Commit Graph

15788 Commits

Author SHA1 Message Date
Peter Steinberger
12f7d9c784 fix(slack): honor configured App Home command
Co-authored-by: Jonathan Tsai <jontsai@users.noreply.github.com>
2026-07-11 17:47:25 -07:00
Alix-007
e7c3f7be6c fix(discord): add timeouts to PluralKit lookup requests (#104121)
* fix(discord): add timeouts to PluralKit lookup requests

* fix(discord): bound PluralKit preflight cancellation

* docs(changelog): note PluralKit lookup deadline

* chore: keep changelog release-owned

* test(discord): reject PluralKit aborts with errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:44:52 -07:00
Vincent Koc
16a647041c fix(providers): load trusted external thinking policies 2026-07-12 08:40:22 +08:00
llagy007
d8bcd014c7 fix(signal): align supported message actions (#104788)
* fix(signal): align supported message actions

* test(signal): clarify supported message actions

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:34:07 -07:00
litang9
a0c4c31a17 fix(feishu): configure websocket ping timeout (#103763) 2026-07-11 17:31:59 -07:00
Peter Steinberger
3255b3218a feat: unify external sessions with native catalog pagination (#104717)
* feat(gateway): add generic sessions.catalog surface with plugin SDK registration seam

* feat(agents): support one-shot forked CLI session resume with successor rebinding

* feat(anthropic): adopt local Claude CLI sessions into native chats via catalog continue

* feat(codex): register the session catalog provider independently of supervision

* refactor(ui): delete the retired custom Claude/Codex session tab views

* feat(ui): render external session catalogs as native sidebar sessions and chat panes

* docs: describe the unified native session catalog

* fix: harden forked CLI resume and catalog transcript mapping after review

* fix: satisfy strict typecheck for catalog source guard and imported message cast

* chore(i18n): regenerate session catalog locales

* fix(codex): simplify session source guard type

* fix(ui): paginate sidebar session catalogs

* chore(i18n): refresh catalog metadata after main merge

* fix(ui): harden session catalog pagination refresh

* test(agents): use sqlite session accessor in fork tests

* fix(ci): refresh session catalog generated surfaces

* fix(ui): align session catalog locales

* fix: address session catalog review findings

* fix(sessions): roll back failed plugin catalog adoption

* test(sessions): preserve CLI binding literals

* fix(ui): restore native session pagination label

* docs: note external session catalogs

* Revert "docs: note external session catalogs"

This reverts commit cfb503f160.
2026-07-11 17:26:26 -07:00
Sarah Fortune
fd37c0318d fix(slack): prefer configured slash command (#104736)
* fix(slack): preserve resolved secrets for slash replies

* fix(slack): register configured slash command with native commands

* fix(slack): preserve slash config refresh semantics

* refactor(slack): keep slash fix focused

---------

Co-authored-by: Sarah Fortune <sarah.fortune@gmail.com>
2026-07-11 17:14:02 -07:00
Alix-007
78a98a7efa fix(telegram): add timeouts to getChat lookup requests (#104289)
* fix(telegram): add timeouts to getChat lookup requests

* fix(telegram): reuse shared timeout abort helper
2026-07-11 17:13:14 -07:00
wuqxuan
dfa9569ca7 fix(google): exclude versioned Gemini client header from memory identity (#104759)
* fix(google): exclude versioned Gemini client header from memory identity

* test(google): focus memory identity coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 17:06:21 -07:00
mushuiyu886
d886059520 fix(line): preserve Unicode boundaries in recipient errors (#104109) 2026-07-11 17:03:58 -07:00
llagy007
7027d2c227 fix(browser): reject non-page json new targets (#104129)
* fix(browser): reject non-page json new targets

* fix(browser): adopt only validated raw CDP targets

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:58:43 -07:00
qingminlong
8e216310b8 fix(parallel): stop MCP search when initialized ack fails (#104554)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-12 07:52:23 +08:00
Harjoth Khara
b2cd0e428d fix(workboard): preserve active claim error precedence (#104065)
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-12 07:45:25 +08:00
ZOOWH
fb702e5cae fix(memory): harden embedding batch workflows (#103472)
* fix(memory): harden embedding batch workflows

Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>

* test(memory): align batch redaction expectation

* test(memory): tighten batch dependency types

* refactor(google): clarify batch state control flow

* test(google): make batch stage fallback lint-safe

* build(plugin-sdk): refresh memory batch surface budget

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>
2026-07-11 16:43:58 -07:00
Peter Steinberger
847460600f feat(macos): redesign device-code sign-in (#104766)
* feat(macos): redesign device-code sign-in

* chore(i18n): refresh native string inventory

* fix(macos): localize device-code completion action

* fix(auth): preserve device-code fallback copy

* fix(xai): report browser launch accurately
2026-07-11 16:43:21 -07:00
Vincent Koc
6bba7eaa0d test(telegram): match private login reply fixture 2026-07-12 07:40:35 +08:00
Vincent Koc
a7764d4366 fix(auth): preserve Codex login profile identity 2026-07-12 07:40:35 +08:00
Eva
030fa62b79 fix(telegram): preserve codex login profile identity 2026-07-12 07:40:35 +08:00
Artur
cc419f8f47 fix(telegram): prevent unlisted API calls from stalling delivery (#104526)
* fix(telegram): bound unlisted API requests

* test(telegram): prove unlisted request aborts

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:28:36 -07:00
Peter Steinberger
7778663322 test(telegram): preserve projection fixture identities (#104777) 2026-07-11 16:26:26 -07:00
Peter Steinberger
453c049ac8 test(telegram): table-drive funnel-parity chunk boundaries for streamed final pagination (#104760)
The behavior fix landed on main in #104608 (fe3884a7ad): draft-stream final
pagination now routes markdownSource previews through markdownToTelegramChunks,
the same chunker the durable reply funnel uses (delivery.replies.ts
buildChunkTextResolver), and the overflow-pagination golden was re-recorded on
safe boundaries there. This adds the missing parity regression coverage:
table-driven cases for mid-word, mid-entity, mid-tag, and fenced code-block
page boundaries assert the streamed pages equal the durable chunker's HTML
chunks exactly, and that retained/current page snapshots carry the durable
plainText projection so an HTML-parse 400 degrades both funnels identically.

Formatting proof: Testbox tbx_01kx9n9q7rksfxgr5baj0esw57 check:changed format
lane passed on this diff (local worktree has no node_modules for the hook).
2026-07-11 16:12:48 -07:00
llagy007
c059d7d062 fix(browser): refresh target after guarded existing-session actions (#104094)
* fix(browser): refresh target after guarded existing-session actions

* test(browser): isolate guarded target cases

* test(browser): mock safe replacement URL resolution

* fix(browser): refresh target after guarded evaluate

* style(browser): format guarded action matrix

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:11:48 -07:00
llagy007
4057d4b623 fix(browser): keep direct CDP version diagnostics (#104678) 2026-07-11 16:09:42 -07:00
NIO
c04c85b6f3 fix(mattermost): bound stalled inbound media header waits (#104575)
* fix(mattermost): bound stalled inbound media header waits

* test(mattermost): always close stalled media server

* test(mattermost): satisfy server cleanup lint

---------

Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 16:09:08 -07:00
Peter Steinberger
c3a8e60adc fix: doctor repairs Voice Call SQLite schema upgrades (#104752)
* fix(doctor): repair voice-call SQLite schema

* chore: keep release notes in PR body

* test(plugin-sdk): update public surface budget
2026-07-11 16:05:59 -07:00
Vincent Koc
266d49cddb fix(codex): migrate legacy session ownership to sqlite 2026-07-12 06:50:30 +08:00
Vincent Koc
b4db960616 fix(codex): converge retained raw binding rows 2026-07-12 06:50:30 +08:00
Vincent Koc
8955f17f12 fix(codex): use shared binding fingerprint helper 2026-07-12 06:50:30 +08:00
Vincent Koc
6b688011ba fix(codex): bound legacy binding fingerprints 2026-07-12 06:50:30 +08:00
Eva
54995af3ae fix(codex): bound app-server binding fingerprints 2026-07-12 06:50:30 +08:00
computment
088a9dc335 fix(discord): refresh model picker after default changes (#104635)
* fix(discord): refresh model picker component config

* test(discord): model full hot-reload snapshot state

* fix(discord): keep pending model selection stable

* fix(discord): stabilize recent model actions

---------

Co-authored-by: compoodment <compoodment@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:47:34 -07:00
NianJiu
da6a24d7dc fix(reply): prevent hung pre-delivery hooks from blocking lanes (#104256)
* fix(reply): bound pre-delivery hook settlement

* test(plugins): preserve hook timeout fixtures

* fix(reply): preserve declared pre-delivery budgets

* chore(reply): finalize pre-delivery recovery

* fix(reply): preserve per-final recovery semantics

* fix(reply): guard pending-final settlement identity

* test(reply): align pending-final store fixture

* fix(reply): bind settlement to originating intent

* test(reply): satisfy timeout fixture lint

* chore(plugin-sdk): refresh rebased baseline

* fix(reply): preserve normalized retry ownership

* fix(reply): narrow pending retry metadata

* fix: align reply dispatch state access

* chore(plugin-sdk): refresh rebased surface baseline

* test(reply): align rebased accessor assertion

* chore(plugin-sdk): regenerate drifted API baseline

---------

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:47:15 -07:00
Vincent Koc
52f88473d9 fix(memory): isolate qmd fallback service hosts 2026-07-12 06:33:57 +08:00
Vincent Koc
a7f021d5a7 fix(memory): scope cached managers by service host 2026-07-12 06:33:57 +08:00
Vincent Koc
1b0a34c9a9 fix(memory): default optional local service hook 2026-07-12 06:33:57 +08:00
Vincent Koc
c1e70b9a7f refactor(plugin-sdk): inject memory local service per call 2026-07-12 06:33:57 +08:00
Vincent Koc
eae846e3e5 refactor(memory): inject local service host hooks 2026-07-12 06:33:57 +08:00
Vincent Koc
dc3c55418a refactor(memory): scope embedding service acquisition 2026-07-12 06:33:57 +08:00
VectorPeak
d5569a98db fix(feishu): avoid logging raw duplicate card-action tokens (#104498)
* fix(feishu): avoid logging raw duplicate card-action tokens

Avoid writing the raw Feishu card-action callback token into duplicate callback diagnostics while preserving duplicate suppression behavior.

Co-authored-by: chatgpt-codex-connector[bot] <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>

* test(feishu): use neutral callback token fixture

* test(feishu): mark callback fixture as placeholder

---------

Co-authored-by: chatgpt-codex-connector[bot] <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:30:18 -07:00
Peter Steinberger
1b1cebfe42 fix(openai): align auth availability with effective routes (#104685)
* feat(openai): add provider-owned route facts

* fix(openai): harden provider route facts

* test(codex): update rebased auth fixtures

* chore: leave release notes to release workflow

* fix(openai): align route auth with current contracts

* test(openai): align route and shard expectations

* test(openai): satisfy route fixture contracts

* fix(openai): preserve direct profile forwarding

* test(models): complete route auth mocks

* test(codex): type compaction factory mock

* fix(openai): preserve provider-native model ids

* test(agents): align route auth fixtures

* style(agents): format route integrations

* test(plugin-sdk): pin current surface counts
2026-07-11 15:26:48 -07:00
Ho Lim
8a4463eef1 feat(browser): support evaluate timeouts for existing sessions (#103181)
* fix(browser): honor evaluate timeout for existing sessions

Signed-off-by: Ho Lim <subhoya@gmail.com>

* docs(browser): align existing-session evaluate timeouts

---------

Signed-off-by: Ho Lim <subhoya@gmail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 15:23:52 -07:00
Peter Steinberger
93e5b017bf test(channels): trace-harness follow-ups — scenario names, fault vocabulary, lane sync guard (#104653) 2026-07-11 15:14:02 -07:00
Peter Steinberger
2a479bd4ac fix(ci): make owner-approved Testbox landing reliable (#104726)
* fix(ci): isolate nested pnpm verification

* test(google): verify OAuth abort signal forwarding

* docs: treat owner land requests as Testbox approval
2026-07-11 15:04:25 -07:00
Josh Lehman
0a8e3604ba refactor: flip sessions and transcripts to sqlite storage (#98236)
* refactor(sessions): migrate runtime storage to sqlite

* test(sessions): fix sqlite CI regressions

* test(sessions): align remaining sqlite fixtures

* fix(codex): require sqlite trajectory recorder

* test(sessions): align orphan recovery sqlite fixture

* test(sessions): align sqlite rebase fixtures

* fix(sessions): finish current-main integration of the sqlite flip

Resolve the whole-store SDK removal across its owner boundary: drop the
loadSessionStore re-export and the registry whole-store wrappers, wire
hasTrackedActiveSessionRun into gateway chat, complete the
preserveLockedHarnessIds cleanup contract, flip the codex thread-history
import to storePath targets, and port remaining main-side tests from
file-store helpers to session accessor reads.

* chore: drop committed pebbles log, revert plugin-inspector bump, refresh generated docs

Remove the 1.8k-line .pebbles/events.jsonl work log from the branch, restore
the plugin-inspector advisory lane to main's pinned 0.3.10 so the supply-chain
bump gets its own review, and regenerate docs_map, the plugin SDK API baseline,
and the export-surface ratchet for the merged tree.

* feat(sessions): keep archived transcripts by default with zstd cold storage

Codex-style retention: deleting or resetting a session archives its
transcript as a zstd-compressed JSONL artifact (plain when the runtime
lacks node:zlib zstd) and keeps it until the disk budget evicts oldest
first. resetArchiveRetention now governs both deleted and reset archives
and defaults to keep; maxDiskBytes defaults to 2gb so retention stays
bounded, with archives evicted before live sessions. The cron reaper
follows the same knob instead of deleting archives on its own timer.

* fix(state): converge agent DB migration lineages and bound database growth

Merge coherence: run both structure-gated legacy memory-schema repairs
(flip-lineage drop, main-lineage identity rebuild) before the flip
migration so pre-flip v1/v2 and pre-merge flip v1/v4 databases all
converge, and hoist foreign_keys=OFF outside the schema transaction
where the pragma was silently ignored and the v1 sessions rebuild
cascade-deleted session_entries.

Growth guards: fresh agent DBs enable auto_vacuum=INCREMENTAL, WAL
maintenance releases freed pages in bounded passes (never a blocking
full VACUUM), and doctor reports state/agent DB bloat from freelist
stats.

* fix(codex): resolve the store path for thread-history import via the SDK

The supervision catalog passed the legacy sessionFile locator to the
storePath-targeted transcript mirror; resolve the agent store path with
the session-store SDK helper instead of a runtime-object seam so test
fakes and headless callers need no extra surface. Drop the obsolete
missing-session-id preprocessing case: sessions rows are NOT NULL on
session_id and upsert repairs id-less patches at write time.

* fix(sessions): fail safe on malformed disk-budget config and doctor stat errors

A malformed explicit maxDiskBytes disables the budget instead of
falling back to the destructive 2gb default the user never chose, and
the doctor bloat check skips databases whose paths stat-fail instead of
aborting doctor.

* fix(sessions): complete sqlite conflict translations

* test(sqlite): align hardening checks with maintenance

* test(sessions): inspect compressed transcript archives

* fix(tests): await session seeds and drop unused helpers flagged by CI lint

The five unawaited writeSessionStoreSeed calls raced their SQLite seeds
against the assertions, failing compact shards; the bloat probe drops a
useless initializer and the merged tests drop now-unused helpers.

* test(sessions): type legacy proof events directly

* test(sessions): align hardening contracts

* perf(sessions): read usage transcript sizes from SQL aggregates

Usage/cost scans walked every session and materialized every transcript
event just to re-stringify it for a byte estimate — the #86718 stall
class reborn on the DB. readTranscriptStatsSync sums stored JSON bytes
in SQLite without loading a single row.

* fix(sessions): re-root foreign-root transcript paths onto the current sessions dir

Restored backups, moved OPENCLAW_STATE_DIR, and rehearsal copies carry
absolute sessionFile paths from the old root; the containment fallback
kept those foreign paths, so migration read (and would archive) files in
the original root and reported local copies missing. Re-root the
canonical agents/<id>/sessions suffix onto the current dir when the file
exists there; genuine cross-root layouts still fall through unchanged.

* test(agents): seed harness admission through sqlite

* fix(sqlite): close agent db on pragma setup failure

* fix(doctor): compact and retrofit incremental auto-vacuum after session import

The migration is the sanctioned offline window: post-import compact
reclaims import churn and applies auto_vacuum=INCREMENTAL to databases
created before the fresh-DB pragma existed, so runtime maintenance can
release pages in bounded passes on every install.

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:50:37 -07:00
Peter Steinberger
5a6d684019 fix(browser): apply profile proxy policy to tab list redaction (#104715)
* fix(browser): apply profile proxy policy to tab list redaction

* test(browser): cover proxy tab redaction route proof

* test(browser): streamline proxy tab redaction coverage

* fix(browser): scope proxy inference to managed profiles

---------

Co-authored-by: llagy007 <0668001470@xydigit.com>
2026-07-11 14:47:02 -07:00
wings1029
5b5a5bcc26 fix(oc-path): report UTF-8 byte counts in set command output (#104496)
* fix(oc-path): report UTF-8 byte counts in set command output

Use Buffer.byteLength(newBytes, 'utf8') instead of string.length
for bytesWritten and dry-run byte reports. JavaScript's string.length
counts UTF-16 code units which undercounts multi-byte characters
when writing UTF-8 files.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(oc-path): cover human UTF-8 dry-run count

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:39:06 -07:00
wangmiao0668000666
3a4aa5fa16 fix(qa-lab): keep telegram QA progress detail truncation UTF-16 safe (#104576)
* fix(qa-lab): keep telegram QA progress detail truncation UTF-16 safe

Replaces .slice(0, TELEGRAM_QA_PROGRESS_DETAIL_LIMIT - 3) with
truncateUtf16Safe() so that emoji straddling the length boundary do not
produce lone surrogates that render as � in Telegram QA progress output.
The existing code-unit limit remains unchanged.

* fix(qa-lab): tighten UTF-16 regression case to actually cross the cut

Use 236 ASCII prefix so the raw .slice(0, 237) keeps only the high
surrogate of the emoji at indices [236, 237]. With 237 ASCII prefix the
old formatter excluded the whole emoji and the test never exercised the
defect.

ClawSweeper P2 fix: the regression test now fails on current main's
raw .slice and passes with truncateUtf16Safe.

* test(qa-lab): tighten UTF-16 truncation controls

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:37:45 -07:00
llagy007
4bf4cacb37 fix(browser): guard act hooks on current tab URL (#104095)
* fix(browser): guard act hooks on current tab URL

* test(browser): align navigation policy hook mock

* test(browser): exercise real hook navigation guard

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:27:34 -07:00
llagy007
85a8f4ba8d fix(browser): run mutation guard before JSON parsing (#104677)
* fix(browser): run mutation guard before JSON parsing

* test(browser): cover auth in mutation guard ordering

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:05:38 -07:00
Peter Steinberger
a21a08c504 feat(openai): recognize GPT-Live realtime models and fail closed with guidance (#104695)
* feat(openai): recognize GPT-Live realtime models and fail closed with guidance

OpenAI's gpt-live-1/gpt-live-1-mini full-duplex voice models are API
early-access only and use a WebRTC-only quicksilver session protocol with
handoff-based agent delegation that OpenClaw's realtime transports do not
implement yet. Configuring a gpt-live-* model now produces actionable
configuration errors on the realtime WebSocket bridge and Talk browser
sessions instead of opaque provider errors or audio-only sessions without
agent access. GA gpt-realtime behavior unchanged; default model stays
gpt-realtime-2.1.

Related: #104683

* test(openai): narrow browser session union before asserting offerUrl
2026-07-11 13:53:45 -07:00