Commit Graph

15417 Commits

Author SHA1 Message Date
Peter Steinberger
790cd2aff2 fix(twitch): preserve UTF-16 pairs in outbound chunks (#104030) 2026-07-10 18:20:29 -07:00
llagy007
a1571f2118 fix(browser): normalize local dispatch request paths (#103727)
* fix(browser): normalize local dispatch request paths

* refactor(browser): inline request path normalization

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:10:26 -07:00
Josh Avant
d777460966 fix(slack): apply sender policy to group DMs (#104007) 2026-07-10 19:57:58 -05:00
Masato Hoshino
2a69149566 fix(clickclack): sanitize outbound assistant text (#103142) 2026-07-10 17:52:37 -07:00
clawSean
e44f04c50e fix(sms): normalize Twilio RCS webhook senders (#102373)
Co-authored-by: clawSean <260045960+clawSean@users.noreply.github.com>
2026-07-10 17:51:47 -07:00
James Armstead
65cc86f45c Refresh MCP OAuth auth-profile tokens (#96120)
* Refresh MCP OAuth auth-profile tokens

* Rotate Codex MCP binding on bearer changes

* Preserve agent scope for MCP auth profiles

* Preserve Codex MCP tool filters

* Keep Codex MCP projection helper local-only

* Fix Codex projection package boundary artifacts

* Revert "Fix Codex projection package boundary artifacts"

This reverts commit 13bcaed3da.

* Revert "Keep Codex MCP projection helper local-only"

This reverts commit 19751f4922.

* Trigger CI rerun for OAuth MCP PR

* Fail closed for remote Codex MCP bearer projection

* Fix MCP OAuth bearer token projection

* fix: project MCP-native OAuth credentials

* fix: align MCP SDK surface budget

* fix(mcp): keep agents available before OAuth login

---------

Co-authored-by: Josh Lehman <josh@martian.engineering>
2026-07-10 17:49:43 -07:00
qingminlong
5c77724ff8 fix(canvas): validate A2UI JSONL centrally (#103713) 2026-07-11 01:48:37 +01:00
Vincent Koc
eefd6248f4 fix(release): manage tracked private shrinkwraps 2026-07-10 17:47:32 -07:00
Vincent Koc
3bbed6e82e fix(release): align Vault plugin version 2026-07-10 17:47:32 -07:00
maweibin
6b460e50a4 fix(qqbot): bound stalled token acquisition (#102897) 2026-07-11 01:45:43 +01:00
Peter Steinberger
b7d6291bfd fix(memory): preserve Unicode in QMD snippets (#103996) 2026-07-11 01:28:29 +01:00
wings1029
63859f73e6 fix(codex): preserve Unicode diagnostics boundaries (#103740)
* fix(codex): preserve Unicode diagnostics boundaries

Co-authored-by: 陈志强0668000989 <chen.zhiqiang1@xydigit.com>

* test(codex): assert diagnostics preview boundary

* test(codex): narrow diagnostics result text

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 00:45:57 +01:00
wings1029
9bfecf46ee fix(acpx): preserve Unicode in wrapper diagnostics (#103738)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 00:06:14 +01:00
xingzhou
babc287afe fix(slack): time out stalled external file uploads (#103442)
* fix(slack): time out stalled external file uploads

* fix(slack): scope external upload timeout

* fix(slack): restrict external upload transport

* fix(slack): restrict external upload transport

* fix(slack): preserve external upload retry safety

* test(slack): use compatible guarded fetch runtime

* test(plugin-sdk): update public export baseline

* fix(slack): harden external upload delivery

* refactor(slack): isolate upload completion

Keep ordinary Enterprise Grid traffic on the Bolt listener client. Use a team-scoped no-retry client only for one-shot external upload completion, while preserving the bounded raw-upload timeout and safe durable replay classification.

* fix(slack): refresh upload release metadata

* chore(slack): leave release notes release-owned

* fix(slack): classify failed uploads before completion

* fix(slack): keep upload completion untimed

* test(plugin-sdk): refresh public export baseline

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:52:35 +01:00
qingminlong
4f1f7c6fb0 fix(nodes): resolve Unicode browser node names when configured by display name (#103548)
* fix-nodes-unicode-browser-node-names

* fix(nodes): preserve compact browser node selectors

* fix(nodes): normalize unicode node names canonically

* fix(nodes): scope compact browser selectors

* fix(nodes): preserve meaningful unicode marks

* chore: leave changelog updates to release automation

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:32:28 +01:00
lsr911
9dee9ebffa fix(qa-lab): use truncateUtf16Safe for tool search gateway and mock OpenAI text truncation (#103219)
* fix(qa-lab): use truncateUtf16Safe for tool search and mock OpenAI text truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in:
- tool-search-gateway.fixture.ts: 4 sites (provider input snippet,
  tool output snippet, gateway output text for normal/code lanes)
- mock-openai/server.ts: 1 site (tool output evidence snippet)

LLM output text may contain non-BMP characters (emoji, CJK
extension characters). Naive .slice(0, N) at a surrogate pair
boundary produces a lone surrogate.

Co-Authored-By: Claude <noreply@anthropic.com>

* test: add proof script for qa-lab UTF-16 safe truncation at all boundaries

* test(qa-lab): integrate UTF-16 boundary coverage

Co-authored-by: lsr911 <liao.shirong@xydigit.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:26:42 +01:00
Peter Steinberger
53bcdf8fe2 fix(signal): drain accepted messages on shutdown (#103967) 2026-07-10 23:15:04 +01:00
xingzhou
4257875448 fix(qa-lab): keep saved view text truncation UTF-16 safe (#103789)
* fix(qa-lab): keep saved view text truncation UTF-16 safe

* refactor(qa-lab): use semantic truncation helper

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:10:53 +01:00
Peter Steinberger
3f402f2c48 fix(telegram): suppress replies superseded during adoption (#103965)
* fix(telegram): preserve supersession through async adoption

* fix(auto-reply): stop superseded queued turns after adoption

* test(telegram): use dispatcher delivery return type
2026-07-10 23:10:05 +01:00
Vincent Koc
c5bdd64442 fix(telegram): detach adopted turns from reply fence (#103952) 2026-07-10 14:36:46 -07:00
Peter Steinberger
1b1120a69d fix(feishu): prevent duplicate content in streaming cards (#103915)
* fix(feishu): keep streaming card snapshots authoritative

Co-authored-by: Jun Ma <hpumajunhappy@163.com>

* refactor(feishu): use current snapshot as retry source

* fix(feishu): validate CardKit response bodies

* fix(feishu): keep close summaries accepted

* test(feishu): simplify close rejection state proof

* test(feishu): match normalized close summary

---------

Co-authored-by: Jun Ma <hpumajunhappy@163.com>
2026-07-10 22:05:18 +01:00
Peter Steinberger
72e6fcab8a fix(qa-matrix): preserve Unicode error previews (#103909)
Co-authored-by: lsr911 <liao.shirong@xydigit.com>
2026-07-10 20:58:38 +01:00
Peter Steinberger
1bcc4c5e70 feat(gateway): add cooperative host suspension (#103618)
* feat(gateway): add cooperative suspension preparation

* style: satisfy suspension lint checks

* test(gateway): reset work admission between shared suites

* fix(gateway): reject upgrades during suspension

* fix(gateway): preserve admitted work during suspension

* test(gateway): isolate suspension and restart state

* fix(gateway): close suspension false-ready gaps

* refactor(protocol): slim suspension declaration graph

* refactor(plugin-sdk): sever protocol registry edges

* fix(gateway): preserve admitted restart follow-ups

* fix(gateway): make suspension recovery fail closed

* fix(protocol): keep validation formatter re-export only

* test(gateway): simplify deferred fixture type

* style(gateway): clarify suspension entry name

* fix(gateway): retain detached work admission
2026-07-10 20:24:53 +01:00
Peter Steinberger
e1934d968e fix(nodes): stop advertising a disabled browser proxy (#103894)
* fix(nodes): hide disabled browser proxy capability

* chore: defer node fix changelog to release

* chore: ratchet plugin SDK surface budget
2026-07-10 20:06:53 +01:00
Vincent Koc
2a1d6e49d5 fix(ci): run Telegram release QA from trusted harness (#103207)
* fix(ci): use trusted Telegram QA harness

* fix(ci): restrict trusted Telegram QA candidate

* fix(ci): isolate trusted Telegram QA candidate

* fix(ci): harden Telegram QA process boundary

* fix(ci): pass Telegram QA release gates

* test(qa): stub Telegram env explicitly

* fix(ci): harden Telegram release QA boundary

* test(ci): harden trusted workflow and memory guards
2026-07-10 11:32:24 -07:00
ZOOWH
61893247ec fix(chutes): redact OAuth error response body (#103569)
* fix(chutes): redact OAuth error response body in token exchange and refresh

Replace readResponseTextLimited + raw body in error message with
extractProviderErrorDetail for bounded, redacted structured error detail.

Ref: #102953

* fix(chutes): update test assertions for extractProviderErrorDetail message format

* fix(chutes): remove unused readResponseTextLimited and CHUTES_OAUTH_ERROR_BODY_LIMIT_BYTES

* fix(chutes): normalize OAuth HTTP failures

* test(chutes): assert redaction without fixed mask

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:40:58 +01:00
Peter Steinberger
5aea34ad8c fix(webui): keep tool activity paired without model calls (#103821)
* fix(webui): make tool activity rendering deterministic

* fix(protocol): remove stale tool-title models

* fix(i18n): translate tool activity labels

* fix(i18n): translate tool activity labels
2026-07-10 18:21:08 +01:00
pick-cat
8a93d288e2 fix(nextcloud-talk): strip internal tool-trace banners from outbound text (#101712)
* fix(nextcloud-talk): strip internal tool-trace banners from outbound text

* fix(nextcloud-talk): sanitize inbound replies

Co-authored-by: liyuanbin <li.yuanbin1@xydigit.com>

* test(nextcloud-talk): prove low-level send text preservation

* test(nextcloud-talk): focus inbound sanitizer coverage

* fix(nextcloud-talk): report stripped replies as non-visible

* docs(changelog): note Nextcloud Talk reply sanitization

* chore: keep PR changelog-neutral

---------

Co-authored-by: Pick-cat <266665499+Pick-cat@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: liyuanbin <li.yuanbin1@xydigit.com>
2026-07-10 18:17:19 +01:00
cavit99
5e250aac74 fix: A2A handoffs can duplicate message-tool replies (#97259)
* fix: stop A2A source-reply mirror duplicates

* fix(agents): harden A2A reply extraction

* fix(agents): preserve internal A2A source replies

* test(gateway): assert A2A mirror projection precisely

* test(agents): complete A2A payload fixtures

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:05:51 +01:00
xingzhou
8d5f7e27b2 fix(sms): replayed Twilio webhooks process again after high inbound traffic (#101107)
* fix(sms): replayed Twilio webhooks process again after high inbound traffic

* fix(sms): harden Twilio replay saturation

* test(sms): expose response header spy

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 17:58:53 +01:00
Peter Steinberger
baea671ef3 fix(anthropic): delegate adaptive Claude CLI effort (#103815)
* fix(anthropic): delegate adaptive CLI effort

Strip static --effort args for adaptive runs so Claude Code resolves effort from its environment, settings, and model default. Preserve configured effort for off or absent thinking and replace it only for concrete OpenClaw levels.

Fixes #103245

Co-authored-by: Dan Korotin <korotin.daniil@gmail.com>

* fix(anthropic): make effort dispatch exhaustive

---------

Co-authored-by: Dan Korotin <korotin.daniil@gmail.com>
2026-07-10 17:57:50 +01:00
Dallin Romney
0b9c2e6f95 fix(qa): simplify smoke lanes and isolate fanout (#102262)
* fix(qa): simplify smoke lanes and isolate fanout

* ci: re-enable repaired QA smoke lanes

* ci: split Crabline smoke into three shards

* ci: eliminate repeated QA smoke builds

* fix(qa): focus control ui smoke scenario

* ci(qa): remove smoke worker launch delay

* ci(qa): bound automatic smoke coverage
2026-07-10 09:48:40 -07:00
mushuiyu886
9c9010efca fix(diagnostics-otel): preserve JSON Unicode boundaries (#103646)
* fix(diagnostics-otel): preserve JSON Unicode boundaries

* test(diagnostics-otel): consolidate Unicode boundary coverage

* docs(changelog): credit OTEL Unicode fix

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 17:42:25 +01:00
Peter Steinberger
845311cf97 fix(browser): prevent stale handles from switching duplicate-URL tabs (#103816)
* fix(browser): reject ambiguous tab replacements

* fix(browser): guide stale tab recovery
2026-07-10 17:40:14 +01:00
Peter Steinberger
97bbbc2271 feat(agents): derive a provider-declared default utility model when unset (#103769)
* feat(agents): derive a provider-declared default utility model when unset

When agents.defaults.utilityModel is not set, utility tasks (titles, progress
narration) now use the primary provider's declared small model
(modelCatalog.providers.<id>.defaultUtilityModel: OpenAI -> gpt-5.6-luna,
Anthropic -> claude-haiku-4-5). Auth is inherent because derivation follows
the agent's primary provider. Setting utilityModel to an empty string
disables utility routing entirely; narration turns on automatically when a
default resolves and stays off otherwise.

Formatting/lint/tests verified on Testbox (oxfmt, oxlint, plugins:inventory,
docs:map, import-cycles, check:test-types, 4 test files).

* fix(ai): drop the temperature parameter for models that reject it

The GPT-5.6 family 400s on temperature via the Responses API (live-verified:
gpt-5.6-luna/-terra reject it; gpt-5.5 and gpt-5.4-mini/nano accept it).
supportsOpenAITemperature gates all three OpenAI payload builders, with a
catalog compat override (compat.supportsTemperature) declared for the 5.6
family in the openai manifest. Without this, utility tasks (titles,
narration) would fail once gpt-5.6-luna becomes the derived default.

Gates on Testbox: oxfmt, oxlint, plugins:inventory, import-cycles,
check:test-types, 6 test files. Live proof on Testbox: gpt-5.6-luna and
claude-haiku-4-5 one-shot completions succeed with temperature requested.

* fix(agents): carry the primary model's auth profile onto the derived utility default

A primary like openai/gpt-5.5@work previously reached utility tasks via the
profiled fallback; the derived default shares the provider, so its trailing
auth profile carries over instead of silently switching to default
credentials (Codex review). Gates on Testbox: oxfmt, check:test-types, tests.

* docs: realign the manifest provider-fields table after adding defaultUtilityModel
2026-07-10 17:40:11 +01:00
Miorbnli
bedcba2b9b fix(signal): clean up signal-cli download temp dir on every exit path (#103339)
* fix(signal): clean up signal-cli download temp dir on every exit path

installSignalCliFromRelease created a temp dir with fs.mkdtemp for the
download archive but never removed it. Every return path — including the
success return and the extraction-failure / binary-not-found errors — leaked
the directory plus the downloaded archive (signal-cli Linux-native archives
are ~50-130 MB). Repeated installs or retries accumulated multi-hundred-MB
temp dirs under the preferred tmp dir.

Wrap the body after mkdtemp in try/finally that recursively removes the temp
dir. The extracted binary is installed under CONFIG_DIR and is unaffected.

Co-Authored-By: Claude <noreply@anthropic.com>

* style(signal): drop unnecessary String() conversion in test spy

dir is already a string (mkdtemp return); String(dir) triggers the
no-unnecessary-type-conversion lint rule.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(signal): cover success-path temp dir cleanup with real archive

Add a success-path test that mocks the network fetch to return a real tar.gz
archive (containing a signal-cli binary) so installSignalCliFromRelease runs the
full download -> extract -> find-binary -> chmod path against real bytes, then
asserts the temp dir and downloaded archive are removed by the finally clause.
This complements the existing error-path test so both exit paths are covered.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(signal): use owned temp download workspace

* fix(signal): allow bounded native extraction

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 17:20:03 +01:00
Vincent Koc
155e196e22 fix(release): preserve beta validation evidence (#103796)
* fix(release): proxy upgrade fixtures to npm

(cherry picked from commit 30f54a5fe1)

* fix(release): require installer doctor evidence

(cherry picked from commit 0782a94452)

* test(qa): scope aborted restart outcome to Codex

(cherry picked from commit ac54f80430)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 09:05:14 -07:00
Peter Steinberger
911f8ec68f fix(browser): avoid duplicate upload events (#103777) 2026-07-10 16:50:36 +01:00
Peter Steinberger
9b4c7c0991 test(openai): align auth contract with provider default (#103760) 2026-07-10 16:28:07 +01:00
ToToKr
b745862361 fix(discord): keep thread-binding persona UTF-16 safe (#103543)
* fix(discord): keep thread-binding persona UTF-16 safe

resolveThreadBindingPersona truncated the persona label with a raw .slice(0, THREAD_BINDING_PERSONA_MAX_CHARS). When an emoji or other astral code point straddles the 80-unit limit, the raw slice keeps a dangling high surrogate, so the Discord thread-binding persona (webhook display name) can carry a lone surrogate. Route the clamp through the shared truncateUtf16Safe primitive so the boundary code point is dropped whole. Adds a regression test.

* test(discord): assert exact persona boundary

* docs(changelog): credit Discord persona fix

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 16:16:24 +01:00
JC
59e95fe3fd feat: support GPT-5.6 Ultra across OpenClaw and Codex runtimes (#98021)
* feat: support GPT-5.6 Ultra across agent runtimes

Co-authored-by: J Cai <anyech@gmail.com>

* fix: keep harness projections discovery-free

* fix(codex): mirror V2 native subagent tasks

* chore: refresh plugin SDK surface budgets

* test: expose Ultra wire effort proof

* test(cron): avoid hoisted mock initialization race

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 15:23:24 +01:00
mushuiyu886
8034454568 fix(firecrawl): preserve Unicode in API errors (#103487)
* fix(firecrawl): preserve error detail Unicode

* test(firecrawl): cover Unicode error boundaries

* test(firecrawl): satisfy bundled lint

* test(firecrawl): streamline Unicode boundary coverage

* docs(changelog): credit Firecrawl Unicode fix

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 15:21:04 +01:00
Peter Steinberger
fbcb7812cb test(qa): wait for durable webchat transcript (#103718) 2026-07-10 15:08:47 +01:00
Vincent Koc
f79e885985 fix(telegram): harden spooled turn adoption (#103695)
* fix(telegram): harden spooled turn adoption

* fix(telegram): retain fence through adoption

* fix(auto-reply): await queued admission hooks

* fix(telegram): clean up adoption integration

* fix(telegram): break spool retry import cycle

* fix(telegram): serialize spool timeout with adoption
2026-07-10 07:08:35 -07:00
Yuval Dinodia
b7ab62c2cf fix(mattermost): preserve text-block boundaries in draft preview (#87322) (#87449)
* fix(mattermost): preserve text-block boundaries in draft preview (#87322)

* fix(mattermost): preserve block preview boundaries

* fix(mattermost): reset progress at tool boundaries

* docs(plugin-sdk): refresh API baseline

* fix(mattermost): group parallel tool previews

* fix(mattermost): stage tool previews before awaits

* fix(mattermost): satisfy tool boundary return contract

* fix(mattermost): serialize preview block generations

Co-authored-by: Yuval Dinodia <yetvald@gmail.com>

* fix(mattermost): preserve complete block previews

* test(agents): align streaming assertions

* test(telegram): align reply pipeline mock

* fix(plugin-sdk): keep reply prefix options compatible

* test(mattermost): exercise threaded final participation

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 14:32:11 +01:00
Alix-007
26aef8c48b fix(telegram): recover when media downloads stall (#103020)
* fix(telegram): add request timeout to media file downloads

* fix(telegram): bound inbound media startup

Co-authored-by: llagy009 <0668001470@xydigit.com>

Co-authored-by: Alix-007 <li.long15@xydigit.com>

* docs(changelog): note Telegram media recovery

* fix(net): normalize preflight abort errors

* test(media): accept nullable request signals

* fix(telegram): abort webhook media on shutdown

* fix(telegram): own webhook media cancellation

* fix(telegram): retry aborted media groups

* fix(telegram): cancel isolated media work

* fix(telegram): stop draining ended polling cycles

* fix(telegram): separate cycle media cancellation

* fix(telegram): preserve live polling media fallbacks

* chore: move release note to PR body

---------

Co-authored-by: llagy009 <0668001470@xydigit.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 14:31:16 +01:00
Peter Steinberger
9ef833f4ed test(qa): require web fetch after discovery (#103685) 2026-07-10 14:01:10 +01:00
Peter Steinberger
5a451f92f9 test(qa): accept structured gateway restart outcomes (#103681) 2026-07-10 13:57:59 +01:00
Vincent Koc
0426f238c3 fix(providers): align Meta Model API contract (#103680)
* fix(providers): align Meta Model API contract

* fix(security): classify Meta endpoint as native
2026-07-10 05:24:14 -07:00
ragesaq
b8d195f45e fix: subscribe ClickClack from startup tail cursor (#102486)
Prevent ClickClack startup history from replaying as new agent input while preserving messages created during startup. Uses the server-captured realtime tail cursor from openclaw/clickclack#46, paginates reconnect recovery, and retains legacy client and server compatibility.

Prepared head SHA: 0e7008fbf6
Co-authored-by: ragesaq <11304287+ragesaq@users.noreply.github.com>
Co-authored-by: Shakker <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
2026-07-10 13:07:07 +01:00