Commit Graph

66940 Commits

Author SHA1 Message Date
lsr911
d0c49a7ad4 fix(mcp-runtime): use truncateUtf16Safe for MCP metadata text truncation (#102500)
* fix(mcp-runtime): use truncateUtf16Safe for MCP metadata text truncation

Replace naive .slice(0, N) with truncateUtf16Safe() to prevent
surrogate pair splitting in MCP tool metadata descriptions shown
to users through the bundle MCP runtime catalog.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(mcp-runtime): cover UTF-16 metadata boundary

* style(mcp-runtime): keep imports grouped

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:24:40 +01:00
Miorbnli
e6a2136c3a fix(msteams): lowercase content type so attachment classification is case-insensitive (#102431)
* fix(msteams): lowercase content type so attachment classification is case-insensitive

normalizeContentType only trimmed its input. MIME types are case-insensitive
(RFC 2045), and MS Teams relay payloads (SharePoint, OneDrive, Bot Framework CDN)
routinely emit mixed-case values such as "Image/PNG" or
"Application/Vnd.Microsoft.Teams.File.Download.Info". Every downstream
comparison in the attachments module assumes a lowercased value
(startsWith("image/"), === "application/vnd.microsoft.teams.file.download.info",
startsWith("text/html")), so a mixed-case attachment was silently misclassified:
images became documents, HTML bodies were skipped, and file-download candidates
were not resolved.

Lowercase in normalizeContentType so all six call sites match. The sibling
inferPlaceholder in the same file already lowercases via
normalizeLowercaseStringOrEmpty, so this aligns the two paths.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(msteams): route HTML text extraction through normalizeContentType

extractTextFromHtmlAttachments guarded its loop with an exact
`attachment.contentType !== "text/html"` check, which is the same
case-sensitivity gap the rest of the PR closes via normalizeContentType.
A mixed-case "TEXT/HTML" attachment (common from Teams relays; MIME types are
case-insensitive per RFC 2045) was skipped, so a message whose only body text
lived in such an HTML attachment entered the agent path with empty text.

Route the guard through normalizeContentType so mixed-case HTML attachments
reach the body extractor. Export the function and add regression coverage for
mixed-case / whitespace-padded / object-content / non-HTML cases.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(msteams): preserve MIME parameter case

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:24:35 +01:00
mushuiyu886
240d350c7f fix(gateway): finish plugin HTTP responses after post-header failures (#102125)
* fix(gateway): finish plugin HTTP responses after post-header failures

* test(gateway): satisfy plugin HTTP regression lint

* fix(gateway): skip ending destroyed plugin responses

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:22:32 +01:00
NianJiu
67be0cda44 fix: cancel Android link preview calls (#101853)
* fix: cancel Android link preview calls

* test(android): cover response cancellation stage

* fix(android): preserve link preview deadline

* docs(android): clarify cancellation contract

---------

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:21:50 +01:00
Peter Steinberger
5c3c5c0ee4 feat(ui): redesign sessions page with overview tiles, kind avatars, and context meters (#102523)
The Control UI sessions roster now leads with operator telemetry: overview
tiles (sessions / live / unread / tokens), per-kind row avatars with a live-run
dot, compact token values with context-usage meters (ok/warn/danger at
65%/85%), initial-load skeleton rows, and icon-led empty states. Stale token
snapshots render as ~approximations with a neutral meter and never drive
warning tones, matching the chat composer convention; the overview token sum
counts only known snapshots (~ when partial, n/a when none). Label chips
ellipsize instead of overflowing sticky columns; <=500px drops the avatar to
preserve the key column budget.

Closes #102517
2026-07-09 09:19:03 +01:00
Peter Steinberger
7e0b67d7ea fix(ui): mark the active split pane with a focus ring instead of offset accent lines (#102511) 2026-07-09 09:16:39 +01:00
Peter Steinberger
7698783037 perf(test): reuse session layout browser 2026-07-09 04:06:43 -04:00
Peter Steinberger
9566aded5c fix(openai): correct Realtime auth and transcription secrets (#102518)
* fix(openai): correct Realtime auth and transcription secrets

* chore: leave release notes to release automation
2026-07-09 08:55:31 +01:00
Peter Steinberger
ea8076a091 fix(macos): remove stale .sidebar-shell__header rule from injected dashboard CSS (#102526) 2026-07-09 08:54:56 +01:00
Peter Steinberger
18b24edea6 perf(test): run session layout viewports concurrently 2026-07-09 03:50:40 -04:00
chengzhichao-xydt
51bb5f6847 fix(agents): keep provider error detail truncation UTF-16 safe (#102496)
* fix(agents): keep provider error detail truncation UTF-16 safe

Replace the raw detail.slice(0, limit - 1) in truncateErrorDetail with
truncateUtf16Safe so provider error previews do not emit lone surrogates
when an emoji falls on the truncation boundary.

Adds a regression test that places an emoji at the default truncation
boundary and asserts the formatted detail contains no lone surrogates.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(agents): prove provider error UTF-16 boundary

---------

Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:44:29 +01:00
冯基魁
bacf048ab9 fix(chat): keep proof decision out of actor closure (#101611)
* fix(chat): keep proof decision out of actor closure

* fix(ios): narrow chat proof lock scope

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:44:14 +01:00
xydt-tanshanshan
f0d4d4f2fc fix(talk): use truncateUtf16Safe for LLM-prompt-facing text truncation (#102477)
* fix(talk): use truncateUtf16Safe for snippet text truncation

fast-context-runtime.ts normalizeSnippet and heartbeat-events-filter.ts
buildExecEventPrompt used raw .slice(0, N), which can produce lone
surrogates when truncation boundaries cross emoji surrogate pairs.

* test(talk): cover UTF-16 snippet boundary

---------

Co-authored-by: hailory <hailory@xydigit.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-09 08:39:38 +01:00
wings1029
e5aefd5656 fix(gateway): keep live chat assistant buffer tail truncation UTF-16 safe (#102484)
* fix(gateway): keep live chat assistant buffer tail truncation UTF-16 safe

* test(gateway): cover UTF-16 tail cap through merge path

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:37:50 +01:00
Peter Steinberger
3b418bdef6 perf(test): avoid repeated model manifest scans 2026-07-09 03:34:37 -04:00
qingminlong
b40e5b974f fix(cli): clarify nodes invoke params errors (#101838) 2026-07-09 08:33:47 +01:00
mikasa
a522e4309c fix(browser): bound Chrome launch stderr diagnostics (#101506)
* fix(browser): bound Chrome launch stderr diagnostics

* fix(browser): preserve chrome launch recovery diagnostics

* refactor(browser): share bounded UTF-8 stderr tails

* fix(browser): own bounded stderr storage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:30:27 +01:00
Ayaan Zaidi
f246fa3901 test(agents): fix cross-file mock and module-state leakage in auth-profiles suite 2026-07-09 12:59:54 +05:30
Alix-007
ca8f6e1efd fix(zalouser): clear probe timeout after auth resolves (#101649) 2026-07-09 08:29:44 +01:00
dependabot[bot]
75848adb8c chore(deps): bump androidx.test.uiautomator:uiautomator in /apps/android (#101501)
Bumps androidx.test.uiautomator:uiautomator from 2.4.0-beta02 to 2.4.0.

---
updated-dependencies:
- dependency-name: androidx.test.uiautomator:uiautomator
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-09 08:29:17 +01:00
qingminlong
c3d567db95 fix(memory): snippets split emoji when truncated (#102478)
* fix(memory): snippets split emoji when truncated

* refactor(memory): reuse shared UTF-16 truncation

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:27:42 +01:00
Peter Steinberger
9aa19fef2f docs: gate recent maintainer PRs in triage 2026-07-09 03:24:08 -04:00
Peter Steinberger
be65173baa fix(ui): remove duplicate OpenClaw brand mark from the macOS app titlebar (#102497)
The sidebar brand row (logo + wordmark) returned in 8295a12a83 but the
macOS-only titlebar mark from #100648 stayed, so the Mac app showed the
claw icon twice. Delete the sidebar-native-brand element and its
CSS gate; the sidebar brand row is the single brand surface and the
native titlebar strip holds only the traffic lights.
2026-07-09 08:23:55 +01:00
wings1029
f0cc5e500f fix(auto-reply,infra): keep startup context and heartbeat event text UTF-16 safe (#102483)
* fix(auto-reply,infra): keep startup context and heartbeat event text UTF-16 safe

* test: strengthen UTF-16 truncation coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:23:00 +01:00
Peter Steinberger
67630e8973 feat(ui): make the sidebar resizable (#102491)
* feat(ui): make the sidebar resizable

* chore: defer release notes to release automation
2026-07-09 08:18:56 +01:00
Vincent Koc
04b64ffc19 test(release): align live model priority indices 2026-07-09 00:17:55 -07:00
Peter Steinberger
ea4e005008 fix(ui): unify split-view controls in one toolbar row (#102492)
* fix(ui): unify split-view toolbar

* chore: remove release-owned changelog entry
2026-07-09 08:17:35 +01:00
Peter Steinberger
e7492c6fca feat(providers): refresh Qwen, Cohere, and Mistral catalogs (#102489)
* feat(providers): refresh popular model catalogs

* chore: leave release changelog to release automation

* docs: refresh provider docs map
2026-07-09 08:16:50 +01:00
Ben.Li
3e787f3187 fix(android): preserve UTF-16 boundaries in notification text (#102442)
* fix(android): keep notification text UTF-16 safe

* test(android): cover UTF-16 notification boundaries

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-09 08:11:32 +01:00
Peter Steinberger
363cf0461f fix(mac): keep launch-at-login app running (#102465)
* fix(mac): avoid launch-agent self-reload

* chore: leave release changelog generation

* style(mac): use conditional expression
2026-07-09 08:08:17 +01:00
Peter Steinberger
c20ce00d19 perf(test): restore cleanup-safe TUI PTY concurrency 2026-07-09 03:05:07 -04:00
joshavant
644aea7050 chore(android): bump 2026.7.1 Play build 2026-07-09 02:04:56 -05:00
zw-xysk
a6d45c46de fix(gateway): keep chat history display text truncation surrogate-safe (#102470)
* fix(gateway): keep chat history display text truncation surrogate-safe

truncateChatHistoryText uses slice(0, N) to truncate chat history text
for the Control UI. When the truncation boundary falls inside a UTF-16
surrogate pair (emoji, CJK extended), the resulting string contains a
dangling surrogate that browsers render as U+FFFD (�).

Replace slice(0, maxChars) with truncateUtf16Safe(text, maxChars) so
the truncation point always falls on a complete code-point boundary.

* test(gateway): cover chat display UTF-16 boundary

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:04:34 +01:00
lsr911
4fa3118049 fix(native-hook-relay): use truncateUtf16Safe for hook display text truncation (#102467)
* fix(tool-policy-audit): use truncateUtf16Safe for audit field truncation

Replace naive .slice(0, MAX) with truncateUtf16Safe() to prevent
surrogate pair splitting in tool policy audit log output.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(native-hook-relay): use truncateUtf16Safe for hook display text truncation

Replace naive .slice(0, N) truncation with truncateUtf16Safe() in:
- truncateText() helper (covers 4 call sites for tool display text)
- Inline hook result truncation (...[truncated] suffix)

Prevents surrogate pair splitting in native hook relay display
output (tool names, commands, descriptions shown to users).

Co-Authored-By: Claude <noreply@anthropic.com>

* test(agents): cover hook relay UTF-16 boundaries

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:03:19 +01:00
lsr911
472e5167d3 fix(tool-policy-audit): use truncateUtf16Safe for audit field truncation (#102464)
* fix(tool-policy-audit): use truncateUtf16Safe for audit field truncation

Replace naive .slice(0, MAX) with truncateUtf16Safe() to prevent
surrogate pair splitting in tool policy audit log output.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(agents): cover audit UTF-16 boundary

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:02:16 +01:00
chengzhichao-xydt
bc6a4bdd94 fix(agents): keep tool-result context guard truncation UTF-16 safe (#102466)
* fix(agents): keep tool-result context guard truncation UTF-16 safe

Replace the raw text.slice(0, cutPoint) in truncateTextToBudget with
truncateUtf16Safe so oversized tool results do not emit lone surrogates
when an emoji falls on the truncation boundary.

Adds a regression test that places an emoji exactly at the legacy cut
point and asserts the truncated output contains no lone surrogates.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(agents): report surrogate-safe omitted count

---------

Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:59:08 +01:00
Peter Steinberger
00e323c990 chore(i18n): refresh native source inventory (#102476) 2026-07-09 07:56:01 +01:00
kevinlin-openai
245b91b83d feat(slack): support Enterprise Grid org installs (#102372)
* feat(slack): support Enterprise Grid org installs

* docs: refresh generated docs map

* fix(slack): satisfy enterprise routing CI

* fix(slack): accept org auth without app id

* docs(plugin-sdk): document channel policy hooks

* fix(slack): reuse canonical sender for enterprise replies

* test(slack): fix enterprise sender lint

---------

Co-authored-by: Kevin Lin <kevin@dendron.so>
2026-07-08 23:53:19 -07:00
qingminlong
b20b02a476 fix(tool-payload): enforce UTF-8 byte limits for serialized payloads (#102450)
* fix(tool-payload): reject oversized XML payload bytes

* fix(tools): enforce serialized payload byte limits

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:47:23 +01:00
Peter Steinberger
5f91f6c958 fix: collapse sidebar after returning from drawer layout (#102463)
* fix(ui): collapse sidebar after drawer resize

* chore: defer sidebar release note
2026-07-09 07:42:17 +01:00
Peter Steinberger
fb3f0a2889 fix(openai): clarify rejected Realtime Talk API keys [AI] (#102461)
* fix(openai): clarify realtime API key failures

* chore: leave release notes to release workflow
2026-07-09 07:41:33 +01:00
Ayaan Zaidi
20f355f236 fix(agents): adopt relogged credential inside locked cas-miss recovery 2026-07-09 12:04:24 +05:30
Ayaan Zaidi
2b98aec9ef fix(agents): stop auth bookkeeping from clobbering rotated oauth credentials 2026-07-09 12:04:24 +05:30
Miorbnli
18e80760a7 fix(channels): keep inbound log previews UTF-16 safe (#102407)
* fix(matrix): truncate inbound preview on UTF-16 code-point boundary

The matrix inbound verbose preview used bodyText.slice(0, 200) before logging.
When a supplementary-plane character (emoji, extended CJK) straddles the 200th
code unit, the slice splits its surrogate pair and emits a lone surrogate into
the verbose log line. Lone surrogates corrupt JSON log serialization, break
terminal rendering, and crash UTF-8-validating log shippers.

Use the shared truncateUtf16Safe helper (already used by the mattermost sibling
monitor after #101630) to keep complete surrogate pairs intact. No behavior
change for ASCII input; the preview is still capped at 200 code units.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(matrix): fix inbound-preview test for lint and lib target

- Avoid String.prototype.isWellFormed (ES2024 lib): use the encodeURIComponent
  well-formedness probe instead, which works on the project's TS lib target.
- Replace literal string concatenation with template strings to satisfy the
  no-useless-concat lint rule. No behavior change in the assertions.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(channels): keep inbound log previews UTF-16 safe

* test(line): type verbose preview fixtures

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:32:55 +01:00
joshavant
f163f32f85 fix(android): make release screenshots deterministic 2026-07-09 01:32:13 -05:00
xingzhou
4adfc30b90 fix(codex): app inventory error diagnostics stay UTF-16 safe (#102414)
* fix(codex): keep app inventory error messages UTF-16 safe

* refactor(codex): unify app inventory error truncation

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:31:18 +01:00
Peter Steinberger
6620aba25a fix(ui): close session sort menu on second click (#102448)
* fix(ui): toggle session sort menu

* chore: defer session menu release note
2026-07-09 07:23:00 +01:00
Peter Steinberger
aabb8e4a3c test(ui): lock theme mode cycling (#102455) 2026-07-09 07:22:51 +01:00
Tianning Li
583ca34bf8 feat(stepfun): add step-3.7-flash model (#88082)
* feat(stepfun): add step-3.7-flash model and make it default

* fix(stepfun): set step-3.7-flash cacheRead cost to 0.04

* fix(stepfun): raise step-3.7-flash maxTokens to context limit

Output was artificially capped at 65536; StepFun docs set max_tokens
default to INF, bounded only by the 256K context window. Raise
step-3.7-flash maxTokens to 262144 on both stepfun and stepfun-plan,
matching contextWindow. Per models.dev anomalyco/models.dev#1903.
step-3.5-flash entries unchanged.

* fix(stepfun): zero step-plan step-3.7-flash cost for plan billing

Step Plan endpoint bills per subscription plan, not per token, matching
the sibling stepfun-plan/step-3.5-flash and step-3.5-flash-2603 entries
which already carry zero cost. Standard stepfun/step-3.7-flash keeps its
per-token rate. Per models.dev anomalyco/models.dev#1903, whose step-plan
providers omit cost entirely.

* docs(changelog): note StepFun 3.7 support

* style(stepfun): format provider table

* fix(stepfun): forward reasoning effort

* fix(stepfun): scope reasoning compat to 3.7

* test(stepfun): keep 3.5 reasoning compat unchanged

* fix(stepfun): carry off fallback through agent turns

* fix(stepfun): use documented token limit field

* fix(stepfun): match chat completions contract

* chore(stepfun): keep changelog release-owned

---------

Co-authored-by: Tianning Li <litianning@stepfun.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:14:46 +01:00
Vincent Koc
240ca9dbd7 fix(ci): preserve all package runtime artifacts 2026-07-08 23:12:03 -07:00