Commit Graph

66940 Commits

Author SHA1 Message Date
Peter Steinberger
a3ef0153fb fix(ci): restore manually dispatched live suites (#103654) 2026-07-10 12:26:44 +01:00
Peter Steinberger
c8655be915 test(terminal): cover C1 buffer text controls (#103439) 2026-07-10 12:24:17 +01:00
Peter Steinberger
d72e618818 fix(ci): split locale publisher app permissions (#103644)
* fix(ci): split locale publisher app permissions

* fix(ci): prevent stale locale publication
2026-07-10 12:16:03 +01:00
Peter Steinberger
a0a709555f fix: keep gateway model probes stateless (#103651)
* fix: keep gateway model runs stateless

* chore: keep release notes in PR body
2026-07-10 12:15:47 +01:00
Peter Steinberger
7b03a2ae20 test(qa): model non-assistant parity usage (#103650) 2026-07-10 12:12:28 +01:00
Peter Steinberger
dff4c634f1 fix(macos): keep dashboard tab reuse and ordering accurate (#103464)
* fix(macos): preserve dashboard tab identity

* test(macos): strengthen dashboard tab regressions

* fix(macos): retire failed dashboard navigation aliases
2026-07-10 11:57:04 +01:00
Peter Steinberger
401f278f11 feat: add Control UI plugin management (#103176)
* feat(ui): add plugin catalog management

* feat(gateway): add plugins.uninstall and richer plugin catalog metadata

Adds a plugins.uninstall gateway method (operator.admin, control-plane write)
backed by a lock-guarded uninstallManagedPlugin that mirrors the CLI flow:
config cleanup, install-record removal, managed file deletion, and registry
refresh. Bundled plugins stay disable-only. Catalog entries now carry a
manifest-derived category and a removable flag; ClawHub search results expose
download counts and verification tiers.

* feat(ui): redesign plugins page with inventory, store shelves, and cover art

Rebuilds /settings/plugins around three tabs: Installed (category-grouped
inventory with overview stats, state filters, uninstall for external plugins,
and inline MCP server management through the shared config seam), Discover
(featured/official shelves plus one-click MCP connectors and curated ClawHub
searches), and ClawHub (search with download counts and verification badges).
Every catalog entry renders bundled cover art or a deterministic gradient
monogram tile - no more empty boxes. Artwork generated with Codex CLI, shipped
as 512px WebP under ui/public/plugin-art.

* chore(ui): regenerate locale bundles for plugins manager strings

* docs: describe plugins manager tabs, uninstall, and MCP connectors

* fix(plugins): human catalog labels and un-pinned hosted fallback ids

listManagedPlugins now prefers manifest names over registry package-name
backfill, falls back to channel catalog labels and blurbs, and stops pinning
expectedPluginId when a hosted feed entry only exposes its package name
(which rejected every legitimate install of that package). Found via live
gateway testing against ClawHub.

* fix(ui): send minimal RFC 7396 merge patches for MCP server edits

config.patch merges rather than replaces, so key removal needs an explicit
null; sending the full config back made MCP server removal a no-op. Found
via live gateway testing.

* fix(ui): write explicit MCP transports for URL servers

The MCP runtime defaults URL-only servers to SSE, so streamable HTTP
endpoints saved by the add form or connector templates would fail at
connect time. Connector templates now declare their transport and the
add form infers streamable-http unless the URL follows the /sse
convention. Flagged by autoreview against the transport resolver.

* test(ui): wait for deferred plugin requests before resolving in e2e

* feat(ui): plugins detail view, action menus, and unified ClawHub search

Reworks the plugins page from PR #103176 feedback: merges the ClawHub tab into
Discover (typing searches ClawHub inline and appends a quiet From ClawHub
section, with Browse ClawHub demoted to a header text link), makes every row and
store card open a plugin detail overlay (hero art, primary enable/install
action, metadata table), and replaces enable/disable switches with a state chip
plus an overflow menu (Enable/Disable, Remove for external plugins, View
details) matching the ChatGPT-store install+menu pattern. MCP rows use the same
menu; refresh is now icon-only.

* chore(ui): regenerate locale bundles for plugins UI iteration

* feat(ui): vetted, grouped connector catalog for the plugins store

Expands Connect your world to 28 connectors organized into use-case shelves
(Work & productivity, Coding & infrastructure, Home & media, Everyday life).
Every entry passed a three-stage subagent review: official-docs verification
plus live endpoint probes for MCP servers, ClawHub result-quality and
malware/typosquat screening for curated searches, and an adversarial pass
that dynamically registered OAuth clients to prove one-click viability.

That review removed Figma (registration allowlisted, 403) and Atlassian
(OAuth issuer-mismatch bug upstream), downgraded GitHub to PAT-based setup
(no dynamic client registration upstream), fixed Linear (/sse retired) and
Home Assistant (/api/mcp, streamable HTTP) endpoints, retargeted poisoned or
dead searches (youtube, finance, hue dropped; calendar -> google calendar;
stocks replaces finance), and added Todoist, Airtable, Canva, Stripe,
Context7, DeepWiki, Hugging Face one-click MCP servers plus Jira, PDF,
transcription, Kubernetes, Reddit, maps, translation, and notes searches.
Keyless servers get a ready-to-use success message; new cover art included.

* chore(ui): regenerate locale bundles for connector groups

* fix(plugins): suppress hosted catalog rows once their package is installed

Hosted feed entries without a declared runtime id fall back to their package
name as catalog id, which never matches the installed runtime id, so the
Discover shelf kept offering an already-installed package. Installed package
names now also suppress official rows. Flagged by autoreview.

* fix(plugins): pin declared runtime ids and surface connector errors in place

The runtime-id pin now keys off explicitly declared catalog ids (plugin,
channel, or provider) instead of string-comparing against the package name,
so declared ids that equal their package name stay enforced while entry-id
fallbacks stay unpinned. Connector add failures on Discover now render on the
triggering card instead of the Installed tab's MCP section. Both flagged by
autoreview; regression tests included.

* feat(ui): full inventory artwork, pulse header, and two-column plugin list

Every bundled plugin now ships distinctive cover art (113 new Codex CLI
illustrations; 172 total, ~2.1MB WebP), so inventory rows and detail views
never fall back to monogram tiles. The four stat cards give way to a compact
inventory pulse: a segmented enabled/disabled/issues meter whose legend and
counts live inside the filter chips. Inventory, MCP, and search rows flow
into two columns when the panel is wide enough.

* chore(ui): regenerate locale bundles for pulse header

* fix(ui): omit stdio args from the MCP server row target

Stdio MCP args routinely carry tokens, and the inventory is visible to
read-only operators; mirror the config page and show only the command.
Flagged by autoreview; regression test included.

* fix(merge): point crestodian setup at relocated plugin commit/refresh modules

* fix(merge): add bootstrapToken to plugins page test gateway harness

* fix(plugins): name catalog install-action branches so Swift emits the union

* fix(ui): satisfy strict lint on plugins page form parsing and mocks

* chore(build): regen docs map, raise plugin-sdk declaration budget for new protocol surface

* fix(ui): type the plugins page patch mock with its real call signature
2026-07-10 11:56:44 +01:00
Peter Steinberger
62bd760c0e chore(swift): enforce current formatting and lint rules (#103313)
* style: apply SwiftFormat 0.62.1 rules

Refs #103202

* ci: enforce deterministic Swift lint

Refs #103202

* refactor: keep gateway connect lint-clean

Refs #103202

* style: keep iOS typography checks warning-free

* ci: route MLX Swift changes through pre-push

* fix: preserve native i18n extraction after Swift cleanup

* refactor: keep rebased Swift surfaces lint-clean

* style: format latest Swift additions

* chore: refresh native i18n inventory

* style: keep generated Swift formatter-clean

* fix: preserve node route invalidation callbacks

* fix: keep native translation IDs stable

* fix: retain native translation identifiers

* fix: preserve translations across Swift source moves
2026-07-10 11:54:08 +01:00
Peter Steinberger
6eb9a5ada2 test(macos): isolate config change notifications (#103481) 2026-07-10 11:47:26 +01:00
Peter Steinberger
7d87cedcda fix(ui): use default cursor for mount fallback (#103448)
* fix(ui): use default cursor for mount fallback

* test(ui): focus mount fallback cursor coverage
2026-07-10 11:43:32 +01:00
Peter Steinberger
74717f6a5a fix(qa): keep retry passes terminally successful (#103635)
Refs #103631
2026-07-10 11:42:13 +01:00
Peter Steinberger
29d018f0af fix(ui): detect encoded media URL extensions (#103466) 2026-07-10 11:32:01 +01:00
Peter Steinberger
bcf2798920 fix(ci): publish locale refreshes through exact merge (#103625) 2026-07-10 11:25:25 +01:00
Peter Steinberger
bacc75a358 fix(ui): stop session shortcuts after panel collapse (#103514)
* fix(ui): stop hidden session menu shortcuts

* fix(ui): adapt hidden menu dismissal to restored sidebar
2026-07-10 11:14:41 +01:00
Peter Steinberger
f1b75bf5fa fix(release): leave canonical public release pages untouched on resume
Codex review: the early draft-page creation could rewrite an
already-public release with the proofless prepublish body, stripping its
verification section until the proof append re-ran — a failed resume
would leave the public page proofless. create_or_update now no-ops when
the existing page is public and already canonical (the state
guard_existing_public_release vetted); drafts still get refreshed
notes.
2026-07-10 03:09:10 -07:00
Peter Steinberger
8d66e47773 fix(release): prove registry tarball identity before resuming a publish
Codex review: version existence alone does not prove the npm registry
serves the tarball this tag's preflight built — the same version could
have been published from a different artifact and npm versions are
immutable. The resume resolver now downloads the preflight manifest,
requires its releaseSha to match the target, and compares the published
registry tarball's sha256 against the manifest before skipping the core
dispatch; mismatches abort with correction-tag guidance.
2026-07-10 03:09:10 -07:00
Peter Steinberger
cb350ad333 fix(release): guard asset-contract verifiers for if-predicate use
The retry short-circuits call the Android/Windows verifiers as if
predicates, where bash suppresses errexit inside the function; a failed
gh attestation verify would have fallen through to the summary echo and
classified an unverified APK as promoted. Every failure-capable command
in both verifiers now returns explicitly.
2026-07-10 03:09:09 -07:00
Peter Steinberger
a8d16113f6 fix(release): keep retry evidence stable and scope ClawHub verification skips
Codex review on the resumable publish chain: postpublish evidence embeds
the current run id, so retries regenerated different bytes and wedged on
the byte-identity asset check — the evidence json and its checksum now
replace the release asset (latest verification wins; prior copies stay
as workflow artifacts) while content-stable manifest and dependency
evidence remain byte-verified. ClawHub verification is now skipped only
when ClawHub itself failed, not when an unrelated Windows/Android
promotion flake set the aggregate failure flag.
2026-07-10 03:09:09 -07:00
Peter Steinberger
ef22e77f0b perf(release): make publish reruns resumable and promote assets concurrently
The 2026.7.1 retro measured ~13h tag-to-published for beta.2 and stable
2026.6.11; any post-npm failure previously hard-aborted retries because
the already-published guard refused the whole run.

- resolve_openclaw_npm_publish_state replaces the abort guard: an
  already-published core version skips the core npm dispatch and resumes
  the remaining stages; verify_published_release still proves the
  registry state matches the tag before the page leaves draft.
- Windows and Android promotion runs concurrently with the core npm
  publish (their only shared prerequisite is the draft release page,
  which is now created before the dispatch) and each promotion
  short-circuits when the release already carries its verified asset
  contract, so retries only redo failed stages.
- The release proof cites the core npm run only when this run dispatched
  one; resumed publishes rely on the registry package check.
2026-07-10 03:09:09 -07:00
Peter Steinberger
fde42b5eea perf(ci): reuse npm preflight build outputs on same-SHA re-runs
The preflight ran 61 times at ~14 minutes during 2026.7.1, redoing the
full build and Control UI build after every late-step failure. Restore
dist outputs from an actions/cache keyed on the resolved target SHA and
lockfile hash (mirroring ci.yml's dist-build cache) so re-runs skip only
the build producers; every validation step still runs against the
restored artifacts.
2026-07-10 03:09:08 -07:00
Peter Steinberger
0bf2c7aedb test(ui): cover session drops on pane headers (#103525)
* fix(ui): accept session drops on split headers

* test(ui): cover session drops on pane headers
2026-07-10 11:04:06 +01:00
Peter Steinberger
d6c7dbc3aa fix(ui): restore sidebar pin editor keyboard controls (#103612)
* fix(ui): restore sidebar menu keyboard controls

* test(ui): cover About in settings search E2E

* chore: leave release notes to release closeout
2026-07-10 11:03:19 +01:00
LZY3538
4af1d53766 fix(agent): return data URIs for workspace-relative identity card avatars (#97602) (#102892)
* fix(agent): return data URIs for workspace-relative identity card avatars (#97602)

agent.identity.get resolved workspace-relative agent avatars via
resolveAssistantAvatarUrl to /avatar/<agentId> route URLs. <img> tags
in the Control UI Personal card cannot load these URLs because they
lack Bearer auth headers, showing broken images (401).

Read the validated local avatar file into a data URI inline before
constructing the identity response. The file-reading helper lives in
agent.ts as a private (non-exported) function so it does not leak onto
the public Plugin SDK surface. The workspace root is canonicalised with
realpathSync to match the already-resolved filePath from
resolveAgentAvatar, fixing containment checks for symlinked workspaces.

Fixes #97602

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(gateway): inline workspace avatars in bootstrap config Personal card (#97602)

agent.identity.get already returns inline data URIs for workspace-local
avatars, but the Control UI Personal card is initialized from the bootstrap
config (control-ui-config.json), which still mapped workspace avatars to the
auth-gated /avatar/<agentId> route. An <img> cannot carry Bearer auth, so the
linked Personal card 401/broken-image symptom persisted despite the RPC fix.

Consolidate the workspace-safe avatar reader into a single gateway-internal
helper (readLocalAvatarDataUrl in session-utils) and use it in both
agent.identity.get and the bootstrap config handler, so the identity and
bootstrap projections produce identical data URIs. Not re-exported on the
Plugin SDK surface. Adds a bootstrap-config regression test.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(control-ui): inline workspace assistant avatars

Project workspace-local assistant avatars into browser-safe data URLs across bootstrap and agent identity RPCs while preserving same-origin avatar routes and shared size limits.

Co-authored-by: LZY3538 <LZY3538@users.noreply.github.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: LZY3538 <LZY3538@users.noreply.github.com>
2026-07-10 11:03:08 +01:00
Peter Steinberger
b07a2eecc0 fix(codex): defer sandbox cleanup until process close (#103617) 2026-07-10 11:02:56 +01:00
Peter Steinberger
f601d0ef9e fix(ui): hover-only chrome for header icon buttons and a usable bottom-docked rail (#103601)
Light mode re-added a 1px border to ghost icon buttons: the light-theme
.btn--icon override outranks .btn--ghost and only background was reset.
Ghost buttons are now chromeless at rest in light mode too (matching
dark), showing background only on hover; the workspace rail's terminal
and collapse buttons drop their always-on borders the same way.

The bottom-docked workspace rail compressed its sections into clipped
half-rows (flex children shrank instead of scrolling). Sections now lay
out as side-by-side scroll columns in the bottom dock, using the width
the dock actually has.
2026-07-10 10:57:08 +01:00
Peter Steinberger
dd4f94f19d perf(test): overlap TUI gateway startup 2026-07-10 05:54:54 -04:00
Yuval Dinodia
1bac1022e6 fix(exec): auto-approve recognized read-only boolean flags on default safe bins (#88953)
* fix(exec): auto-approve recognized read-only boolean flags on default safe bins

Default safe bins (cut, head, tail, tr, uniq, wc) auto-approve stdin-only
text-filter invocations, but the short-option validator only had an accept
path for value-consuming flags: a cluster of pure boolean short flags fell
through to a terminal reject, so common read-only forms like 'wc -l',
'tr -d', 'uniq -c' and 'sort -n' were force-routed to manual approval even
though the bins are stdin-only and the dangerous flags are already denied.

Add an allowedBooleanFlags allowlist to the safe-bin profile model and
populate it for the default bins with their read-only boolean flags. The
short-cluster validator now accepts recognized boolean flags and the long
validator reuses its existing boolean-flag accept branch (previously
unreachable). Unrecognized short flags (e.g. 'tr -S') stay fail-closed, and
denied flags are still rejected first.

* fix(exec): keep safe-bin allowedBooleanFlags off the config-facing fixture type

The boolean-flag allowlist for default safe bins leaked onto SafeBinProfileFixture, the type used for tools.exec.safeBinProfiles, while the strict zod schema and the config normalizer never accepted or preserved the key. Move allowedBooleanFlags to an internal BuiltinSafeBinProfileFixture used only for the curated built-in profiles; custom config profiles keep the allowedValueFlags/deniedFlags model.

Adds tests proving built-in profiles still honor the boolean allowlist and that a custom profile cannot widen it.

* fix(exec): keep tail follow approval-gated

* test(exec): stabilize safe-bin trust fixtures

* test(exec): isolate safe-bin argv fixtures

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 10:53:56 +01:00
Peter Steinberger
4bc300843d fix(qa): keep runtime parity tiers flow-compatible (#103609)
* fix(qa): keep runtime parity tiers flow-compatible

Refs #103588

* test(qa): follow canonical frontier defaults
2026-07-10 10:51:13 +01:00
Peter Steinberger
7fe004d852 feat: show build identity in About screens (#103595)
* feat: show build identity in About screens

* chore: leave root changelog to release automation

* fix: translate Control UI About build details
2026-07-10 10:42:36 +01:00
Ben Badejo
1f3ea6faaa fix(codex): prevent startup hangs after binding migration (#103281)
* fix(codex): archive imported orphan binding sidecars

* fix(codex): harden binding sidecar migration

Co-authored-by: Benjamin Badejo <ben@benbadejo.com>

* chore: keep release notes out of contributor PRs

---------

Co-authored-by: Benjamin Badejo <ben@benbadejo.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 10:38:35 +01:00
heichl_xydigit
7eacd78c01 feat(devices): rename command for durable human-friendly device names (#94517)
Paired devices can now carry a durable operator-assigned label: device.pair.rename { deviceId, label } (schema-bounded, admin/ownership-gated) stores an operatorLabel that persists in the shared SQLite state DB, survives device repair and re-approval, and takes display precedence over the client-reported name in CLI devices list and the Control UI inventory (operatorLabel, then displayName, then clientId, then deviceId). The label was previously dropped on write because the pairing store had no column for it. CLI: openclaw devices rename --device <id> --name <label>. Docs cover the command and precedence.

Fixes #13870

Thanks to @bladin for the contribution.

Co-authored-by: heichl_xydigit <1740879+bladin@users.noreply.github.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-07-10 15:05:41 +05:30
Peter Steinberger
abbd5ae3ea fix(discord): recover from failed gateway resumes (#103596)
* fix(discord): recover from failed gateway resumes

* chore: leave release notes to release workflow
2026-07-10 10:34:29 +01:00
Alix-007
f35b6e52a7 fix(chutes): add timeouts to OAuth HTTP requests (#102026)
* fix(chutes): add timeouts to OAuth HTTP requests

* fixup: reuse OAuth request signal helper for Chutes

* fix(chutes): bound OAuth requests

* test(chutes): normalize abort rejections

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 10:28:58 +01:00
heichl_xydigit
80139d16bc fix(memory-core): surface aggregate signal count in promotion audit surfaces (#87590)
Memory promotion audit surfaces (MEMORY.md annotations, dreaming ranked/applied logs, memory promote listing, and promote-explain text/JSON) now show the aggregate signal count the promotion engine actually gates on, instead of recall-only numbers that misread daily/grounded promotions as zero-signal. The candidate carries a required signalCount owned by totalSignalCountForEntry (inline recomputation removed), and the promotion-annotation contamination regex accepts both legacy and signals= annotation generations.

Fixes #87588

Thanks to @bladin for the contribution.

Co-authored-by: heichl_xydigit <1740879+bladin@users.noreply.github.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-07-10 14:57:56 +05:30
Peter Steinberger
ecfea21eeb feat(webchat,cli): the lobster notices things (#103573)
The resident pauses its fidgeting and turns to watch passers cross the
ledge. After a droop it tidies up with a little broom. On lobster days
(shared day hash with the CLI banner cousin, now in src/shared) it wears
a sailor cap unless the seed already rolled headwear. The Dreams sleeper
half-opens one eye when pressed.
2026-07-10 10:25:08 +01:00
RickLin
f74e0184a6 fix(slack): remember event-carried channel types so mpDMs key one session (#102676) (#102811)
* fix(slack): remember event-carried channel types so mpDMs key one session (#102676)

Human-authored mpDM messages carry channel_type: "mpim" and key the room
slack:group:<channelId>. Bot-authored ingress shapes omit channel_type; when the
conversations.info fill cannot resolve the type either (e.g. missing mpim:read scope),
C-prefix inference falls back to "channel" and keys a second, parallel
slack:channel:<channelId> session for the same room — modern mpDM ids are C-prefixed,
so prefix inference cannot disambiguate.

Remember explicit channel_type values already seen on events for each channel (bounded
process-local map alongside the existing channel/user caches) and consult that memory
after the event value and the channel-info fill, before prefix inference. The
system-event session-key resolver consults the same memory so system events for the
room key identically. No new network lookups; classification stays consistent with
normalizeSlackChannelType on every ingress path.

* fix(slack): scope remembered channel types by event scope

Key the remembered channel_type map with the same account/team scoping as
channelCache (scopedKey), so multi-workspace enterprise installs cannot
cross-contaminate remembered types between scopes that share a channel id.

* fix(slack): keep mpDM events on one session

Cache explicit Slack channel types at the monitor boundary so typeless bot/edit/delete events reuse mpDM group sessions without poisoning metadata lookup.

Co-authored-by: RickLin <ObliviateRickLin@users.noreply.github.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: RickLin <ObliviateRickLin@users.noreply.github.com>
2026-07-10 10:24:43 +01:00
Ayaan Zaidi
f12ad4a38e fix(agents): stop warning about recovered exec failures after a successful reply 2026-07-10 14:53:52 +05:30
Peter Steinberger
ab5d143d59 feat(openai): default new setups to GPT-5.6 (#103581)
* feat(openai): default fresh setup to GPT-5.6

* test(crestodian): expect GPT-5.6 Codex defaults

* test(crestodian): expect GPT-5.6 bootstrap default
2026-07-10 10:22:58 +01:00
Josh Avant
fc60a8e66b fix(android): show Canvas outside Settings (#103330)
* test(android): reproduce detached canvas lifecycle failures

* fix(android): restore shell-owned canvas presentation

* fix(android): avoid canvas renderer crash loops

* fix(android): keep canvas within safe drawing bounds

* fix(android): cover canvas inset gutters

* chore(android): refresh native i18n inventory

* fix(android): keep canvas host lint-clean

* style(android): format canvas host documentation
2026-07-10 04:20:53 -05:00
Gorkem Erdogan
a6b907825a fix(telegram): attribute the bot's own chat-window messages as self (#102507)
* fix(telegram): label cached bot replies as self

Co-authored-by: Gorkem Erdogan <gorkem.erdogan@outlook.com>

* fix(telegram): preserve optional cached senders

* fix(telegram): recognize business bot senders

* test(telegram): isolate self-attribution fixtures

* fix(telegram): ignore fake channel senders

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 10:19:13 +01:00
Peter Steinberger
2c909212f1 fix(tool-call-repair): preserve stream content order after repair (#103585)
Keep byte-over-cap visible suffixes at their streamed content indexes when terminal message snapshots are normalized.

Co-authored-by: ZOOWH <ZOOWH@users.noreply.github.com>
2026-07-10 10:16:09 +01:00
pick-cat
2894a42a3f fix(memory-wiki): keep terminal truncation UTF-16 safe (#103178)
Use the canonical plugin SDK UTF-16 helper at the rendered Gateway status boundary and exercise the real status output path at a split surrogate.

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 10:15:17 +01:00
Vincent Koc
8755077fe4 fix(release): bundle AI runtime in installer smoke (#103556)
* fix(release): bundle AI runtime in installer smoke

* fix(release): verify bundled AI runtime loadability

* fix(release): preserve advisory doctor exits

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 02:13:41 -07:00
Peter Steinberger
96ec6048eb test(e2e): stabilize ClawRouter log assertions (#103536) 2026-07-10 10:11:30 +01:00
Peter Steinberger
dc476a7e7c fix(browser): stale Chrome MCP handles survive reconnect (#103576)
* fix(browser): expire Chrome MCP handles after reconnect

* chore(browser): satisfy Chrome MCP static checks
2026-07-10 10:10:20 +01:00
Peter Steinberger
eefe2e8837 fix(release): let alpha tags publish from their exact changelog heading
Shipped alpha tags carry a dedicated ## X-alpha.N heading with no base
section (see v2026.6.20-alpha.1's tagged CHANGELOG.md); the renderer and
candidate provenance now prefer that dedicated heading for alpha and
correction tags while beta/stable remain pinned to the stable base
section per #103222.
2026-07-10 02:06:53 -07:00
Peter Steinberger
c2b4ac02da fix(release): align correction sections, retries, and merged ledger semantics
Codex review + test findings on the pipeline convergence:
- candidate changelog provenance now validates the same section the
  renderer publishes (correction tags may carry their own heading) via a
  shared correctionVersionForTag helper
- guard_existing_public_release accepts a canonical proofless body with
  intact dependency evidence, matching the renderer's documented
  proof-omitted-at-limit state; retries re-append the proof
- ledgerFor regains main's noteReferences threading so prose-cited PRs
  keep their contribution-record rows, and the ledger/verify tests pin
  the merged entry shape (externalReferences) and highlight gate
2026-07-10 02:06:52 -07:00
Peter Steinberger
336e43c314 fix(release): converge on the render-github-release-notes pipeline
Two competing release-notes pipelines existed: the release branch's
hardened render/verify/provenance pipeline (a486f3ab08 + dcee1da876,
battle-tested by 2026.7.1) and main's lighter prepare-github-release-notes
size gate (#103222). Repo policy is one canonical path; the release-branch
pipeline wins and main's unique value is grafted in:

- scripts/render-github-release-notes.mjs becomes the canonical release
  body renderer (full/compact 125k char+byte modes, tag-pinned record
  link, verification tail, canonical shipped-baseline format), now also
  preferring a correction tag's dedicated changelog section (from
  prepare's heading matrix).
- verify-release-notes.mjs is a three-way merge: release's --shipped-ref
  cumulative baselines, provenance checks, highlights gate, and the
  excluded-record rewrite fix, plus main's compact contribution rows,
  externalReferences threading, and both-heading parser compat.
- release-candidate-checklist.mjs gains validateCandidateCheckout and
  changelog-provenance gates that run before any dispatch.
- openclaw-release-publish.yml keeps main's fail-before-mutation early
  notes gate (retargeted to the renderer) and adopts release's
  render/verify_release_tag_target/canonical_release_body_matches flow.
- scripts/prepare-github-release-notes.mjs and its test are deleted;
  release-notes-ledger.test.ts stays and pins the merged verify exports.
- .gitignore tracks every repo skill for Git-aware syncs; SKILL.md
  runbooks and RELEASING.md document the converged contract.
2026-07-10 02:06:52 -07:00
Michael Appel
6f01c23e71 fix: guard generated video downloads (#101854)
Co-authored-by: Pavan Kumar Gondhi <pavangondhi@gmail.com>
2026-07-10 14:35:53 +05:30
Ayaan Zaidi
d1a97f5503 test(telegram): fix promise-executor-return lint in adoption test 2026-07-10 14:32:11 +05:30