Commit Graph

1223 Commits

Author SHA1 Message Date
Peter Steinberger
d71a9e1a13 refactor(slack): use Web API response contracts (#106234) 2026-07-13 02:26:49 -07:00
Peter Steinberger
1136757174 refactor: consolidate bounded concurrency on p-limit and p-map (#106002)
* refactor: adopt p-limit and p-map for bounded concurrency

* chore: normalize lockfile ordering

* fix: preserve memory host concurrency export

* refactor: keep media apply within size budget

* fix: drain memory concurrency before failure

* fix: satisfy memory concurrency guards

* chore: scope memory host dead-code checks

* chore: lower concurrency LOC baselines

* fix: preserve concurrency API surfaces

* chore: reconcile concurrency LOC baseline

* test: keep memory concurrency gate portable

* style: simplify concurrency drain

* ci: refresh deadcode export baseline
2026-07-13 01:53:28 -07:00
Peter Steinberger
83bf0379c9 refactor(channels): share plugin contract scaffolds (#105838)
* refactor(channels): share plugin contract scaffolds

* fix: preserve channel config hint metadata

* chore: refresh Plugin SDK API baseline

* ci: refresh plugin SDK surface budget

* fix(ci): allow read-only state database boundary

* fix(ci): dedupe read-only state database boundary
2026-07-13 01:51:32 -07:00
Peter Steinberger
4349687b9d refactor(extensions): burn down Discord and Slack dead exports (#106017)
* refactor(discord): trim dead internal exports

* refactor(slack): trim dead internal exports

* test(discord): cover inherited streaming migration

* chore(tooling): ratchet reduced extension LOC

* refactor(discord): remove stale approval helper import

* chore(deadcode): remove reintroduced transcript baseline
2026-07-12 22:58:22 -07:00
Peter Steinberger
8c7f3d087f refactor: use native abort signal composition (#105947)
* refactor: use native abort signal composition

* style(discord): preserve media module LOC baseline

* chore(ci): lower abort refactor LOC baselines
2026-07-12 22:39:43 -07:00
Peter Steinberger
1edc8b6c27 refactor(security): centralize timing-safe secret comparisons (#105989)
* refactor(plugins): reuse safe secret comparator

* refactor(security): centralize remaining secret comparisons

* chore(ci): lower refactored file baselines
2026-07-12 22:37:21 -07:00
Peter Steinberger
cba79b4aaa fix(slack): suppress room event typing indicators (#105813)
* fix(slack): suppress room event typing indicators

* fix(slack): suppress room event typing indicators
2026-07-12 18:41:49 -07:00
Peter Steinberger
774d5249cc test: eliminate unchecked TypeScript casts (#105804) 2026-07-12 18:08:26 -07:00
Peter Steinberger
fe0a6db2b4 fix(slack): warn on disabled channel drops (#105790) 2026-07-12 17:50:14 -07:00
evan-YM
45e681deac fix(slack): guard matchesSlackDeliveryMetadataSignature against UTF-8/UTF-16 length mismatch (#105492)
* [AI] fix(slack): guard matchesSlackDeliveryMetadataSignature against UTF-8/UTF-16 length mismatch

Compare Buffer byte lengths instead of JS string lengths (UTF-16 code
units) so multi-byte characters in the stored signature never produce
mismatched Buffer sizes that would cause timingSafeEqual to throw
TypeError and crash the message reconciliation loop.

Related to #105436

Co-Authored-By: Claude <noreply@anthropic.com>

* test(slack): prove malformed delivery signature recovery

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-12 16:44:52 -07:00
yourslewis
9ee9f3e544 fix(slack): prevent duplicate reply controls (#101474)
* fix(slack): dedupe mirrored reply controls

Co-authored-by: yourslewis <5415708+yourslewis@users.noreply.github.com>
Co-authored-by: Chloe <chloe@openclaw.ai>

* fix(slack): avoid spread in control row keys

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: yourslewis <5415708+yourslewis@users.noreply.github.com>
Co-authored-by: Chloe <chloe@openclaw.ai>
2026-07-12 13:01:31 -07:00
Peter Steinberger
6556d1d173 refactor(config): declarative doctor alias-migration DSL with inheritance-aware account seeding (#105636)
* fix(config): seed inherited root streaming into doctor-materialized account streaming objects

* feat(plugin-sdk): add defineChannelAliasMigration doctor alias-migration DSL

* refactor(plugins): migrate channel doctor contracts onto the alias-migration DSL

* refactor(config): drop the prod-unused offMode legacy notice option

* fix(config): make account streaming seeding opt-in for wholesale-replace channels

* test(imessage): keep account streaming account-local for deep-merge runtime
2026-07-12 12:28:42 -07:00
zw-xysk
71accce06a fix(slack): keep dm metadata reads read-only (#103468)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: zw-xysk <zw-xysk@users.noreply.github.com>
2026-07-12 12:18:50 -07:00
efrazer-oai
d09d200293 fix(slack): show commentary independently of tool progress (#103995)
* fix(slack): separate commentary progress from tools

* fix(slack): preserve legacy preamble defaults

* test(slack): add live commentary progress proof

* fix(slack): support scoped progress drafts

* test(slack): harden commentary progress proof

* test(slack): type commentary matrix cases

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-12 17:52:53 +01:00
Peter Steinberger
81941f2d68 test: enable noUncheckedIndexedAccess for extension tests (#105343) 2026-07-12 12:48:22 +01:00
Vincent Koc
4d8b201371 refactor(plugins): remove dead channel helpers (#105276) 2026-07-12 18:21:11 +08:00
Peter Steinberger
b02d276bbc test(slack): align prerelease contracts (#105214)
* test(slack): align prerelease contracts

* docs(agents): note review artifact enums

* style(slack): format prerelease test
2026-07-12 10:23:47 +01:00
zw-xysk
1cbb67668f fix(slack): log typing reaction errors instead of silently swallowing them (#103303)
* fix(slack): log typing reaction errors instead of silently swallowing them

The typing reaction (emoji) add and remove calls both use empty catch
handlers, silently discarding all errors. If the bot token lacks
reactions:write scope, the operator has no way to diagnose why the
configured typing reaction never appears.

Replace the empty catch with logVerbose calls that record the Slack
error, matching the existing logging pattern in the same file.

* test(slack): cover typing reaction failures

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-12 09:20:56 +01:00
Peter Steinberger
218dcd815a feat(tooling): enforce noUncheckedIndexedAccess in the extensions lane (NUIA phase 4) (#105132)
* fix(extensions): make indexed access explicit across channel plugins

Transport-payload-safe burn-down: malformed Telegram/Discord/QQ/LINE
and sibling channel input keeps existing skip paths; no synthesized
fields, no new throws in delivery loops. Zalo escape sentinels preserve
literal matches instead of undefined replacements.

* fix(extensions): make indexed access explicit across provider and memory plugins

Stream and model iteration, tool-block guards, capture guards, and
sparse accumulators; singleton model reads carry named invariants.

* fix(extensions): make indexed access explicit across tooling plugins, flip the extensions lane

Remaining plugins (oc-path, qa-lab, browser, logbook, and siblings) plus
the tsconfig.extensions.json flag flip. Cleanup: logbook sampleFrames
NaN index at max=1, QA retry clamp at non-positive attempts, dead Canvas
probe and OpenShell no-op slice removed, twitch test setup leak excluded
from the prod lane.

* refactor(plugin-sdk): expose expectDefined via a focused SDK subpath

Extensions imported @openclaw/normalization-core directly, crossing the
external-plugin packaging boundary (it only worked because the runtime
builder bundles undeclared workspace helpers). expect-runtime joins the
canonical entrypoints JSON, generated exports, API baseline, docs, and
subpath contract test; all 78 extension imports now use the SDK seam.
Two scanner-shaped locals renamed for review-bundle hygiene.

* chore(plugin-sdk): raise surface budgets for the expect-runtime subpath

One new entrypoint with one callable export, added intentionally as the
packaging-honest seam for extension invariant helpers.
2026-07-12 09:17:31 +01:00
scoootscooob
f5eafc1515 Recover cron tool warnings with final text (#104908) 2026-07-11 19:45:33 -07:00
Peter Steinberger
7a456e362d feat(channels): add typed cross-surface approval actions (#103679)
* fix(gateway): approval registry hardening and protocol-surface follow-ups

Follow-up delta to the merged #103579 head, rebased onto current main:
- gateway-protocol wire types derive from owner-module schema consts
  (types.ts tombstone) and ProtocolSchemas leaves the package index so the
  public plugin-sdk d.ts graph tree-shakes the registry declaration
- approval access authority follows the operator.approvals scope tier with
  reviewerDeviceIds as the opt-in restriction (cross-surface
  first-answer-wins; requester identity gates only legacy adapters)
- plugin node.invoke approvals register directly so unrenderable
  presentations fail closed before request routing
- exec-approval manager reconciliation with #103515 revocation hardening
  (resolution source attribution, one-shot ask-fallback consumption)
- surface-report pins and plugin-sdk API baseline refreshed; Swift models
  regenerated

* feat(channels): add typed operator approval actions

Squash-rebased #103679 segment onto the durable-approval-registry tip on
current main. Typed approval/command/select presentation actions replace
raw-string inference across slack/telegram/discord/matrix/imessage/whatsapp,
approval.resolve carries an explicit kind, and channel adapters map native
callback envelopes through the typed action registry.

Drift reconciliation: deprecated buildExecApprovalInteractiveReply assertions
dropped (#104650 removed the shims); worker_environments bootstrap-column
migration kept alongside the approval resolution_ref backfill; plugin-sdk API
baseline regenerated.

(cherry picked from commit 68765a5d39d2118c88a7a54d00387337912d4494)
(cherry picked from commit 8642ac12af142e4b751f4f30d4b114615e7e5f66)
(cherry picked from commit 036c4bc39499925fc03de16ec9302e346769350a)
(cherry picked from commit 19dc350d6bc34e29a5169c6bc80971b0ad12adde)
(cherry picked from commit fc978b0bad86aef421c79f6a211b25cc1b743c01)
(cherry picked from commit 10de4d1ed5071f9be6ad1ee5d1e32c0fa8c9d11c)
(cherry picked from commit 9a664ced1b1fa740172b258f355f1a82925ae41c)
(cherry picked from commit c5ff69abbf444139e9e007bfa45beb0f00ffea54)
(cherry picked from commit d466a80795)
(cherry picked from commit f5b4fe40dd5c961322f8553cc80b2fdfb3f6503e)
(cherry picked from commit 7340b4749a4cc4c72f7a41cce1bc9cb550cae038)
(cherry picked from commit a151f41808f23ae60b10305ccd2bc959b9169a86)

* fix(approvals): preserve typed transport ownership

* test(imessage): narrow chunked approval text

* refactor(protocol): remove retired type tombstone

* fix(plugin-sdk): align surface budgets after rebase

* docs(changelog): note typed operator approvals

* docs(changelog): defer typed approval release note
2026-07-11 18:31:05 -07:00
Peter Steinberger
508f6a2996 refactor(config): retire legacy flat streaming keys to doctor-owned migration (#104693)
* chore(config): regenerate bundled channel config metadata for retired flat streaming keys

* refactor(config): retire legacy flat streaming keys to doctor-owned migration

* fix(config): restore zod locale installer dropped in rebase and repin SDK surface
2026-07-11 18:15:03 -07:00
Peter Steinberger
ecefc6cab6 fix(slack): align App Home with active commands 2026-07-11 17:47:25 -07:00
Peter Steinberger
12f7d9c784 fix(slack): honor configured App Home command
Co-authored-by: Jonathan Tsai <jontsai@users.noreply.github.com>
2026-07-11 17:47:25 -07:00
Sarah Fortune
fd37c0318d fix(slack): prefer configured slash command (#104736)
* fix(slack): preserve resolved secrets for slash replies

* fix(slack): register configured slash command with native commands

* fix(slack): preserve slash config refresh semantics

* refactor(slack): keep slash fix focused

---------

Co-authored-by: Sarah Fortune <sarah.fortune@gmail.com>
2026-07-11 17:14:02 -07:00
Peter Steinberger
93e5b017bf test(channels): trace-harness follow-ups — scenario names, fault vocabulary, lane sync guard (#104653) 2026-07-11 15:14:02 -07:00
Josh Lehman
0a8e3604ba refactor: flip sessions and transcripts to sqlite storage (#98236)
* refactor(sessions): migrate runtime storage to sqlite

* test(sessions): fix sqlite CI regressions

* test(sessions): align remaining sqlite fixtures

* fix(codex): require sqlite trajectory recorder

* test(sessions): align orphan recovery sqlite fixture

* test(sessions): align sqlite rebase fixtures

* fix(sessions): finish current-main integration of the sqlite flip

Resolve the whole-store SDK removal across its owner boundary: drop the
loadSessionStore re-export and the registry whole-store wrappers, wire
hasTrackedActiveSessionRun into gateway chat, complete the
preserveLockedHarnessIds cleanup contract, flip the codex thread-history
import to storePath targets, and port remaining main-side tests from
file-store helpers to session accessor reads.

* chore: drop committed pebbles log, revert plugin-inspector bump, refresh generated docs

Remove the 1.8k-line .pebbles/events.jsonl work log from the branch, restore
the plugin-inspector advisory lane to main's pinned 0.3.10 so the supply-chain
bump gets its own review, and regenerate docs_map, the plugin SDK API baseline,
and the export-surface ratchet for the merged tree.

* feat(sessions): keep archived transcripts by default with zstd cold storage

Codex-style retention: deleting or resetting a session archives its
transcript as a zstd-compressed JSONL artifact (plain when the runtime
lacks node:zlib zstd) and keeps it until the disk budget evicts oldest
first. resetArchiveRetention now governs both deleted and reset archives
and defaults to keep; maxDiskBytes defaults to 2gb so retention stays
bounded, with archives evicted before live sessions. The cron reaper
follows the same knob instead of deleting archives on its own timer.

* fix(state): converge agent DB migration lineages and bound database growth

Merge coherence: run both structure-gated legacy memory-schema repairs
(flip-lineage drop, main-lineage identity rebuild) before the flip
migration so pre-flip v1/v2 and pre-merge flip v1/v4 databases all
converge, and hoist foreign_keys=OFF outside the schema transaction
where the pragma was silently ignored and the v1 sessions rebuild
cascade-deleted session_entries.

Growth guards: fresh agent DBs enable auto_vacuum=INCREMENTAL, WAL
maintenance releases freed pages in bounded passes (never a blocking
full VACUUM), and doctor reports state/agent DB bloat from freelist
stats.

* fix(codex): resolve the store path for thread-history import via the SDK

The supervision catalog passed the legacy sessionFile locator to the
storePath-targeted transcript mirror; resolve the agent store path with
the session-store SDK helper instead of a runtime-object seam so test
fakes and headless callers need no extra surface. Drop the obsolete
missing-session-id preprocessing case: sessions rows are NOT NULL on
session_id and upsert repairs id-less patches at write time.

* fix(sessions): fail safe on malformed disk-budget config and doctor stat errors

A malformed explicit maxDiskBytes disables the budget instead of
falling back to the destructive 2gb default the user never chose, and
the doctor bloat check skips databases whose paths stat-fail instead of
aborting doctor.

* fix(sessions): complete sqlite conflict translations

* test(sqlite): align hardening checks with maintenance

* test(sessions): inspect compressed transcript archives

* fix(tests): await session seeds and drop unused helpers flagged by CI lint

The five unawaited writeSessionStoreSeed calls raced their SQLite seeds
against the assertions, failing compact shards; the bloat probe drops a
useless initializer and the merged tests drop now-unused helpers.

* test(sessions): type legacy proof events directly

* test(sessions): align hardening contracts

* perf(sessions): read usage transcript sizes from SQL aggregates

Usage/cost scans walked every session and materialized every transcript
event just to re-stringify it for a byte estimate — the #86718 stall
class reborn on the DB. readTranscriptStatsSync sums stored JSON bytes
in SQLite without loading a single row.

* fix(sessions): re-root foreign-root transcript paths onto the current sessions dir

Restored backups, moved OPENCLAW_STATE_DIR, and rehearsal copies carry
absolute sessionFile paths from the old root; the containment fallback
kept those foreign paths, so migration read (and would archive) files in
the original root and reported local copies missing. Re-root the
canonical agents/<id>/sessions suffix onto the current dir when the file
exists there; genuine cross-root layouts still fall through unchanged.

* test(agents): seed harness admission through sqlite

* fix(sqlite): close agent db on pragma setup failure

* fix(doctor): compact and retrofit incremental auto-vacuum after session import

The migration is the sanctioned offline window: post-import compact
reclaims import churn and applies auto_vacuum=INCREMENTAL to databases
created before the fresh-DB pragma existed, so runtime maintenance can
release pages in bounded passes on every install.

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:50:37 -07:00
zw-xysk
a4c1e22731 fix(slack): preserve unrelated action rows after interactions (#103445)
* fix(slack): use endsWith instead of includes for _all_ action_id matching

* fix(slack): codify bulk action IDs and add confirmation regressions

Extract isSlackBulkActionId() with the documented _all suffix grammar,
use it for bulk-row detection, and add whole-path chat.update tests for
bulk-row cleanup plus deploy_all_services false-positive control.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(slack): use OpenClaw bulk block marker instead of _all suffix

Replace global endsWith("_all") bulk detection with an explicit
openclaw:bulk: block_id prefix and closed action IDs, export a shared
producer helper, and add live Slack chat.update proof for bulk-row
removal and deploy_all_services preservation.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(slack): keep bulk contract private and add legacy upgrade path

Drop speculative bulk-action exports from the Slack plugin API, keep
accepted ID collections private and immutable, and recognize legacy bare
select_all/deselect_all rows while still rejecting deploy_all_services
false positives.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(slack): drop unsupported bare bulk compatibility branch

Remove the legacy select_all/deselect_all classifier that overmatched
single-ID and duplicate-ID rows, and add negative whole-path regressions
preserving unrelated custom action rows.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(slack): remove unsupported bulk-row cleanup heuristic

Delete the undocumented bulk-row inference and namespaced replacement
contract. Confirmation updates now replace only the selected actions row
and preserve every other authored Block Kit row.

* refactor(slack): tighten interaction confirmation fix

* chore(changelog): preserve historical TTS entries

* chore(slack): move release note to PR body

---------

Co-authored-by: zw-xysk <zw-xysk@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 13:16:25 -07:00
Peter Steinberger
e34bff2276 refactor(plugin-sdk): collapse internal config-schema facade usage onto one module (#104665) 2026-07-11 13:00:53 -07:00
Peter Steinberger
de8cfd2bf2 test(slack): delivery trace goldens for buffered native streaming and block finals (#104583) 2026-07-11 10:32:54 -07:00
Peter Steinberger
7ef22875ad fix(slack): preserve canonical block receipts (#104563) 2026-07-11 09:51:02 -07:00
Peter Steinberger
934a974c29 feat(slack): support native data visualizations (#104539) 2026-07-11 09:18:39 -07:00
Peter Steinberger
7bf80dc2c6 chore(tooling): enforce formatting and refresh TypeScript checks (#104239)
* chore(tooling): enforce current formatter and refresh checks

* chore(tooling): keep release changelog formatter-owned

* chore(tooling): retain compatible Node type surface

* ci: enforce formatting for docs-only changes

* ci: isolate docs formatter check

* chore(tooling): apply updated lint and format rules

* chore(tooling): satisfy updated switch lint

* style(ui): apply Linux formatter layout

* test(doctor): match quiet local audio contribution

* test(doctor): assert quiet output only

* test(doctor): follow restored information contract
2026-07-11 01:09:51 -07:00
Peter Steinberger
81a201df26 feat: add portable table presentation blocks (#103583)
* feat(presentation): add portable table blocks

* chore(presentation): refresh generated contracts

* fix(slack): preserve table fallback payloads

* docs(changelog): note portable message tables

* fix(presentation): preserve cross-channel fallback delivery

* chore(plugin-sdk): refresh rebased contracts

* test(slack): align accessibility expectations

* fix(presentation): harden cross-channel fallback delivery

* chore(plugin-sdk): refresh rebased contracts

* docs(changelog): defer portable table release note

* fix(presentation): satisfy extension lint

* chore(plugin-sdk): refresh surface budgets

* fix(telegram): preserve reactions after progress replies

* fix(slack): preserve rendered preview fallback text

* fix(feishu): preserve oversized presentation fallbacks

* docs(changelog): note portable message tables

* docs(changelog): defer portable table release note

* chore(plugin-sdk): refresh rebased contracts

---------

Co-authored-by: Peter Steinberger <steipete@openai.com>
2026-07-10 22:29:13 -07:00
Peter Steinberger
36e0ac3576 fix(logs): clean up gateway and channel startup/shutdown log output (#104174)
* fix(logs): clean up gateway and channel startup/shutdown log output

Scope Discord slash-command deploy REST diagnostics to command routes so
concurrent startup traffic (voice-state probes, channel lookups) keeps its
owner's error handling; make per-request deploy error lines verbose-only and
drop JSON bodies that only repeat message+code. Log allowlist summaries one
line per call so unresolved lines keep their timestamp/subsystem prefix, and
skip identity lookups that resolved to themselves. Remove embedded subsystem
prefixes, demote routine signal/shutdown/force/postbuild/diag chatter to
debug or verbose, merge the duplicate Control UI build notices, drop doctor's
duplicate backup line, and name the config surface or platform limit in the
transcripts autoStart and command-limit warnings.

Fixes #104163

* fix(slack): keep bare-name allowlist resolutions in startup log summary

Only omit identity lookups where the input already is the resolved id;
name-based lookups that translated to an id stay logged even when the
display name matches the input.

* fix(telegram): keep isolated-ingress readiness marker on the runtime log

test/e2e/qa-lab telegram-bot-token-runtime waits for this line via the
injected RuntimeEnv.log; verbose-only logging would deterministically time
out that live proof. Comment the contract at the call site.
2026-07-10 22:13:33 -07:00
Josh Avant
fbd330b7aa fix(channels): honor configured read target policies (#99905)
* fix(channels): enforce configured read targets

* test(channels): align policy checks with boundaries

* fix: bind channel reads to trusted turn context

* test: satisfy gateway lint

* fix: narrow message action channel imports

* fix(feishu): authorize message reads before provider access

* fix(slack): await reaction clear authorization

* fix(channels): align provider action contracts

* fix(matrix): read direct-room account data before sync

* fix(channels): reject unsupported attachment actions early

* fix: restore trusted operator conversation reads

* fix(matrix): authorize pin actions before provider reads

* fix: preserve trusted channel read workflows

* fix(discord): resolve current channel ids consistently

* fix(agents): preserve message action turn capability

* fix(plugins): enforce host-owned read provenance

* fix(channels): harden Teams and Discord read policy

* fix(channels): preserve exact-current action compatibility

* fix(imessage): authorize trusted current chat aliases

* fix(channels): preserve normalized current aliases

* fix(channels): preserve external current target aliases

* fix: reconcile channel policy with current main

* fix(discord): isolate DM read policy

* fix(channels): enforce provider read gates

* fix(gateway): await serialized message action identity tokens

* fix(ci): refresh channel protocol contracts
2026-07-10 22:29:37 -05:00
Peter Steinberger
dba64d574f chore(release): set version to 2026.7.2 2026-07-11 04:00:49 +01:00
Josh Avant
d777460966 fix(slack): apply sender policy to group DMs (#104007) 2026-07-10 19:57:58 -05:00
xingzhou
babc287afe fix(slack): time out stalled external file uploads (#103442)
* fix(slack): time out stalled external file uploads

* fix(slack): scope external upload timeout

* fix(slack): restrict external upload transport

* fix(slack): restrict external upload transport

* fix(slack): preserve external upload retry safety

* test(slack): use compatible guarded fetch runtime

* test(plugin-sdk): update public export baseline

* fix(slack): harden external upload delivery

* refactor(slack): isolate upload completion

Keep ordinary Enterprise Grid traffic on the Bolt listener client. Use a team-scoped no-retry client only for one-shot external upload completion, while preserving the bounded raw-upload timeout and safe durable replay classification.

* fix(slack): refresh upload release metadata

* chore(slack): leave release notes release-owned

* fix(slack): classify failed uploads before completion

* fix(slack): keep upload completion untimed

* test(plugin-sdk): refresh public export baseline

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:52:35 +01:00
JC
59e95fe3fd feat: support GPT-5.6 Ultra across OpenClaw and Codex runtimes (#98021)
* feat: support GPT-5.6 Ultra across agent runtimes

Co-authored-by: J Cai <anyech@gmail.com>

* fix: keep harness projections discovery-free

* fix(codex): mirror V2 native subagent tasks

* chore: refresh plugin SDK surface budgets

* test: expose Ultra wire effort proof

* test(cron): avoid hoisted mock initialization race

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 15:23:24 +01:00
RickLin
f74e0184a6 fix(slack): remember event-carried channel types so mpDMs key one session (#102676) (#102811)
* fix(slack): remember event-carried channel types so mpDMs key one session (#102676)

Human-authored mpDM messages carry channel_type: "mpim" and key the room
slack:group:<channelId>. Bot-authored ingress shapes omit channel_type; when the
conversations.info fill cannot resolve the type either (e.g. missing mpim:read scope),
C-prefix inference falls back to "channel" and keys a second, parallel
slack:channel:<channelId> session for the same room — modern mpDM ids are C-prefixed,
so prefix inference cannot disambiguate.

Remember explicit channel_type values already seen on events for each channel (bounded
process-local map alongside the existing channel/user caches) and consult that memory
after the event value and the channel-info fill, before prefix inference. The
system-event session-key resolver consults the same memory so system events for the
room key identically. No new network lookups; classification stays consistent with
normalizeSlackChannelType on every ingress path.

* fix(slack): scope remembered channel types by event scope

Key the remembered channel_type map with the same account/team scoping as
channelCache (scopedKey), so multi-workspace enterprise installs cannot
cross-contaminate remembered types between scopes that share a channel id.

* fix(slack): keep mpDM events on one session

Cache explicit Slack channel types at the monitor boundary so typeless bot/edit/delete events reuse mpDM group sessions without poisoning metadata lookup.

Co-authored-by: RickLin <ObliviateRickLin@users.noreply.github.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: RickLin <ObliviateRickLin@users.noreply.github.com>
2026-07-10 10:24:43 +01:00
Peter Steinberger
ffa3d9a336 fix(slack): restore folded IDs at Web API boundaries (#103214)
* fix(slack): preserve delivery target case

Co-authored-by: 唐梓夷0668001293 <tang.ziyi@xydigit.com>

* fix(slack): restore API IDs at Web API boundaries

Co-authored-by: 唐梓夷0668001293 <tang.ziyi@xydigit.com>

---------

Co-authored-by: 唐梓夷0668001293 <tang.ziyi@xydigit.com>
2026-07-10 06:37:57 +01:00
Peter Steinberger
fa3eb673cd feat(slack): accept spoken mentions in audio clips (#103416)
* feat(slack): support spoken audio mentions

* chore: keep release notes in PR body
2026-07-09 22:33:26 -07:00
Peter Steinberger
add2c586c2 feat(slack): support native chart presentations (#102635) 2026-07-10 04:05:23 +01:00
Peter Steinberger
36227737c5 fix(slack): preserve standalone reply anchors (#102905)
Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com>
2026-07-09 15:56:52 +01:00
lzyyzznl
0aae1ea816 fix(slack): use truncateUtf16Safe for message body preview truncation (#102612)
* fix(slack): use truncateUtf16Safe for message body preview truncation

One .slice(0, 160) truncation site in the Slack message handler may
cut UTF-16 surrogate pairs in half when the message body preview
contains multi-byte characters such as emoji. Replace it with
truncateUtf16Safe to keep the truncated output valid Unicode.

* test(slack): cover UTF-16 preview boundary

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:37:49 +01:00
Peter Steinberger
42a8679c4d fix: restore release validation on main (#102516)
* test(qqbot): assert approval fence exactly

* fix(release): wait for ClawHub publish logging

* fix(ci): repair Bun global install smoke

* test(slack): fix app identity fixture
2026-07-09 09:39:08 +01:00
kevinlin-openai
245b91b83d feat(slack): support Enterprise Grid org installs (#102372)
* feat(slack): support Enterprise Grid org installs

* docs: refresh generated docs map

* fix(slack): satisfy enterprise routing CI

* fix(slack): accept org auth without app id

* docs(plugin-sdk): document channel policy hooks

* fix(slack): reuse canonical sender for enterprise replies

* test(slack): fix enterprise sender lint

---------

Co-authored-by: Kevin Lin <kevin@dendron.so>
2026-07-08 23:53:19 -07:00
Vincent Koc
7e0324263b fix(text): keep reachable truncation boundaries UTF-16 safe
Consolidates #102007, #101818, and #101782.

Co-authored-by: 杨浩宇0668001029 <yang.haoyu@xydigit.com>
Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-07 23:37:52 -07:00
Vincent Koc
5a5b4c5b10 refactor(slack): localize internal declarations (#102044) 2026-07-07 22:39:20 -07:00