vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-01 08:50:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,294 Commits 1,843 Branches 149 Tags
8da3a9a92d9c2c6db6fa6caa881e9310d1792e93
Commit Graph

580 Commits

Author SHA1 Message Date
Ayaan Zaidi
1bf08ae7c9 refactor(nodes): map read actions to invoke commands 2026-02-27 10:15:21 +05:30
Ayaan Zaidi
b8373eaddc fix(nodes): reject facing=both when camera deviceId is set 2026-02-27 10:15:21 +05:30
Ayaan Zaidi
29f5da5b2a feat(nodes): expose device diagnostics and notification actions 2026-02-27 10:15:21 +05:30
Ayaan Zaidi
01f1d355a4 feat(nodes): add device status and info actions 2026-02-27 10:15:21 +05:30
Peter Steinberger
da61aa8a58 test: fix TS2783 in nodes-utils helper 2026-02-26 21:26:54 +00:00
Peter Steinberger
a1346a519a refactor(nodes): share default selection and tighten node.list fallback 2026-02-26 22:18:57 +01:00
Peter Steinberger
da9f24dd2e fix: add nodes default-node regression test (#27444) (thanks @carbaj03) 2026-02-26 21:13:19 +00:00
ACV
47bb568cb2 fix(nodes): resolve default node when multiple canvas-capable nodes are connected 
`pickDefaultNode()` returned null when multiple connected canvas-capable
nodes existed and none matched the local Mac heuristic. This caused
"node required" errors for agents (especially sub-agents) calling the
canvas tool without an explicit node parameter.

In multi-node setups, any canvas-capable node is a valid target — the
receiving node broadcasts A2UI surfaces to all other connected devices.
Fall back to the first connected candidate instead of failing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-02-26 21:13:19 +00:00
Peter Steinberger
da0ba1b73a fix(security): harden channel auth path checks and exec approval routing 2026-02-26 12:46:05 +01:00
Peter Steinberger
b74be2577f refactor(web): unify proxy-guarded fetch path for web tools 2026-02-26 12:44:18 +01:00
Peter Steinberger
46003e85bf fix: unify web tool proxy path (#27430) (thanks @kevinWangSheng) 2026-02-26 11:32:43 +00:00
Kevin Shenghui
d8e2030d47 fix(web-search): honor HTTP_PROXY environment variable for Brave Search API 
The web_search tool was not respecting HTTP_PROXY/HTTPS_PROXY environment
variables, causing 'fetch failed' errors when running behind a proxy.

This fix adds ProxyAgent support for the Brave Search API, similar to how
other tools in OpenClaw handle proxy configuration.

Fixes #27405
 2026-02-26 11:32:43 +00:00
Onur Solmaz
a7d56e3554 feat: ACP thread-bound agents (#23580) 
* docs: add ACP thread-bound agents plan doc

* docs: expand ACP implementation specification

* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup

* feat(acp): add /acp commands and Discord spawn gate

* ACP: add acpx runtime plugin backend

* fix(subagents): defer transient lifecycle errors before announce

* Agents: harden ACP sessions_spawn and tighten spawn guidance

* Agents: require explicit ACP target for runtime spawns

* docs: expand ACP control-plane implementation plan

* ACP: harden metadata seeding and spawn guidance

* ACP: centralize runtime control-plane manager and fail-closed dispatch

* ACP: harden runtime manager and unify spawn helpers

* Commands: route ACP sessions through ACP runtime in agent command

* ACP: require persisted metadata for runtime spawns

* Sessions: preserve ACP metadata when updating entries

* Plugins: harden ACP backend registry across loaders

* ACPX: make availability probe compatible with adapters

* E2E: add manual Discord ACP plain-language smoke script

* ACPX: preserve streamed spacing across Discord delivery

* Docs: add ACP Discord streaming strategy

* ACP: harden Discord stream buffering for thread replies

* ACP: reuse shared block reply pipeline for projector

* ACP: unify streaming config and adopt coalesceIdleMs

* Docs: add temporary ACP production hardening plan

* Docs: trim temporary ACP hardening plan goals

* Docs: gate ACP thread controls by backend capabilities

* ACP: add capability-gated runtime controls and /acp operator commands

* Docs: remove temporary ACP hardening plan

* ACP: fix spawn target validation and close cache cleanup

* ACP: harden runtime dispatch and recovery paths

* ACP: split ACP command/runtime internals and centralize policy

* ACP: harden runtime lifecycle, validation, and observability

* ACP: surface runtime and backend session IDs in thread bindings

* docs: add temp plan for binding-service migration

* ACP: migrate thread binding flows to SessionBindingService

* ACP: address review feedback and preserve prompt wording

* ACPX plugin: pin runtime dependency and prefer bundled CLI

* Discord: complete binding-service migration cleanup and restore ACP plan

* Docs: add standalone ACP agents guide

* ACP: route harness intents to thread-bound ACP sessions

* ACP: fix spawn thread routing and queue-owner stall

* ACP: harden startup reconciliation and command bypass handling

* ACP: fix dispatch bypass type narrowing

* ACP: align runtime metadata to agentSessionId

* ACP: normalize session identifier handling and labels

* ACP: mark thread banner session ids provisional until first reply

* ACP: stabilize session identity mapping and startup reconciliation

* ACP: add resolved session-id notices and cwd in thread intros

* Discord: prefix thread meta notices consistently

* Discord: unify ACP/thread meta notices with gear prefix

* Discord: split thread persona naming from meta formatting

* Extensions: bump acpx plugin dependency to 0.1.9

* Agents: gate ACP prompt guidance behind acp.enabled

* Docs: remove temp experiment plan docs

* Docs: scope streaming plan to holy grail refactor

* Docs: refactor ACP agents guide for human-first flow

* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow

* Docs/Skill: add OpenCode and Pi to ACP harness lists

* Docs/Skill: align ACP harness list with current acpx registry

* Dev/Test: move ACP plain-language smoke script and mark as keep

* Docs/Skill: reorder ACP harness lists with Pi first

* ACP: split control-plane manager into core/types/utils modules

* Docs: refresh ACP thread-bound agents plan

* ACP: extract dispatch lane and split manager domains

* ACP: centralize binding context and remove reverse deps

* Infra: unify system message formatting

* ACP: centralize error boundaries and session id rendering

* ACP: enforce init concurrency cap and strict meta clear

* Tests: fix ACP dispatch binding mock typing

* Tests: fix Discord thread-binding mock drift and ACP request id

* ACP: gate slash bypass and persist cleared overrides

* ACPX: await pre-abort cancel before runTurn return

* Extension: pin acpx runtime dependency to 0.1.11

* Docs: add pinned acpx install strategy for ACP extension

* Extensions/acpx: enforce strict local pinned startup

* Extensions/acpx: tighten acp-router install guidance

* ACPX: retry runtime test temp-dir cleanup

* Extensions/acpx: require proactive ACPX repair for thread spawns

* Extensions/acpx: require restart offer after acpx reinstall

* extensions/acpx: remove workspace protocol devDependency

* extensions/acpx: bump pinned acpx to 0.1.13

* extensions/acpx: sync lockfile after dependency bump

* ACPX: make runtime spawn Windows-safe

* fix: align doctor-config-flow repair tests with default-account migration (#23580) (thanks @osolmaz)
 2026-02-26 11:00:09 +01:00
Ayaan Zaidi
a0cf753b2e refactor(agents): dedupe node read invoke commands 2026-02-26 14:33:14 +05:30
Ayaan Zaidi
c0073b3d47 feat(agents): add nodes notifications_list action 2026-02-26 14:33:14 +05:30
Ayaan Zaidi
8117a13dd6 fix(nodes): default camera snap to front high-quality image 2026-02-26 12:17:32 +05:30
Peter Steinberger
03e689fc89 fix(security): bind system.run approvals to argv identity 2026-02-26 03:41:31 +01:00
Ayaan Zaidi
fb76e316fb fix(test): use valid brave ui_lang locale 2026-02-25 11:58:52 +05:30
Glucksberg
6e97470515 fix(brave-search): clarify ui_lang and search_lang format requirements (#25130) 
* fix(brave-search): swap ui_lang and search_lang formats (#23826)

* fix(web-search): normalize Brave ui_lang/search_lang params

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-25 04:59:38 +00:00
Peter Steinberger
13a1c46396 fix(web-search): reduce provider auto-detect log noise 2026-02-24 23:32:29 +00:00
Peter Steinberger
4a3f8438e5 fix(gateway): bind node exec approvals to nodeId 2026-02-24 03:05:58 +00:00
Peter Steinberger
ce02ad9643 refactor(agents): centralize sandbox media and fs policy helpers 2026-02-24 02:32:01 +00:00
Peter Steinberger
dd9d9c1c60 fix(security): enforce workspaceOnly for sandbox image tool 2026-02-24 02:17:55 +00:00
Peter Steinberger
5eb72ab769 fix(security): harden browser SSRF defaults and migrate legacy key 2026-02-24 01:52:01 +00:00
Peter Steinberger
6c43d0a08e test(gateway): move sessions_send error paths to unit tests 2026-02-24 01:16:53 +00:00
Peter Steinberger
cf38339f25 fix(tools): improve session_status cache-aware usage reporting 
Co-authored-by: Lucian Feraru <1ucian@users.noreply.github.com>
 2026-02-23 19:19:45 +00:00
Peter Steinberger
ff0c40d367 test(tools): fix kimi web_search mock typing 2026-02-23 18:27:37 +00:00
Peter Steinberger
e02c470d5e feat(tools): add kimi web_search provider 
Co-authored-by: adshine <adshine@users.noreply.github.com>
 2026-02-23 18:27:37 +00:00
Peter Steinberger
2fa6aa6ea6 test(agents): add comprehensive kimi regressions 2026-02-23 18:27:36 +00:00
LI SHANXIN
c1b75ab8e2 fix(telegram): make reaction handling soft-fail and message-id resilient (#20236) 
* Telegram: soft-fail reactions and fallback to inbound message id

* Telegram: soft-fail missing reaction message id

* Update CHANGELOG.md

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-23 10:25:14 -05:00
AkosCz
3a3c2da916 [Feature]: Add Gemini (Google Search grounding) as web_search provider (#13075) 
* feat: add Gemini (Google Search grounding) as web_search provider

Add Gemini as a fourth web search provider alongside Brave, Perplexity,
and Grok. Uses Gemini's built-in Google Search grounding tool to return
search results with citations.

- Add runGeminiSearch() with Google Search grounding via tools API
- Resolve Gemini's grounding redirect URLs to direct URLs via parallel
  HEAD requests (5s timeout, graceful fallback)
- Add Gemini config block (apiKey, model) with env var fallback
- Default model: gemini-2.5-flash (fast, cheap, grounding-capable)
- Strip API key from error messages for security
- Add config validation tests for Gemini provider
- Update docs/tools/web.md with Gemini provider documentation

Closes #13074

* feat: auto-detect search provider from available API keys

When no explicit provider is configured, resolveSearchProvider now
checks for available API keys in priority order (Brave → Gemini →
Perplexity → Grok) and selects the first provider with a valid key.

- Add auto-detection logic using existing resolve*ApiKey functions
- Export resolveSearchProvider via __testing_provider for tests
- Add 8 tests covering auto-detection, priority order, and explicit override
- Update docs/tools/web.md with auto-detection documentation

* fix: merge __testing exports, downgrade auto-detect log to debug

* fix: use defaultRuntime.log instead of .debug (not in RuntimeEnv type)

* fix: mark gemini apiKey as sensitive in zod schema

* fix: address Greptile review — add externalContent to Gemini payload, add Gemini/Grok entries to schema labels/help, remove dead schema-fields.ts

* fix(web-search): add JSON parse guard for Gemini API responses

Addresses Greptile review comment: add try/catch to handle non-JSON
responses from Gemini API gracefully, preventing runtime errors on
malformed responses.

Note: FIELD_HELP entries for gemini.apiKey and gemini.model were
already present in schema.help.ts, and gemini.apiKey was already
marked as sensitive in zod-schema.agent-runtime.ts (both fixed in
earlier commits).

* fix: use structured readResponseText result in Gemini error path

readResponseText returns { text, truncated, bytesRead }, not a string.
The Gemini error handler was using the result object directly, which
would always be truthy and never fall through to res.statusText.
Align with Perplexity/xAI/Brave error patterns.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* style: fix import order and formatting after rebase onto main

* Web search: send Gemini API key via header

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-23 09:30:51 -05:00
边黎安
a4c373935f fix(agents): fall back to agents.defaults.model when agent has no model config (#24210) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0f272b1027
Co-authored-by: bianbiandashen <16240681+bianbiandashen@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-23 03:18:55 -05:00
Peter Steinberger
23598e0e3a test: prune redundant abort case and speed stream cap test 2026-02-23 05:06:34 +00:00
Peter Steinberger
48f327c206 test: consolidate redundant suites and speed attachment tests 2026-02-23 04:55:43 +00:00
Peter Steinberger
86a8b65e9d test: consolidate redundant suites and speed up timers 2026-02-23 04:44:42 +00:00
Aether AI
d306fc8ef1 fix(security): OC-07 redact session history credentials and enforce webhook secret (#16928) 
* Security: refresh sessions history redaction patch

* tests: align sessions_history redaction-only truncation expectation

* Changelog: credit sessions history security hardening

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-22 18:29:40 -05:00
Robin Waslander
44727dc3a1 security(web_fetch): strip hidden content to prevent indirect prompt injection (#21074) 
* security(web_fetch): strip hidden content to prevent indirect prompt injection

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* security(web_fetch): address review feedback and credit author

* chore(changelog): credit reporter for web_fetch security fix

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-22 18:10:26 -05:00
Vignesh Natarajan
08fb38f729 Fix: resolve pnpm check type regressions 2026-02-22 13:40:51 -08:00
Peter Steinberger
7c109f5737 fix: resolve ci type errors and reconnect test flake 2026-02-22 21:35:20 +00:00
Peter Steinberger
7bbd597383 fix(media): enforce agent media roots in plugin send actions 
Co-authored-by: Oliver Drobnik <333270+odrobnik@users.noreply.github.com>
Co-authored-by: thisischappy <257418353+thisischappy@users.noreply.github.com>
 2026-02-22 22:24:27 +01:00
Peter Steinberger
06bdd53658 refactor(agents): dedupe workspace and session tool flows 2026-02-22 21:19:09 +00:00
Peter Steinberger
3c75bc0e41 refactor(test): dedupe agent and discord test fixtures 2026-02-22 20:04:51 +00:00
Peter Steinberger
08431da5d5 refactor(gateway): unify credential precedence across entrypoints 2026-02-22 18:55:44 +01:00
Peter Steinberger
ad1072842e test: dedupe agent tests and session helpers 2026-02-22 17:11:54 +00:00
Peter Steinberger
7d09a9e74d test: update agent tool assertions and reclassify suites 2026-02-22 11:18:50 +00:00
Peter Steinberger
fcb86408fd test: move embedded and tool agent suites out of e2e 2026-02-22 11:17:47 +00:00
Peter Steinberger
713e2928b2 test: move duplicate local scenario suites out of agents e2e 2026-02-22 10:56:58 +00:00
Peter Steinberger
adace58505 test: reclassify local helper suites out of agents e2e 2026-02-22 10:53:40 +00:00
Peter Steinberger
ab38e1e6b2 test: reclassify image tool suite as unit test 2026-02-22 10:47:16 +00:00
Peter Steinberger
1d7dbd8cd9 test: reclassify web fetch/readability suites as unit tests 2026-02-22 10:41:29 +00:00