Commit Graph

67697 Commits

Author SHA1 Message Date
Josh Lehman
0a8e3604ba refactor: flip sessions and transcripts to sqlite storage (#98236)
* refactor(sessions): migrate runtime storage to sqlite

* test(sessions): fix sqlite CI regressions

* test(sessions): align remaining sqlite fixtures

* fix(codex): require sqlite trajectory recorder

* test(sessions): align orphan recovery sqlite fixture

* test(sessions): align sqlite rebase fixtures

* fix(sessions): finish current-main integration of the sqlite flip

Resolve the whole-store SDK removal across its owner boundary: drop the
loadSessionStore re-export and the registry whole-store wrappers, wire
hasTrackedActiveSessionRun into gateway chat, complete the
preserveLockedHarnessIds cleanup contract, flip the codex thread-history
import to storePath targets, and port remaining main-side tests from
file-store helpers to session accessor reads.

* chore: drop committed pebbles log, revert plugin-inspector bump, refresh generated docs

Remove the 1.8k-line .pebbles/events.jsonl work log from the branch, restore
the plugin-inspector advisory lane to main's pinned 0.3.10 so the supply-chain
bump gets its own review, and regenerate docs_map, the plugin SDK API baseline,
and the export-surface ratchet for the merged tree.

* feat(sessions): keep archived transcripts by default with zstd cold storage

Codex-style retention: deleting or resetting a session archives its
transcript as a zstd-compressed JSONL artifact (plain when the runtime
lacks node:zlib zstd) and keeps it until the disk budget evicts oldest
first. resetArchiveRetention now governs both deleted and reset archives
and defaults to keep; maxDiskBytes defaults to 2gb so retention stays
bounded, with archives evicted before live sessions. The cron reaper
follows the same knob instead of deleting archives on its own timer.

* fix(state): converge agent DB migration lineages and bound database growth

Merge coherence: run both structure-gated legacy memory-schema repairs
(flip-lineage drop, main-lineage identity rebuild) before the flip
migration so pre-flip v1/v2 and pre-merge flip v1/v4 databases all
converge, and hoist foreign_keys=OFF outside the schema transaction
where the pragma was silently ignored and the v1 sessions rebuild
cascade-deleted session_entries.

Growth guards: fresh agent DBs enable auto_vacuum=INCREMENTAL, WAL
maintenance releases freed pages in bounded passes (never a blocking
full VACUUM), and doctor reports state/agent DB bloat from freelist
stats.

* fix(codex): resolve the store path for thread-history import via the SDK

The supervision catalog passed the legacy sessionFile locator to the
storePath-targeted transcript mirror; resolve the agent store path with
the session-store SDK helper instead of a runtime-object seam so test
fakes and headless callers need no extra surface. Drop the obsolete
missing-session-id preprocessing case: sessions rows are NOT NULL on
session_id and upsert repairs id-less patches at write time.

* fix(sessions): fail safe on malformed disk-budget config and doctor stat errors

A malformed explicit maxDiskBytes disables the budget instead of
falling back to the destructive 2gb default the user never chose, and
the doctor bloat check skips databases whose paths stat-fail instead of
aborting doctor.

* fix(sessions): complete sqlite conflict translations

* test(sqlite): align hardening checks with maintenance

* test(sessions): inspect compressed transcript archives

* fix(tests): await session seeds and drop unused helpers flagged by CI lint

The five unawaited writeSessionStoreSeed calls raced their SQLite seeds
against the assertions, failing compact shards; the bloat probe drops a
useless initializer and the merged tests drop now-unused helpers.

* test(sessions): type legacy proof events directly

* test(sessions): align hardening contracts

* perf(sessions): read usage transcript sizes from SQL aggregates

Usage/cost scans walked every session and materialized every transcript
event just to re-stringify it for a byte estimate — the #86718 stall
class reborn on the DB. readTranscriptStatsSync sums stored JSON bytes
in SQLite without loading a single row.

* fix(sessions): re-root foreign-root transcript paths onto the current sessions dir

Restored backups, moved OPENCLAW_STATE_DIR, and rehearsal copies carry
absolute sessionFile paths from the old root; the containment fallback
kept those foreign paths, so migration read (and would archive) files in
the original root and reported local copies missing. Re-root the
canonical agents/<id>/sessions suffix onto the current dir when the file
exists there; genuine cross-root layouts still fall through unchanged.

* test(agents): seed harness admission through sqlite

* fix(sqlite): close agent db on pragma setup failure

* fix(doctor): compact and retrofit incremental auto-vacuum after session import

The migration is the sanctioned offline window: post-import compact
reclaims import churn and applies auto_vacuum=INCREMENTAL to databases
created before the fresh-DB pragma existed, so runtime maintenance can
release pages in bounded passes on every install.

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:50:37 -07:00
WhatsSkiLL
ca09fcaff1 fix(android): refresh notification access on resume (#104460)
Co-authored-by: IWhatsskill <284122573+IWhatsskill@users.noreply.github.com>
2026-07-11 14:49:33 -07:00
Vyctor H. Brzezowski
c901e37e57 fix(ui): hide pinned session action until hover (#104622) 2026-07-11 18:47:22 -03:00
Peter Steinberger
5a6d684019 fix(browser): apply profile proxy policy to tab list redaction (#104715)
* fix(browser): apply profile proxy policy to tab list redaction

* test(browser): cover proxy tab redaction route proof

* test(browser): streamline proxy tab redaction coverage

* fix(browser): scope proxy inference to managed profiles

---------

Co-authored-by: llagy007 <0668001470@xydigit.com>
2026-07-11 14:47:02 -07:00
WhatsSkiLL
efc7759f38 [AI-assisted] Fix Android workspace filename wrapping (#104075)
* [AI-assisted] Fix Android workspace filename wrapping

* [AI-assisted] Keep Android i18n inventory stable

---------

Co-authored-by: IWhatsskill <284122573+IWhatsskill@users.noreply.github.com>
2026-07-11 14:45:32 -07:00
Peter Steinberger
8c90933608 fix(docs): unify translation prompt locale rules 2026-07-11 17:41:51 -04:00
wings1029
5b5a5bcc26 fix(oc-path): report UTF-8 byte counts in set command output (#104496)
* fix(oc-path): report UTF-8 byte counts in set command output

Use Buffer.byteLength(newBytes, 'utf8') instead of string.length
for bytesWritten and dry-run byte reports. JavaScript's string.length
counts UTF-16 code units which undercounts multi-byte characters
when writing UTF-8 files.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(oc-path): cover human UTF-8 dry-run count

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:39:06 -07:00
chenyangjun-xy
26e1b18a9b fix(attempt-execution): use truncateUtf16Safe for summary text truncation (#104454)
* fix(attempt-execution): use truncateUtf16Safe for summary text truncation

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* test(agents): cover fallback summary UTF-16 boundary

* test(agents): cross fallback summary truncation budget

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:38:19 -07:00
wangmiao0668000666
3a4aa5fa16 fix(qa-lab): keep telegram QA progress detail truncation UTF-16 safe (#104576)
* fix(qa-lab): keep telegram QA progress detail truncation UTF-16 safe

Replaces .slice(0, TELEGRAM_QA_PROGRESS_DETAIL_LIMIT - 3) with
truncateUtf16Safe() so that emoji straddling the length boundary do not
produce lone surrogates that render as � in Telegram QA progress output.
The existing code-unit limit remains unchanged.

* fix(qa-lab): tighten UTF-16 regression case to actually cross the cut

Use 236 ASCII prefix so the raw .slice(0, 237) keeps only the high
surrogate of the emoji at indices [236, 237]. With 237 ASCII prefix the
old formatter excluded the whole emoji and the test never exercised the
defect.

ClawSweeper P2 fix: the regression test now fails on current main's
raw .slice and passes with truncateUtf16Safe.

* test(qa-lab): tighten UTF-16 truncation controls

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:37:45 -07:00
NIO
4b27de4ddb fix(gateway): keep worker SSH tunnel stderr tails UTF-16 safe (#104621)
* fix(gateway): keep worker SSH tunnel stderr tails UTF-16 safe

* refactor(gateway): simplify bounded SSH diagnostics

* refactor(gateway): use shared UTF-16 tail slicing

---------

Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:37:11 -07:00
Peter Steinberger
d8512fc937 feat: chat welcome shows an animated Clawd hero and recent chats instead of canned suggestions (#104276)
The empty-session welcome renders the animated lobster sprite big and borderless (breathe/blink/wave idle loop, reduced-motion aware) instead of the framed static logo, drops the "Ready to chat" badge, and lists the five most recent user-created chats (dashboard/worktree, never channel-bound) as one-click rows in place of the canned suggestions once any exist. Recents reuse the sidebar visible-row rules and selected-agent resolution (incl. bare-global keys); new chat.welcome.recentSessions locale strings shipped fully translated.

Surface: Control UI chat welcome (ui/src/pages/chat/components/chat-welcome.ts, chat layout CSS, i18n bundles).

Closes #104245
2026-07-11 14:31:56 -07:00
WhatsSkiLL
e0162ea9e2 feat(android): add chat image previews (#104620)
Co-authored-by: IWhatsskill <284122573+IWhatsskill@users.noreply.github.com>
2026-07-11 17:28:59 -04:00
llagy007
4bf4cacb37 fix(browser): guard act hooks on current tab URL (#104095)
* fix(browser): guard act hooks on current tab URL

* test(browser): align navigation policy hook mock

* test(browser): exercise real hook navigation guard

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:27:34 -07:00
Peter Steinberger
b683a0a5cf fix(ci): prevent AWS Crabbox pnpm exit hang (#104710) 2026-07-11 14:25:19 -07:00
wings1029
14b95c7552 fix(write): report actual UTF-8 byte count in success message (#104560)
* fix(write): report actual UTF-8 byte count in success message

Replace string.length (UTF-16 code units) with Buffer.byteLength(content, 'utf8')
so the reported byte count matches the actual bytes written to disk.

For ASCII content the values are identical. For non-ASCII content (CJK, emoji),
string.length underreports — e.g. '你好' reports as 2 bytes but is actually 6.

* refactor(write): centralize success reporting

* test(write): avoid shadowing recovery fixture

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:24:41 -07:00
Peter Steinberger
1b1a41d87f refactor(ui): sidebar IA cleanup: Activity to Settings, Dreams into Agents Memory tab, single MCP mutation owner (#104604)
* refactor(ui): move dreams page modules to agents/memory (verbatim)

* refactor(ui): sidebar IA cleanup: Activity to Settings, Dreams into Agents Memory tab, single MCP mutation owner, Usage icon

Folds the per-agent Dreams page into the Agents page as a Memory panel and
deletes the dreams route; moves the session-scoped Activity page out of the
sidebar into Settings > System next to Logs; removes the MCP enable/disable
toggle from Settings > MCP so the Plugins page is the single mutation surface
for config.mcp.servers; gives Usage a coins icon so it no longer collides
with Overview.

Closes #104590

* docs: update Control UI docs for Activity/Memory/MCP sidebar changes

* fix(scripts): fail control-ui i18n sync closed on new untranslated keys without provider auth

An unauthenticated ui:i18n:sync silently recorded English fallbacks, which the
shipped-fallback CI gate then rejects; post-merge translation is owned by the
control-ui-locale-refresh workflow. Sync now errors on new untranslated keys
without a provider (OPENCLAW_CONTROL_UI_I18N_AUTH_OPTIONAL=1 opts back in),
and the ui AGENTS guide documents the commit-en.ts-only contributor flow.

* chore(ui): translate new sidebar keys, refresh i18n baseline, localize Memory tab expectation
2026-07-11 14:24:39 -07:00
xingzhou
fc0fd1bdda fix(ui): browser annotation prompts corrupt boundary emoji (#104396) 2026-07-11 14:20:45 -07:00
Peter Steinberger
c60b1b25bf fix(macos): make onboarding default action keyboard-accessible (#104705) 2026-07-11 14:20:36 -07:00
Vyctor H. Brzezowski
6082a0c6ef fix(ui): move language selector to general settings (#104638)
* fix(ui): move language selector to general settings

* fix(ui): remove stale settings import
2026-07-11 18:17:07 -03:00
Peter Steinberger
dbdc61e897 fix(ci): validate frozen release candidates safely (#104697)
* fix(ci): validate frozen release candidates safely

* test(ci): align release workflow types

* fix(ci): validate frozen release tags safely
2026-07-11 14:10:41 -07:00
mushuiyu886
b2702156ac fix(agents): preserve UTF-16 boundaries in bootstrap context (#104423) 2026-07-11 14:07:47 -07:00
Peter Steinberger
ac4ecdb4e0 test(e2e): live-model scenarios for node-hosted MCP tools and skills (#104699)
* test(e2e): live-model scenarios for node-hosted MCP tools and skills

Adds --live to the node-plugin pond E2E: three real Anthropic
(claude-sonnet-4-6) agent turns prove the model can (1) call a node-hosted
MCP tool with a proof token verified in the MCP server's call log, (2) use
a node-published skill from its context, and (3) disambiguate identically
named tools from two nodes via deterministic node-prefixed names. Requires
ANTHROPIC_API_KEY; mock mode unchanged.

* style: explicit sort compare in pond tool-id assertion
2026-07-11 14:07:31 -07:00
llagy007
85a8f4ba8d fix(browser): run mutation guard before JSON parsing (#104677)
* fix(browser): run mutation guard before JSON parsing

* test(browser): cover auth in mutation guard ordering

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 14:05:38 -07:00
mushuiyu886
1c576a2713 fix(cron): preserve UTF-16 boundaries in exec tails (#104385) 2026-07-11 14:04:04 -07:00
Vincent Koc
fd9f84ffdc chore(autoreview): align canonical skill (#104701) 2026-07-12 05:00:26 +08:00
Peter Steinberger
a21a08c504 feat(openai): recognize GPT-Live realtime models and fail closed with guidance (#104695)
* feat(openai): recognize GPT-Live realtime models and fail closed with guidance

OpenAI's gpt-live-1/gpt-live-1-mini full-duplex voice models are API
early-access only and use a WebRTC-only quicksilver session protocol with
handoff-based agent delegation that OpenClaw's realtime transports do not
implement yet. Configuring a gpt-live-* model now produces actionable
configuration errors on the realtime WebSocket bridge and Talk browser
sessions instead of opaque provider errors or audio-only sessions without
agent access. GA gpt-realtime behavior unchanged; default model stays
gpt-realtime-2.1.

Related: #104683

* test(openai): narrow browser session union before asserting offerUrl
2026-07-11 13:53:45 -07:00
Peter Steinberger
1c4041bf72 fix(maint): reuse docs-only parent gate evidence (#104696) 2026-07-11 13:49:01 -07:00
Peter Steinberger
da257661f3 fix(ui): hide web sidebar toggles when the macOS titlebar hosts the toggle (#104694) 2026-07-11 13:46:15 -07:00
Peter Steinberger
b80ab618c3 feat(cloud-workers): authenticated worker protocol with closed ingress and minted credentials (#104688)
* feat(cloud-workers): add authenticated worker protocol

* feat(cloud-workers): add worker credential primitives

* docs(gateway): document closed worker protocol

* test(cloud-workers): keep protocol fixtures lean

* fix(cloud-workers): bound live worker connections

* fix(cloud-workers): close admission and cleanup gaps

* docs: regenerate docs map for worker protocol page
2026-07-11 13:45:14 -07:00
Peter Steinberger
0ae3de7c6f fix(ui): dock the chat background-tasks rail to the bottom of narrow panes (#104107)
The tasks rail (from #104010) only rendered as a right-docked 230-280px
column and vanished with its toggles below a 1120px viewport, so narrow
split-view panes got a crushed thread and compact windows lost access
to background tasks entirely — the same bug class #104033 fixed for the
workspace rail and detail panel.

The rail now follows the pane's measured width: it presents as a
full-width bottom strip (sections side by side like the workspace
rail's bottom dock) when the pane is too narrow for a side column, and
the workspace rail keeps first claim on the side slot when only one
column fits. Side-docked rails, not bottom strips, now count against
the width available to the chat + detail split.

Proof: check:changed + 212 focused tests green on Testbox at this exact
content; codex autoreview clean; chromium+webkit visual verification at
seven window widths plus split view with zero geometry overlaps.
Landed with maintainer CI override.

Closes #104091
2026-07-11 13:40:08 -07:00
Peter Steinberger
66e4890234 improve(ui): sidebar session selection reads as filled pill instead of accent border (#104680)
* refactor(ui): redesign sidebar session selection as filled pills

* fix(ui): keep session selection fill from degrading under hover
2026-07-11 13:38:48 -07:00
Peter Steinberger
c48ed95533 feat(ui): merge Instances into a unified Devices page (#104561)
* chore(i18n): regenerate locale bundles for Devices rename

* chore(i18n): regenerate locale bundles for Devices rename

* chore(i18n): sync locale metadata for Devices rename

* fix(gateway): stop tracking ephemeral control-plane clients in presence

* feat(ui): merge Instances into a unified Devices page

* docs: point Instances references at the unified Devices page

* chore(i18n): reconcile locale metadata after rebase

* fix(gateway): keep test-mode clients tracked in presence; refresh docs map
2026-07-11 13:36:07 -07:00
Peter Steinberger
aee938273c fix(sessions): preserve cancelled terminal outcome detail in the session state signal log (#104676) 2026-07-11 13:35:44 -07:00
Peter Steinberger
549b1baef3 fix(browser): finalize role snapshot budgets (#104689) 2026-07-11 13:35:21 -07:00
Peter Steinberger
a366218cf4 fix(gateway): retain detached hook admission (#104686) 2026-07-11 13:33:26 -07:00
Peter Steinberger
262baedcf7 test(agents): isolate full-suite shared state (#104682) 2026-07-11 13:28:21 -07:00
Peter Steinberger
8fe6ac7fb9 refactor: remove pre-2026.4 compatibility shims and legacy migrations (#104650)
* refactor(matrix): retire pre-2026.4 legacy crypto and flat-storage migrations

* refactor(cli): drop pre-tsdown daemon-cli dist compat shim from the build

* refactor(diffs): remove deprecated image*/format tool params and output aliases

* refactor(ui): drop pre-gateway-scoped localStorage readers and legacy theme map

* refactor: remove assorted pre-2026.4 compat shims and deprecated aliases

* fix(discord): map legacy thread-binding fields in the doctor JSON import

* fix(msteams): keep bot read fallback for legacy imported conversation rows

* test(msteams): cover legacy bot-only imported conversation references

* fix(ui): keep channel-prefixed session key display fallback

* chore: refresh native i18n inventory and build-docker step count

* chore(matrix): drop now-unused migration-config module

* chore: re-pin plugin SDK public export budget after compat removals

* chore: refresh native i18n inventory after rebase

* chore: re-pin plugin SDK callable budget and refresh i18n inventory after rebase
2026-07-11 13:22:27 -07:00
zw-xysk
a4c1e22731 fix(slack): preserve unrelated action rows after interactions (#103445)
* fix(slack): use endsWith instead of includes for _all_ action_id matching

* fix(slack): codify bulk action IDs and add confirmation regressions

Extract isSlackBulkActionId() with the documented _all suffix grammar,
use it for bulk-row detection, and add whole-path chat.update tests for
bulk-row cleanup plus deploy_all_services false-positive control.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(slack): use OpenClaw bulk block marker instead of _all suffix

Replace global endsWith("_all") bulk detection with an explicit
openclaw:bulk: block_id prefix and closed action IDs, export a shared
producer helper, and add live Slack chat.update proof for bulk-row
removal and deploy_all_services preservation.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(slack): keep bulk contract private and add legacy upgrade path

Drop speculative bulk-action exports from the Slack plugin API, keep
accepted ID collections private and immutable, and recognize legacy bare
select_all/deselect_all rows while still rejecting deploy_all_services
false positives.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(slack): drop unsupported bare bulk compatibility branch

Remove the legacy select_all/deselect_all classifier that overmatched
single-ID and duplicate-ID rows, and add negative whole-path regressions
preserving unrelated custom action rows.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(slack): remove unsupported bulk-row cleanup heuristic

Delete the undocumented bulk-row inference and namespaced replacement
contract. Confirmation updates now replace only the selected actions row
and preserve every other authored Block Kit row.

* refactor(slack): tighten interaction confirmation fix

* chore(changelog): preserve historical TTS entries

* chore(slack): move release note to PR body

---------

Co-authored-by: zw-xysk <zw-xysk@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 13:16:25 -07:00
Peter Steinberger
a89e6d9870 refactor(channels): migrate internal callers off deprecated reply facades (#104673) 2026-07-11 13:15:16 -07:00
Peter Steinberger
7a466b33f3 feat: add metadata-only message audit events (#103903)
* feat: add metadata-only message audit events

* chore(protocol): restore generated swift models and config baseline after rebase

* fix(state): gate agent-db ownership check before schema version

* fix(cli): sync audit command description into the root-help catalog

* fix(audit): require destination proof before classifying outbound messages as direct

* refactor(audit): drop dead migration guard and add contract comments

* docs(gateway): add dedicated audit history page and cross-links

* test(e2e): enable direct-mode message audit in the telegram proof SUT config

* test(channels): expect declared conversationKind in durable delivery session context

* fix(audit): record the routing channel id for inbound rows from plugin channels

* fix(audit): match channel-prefixed delivery targets in the destination route gate

* fix(audit): validate explicit target kind against the destination route kind

* fix(audit): use the canonical target-prefix grammar in the destination route gate and fail closed on foreign migration tables

* fix(audit): normalize nested provider and kind target prefixes in the destination gate

* fix(audit): strip registered provider aliases and the direct kind prefix in the destination gate

* chore(docs): refresh config baseline after rebase
2026-07-11 13:14:08 -07:00
Peter Steinberger
fa664fa2a5 fix(ci): skip absent frozen-target protocol guard (#104674) 2026-07-11 13:11:29 -07:00
Peter Steinberger
e34bff2276 refactor(plugin-sdk): collapse internal config-schema facade usage onto one module (#104665) 2026-07-11 13:00:53 -07:00
Peter Steinberger
8310c565e0 feat(onboarding): add provider sign-in (#104502)
* feat(onboarding): add provider sign-in flows

* fix(oauth): keep callback compatibility

* fix(onboarding): reconcile lost auth outcomes

* fix(onboarding): lock auth cancellation at commit

* fix(onboarding): close provider auth lifecycle gaps

* fix(onboarding): make terminal auth failures dismissable

* fix(onboarding): satisfy native app checks

* fix(onboarding): reconcile absent auth sessions

* fix(onboarding): bound provider auth sessions

* fix(onboarding): open provider auth links safely

* test(onboarding): use scanner-safe auth fixtures

* revert: keep established onboarding auth fixtures

* fix(onboarding): close provider auth cancellation gaps

* fix(gateway): retain uncollected wizard results

* fix(onboarding): bind provider reconciliation attempt

* fix(i18n): avoid guessing moved string identities

* style(onboarding): normalize remote auth choices efficiently

* fix(protocol): refresh optional provider auth choices

* test(gateway): cover provider auth dispatch order

* refactor(macos): split onboarding setup support

* fix(macos): refresh merged native checks
2026-07-11 13:00:17 -07:00
Peter Steinberger
a6c7f2f4b7 fix(agents): make indexed access explicit across src/agents (#104670)
Burns down all 517 noUncheckedIndexedAccess errors (91 files) with
behavior-identical restructuring: iteration/.entries(), .at()/charAt,
destructuring, regex/split guards, explicit invariant failures. Stream
transports keep event ordering and payloads identical; bash host phases
preserve argv ordering and approval binding. Latent bug fixed: two
agent-command sites spread a possibly-undefined session entry into a
persisted SessionEntry ({...undefined} -> {}); they now fail loudly.
Sparse transcript messages are dropped-and-marked instead of propagated.
2026-07-11 13:00:07 -07:00
NIO
9b430fd6f6 fix(zalo): bound stalled inbound media header waits (#104578)
* fix(zalo): bound stalled inbound media header waits

* test(zalo): type inbound media mock to runtime contract

* test(zalo): return complete saved media metadata

---------

Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 12:59:58 -07:00
Peter Steinberger
ff1c29eaf9 feat(fleet): stream tenant cell logs through the supervisor (#104669) 2026-07-11 12:59:29 -07:00
NIO
3db62b9373 fix(clawrouter): guard usage snapshot fetch against SSRF redirects (#104592)
* fix(clawrouter): guard usage snapshot fetch against SSRF redirects

* fix(clawrouter): preserve guarded proxy usage

---------

Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 12:58:38 -07:00
Yuval Dinodia
c05270a980 fix(agents): protect provider auth exchange output by sensitivity, not input marker (#104547)
* fix(agents): protect provider auth exchange output by sensitivity, not input marker

protectPreparedProviderRuntimeAuth decided whether to protect a credential from
the shape of the input sourceApiKey: if the input was not a sentinel and not
registered for redaction it returned the exchange output untouched. That
assumes output sensitivity mirrors input sensitivity, which is false for any
provider that turns a non-secret marker into a real credential.

The bundled amazon-bedrock-mantle plugin hits this live: its stored apiKey is
the marker __amazon_bedrock_mantle_iam__ (not declared in nonSecretAuthMarkers,
so resolved raw), and its prepareRuntimeAuth mints a real IAM-derived Bedrock
bearer token. That real token flowed through the guard unprotected, so it was
stored and logged unredacted.

Gate protection per output value instead: skip empty values and non-secret
markers, protect everything else. Sibling providers that echo their own markers
(ollama-local, lmstudio-local, codex-app-server, gcp-vertex-credentials) are
unaffected. Drops the now-dead sourceApiKey parameter and its call sites.

* test(agents): assert sentinel storage and egress restoration for protected provider auth

* test(agents): assert protected runtime auth state

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 12:57:16 -07:00
Peter Steinberger
84a52b3534 fix(browser): budget sequential action watchdogs (#104659)
* fix(browser): budget sequential action watchdogs

* chore: leave browser release note to release flow
2026-07-11 12:56:00 -07:00
Peter Steinberger
81a8405c26 fix(docs): strengthen translation quality rules 2026-07-11 15:51:48 -04:00