Commit Graph

1074 Commits

Author SHA1 Message Date
Peter Steinberger
f53103de72 fix(skills): make Skill Workshop lifecycle approvals decidable and non-wedging (#91266, #94249, #93173) (#100498)
Approval wait now fits inside the Codex dynamic-tool watchdog (70s +10s
gateway grace under the 90s kill), approval cards carry proposal id,
skill name, description, file count, and body size (spoof-safe
rendering), and timeouts return a structured pending-not-failed outcome
instead of a bare error. Expired requests cannot execute late; no
auto-apply; generic plugin approvals unchanged.
2026-07-06 04:54:48 +01:00
Peter Steinberger
443c582949 fix(ios): restore in-flight runs after reconnect (#100277)
* fix(ios): restore in-flight chat runs from gateway history

Restore active Apple chat ownership across reconnect, foreground, and sequence-gap recovery using the existing chat.history snapshot. Preserve agent/session scoping and Gateway user-turn identity across Codex and Copilot mirrors, including current offline-cache integration.

* fix(ios): restore in-flight chat runs from gateway history
2026-07-06 03:23:38 +01:00
Vincent Koc
17ba497424 fix(codex): ignore missing mirrored session history (#100484)
* fix(codex): ignore missing mirrored session history

* test(codex): prove missing mirrored history stays quiet

* fix(codex): narrow missing history proof

---------

Co-authored-by: Alex Tang <alextangli@outlook.com>
2026-07-05 16:04:34 -07:00
Kevin Lin
5fdaa04eca feat(qa-lab): add Codex Slack approval scenarios (#91519)
* feat(qa-lab): add codex slack approval scenarios

* fix(qa-lab): harden Codex Slack approval proof

* fix(qa-lab): validate Codex approval model

* test(qa-lab): verify approved Codex operation

* fix(qa-lab): normalize Slack QA account routing

* fix(qa-lab): read Codex tool result transcripts

* fix(qa-lab): harden Codex approval cleanup

* fix(qa-lab): support Codex Mantis checkpoints

* fix(qa-lab): repair Mantis pnpm bootstrap

* fix(qa-lab): normalize Codex tool result text

* fix(qa-lab): scope Mantis pnpm fallback

* fix(qa-lab): bootstrap pinned pnpm without npm

* fix(qa-lab): terminate pnpm metadata record

* fix(qa-lab): bootstrap official node for mantis

* fix(qa-lab): make mantis pnpm shim executable

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 22:47:18 +01:00
Peter Steinberger
c757675f34 improve: keep isolated tests under one second (#100019)
* test: speed up isolated test suite

* test: finish isolated latency cleanup

* test: eliminate remaining isolated latency spikes

* test: remove final isolated timing outliers

* test: bound full-suite tooling processes

* test: bound native test process lifetime

* test: warm isolated runtime suites

* test: eliminate final isolated timing outliers

* test: fix isolated timing fixture types

* test: make timeout cleanup timing deterministic

* test: pin media manifests to source checkout

* test: isolate provider manifest contracts

* test: eliminate residual isolated timing spikes

* test: restore final isolated timing fixes

* test: eliminate remaining isolated timing spikes

* test: warm Zalo lifecycle imports

* test: keep isolated suites below one second

* test: use readable browser response fixtures
2026-07-05 10:57:19 -07:00
Peter Steinberger
1f484a8dbd test: speed up and stabilize full suite 2026-07-05 08:00:23 -04:00
Peter Steinberger
07bf384a8b feat(crestodian): conversational agent-loop onboarding across CLI, web install, and macOS app (#99935)
* feat(crestodian): AI-first conversational onboarding with typed-op guardrails

Interactive `openclaw onboard` (and bare `openclaw` on a fresh install) now
opens the Crestodian conversation: detection-backed first-run proposal
(Claude Code/Codex logins, API keys), persona AI turns for every free-form
message (configless local-runtime fallback, 60s deadline, deterministic
degradation), approval-gated typed operations, chat-hosted channel setup
(`connect <channel>`), config get/schema read ops with secret redaction, and
a post-write validation hook that feeds schema errors back for a self-fix
turn. Adds the additive gateway `crestodian.chat` method so app clients run
the same conversation. Classic wizard stays behind --classic/explicit flags;
non-interactive automation unchanged; `--modern` becomes a deprecated alias
for `openclaw crestodian`.

* feat(macos): Crestodian chat onboarding and importance-ordered permissions

Replace the gateway step-wizard page with a Crestodian chat over the new
crestodian.chat method (works before any model auth exists), sort the
permissions page by importance with no scrolling, drop the redundant manual
refresh, and bump the onboarding version.

* feat(crestodian): run the custodian on the real agent loop with a ring-zero tool

Crestodian conversations now execute through the same embedded agent runner
as regular agents: a persistent agent session with a single construction-gated
`crestodian` tool wrapping the typed operations (read actions free; mutations
require approved=true asserted from explicit user consent, audited, with
post-write config validation fed back into the loop). The engine prefers the
loop (configured models or the Codex app-server fallback) and degrades to the
single-turn planner, then to deterministic commands. Setup approval seeds the
crestodian exec approval so local model harnesses can run; the configless
Codex backend config now enables exec and direct tool loading (it was
dead-on-arrival behind tools.exec.mode=deny and the tool-search index).

* test(crestodian): type the engine mock signatures for the core test lane

* fix(crestodian): map the advertised create_agent tool action

* fix(crestodian): host-verified approval arming and a macOS setup completion gate

Review findings: the model-supplied approved flag alone could authorize
ring-zero mutations (prompt injection / model error), and removing the macOS
wizard gate let users Next past the Crestodian page with nothing configured.
Mutating tool actions now also require host-verified consent (the engine arms
approval only when the user's actual message is an explicit yes), and local
macOS onboarding blocks advancing until setup authored the config, using the
same signal the old step wizard checked.

* fix(crestodian): bind approval to the exact proposed operation and gate dot navigation

A generic yes no longer authorizes arbitrary mutations: denied mutating tool
calls register a canonical operation fingerprint (host-owned, per session),
and an armed turn executes only the identical call, once. The denial message
is arming-aware so the approved turn self-heals in one roundtrip, and the
agent protocol pre-registers proposals. macOS onboarding page dots now honor
the same setup-completion gate as the Next button.

* fix(crestodian): redact sensitive wizard answers, skip logged-out CLIs, gate programmatic advance

Sensitive channel-wizard answers (tokens, passwords) are redacted from the
AI-visible conversation history; setup and the onboarding welcome never pick
or advertise a definitively logged-out CLI as the model; and macOS
handleNext() honors the page gates for programmatic callers (chat handoff)
just like the Next button.

* fix(crestodian): align the onboarding welcome's configured predicate with the app gate

A valid config carrying only a default model (partial/hand-written) now still
gets the first-run proposal instead of the ready guide, so the macOS setup
gate can always be satisfied from the conversation.

* fix(crestodian): armed turns can never mint their own executable proposal

An approval-mismatched call inside an armed turn no longer re-registers and
invites a retry (which let the model swap the approved operation for another
in the same turn); it voids the approval entirely and requires a fresh yes.
Proposals register only in unarmed turns, which the agent protocol already
does when proposing.

* fix(onboard): route any explicit setup flag to the classic wizard

* fix(ci): satisfy new lint rules, tool-display guard, and generated artifacts for crestodian

* chore(i18n): refresh native inventory after permissions copy wrap

* fix(crestodian): harden conversational onboarding

* docs(crestodian): document conversational onboarding

* test(crestodian): type embedded runner mock

* fix(crestodian): close onboarding security gaps

* chore: retrigger ci
2026-07-05 01:02:53 -07:00
Peter Steinberger
bafdec9868 fix: preserve codex transcript ownership (#100160)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 20:04:43 -07:00
Dallin Romney
c2fc7aa28a refactor: consolidate exact keyed async queues (#99691)
* refactor: consolidate keyed async queues

* chore: refresh merge-ref CI

* refactor: encapsulate keyed queue ownership
2026-07-04 16:45:07 -07:00
Peter Steinberger
bbb744269f test: make the local pnpm test gate green on macOS hosts (#100069)
Fixes 21 macOS-only failing test cases across three classes: canonicalized fixture roots (macOS /var -> /private/var tmpdir symlink vs production realpathing), load-tolerant process-spawn tests (content-gated pid files, readiness-sequenced kill windows, bounded-window timer assertions), and cross-file worker leak guards (skip-channel env, gateway token env, imessage runtime singleton). Test-only; no production changes. Fixes #100025.
2026-07-04 17:17:42 -04:00
Jason (Json)
0221544190 fix(release): block stale Codex runtime pins (#100015)
Prevents opted-in plugin runtime dependencies from being published with stale
registry pins. The same freshness assertion now guards both npm and ClawHub
release paths, including the managed Codex runtime.

Prepared head SHA: d5d0ecba4b
Reviewed-by: @fuller-stack-dev

Closes #99951
2026-07-04 15:13:31 -06:00
Peter Steinberger
614e87cce1 chore: update dependencies (#100027) 2026-07-04 14:56:50 -04:00
Peter Steinberger
6df0fb818d feat: add session thread management (#98510)
* feat: add session thread management

Squash of codex/thread-management (025aefc3ad1) onto origin/main:
pin/archive/rename sessions via sessions.patch, archived-aware
sessions.list, lifecycle fencing, read-only archived chat, SDK +
Swift protocol support, Control UI session management.

* refactor(ui): minimal session rows with hover-revealed management

Chat picker and sidebar recents share session-row primitives: single-line
rows, relative timestamps, rename/archive/pin revealed on hover or focus,
accent pin badge for pinned rows, and an active-run spinner in the trail
slot. Sidebar floats pinned sessions above recency via the shared
comparator and gains archive/pin actions through the unified sessions-view
patch fallback. Archive eligibility is one shared policy
(canArchiveSessionRow); the sidebar/picker active-run tooltip now uses the
real sessionsView.activeRun locale key.

* fix: align session admission with mailbox-era main

Integration fixes after rebasing onto current main: sessions_list mailbox
test expectations learn the archived/pinned row fields and archived:false
list param; gateway agent admission treats a session as deleted only when
both the requested and canonical alias sets miss it (legacy bare-main
stores and exec-approval followups read under different spellings); cron
persist tests keep a consistent store across claim-guarded persist calls;
the ACP abort hook test asserts abort propagation instead of signal
identity; drop dead lifecycle writes flagged by no-useless-assignment and
fix the promise-executor return in the codex compact test.

* fix(qa): align UI e2e and shard fixtures with redesigned session rows

Sidebar session rows are wrapper divs with an inner link now: update the
navigation browser tests and chat-flow Playwright selectors. Seed a real
per-test session store for the auto-fallback admission guard instead of
depending on leftover host files at /tmp/sessions.json. Teach the
test-projects routing fixture about the suites that newly import the
shared temp-dir helper. Document the Codex thread-format contract for
archivedAt/pinnedAt (flag derived from server-stamped timestamp, epoch ms
here vs Codex epoch seconds) at the type and in the session docs.

* test: route auto-fallback suite through temp-dir helper plans

The auto-fallback suite now imports the shared temp-dir helper for its
seeded session store, so the top-level helper routing fixture must list
it in the auto-reply plan.
2026-07-04 14:30:47 -04:00
Peter Steinberger
3d6a2216ea feat(codex): share native threads across Codex clients (#99821)
* feat(codex): share native threads across clients

* test(codex): track coexistence temp dirs

* fix(codex): preserve native source on thread forks

* test(codex): use public temp fixtures

* fix(codex): preserve owner context for deferred tools

* fix(codex): forward owner identity to dynamic tools

* fix(codex): forward owner status to harness attempts

* docs(security): document shared Codex home

* docs(security): document shared Codex home

* docs(security): document shared Codex home
2026-07-04 01:43:21 -07:00
Peter Steinberger
55d0d037bf test(codex): expect canonical assistant text blocks in mirrored history
Session ingest has normalized legacy assistant string content into
[{ type: "text" }] blocks since #98908, which updated the core
cli-runner session-history analog but missed this extension file.
The suite only runs in full local runs and the dispatch-only
plugin-prerelease lane, so push/PR CI stayed green while local
scripts/pr prepare-gates failed on any OS.

refs #99857
2026-07-04 09:15:14 +01:00
Eva
faa4f4782e fix: keep OpenClaw control tools available when tool_search misroutes (#99561)
* fix(codex): keep OpenClaw control tools direct

* test(codex): refresh direct-tool prompt snapshots

* fix(codex): keep heartbeat direct only when available

* fix(codex): keep heartbeat tool schema stable

---------

Co-authored-by: Eva <eva@100yen.org>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-07-03 21:34:32 -05:00
Dallin Romney
c7aca4f029 refactor: consolidate async timing helpers (#99721) 2026-07-03 17:58:15 -07:00
Eva
414ecd2b96 Preserve Codex output after missing turn completion (#99217)
* Preserve Codex output after missing turn completion

* fix: narrow Codex completion-timeout output recovery

* test(codex): narrow binding path guard

* fix: narrow Codex completion-timeout output recovery

* test(codex): narrow binding path guard

* fix(codex): preserve id-less post-tool replies

---------

Co-authored-by: Sedrak-Hovhannisyan <264150421+Sedrak-Hovhannisyan@users.noreply.github.com>
Co-authored-by: Eva <eva@100yen.org>
Co-authored-by: Jason (Json) <263060202+fuller-stack-dev@users.noreply.github.com>
2026-07-03 05:07:54 -07:00
Dallin Romney
de34dfdbe8 refactor(plugins): consolidate record guards (#99361) 2026-07-02 22:12:53 -07:00
Dallin Romney
8c5f45fc36 refactor(shared): consolidate provider and utility lazy loaders (#98749)
* refactor(shared): consolidate provider lazy loaders

* refactor(shared): leave enforcement to follow-up
2026-07-02 21:16:26 -07:00
Peter Steinberger
27104c1afb fix(codex): preserve app approvals in side forks (#98812)
Co-authored-by: Peter Steinberger <58493+steipete@users.noreply.github.com>
2026-07-02 01:42:28 +01:00
Kevin Lin
d9b5afad18 fix(codex): rename destructive approval mode to ask (#98501)
* fix(codex): rename destructive approval mode to ask

* fix(codex): keep ask reviewer app-scoped

* test: fix current-main CI regressions
2026-07-01 15:14:55 -07:00
Eva
bfc4e1dcb5 fix(telegram): restore active-run steering 2026-07-01 10:34:20 -07:00
Yuval Dinodia
adcfebc276 fix(codex): classify get_goal read statuses as successful dynamic tool calls (#98659)
isCodexToolResultError fail-closes any dynamic-tool result whose
details.status is absent from its non-error allowlist. get_goal returns
details.status "found" or "missing" (a successful read of the thread
goal, or its absence), neither of which was in the allowlist, so every
get_goal call was classified as an error: reported to codex as
success: false and persisted on the transcript with isError: true.

Sibling #96856 added the write-side goal statuses (created/updated) and
the accepted spawn status but missed the read-side get_goal statuses.
This adds found/missing alongside them. Genuinely failed statuses stay
fail-closed.
2026-07-01 08:36:38 -07:00
alkor2000
4076ba0bd9 fix(codex): derive terminal-idle watchdog from explicit run timeout (#85296)
* fix(codex): derive terminal-idle watchdog from effective run timeout

Fixes the early-abort half of #85242. The Codex app-server terminal-idle
watchdog used a hardcoded 30-minute default that was not derived from the
effective run timeout, so a scheduled turn configured with a longer
timeoutSeconds could be aborted early at 30 minutes even with budget left.

resolveCodexTurnTerminalIdleTimeoutMs (now in attempt-timeouts.ts after the
upstream split) accepts the effective run timeout and, with no explicit
override, follows the run budget instead of the 30-minute default:
- explicit override always wins (advanced config / tests)
- otherwise terminal-idle = max(30min floor, run budget), so a longer run is
  no longer cut short and existing protection is never shortened
- falls back to the 30min default when no run budget is known

Reuses the existing resolvePositiveIntegerTimeoutMs helper, matching the
neighbouring post-tool resolver. Adds focused unit tests for the derivation.

The diagnostic-wording half of #85242 (naming the terminal-idle watchdog in
the surfaced guidance) is left as a separate follow-up.

* fix(codex): derive terminal-idle watchdog from effective run timeout

* fix(codex): preserve default terminal idle watchdog

---------

Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-01 03:25:13 -07:00
Peter Steinberger
c52583a022 feat(openai): add GPT-5.6 series support (#98333)
* feat(openai): add GPT-5.6 series support

* docs: refresh map for GPT-5.6

* fix(openai): preserve GPT-5.6 thinking metadata

* fix(codex): sync managed app server version

* fix(codex): sync managed app server version

* fix(openai): account for GPT-5.6 cache writes

---------

Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
2026-07-01 06:48:57 +01:00
Ben Badejo
180a970ac0 fix(heartbeat): scope commitment fan-out prompts (#98169)
* fix(heartbeat): scope commitment fan-out prompts

* fix(heartbeat): isolate commitment fan-out runs

* fix(heartbeat): isolate commitment fan-out runs

---------

Co-authored-by: Benjamin Badejo <ben@benbadejo.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-06-30 20:25:28 -07:00
Vincent Koc
31f58cd9de test(codex): harden run-attempt temp cleanup
(cherry picked from commit 5f4fa97835)
2026-06-30 15:54:11 -07:00
Vincent Koc
66e676d29b chore(release): close out 2026.6.11 on main 2026-06-30 11:31:08 -07:00
Kevin Lin
58367137ea fix(codex): keep plugin apps available when inventory is missing (#98042)
* fix(codex): refresh missing app inventory

* fix(codex): support remote curated plugins

* fix(codex): resolve plugins across curated marketplaces

* fix(codex): enable Guardian on first thread turn
2026-06-30 00:44:28 -07:00
Agustin Rivera
72f837a4a4 fix(codex): require admin for native controls (#97952)
* fix(codex): require admin for native controls

Gate Codex native session controls and bound turns on current owner or operator.admin authority. Preserve gateway scope precedence and read-only status behavior.

* fix(codex): align native authorization

* fix(codex): preserve silent bound handling

* fix(codex): narrow bound auth contract

* fix(docs): refresh generated docs map
2026-06-29 20:41:28 -07:00
Agustin Rivera
e87b0df675 fix(codex): restrict computer-use installation (#97955) 2026-06-29 17:17:49 -07:00
Kevin Lin
389c355bcf fix(codex): preserve per-app approval reviewer policy (#97327)
* fix(codex): version app inventory cache keys

* fix(codex): refresh and replay plugin app policy

* fix(codex): preserve user reviewer for plugin turns

* fix(codex): gate plugin reviewer from startup policy

* fix(codex): route app approvals to user reviewer

* fix(codex): prompt destructive app tools

* fix(codex): scope app approval reviewers

* test(codex): complete app policy fixture

* fix(codex): avoid pre-start app inventory gate

* Revert "fix(codex): prompt destructive app tools"

This reverts commit d1cb0d5ba8.

# Conflicts:
#	extensions/codex/src/app-server/plugin-thread-config.test.ts
#	extensions/codex/src/app-server/plugin-thread-config.ts
2026-06-29 02:35:13 -07:00
David
b3ff64145e fix(codex): classify accepted/created/updated dynamic-tool statuses as success (#96856)
isCodexToolResultError fail-closes every tool-result status not in its
non-error allowlist, but the allowlist omitted several success statuses
emitted by OpenClaw tools that are exposed to codex agents:

- sessions_spawn accepted launches  -> details.status "accepted"
- create_goal / update_goal results -> details.status "created" / "updated"

So a successful accepted spawn (#96833), and successful goal create/update,
were classified as errors: reported to codex as success: false (mapped to a
Failed item status) and persisted on the transcript as isError: true. This
adds those statuses to the allowlist alongside their sibling success statuses
(completed/recorded/started/running). Genuinely failed or forbidden results
(status "error"/"forbidden") stay fail-closed.

Adds regression tests: accepted spawn and created/updated goal results are
reported as successful dynamic tool calls; a forbidden spawn still fails.
2026-06-28 18:37:00 -07:00
Martin Kessler
ac6f249de1 test(codex): cover binds without model overrides (#89535) 2026-06-28 18:09:51 -07:00
Omar Shahine
9b9a124cc5 Fix Codex message-tool-only source reply completion (#95942)
* fix(codex): recognize message tool source replies

* fix(codex): accept numeric source message ids

* fix(codex): account for source reply SDK surface

* fix(codex): require delivered reply receipts

* fix(codex): reject alias-routed source replies

* fix(codex): require delivered non-send telemetry

* fix(codex): honor normalized source routes

---------

Co-authored-by: Omar Shahine <10343873+omarshahine@users.noreply.github.com>
2026-06-28 12:02:36 -07:00
Andy Ye
830467bc93 fix(imessage): stage remote media for plugin claims (#91803) 2026-06-27 19:36:21 -07:00
llagy009
b5c662f4f5 fix(codex): keep CLI session preview text on code-point boundaries (#96582)
truncateText shortened the cached lastMessage preview with value.slice(0, max - 3), which can cut a surrogate pair in half and emit a lone surrogate into the codex CLI session list JSON. Use the shared truncateUtf16Safe helper so truncation falls back to a whole code-point boundary. Add regressions for both the history.jsonl and sessions/**/*.jsonl preview paths.
2026-06-27 09:31:00 -07:00
Kevin Lin
c5d34c8376 feat(codex): add always plugin approval mode (#97123)
* feat(codex): add always plugin approval mode

* fix(codex): normalize plugin approval decisions

* fix(codex): fail closed on layered approval overrides
2026-06-27 01:19:00 -07:00
joshavant
898ca9741c test(trajectory): cover truncated usage preservation 2026-06-26 22:34:55 -05:00
lin-hongkuan
67118d5ab9 fix(trajectory): preserve codex completion usage 2026-06-26 22:34:55 -05:00
xingzhou
8252fc009f fix(codex): wait for native tool completion (#96818)
* fix(codex): wait for native tool completion

* fix(codex): track native execution lifecycles

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-06-27 00:52:31 +01:00
Kevin Lin
a6a4652c70 fix(codex): expose plugin apps after delayed inventory load (#96872)
* fix(codex): refresh missing plugin app inventory

* fix(codex): honor OpenClaw app enablement overrides
2026-06-25 21:10:02 -07:00
Ben Badejo
b3ac552c82 fix(codex): prefer desktop app-server for Computer Use on macOS (#96730)
* fix(codex): prefer desktop app-server for Computer Use on macOS

* fix(codex): fall back from stale desktop app-server

---------

Co-authored-by: Benjamin Badejo <ben@benbadejo.com>
2026-06-25 14:28:20 -04:00
Josh Lehman
7e2b2d2987 refactor: migrate bundled session metadata reads (#96527) 2026-06-24 12:19:53 -07:00
Vincent Koc
0671c08900 chore(release): close out 2026.6.10 on main (#96271)
* chore(release): close out 2026.6.10 on main

* chore(release): align native app metadata for 2026.6.10

* chore(release): sync Android 2026.6.10 notes

* docs(changelog): preserve 2026.6.9 history

* docs(changelog): preserve 2026.6.9 history
2026-06-24 11:51:14 +08:00
Vincent Koc
2ad2e4f2dc perf(codex): index rollout transcript ids 2026-06-24 09:23:42 +08:00
Sarah Fortune
d9298a74be fix(codex): prefer gateway-managed generated images 2026-06-23 17:47:04 -07:00
Josh Lehman
258b83c438 refactor: migrate plugin transcript mirrors (#89518) 2026-06-23 09:32:45 -07:00
Josh Lehman
475252453b refactor: add transcript update identity contract (#89912) 2026-06-23 05:52:08 -07:00