Commit Graph

15788 Commits

Author SHA1 Message Date
Peter Steinberger
afa3212e90 fix(release): stage Telegram QA inside runtime root (#104125) 2026-07-10 22:39:09 -07:00
Peter Steinberger
81a201df26 feat: add portable table presentation blocks (#103583)
* feat(presentation): add portable table blocks

* chore(presentation): refresh generated contracts

* fix(slack): preserve table fallback payloads

* docs(changelog): note portable message tables

* fix(presentation): preserve cross-channel fallback delivery

* chore(plugin-sdk): refresh rebased contracts

* test(slack): align accessibility expectations

* fix(presentation): harden cross-channel fallback delivery

* chore(plugin-sdk): refresh rebased contracts

* docs(changelog): defer portable table release note

* fix(presentation): satisfy extension lint

* chore(plugin-sdk): refresh surface budgets

* fix(telegram): preserve reactions after progress replies

* fix(slack): preserve rendered preview fallback text

* fix(feishu): preserve oversized presentation fallbacks

* docs(changelog): note portable message tables

* docs(changelog): defer portable table release note

* chore(plugin-sdk): refresh rebased contracts

---------

Co-authored-by: Peter Steinberger <steipete@openai.com>
2026-07-10 22:29:13 -07:00
Peter Steinberger
9f53f8a256 feat(macos): import local browser login (#104177)
* feat(macos): import local browser login

* chore: leave release notes to release workflow

* chore(macos): refresh native i18n inventory

* chore(macos): refresh native i18n inventory

* chore(macos): refresh native i18n inventory

* chore: sync release summary executable bit

* chore(macos): refresh native i18n inventory

* style(macos): wrap browser import result

* chore(macos): refresh native i18n inventory

* chore(macos): refresh native i18n inventory
2026-07-10 22:14:36 -07:00
Peter Steinberger
36e0ac3576 fix(logs): clean up gateway and channel startup/shutdown log output (#104174)
* fix(logs): clean up gateway and channel startup/shutdown log output

Scope Discord slash-command deploy REST diagnostics to command routes so
concurrent startup traffic (voice-state probes, channel lookups) keeps its
owner's error handling; make per-request deploy error lines verbose-only and
drop JSON bodies that only repeat message+code. Log allowlist summaries one
line per call so unresolved lines keep their timestamp/subsystem prefix, and
skip identity lookups that resolved to themselves. Remove embedded subsystem
prefixes, demote routine signal/shutdown/force/postbuild/diag chatter to
debug or verbose, merge the duplicate Control UI build notices, drop doctor's
duplicate backup line, and name the config surface or platform limit in the
transcripts autoStart and command-limit warnings.

Fixes #104163

* fix(slack): keep bare-name allowlist resolutions in startup log summary

Only omit identity lookups where the input already is the resolved id;
name-based lookups that translated to an id stay logged even when the
display name matches the input.

* fix(telegram): keep isolated-ingress readiness marker on the runtime log

test/e2e/qa-lab telegram-bot-token-runtime waits for this line via the
injected RuntimeEnv.log; verbose-only logging would deterministically time
out that live proof. Comment the contract at the call site.
2026-07-10 22:13:33 -07:00
Alix-007
8f8aad9ae6 fix(minimax): add timeouts to OAuth HTTP requests (#102862)
* fix(minimax): add timeouts to OAuth HTTP requests

* fix(minimax): remove duplicate OAuth abort signals

* refactor(minimax): keep OAuth timeout internal

* test(minimax): make OAuth timeout proof deterministic

---------

Co-authored-by: llagy009 <0668001470@xydigit.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 22:02:34 -07:00
Alix-007
b09f9b0482 fix(openrouter): apply request policy to video catalog requests (#102062)
* fix(openrouter): apply request policy to video catalog requests

* fix(openrouter): key video catalog cache by request policy

* test(openrouter): preserve auth literal types

* fix(openrouter): preserve catalog auth overrides

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 22:01:18 -07:00
Alix-007
c4f46baec3 fix(nextcloud-talk): add timeout to room info lookup (#102859)
* fix(nextcloud-talk): add timeout to room info lookup

* test(nextcloud-talk): assert room lookup deadline

Co-authored-by: llagy009 <0668001470@xydigit.com>

---------

Co-authored-by: llagy009 <0668001470@xydigit.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 21:59:32 -07:00
xingzhou
6595d1756b fix(discord): stream multipart uploads (#102972)
* fix(discord): bound multipart REST uploads
* Preserve Discord media upload payload limits
* fix(discord): stream multipart uploads

---------

Co-authored-by: 张贵萍0668001030 <zhang.guiping@xydigit.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-07-11 10:10:41 +05:30
Josh Avant
fbd330b7aa fix(channels): honor configured read target policies (#99905)
* fix(channels): enforce configured read targets

* test(channels): align policy checks with boundaries

* fix: bind channel reads to trusted turn context

* test: satisfy gateway lint

* fix: narrow message action channel imports

* fix(feishu): authorize message reads before provider access

* fix(slack): await reaction clear authorization

* fix(channels): align provider action contracts

* fix(matrix): read direct-room account data before sync

* fix(channels): reject unsupported attachment actions early

* fix: restore trusted operator conversation reads

* fix(matrix): authorize pin actions before provider reads

* fix: preserve trusted channel read workflows

* fix(discord): resolve current channel ids consistently

* fix(agents): preserve message action turn capability

* fix(plugins): enforce host-owned read provenance

* fix(channels): harden Teams and Discord read policy

* fix(channels): preserve exact-current action compatibility

* fix(imessage): authorize trusted current chat aliases

* fix(channels): preserve normalized current aliases

* fix(channels): preserve external current target aliases

* fix: reconcile channel policy with current main

* fix(discord): isolate DM read policy

* fix(channels): enforce provider read gates

* fix(gateway): await serialized message action identity tokens

* fix(ci): refresh channel protocol contracts
2026-07-10 22:29:37 -05:00
Peter Steinberger
feae1faf06 fix(release): expose Telegram launcher failures safely (#104099)
* fix(release): expose Telegram launcher failures safely

* test(release): prove namespace launcher diagnostics
2026-07-10 20:03:36 -07:00
Peter Steinberger
dba64d574f chore(release): set version to 2026.7.2 2026-07-11 04:00:49 +01:00
Peter Steinberger
bb26753705 fix(telegram): satisfy lint in transport-close proof test
restrict-plus-operands (Buffer + string) and no-promise-executor-return
tripped the lint shards on every PR since #101783 landed; scoped fixes
only, no behavior change.
2026-07-10 19:44:03 -07:00
ly-wang19
780f8d6f62 fix(telegram): clean up split reasoning previews (#97828)
Co-authored-by: ly-wang19 <ly-wang19@users.noreply.github.com>
2026-07-10 19:43:14 -07:00
sunlit-deng
4d55b116c6 fix(feishu): keep native-card payloads in topic threads (#102804) 2026-07-10 19:33:18 -07:00
xingzhou
85fa8af4bb fix(telegram): close evicted client-options cache transports after in-flight sends (#101783)
Long-running Telegram senders leaked HTTP transports: the client-options cache in extensions/telegram/src/send.ts created an owned undici dispatcher per account/network entry but evicted entries without closing it. Cache entries now own their transport; eviction retires the entry and closes the transport once the operation-level lease releases, so cache pressure never aborts an in-flight, retrying, or still-preparing send. Includes a real-socket e2e regression against a local Bot API server.

Co-authored-by: zhangguiping-xydt <zhangguiping-xydt@users.noreply.github.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-07-11 07:57:44 +05:30
soldforaloss
200e1df007 fix(exa): cache disabled content options separately (#103653)
* fix(exa): partition cache by disabled content options

* fix(exa): align cache keys with effective contents

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-11 10:25:22 +08:00
mushuiyu886
f5eacacea5 fix(memory-wiki): stop duplicate bridge imports under polling (#91828)
* fix(memory-wiki): coalesce concurrent source syncs

Co-authored-by: mushuiyu_xydt <yang.haoyu@xydigit.com>

* test(memory-wiki): track alias fixture cleanup

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 19:20:15 -07:00
Peter Steinberger
2a12c9916a feat(browser): import Chrome-family system-profile cookies into managed profiles (#104057)
* feat(browser): import Chrome-family system-profile cookies into managed profiles

Import cookies from a real Chrome/Brave/Edge/Chromium system profile (macOS)
into a fresh OpenClaw-managed browser profile so the agent can browse as the
signed-in user. Reads the source Cookies DB via a coherent VACUUM INTO snapshot,
decrypts v10 AES-128-CBC values with the Safe Storage Keychain key (one Touch ID
consent), maps rows to Playwright cookies (FILETIME expiry, SameSite, M124+
domain-hash prefix strip, CHIPS skipped), and best-effort injects them via
addCookies into a mock-keychain profile so they persist without further prompts.
Decrypted values are never logged or returned.

Exposed as agent tool action=importprofile, CLI system-profiles/import-profile,
and POST /profiles/import; action=profiles surfaces importable systemProfiles.
Listing and import are pinned host-local at every surface (gateway, browser
tool, node proxy) since they read the local Keychain and Chrome profiles.
Malformed domain filters fail closed via a shared validator. Gated by
browser.allowSystemProfileImport (default on). Imports cookies only.

* fix(browser): satisfy CI lint (OpenClaw temp dir, Unicode control-char class)

Use resolvePreferredOpenClawTmpDir() instead of os.tmpdir() for the cookie DB
snapshot (messaging/channel runtime tmpdir guard), and match control characters
via the Unicode \p{Cc} class instead of a literal control-char range so the
CLI table sanitizer passes the no-control-regex lint.
2026-07-10 19:15:52 -07:00
Peter Steinberger
7ac8e2e227 fix(telegram): preserve UTF-16 model labels (#104037) 2026-07-10 18:32:04 -07:00
chenyangjun-xy
b58029f4fd fix(telegram): preserve outbound prompt context projections (#102469)
* fix(telegram): preserve outbound prompt context projections

Co-authored-by: 陈杨俊0668000971 <chen.yangjun@xydigit.com>

* fix(telegram): satisfy legacy sender lint

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:25:54 -07:00
Peter Steinberger
d6f07f36db fix(memory-wiki): prevent partial failures during concurrent agent writes (#103408)
* fix(memory-wiki): serialize concurrent apply transactions

* chore(memory-wiki): leave release note to release workflow
2026-07-10 18:22:51 -07:00
Peter Steinberger
790cd2aff2 fix(twitch): preserve UTF-16 pairs in outbound chunks (#104030) 2026-07-10 18:20:29 -07:00
llagy007
a1571f2118 fix(browser): normalize local dispatch request paths (#103727)
* fix(browser): normalize local dispatch request paths

* refactor(browser): inline request path normalization

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:10:26 -07:00
Josh Avant
d777460966 fix(slack): apply sender policy to group DMs (#104007) 2026-07-10 19:57:58 -05:00
Masato Hoshino
2a69149566 fix(clickclack): sanitize outbound assistant text (#103142) 2026-07-10 17:52:37 -07:00
clawSean
e44f04c50e fix(sms): normalize Twilio RCS webhook senders (#102373)
Co-authored-by: clawSean <260045960+clawSean@users.noreply.github.com>
2026-07-10 17:51:47 -07:00
James Armstead
65cc86f45c Refresh MCP OAuth auth-profile tokens (#96120)
* Refresh MCP OAuth auth-profile tokens

* Rotate Codex MCP binding on bearer changes

* Preserve agent scope for MCP auth profiles

* Preserve Codex MCP tool filters

* Keep Codex MCP projection helper local-only

* Fix Codex projection package boundary artifacts

* Revert "Fix Codex projection package boundary artifacts"

This reverts commit 13bcaed3da.

* Revert "Keep Codex MCP projection helper local-only"

This reverts commit 19751f4922.

* Trigger CI rerun for OAuth MCP PR

* Fail closed for remote Codex MCP bearer projection

* Fix MCP OAuth bearer token projection

* fix: project MCP-native OAuth credentials

* fix: align MCP SDK surface budget

* fix(mcp): keep agents available before OAuth login

---------

Co-authored-by: Josh Lehman <josh@martian.engineering>
2026-07-10 17:49:43 -07:00
qingminlong
5c77724ff8 fix(canvas): validate A2UI JSONL centrally (#103713) 2026-07-11 01:48:37 +01:00
Vincent Koc
eefd6248f4 fix(release): manage tracked private shrinkwraps 2026-07-10 17:47:32 -07:00
Vincent Koc
3bbed6e82e fix(release): align Vault plugin version 2026-07-10 17:47:32 -07:00
maweibin
6b460e50a4 fix(qqbot): bound stalled token acquisition (#102897) 2026-07-11 01:45:43 +01:00
Peter Steinberger
b7d6291bfd fix(memory): preserve Unicode in QMD snippets (#103996) 2026-07-11 01:28:29 +01:00
wings1029
63859f73e6 fix(codex): preserve Unicode diagnostics boundaries (#103740)
* fix(codex): preserve Unicode diagnostics boundaries

Co-authored-by: 陈志强0668000989 <chen.zhiqiang1@xydigit.com>

* test(codex): assert diagnostics preview boundary

* test(codex): narrow diagnostics result text

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 00:45:57 +01:00
wings1029
9bfecf46ee fix(acpx): preserve Unicode in wrapper diagnostics (#103738)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 00:06:14 +01:00
xingzhou
babc287afe fix(slack): time out stalled external file uploads (#103442)
* fix(slack): time out stalled external file uploads

* fix(slack): scope external upload timeout

* fix(slack): restrict external upload transport

* fix(slack): restrict external upload transport

* fix(slack): preserve external upload retry safety

* test(slack): use compatible guarded fetch runtime

* test(plugin-sdk): update public export baseline

* fix(slack): harden external upload delivery

* refactor(slack): isolate upload completion

Keep ordinary Enterprise Grid traffic on the Bolt listener client. Use a team-scoped no-retry client only for one-shot external upload completion, while preserving the bounded raw-upload timeout and safe durable replay classification.

* fix(slack): refresh upload release metadata

* chore(slack): leave release notes release-owned

* fix(slack): classify failed uploads before completion

* fix(slack): keep upload completion untimed

* test(plugin-sdk): refresh public export baseline

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:52:35 +01:00
qingminlong
4f1f7c6fb0 fix(nodes): resolve Unicode browser node names when configured by display name (#103548)
* fix-nodes-unicode-browser-node-names

* fix(nodes): preserve compact browser node selectors

* fix(nodes): normalize unicode node names canonically

* fix(nodes): scope compact browser selectors

* fix(nodes): preserve meaningful unicode marks

* chore: leave changelog updates to release automation

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:32:28 +01:00
lsr911
9dee9ebffa fix(qa-lab): use truncateUtf16Safe for tool search gateway and mock OpenAI text truncation (#103219)
* fix(qa-lab): use truncateUtf16Safe for tool search and mock OpenAI text truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in:
- tool-search-gateway.fixture.ts: 4 sites (provider input snippet,
  tool output snippet, gateway output text for normal/code lanes)
- mock-openai/server.ts: 1 site (tool output evidence snippet)

LLM output text may contain non-BMP characters (emoji, CJK
extension characters). Naive .slice(0, N) at a surrogate pair
boundary produces a lone surrogate.

Co-Authored-By: Claude <noreply@anthropic.com>

* test: add proof script for qa-lab UTF-16 safe truncation at all boundaries

* test(qa-lab): integrate UTF-16 boundary coverage

Co-authored-by: lsr911 <liao.shirong@xydigit.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:26:42 +01:00
Peter Steinberger
53bcdf8fe2 fix(signal): drain accepted messages on shutdown (#103967) 2026-07-10 23:15:04 +01:00
xingzhou
4257875448 fix(qa-lab): keep saved view text truncation UTF-16 safe (#103789)
* fix(qa-lab): keep saved view text truncation UTF-16 safe

* refactor(qa-lab): use semantic truncation helper

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 23:10:53 +01:00
Peter Steinberger
3f402f2c48 fix(telegram): suppress replies superseded during adoption (#103965)
* fix(telegram): preserve supersession through async adoption

* fix(auto-reply): stop superseded queued turns after adoption

* test(telegram): use dispatcher delivery return type
2026-07-10 23:10:05 +01:00
Vincent Koc
c5bdd64442 fix(telegram): detach adopted turns from reply fence (#103952) 2026-07-10 14:36:46 -07:00
Peter Steinberger
1b1120a69d fix(feishu): prevent duplicate content in streaming cards (#103915)
* fix(feishu): keep streaming card snapshots authoritative

Co-authored-by: Jun Ma <hpumajunhappy@163.com>

* refactor(feishu): use current snapshot as retry source

* fix(feishu): validate CardKit response bodies

* fix(feishu): keep close summaries accepted

* test(feishu): simplify close rejection state proof

* test(feishu): match normalized close summary

---------

Co-authored-by: Jun Ma <hpumajunhappy@163.com>
2026-07-10 22:05:18 +01:00
Peter Steinberger
72e6fcab8a fix(qa-matrix): preserve Unicode error previews (#103909)
Co-authored-by: lsr911 <liao.shirong@xydigit.com>
2026-07-10 20:58:38 +01:00
Peter Steinberger
1bcc4c5e70 feat(gateway): add cooperative host suspension (#103618)
* feat(gateway): add cooperative suspension preparation

* style: satisfy suspension lint checks

* test(gateway): reset work admission between shared suites

* fix(gateway): reject upgrades during suspension

* fix(gateway): preserve admitted work during suspension

* test(gateway): isolate suspension and restart state

* fix(gateway): close suspension false-ready gaps

* refactor(protocol): slim suspension declaration graph

* refactor(plugin-sdk): sever protocol registry edges

* fix(gateway): preserve admitted restart follow-ups

* fix(gateway): make suspension recovery fail closed

* fix(protocol): keep validation formatter re-export only

* test(gateway): simplify deferred fixture type

* style(gateway): clarify suspension entry name

* fix(gateway): retain detached work admission
2026-07-10 20:24:53 +01:00
Peter Steinberger
e1934d968e fix(nodes): stop advertising a disabled browser proxy (#103894)
* fix(nodes): hide disabled browser proxy capability

* chore: defer node fix changelog to release

* chore: ratchet plugin SDK surface budget
2026-07-10 20:06:53 +01:00
Vincent Koc
2a1d6e49d5 fix(ci): run Telegram release QA from trusted harness (#103207)
* fix(ci): use trusted Telegram QA harness

* fix(ci): restrict trusted Telegram QA candidate

* fix(ci): isolate trusted Telegram QA candidate

* fix(ci): harden Telegram QA process boundary

* fix(ci): pass Telegram QA release gates

* test(qa): stub Telegram env explicitly

* fix(ci): harden Telegram release QA boundary

* test(ci): harden trusted workflow and memory guards
2026-07-10 11:32:24 -07:00
ZOOWH
61893247ec fix(chutes): redact OAuth error response body (#103569)
* fix(chutes): redact OAuth error response body in token exchange and refresh

Replace readResponseTextLimited + raw body in error message with
extractProviderErrorDetail for bounded, redacted structured error detail.

Ref: #102953

* fix(chutes): update test assertions for extractProviderErrorDetail message format

* fix(chutes): remove unused readResponseTextLimited and CHUTES_OAUTH_ERROR_BODY_LIMIT_BYTES

* fix(chutes): normalize OAuth HTTP failures

* test(chutes): assert redaction without fixed mask

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:40:58 +01:00
Peter Steinberger
5aea34ad8c fix(webui): keep tool activity paired without model calls (#103821)
* fix(webui): make tool activity rendering deterministic

* fix(protocol): remove stale tool-title models

* fix(i18n): translate tool activity labels

* fix(i18n): translate tool activity labels
2026-07-10 18:21:08 +01:00
pick-cat
8a93d288e2 fix(nextcloud-talk): strip internal tool-trace banners from outbound text (#101712)
* fix(nextcloud-talk): strip internal tool-trace banners from outbound text

* fix(nextcloud-talk): sanitize inbound replies

Co-authored-by: liyuanbin <li.yuanbin1@xydigit.com>

* test(nextcloud-talk): prove low-level send text preservation

* test(nextcloud-talk): focus inbound sanitizer coverage

* fix(nextcloud-talk): report stripped replies as non-visible

* docs(changelog): note Nextcloud Talk reply sanitization

* chore: keep PR changelog-neutral

---------

Co-authored-by: Pick-cat <266665499+Pick-cat@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: liyuanbin <li.yuanbin1@xydigit.com>
2026-07-10 18:17:19 +01:00
cavit99
5e250aac74 fix: A2A handoffs can duplicate message-tool replies (#97259)
* fix: stop A2A source-reply mirror duplicates

* fix(agents): harden A2A reply extraction

* fix(agents): preserve internal A2A source replies

* test(gateway): assert A2A mirror projection precisely

* test(agents): complete A2A payload fixtures

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 18:05:51 +01:00