Commit Graph

66940 Commits

Author SHA1 Message Date
WhatsSkiLL
eb7613cecd fix(android): ellipsize onboarding permission labels (#103649)
Co-authored-by: IWhatsskill <284122573+IWhatsskill@users.noreply.github.com>
2026-07-10 14:17:28 -04:00
Peter Steinberger
8f8934163b feat(ui): worktrees page owners and creation, structured snapshot failures, preserved-checkout cleanup (#103526)
* feat(ui): worktrees page owners and creation, structured snapshot failures, preserved-checkout cleanup

- Worktrees settings page gains an Owner column (manual/Workboard/session
  with a link into the owning chat) and a New worktree form with repo
  default, optional name, and a worktrees.branches-backed base picker
- non-forced worktrees.remove snapshot failures are a structured
  { removed: false, snapshotError } result (typed WorktreeSnapshotError in
  the service) instead of error-string sniffing in the UI
- deleting a session whose dirty/unpushed checkout was preserved now
  reports worktreePreserved through the session capability and offers an
  explicit force removal instead of silently orphaning the checkout

Part of #103431

* fix(ui): report preserved checkouts from batch session deletes

deleteMany now aggregates worktreePreserved results, and the Sessions
page surfaces one notice pointing at Settings -> Worktrees instead of
silently orphaning dirty checkouts during bulk deletion.

Part of #103431

* fix(ui): reconcile generated locale artifacts after rebase
2026-07-10 19:16:36 +01:00
Shakker
e6ae79360c feat: open Settings with Shift-Command-Comma (#103870)
Open Settings from anywhere in the Control UI with Shift-Command-Comma while preserving browser-owned Command-Comma and existing shortcuts.

Prepared head SHA: 769a4fec5f
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
2026-07-10 19:13:44 +01:00
Peter Steinberger
ef9a94ecba docs: correct macOS node command support (#103878) 2026-07-10 19:08:21 +01:00
joshavant
5b20013399 docs(security): clarify computer act authorization 2026-07-10 13:06:53 -05:00
Peter Steinberger
b91e117dcd fix(ci): select full Kova performance reports (#103863) 2026-07-10 19:01:30 +01:00
mushuiyu886
5bb5e4fb0a fix(cron): preserve UTF-16 table boundaries (#103616)
* fix(cron): preserve table Unicode boundaries

* refactor(cron): size table cells by display width

* docs(changelog): credit cron table fix

* fix(cron): sanitize Unicode table cells

* fix(cron): keep table truncation UTF-16 safe

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:57:15 +01:00
Peter Steinberger
fd2a2411b9 feat(ui): sessions sidebar redesign with agent sections, smart groups, and draft sessions (#103498)
* feat(ui): sessions sidebar redesign with agent sections, smart groups, and draft sessions

- agents become collapsible top-level sidebar sections; expanding an agent
  browses its sessions without navigating, replacing the hidden scope select
- built-in smart groups: one section per channel (rows keep their chat
  titles), a Work section for worktree/exec-node sessions with a
  repo/branch/node subtitle, custom groups, and Chats
- session names never show raw keys or peer ids; DM fallbacks shorten ids,
  dashboard sessions read 'New session', unnamed work sessions read as
  their checkout
- one + opens the new-session draft dialog: agent, exec host (paired
  system.run nodes), folder, worktree toggle with base-branch picker
  (worktrees.branches) and optional name; the first message creates the
  session and starts the run in one sessions.create call
- custom group catalog/order moves to the gateway (sessions.groups.*) with
  a one-time localStorage migration; rename/delete update members
  server-side instead of client-side paging

Part of #103431

* fix(ui): resolve dragged sessions across browsed agent sections

Dropping a row dragged out of a non-active agent section now finds the
session in the per-agent row cache instead of only the active scope, so
the category patch is applied instead of silently doing nothing.

Part of #103431

* fix(ui): propagate group catalog changes to open clients

sessions.groups.put/rename/delete now always broadcast a groups-change
event, and the session capability reloads the gateway-owned catalog when
one arrives, so another browser's group create/reorder/rename/delete no
longer leaves this client on a stale snapshot for the rest of the
connection.

Part of #103431

* docs: restore new session dialog section after rebase

* fix(ui): translate new sidebar/session strings and refresh docs map

Real locale translations for the new-session dialog and sidebar keys
(the fallback gate requires zero recorded English fallbacks), plus the
regenerated docs map for the new Control UI section.

Part of #103431

* fix(ui): repair locale metadata after rebase conflict resolution

* fix(ui): merge mainline locale keys with the sidebar redesign strings

* fix(ui): refresh raw-copy baseline for mainline tool-card strings

* fix(ui): reconcile generated locale artifacts after rebase
2026-07-10 18:54:44 +01:00
Peter Steinberger
0855de48ec fix(agents): bind session rewrites to verified snapshots (#103848)
* fix(agents): bind session rewrites to verified snapshots

Co-authored-by: gucasbrg <buruguo2000@163.com>

* test: stabilize session rewrite race regression

---------

Co-authored-by: gucasbrg <buruguo2000@163.com>
2026-07-10 18:54:10 +01:00
Peter Steinberger
b597a8d364 fix(release): restore prerelease and release validation startup (#103834)
* fix(release): split image publication from validation

* fix(ci): honor install smoke caller input

* fix(ci): harden Docker rerun targeting
2026-07-10 18:46:08 +01:00
ZOOWH
61893247ec fix(chutes): redact OAuth error response body (#103569)
* fix(chutes): redact OAuth error response body in token exchange and refresh

Replace readResponseTextLimited + raw body in error message with
extractProviderErrorDetail for bounded, redacted structured error detail.

Ref: #102953

* fix(chutes): update test assertions for extractProviderErrorDetail message format

* fix(chutes): remove unused readResponseTextLimited and CHUTES_OAUTH_ERROR_BODY_LIMIT_BYTES

* fix(chutes): normalize OAuth HTTP failures

* test(chutes): assert redaction without fixed mask

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:40:58 +01:00
Peter Steinberger
188535b097 fix(ui): queue chat input while reconnecting (#102781)
* fix(ui): queue chat input while reconnecting

* test(ui): strengthen offline reconnect proof

* chore: follow release-only changelog policy

* fix(ui): harden offline queue replay

* fix(ui): harden offline replay recovery
2026-07-10 18:37:46 +01:00
Peter Steinberger
5aea34ad8c fix(webui): keep tool activity paired without model calls (#103821)
* fix(webui): make tool activity rendering deterministic

* fix(protocol): remove stale tool-title models

* fix(i18n): translate tool activity labels

* fix(i18n): translate tool activity labels
2026-07-10 18:21:08 +01:00
Peter Steinberger
c8ebfd8a3a fix(security): preserve UTF-16 token mask boundaries (#103843) 2026-07-10 18:20:05 +01:00
pick-cat
8a93d288e2 fix(nextcloud-talk): strip internal tool-trace banners from outbound text (#101712)
* fix(nextcloud-talk): strip internal tool-trace banners from outbound text

* fix(nextcloud-talk): sanitize inbound replies

Co-authored-by: liyuanbin <li.yuanbin1@xydigit.com>

* test(nextcloud-talk): prove low-level send text preservation

* test(nextcloud-talk): focus inbound sanitizer coverage

* fix(nextcloud-talk): report stripped replies as non-visible

* docs(changelog): note Nextcloud Talk reply sanitization

* chore: keep PR changelog-neutral

---------

Co-authored-by: Pick-cat <266665499+Pick-cat@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: liyuanbin <li.yuanbin1@xydigit.com>
2026-07-10 18:17:19 +01:00
qingminlong
3a64889d83 fix(agent-core): report correct JSONL entry line after blank rows (#103645)
* fix(agent-core): report jsonl entry physical line numbers

* fix(agent-core): preserve physical JSONL line numbers

* test(agent-core): keep JSONL cleanup lint-safe

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:12:56 +01:00
Peter Steinberger
091584b197 chore(swift): restore compact conditional bodies (#103832)
* style(swift): restore compact conditional bodies

* fix(ios): remove redundant startup timeout await

* chore(swift): sync native i18n inventory
2026-07-10 18:12:00 +01:00
Peter Steinberger
906f1b816f fix(ci): update Kova performance model owners (#103839) 2026-07-10 18:08:37 +01:00
Peter Steinberger
5166967ace fix(plugins): harden official ClawHub provenance (#103836)
Co-authored-by: Jimmy Puckett <jimmy.puckett@spinen.com>
2026-07-10 18:07:17 +01:00
Peter Steinberger
050177c784 fix(clawdock): scope confirmation response (#103837) 2026-07-10 18:06:06 +01:00
cavit99
5e250aac74 fix: A2A handoffs can duplicate message-tool replies (#97259)
* fix: stop A2A source-reply mirror duplicates

* fix(agents): harden A2A reply extraction

* fix(agents): preserve internal A2A source replies

* test(gateway): assert A2A mirror projection precisely

* test(agents): complete A2A payload fixtures

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:05:51 +01:00
Peter Steinberger
6154a42c0f test(audit): prove invalid date filters stop before RPC (#103833) 2026-07-10 18:03:22 +01:00
qingminlong
1d3d743b24 fix(grep): stop searches when canceled during tool startup (#103709)
* fix(grep): stop before ripgrep when aborted during setup

* fix(grep): check cancellation before ripgrep spawn

* fix(grep): make cancellation own process lifecycle

Co-authored-by: qingminlong <qing.minlong@xydigit.com>

* test(grep): use bound lifecycle assertions

Co-authored-by: qingminlong <qing.minlong@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:01:59 +01:00
qingminlong
bf02b611eb fix(sessions): reject malformed history offsets (#103594)
* fix(sessions): reject malformed history offsets

* test(sessions): prove invalid offsets stop before reads

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:00:31 +01:00
pick-cat
586df58bcc fix: allow stopping manual compaction (#90821)
* fix(compact): make queued manual compaction abortable

* fix(compact): own manual compaction lifecycle

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 17:59:27 +01:00
xingzhou
8d5f7e27b2 fix(sms): replayed Twilio webhooks process again after high inbound traffic (#101107)
* fix(sms): replayed Twilio webhooks process again after high inbound traffic

* fix(sms): harden Twilio replay saturation

* test(sms): expose response header spy

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 17:58:53 +01:00
Peter Steinberger
baea671ef3 fix(anthropic): delegate adaptive Claude CLI effort (#103815)
* fix(anthropic): delegate adaptive CLI effort

Strip static --effort args for adaptive runs so Claude Code resolves effort from its environment, settings, and model default. Preserve configured effort for off or absent thinking and replace it only for concrete OpenClaw levels.

Fixes #103245

Co-authored-by: Dan Korotin <korotin.daniil@gmail.com>

* fix(anthropic): make effort dispatch exhaustive

---------

Co-authored-by: Dan Korotin <korotin.daniil@gmail.com>
2026-07-10 17:57:50 +01:00
gucasbrg
2e742e3f8e fix(embedded-agent-runner): treat the run's own no-op in-place session rewrite as benign (#91797)
* fix(agents): accept byte-identical session rewrites

Co-authored-by: gucasbrg <buruguo2000@163.com>

* chore: keep changelog release-owned

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 17:57:25 +01:00
Dallin Romney
0b9c2e6f95 fix(qa): simplify smoke lanes and isolate fanout (#102262)
* fix(qa): simplify smoke lanes and isolate fanout

* ci: re-enable repaired QA smoke lanes

* ci: split Crabline smoke into three shards

* ci: eliminate repeated QA smoke builds

* fix(qa): focus control ui smoke scenario

* ci(qa): remove smoke worker launch delay

* ci(qa): bound automatic smoke coverage
2026-07-10 09:48:40 -07:00
Peter Steinberger
c08599c17b fix(clawdock): preserve sourced zsh PATH (#103805)
Co-authored-by: wenhua <lshgdut@qq.com>
2026-07-10 17:46:08 +01:00
Peter Steinberger
5c260940bd fix: prevent CLI MCP children from widening sandbox tools (#103822)
* fix(gateway): bind CLI MCP grants to context

* chore: leave release changelog ownership intact
2026-07-10 17:44:29 +01:00
Peter Steinberger
e484bdd993 fix(memory-host): keep redacted token hints UTF-16 safe (#103813)
Completes the sibling memory-host masker missed by #103341.

Co-authored-by: 张贵萍0668001030 <zhang.guiping@xydigit.com>
2026-07-10 17:43:37 +01:00
WhatsSkiLL
1754292217 [AI-assisted] Tidy Android Sessions row affordances (#103108)
* fix(android): clean up Sessions row visuals

* chore(android): refresh native i18n inventory

* fix(android): consolidate session sorting controls

---------

Co-authored-by: IWhatsskill <284122573+IWhatsskill@users.noreply.github.com>
2026-07-10 12:43:18 -04:00
mushuiyu886
9c9010efca fix(diagnostics-otel): preserve JSON Unicode boundaries (#103646)
* fix(diagnostics-otel): preserve JSON Unicode boundaries

* test(diagnostics-otel): consolidate Unicode boundary coverage

* docs(changelog): credit OTEL Unicode fix

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 17:42:25 +01:00
Vincent Koc
90322074dd fix(ci): validate Kova bin-only dependency (#103810) 2026-07-10 09:41:01 -07:00
Peter Steinberger
845311cf97 fix(browser): prevent stale handles from switching duplicate-URL tabs (#103816)
* fix(browser): reject ambiguous tab replacements

* fix(browser): guide stale tab recovery
2026-07-10 17:40:14 +01:00
Peter Steinberger
97bbbc2271 feat(agents): derive a provider-declared default utility model when unset (#103769)
* feat(agents): derive a provider-declared default utility model when unset

When agents.defaults.utilityModel is not set, utility tasks (titles, progress
narration) now use the primary provider's declared small model
(modelCatalog.providers.<id>.defaultUtilityModel: OpenAI -> gpt-5.6-luna,
Anthropic -> claude-haiku-4-5). Auth is inherent because derivation follows
the agent's primary provider. Setting utilityModel to an empty string
disables utility routing entirely; narration turns on automatically when a
default resolves and stays off otherwise.

Formatting/lint/tests verified on Testbox (oxfmt, oxlint, plugins:inventory,
docs:map, import-cycles, check:test-types, 4 test files).

* fix(ai): drop the temperature parameter for models that reject it

The GPT-5.6 family 400s on temperature via the Responses API (live-verified:
gpt-5.6-luna/-terra reject it; gpt-5.5 and gpt-5.4-mini/nano accept it).
supportsOpenAITemperature gates all three OpenAI payload builders, with a
catalog compat override (compat.supportsTemperature) declared for the 5.6
family in the openai manifest. Without this, utility tasks (titles,
narration) would fail once gpt-5.6-luna becomes the derived default.

Gates on Testbox: oxfmt, oxlint, plugins:inventory, import-cycles,
check:test-types, 6 test files. Live proof on Testbox: gpt-5.6-luna and
claude-haiku-4-5 one-shot completions succeed with temperature requested.

* fix(agents): carry the primary model's auth profile onto the derived utility default

A primary like openai/gpt-5.5@work previously reached utility tasks via the
profiled fallback; the derived default shares the provider, so its trailing
auth profile carries over instead of silently switching to default
credentials (Codex review). Gates on Testbox: oxfmt, check:test-types, tests.

* docs: realign the manifest provider-fields table after adding defaultUtilityModel
2026-07-10 17:40:11 +01:00
Peter Steinberger
2d7472b3e4 fix(cron): emit scheduled events after durable wake changes (#103647)
* fix(cron): emit scheduled events after durable wake changes

* chore(changelog): defer cron note to release

* chore(docs): refresh plugin SDK baseline
2026-07-10 17:39:23 +01:00
Vincent Koc
daa653c5cc ci(release): add plugin npm artifact preflight (#103759)
* ci(release): add plugin npm preflight proof

* fix(release): bind plugin preflight package evidence

* fix(release): harden plugin preflight trust

* fix(release): bind plugin registry readback

* fix(release): retry npm packument bodies

* fix(release): retry malformed npm packuments

* fix(release): satisfy npm preflight lint
2026-07-10 09:39:10 -07:00
Peter Steinberger
1dcbcce515 fix(docker): make workspace deps portable to Podman (#103814)
Fixes #103741. Reported and verified on amd64 Podman by @sallyom.
2026-07-10 17:33:28 +01:00
Peter Steinberger
e43f225c81 fix(release): prevent stale beta validation evidence (#103798)
* fix(release): ignore nested squash revert markers

* fix(release): preserve squash revert targets

* docs(release): state installer doctor contract

* fix(release): recognize conventional squash reverts
2026-07-10 17:26:56 +01:00
Peter Steinberger
fc2afc83da feat(webui): redesign tool-call rendering with inline diffs, group summaries, and cheap-model purpose titles (#103748)
Kind-aware tool rows (terminal-style commands with wrapper stripping and
display highlighting, file edits with inline numbered diffs and diffstat,
write previews, key-value args), aggregate group summaries with live run
status, and a new batched chat.toolTitles gateway RPC that titles complex
calls via the configured utilityModel or the OpenAI Luna default (gated to
OpenAI-primary agents, cached in the per-agent SQLite cache_entries).

Also fixes two transcript pairing bugs: result blocks now inherit call
id/name/details at merge time, and results pair with any open call in the
current tool run so parallel calls render as single rows.

Fixes #103554
2026-07-10 17:26:22 +01:00
maweibin
b7e7c27ef0 fix(agents): scope silent-error retry safety to current attempt (#97966)
* fix(agents): gate empty-error-retry on per-attempt side effects, not cumulative (#97877)

Derive currentAttemptReplayMetadata from per-attempt fields via
buildAttemptReplayMetadata so the retry gate can distinguish "this
model call had no tool side effects" from "cumulative session
replayMetadata carries prior-turn history".

Previously raw.replayMetadata was saved as currentAttemptReplayMetadata,
but attempt.ts already merges observedReplayMetadata with accumulated
session state before returning, so both fields carried the same
cumulative value — making the per-attempt check ineffective.

shouldRetrySilentErrorAssistantTurn prefers currentAttemptReplayMetadata
when available, falling back to replayMetadata for legacy harnesses.

Add regression coverage:
- 22→23 empty-error-retry tests (prior-side-effects + clean 5xx scenario)
- 111→114 incomplete-turn tests (currentAttemptReplayMetadata unit tests)

* fix(agents): harden silent retry replay gating

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 17:25:14 +01:00
Roy Osherove
40b3bbbba9 fix(compaction): allow compaction under aws-sdk auth with no static key (#103638)
The compaction safeguard treated a successful keyless auth resolution
(ok: true with neither apiKey nor headers) as missing credentials and
cancelled compaction. Bedrock providers using auth: "aws-sdk" sign
requests with SigV4 at send time and legitimately return no static key
or header, so every message on a session large enough to need compaction
failed with a false "could not resolve request credentials" error.

Trust the registry's ok:true success signal; it already returns ok:false
when auth genuinely cannot resolve. Add regression coverage for the
keyless SDK-managed auth path.

Co-authored-by: Roy Osherove <575051+royosherove@users.noreply.github.com>
2026-07-10 09:24:52 -07:00
Miorbnli
bedcba2b9b fix(signal): clean up signal-cli download temp dir on every exit path (#103339)
* fix(signal): clean up signal-cli download temp dir on every exit path

installSignalCliFromRelease created a temp dir with fs.mkdtemp for the
download archive but never removed it. Every return path — including the
success return and the extraction-failure / binary-not-found errors — leaked
the directory plus the downloaded archive (signal-cli Linux-native archives
are ~50-130 MB). Repeated installs or retries accumulated multi-hundred-MB
temp dirs under the preferred tmp dir.

Wrap the body after mkdtemp in try/finally that recursively removes the temp
dir. The extracted binary is installed under CONFIG_DIR and is unaffected.

Co-Authored-By: Claude <noreply@anthropic.com>

* style(signal): drop unnecessary String() conversion in test spy

dir is already a string (mkdtemp return); String(dir) triggers the
no-unnecessary-type-conversion lint rule.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(signal): cover success-path temp dir cleanup with real archive

Add a success-path test that mocks the network fetch to return a real tar.gz
archive (containing a signal-cli binary) so installSignalCliFromRelease runs the
full download -> extract -> find-binary -> chmod path against real bytes, then
asserts the temp dir and downloaded archive are removed by the finally clause.
This complements the existing error-path test so both exit paths are covered.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(signal): use owned temp download workspace

* fix(signal): allow bounded native extraction

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 17:20:03 +01:00
qingminlong
cbfa7d4aa7 fix(audit): audit filters select wrong intervals when dates are invalid (#103433)
* fix(audit): reject invalid ISO timestamps in filters

* test(audit): cover strict date filter semantics

Co-authored-by: qingminlong <qing.minlong@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 17:14:26 +01:00
NianJiu
5ed8121fd1 fix(security): confine include permission remediation (#103267)
* fix(security): guard include permission scans

* fix(security): avoid include scan variable shadow

* test(security): cover allowed include audit roots

* test(security): track include audit temp dirs

* fix(security): preserve include scan boundaries

---------

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 17:14:08 +01:00
Wynne668
dd265e2c2a fix(skills): skill workshop apply hangs despite auto approval (#102530)
* fix: honor skill workshop auto approval without hook config

* test(skills): cover workshop config read failures

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 17:10:23 +01:00
Vincent Koc
afd0c60f15 fix(ci): bind release status artifacts to run attempts (#103772)
* fix(ci): bind release status artifacts to run attempts

* test(ci): align release summary contract assertions

* fix(ci): preserve Tideclaw advisory status policy
2026-07-10 09:06:42 -07:00
Vincent Koc
155e196e22 fix(release): preserve beta validation evidence (#103796)
* fix(release): proxy upgrade fixtures to npm

(cherry picked from commit 30f54a5fe1)

* fix(release): require installer doctor evidence

(cherry picked from commit 0782a94452)

* test(qa): scope aborted restart outcome to Codex

(cherry picked from commit ac54f80430)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 09:05:14 -07:00