Commit Graph

15788 Commits

Author SHA1 Message Date
pengxuewu-lab
fb52a989b2 fix(plugin-sdk): update ssrf-runtime import path in cdp-proxy-bypass (#96994)
* fix(plugin-sdk): update ssrf-runtime import path in cdp-proxy-bypass.ts

The import path `openclaw/plugin-sdk/ssrf-runtime-internal` was renamed
to `openclaw/plugin-sdk/ssrf-runtime` in a previous version, but
cdp-proxy-bypass.ts still referenced the old path. The neighbouring
cdp.helpers.ts already uses the correct path. This caused the browser
plugin to fail to load with "Package subpath is not defined by exports".

Fixes #96639

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(plugin-sdk): update ssrf-runtime import path in cdp-proxy-bypass

The import path `openclaw/plugin-sdk/ssrf-runtime-internal` was renamed
to `openclaw/plugin-sdk/ssrf-runtime` in a previous version, but
cdp-proxy-bypass.ts still referenced the old path. The neighbouring
cdp.helpers.ts already uses the correct path. This caused the browser
plugin to fail to load with "Package subpath is not defined by exports".

Update the corresponding vi.mock path in the test file to match.

Fixes #96639

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(plugin-sdk): promote managed-proxy bypass exports to public ssrf-runtime

Export registerManagedProxyBrowserCdpBypass and fetchConfiguredLocalOriginWithSsrFGuard
from the public ssrf-runtime path so that the browser plugin and ollama embedding
provider can lazy-load without hitting the private ssrf-runtime-internal subpath
that is excluded from package.json exports.

Fixes #96639

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(build): bundle private SSRF runtime for packaged plugins

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:20:18 +01:00
Alix-007
65b2e7a4e3 fix(mattermost): add timeout to REST client requests (#102027)
* fix(mattermost): add timeout to REST client requests

* fixup: preserve Mattermost DM retry timeout

* test(mattermost): reuse hanging server helper

* test(mattermost): satisfy timeout lint

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:12:30 +01:00
lzyyzznl
08663917fa fix(inworld): use truncateUtf16Safe for error body and parse error truncation (#102608)
* fix(inworld): use truncateUtf16Safe for error body and parse error truncation

Two .slice(0, N) truncation sites in the Inworld TTS extension may
cut UTF-16 surrogate pairs in half when the error body or parse error
message contains multi-byte characters such as emoji. Replace both
with truncateUtf16Safe to keep the truncated output valid Unicode.

* test(inworld): cover UTF-16-safe TTS errors

Co-authored-by: lizeyu-xydt <li.zeyu@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:09:34 +01:00
sunlit-deng
1e377e3660 fix(clickclack): bound inbound websocket payloads (#102480)
* fix(clickclack): bound inbound websocket payloads

* fix(clickclack): bound inbound websocket payloads

Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:09:30 +01:00
huangjianxiong
5ba981a437 fix(qa-matrix): keep room scenario preview truncation UTF-16 safe (#102606)
* fix(qa-matrix): keep room scenario preview truncation UTF-16 safe

Replace 7x `.slice(0, N)` with `truncateUtf16Safe(..., N)` in
runMatrixStreamingPreviewScenario and runMatrixToolProgressScenario
to prevent surrogate pair corruption in body/formattedBody previews.

Ref. lsr911 pattern — mechanical substitution, no behavior change.

* test(qa-matrix): prove UTF-16 artifact boundaries

Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:07:23 +01:00
Masato Hoshino
c9ec548e6f fix(browser): preserve strict CDP discovery policy on target-list lookup (#102328)
* fix(browser): preserve strict CDP discovery policy on target-list lookup

findPageByTargetIdViaTargetList fetched the CDP /json/list endpoint without
passing an ssrfPolicy argument, so the caller's discovery policy was dropped at
the fetch layer while the sibling tryTerminateExecutionViaCdp scoped it. Build
the scoped control policy with scopeCdpPolicyToConfiguredEndpoint and pass it to
fetchJson, matching the sibling lookup path.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* test(browser): tighten target-list CDP policy test comment

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* test(browser): consolidate target-list SSRF coverage

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:04:39 +01:00
Vincent Koc
0ac8933721 fix(text): keep diagnostic truncation UTF-16 safe
Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
Co-authored-by: wangmiao0668000666 <wang.miao86@xydigit.com>
Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>
2026-07-09 04:02:39 -07:00
qingminlong
56096eb859 fix(browser): report malformed relay CDP frames (#102070)
* fix(browser): report malformed relay CDP frames

* refactor(browser): streamline relay frame validation

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:00:38 +01:00
qingminlong
6cd94f6049 fix(web): mark partial response reads when streams fail (#102550)
* fix(web): mark partial response reads when streams fail

* fix(web): report partial stream bytes accurately

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:58:56 +01:00
huangjianxiong
c067802cda fix(microsoft-foundry): keep connection test error truncation UTF-16 safe (#102605)
* fix(microsoft-foundry): keep connection test error truncation UTF-16 safe

Replace `.slice(0, 200)` with `truncateUtf16Safe(body, 200)` in
testFoundryConnection error messages to prevent surrogate pair corruption.

Ref. lsr911 pattern — mechanical substitution, no behavior change.

* test(microsoft-foundry): cover UTF-16-safe connection errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:51:38 +01:00
Alix-007
bebf0b98c1 fix(nextcloud-talk): add timeouts to Talk send requests (#102025)
* fix(nextcloud-talk): add timeouts to Talk send requests

* test(nextcloud-talk): simplify send timeout proof

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:49:48 +01:00
huangjianxiong
c335ecdb73 fix(microsoft-foundry): keep Azure CLI error truncation UTF-16 safe (#102604)
* fix(microsoft-foundry): keep Azure CLI error truncation UTF-16 safe

Replace `.slice(0, 300)` with `truncateUtf16Safe(normalized, 300)` in
summarizeAzErrorMessage to prevent surrogate pair corruption.

Ref. lsr911 pattern — mechanical substitution, no behavior change.

* test(microsoft-foundry): cover UTF-16-safe CLI errors

* test(microsoft-foundry): assert complete CLI error

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:49:35 +01:00
huangjianxiong
0a8677ec99 fix(whatsapp): keep echo tracker log truncation UTF-16 safe (#102603)
* fix(whatsapp): keep echo tracker log truncation UTF-16 safe

Replace `.slice(0, 50)` with `truncateUtf16Safe(text, 50)` in
echo tracker verbose log message to prevent surrogate pair corruption.

Ref. lsr911 pattern — mechanical substitution, no behavior change.

* test(whatsapp): cover UTF-16-safe echo previews

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:46:52 +01:00
Peter Steinberger
5154fe08fa feat: show Codex sessions across Gateway and paired nodes (#102586)
* feat(codex): add federated session catalog

* fix(codex): align session catalog checks

* fix(ui): translate Codex session catalog

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-09 03:42:03 -07:00
huangjianxiong
29d2a1ed42 fix(ollama): use truncateUtf16Safe for malformed NDJSON log truncation (#102593)
* fix(ollama): use truncateUtf16Safe for malformed NDJSON log warning

The parseNdjsonStream function uses naive .slice(0, 120) on malformed
NDJSON data in log warnings which can split surrogate pairs. Replace
with truncateUtf16Safe().

* test(ollama): cover UTF-16-safe NDJSON warnings

* test(ollama): satisfy lint in NDJSON coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:38:54 +01:00
Sally O'Malley
e595a8c0ac Add Vault SecretRef plugin (#89255)
* Add Vault SecretRef plugin

Signed-off-by: sallyom <somalley@redhat.com>

* expand Vault setup to registered SecretRef targets

Signed-off-by: sallyom <somalley@redhat.com>

* fix(vault): use sdk secret target seam

* fix(vault): preserve auth profile target paths

* docs(vault): document plugin enable step

* fix(vault): make status provider-alias aware

* fix(vault): reject noncanonical secret ids

* fix(vault): separate resolver timeout deadlines

* fix(vault): forward private CA trust settings

* fix(secrets): preserve plugin policy boundaries

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-07-09 05:30:12 -05:00
Vincent Koc
45d15aabf9 fix(tts-local-cli): preserve file output on stream errors
Co-authored-by: 赵旺0668001248 <zhao.wang1@xydigit.com>
2026-07-09 03:28:51 -07:00
huangjianxiong
c87b9a7cee fix(parallel): use truncateUtf16Safe for MCP error JSON truncation (#102592)
* fix(parallel): use truncateUtf16Safe for MCP error JSON truncation

The extractMcpToolPayload function and error messages use naive
.slice(0, 500) on JSON-serialized errors and results which can split
surrogate pairs. Replace with truncateUtf16Safe().

* test(parallel): cover UTF-16-safe MCP errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:25:28 +01:00
lsr911
1beea4b873 fix(qqbot): use truncateUtf16Safe for debug log URL/key truncation (#102572)
* fix(qqbot): use truncateUtf16Safe for debug log URL/key truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in:
- image-size.ts: URL preview in debug logs (2 sites)
- upload-cache.ts: cache key preview in debug logs (2 sites)

Co-Authored-By: Claude <noreply@anthropic.com>

* test(qqbot): cover UTF-16-safe debug previews

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:20:38 +01:00
Alix-007
b37476ab0b fix(twilio): redact webhook turnToken diagnostics (#102089)
* fix(twilio): redact webhook turnToken diagnostics

* chore(twilio): rerun ci

* fix(twilio): contain webhook URL diagnostics

Co-authored-by: Alix-007 <li.long15@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:19:40 +01:00
NIO
32dee52329 fix(googlechat): cap approval binding registries (#101744)
Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-09 11:12:32 +01:00
lsr911
6ad8a77b51 fix(telegram): use truncateUtf16Safe for raw update log truncation (#102567)
* fix(telegram): use truncateUtf16Safe for raw update log truncation

* refactor(telegram): own raw log bounds in formatter

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:11:35 +01:00
lsr911
e39e628a84 fix(active-memory): use truncateUtf16Safe for log value truncation (#102551)
* fix(active-memory): use truncateUtf16Safe for log value truncation

* fix(active-memory): use truncateUtf16Safe for log value truncation

* test(active-memory): cover UTF-16-safe log limits

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:10:42 +01:00
Peter Steinberger
fc5a4defaf feat(cohere): add current Command models (#102563)
* feat(cohere): add current Command models

* docs: keep release notes out of PR
2026-07-09 11:07:50 +01:00
zw-xysk
9fa913740d fix(tts-local-cli): handle stdout/stderr stream errors in speech provider (#102347)
* fix(tts-local-cli): handle stdout/stderr stream errors in speech provider

CLI TTS speech provider spawns a child process to generate audio and
registers stdout/stderr data listeners but omits stream error handlers.

stdout carries synthesized audio data. A pipe error mid-generation must
reject the promise so the caller does not silently receive truncated
audio when the child later exits zero. stderr carries diagnostic logs
only — errors there are benign and should not crash the provider.

Apply separate strategies matching vincentkoc's requirement:
- stdout (audio): error → reject(Promise) — surface the failure
- stderr (diagnostic): error → ignore — does not affect audio output

* fix lint: remove unused signal param from mock kill()

* fix(tts-local-cli): contain child stream failures

Co-authored-by: 赵旺0668001248 <zhao.wang1@xydigit.com>

* chore(tts-local-cli): keep release notes in PR body

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:06:10 +01:00
huangjianxiong
fae5421f81 fix(diagnostics-prometheus): use truncateUtf16Safe for error message truncation (#102591)
* fix(diagnostics-prometheus): use truncateUtf16Safe for error message truncation

The safeErrorMessage function uses naive .slice(0, 500) on error messages
which can split surrogate pairs. Replace with truncateUtf16Safe().

* test(diagnostics-prometheus): cover UTF-16-safe errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:04:47 +01:00
huangjianxiong
4be6fa7413 fix(codex-supervisor): use truncateUtf16Safe for stderr tail truncation (#102590)
* fix(codex-supervisor): use truncateUtf16Safe for stderr tail truncation

StdioCodexJsonRpcConnection includes stderr output in the transport-closed
error message with a naive .slice(0, 1200) which can split surrogate pairs.
Replace with truncateUtf16Safe().

* test(codex-supervisor): cover UTF-16-safe stderr tails

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 10:59:17 +01:00
lsr911
f650d641e4 fix(codex): use truncateUtf16Safe in trajectory and client parse log truncation (#102576)
* fix(codex): use truncateUtf16Safe in trajectory and client parse log truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in:
- trajectory.ts: payload redaction display (20k char limit)
- client.ts: parse error log truncation

Co-Authored-By: Claude <noreply@anthropic.com>

* test(codex): cover UTF-16 truncation boundaries

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 10:53:25 +01:00
qingminlong
c86fe21cad fix(browser): keep UTF-8 stderr tails valid (#102543) 2026-07-09 10:51:52 +01:00
wangmiao0668000666
6433b82723 fix(qa-lab): surface gateway child stream failures (#102104)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 10:28:32 +01:00
wings1029
f7cc6ebe1e fix(agent-core,memory-core): keep compaction summary and memory snippet truncation UTF-16 safe (#102542)
* fix(agent-core,memory-core): keep compaction summary and memory snippet truncation UTF-16 safe

* fix: make compaction and memory truncation UTF-16 safe

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 10:08:11 +01:00
Ayaan Zaidi
1ad346e465 test(codex): align shared-client version fixtures with the 0.143.0 floor 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
8589759818 fix(codex): keep terminal idle backstop gated during in-flight app-server requests 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
bb1da73b14 fix(codex): fail detached-but-leased clients on suspect retirement 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
80b2b709ca fix(codex): scope client fan-out to terminal liveness kills 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
ca3f247eb2 fix(codex): fan out app-server liveness retirement 2026-07-09 14:26:05 +05:30
lsr911
6a3834d41d fix(memory-core): use truncateUtf16Safe for diary context truncation (#102524)
* fix(memory-core): use truncateUtf16Safe for diary context truncation

* test(memory-core): cover utf16 diary truncation

* refactor(memory-core): use plugin sdk text runtime

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:49:21 +01:00
wangmiao0668000666
51b4e78c33 fix(google-meet): bound Google API requests (#102149)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:39:34 +01:00
Peter Steinberger
42a8679c4d fix: restore release validation on main (#102516)
* test(qqbot): assert approval fence exactly

* fix(release): wait for ClawHub publish logging

* fix(ci): repair Bun global install smoke

* test(slack): fix app identity fixture
2026-07-09 09:39:08 +01:00
lsr911
32de666163 fix(codex): use truncateUtf16Safe for tool transcript output truncation (#102522)
* fix(codex): use truncateUtf16Safe for tool transcript output truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in event-projector
tool transcript output text to prevent surrogate pair splitting.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(codex): keep streamed output utf16-safe

* refactor(codex): use plugin sdk text runtime

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:37:07 +01:00
lsr911
145b71f57e fix(oc-path): use truncateUtf16Safe for error message path truncation (#102527)
* fix(oc-path): use truncateUtf16Safe for error message path truncation

Replace naive .slice(0, 80) with truncateUtf16Safe() at three
error-reporting call sites to prevent surrogate pair splitting
in oc:// path validation error messages.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(oc-path): cover utf16 error truncation

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:35:17 +01:00
lsr911
ed9ce1c584 fix(discord): use truncateUtf16Safe for deploy error body truncation (#102525)
* fix(discord): use truncateUtf16Safe for deploy error body truncation

* test(discord): cover utf16 deploy errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:33:46 +01:00
xingzhou
b23fdcfac9 fix(codex): avoid broken emoji in dynamic tool timeout logs (#102509)
* fix(codex): keep dynamic tool log fields UTF-16 safe

* test(codex): narrow dynamic tool response item

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:26:22 +01:00
Miorbnli
e6a2136c3a fix(msteams): lowercase content type so attachment classification is case-insensitive (#102431)
* fix(msteams): lowercase content type so attachment classification is case-insensitive

normalizeContentType only trimmed its input. MIME types are case-insensitive
(RFC 2045), and MS Teams relay payloads (SharePoint, OneDrive, Bot Framework CDN)
routinely emit mixed-case values such as "Image/PNG" or
"Application/Vnd.Microsoft.Teams.File.Download.Info". Every downstream
comparison in the attachments module assumes a lowercased value
(startsWith("image/"), === "application/vnd.microsoft.teams.file.download.info",
startsWith("text/html")), so a mixed-case attachment was silently misclassified:
images became documents, HTML bodies were skipped, and file-download candidates
were not resolved.

Lowercase in normalizeContentType so all six call sites match. The sibling
inferPlaceholder in the same file already lowercases via
normalizeLowercaseStringOrEmpty, so this aligns the two paths.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(msteams): route HTML text extraction through normalizeContentType

extractTextFromHtmlAttachments guarded its loop with an exact
`attachment.contentType !== "text/html"` check, which is the same
case-sensitivity gap the rest of the PR closes via normalizeContentType.
A mixed-case "TEXT/HTML" attachment (common from Teams relays; MIME types are
case-insensitive per RFC 2045) was skipped, so a message whose only body text
lived in such an HTML attachment entered the agent path with empty text.

Route the guard through normalizeContentType so mixed-case HTML attachments
reach the body extractor. Export the function and add regression coverage for
mixed-case / whitespace-padded / object-content / non-HTML cases.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(msteams): preserve MIME parameter case

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:24:35 +01:00
Peter Steinberger
9566aded5c fix(openai): correct Realtime auth and transcription secrets (#102518)
* fix(openai): correct Realtime auth and transcription secrets

* chore: leave release notes to release automation
2026-07-09 08:55:31 +01:00
mikasa
a522e4309c fix(browser): bound Chrome launch stderr diagnostics (#101506)
* fix(browser): bound Chrome launch stderr diagnostics

* fix(browser): preserve chrome launch recovery diagnostics

* refactor(browser): share bounded UTF-8 stderr tails

* fix(browser): own bounded stderr storage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 08:30:27 +01:00
Alix-007
ca8f6e1efd fix(zalouser): clear probe timeout after auth resolves (#101649) 2026-07-09 08:29:44 +01:00
Peter Steinberger
e7492c6fca feat(providers): refresh Qwen, Cohere, and Mistral catalogs (#102489)
* feat(providers): refresh popular model catalogs

* chore: leave release changelog to release automation

* docs: refresh provider docs map
2026-07-09 08:16:50 +01:00
kevinlin-openai
245b91b83d feat(slack): support Enterprise Grid org installs (#102372)
* feat(slack): support Enterprise Grid org installs

* docs: refresh generated docs map

* fix(slack): satisfy enterprise routing CI

* fix(slack): accept org auth without app id

* docs(plugin-sdk): document channel policy hooks

* fix(slack): reuse canonical sender for enterprise replies

* test(slack): fix enterprise sender lint

---------

Co-authored-by: Kevin Lin <kevin@dendron.so>
2026-07-08 23:53:19 -07:00
Peter Steinberger
fb3f0a2889 fix(openai): clarify rejected Realtime Talk API keys [AI] (#102461)
* fix(openai): clarify realtime API key failures

* chore: leave release notes to release workflow
2026-07-09 07:41:33 +01:00