The display sanitizer's long-token chunker (`\S{33,}` -> 32-char chunks
joined by spaces) was injecting literal spaces inside inline code spans,
fenced code blocks, and bare identifiers it didn't recognize. Tokens like
`requireConfirmationForMutatingActions`, `ubuntu-budgie-desktop-environment`,
and `binary_sensor.sense_energy_monitor_power` rendered with mid-word
spaces, contaminating copy/paste of package names, entity IDs, and shell
line-continuations.
Fix:
- Make sanitizer code-aware: split text into fenced/inline-code segments
and prose, and only run the chunker on prose segments. Code regions
pass through verbatim.
- Widen `isCopySensitiveToken` to use the punctuation-stripped candidate
for all classification, and accept any `FILE_LIKE_RE` token that
contains `_`, `-`, or `.` (covers package names, dotted IDs, kebab
flags). Picks up the goals of #69340 and #39565.
- Skip chunking for symbol-only runs (box-drawing rows, dashes, equals)
so table borders aren't corrupted.
- Preserve the original goal of narrow-terminal protection: long
unidentifiable prose tokens (e.g. accidental base64 dumps) are still
chunked so they don't blow out terminal layout.
Security ordering preserved: ANSI strip / control-char strip / binary
redaction still run on the whole string before segmentation, so code
regions cannot smuggle escapes, control characters, or binary garbage
past the sanitizer.
16 new regression tests cover: camelCase config keys in inline code,
hyphenated package names (bare and in code), dotted entity IDs (bare
and in code), backtick and tilde fenced blocks, base64-like blobs in
code, prose-token chunking unchanged, prose-around-code mixed content,
box-drawing horizontal rules, multi-line shell `\\` continuations,
plus three explicit security-ordering tests asserting ANSI/control/
binary stripping still runs inside code segments.
Fixes#48432, #39505.
Supersedes #69340, #39565 (carries forward both ideas in a more
general fix). Carries forward the code-fence-aware approach from the
closed#48445.
* fix(tui): abort run during pre-event waiting gap
Track the runId returned from chat.send so pressing Esc while `activeChatRunId` is still null aborts the in-flight run instead of repeatedly printing "no active run". Identified in #1296.
* fix(tui): drop redundant comment on pendingChatRunId set
Bound default Gateway sessions.list responses to 100 rows when callers omit limit, with response metadata for totalCount, limitApplied, and hasMore.\n\nFixes #77062.
* fix: expose session-specific thinking levels (#76482)
* fix: preserve lightweight sessions.list contract, fix consumer-side fallbacks only
* fix: include thinking levels in lightweight session rows for Control UI (#76482)
The Control UI cannot resolve provider-specific thinking levels client-side
(ui/src/ui/thinking.ts always returns base 5 levels). The gateway must
provide them even in lightweight rows. listThinkingLevelOptions is a cheap
in-memory lookup — negligible perf impact vs the transcript/cost/model ops
that the lightweight flag still skips.
Also update existing test assertions that expected thinkingOptions: [] for
lightweight rows (flagged by ClawSweeper review).
* test: add e2e regression tests for thinking level pipeline (#76482)
Summary:
- The PR bounds async transcript history reads and shares async transcript-index builds across gateway history, embedded/TUI history, restart recovery, fork token checks, and preflight compaction paths.
- Reproducibility: not applicable. this is a performance PR rather than a user bug report. The verification pa ... ource review plus the added unit coverage for bounded reads, usage snapshots, and concurrent index sharing.
ClawSweeper fixups:
- No separate fixup commits were needed after automerge opt-in.
Validation:
- ClawSweeper review passed for head ccfe33658c.
- Required merge gates passed before the squash merge.
Prepared head SHA: ccfe33658c
Review: https://github.com/openclaw/openclaw/pull/75977#issuecomment-4363170293
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Fixes#63195.
Closes#68162.
Closes#73546.
- Keep Control UI chat sends bound to the history-backed session id across reconnects.
- Accept chat.send sessionId at the gateway/protocol boundary and update generated Swift models.
- Resume the last selected TUI session for the same gateway/agent/scope when still present.
Validated by exact-SHA CI on PR #75948.
* fix(tui): clear stale streaming after unbound final events
* fix(clownfish): address review for ghcrawl-156749-autonomous-smoke (1)
* fix(tui): address stale streaming review
* fix(tui): clear stale streaming after orphaned finals
* fix(tui): clear stale streaming after orphaned finals
* fix(tui): clear stale streaming after orphaned finals
* feat(tui): add local embedded TUI mode with terminal/chat aliases
Adds a gateway-free local TUI path so users can run openclaw in their
terminal without needing a running gateway process.
- TuiBackend interface abstraction (tui-backend.ts) with EmbeddedTuiBackend
implementation that drives the agent loop in-process
- openclaw tui --local flag for local embedded mode
- openclaw terminal / openclaw chat aliases that imply --local
- /auth slash command with codex CLI delegation to avoid prolite plan issue
- Default model display fallback on startup
- Local-aware status text and log suppression
- Concise auth error hints, raw HTML 403 suppression
- Onboarding hatch flow launches local TUI (no gateway required)
- Commander alias bug fix in run-main.ts (.aliases() check)
- All new and updated tests passing (145/145)
* TUI: fix alias detection, cross-platform codex lookup, and history byte-budget safeguards
* TUI: remove RuntimeEnv type annotation to fix CI oxlint error
* TUI: filter gateway-dependent tools and auto-approve plugin hooks in embedded mode
* TUI: suppress console noise and add embedded mode system prompt note
* TUI: reduce embedded-mode tool filtering from 15 to 7, add local session tools
* TUI: fix remaining PR review comments
* TUI: address latest review feedback and CI drift
* Core: align prompt helper with latest base
* Core: match prompt helper formatting with base
* Core: restore prompt helper from latest base
* fix(tui): preserve local auth fallback in source checkouts
* fix(tts): guard telephony provider invocation
* fix(tui): support Windows codex auth shim
* fix(tui): harden local auth flow
* fix: preserve embedded tool-first run events
* fix(tui): keep embedded plugin approvals gated
* fix(tui): restore embedded attempt import
* fix(tui): resolve sessions in embedded stub
* fix: add embedded TUI changelog entry (#66767) (thanks @fuller-stack-dev)
* fix: pass setup TUI local mode through relaunch (#66767) (thanks @fuller-stack-dev)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
When ingestDelta returns null (first empty/commentary delta or unchanged
content), the handler returned early, skipping setActivityStatus and
armStreamingWatchdog. If all subsequent deltas were also null (e.g.
due to phase filtering), the watchdog was never armed and the status bar
stayed stale as "idle" while a run was live.
Move setActivityStatus("streaming") and armStreamingWatchdog before
the null-displayText guard so they fire on every received delta event.
Fixes#34513, #40824
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
