Peter Steinberger
a6dd9fdf08
fix(cron): separate failure notification delivery
2026-05-15 21:51:25 +01:00
Peter Steinberger
c0fe7ab34a
fix: keep queued system event authority structured
...
Keep queued system-event owner downgrades as structured runtime metadata while rendering the model-visible prompt as plain `System:` lines.
This preserves least-privilege wakeups for webhook/node/exec/cron/reaction/hook producers, keeps legacy `trusted: false` compatibility for installed plugins and older hosts, and updates representative gateway, agent, cron, plugin, and OpenGrep coverage.
2026-05-15 12:24:27 +01:00
Peter Steinberger
694ca50e97
Revert "refactor: move runtime state to SQLite"
...
This reverts commit f91de52f0d
2026-05-13 13:33:38 +01:00
Peter Steinberger
f91de52f0d
refactor: move runtime state to SQLite
...
* refactor: remove stale file-backed shims
* fix: harden sqlite state ci boundaries
* refactor: store matrix idb snapshots in sqlite
* fix: satisfy rebased CI guardrails
* refactor: store current conversation bindings in sqlite table
* refactor: store tui last sessions in sqlite table
* refactor: reset sqlite schema history
* refactor: drop unshipped sqlite table migration
* refactor: remove plugin index file rollback
* refactor: drop unshipped sqlite sidecar migrations
* refactor: remove runtime commitments kv migration
* refactor: preserve kysely sync result types
* refactor: drop unshipped sqlite schema migration table
* test: keep session usage coverage sqlite-backed
* refactor: keep sqlite migration doctor-only
* refactor: isolate device legacy imports
* refactor: isolate push voicewake legacy imports
* refactor: isolate remaining runtime legacy imports
* refactor: tighten sqlite migration guardrails
* test: cover sqlite persisted enum parsing
* refactor: isolate legacy update and tui imports
* refactor: tighten sqlite state ownership
* refactor: move legacy imports behind doctor
* refactor: remove legacy session row lookup
* refactor: canonicalize memory transcript locators
* refactor: drop transcript path scope fallbacks
* refactor: drop runtime legacy session delivery pruning
* refactor: store tts prefs only in sqlite
* refactor: remove cron store path runtime
* refactor: use cron sqlite store keys
* refactor: rename telegram message cache scope
* refactor: read memory dreaming status from sqlite
* refactor: rename cron status store key
* refactor: stop remembering transcript file paths
* test: use sqlite locators in agent fixtures
* refactor: remove file-shaped commitments and cron store surfaces
* refactor: keep compaction transcript handles out of session rows
* refactor: derive transcript handles from session identity
* refactor: derive runtime transcript handles
* refactor: remove gateway session locator reads
* refactor: remove transcript locator from session rows
* refactor: store raw stream diagnostics in sqlite
* refactor: remove file-shaped transcript rotation
* refactor: hide legacy trajectory paths from runtime
* refactor: remove runtime transcript file bridges
* refactor: repair database-first rebase fallout
* refactor: align tests with database-first state
* refactor: remove transcript file handoffs
* refactor: sync post-compaction memory by transcript scope
* refactor: run codex app-server sessions by id
* refactor: bind codex runtime state by session id
* refactor: pass memory transcripts by sqlite scope
* refactor: remove transcript locator cleanup leftovers
* test: remove stale transcript file fixtures
* refactor: remove transcript locator test helper
* test: make cron sqlite keys explicit
* test: remove cron runtime store paths
* test: remove stale session file fixtures
* test: use sqlite cron keys in diagnostics
* refactor: remove runtime delivery queue backfill
* test: drop fake export session file mocks
* refactor: rename acp session read failure flag
* refactor: rename acp row session key
* refactor: remove session store test seams
* refactor: move legacy session parser tests to doctor
* refactor: reindex managed memory in place
* refactor: drop stale session store wording
* refactor: rename session row helpers
* refactor: rename sqlite session entry modules
* refactor: remove transcript locator leftovers
* refactor: trim file-era audit wording
* refactor: clean managed media through sqlite
* fix: prefer explicit agent for exports
* fix: use prepared agent for session resets
* fix: canonicalize legacy codex binding import
* test: rename state cleanup helper
* docs: align backup docs with sqlite state
* refactor: drop legacy Pi usage auth fallback
* refactor: move legacy auth profile imports to doctor
* refactor: keep Pi model discovery auth in memory
* refactor: remove MSTeams legacy learning key fallback
* refactor: store model catalog config in sqlite
* refactor: use sqlite model catalog at runtime
* refactor: remove model json compatibility aliases
* refactor: store auth profiles in sqlite
* refactor: seed copied auth profiles in sqlite
* refactor: make auth profile runtime sqlite-addressed
* refactor: migrate hermes secrets into sqlite auth store
* refactor: move plugin install config migration to doctor
* refactor: rename plugin index audit checks
* test: drop auth file assumptions
* test: remove legacy transcript file assertions
* refactor: drop legacy cli session aliases
* refactor: store skill uploads in sqlite
* refactor: keep subagent attachments in sqlite vfs
* refactor: drop subagent attachment cleanup state
* refactor: move legacy session aliases to doctor
* refactor: require node 24 for sqlite state runtime
* refactor: move provider caches into sqlite state
* fix: harden virtual agent filesystem
* refactor: enforce database-first runtime state
* refactor: rename compaction transcript rotation setting
* test: clean sqlite refactor test types
* refactor: consolidate sqlite runtime state
* refactor: model session conversations in sqlite
* refactor: stop deriving cron delivery from session keys
* refactor: stop classifying sessions from key shape
* refactor: hydrate announce targets from typed delivery
* refactor: route heartbeat delivery from typed sqlite context
* refactor: tighten typed sqlite session routing
* refactor: remove session origin routing shadow
* refactor: drop session origin shadow fixtures
* perf: query sqlite vfs paths by prefix
* refactor: use typed conversation metadata for sessions
* refactor: prefer typed session routing metadata
* refactor: require typed session routing metadata
* refactor: resolve group tool policy from typed sessions
* refactor: delete dead session thread info bridge
* Show Codex subscription reset times in channel errors (#80456 )
* feat(plugin-sdk): consolidate session workflow APIs
* fix(agents): allow read-only agent mount reads
* [codex] refresh plugin regression fixtures
* fix(agents): restore compaction gateway logs
* test: tighten gateway startup assertions
* Redact persisted secret-shaped payloads [AI] (#79006 )
* test: tighten device pair notify assertions
* test: tighten hermes secret assertions
* test: assert matrix client error shapes
* test: assert config compat warnings
* fix(heartbeat): remap cron-run exec events to session keys (#80214 )
* fix(codex): route btw through native side threads
* fix(auth): accept friendly OpenAI order for Codex profiles
* fix(codex): rotate auth profiles inside harness
* fix: keep browser status page probe within timeout
* test: assert agents add outputs
* test: pin cron read status
* fix(agents): avoid Pi resource discovery stalls
Co-authored-by: dataCenter430 <titan032000@gmail.com >
* fix: retire timed-out codex app-server clients
* test: tighten qa lab runtime assertions
* test: check security fix outputs
* test: verify extension runtime messages
* feat(wake): expose typed sessionKey on wake protocol + system event CLI
* fix(gateway): await session_end during shutdown drain and track channel + compaction lifecycle paths (#57790 )
* test: guard talk consult call helper
* fix(codex): scale context engine projection (#80761 )
* fix(codex): scale context engine projection
* fix: document Codex context projection scaling
* fix: document Codex context projection scaling
* fix: document Codex context projection scaling
* fix: document Codex context projection scaling
* chore: align Codex projection changelog
* chore: realign Codex projection changelog
* fix: isolate Codex projection patch
---------
Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org >
Co-authored-by: Josh Lehman <josh@martian.engineering >
* refactor: move agent runtime state toward piless
* refactor: remove cron session reaper
* refactor: move session management to sqlite
* refactor: finish database-first state migration
* chore: refresh generated sqlite db types
* refactor: remove stale file-backed shims
* test: harden kysely type coverage
# Conflicts:
# .agents/skills/kysely-database-access/SKILL.md
# src/infra/kysely-sync.types.test.ts
# src/proxy-capture/store.sqlite.test.ts
# src/state/openclaw-agent-db.test.ts
# src/state/openclaw-state-db.test.ts
* refactor: remove cron store path runtime
* refactor: keep compaction transcript handles out of session rows
* refactor: derive embedded transcripts from sqlite identity
* refactor: remove embedded transcript locator handoff
* refactor: remove runtime transcript file bridges
* refactor: remove transcript file handoffs
* refactor: remove MSTeams legacy learning key fallback
* refactor: store model catalog config in sqlite
* refactor: use sqlite model catalog at runtime
# Conflicts:
# docs/cli/secrets.md
# docs/gateway/authentication.md
# docs/gateway/secrets.md
* fix: keep oauth sibling sync sqlite-local
# Conflicts:
# src/commands/onboard-auth.test.ts
* refactor: remove task session store maintenance
# Conflicts:
# src/commands/tasks.ts
* refactor: keep diagnostics in state sqlite
* refactor: enforce database-first runtime state
* refactor: consolidate sqlite runtime state
* Show Codex subscription reset times in channel errors (#80456 )
* fix(codex): refresh subscription limit resets
* fix(codex): format reset times for channels
* Update CHANGELOG with latest changes and fixes
Updated CHANGELOG with recent fixes and improvements.
* fix(codex): keep command load failures on codex surface
* fix(codex): format account rate limits as rows
* fix(codex): summarize account limits as usage status
* fix(codex): simplify account limit status
* test: tighten subagent announce queue assertion
* test: tighten session delete lifecycle assertions
* test: tighten cron ops assertions
* fix: track cron execution milestones
* test: tighten hermes secret assertions
* test: assert matrix sync store payloads
* test: assert config compat warnings
* fix(codex): align btw side thread semantics
* fix(codex): honor codex fallback blocking
* fix(agents): avoid Pi resource discovery stalls
* test: tighten codex event assertions
* test: tighten cron assertions
* Fix Codex app-server OAuth harness auth
* refactor: move agent runtime state toward piless
* refactor: move device and push state to sqlite
* refactor: move runtime json state imports to doctor
* refactor: finish database-first state migration
* chore: refresh generated sqlite db types
* refactor: clarify cron sqlite store keys
* refactor: remove stale file-backed shims
* refactor: bind codex runtime state by session id
* test: expect sqlite trajectory branch export
* refactor: rename session row helpers
* fix: keep legacy device identity import in doctor
* refactor: enforce database-first runtime state
* refactor: consolidate sqlite runtime state
* build: align pi contract wrappers
* chore: repair database-first rebase
* refactor: remove session file test contracts
* test: update gateway session expectations
* refactor: stop routing from session compatibility shadows
* refactor: stop persisting session route shadows
* refactor: use typed delivery context in clients
* refactor: stop echoing session route shadows
* refactor: repair embedded runner rebase imports
# Conflicts:
# src/agents/pi-embedded-runner/run/attempt.tool-call-argument-repair.ts
* refactor: align pi contract imports
* refactor: satisfy kysely sync helper guard
* refactor: remove file transcript bridge remnants
* refactor: remove session locator compatibility
* refactor: remove session file test contracts
* refactor: keep rebase database-first clean
* refactor: remove session file assumptions from e2e
* docs: clarify database-first goal state
* test: remove legacy store markers from sqlite runtime tests
* refactor: remove legacy store assumptions from runtime seams
* refactor: align sqlite runtime helper seams
* test: update memory recall sqlite audit mock
* refactor: align database-first runtime type seams
* test: clarify doctor cron legacy store names
* fix: preserve sqlite session route projections
* test: fix copilot token cache test syntax
* docs: update database-first proof status
* test: align database-first test fixtures
* docs: update database-first proof status
* refactor: clean extension database-first drift
* test: align agent session route proof
* test: clarify doctor legacy path fixtures
* chore: clean database-first changed checks
* chore: repair database-first rebase markers
* build: allow baileys git subdependency
* chore: repair exp-vfs rebase drift
* chore: finish exp-vfs rebase cleanup
* chore: satisfy rebase lint drift
* chore: fix qqbot rebase type seam
* chore: fix rebase drift leftovers
* fix: keep auth profile oauth secrets out of sqlite
* fix: repair rebase drift tests
* test: stabilize pairing request ordering
* test: use source manifests in plugin contract checks
* fix: restore gateway session metadata after rebase
* fix: repair database-first rebase drift
* fix: clean up database-first rebase fallout
* test: stabilize line quick reply receipt time
* fix: repair extension rebase drift
* test: keep transcript redaction tests sqlite-backed
* fix: carry injected transcript redaction through sqlite
* chore: clean database branch rebase residue
* fix: repair database branch CI drift
* fix: repair database branch CI guard drift
* fix: stabilize oauth tls preflight test
* test: align database branch fast guards
* test: repair build artifact boundary guards
* chore: clean changelog rebase markers
---------
Co-authored-by: pashpashpash <nik@vault77.ai >
Co-authored-by: Eva <eva@100yen.org >
Co-authored-by: stainlu <stainlu@newtype-ai.org >
Co-authored-by: Jason Zhou <jason.zhou.design@gmail.com >
Co-authored-by: Ruben Cuevas <hi@rubencu.com >
Co-authored-by: Pavan Kumar Gondhi <pavangondhi@gmail.com >
Co-authored-by: Shakker <shakkerdroid@gmail.com >
Co-authored-by: Kaspre <36520309+Kaspre@users.noreply.github.com >
Co-authored-by: dataCenter430 <titan032000@gmail.com >
Co-authored-by: Kaspre <kaspre@gmail.com >
Co-authored-by: pandadev66 <nova.full.stack@outlook.com >
Co-authored-by: Eva <admin@100yen.org >
Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org >
Co-authored-by: Josh Lehman <josh@martian.engineering >
Co-authored-by: jeffjhunter <support@aipersonamethod.com >
2026-05-13 13:15:12 +01:00
Peter Steinberger
c0b088c08a
test: clean up context warmup timing
2026-05-11 17:35:11 +01:00
Peter Steinberger
15fa1e546f
fix(cron): centralize wake session target resolution
2026-05-11 17:24:30 +01:00
Kaspre
5971f74bf1
fix(cron): strengthen targeted wake routing proof
2026-05-11 17:24:30 +01:00
Kaspre
db4f1fd778
fix(cron): preserve untargeted wake fanout
2026-05-11 17:24:30 +01:00
Kaspre
072fa9b174
fix(wake): handle relative + agent-prefixed session keys consistently in cron adapter
...
Address review findings from successive codex rounds:
1. next-heartbeat + sessionKey now fires a targeted immediate wake.
The regularly-scheduled heartbeat fires for the agent's main session,
not the supplied sessionKey, so an event queued for a non-main session
would sit stranded indefinitely; an "event"-intent wake is also
deferred as not-due by the heartbeat runner and not retried, so
neither path delivers without an explicit immediate wake.
2. resolveCronWakeTarget now always runs through resolveCronAgent, both
for agent-prefixed session keys (so non-default agents are honored)
and relative keys (so the configured default agent is used instead
of the hardcoded "main" returned by resolveAgentIdFromSessionKey).
Mirrors the matching fix in the enqueueSystemEvent adapter so wake
and enqueue resolve to the same target.
3. Generated Swift `WakeParams` models now expose the new optional
`sessionkey` field (codingKey "sessionKey") in both the macOS and
shared OpenClawKit copies. Locally regenerated from agent.ts via
protocol:gen + protocol:gen:swift would have produced this; the
environment couldn't run the generators (fs-safe transitive
typecheck errors), so the diff was applied by hand to match what
pnpm protocol:check would output.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-11 17:24:30 +01:00
Kaspre
4ddd942f5f
feat(wake): expose typed sessionKey on wake protocol + system event CLI
...
Adds an optional sessionKey to the WakeParamsSchema and threads it through
the gateway wake handler, CronService.wake(), and the underlying timer.wake()
ops so callers can target a specific session for async-task completion
relays instead of always hitting the agent's main session.
Also adds --session-key to `openclaw system event`.
The schema rejects empty/non-string sessionKey at the gateway boundary;
mismatched session keys (a key that does not belong to the resolving agent)
fall back to the agent's main session inside resolveCronSessionKey, which
is the existing safety path.
Refs #52305 (companion to PR #50818 , which closes the related cron-run
remap slice at internal enqueue sites). Doesn't depend on #50818 .
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-11 17:24:30 +01:00
Peter Steinberger
402fa0e935
fix: keep cron heartbeat wakes on session route
2026-05-11 15:55:21 +01:00
Peter Steinberger
f994094cb4
fix(cron): sanitize target-last heartbeat wakes
2026-05-11 15:28:39 +01:00
Peter Steinberger
5b3e2497bd
fix(cron): diagnose isolated pre-model stalls
2026-05-10 02:47:34 -04:00
Alex Knight
cd24da031b
feat(plugin-sdk): expose sessionTarget and agentId on cron_changed hook events ( #77641 )
2026-05-05 18:48:06 +10:00
Kevin Lin
89db1e5440
feat(cron): surface run diagnostics in status ( #75928 )
...
* feat(cron): surface run diagnostics in status
* docs: add cron diagnostics changelog
* fix(cron): preserve latest run diagnostics
* test(cron): update diagnostics regression deps
2026-05-04 07:05:28 -07:00
Peter Steinberger
0b1fbeabed
perf(gateway): defer cron and sentinel startup work
2026-05-03 13:30:35 +01:00
Paul Frederiksen
f30dc0aeb4
fix(cron): persist manual run ids in history ( #76288 )
...
Summary:
- The PR carries manual `cron.run` acknowledgement IDs into finished cron events and `cron.runs` history, upda ... surfaces, adds regression coverage, refreshes the SDK baseline hash, and records the fix in the changelog.
- Reproducibility: yes. Current main can be reproduced by source inspection: `cron.run` returns a `manual:...` ... r path omits it; the PR adds targeted assertions for the missing correlation and the task-ledger invariant.
ClawSweeper fixups:
- Included follow-up commit: chore(protocol): update generated cron models
- Included follow-up commit: chore(cron): document manual run id protocol surface
- Included follow-up commit: Preserve cron task ledger run IDs
Validation:
- ClawSweeper review passed for head 04ce87985804ce879858https://github.com/openclaw/openclaw/pull/76288#issuecomment-4364868383
Co-authored-by: Paul Frederiksen <paul@paulfrederiksen.com >
2026-05-03 00:06:32 +00:00
Peter Steinberger
c06739d773
fix(heartbeat): type wake scheduling intent
...
Co-authored-by: Jordan Baker <jbb@scryent.com >
2026-05-02 14:52:18 +01:00
Peter Steinberger
61d53f98d3
fix(cron): clean up timed out agent runs
2026-04-29 16:54:22 +01:00
Alex Knight
f155a5f955
Add cron changed plugin hook ( #72773 )
...
* feat: add cron changed plugin hook
* fix: improve cron_changed hook correctness and code quality
- Fix PluginHookGatewayCronDeliveryStatus: replace 'error' with 'unknown'
to match internal CronDeliveryStatus enum
- Add job snapshot to CronEvent so removed events carry the deleted job
- Extract pickDefined helper, replace 14-field verbose spread mapping
- Add toPluginCronJob mapper for explicit internal→public type boundary
- Fix schedule union: use literal-only kind discriminants for TS narrowing
- Use loadConfig() (runtime) instead of params.cfg (startup) in hook ctx
- Use formatErrorMessage instead of String(err) for stack preservation
- Fix pre-existing getCron TS2322 with explicit cast (matches gateway_start)
- Re-export supporting types from hooks.ts for plugin consumers
- Add tests: removed events with job, finished with full fields, runtime cfg
2026-04-28 21:34:42 +10:00
Vincent Koc
1497425b8d
fix(gateway): trim startup config imports
2026-04-27 11:34:24 -07:00
Peter Steinberger
7f3f108521
refactor(config): migrate plugin config access
2026-04-27 12:35:58 +01:00
Peter Steinberger
729147dcb5
fix(cron): start isolated timeout after execution begins
2026-04-27 08:15:59 +01:00
Peter Steinberger
85148f3b20
refactor(cron): split notification routing
2026-04-27 06:44:53 +01:00
Peter Steinberger
332cdd7aca
fix(cron): route failure alerts via target session
2026-04-27 06:34:38 +01:00
Ayaan Zaidi
4c8299ca3d
fix(cron): log delivery target trace
2026-04-21 12:01:06 +05:30
Ayaan Zaidi
1d4e4314dd
fix: preserve deferred cron heartbeat target ( #69021 )
...
* test(cron): cover deferred heartbeat target preservation
* fix(cron): preserve deferred heartbeat target override
* test(cron): update timer expectation for deferred heartbeat target
* fix(cron): preserve agent heartbeat config for targeted wakes
* test(cron): use wake request type in scheduler helper
* fix(cron): forward heartbeat overrides through gateway wake adapter
* fix(cron): preserve coalesced wake heartbeat overrides
* fix: preserve deferred cron heartbeat target (#69021 )
2026-04-19 22:48:46 +05:30
Devin Robison
f61896b03c
fix(cron): preserve untrusted awareness event labels ( #68210 )
...
* fix(cron): preserve untrusted awareness event labels
Keep isolated cron awareness summaries untrusted when they are promoted into the main session, and forward explicit trust downgrades through the gateway cron wrapper. Add focused regression coverage for both paths.
* changelog: note cron awareness untrusted-label preservation (#68210 )
2026-04-17 12:43:48 -06:00
Daniel Alkurdi
a1d484d877
fix(cron): preserve isolated agent workspace on reload ( #65085 )
...
Merged via squash.
Prepared head SHA: 44699cdc0313148507+l0cka@users.noreply.github.com >
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com >
Reviewed-by: @vincentkoc
2026-04-12 11:57:30 +01:00
Vincent Koc
74e7b8d47b
fix(cycles): bulk extract leaf type surfaces
2026-04-11 13:26:50 +01:00
Peter Steinberger
f2fa096f14
refactor: dedupe gateway lowercase helpers
2026-04-07 13:01:23 +01:00
Peter Steinberger
ce7ef626b8
refactor: dedupe gateway helper readers
2026-04-07 08:40:35 +01:00
Peter Steinberger
470b4452ce
fix(ci): drop stale browser runtime imports
2026-04-04 15:09:49 +01:00
Peter Steinberger
dd771f1dc6
fix(ci): repair plugin boundary and bootstrap regressions
2026-04-04 15:09:48 +01:00
XING
587f19967c
fix(cron): notify user via primary delivery channel on job failure ( #60622 )
...
Merged via squash.
Prepared head SHA: bee4dfca0644759507+artwalker@users.noreply.github.com >
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com >
Reviewed-by: @frankekn
2026-04-04 20:24:16 +08:00
Peter Steinberger
605f48556b
refactor(browser): share lifecycle cleanup helpers
2026-04-04 12:17:46 +01:00
Peter Steinberger
39bcf695dc
fix(cron): reject unsafe custom session targets earlier
2026-04-04 20:13:39 +09:00
BrianWang1990
e697838899
style: fix import order in server-cron.ts
...
Move plugin-sdk import after cron/* imports per alphabetical convention.
2026-04-04 20:03:57 +09:00
BrianWang1990
72b2e413d6
fix(browser): clean up browser tabs/processes when cron tasks and subagents complete
...
When cron tasks or subagents use browser automation, the browser
processes were not cleaned up after the task completed. This caused
orphaned Chrome processes (PPID=1) to accumulate over time.
Root cause: closeTrackedBrowserTabsForSessions was only called during
session-reset/session-delete (via ensureSessionRuntimeCleanup), but
isolated cron runs and subagent completions never triggered these paths.
Fix: Add browser tab cleanup in two places:
1. server-cron.ts: wrap runCronIsolatedAgentTurn in try/finally to
ensure browser tabs are cleaned up after every cron run.
2. subagent-registry-lifecycle.ts: call closeTrackedBrowserTabsForSessions
when a subagent run completes, before the announce cleanup flow.
Both cleanup calls are best-effort (caught errors) so they never mask
the actual task result or break the completion flow.
Fixes #60104
2026-04-04 20:03:57 +09:00
Peter Steinberger
19d0c2dd1d
refactor: remove cron legacy delivery from runtime
2026-04-01 17:06:01 +09:00
kkhomej33-netizen
e7d9648fba
feat(cron): support custom session IDs and auto-bind to current session ( #16511 )
...
feat(cron): support persistent session targets for cron jobs (#9765 )
Add support for `sessionTarget: "current"` and `session:<id>` so cron jobs can
bind to the creating session or a persistent named session instead of only
`main` or ephemeral `isolated` sessions.
Also:
- preserve custom session targets across reloads and restarts
- update gateway validation and normalization for the new target forms
- add cron coverage for current/custom session targets and fallback behavior
- fix merged CI regressions in Discord and diffs tests
- add a changelog entry for the new cron session behavior
Co-authored-by: kkhomej33-netizen <kkhomej33-netizen@users.noreply.github.com >
Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com >
2026-03-14 16:48:46 +11:00
Josh Avant
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-03-03 02:58:20 +00:00
Evgeny Zislis
4b4ea5df8b
feat(cron): add failure destination support to failed cron jobs ( #31059 )
...
* feat(cron): add failure destination support with webhook mode and bestEffort handling
Extends PR #24789 failure alerts with features from PR #29145 :
- Add webhook delivery mode for failure alerts (mode: 'webhook')
- Add accountId support for multi-account channel configurations
- Add bestEffort handling to skip alerts when job has bestEffort=true
- Add separate failureDestination config (global + per-job in delivery)
- Add duplicate prevention (prevents sending to same as primary delivery)
- Add CLI flags: --failure-alert-mode, --failure-alert-account-id
- Add UI fields for new options in web cron editor
* fix(cron): merge failureAlert mode/accountId and preserve failureDestination on updates
- Fix mergeCronFailureAlert to merge mode and accountId fields
- Fix mergeCronDelivery to preserve failureDestination on updates
- Fix isSameDeliveryTarget to use 'announce' as default instead of 'none'
to properly detect duplicates when delivery.mode is undefined
* fix(cron): validate webhook mode requires URL in resolveFailureDestination
When mode is 'webhook' but no 'to' URL is provided, return null
instead of creating an invalid plan that silently fails later.
* fix(cron): fail closed on webhook mode without URL and make failureDestination fields clearable
- sendCronFailureAlert: fail closed when mode is webhook but URL is missing
- mergeCronDelivery: use per-key presence checks so callers can clear
nested failureDestination fields via cron.update
Note: protocol:check shows missing internalEvents in Swift models - this is
a pre-existing issue unrelated to these changes (upstream sync needed).
* fix(cron): use separate schema for failureDestination and fix type cast
- Create CronFailureDestinationSchema excluding after/cooldownMs fields
- Fix type cast in sendFailureNotificationAnnounce to use CronMessageChannel
* fix(cron): merge global failureDestination with partial job overrides
When job has partial failureDestination config, fall back to global
config for unset fields instead of treating it as a full override.
* fix(cron): avoid forcing announce mode and clear inherited to on mode change
- UI: only include mode in patch if explicitly set to non-default
- delivery.ts: clear inherited 'to' when job overrides mode, since URL
semantics differ between announce and webhook modes
* fix(cron): preserve explicit to on mode override and always include mode in UI patches
- delivery.ts: preserve job-level explicit 'to' when overriding mode
- UI: always include mode in failureAlert patch so users can switch between announce/webhook
* fix(cron): allow clearing accountId and treat undefined global mode as announce
- UI: always include accountId in patch so users can clear it
- delivery.ts: treat undefined global mode as announce when comparing for clearing inherited 'to'
* Cron: harden failure destination routing and add regression coverage
* Cron: resolve failure destination review feedback
* Cron: drop unrelated timeout assertions from conflict resolution
* Cron: format cron CLI regression test
* Cron: align gateway cron test mock types
---------
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-03-02 09:27:41 -06:00
0xbrak
4637b90c07
feat(cron): configurable failure alerts for repeated job errors (openclaw#24789) thanks @0xbrak
...
Verified:
- pnpm install --frozen-lockfile
- pnpm check
- pnpm test -- --run src/cron/service.failure-alert.test.ts src/cli/cron-cli.test.ts src/gateway/protocol/cron-validators.test.ts
Co-authored-by: 0xbrak <181251288+0xbrak@users.noreply.github.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-03-01 08:18:15 -06:00
Vignesh Natarajan
ea4f5106ea
chore(gateway): guard cron agent heartbeat type
2026-02-28 13:03:45 -08:00
Vincent Koc
62179c861b
Update server-cron.ts
2026-02-28 10:16:34 -08:00
Kansodata Spa.
81d215afa7
fix(cron): narrow agentEntry type for heartbeat merge
2026-02-28 10:16:34 -08:00
Marcus Widing
8ae1987f2a
fix(cron): pass heartbeat target=last for main-session cron jobs ( #28508 ) ( #28583 )
...
* fix(cron): pass heartbeat target=last for main-session cron jobs
When a cron job with sessionTarget=main and wakeMode=now fires, it
triggers a heartbeat via runHeartbeatOnce. Since e2362d35e2362d35Fixes #28508
* Cron: align server-cron wake routing expectations for main-target jobs
---------
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-02-28 11:14:24 -06:00
Gustavo Madeira Santana
eff3c5c707
Session/Cron maintenance hardening and cleanup UX ( #24753 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7533b851565599352+gumadeiras@users.noreply.github.com >
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com >
Reviewed-by: @shakkernerd
2026-02-23 22:39:48 +00:00
Peter Steinberger
aa4c250eb8
fix(cron): split run and delivery status tracking
2026-02-22 20:19:23 +01:00
