Commit Graph

66940 Commits

Author SHA1 Message Date
Shakker
fe8e0bd508 test: cover session workspace keyboard shortcut 2026-07-09 19:30:37 +01:00
Shakker
d909af51a0 test: cover session workspace toggle 2026-07-09 19:30:37 +01:00
Shakker
56a398725d feat: show session workspace shortcut 2026-07-09 19:30:37 +01:00
Shakker
60f25c31c6 feat: toggle session workspace from keyboard 2026-07-09 19:30:37 +01:00
Shakker
58f53ed326 refactor: centralize session workspace toggle 2026-07-09 19:30:37 +01:00
Gio Della-Libera
188d109eda feat: show marketplace feed trust state (#98350) 2026-07-09 11:27:04 -07:00
Vincent Koc
a9578436de fix(ci): accept valid Kova PASS records without violations (#103002) 2026-07-09 11:05:32 -07:00
Gio Della-Libera
9f248969f6 Verify signed marketplace feed refresh (#98338)
* feat: verify signed marketplace feed refresh

* test: fix signed marketplace feed CI

* Guard signed feed refresh trust state

* test(feeds): sign decoded hosted feed payloads

* fix(feeds): make signed snapshot writes monotonic

---------

Co-authored-by: Patrick Erichsen <patrick.a.erichsen@gmail.com>
Co-authored-by: Gio Della-Libera <giodl@microsoft.com>
2026-07-09 10:46:06 -07:00
Peter Steinberger
745b8c315e fix(codex-supervisor): ship CLI metadata entry (#102803)
* fix(codex-supervisor): ship CLI metadata entry

* chore: keep release notes in PR body

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-09 10:31:47 -07:00
mushuiyu886
b714fdb3ae fix(sandbox): keep redacted session keys UTF-16 safe (#102969)
* fix(sandbox): keep redacted session keys UTF-16 safe

* test(sandbox): cover UTF-16 redaction boundaries

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 18:31:21 +01:00
Hamid Shojanazeri
08a957e0ae feat(providers): add Meta Model API - muse-spark-1.1 (#102873)
* feat(providers): add Meta Model API - muse-spark-1.1

Adds meta-model-api provider via bundled extension:
- extensions/meta-model-api/ (provider, catalog, stream, thinking, onboarding)
- docs/providers/meta-model-api.md
- core wiring: env-api-keys, zod-schema, provider-display-names, dotenv, provider-env-vars

Model: meta-model-api/muse-spark-1.1 (Responses API at https://api.ai.meta.com/v1)
Auth: MODEL_API_KEY (Bearer)
Default reasoning: high, maps --thinking off -> minimal (model rejects none)

Fix: bump live test maxTokens 200->4000 (high reasoning uses ~300 tokens for reasoning alone)

Co-authored-by: Meta

* fix(meta-model-api): clean reasoning lint

* test(meta-model-api): align live proof checks

* chore(meta-model-api): bundle provider metadata

* docs: fix Meta Model API setup wording

* docs: format Meta Model API provider page

---------

Co-authored-by: Dave Morin <dave@morin.com>
Co-authored-by: Colin <colin@solvely.net>
Co-authored-by: Josh Lehman <josh@martian.engineering>
2026-07-09 10:27:09 -07:00
mushuiyu886
b451d8b5e5 fix(workshop): keep approval target names UTF-16 safe (#102963)
* fix(workshop): keep approval target names UTF-16 safe

* test(workshop): tighten UTF-16 approval regression

* test(workshop): mirror approval budget exactly

* docs(plugins): correct approval description limit

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 18:26:08 +01:00
mushuiyu886
88acda11b8 fix(nextcloud-talk): keep error snippets UTF-16 safe (#102949)
* fix(nextcloud-talk): keep error snippets UTF-16 safe

* test(nextcloud-talk): assert exact safe error

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 18:21:26 +01:00
Peter Steinberger
8c78e1c035 fix(cli): keep session key truncation UTF-16 safe (#103010) 2026-07-09 18:17:09 +01:00
zhangqueping
921b6c1e2d fix(agent-runner-memory): use truncateUtf16Safe for memory flush error truncation (#102685)
* fix(agent-runner-memory): use truncateUtf16Safe for memory flush error truncation

Replace raw UTF-16 slices in buildMemoryFlushErrorPayload and
truncateMemoryFlushErrorMessage with truncateUtf16Safe to prevent
surrogate pair splitting in error messages shown to users.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

* test(auto-reply): cover UTF-16-safe memory errors

* test(auto-reply): tighten UTF-16 memory error coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 18:13:49 +01:00
Peter Steinberger
5013f4a166 test(ui): harden device token revoke flow (#103016) 2026-07-09 18:12:14 +01:00
xingzhou
f1e7081b4d fix(active-memory): recall context breaks when recent turns contain emoji (#102877)
* fix(active-memory): keep recall query snippets utf16-safe

* test(active-memory): exercise recall hook for utf16 bounds

* test(active-memory): detect only unpaired surrogates

* fix(active-memory): bound timeout partials safely

Co-authored-by: 张贵萍0668001030 <zhang.guiping@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 18:03:34 +01:00
Josh Lehman
2367511310 docs: refresh contributing maintainer roster (#102998) 2026-07-09 10:02:23 -07:00
Peter Steinberger
cd50d4983b test(ci): serialize real TUI PTY backends (#103006) 2026-07-09 17:55:39 +01:00
Peter Steinberger
372b527da4 fix(ci): back off OCM asset retries (#102996) 2026-07-09 17:38:47 +01:00
wendy
5f77553f6c fix(heartbeat): remove static iteration cap in seekNextActivePhaseDueMs (#96684)
* fix(heartbeat): remove static iteration cap in seekNextActivePhaseDueMs

* fix(heartbeat): floor seek step at 60s to bound active-hours seek iterations

The static MAX_SEEK_ITERATIONS cap (10,080 ≈ 7 days / 1 min) was removed
in the previous fix but replaced the risk with unbounded iteration for
sub-minute intervals.  Floor the seek step at 60s via MIN_SEEK_STEP_MS
so the loop is always bounded by MAX_SEEK_HORIZON_MS / 60_000 = ~10,080
iterations regardless of the configured intervalMs.  Active-hours windows
are minute-granular, so finer steps add no precision.

* fix(heartbeat): batch seek in whole-interval multiples to preserve phase alignment

Use the smallest intervalMs multiple >= 60s as the seek step so every
candidate checked is reachable from startMs by whole intervalMs steps.
This fixes the phase-alignment regression from the previous fix where
Math.max(intervalMs, 60_000) could return off-phase slots for non-divisor
sub-minute intervals like 45s.

Added a regression test for 45s interval to verify the returned candidate
is phase-aligned.

* fix(heartbeat): check every phase candidate, bound only by 1M-iter safety cap

Drop batched seeking (intervalMs-multiple steps) because any multiplier > 1
can skip phase slots inside narrow active windows.  Instead check every
phase candidate, with a 1M-iteration safety cap that prevents event-loop
stalls from sub-ms intervals while covering the full 7-day horizon for
intervals >= 605ms.

Added regression test for 59s interval / 1min active window where batched
steps (118s) would skip from 08:59:44 past 09:00:43 to 09:01:42.

* fix(heartbeat): bound sub-second seek with batch-step + backward-walk

Replace the 1M-iteration per-candidate cap with a two-tier strategy:
- intervalMs >= 1s: per-candidate scan (naturally bounded by horizon)
- intervalMs < 1s: batch in whole-interval multiples >= 1s, with
  backward walk on inactive->active transitions to find the earliest
  phase-aligned active slot

Max iterations <= 604,800 in all cases (~10 ms for trivial predicates,
~0.6-6 s for production isWithinActiveHours with Intl.DateTimeFormat).

Added tests:
- Sub-second interval, startMs already active -> returns directly
- Sub-second interval, inactive->active transition -> backward walk
  finds earliest phase-aligned slot

* fix(heartbeat): unify seek at >= 30s batch step, max 20,160 predicate calls

Use a single batched-seek path for all intervals: step in whole-interval
multiples >= 30 s with backward walk on inactive->active transitions.

For intervalMs >= 30 s (30 s, 59 s, 60 s+): multiplier = 1, effectively
per-candidate with no batch overhead.

For intervalMs < 30 s (1 s, 500 ms, 1 ms): batched at >= 30 s, backward
walk finds the first active phase-aligned slot in the window.

Max predicate calls <= 20,160 for any interval (30 s minimum step /
7-day horizon). Production isWithinActiveHours (Intl.DateTimeFormat)
cost: ~20–200 ms worst case vs 0.6–6 s for the per-candidate approach.

* fix(heartbeat): bound active-hours seek cost

* fix(heartbeat): resolve current main

* test(heartbeat): isolate active-window regression

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 17:37:32 +01:00
Vincent Koc
afe00f6c7b fix(test): tolerate Docker heartbeat clock rollover (#102986) 2026-07-09 09:35:07 -07:00
Vincent Koc
d18e48c928 fix(ci): ignore profiling-only resource gate failures (#102894) 2026-07-09 09:22:11 -07:00
Peter Steinberger
44ee7b3fa6 test(ci): harden live tool nonce retries (#102980) 2026-07-09 17:17:09 +01:00
lin-hongkuan
148ec3282f fix: require env resolution for web provider refs (#96400)
* fix: require env resolution for web provider refs

* chore: retrigger PR checks

---------

Co-authored-by: lin-hongkuan <lin-hongkuan@users.noreply.github.com>
2026-07-09 17:10:22 +01:00
tayoun
4f9a371c95 fix(launchd): verify profile updater jobs by metadata (#97264)
* fix(launchd): verify profile updater jobs by metadata

* fix(launchd): bind updater proof to job metadata

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 16:55:23 +01:00
Chunyue Wang
f6c16d22b4 fix(agents): isolated cron busts prompt prefix cache via per-run session id (#96686)
* fix(agents): isolated cron busts prompt prefix cache via per-run session id

Isolated cron runs carry a per-run :run:<id> session scope (#91685) rendered
verbatim into the cached system-prompt Runtime line, re-busting byte-exact
prefix caching for the tool catalog after it every run (#96677, #43148 class).
buildRuntimeLine now renders the stable base session key and drops the per-run
id the run scope duplicates; parseCronRunScopeSuffix is gated to the
isolated-cron key shape so a :run: segment in any other session key is never
truncated.

* fix(agents): preserve mixed-case cron run markers

* test(agents): cover rotated cron session identity

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 16:51:04 +01:00
Qiong
ef53c20497 fix(oauth): remove base64 obfuscation from public OAuth client IDs (#96537) 2026-07-09 16:45:03 +01:00
Peter Steinberger
491e1e5f10 fix(ci): sync Nodes raw-copy baseline (#102968) 2026-07-09 16:43:00 +01:00
Peter Steinberger
d8d369b065 feat(macos): open dashboard links in a sidebar browser (#102899)
* feat(macos): add dashboard link browser

* fix(macos): preserve browser navigation state

* fix(macos): preserve accessible external link activation

* fix(macos): preserve trusted editor handoff

* docs: refresh dashboard link map

* chore: keep dashboard release note in PR

* fix(macos): harden sidebar browser lifecycle
2026-07-09 16:40:50 +01:00
Kyle Klouzal
2e160718d4 test(gateway): harden watch regression diagnostics (#95473)
Co-authored-by: kklouzal <kklouzal@users.noreply.github.com>
2026-07-09 16:36:31 +01:00
Peter Steinberger
20816f676f feat(voice): universal talk waveform driven by real audio levels (#102901)
* feat(voice): universal talk waveform driven by real audio levels

One shared Siri-style talk animation across iOS, watchOS, macOS, and
Android (TalkWaveformView + exact Compose port), replacing per-platform
fakes: synthetic speaking pulses, constant speech-detected power, static
Android bar rows, flat realtime listening. Listening/recording follow
live mic levels on every route; agent speech follows the real playback
envelope (AVAudioPlayer metering + playback-aligned PCM envelope +
WebRTC stats); voice-note recording shows a live capture wave.

* fix(android): order waveform imports and sync native i18n inventory

* chore(i18n): resync native inventory after rebase
2026-07-09 16:33:25 +01:00
Peter Steinberger
3c048ef052 fix(browser): preserve no-display launch diagnostics (#102946)
* fix(browser): preserve no-display launch diagnostics

* chore: keep changelog release-owned
2026-07-09 16:26:18 +01:00
Peter Steinberger
d5fb4903f1 fix(browser): reject credentialed page URLs safely (#102952)
Co-authored-by: bitkyc08 <bitkyc08@gmail.com>
2026-07-09 16:23:17 +01:00
Pavan Kumar Gondhi
436ed5f308 fix: redact diagnostics config with schema hints (#102426) 2026-07-09 20:49:21 +05:30
Wynne668
baa009e26f fix(imessage): cap per-chat group-allowlist warn-once cache (#102658)
* fix(imessage): cap per-chat group-allowlist warn-once cache

Replace unbounded perChatWarned Set with createDedupeCache(maxSize=512)
to keep long-running iMessage monitor memory stable. The cache grows
with every distinct group chat the gateway sees; without a cap it can
accumulate entries indefinitely.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(imessage): prove warning cache eviction

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 16:16:03 +01:00
Peter Steinberger
14558dee87 fix: let Codex start with computer control enabled (#102944)
* fix(agents): make computer schema Codex-compatible

* docs(changelog): note Codex computer schema fix
2026-07-09 16:15:24 +01:00
buming
12ceefcb03 fix(i18n): add device/node pairing terms to zh-CN glossary (#61396)
Add explicit Simplified Chinese glossary terms for the separate device- and node-pairing workflows and preserve the four CLI commands verbatim during translation.

Thanks @zeuming.
2026-07-09 16:11:30 +01:00
Peter Steinberger
8245ae4278 test(whatsapp): freeze reconnect boundary clock (#102942) 2026-07-09 16:11:27 +01:00
Pavan Kumar Gondhi
9775f09194 fix: scope ACP search path approvals [AI] (#102416)
* fix: scope acp search path approvals

* fix: include acp search locations in approval scope

* fix: keep acp read path approval unchanged

* fix: keep acp search title text display-only

* fix: parse explicit acp search title paths
2026-07-09 20:33:18 +05:30
Peter Steinberger
36227737c5 fix(slack): preserve standalone reply anchors (#102905)
Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com>
2026-07-09 15:56:52 +01:00
Peter Steinberger
a99ecff78a fix(plugins): enforce own install record lookups (#102872)
* fix(plugins): enforce own install record lookups

Co-authored-by: Alix-007 <li.long15@xydigit.com>

* test(plugins): use valid prototype-key package fixtures

---------

Co-authored-by: Alix-007 <li.long15@xydigit.com>
2026-07-09 15:54:21 +01:00
Peter Steinberger
4bf348bec8 test(ui): isolate chat pane custom-element registration (#102869)
* test(ui): isolate chat pane registration

* test(ui): document shared registry invariant

* test(ui): isolate chat page environment
2026-07-09 15:54:03 +01:00
Peter Steinberger
54f45a950b feat(watchos): connect directly to Gateway as a node (#102893)
* feat(watchos): add direct gateway node

* docs: refresh watch node docs map

* chore: leave release notes to release workflow

* chore(ios): refresh native localization inventory

* fix(watchos): keep direct node policy bounded
2026-07-09 15:53:02 +01:00
Peter Steinberger
b80062be3a improve(ui): drop the redundant desktop top bar and add back/forward navigation to the macOS app (#102808)
* feat(ui): drop the desktop top bar in favor of sidebar navigation

The Control UI top bar only rendered the OpenClaw › agent › page breadcrumb
on desktop, duplicating the sidebar. Desktop now renders no topbar row; the
row returns solely as the chat split toolbar's backdrop. Narrow viewports
keep the header (drawer toggle, brand, command-palette search) and now show
the brand across the whole drawer range. Routing already uses pushState, so
browser back/forward traverses navigation.

* feat(macos): add back/forward controls to the dashboard window

Native titlebar buttons next to the traffic lights drive WKWebView history,
which carries the Control UI's pushState navigation; enabled state tracks
canGoBack/canGoForward via KVO and trackpad swipe gestures are enabled too.
Back/forward traversals to entries from a replaced gateway endpoint cancel
silently instead of opening a dead URL in the system browser.

* fix(macos): keep the dashboard drag strip off the web content column

With the desktop topbar row removed, the 28px mid-window drag region sat on
top of the content column (chat thread has no top padding) and swallowed
clicks as window drags. Shrink it to a 12px edge strip; the sidebar region
over the reserved native-chrome padding stays the primary drag surface.
2026-07-09 15:46:59 +01:00
Peter Steinberger
29517fe178 fix(gateway): merge MCP schema properties by own keys (#102856)
Co-authored-by: Alix-007 <li.long15@xydigit.com>
2026-07-09 15:46:41 +01:00
Peter Steinberger
aaf5af2fbc fix(agents): clamp zero bash job TTLs (#102855)
Co-authored-by: 0668000787 <ma.weibin@xydigit.com>
2026-07-09 15:43:59 +01:00
Peter Steinberger
79d3daa09b fix(gateway): parse image data URLs linearly (#102825)
Co-authored-by: WangYan <wang.yan29@xydigit.com>
2026-07-09 15:42:07 +01:00
Peter Steinberger
8985598302 fix(gateway): stop paired-device duplication and redesign the Nodes page (#102810)
* fix(gateway): prune superseded silent device pairings on auto-approve

* feat(ui): unified nodes & devices inventory with dedupe and cleanup

* docs: nodes page inventory + silent pairing supersede cleanup

* refactor(gateway): run silent-pairing prune after approval broadcast

* fix(ui): surface node list errors on the nodes inventory card

* fix(gateway): restrict pairing auto-prune to same-host silent approvals

* fix(gateway): report live device connections and guard pairing prune races

* docs(ui): document bulk-cleanup name-collision tradeoff

* fix(gateway): avoid map-spread when marking live device connections

* docs: regenerate docs map
2026-07-09 15:40:30 +01:00
Peter Steinberger
743422217e fix(qa): normalize malformed JSON errors (#102830)
Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com>
2026-07-09 15:40:27 +01:00