Commit Graph

66940 Commits

Author SHA1 Message Date
Ayaan Zaidi
fab69517b3 fix(auto-reply): key command-turn reply operations to the source session 2026-07-11 09:26:25 +05:30
qingminlong
cd7a21787f fix(computer): reject malformed numeric input before node actions (#103642) 2026-07-10 20:50:26 -07:00
Vincent Koc
ad9d142245 style(test): format release workflow guard 2026-07-11 11:45:23 +08:00
Vincent Koc
b0258a5d8b fix(release): isolate frozen Telegram QA temp roots 2026-07-11 11:45:23 +08:00
Vincent Koc
543b0e7794 fix(ci): support frozen Swift lint targets 2026-07-11 11:45:23 +08:00
Haaai
667a5d9a63 fix(agents): guide node discovery before describe (#51926)
* fix(agents): guide node discovery before describe

Co-authored-by: Liuhaai <haixiang@iotex.io>

* test(agents): refresh node tool prompt snapshots

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 20:45:20 -07:00
Deepak Jain
612e1b94b7 fix(exec): clarify node approval recovery (#91280)
* fix(exec): clarify node approval recovery

Co-authored-by: Deepak Jain <deepujain@gmail.com>

* chore(pr): keep release notes in PR context

* fix(exec): describe dashboard URL handoff

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 20:40:53 -07:00
Sasan
dc097be00d fix(doctor): follow symlinked launcher when locating sandbox setup scripts (#90942)
* fix(doctor): follow symlinked launcher when locating sandbox setup scripts

* refactor(doctor): reuse shared package-root resolver for sandbox scripts

resolveSandboxScript hand-rolled its own cwd/argv1/realpath candidate
scan, duplicating openclaw-root discovery. Reuse resolveOpenClawPackageRootSync,
which already follows the symlinked launcher via realpath and handles
node_modules/.bin and version-manager links, then look for scripts/ under
the resolved package root. Resolves the duplicate-discovery review finding.

* fix(doctor): keep searching cwd for sandbox scripts when first package root lacks them

resolveSandboxScript stopped at the first openclaw package root the shared
resolver returned. argv1 candidates resolve before cwd, so an installed/published
root (package.json present, scripts/ dropped by the npm files allowlist) shadowed
a valid source-checkout cwd and made doctor --fix return null.

- add resolveOpenClawPackageRootsSync: all distinct roots in candidate order
- resolveSandboxScript returns the first root that actually contains the script
- resolveOpenClawPackageRootSync now delegates to the plural (behavior unchanged)
- test: source-checkout cwd shadowed by an installed argv1 root without scripts/
2026-07-11 11:36:02 +08:00
Ben Badejo
8a29e8c934 fix(docs): expose top-level docs hubs on mobile (#100908)
* fix(docs): expose docs hubs on mobile

* docs: refresh docs map

* docs: remove committed proof screenshots

---------

Co-authored-by: Benjamin Badejo <ben@benbadejo.com>
2026-07-10 20:30:35 -07:00
Josh Avant
fbd330b7aa fix(channels): honor configured read target policies (#99905)
* fix(channels): enforce configured read targets

* test(channels): align policy checks with boundaries

* fix: bind channel reads to trusted turn context

* test: satisfy gateway lint

* fix: narrow message action channel imports

* fix(feishu): authorize message reads before provider access

* fix(slack): await reaction clear authorization

* fix(channels): align provider action contracts

* fix(matrix): read direct-room account data before sync

* fix(channels): reject unsupported attachment actions early

* fix: restore trusted operator conversation reads

* fix(matrix): authorize pin actions before provider reads

* fix: preserve trusted channel read workflows

* fix(discord): resolve current channel ids consistently

* fix(agents): preserve message action turn capability

* fix(plugins): enforce host-owned read provenance

* fix(channels): harden Teams and Discord read policy

* fix(channels): preserve exact-current action compatibility

* fix(imessage): authorize trusted current chat aliases

* fix(channels): preserve normalized current aliases

* fix(channels): preserve external current target aliases

* fix: reconcile channel policy with current main

* fix(discord): isolate DM read policy

* fix(channels): enforce provider read gates

* fix(gateway): await serialized message action identity tokens

* fix(ci): refresh channel protocol contracts
2026-07-10 22:29:37 -05:00
Vincent Koc
ffc8051cac test(release): align trusted SHA workflow guard 2026-07-11 11:09:58 +08:00
Vincent Koc
553f543bdf fix(release): support frozen validation targets 2026-07-11 11:09:58 +08:00
Peter Steinberger
feae1faf06 fix(release): expose Telegram launcher failures safely (#104099)
* fix(release): expose Telegram launcher failures safely

* test(release): prove namespace launcher diagnostics
2026-07-10 20:03:36 -07:00
Peter Steinberger
4a00b96bbb docs(changelog): credit final landed fixes 2026-07-10 23:02:55 -04:00
lin-hongkuan
f4732576bd fix(ios): preserve prefixed share text (#103453)
* fix(ios): preserve prefixed share text

* fix(ios): harden shared text normalization

---------

Co-authored-by: lin-hongkuan <lin-hongkuan@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 20:01:06 -07:00
Peter Steinberger
dba64d574f chore(release): set version to 2026.7.2 2026-07-11 04:00:49 +01:00
Peter Steinberger
e0862e609a feat(ui): hide chat avatars in direct sessions (#104092)
* feat(ui): hide chat avatars in direct sessions

* fix(ui): classify direct threads from full history, not the render window

* fix(ui): classify direct threads by canonical session kind

* fix(ui): match session metadata across equivalent alias keys in the chat thread

* fix(ui): classify unmatched chat sessions by canonical key shape

* fix(ui): keep avatars in global sessions that can aggregate group senders

* docs(ui): note global-alias limitation on chat avatar classification
2026-07-10 20:00:44 -07:00
Peter Steinberger
05ebaf41f6 fix(tool-call-repair): bound serialized stream normalization (#104100)
* fix(tool-call-repair): bound serialized stream normalization

Co-authored-by: wuqingxuan <wu.qingxuan@xydigit.com>
Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
Co-authored-by: qingminlong <qing.minlong@xydigit.com>
Co-authored-by: WangYan <wang.yan29@xydigit.com>

* fix(tool-call-repair): preserve strict scan narrowing

* fix(tool-call-repair): lint serialized name validation

* fix(tool-call-repair): replay split suffix whitespace

* fix(tool-call-repair): cap complete-call whitespace

* test(tool-call-repair): assert bounded whitespace replay

---------

Co-authored-by: wuqingxuan <wu.qingxuan@xydigit.com>
Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
Co-authored-by: qingminlong <qing.minlong@xydigit.com>
Co-authored-by: WangYan <wang.yan29@xydigit.com>
2026-07-10 20:00:11 -07:00
Peter Steinberger
04865fe44b feat(ui): gateway browser panel with annotate-to-prompt and element inspect in the web Control UI (#104012)
* feat(ui): add gateway browser panel with annotate and inspect modes

* chore(i18n): translate browser panel strings

* fix(ui): address browser panel review findings (stable tab handles, stale view guard, inspect click suppression)

* fix(ui): make the browser panel reload button reload the remote page

* fix(ui): tile the browser dock against the terminal dock and re-probe evaluate per connection

* fix(ui): label page-reported prompt text as untrusted and accept host:port URL entries

* fix(ui): sanitize inspected selector fragments in the annotation prompt

* fix(i18n): retranslate annotation prompt keys so the page-reported provenance label survives localization

* docs: regenerate docs map for the browser panel section

* chore(i18n): reconcile locale bundles with latest main after rebase

* style(ui): format chat-pane imports after rebase

* chore(i18n): refresh locale metadata after rebase
2026-07-10 19:54:47 -07:00
Peter Steinberger
2cc8bb40fd fix(plugins): quiet trusted discovery warning (#104097) 2026-07-10 19:53:03 -07:00
Peter Steinberger
bb26753705 fix(telegram): satisfy lint in transport-close proof test
restrict-plus-operands (Buffer + string) and no-promise-executor-return
tripped the lint shards on every PR since #101783 landed; scoped fixes
only, no behavior change.
2026-07-10 19:44:03 -07:00
ly-wang19
780f8d6f62 fix(telegram): clean up split reasoning previews (#97828)
Co-authored-by: ly-wang19 <ly-wang19@users.noreply.github.com>
2026-07-10 19:43:14 -07:00
NianJiu
df36c821a4 fix(android): require explicit retry after interrupted sends (#103273)
* fix(android): require retry after interrupted outbox sends

* fix(android): fail ambiguous outbox sends closed

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>

* fix(android): preserve run-id-only acknowledgements

* style(android): format outbox assertion

* fix(android): fail outbox recovery closed

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>

* test(android): prove dropped ack is not replayed

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>

* fix(android): accept terminal outbox acknowledgements

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>

* fix(android): persist rejected outbox retries

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>

* fix(android): require manual retry after transmitted failures

* fix(android): migrate ambiguous outbox rows safely

* test(android): import outbox cancellation type

* fix(android): limit destructive chat cache migration

* fix(android): guard outbox retry transitions

* fix(android): reject malformed chat acknowledgements

* test(android): type migration bind arguments

* test(android): separate migration and replay proof

* fix(android): accept admitted outbox acknowledgements

* fix(android): preserve gateway health after acknowledged outbox failures

* fix(android): stop outbox flush on persistence failure

* fix(android): stop outbox flush when claims fail

* fix(android): enforce durable outbox barriers

* fix(android): coalesce outbox flush requests

* style(android): format outbox assertions

---------

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 19:41:40 -07:00
sunlit-deng
4d55b116c6 fix(feishu): keep native-card payloads in topic threads (#102804) 2026-07-10 19:33:18 -07:00
Peter Steinberger
add44b19f1 improve(ui): replace background tasks rail chips with a quiet status line (#104074) 2026-07-10 19:33:06 -07:00
Peter Steinberger
0074005682 feat(ui): add Model Providers settings page with auth, quota, and cost per provider (#104061) 2026-07-10 19:31:41 -07:00
Peter Steinberger
4b7a5a4e8b fix(installer): default to Node 22.22.2 (#104073) 2026-07-10 19:28:49 -07:00
WhatsSkiLL
5c38f62b27 [AI-assisted] Make Android chat thinking selection explicit (#103893) 2026-07-10 22:27:56 -04:00
xingzhou
85fa8af4bb fix(telegram): close evicted client-options cache transports after in-flight sends (#101783)
Long-running Telegram senders leaked HTTP transports: the client-options cache in extensions/telegram/src/send.ts created an owned undici dispatcher per account/network entry but evicted entries without closing it. Cache entries now own their transport; eviction retires the entry and closes the transport once the operation-level lease releases, so cache pressure never aborts an in-flight, retrying, or still-preparing send. Includes a real-socket e2e regression against a local Bot API server.

Co-authored-by: zhangguiping-xydt <zhangguiping-xydt@users.noreply.github.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-07-11 07:57:44 +05:30
soldforaloss
200e1df007 fix(exa): cache disabled content options separately (#103653)
* fix(exa): partition cache by disabled content options

* fix(exa): align cache keys with effective contents

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-11 10:25:22 +08:00
mushuiyu886
f5eacacea5 fix(memory-wiki): stop duplicate bridge imports under polling (#91828)
* fix(memory-wiki): coalesce concurrent source syncs

Co-authored-by: mushuiyu_xydt <yang.haoyu@xydigit.com>

* test(memory-wiki): track alias fixture cleanup

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 19:20:15 -07:00
Peter Steinberger
7febbad017 fix(release): dispatch Telegram QA with environment access (#104066) 2026-07-10 19:19:04 -07:00
haruai
c2301d8e53 fix(gateway): preserve local access for specific binds (#98479)
* fix: prefer loopback for local tailnet dashboard

* fix(gateway): preserve local access for specific binds

---------

Co-authored-by: haruaiclone-droid <281899875+haruaiclone-droid@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 19:18:47 -07:00
Peter Steinberger
e6671d9de0 fix(ui): adapt chat workspace rail and detail panel to narrow panes (#104033)
The workspace rail and message detail panel keyed layout off viewport
media queries, so narrow split-view panes and compact windows got
crushed side-by-side columns, and below 1120px the rail was
display:none with no way to reach workspace files.

Chat panes now measure their own width with a ResizeObserver: under
800px the rail presents as the existing bottom-dock strip (side-dock
controls hide), and when the chat + detail split has under 680px the
detail panel stacks below the thread with a horizontal resize divider.
The phone full-screen detail takeover is unchanged. Bottom-strip path
and summary rows no longer flex-shrink into clipped text.

Closes #104023
2026-07-10 19:18:35 -07:00
Peter Steinberger
7b5854bee8 feat(webui): reintroduce opt-in AI purpose titles for tool calls (#103989)
* feat(webui): reintroduce opt-in AI purpose titles for tool calls

Restores the chat.toolTitles path removed in #103821, gated behind the new
gateway.controlUi.toolTitles opt-in (default false) so tool rendering stays
fully deterministic with no background model calls unless an operator enables
it. Disabled gateways answer { titles: {}, disabled: true } without loading
the completion runtime, and clients stop asking for the session.

When enabled, titles use canonical utility-model routing: an explicit
utilityModel (operator-chosen provider, like every utility task), else the
session provider's declared small-model default, honoring per-session model
overrides and auth profiles; utilityModel "" disables titles and malformed
refs fail closed — never the primary model. Tool inputs are redacted with the
tools-mode redactor before cache keys or prompts, caller ids are bounded and
never reach the model, and results cache in the per-agent SQLite
cache_entries so repeat views never re-bill.

Also completes two crestodian model-input mock factories that leaked into
sibling tests under shared-registry CI shards.

Fixes #103987

* fix(webui): redact tool-title inputs before truncation
2026-07-10 19:18:02 -07:00
Peter Steinberger
2a12c9916a feat(browser): import Chrome-family system-profile cookies into managed profiles (#104057)
* feat(browser): import Chrome-family system-profile cookies into managed profiles

Import cookies from a real Chrome/Brave/Edge/Chromium system profile (macOS)
into a fresh OpenClaw-managed browser profile so the agent can browse as the
signed-in user. Reads the source Cookies DB via a coherent VACUUM INTO snapshot,
decrypts v10 AES-128-CBC values with the Safe Storage Keychain key (one Touch ID
consent), maps rows to Playwright cookies (FILETIME expiry, SameSite, M124+
domain-hash prefix strip, CHIPS skipped), and best-effort injects them via
addCookies into a mock-keychain profile so they persist without further prompts.
Decrypted values are never logged or returned.

Exposed as agent tool action=importprofile, CLI system-profiles/import-profile,
and POST /profiles/import; action=profiles surfaces importable systemProfiles.
Listing and import are pinned host-local at every surface (gateway, browser
tool, node proxy) since they read the local Keychain and Chrome profiles.
Malformed domain filters fail closed via a shared validator. Gated by
browser.allowSystemProfileImport (default on). Imports cookies only.

* fix(browser): satisfy CI lint (OpenClaw temp dir, Unicode control-char class)

Use resolvePreferredOpenClawTmpDir() instead of os.tmpdir() for the cookie DB
snapshot (messaging/channel runtime tmpdir guard), and match control characters
via the Unicode \p{Cc} class instead of a literal control-char range so the
CLI table sanitizer passes the no-control-regex lint.
2026-07-10 19:15:52 -07:00
Peter Steinberger
0ca8237905 fix(ui): keep raw ids out of sidebar session rows and stop WebKit section overlap (#104062) 2026-07-10 19:14:51 -07:00
Peter Steinberger
b7156ce688 fix(macos): drag the window from split-view pane headers (#104048)
* fix(macos): drag the window from split-view pane headers

In the macOS app, split-screen pane header rows (session title strip) now
start a native window drag instead of selecting the title text. The Control
UI posts an openclawWindowDrag script message on mousedown over passive
header chrome; the dashboard window validates the trusted main-frame source
and the in-flight left-mouse press before calling NSWindow.performDrag.
Pane headers are chrome, so they are also no longer text-selectable.

* refactor(macos): move the dashboard failure page out of the window controller

SwiftLint type_body_length: the drag-message handler pushed
DashboardWindowController past 800 lines; the failure-page HTML is
presentation-only and now lives in DashboardFailurePage.
2026-07-10 19:07:04 -07:00
Peter Steinberger
b29fe954f1 fix(macos): start existing CLI gateway during onboarding (#104051)
* fix(macos): start detected CLI gateway during onboarding

* chore(macos): refresh native i18n inventory
2026-07-10 19:02:51 -07:00
Peter Steinberger
425c5b9f26 fix(macos): reject revoked forwarded exec approvals (#103968)
* fix(macos): reject revoked forwarded exec approvals

* fix(macos): split approval plan validation

* chore(i18n): refresh native source lines
2026-07-10 19:01:17 -07:00
Peter Steinberger
f50293c9e7 fix: installer removes temporary files after failed commands (#104049)
* fix(installer): retain temp cleanup registrations

* chore: keep installer release notes release-owned
2026-07-10 18:54:56 -07:00
Josh Avant
3bcb90b2d0 fix(anthropic): stage thinking signatures until block stop (#104043) 2026-07-10 20:54:37 -05:00
Peter Steinberger
67e1d43911 fix(ui): preserve UTF-16 workshop previews (#104047) 2026-07-10 18:45:04 -07:00
Peter Steinberger
7ac8e2e227 fix(telegram): preserve UTF-16 model labels (#104037) 2026-07-10 18:32:04 -07:00
Peter Steinberger
070b7928fd fix(release): declare Telegram QA environment secrets (#104036) 2026-07-10 18:30:20 -07:00
Peter Steinberger
c34ada31c5 feat(ui): hover-revealed chat message meta with relative timestamps (#104035)
* feat(ui): hover-revealed chat message meta with relative timestamps

* fix(ui): derive relative chat timestamps from the injected clock

* fix(ui): date far-future chat timestamps instead of clamping to just now

* fix(ui): invalidate memoized chat thread on relative-time ticks

* fix(ui): keep relative-time ticks out of the chat live region
2026-07-10 18:30:01 -07:00
qingminlong
eccd4f02f8 fix(skill-workshop): reject invalid proposal list limits (#103496)
* fix(skill-workshop): reject invalid proposal list limits

* refactor(skill-workshop): validate list params before storage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:26:12 -07:00
chenyangjun-xy
b58029f4fd fix(telegram): preserve outbound prompt context projections (#102469)
* fix(telegram): preserve outbound prompt context projections

Co-authored-by: 陈杨俊0668000971 <chen.yangjun@xydigit.com>

* fix(telegram): satisfy legacy sender lint

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:25:54 -07:00
Peter Steinberger
d6f07f36db fix(memory-wiki): prevent partial failures during concurrent agent writes (#103408)
* fix(memory-wiki): serialize concurrent apply transactions

* chore(memory-wiki): leave release note to release workflow
2026-07-10 18:22:51 -07:00
Peter Steinberger
790cd2aff2 fix(twitch): preserve UTF-16 pairs in outbound chunks (#104030) 2026-07-10 18:20:29 -07:00