Commit Graph

714 Commits

Author SHA1 Message Date
Peter Steinberger
a17058d191 feat(usage): show the account email with plan windows in the chat context popover (#106200)
* feat(usage): surface plan windows and account email in the chat context popover

The context-window popover now shows which account a session runs on:
provider usage snapshots carry an accountEmail resolved from the auth
profile when stored, the ChatGPT access-token JWT claims (openai/codex),
or the Claude CLI config file (~/.claude.json oauthAccount) for
keychain-synced logins. models.authStatus embeds it, quota groups keep
distinct accounts separate, and the popover renders the email under the
plan header for local CLI sessions and OpenClaw-configured subscriptions
alike.

* test(openai): assemble the fake usage JWT from parts

* test(usage): keep fixture tokens and identity plumbing scanner-safe

* fix(usage): verify the Claude CLI login before labeling usage with its email

Review findings: the CLI-config email fallback now requires the usage token
to match the cached CLI credential (and honors CLAUDE_CONFIG_DIR), so an
ambient login for another account never labels a snapshot; token-type
credentials propagate their stored email alongside oauth ones.

* style(anthropic): scanner-safe local for the CLI login read

* fix(usage): capture the Claude CLI account email on the credential

Review findings: reading ambient CLI config at usage-fetch time could not
verify keychain-only logins and could go stale across account switches.
The credential reader now captures oauthAccount.emailAddress next to the
credential it belongs to, the synced claude-cli profile carries it, and
the anthropic fetcher uses only the credential-borne identity.

* style(usage): scanner-safe credential fixtures and helper naming

* fix(auth): backfill the CLI account email onto existing synced profiles

Profiles synced before identity capture stay usable and skip CLI reads,
so upgraded installs would never gain the email until token rotation.
While the stored token material matches the CLI login, merge the
non-secret email onto the stored profile.

* style(test): scanner-safe email assertion

* test(auth): pin the no-reread invariant to identity-complete profiles
2026-07-13 03:39:16 -07:00
Peter Steinberger
5ab07fde4a fix(openai): preserve authored openai-completions through provider normalization (#105539) 2026-07-12 12:37:33 -07:00
Vincent Koc
007f714dca fix(openai): preserve image routing before catalog load (#105518)
* fix(openai): handle image providers without model catalogs

* test(openai): use exported config contract

* test(openai): model provider overlays before catalog load
2026-07-12 18:27:57 +02:00
Peter Steinberger
a97300bad8 fix(qa): preserve Codex mock routing (#105444)
* fix(qa): preserve Codex mock routing

* fix(qa): satisfy extension lint
2026-07-12 15:25:07 +01:00
Peter Steinberger
81941f2d68 test: enable noUncheckedIndexedAccess for extension tests (#105343) 2026-07-12 12:48:22 +01:00
Peter Steinberger
ce562c3511 test(openai): align prerelease contracts (#105256) 2026-07-12 10:49:48 +01:00
Peter Steinberger
218dcd815a feat(tooling): enforce noUncheckedIndexedAccess in the extensions lane (NUIA phase 4) (#105132)
* fix(extensions): make indexed access explicit across channel plugins

Transport-payload-safe burn-down: malformed Telegram/Discord/QQ/LINE
and sibling channel input keeps existing skip paths; no synthesized
fields, no new throws in delivery loops. Zalo escape sentinels preserve
literal matches instead of undefined replacements.

* fix(extensions): make indexed access explicit across provider and memory plugins

Stream and model iteration, tool-block guards, capture guards, and
sparse accumulators; singleton model reads carry named invariants.

* fix(extensions): make indexed access explicit across tooling plugins, flip the extensions lane

Remaining plugins (oc-path, qa-lab, browser, logbook, and siblings) plus
the tsconfig.extensions.json flag flip. Cleanup: logbook sampleFrames
NaN index at max=1, QA retry clamp at non-positive attempts, dead Canvas
probe and OpenShell no-op slice removed, twitch test setup leak excluded
from the prod lane.

* refactor(plugin-sdk): expose expectDefined via a focused SDK subpath

Extensions imported @openclaw/normalization-core directly, crossing the
external-plugin packaging boundary (it only worked because the runtime
builder bundles undeclared workspace helpers). expect-runtime joins the
canonical entrypoints JSON, generated exports, API baseline, docs, and
subpath contract test; all 78 extension imports now use the SDK seam.
Two scanner-shaped locals renamed for review-bundle hygiene.

* chore(plugin-sdk): raise surface budgets for the expect-runtime subpath

One new entrypoint with one callable export, added intentionally as the
packaging-honest seam for extension invariant helpers.
2026-07-12 09:17:31 +01:00
ZOOWH
fb702e5cae fix(memory): harden embedding batch workflows (#103472)
* fix(memory): harden embedding batch workflows

Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>

* test(memory): align batch redaction expectation

* test(memory): tighten batch dependency types

* refactor(google): clarify batch state control flow

* test(google): make batch stage fallback lint-safe

* build(plugin-sdk): refresh memory batch surface budget

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>
2026-07-11 16:43:58 -07:00
Peter Steinberger
1b1cebfe42 fix(openai): align auth availability with effective routes (#104685)
* feat(openai): add provider-owned route facts

* fix(openai): harden provider route facts

* test(codex): update rebased auth fixtures

* chore: leave release notes to release workflow

* fix(openai): align route auth with current contracts

* test(openai): align route and shard expectations

* test(openai): satisfy route fixture contracts

* fix(openai): preserve direct profile forwarding

* test(models): complete route auth mocks

* test(codex): type compaction factory mock

* fix(openai): preserve provider-native model ids

* test(agents): align route auth fixtures

* style(agents): format route integrations

* test(plugin-sdk): pin current surface counts
2026-07-11 15:26:48 -07:00
Peter Steinberger
a21a08c504 feat(openai): recognize GPT-Live realtime models and fail closed with guidance (#104695)
* feat(openai): recognize GPT-Live realtime models and fail closed with guidance

OpenAI's gpt-live-1/gpt-live-1-mini full-duplex voice models are API
early-access only and use a WebRTC-only quicksilver session protocol with
handoff-based agent delegation that OpenClaw's realtime transports do not
implement yet. Configuring a gpt-live-* model now produces actionable
configuration errors on the realtime WebSocket bridge and Talk browser
sessions instead of opaque provider errors or audio-only sessions without
agent access. GA gpt-realtime behavior unchanged; default model stays
gpt-realtime-2.1.

Related: #104683

* test(openai): narrow browser session union before asserting offerUrl
2026-07-11 13:53:45 -07:00
Peter Steinberger
8310c565e0 feat(onboarding): add provider sign-in (#104502)
* feat(onboarding): add provider sign-in flows

* fix(oauth): keep callback compatibility

* fix(onboarding): reconcile lost auth outcomes

* fix(onboarding): lock auth cancellation at commit

* fix(onboarding): close provider auth lifecycle gaps

* fix(onboarding): make terminal auth failures dismissable

* fix(onboarding): satisfy native app checks

* fix(onboarding): reconcile absent auth sessions

* fix(onboarding): bound provider auth sessions

* fix(onboarding): open provider auth links safely

* test(onboarding): use scanner-safe auth fixtures

* revert: keep established onboarding auth fixtures

* fix(onboarding): close provider auth cancellation gaps

* fix(gateway): retain uncollected wizard results

* fix(onboarding): bind provider reconciliation attempt

* fix(i18n): avoid guessing moved string identities

* style(onboarding): normalize remote auth choices efficiently

* fix(protocol): refresh optional provider auth choices

* test(gateway): cover provider auth dispatch order

* refactor(macos): split onboarding setup support

* fix(macos): refresh merged native checks
2026-07-11 13:00:17 -07:00
Peter Steinberger
fa77fe10d5 chore: migrate active GPT-5.5 references to GPT-5.6 (#104452)
* chore(models): migrate active GPT-5.5 references

* test(workboard): expect GPT-5.6 Sol default

* chore: keep release notes in PR body

* test(models): align picker fixtures with Sol default

* test: update PDF default model expectation

* test(qa): migrate thinking smoke to Luna

* test(gateway): align mock catalog with Sol default

* ci: retrigger exact-head PR checks

* test(gateway): document default catalog invariant
2026-07-11 06:30:57 -07:00
Alix-007
18362758d0 fix(openai): add timeout to realtime client-secret requests (#102860)
* fix(openai): add timeout to realtime client-secret requests

* test(openai): prove realtime timeout through real guard

* test(openai): route realtime timeout proof through guard

* fix(openai): bound realtime client-secret requests

Co-authored-by: llagy009 <0668001470@xydigit.com>

* fix(openai): align realtime secret timeout

---------

Co-authored-by: llagy009 <0668001470@xydigit.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 00:54:06 -07:00
Peter Steinberger
dba64d574f chore(release): set version to 2026.7.2 2026-07-11 04:00:49 +01:00
Peter Steinberger
97bbbc2271 feat(agents): derive a provider-declared default utility model when unset (#103769)
* feat(agents): derive a provider-declared default utility model when unset

When agents.defaults.utilityModel is not set, utility tasks (titles, progress
narration) now use the primary provider's declared small model
(modelCatalog.providers.<id>.defaultUtilityModel: OpenAI -> gpt-5.6-luna,
Anthropic -> claude-haiku-4-5). Auth is inherent because derivation follows
the agent's primary provider. Setting utilityModel to an empty string
disables utility routing entirely; narration turns on automatically when a
default resolves and stays off otherwise.

Formatting/lint/tests verified on Testbox (oxfmt, oxlint, plugins:inventory,
docs:map, import-cycles, check:test-types, 4 test files).

* fix(ai): drop the temperature parameter for models that reject it

The GPT-5.6 family 400s on temperature via the Responses API (live-verified:
gpt-5.6-luna/-terra reject it; gpt-5.5 and gpt-5.4-mini/nano accept it).
supportsOpenAITemperature gates all three OpenAI payload builders, with a
catalog compat override (compat.supportsTemperature) declared for the 5.6
family in the openai manifest. Without this, utility tasks (titles,
narration) would fail once gpt-5.6-luna becomes the derived default.

Gates on Testbox: oxfmt, oxlint, plugins:inventory, import-cycles,
check:test-types, 6 test files. Live proof on Testbox: gpt-5.6-luna and
claude-haiku-4-5 one-shot completions succeed with temperature requested.

* fix(agents): carry the primary model's auth profile onto the derived utility default

A primary like openai/gpt-5.5@work previously reached utility tasks via the
profiled fallback; the derived default shares the provider, so its trailing
auth profile carries over instead of silently switching to default
credentials (Codex review). Gates on Testbox: oxfmt, check:test-types, tests.

* docs: realign the manifest provider-fields table after adding defaultUtilityModel
2026-07-10 17:40:11 +01:00
Peter Steinberger
9b4c7c0991 test(openai): align auth contract with provider default (#103760) 2026-07-10 16:28:07 +01:00
JC
59e95fe3fd feat: support GPT-5.6 Ultra across OpenClaw and Codex runtimes (#98021)
* feat: support GPT-5.6 Ultra across agent runtimes

Co-authored-by: J Cai <anyech@gmail.com>

* fix: keep harness projections discovery-free

* fix(codex): mirror V2 native subagent tasks

* chore: refresh plugin SDK surface budgets

* test: expose Ultra wire effort proof

* test(cron): avoid hoisted mock initialization race

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 15:23:24 +01:00
Peter Steinberger
ab5d143d59 feat(openai): default new setups to GPT-5.6 (#103581)
* feat(openai): default fresh setup to GPT-5.6

* test(crestodian): expect GPT-5.6 Codex defaults

* test(crestodian): expect GPT-5.6 bootstrap default
2026-07-10 10:22:58 +01:00
Peter Steinberger
e8fcc93cd3 fix(talk): await realtime tool result delivery (#103268)
* fix(talk): await realtime tool result delivery

* fix(talk): terminally cancel queued results

* chore: keep release changelog out of PR

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-09 20:11:20 -07:00
lzyyzznl
6c3a46fb41 fix(openai): use truncateUtf16Safe for image gen log value truncation (#102611)
* fix(openai): use truncateUtf16Safe for image gen log value truncation

One .slice(0, N) truncation site in the OpenAI image generation
provider may cut UTF-16 surrogate pairs in half when the log value
contains multi-byte characters such as emoji. Replace it with
truncateUtf16Safe to keep the truncated output valid Unicode.

* fix(openai): keep image auth logs UTF-16 safe

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:21:24 +01:00
Peter Steinberger
9566aded5c fix(openai): correct Realtime auth and transcription secrets (#102518)
* fix(openai): correct Realtime auth and transcription secrets

* chore: leave release notes to release automation
2026-07-09 08:55:31 +01:00
Peter Steinberger
fb3f0a2889 fix(openai): clarify rejected Realtime Talk API keys [AI] (#102461)
* fix(openai): clarify realtime API key failures

* chore: leave release notes to release workflow
2026-07-09 07:41:33 +01:00
Vincent Koc
c43e020f47 feat(openai): default realtime voice to gpt-realtime-2.1 2026-07-06 23:22:33 -07:00
shushushu
a596ca1795 fix(openai): allow fake-IP Realtime requests (#86526)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 05:48:57 +01:00
huangjianxiong
a89fe705b8 fix(openai): bound Codex OAuth token response body reads with readResponseWithLimit (#99479)
* fix(openai): bound Codex OAuth token response body reads with readResponseWithLimit

Replace unbounded response.arrayBuffer() in postTokenForm with
readResponseWithLimit using a 1 MiB cap to prevent OOM from oversized
token endpoint responses. Add real node:http loopback server tests.

* fix(openai): wrap readResponseWithLimit result in Uint8Array for TS BodyInit compat

- Fixes TS2345: Buffer<ArrayBufferLike> not assignable to BodyInit
- Resolves check-prod-types, check-test-types, and
  check-additional-extension-package-boundary CI failures

Ref. https://github.com/openclaw/openclaw/pull/99479

* test(openai): verify OAuth response release

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 00:18:20 +01:00
Martin Moellenbeck
cac05ff695 Fix realtime voice-call barge-in cancellation (#90749)
* fix voice call realtime barge-in cancellation

* chore: retrigger PR checks

* chore: retrigger PR checks

* fix voice call realtime barge-in fallback

* fix voice call provider barge-in precedence

* fix voice call speech-started fallback contract

* fix late provider barge-in queued audio clear

* fix realtime handler test raw message parsing

* chore rerun ci

* Document realtime speech-start capability

* fix voice call barge-in interruption policy

* fix(voice-call): centralize realtime barge-in

Co-authored-by: Martin Möllenbeck <martin.moellenbeck@5minds.de>

* chore(changelog): leave voice fix to release flow

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 23:30:16 +01:00
Peter Steinberger
80537c1ba4 feat(macos): load provider catalog during AI onboarding (#101132)
* feat(macos): load onboarding providers from gateway

* test(crestodian): widen setup config mock

* fix(crestodian): satisfy onboarding lint gate

* chore(macos): refresh onboarding localization inventory

* test(plugins): cover guided Copilot secret metadata
2026-07-06 20:57:56 +01:00
Peter Steinberger
827402243d feat: add Anthropic and OpenAI cost history (#100672)
* feat(providers): add admin cost history

* fix(ui): sync cron raw-copy baseline

* fix(usage): harden provider cost credentials

* fix(ui): refresh raw-copy baseline

* docs: refresh documentation map

* fix(ci): sync provider usage baselines

* fix(ui): hide zero-cost history bars

* docs(changelog): defer provider cost note
2026-07-06 12:06:55 +01:00
Alex Knight
3221d43d89 fix(openai): image generation unavailable when openai provider set via config apiKey + custom baseUrl (#100745)
* fix(openai): treat a config apiKey as configured for image generation

The openai image provider's isConfigured only consulted env vars / auth
profiles (isProviderApiKeyConfigured) and considered a config apiKey only
inside that env/profile-gated branch. A provider apiKey supplied directly in
config (models.providers.openai.apiKey) — e.g. an AI-gateway token alongside a
custom baseUrl — was reported as not-configured, even though the generate path
resolves exactly that credential via resolveApiKeyForProvider and honors the
config baseUrl. This made image generation behave differently from chat models,
which authenticate purely from provider config.

Recognize a config apiKey as configured so image generation works purely from
config, like chat, with no OPENAI_API_KEY env var or auth profile. Env/profile
and Codex/ChatGPT-OAuth branches are unchanged. Formatting verified with oxfmt
--check (no node_modules in this worktree); full tests run in CI/Testbox.

* fix(openai): require a non-empty config apiKey for image readiness

* fix(openai): normalize config apiKey readiness via hasConfiguredSecretInput

---------

Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>
2026-07-06 19:54:44 +10:00
xingzhou
cecb6cf600 fix(openai): keep missing-auth hint on default model (#100579) 2026-07-06 08:56:20 +01:00
Peter Steinberger
9302c80ca6 fix(openai): route mp3 tts as voice messages (#100715)
Co-authored-by: Hemantsudarshan <hemanthsudarshan2002@gmail.com>
2026-07-06 08:34:08 +01:00
Peter Steinberger
d7d19a3a8e fix(openai): reuse Codex auth for realtime voice (#100671)
Co-authored-by: Peter Steinberger <steipete@openai.com>
2026-07-06 08:08:26 +01:00
Peter Steinberger
07e2d633cc feat: show auto-detected provider plans and billing (#100520)
* feat(providers): auto-discover usage billing

* feat(ui): show provider plans and billing

* fix(ui): translate provider billing labels
2026-07-06 04:53:09 +01:00
sunlit-deng
2525ea41fd fix(openai): bound realtime voice websocket payload at 16 MiB (#99450)
* fix(openai): bound realtime voice websocket payload at 16 MiB

* test(openai): cover realtime voice payload cap

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 00:12:27 +01:00
Vincent Koc
8ec5e06cbf fix(realtime): filter malformed provider tool names (#89175)
* fix(realtime): filter malformed provider tool names

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

* chore: defer realtime tools changelog

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 22:25:24 +01:00
Gio Della-Libera
85ad4cb200 fix(voice-call): avoid OpenAI realtime double greeting (#86285)
* fix(voice-call): avoid OpenAI realtime double greeting

* fix(voice-call): keep openai greeting proactive

* fix(openai): preserve deferred realtime instructions

* fix(openai): preserve instructions across response retry

* fix(openai): clear stale deferred response instructions

* fix(openai): keep latest deferred response intent

* fix(openai): keep base instructions for explicit speech

* fix(openai): only dedupe prefixed response instructions

* test(openai): narrow realtime user message callback

* fix(voice-call): suppress duplicate OpenAI realtime greeting

* fix(voice-call): keep OpenAI manual speech semantics

* fix(voice-call): keep OpenAI greeting trigger active

* fix(openai): suppress realtime auto responses during manual turns

* test(openai): import realtime bridge type

* refactor(openai): narrow realtime response suppression

* refactor(openai): share realtime turn detection config

* fix(openai): correlate realtime response errors

* fix(openai): flush queued realtime responses

* fix(openai): correlate realtime cancellation errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 21:13:20 +01:00
Peter Steinberger
c757675f34 improve: keep isolated tests under one second (#100019)
* test: speed up isolated test suite

* test: finish isolated latency cleanup

* test: eliminate remaining isolated latency spikes

* test: remove final isolated timing outliers

* test: bound full-suite tooling processes

* test: bound native test process lifetime

* test: warm isolated runtime suites

* test: eliminate final isolated timing outliers

* test: fix isolated timing fixture types

* test: make timeout cleanup timing deterministic

* test: pin media manifests to source checkout

* test: isolate provider manifest contracts

* test: eliminate residual isolated timing spikes

* test: restore final isolated timing fixes

* test: eliminate remaining isolated timing spikes

* test: warm Zalo lifecycle imports

* test: keep isolated suites below one second

* test: use readable browser response fixtures
2026-07-05 10:57:19 -07:00
Dallin Romney
e6dec69403 refactor: consolidate image data URL formatting (#99715) 2026-07-03 17:09:30 -07:00
Dallin Romney
8c5f45fc36 refactor(shared): consolidate provider and utility lazy loaders (#98749)
* refactor(shared): consolidate provider lazy loaders

* refactor(shared): leave enforcement to follow-up
2026-07-02 21:16:26 -07:00
sunlit-deng
ce4a259485 fix(openai): bound embedding batch file downloads (#98554)
* fix(openai): bound embedding batch file downloads

* fix(openai): bound batch output records

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-01 07:10:42 -07:00
Peter Steinberger
c52583a022 feat(openai): add GPT-5.6 series support (#98333)
* feat(openai): add GPT-5.6 series support

* docs: refresh map for GPT-5.6

* fix(openai): preserve GPT-5.6 thinking metadata

* fix(codex): sync managed app server version

* fix(codex): sync managed app server version

* fix(openai): account for GPT-5.6 cache writes

---------

Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
2026-07-01 06:48:57 +01:00
Vincent Koc
66e676d29b chore(release): close out 2026.6.11 on main 2026-06-30 11:31:08 -07:00
Alix-007
f0e2f7b4f5 fix(openai): bound video create-submit response reads
Reviewed and accepted after live preflight: mergeable clean, checks passing, no unresolved review threads.
2026-06-28 21:10:55 -07:00
NIO
4c477ee632 fix(openai): bound embedding-batch and realtime session JSON response reads (#97533) 2026-06-28 11:53:50 -07:00
NIO
527f8f0cbb fix(image-gen): bound image generation provider JSON response reads (#96495)
* fix(image-gen): bound image generation provider JSON response reads

Route success JSON reads through readProviderJsonResponse (16 MiB cap)
in openrouter, google, fal, minimax, openai, and vydra image generation
providers to prevent OOM from oversized or hostile endpoint responses.
Mirrors the response-limit campaign already applied to other provider paths.

AI-assisted.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(image-gen): size bounded JSON caps for inline image payloads

Signed-off-by: sallyom <somalley@redhat.com>

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: sallyom <somalley@redhat.com>
2026-06-26 07:08:30 -04:00
Vincent Koc
0671c08900 chore(release): close out 2026.6.10 on main (#96271)
* chore(release): close out 2026.6.10 on main

* chore(release): align native app metadata for 2026.6.10

* chore(release): sync Android 2026.6.10 notes

* docs(changelog): preserve 2026.6.9 history

* docs(changelog): preserve 2026.6.9 history
2026-06-24 11:51:14 +08:00
Vincent Koc
b039e949b6 chore(release): close out 2026.6.9 2026-06-21 12:24:15 +08:00
Vincent Koc
5df5aa1640 fix(openai): bound batch error bodies 2026-06-19 20:43:17 +02:00
Vincent Koc
59a93a817f fix(openai): bound device code auth bodies 2026-06-19 20:43:17 +02:00
Vincent Koc
a6ac8de523 fix(openai): cancel OAuth preflight bodies 2026-06-19 09:53:35 +02:00