Commit Graph

66940 Commits

Author SHA1 Message Date
Josh Avant
793fe4bfc7 fix(android): require installed-apps disclosure consent (#97888)
* fix(android): require installed-apps disclosure consent

Co-authored-by: Josh Avant <830519+joshavant@users.noreply.github.com>

* chore(android): sync native i18n inventory

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:56:12 -07:00
Peter Steinberger
08498f9828 ci: pass frozen UI test options to Vitest (#104758) 2026-07-11 15:54:44 -07:00
Vincent Koc
266d49cddb fix(codex): migrate legacy session ownership to sqlite 2026-07-12 06:50:30 +08:00
Vincent Koc
b4db960616 fix(codex): converge retained raw binding rows 2026-07-12 06:50:30 +08:00
Vincent Koc
8955f17f12 fix(codex): use shared binding fingerprint helper 2026-07-12 06:50:30 +08:00
Vincent Koc
6b688011ba fix(codex): bound legacy binding fingerprints 2026-07-12 06:50:30 +08:00
Eva
54995af3ae fix(codex): bound app-server binding fingerprints 2026-07-12 06:50:30 +08:00
xingzhou
8c98832a85 fix(mcp): reject hexadecimal timeout options (#104633) 2026-07-11 15:50:21 -07:00
xingzhou
4a0086d085 fix(sessions): prevent corrupted Unicode in persisted tool details (#104540)
* fix(sessions): prevent corrupted Unicode in persisted tool details

* test(sessions): consolidate UTF-16 persistence coverage

* test(sessions): build redaction fixture from placeholder

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:49:43 -07:00
computment
088a9dc335 fix(discord): refresh model picker after default changes (#104635)
* fix(discord): refresh model picker component config

* test(discord): model full hot-reload snapshot state

* fix(discord): keep pending model selection stable

* fix(discord): stabilize recent model actions

---------

Co-authored-by: compoodment <compoodment@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:47:34 -07:00
NianJiu
da6a24d7dc fix(reply): prevent hung pre-delivery hooks from blocking lanes (#104256)
* fix(reply): bound pre-delivery hook settlement

* test(plugins): preserve hook timeout fixtures

* fix(reply): preserve declared pre-delivery budgets

* chore(reply): finalize pre-delivery recovery

* fix(reply): preserve per-final recovery semantics

* fix(reply): guard pending-final settlement identity

* test(reply): align pending-final store fixture

* fix(reply): bind settlement to originating intent

* test(reply): satisfy timeout fixture lint

* chore(plugin-sdk): refresh rebased baseline

* fix(reply): preserve normalized retry ownership

* fix(reply): narrow pending retry metadata

* fix: align reply dispatch state access

* chore(plugin-sdk): refresh rebased surface baseline

* test(reply): align rebased accessor assertion

* chore(plugin-sdk): regenerate drifted API baseline

---------

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:47:15 -07:00
chengzhichao-xydt
aa8f78788c fix(agents): keep failover detail truncation UTF-16 safe (#104487)
* fix(agents): keep failover detail truncation UTF-16 safe

Replace raw .slice(0, MAX_FAILOVER_DETAIL_CHARS) with truncateUtf16Safe
so provider error details containing emoji or other non-BMP characters
are not split at a surrogate-pair boundary before failover classification.

Adds a regression test via extractFailoverSignalDetails.

* test(agents): tighten failover UTF-16 coverage

---------

Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:43:52 -07:00
Peter Steinberger
1bd4887a5e fix(state): guide forward-schema recovery (#104751) 2026-07-11 15:43:42 -07:00
Peter Steinberger
50dd2db020 fix(process): preserve Unicode in captured output tails (#104754)
Co-authored-by: zhang-guiping <zhang.guiping@xydigit.com>
2026-07-11 15:43:16 -07:00
Peter Steinberger
94faf4d789 feat(ui): lobster pet rarely fills in for the sidebar brand logo (#104748)
On rare page loads (seeded, ~12%, once per load) the sidebar pet's first
scheduled visit perches in the brand-logo slot instead of the footer
ledge: the static mark crossfades out and the live sprite (palette,
build, accessory, blink) settles in, then departs and the logo returns.
One crab, two homes - never both at once. Offline/busy recalls the
stand-in to ledge duty; rides the existing visit scheduler and the
lobsterPetVisits setting, so no new config surface. Reduced motion keeps
the swap static.
2026-07-11 15:38:59 -07:00
Peter Steinberger
f09c709532 fix(nodes): preserve MCP hot-plug pairing (#104745)
* fix(nodes): preserve MCP hot-plug pairing

Fixes #104743

* chore: defer node MCP release note
2026-07-11 15:37:43 -07:00
Vyctor H. Brzezowski
2833eeece1 fix(ui): overlay chat scroll-to-bottom button (#104744) 2026-07-11 19:36:49 -03:00
xingzhou
2077ebe8b4 fix(exec): long retained process output corrupts boundary emoji (#104531)
* fix(process): preserve Unicode in captured output tails

* test(process): consolidate captured output coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:35:59 -07:00
NianJiu
b5bea9073d fix: recover Android permission request timeouts (#103011)
* fix(android): recover permission request timeouts

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>

* chore(android): sync native i18n inventory

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
2026-07-11 15:35:41 -07:00
Peter Steinberger
ce671c3513 ci: honor frozen target tool versions (#104740) 2026-07-11 15:35:05 -07:00
NIO
6c87afa7ca fix(gateway): keep worker bootstrap failure details UTF-16 safe (#104619)
* fix(gateway): keep worker bootstrap failure details UTF-16 safe

* test(gateway): isolate bootstrap diagnostic boundary

---------

Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:35:01 -07:00
Vincent Koc
52f88473d9 fix(memory): isolate qmd fallback service hosts 2026-07-12 06:33:57 +08:00
Vincent Koc
a7f021d5a7 fix(memory): scope cached managers by service host 2026-07-12 06:33:57 +08:00
Vincent Koc
1b0a34c9a9 fix(memory): default optional local service hook 2026-07-12 06:33:57 +08:00
Vincent Koc
c1e70b9a7f refactor(plugin-sdk): inject memory local service per call 2026-07-12 06:33:57 +08:00
Vincent Koc
eae846e3e5 refactor(memory): inject local service host hooks 2026-07-12 06:33:57 +08:00
Vincent Koc
dc3c55418a refactor(memory): scope embedding service acquisition 2026-07-12 06:33:57 +08:00
Vyctor H. Brzezowski
a1fb3d19ef fix(ui): let settings config pages grow with content (#104652)
* Fix settings config page scroll

* Fix config layout browser coverage
2026-07-11 19:33:05 -03:00
Peter Steinberger
4eef09dc3f perf(acp): maintain ledger byte budgets at insert time (#104739)
* perf(acp): maintain ledger byte budgets at insert time

estimateSqliteLedgerBytes ran a full SUM(length(...)) scan over every
replay event on every append, and once the 16MB budget was hit the trim
loop rescanned after each single-row delete (#100622). Event rows now
carry estimated_bytes computed at insert, session rows keep a running
footprint aggregate, budget checks sum over at most maxSessions rows,
and eviction deletes bounded batches with RETURNING so aggregates stay
exact. Additive columns backfill once via ensureAdditiveStateColumns.

Fixes #100622

* fix(acp): keep ledger footprint aggregates exact across key changes and conflicts

Session-key/cwd length changes now adjust the aggregate via SET
expressions that read the pre-update row, and the conflict-upsert
recomputes from surviving event rows instead of clobbering to row
overhead. Invariant test now rebinds a provisional key to a longer
canonical key mid-stream.
2026-07-11 15:30:21 -07:00
VectorPeak
d5569a98db fix(feishu): avoid logging raw duplicate card-action tokens (#104498)
* fix(feishu): avoid logging raw duplicate card-action tokens

Avoid writing the raw Feishu card-action callback token into duplicate callback diagnostics while preserving duplicate suppression behavior.

Co-authored-by: chatgpt-codex-connector[bot] <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>

* test(feishu): use neutral callback token fixture

* test(feishu): mark callback fixture as placeholder

---------

Co-authored-by: chatgpt-codex-connector[bot] <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:30:18 -07:00
Peter Steinberger
11832b0cee fix(docs): distinguish zh-TW credentials 2026-07-11 18:29:20 -04:00
Peter Steinberger
e37e4da2e8 feat(ui): show node fleet drift and wake status (#104735)
* feat(ui): show node fleet drift and wake status

* chore: keep release changelog ownership

* test(ui): compare node drift labels explicitly
2026-07-11 15:28:46 -07:00
Peter Steinberger
1b1cebfe42 fix(openai): align auth availability with effective routes (#104685)
* feat(openai): add provider-owned route facts

* fix(openai): harden provider route facts

* test(codex): update rebased auth fixtures

* chore: leave release notes to release workflow

* fix(openai): align route auth with current contracts

* test(openai): align route and shard expectations

* test(openai): satisfy route fixture contracts

* fix(openai): preserve direct profile forwarding

* test(models): complete route auth mocks

* test(codex): type compaction factory mock

* fix(openai): preserve provider-native model ids

* test(agents): align route auth fixtures

* style(agents): format route integrations

* test(plugin-sdk): pin current surface counts
2026-07-11 15:26:48 -07:00
Peter Steinberger
af175c861d fix: prevent large session migrations from stalling (#104737)
* fix: scale session SQLite migration manifests

* chore: leave release notes to release workflow
2026-07-11 15:24:55 -07:00
Ho Lim
8a4463eef1 feat(browser): support evaluate timeouts for existing sessions (#103181)
* fix(browser): honor evaluate timeout for existing sessions

Signed-off-by: Ho Lim <subhoya@gmail.com>

* docs(browser): align existing-session evaluate timeouts

---------

Signed-off-by: Ho Lim <subhoya@gmail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:23:52 -07:00
lin-hongkuan
522e253c53 fix(ios): resize oversized shared images (#103860)
* fix(ios): resize oversized shared images

* fix(ios): satisfy SwiftFormat await rules

* fix(ios): integrate share image processing

* fix(ios): type share attachment failures

---------

Co-authored-by: lin-hongkuan <lin-hongkuan@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:16:45 -07:00
Peter Steinberger
93e5b017bf test(channels): trace-harness follow-ups — scenario names, fault vocabulary, lane sync guard (#104653) 2026-07-11 15:14:02 -07:00
Peter Steinberger
7772d798dd fix(ci): stabilize frozen target checks (#104728) 2026-07-11 15:09:29 -07:00
Peter Steinberger
2a479bd4ac fix(ci): make owner-approved Testbox landing reliable (#104726)
* fix(ci): isolate nested pnpm verification

* test(google): verify OAuth abort signal forwarding

* docs: treat owner land requests as Testbox approval
2026-07-11 15:04:25 -07:00
clawsweeper[bot]
454196952a fix(ui): center chat scroll-to-bottom affordance (#104724)
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Co-authored-by: Vyctor H. Brzezowski <51521767+vyctorbrzezowski@users.noreply.github.com>
2026-07-11 19:00:59 -03:00
Peter Steinberger
324e8fff81 fix(docs): translate generic table headings 2026-07-11 17:58:58 -04:00
Peter Steinberger
74da2b9310 fix(macos): preflight supervised app restarts (#104723) 2026-07-11 14:51:11 -07:00
VectorPeak
f8c7f67bde fix(ai): reject non-finite tool schema numbers (#104470)
* fix(ai): reject non-finite tool schema numbers

Co-authored-by: chatgpt-codex-connector[bot] <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>

* fix(ai): catch non-finite values from tool schema serializers

Co-authored-by: chatgpt-codex-connector[bot] <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>

Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com>

* test(ai): cover nested tool schema serializers

Co-authored-by: chatgpt-codex-connector[bot] <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>

* fix(ai): satisfy schema projection lint

Co-authored-by: chatgpt-codex-connector[bot] <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>

* fix(ai): satisfy schema projection lint

Co-authored-by: chatgpt-codex-connector[bot] <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>

* fix(ai): preserve empty-key schema diagnostic paths

* fix(ai): reject boxed non-finite schema numbers

* fix(ai): ignore spoofed boxed-number tags

* fix(ai): isolate boxed-number brand probes

* refactor(ai): use intrinsic boxed-number detection

---------

Co-authored-by: chatgpt-codex-connector[bot] <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>
Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:50:54 -07:00
Josh Lehman
0a8e3604ba refactor: flip sessions and transcripts to sqlite storage (#98236)
* refactor(sessions): migrate runtime storage to sqlite

* test(sessions): fix sqlite CI regressions

* test(sessions): align remaining sqlite fixtures

* fix(codex): require sqlite trajectory recorder

* test(sessions): align orphan recovery sqlite fixture

* test(sessions): align sqlite rebase fixtures

* fix(sessions): finish current-main integration of the sqlite flip

Resolve the whole-store SDK removal across its owner boundary: drop the
loadSessionStore re-export and the registry whole-store wrappers, wire
hasTrackedActiveSessionRun into gateway chat, complete the
preserveLockedHarnessIds cleanup contract, flip the codex thread-history
import to storePath targets, and port remaining main-side tests from
file-store helpers to session accessor reads.

* chore: drop committed pebbles log, revert plugin-inspector bump, refresh generated docs

Remove the 1.8k-line .pebbles/events.jsonl work log from the branch, restore
the plugin-inspector advisory lane to main's pinned 0.3.10 so the supply-chain
bump gets its own review, and regenerate docs_map, the plugin SDK API baseline,
and the export-surface ratchet for the merged tree.

* feat(sessions): keep archived transcripts by default with zstd cold storage

Codex-style retention: deleting or resetting a session archives its
transcript as a zstd-compressed JSONL artifact (plain when the runtime
lacks node:zlib zstd) and keeps it until the disk budget evicts oldest
first. resetArchiveRetention now governs both deleted and reset archives
and defaults to keep; maxDiskBytes defaults to 2gb so retention stays
bounded, with archives evicted before live sessions. The cron reaper
follows the same knob instead of deleting archives on its own timer.

* fix(state): converge agent DB migration lineages and bound database growth

Merge coherence: run both structure-gated legacy memory-schema repairs
(flip-lineage drop, main-lineage identity rebuild) before the flip
migration so pre-flip v1/v2 and pre-merge flip v1/v4 databases all
converge, and hoist foreign_keys=OFF outside the schema transaction
where the pragma was silently ignored and the v1 sessions rebuild
cascade-deleted session_entries.

Growth guards: fresh agent DBs enable auto_vacuum=INCREMENTAL, WAL
maintenance releases freed pages in bounded passes (never a blocking
full VACUUM), and doctor reports state/agent DB bloat from freelist
stats.

* fix(codex): resolve the store path for thread-history import via the SDK

The supervision catalog passed the legacy sessionFile locator to the
storePath-targeted transcript mirror; resolve the agent store path with
the session-store SDK helper instead of a runtime-object seam so test
fakes and headless callers need no extra surface. Drop the obsolete
missing-session-id preprocessing case: sessions rows are NOT NULL on
session_id and upsert repairs id-less patches at write time.

* fix(sessions): fail safe on malformed disk-budget config and doctor stat errors

A malformed explicit maxDiskBytes disables the budget instead of
falling back to the destructive 2gb default the user never chose, and
the doctor bloat check skips databases whose paths stat-fail instead of
aborting doctor.

* fix(sessions): complete sqlite conflict translations

* test(sqlite): align hardening checks with maintenance

* test(sessions): inspect compressed transcript archives

* fix(tests): await session seeds and drop unused helpers flagged by CI lint

The five unawaited writeSessionStoreSeed calls raced their SQLite seeds
against the assertions, failing compact shards; the bloat probe drops a
useless initializer and the merged tests drop now-unused helpers.

* test(sessions): type legacy proof events directly

* test(sessions): align hardening contracts

* perf(sessions): read usage transcript sizes from SQL aggregates

Usage/cost scans walked every session and materialized every transcript
event just to re-stringify it for a byte estimate — the #86718 stall
class reborn on the DB. readTranscriptStatsSync sums stored JSON bytes
in SQLite without loading a single row.

* fix(sessions): re-root foreign-root transcript paths onto the current sessions dir

Restored backups, moved OPENCLAW_STATE_DIR, and rehearsal copies carry
absolute sessionFile paths from the old root; the containment fallback
kept those foreign paths, so migration read (and would archive) files in
the original root and reported local copies missing. Re-root the
canonical agents/<id>/sessions suffix onto the current dir when the file
exists there; genuine cross-root layouts still fall through unchanged.

* test(agents): seed harness admission through sqlite

* fix(sqlite): close agent db on pragma setup failure

* fix(doctor): compact and retrofit incremental auto-vacuum after session import

The migration is the sanctioned offline window: post-import compact
reclaims import churn and applies auto_vacuum=INCREMENTAL to databases
created before the fresh-DB pragma existed, so runtime maintenance can
release pages in bounded passes on every install.

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:50:37 -07:00
WhatsSkiLL
ca09fcaff1 fix(android): refresh notification access on resume (#104460)
Co-authored-by: IWhatsskill <284122573+IWhatsskill@users.noreply.github.com>
2026-07-11 14:49:33 -07:00
Vyctor H. Brzezowski
c901e37e57 fix(ui): hide pinned session action until hover (#104622) 2026-07-11 18:47:22 -03:00
Peter Steinberger
5a6d684019 fix(browser): apply profile proxy policy to tab list redaction (#104715)
* fix(browser): apply profile proxy policy to tab list redaction

* test(browser): cover proxy tab redaction route proof

* test(browser): streamline proxy tab redaction coverage

* fix(browser): scope proxy inference to managed profiles

---------

Co-authored-by: llagy007 <0668001470@xydigit.com>
2026-07-11 14:47:02 -07:00
WhatsSkiLL
efc7759f38 [AI-assisted] Fix Android workspace filename wrapping (#104075)
* [AI-assisted] Fix Android workspace filename wrapping

* [AI-assisted] Keep Android i18n inventory stable

---------

Co-authored-by: IWhatsskill <284122573+IWhatsskill@users.noreply.github.com>
2026-07-11 14:45:32 -07:00
Peter Steinberger
8c90933608 fix(docs): unify translation prompt locale rules 2026-07-11 17:41:51 -04:00
wings1029
5b5a5bcc26 fix(oc-path): report UTF-8 byte counts in set command output (#104496)
* fix(oc-path): report UTF-8 byte counts in set command output

Use Buffer.byteLength(newBytes, 'utf8') instead of string.length
for bytesWritten and dry-run byte reports. JavaScript's string.length
counts UTF-16 code units which undercounts multi-byte characters
when writing UTF-8 files.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(oc-path): cover human UTF-8 dry-run count

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:39:06 -07:00