.

Approval now hashes every servable file in the widget directory and stores the
digests on the registry entry, refusing a manifest whose declared entrypoint is
missing. The asset route re-hashes each file it reads and 404s anything that does
not match, so a file edited or added after approval never reaches a browser. The
Control UI loads the manifest's entrypoint, which is the file that was hashed.

The content-type allowlist moves to manifest.ts so the set of files approval
hashes and the set the route can serve cannot drift apart.

Proof, against a running gateway: scaffold -> 404, approve -> 200, rewrite
index.html -> 404, add late.js -> 404.

* fix(dashboard): parse the approved manifest from the bytes that were hashed

Codex found a TOCTOU in the approval path: it loaded and validated widget.json,
then walked the directory again to compute the digests. An agent could swap
widget.json between the two reads, so the operator validated one entrypoint while
the digest froze — and the Control UI later mounted — a different one.

snapshotApprovedWidget now reads the widget directory once: it hashes every
servable file, parses the manifest out of the same widget.json bytes it hashed,
and requires the declared entrypoint to be among them.

Proof, against a running gateway: approve -> index.html 200; rewrite widget.json
to point at evil.html and drop evil.html in -> both 404.

* fix(dashboard): cap approval asset reads; bound the grid fallback search

Two findings from the fourth Codex pass.

Approval hashes agent-authored files that are untrusted until it runs, and read
each one into memory with no size check — dropping one huge .png into a scaffold
directory would stall or OOM the gateway during approve. Sizes are now checked
before the read, with a 2 MB per-file and 8 MB total cap.

nearestFreeSlot searched one band below the lowest occupied row, so a crowded
layout near the bottom could return y=500 as the closest free slot: a placement
the store rejects, which the UI applies optimistically and then snaps back. The
search now stops at the last row a widget of that height can legally occupy.

* fix(dashboard): refuse oversized widget assets before reading them

Approved widget files stay writable and the asset route is unauthenticated, so
swapping an approved small file for a very large one made every GET buffer the
whole file before the digest check rejected it. The route now refuses anything
past the same per-file cap approval enforces, on the stat it already performs.

* fix(dashboard): enforce widget approval boundaries

* docs(changelog): note modular dashboard workspaces

* fix(dashboard): enforce static custom-widget data boundary

* fix(dashboard): satisfy UI lint

* test(dashboard): avoid legacy proto access

* feat(dashboard): make plugin opt-in

* docs(dashboard): refresh workspaces map

* refactor(workspaces): standardize plugin naming

* fix(workspaces): make widget prompt sends idempotent

* docs(workspaces): fix internal path references

* test(workspaces): make prompt assertion lint-safe

* test(workspaces): type prompt request mock

* fix(workspaces): harden approval and binding boundaries

* test(workspaces): complete stale binding client mock

* fix(workspaces): harden widget file boundaries

* fix(workspaces): scope custom widget capabilities

* fix(workspaces): align approval provenance

* fix(workspaces): close branch contract gaps

* test(workspaces): complete builtin context fixtures

* fix(workspaces): aggregate overview usage

* chore(workspaces): defer release note

* chore(workspaces): refresh i18n metadata

---------

Co-authored-by: 100yenadmin <239388517+100yenadmin@users.noreply.github.com>
2026-07-11 03:30:23 -07:00
Peter Steinberger
a8e2da7d5e refactor(feishu): adopt core claimable dedupe for inbound events (#104384) 2026-07-11 03:27:14 -07:00
Vincent Koc
8917dac5de style(ci): format performance workflow test 2026-07-11 18:23:30 +08:00
Vincent Koc
37649e947f perf(ci): fetch only source performance baseline 2026-07-11 18:23:30 +08:00