Commit Graph

66940 Commits

Author SHA1 Message Date
Peter Steinberger
525f58e9c3 test(ui): run responsive browser cases concurrently 2026-07-07 14:09:01 -04:00
Peter Steinberger
21f251220f feat(ui): redesign gateway connection-lost banner as floating pill (#101812) 2026-07-07 19:00:29 +01:00
Peter Steinberger
3d53ed7ed8 fix(android): keep cold-start gateway auto-connect from overriding explicit intents (#101799)
* fix(android): keep cold-start gateway auto-connect from overriding explicit intents

NodeRuntime's init-time auto-connect now atomically claims the first gateway
lifecycle intent (CAS 0->1) and stands down permanently when any explicit
connect/disconnect/switch intent already exists, so a late discovery emission
can no longer override a user decision. This was also the root cause of the
CI-only flakes in GatewayBootstrapAuthTest (refreshGatewayConnection_* at
:616/:627 and switchToUndiscoveredGateway* on PRs #101002/#101387/#101396).

GatewaySession.Connection.sendRequestFrame now starts its response watcher
with CoroutineStart.ATOMIC: disconnect teardown cancels connectionJob right
after failPending(), and a DEFAULT-start watcher still queued for dispatch was
cancelled without running, silently dropping the terminal UNAVAILABLE onError
owed to fire-and-forget callers (root cause of the flaky
GatewaySessionInvokeTest.disconnectReportsUnknownOutcomeForFireAndForgetRpc).

Tests neutralize runtime background work (cancel+join the runtime scope)
before arming the registry and scripting lifecycle steps, and add regression
coverage for the auto-connect intent claim.

Proof: refresh flake reproduced at iteration 1 under taskset -c 0,1 on a
Blacksmith Linux box; post-fix 3 pinned stress rounds (120/150 looped
iterations) plus full :app:testPlayDebugUnitTest (109 classes, 0 failures)
and :app:ktlintCheck green on the same box.

* chore(i18n): resync native inventory line positions after NodeRuntime edits
2026-07-07 18:51:46 +01:00
Peter Steinberger
b5f67ac4c7 fix(shared): skip app-group identity migration when OPENCLAW_STATE_DIR is overridden (#101779)
* fix(shared): skip app-group identity migration when OPENCLAW_STATE_DIR is overridden

An unentitled process (mac app, swift test runners) with a fresh state dir
imported the machine's real app-group device identity and auth tokens into
any explicitly overridden state dir, violating the documented legacy-fallback
contract. On developer Macs this leaked real operator/node device tokens into
per-test temp state dirs, breaking the nil-token expectations in
GatewayNodeSessionTests (non bootstrap hello / untrusted bootstrap hello)
for local swift test runs while clean CI passed.

Migration now requires no OPENCLAW_STATE_DIR override, with a regression
test. StateDirectoryIsolationTrait owns per-test state-dir pinning (fresh
temp dir per gated test, env restored to launch value or a run-scoped
quarantine dir, never unset), replacing the hand-rolled setenv/defer
boilerplate in every gated test.

* test(shared): remove redundant throws annotations
2026-07-07 18:48:21 +01:00
zw-xysk
e5c224754c fix(gateway): bound all-agent usage cache concurrency (#101589)
* fix(gateway): bound all-agent usage.cost concurrency to prevent SQLite starvation

Replace raw Promise.all in loadAllAgentCostUsageSummary with
runTasksWithConcurrency (limit=12), matching the sibling sessions.usage
pattern. Unbounded concurrent usage-cost cache reads saturated the SQLite
connection pool for deployments with 100+ agents, causing SQLITE_BUSY
timeouts or gateway memory crashes.

Fixes #101552

* fix(gateway): share usage cache concurrency cap

---------

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-07 10:48:02 -07:00
Josh Lehman
a68caa185b refactor(sessions): move parent-session forking behind the accessor boundary (#101699)
* refactor(sessions): move parent-session forking behind the accessor boundary

* fix(sessions): lazy-load fork transcript runtime to keep accessor imports lean

* test(sessions): align parent fork mock shape
2026-07-07 10:47:02 -07:00
Shakker
53d0c4ca50 docs: update file preview changelog (#101319) 2026-07-07 18:39:30 +01:00
Shakker
4db63820ee refactor: preserve wrapped file preview performance 2026-07-07 18:39:30 +01:00
Shakker
f7e0ebbf34 fix: avoid duplicate file preview autofocus 2026-07-07 18:39:30 +01:00
Shakker
b64b09a32b docs: note virtual file preview improvements 2026-07-07 18:39:30 +01:00
Shakker
f8ebaf5225 test: cover virtual file preview behavior 2026-07-07 18:39:30 +01:00
Shakker
476017d775 fix: stabilize virtual file preview scrolling 2026-07-07 18:39:30 +01:00
咸士山 0668001391
c20abcbf01 perf(ui): add virtual scrolling to file preview modal code viewer 2026-07-07 18:39:30 +01:00
Vincent Koc
b88f80940a refactor: localize internal implementation symbols (#101831) 2026-07-07 10:23:36 -07:00
Alix-007
fa84741f93 fix(claude-cli): surface re-auth hint when subprocess OAuth token expires (#97669)
* fix(claude-cli): surface re-auth hint when subprocess OAuth token expires

When the claude-cli subprocess emits a 401 "Failed to authenticate. API
Error: 401 Invalid authentication credentials" because its stored OAuth
token has expired, the error was surfaced as the generic provider-auth
copy instead of the targeted re-auth hint.

Two fixes:

1. Extend isOAuthRefreshFailureMessage to recognise the claude-cli
   subprocess 401 error shape (requires "claude-cli" prefix + 401 +
   auth failure text). extractOAuthRefreshFailureProvider returns
   "claude-cli" for this pattern; classifyOAuthRefreshFailureReason
   maps it to "revoked" so the "expired" copy is shown.

2. Reorder both classification sites in buildExternalRunFailureReply and
   the runAgentTurnWithFallback catch block so the OAuth-refresh check
   runs before classifyProviderRequestError.  The typed 401 branch in
   classifyProviderRequestError would otherwise intercept the FailoverError
   before the OAuth hint path is ever reached.

Fixes #97553

* fix(claude-cli): use correct auth login command format in re-auth hint

--provider claude-cli is not a registered provider id; the correct
command to re-authenticate the claude subprocess is:

  openclaw models auth login --provider anthropic --method cli

Add a special-case branch in buildOAuthRefreshFailureLoginCommand so
that a 'claude-cli' sanitized provider emits the two-flag form instead
of the generic --provider <id> template.  Update the regression test
expectation to match.

* test(claude-cli): expect CLI auth re-login command

* fix(claude-cli): classify structured OAuth auth failures

* test(claude-cli): add real http oauth expiry proof

* test(claude-cli): add proof output to real HTTP server OAuth test

* test(claude-cli): add proof console.log to real HTTP server test

* test(claude-cli): keep real HTTP OAuth proof output explicit

* fix(agents): include Claude CLI reauth step

* test(claude-cli): expect full cli reauth command

* test(claude-cli): align reauth hint with terminal wording

* chore: retrigger claude-cli CI after opengrep fetch failure
2026-07-07 12:51:13 -04:00
cxbAsDev
f92ed16e60 fix(sessions): bound trajectory snapshot and pointer reads (#101450)
* fix(sessions): bound trajectory snapshot and pointer reads

* test(sessions): align oversized snapshot assertion with bounded reader error message

* fix(sessions): cap follow-mode trajectory deltas

ClawSweeper review noted that the trajectory snapshot read was bounded
but the follow-mode delta read (Buffer.alloc(fileState.size - offset))
was not. A runaway trajectory append could still OOM the tail loop.
Reject deltas above TRAJECTORY_RUNTIME_FILE_MAX_BYTES and add regression
coverage for the oversized-delta path.

* test(sessions): exercise trajectory limits through command path

---------

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-07 09:49:27 -07:00
Josh Lehman
453f5968bb refactor(gateway): route chat transcript injection through the session accessor (#101688)
* refactor(gateway): route chat transcript injection through the session accessor

* fix(gateway): avoid map-spread in source reply mirror rewrite results

* perf(sessions): find injected transcript duplicates with a reverse early-exit scan
2026-07-07 09:10:30 -07:00
Shakker
70de9ff20b fix: keep debug and logs on top-level routes (#100928) 2026-07-07 16:53:48 +01:00
Shakker
598a6ff22c test: update settings sidebar route expectation 2026-07-07 16:53:48 +01:00
Shakker
a3477eafb9 docs: update Control UI MCP settings route 2026-07-07 16:53:48 +01:00
Shakker
c3f6d8a463 test: cover settings routes through compiled router 2026-07-07 16:53:48 +01:00
Shakker
9d15544038 fix: use configured Control UI base path at startup 2026-07-07 16:53:48 +01:00
vyctorbrzezowski
2508fb4832 improve(ui): propose settings route cleanup 2026-07-07 16:53:48 +01:00
Vincent Koc
3d206140f3 refactor: localize internal implementation constants (#101758) 2026-07-07 08:34:13 -07:00
wings1029
d633a2df42 fix(http-error-body): keep emoji / surrogate pairs intact during error body truncation (#101728)
* fix(http-error-body): keep emoji / surrogate pairs intact during error body truncation

Replace .slice(0, limits.maxChars) with truncateUtf16Safe() so that
emoji straddling the maxChars boundary don't produce lone surrogates
that render as � in error diagnostics. Matches the sibling http-body.ts
which already uses truncateUtf16Safe.

Co-Authored-By: Claude <noreply@anthropic.com>

* test: cover UTF-16 HTTP body branches

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 16:06:13 +01:00
Peter Steinberger
87fe266c5e fix: preserve emoji at remaining bounded-text edges (#101711)
* fix: keep remaining text bounds UTF-16 safe

Co-authored-by: ben.li <li.yang6@xydigit.com>
Co-authored-by: 0668001336 <wang.lizhang@xydigit.com>
Co-authored-by: Alix-007 <li.long15@xydigit.com>

* docs: credit bounded Unicode fixes

* test: update UTF-16 browser import boundary

* chore: leave Unicode note to release changelog

---------

Co-authored-by: ben.li <li.yang6@xydigit.com>
Co-authored-by: 0668001336 <wang.lizhang@xydigit.com>
Co-authored-by: Alix-007 <li.long15@xydigit.com>
2026-07-07 15:48:21 +01:00
Peter Steinberger
ed28c57e20 fix(codex): validate maintained app-server types (#101726)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 15:48:08 +01:00
Kevin Lin
72ca911e3c fix(release): allow SHA-only extended-stable preflight (#101466) 2026-07-07 07:45:55 -07:00
Vincent Koc
fdc7892a6e refactor: localize internal implementation types (#101731) 2026-07-07 07:41:04 -07:00
Vincent Koc
c8d95da14c refactor: localize file-private exports (#101701) 2026-07-07 06:57:19 -07:00
Peter Steinberger
a7faec8ca1 fix(gateway): support native Windows exec approvals (#101669)
* fix(gateway): support native Windows exec approvals

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

* chore: defer changelog entry to release

* test: use tracked approvals temp directories

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 14:50:59 +01:00
Peter Steinberger
176fee5d07 fix: prevent garbled emoji at remaining text limits (#101685)
* fix: keep remaining bounded text UTF-16 safe

Co-authored-by: 0668000787 <ma.weibin@xydigit.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>
Co-authored-by: 廖石荣 0668000909 <liao.shirong@xydigit.com>
Co-authored-by: 陈志强0668000989 <chen.zhiqiang1@xydigit.com>

* test: use tracked prompt template fixture

---------

Co-authored-by: 0668000787 <ma.weibin@xydigit.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>
Co-authored-by: 廖石荣 0668000909 <liao.shirong@xydigit.com>
Co-authored-by: 陈志强0668000989 <chen.zhiqiang1@xydigit.com>
2026-07-07 14:49:15 +01:00
Alix-007
936136a707 fix(channels): prevent metadata caches from growing without bound (#101650)
* fix(discord): cap channel info cache size

* fix(channels): consolidate bounded metadata caches

---------

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-07 06:47:37 -07:00
Peter Steinberger
b95b9e4487 test: remove stale native i18n sentinel (#101689) 2026-07-07 14:32:49 +01:00
Happy Dog Support Bot
e591dcfa82 fix(voice-call): persist complete realtime transcripts (#84161)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Happy Dog Support Bot <bot@happydog.digital>
2026-07-07 14:13:02 +01:00
Shakker
e94fde2919 refactor: remove obsolete chat display mocks (#101682)
Related: #101647

## What Problem This Solves

Removes stale Control UI test mocks that modeled helper exports no longer exposed by the chat display module.

## Why This Change Was Made

The chat message tests no longer reach the display module, so their mock was removed. The chat view tests retain only the fallback asset mock and exercise the canonical avatar helpers directly.

## User Impact

No user-visible behavior change. Tests now reflect the current module ownership without duplicating avatar logic.

## Evidence

- Focused Testbox run: 2 files, 209 tests passed.
- Testbox: `tbx_01kwyatxdvb64ncvbn9ertg6fa`
- Actions run: https://github.com/openclaw/openclaw/actions/runs/28868305075
- `git diff --check`: passed.
- Codex autoreview: no actionable findings.
2026-07-07 14:12:33 +01:00
Vincent Koc
cd86107a10 refactor(android): remove superseded app surfaces (#101680) 2026-07-07 06:07:36 -07:00
xingzhou
4e29b2f5ab fix(slack): bound conversation info cache (#101562) 2026-07-07 05:55:00 -07:00
Vincent Koc
407443264c refactor: localize internal reply and plugin types (#101666) 2026-07-07 05:51:47 -07:00
Peter Steinberger
a9582a1bb6 fix: keep bounded text truncation UTF-16 safe (#101654)
* fix: keep bounded text UTF-16 safe

Co-authored-by: wm0018 <wu.min5@xydigit.com>
Co-authored-by: 廖石荣 0668000909 <liao.shirong@xydigit.com>
Co-authored-by: 0668000787 <ma.weibin@xydigit.com>

* chore: keep UTF-16 release note in PR body

---------

Co-authored-by: wm0018 <wu.min5@xydigit.com>
Co-authored-by: 廖石荣 0668000909 <liao.shirong@xydigit.com>
Co-authored-by: 0668000787 <ma.weibin@xydigit.com>
2026-07-07 13:44:32 +01:00
Vincent Koc
60f0749b7f refactor(ui): remove duplicate helper paths (#101647) 2026-07-07 05:21:29 -07:00
Vincent Koc
2ba622ca30 refactor(ui): trim unused control UI helpers (#101632) 2026-07-07 04:55:28 -07:00
maweibin
4d5cd05a64 fix(tasks): keep emoji / surrogate pairs intact during terminal output truncation (#101600)
* fix(tasks): keep emoji / surrogate pairs intact during terminal output truncation

.slice() counts UTF-16 code units; use Array.from() to count full
code points instead, preventing lone surrogates in task list output.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(tasks): preserve terminal column width

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 12:54:53 +01:00
Wynne668
cd0d570164 fix(gateway): keep session history stream errors handled (#101571) 2026-07-07 04:54:38 -07:00
Peter Steinberger
7c0a7c8be2 fix(agents): keep exec visible for lean local models (#101607)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 12:46:26 +01:00
Peter Steinberger
bd7da9decd fix(browser): keep upload errors specific (#101465) 2026-07-07 12:35:27 +01:00
Vincent Koc
fee997c8ad refactor(memory): trim unused host SDK exports (#101604) 2026-07-07 04:33:43 -07:00
maweibin
f6ffe89df6 fix(control-ui-assets): keep emoji / surrogate pairs intact during last-line truncation (#101591)
* fix(control-ui-assets): keep emoji / surrogate pairs intact during last-line truncation

.slice(0, 239) counts UTF-16 code units; an emoji straddling the
cut point produces a lone surrogate rendering as  in WebUI assets.

Use [...last] spread to count full code points instead.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(control-ui-assets): preserve diagnostic length cap

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 12:32:21 +01:00
Vincent Koc
1805f7ee17 chore(plugin-sdk): refresh api baseline hash 2026-07-07 13:30:20 +02:00
Peter Steinberger
2522ccac7d fix(file-transfer): handle child output stream errors (#101590)
* fix(file-transfer): handle child output stream errors

Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>

* test(file-transfer): canonicalize stream-error temp path

---------

Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>
2026-07-07 12:28:35 +01:00