Commit Graph

36391 Commits

Author SHA1 Message Date
Yuval Dinodia
a5a8d992ae fix(claude-cli): return updatedInput in can_use_tool allow response (#98665)
Claude Code >= 2.1.156 tightened its PermissionResult schema so an
approved can_use_tool control_response allow branch must carry an
updatedInput record. The Claude live-session bridge answered with the
deprecated { behavior: "allow" } shape and no updatedInput, so the CLI
rejected every approval-gated native tool call (Bash, WebFetch, and
AskUserQuestion among them) with a ZodError before the tool ran.

Echo the tool input back unchanged as updatedInput on the allow branch,
matching the shape the Claude Code 2.1 binary expects. The deny branch
and all other behavior are unchanged.

Fixes #95171.
2026-07-01 08:11:38 -07:00
Super Zheng
0666423237 fix: media tools skip env-key provider plugins when auto-selecting models (#98623)
hasProviderAuthForTool/hasAuthForProvider now thread cfg and workspaceDir into resolveEnvApiKey, so provider plugins that authenticate via environment variables and are only discoverable with config are detected during image/video model auto-selection instead of being dropped as unconfigured.
2026-07-01 08:11:13 -07:00
RichChen01
808e8f09ba fix(cron): persist startup catch-up deferral ids in service state to prevent read-RPC clobber (#94022)
* fix(cron): persist startup catch-up deferral ids in service state to prevent read-RPC clobber

The startup overflow catch-up deferral (#93810) set deferred job
nextRunAtMs to a staggered slot, but the exemption was stored as a
local skipFutureRepairJobIds set threaded only into start()'s
maintenance recompute pass. Every other caller of
recomputeNextRunsForMaintenance — ensureLoadedForRead (list/status),
finalizeCompletedResults, empty-due tick, manual run preflight, and
releaseUnclaimedDueJobReservations — called maintenance recompute
without the skip set, causing shouldRepairFutureCronNextRunAtMs to
advance the deferred staggered slot to the job's natural next run,
dropping the missed run for a full period.

Fix: Move the exemption into CronServiceState as
pendingCatchupDeferralJobIds, populated by applyStartupCatchupOutcomes
where deferrals are assigned. recomputeNextRunsForMaintenance now
always checks this state-level set instead of a local parameter, and
clears each id once its staggered slot is reached (now >= nextRunAtMs).
This gives one canonical exemption path that covers all recompute
callers.

The now-redundant skipFutureRepairJobIds parameter is removed.

Fixes #93935

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(clownfish): address review for repair-94022-fresh-plan-20260618 (1)

* fix(cron): preserve agentTurn exempt + add stale-deferral cleanup + runtime proof

Address ClawSweeper review by:
1. Keeping the existing agentTurn deferred-slot exemption unchanged
   (shouldRepairFutureCronNextRunAtMs still returns false for agentTurn
   jobs with nextRunAtMs before the natural schedule).
2. Adding cleanup of stale pendingCatchupDeferralJobIds markers for
   jobs that no longer exist or are disabled.
3. Adding regression tests for pending startup catch-up deferral
   preservation and stale marker cleanup.
4. Adding standalone CLI runtime proof script demonstrating the fix.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: add pendingCatchupDeferralJobIds to test-harness + remove unused import

- Add pendingCatchupDeferralJobIds to createMockCronStateForJobs to fix TS2741.
- Remove unused loadCronStore import from runtime proof script.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(cron): tighten startup catch-up deferral handling

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-01 08:04:31 -07:00
Onur Solmaz
530d576cc6 fix(agents): time out local streams without first event (#98525)
* fix(agents): time out streams without first event

* fix(agents): propagate first-event stream timeout

* fix(agents): abort streams on first-event timeout

* fix(agents): time out chatgpt websocket streams

* fix(agents): clamp first event stream timeouts

* fix(agents): keep first event timeout internal

* fix(agents): classify first event stream stalls as timeouts

* fix(agents): preserve provider first-event timeouts

* fix(agents): satisfy first-event timeout lint

* fix(agents): classify first-event stalls as idle timeouts

* test(tooling): include transcript store helper route
2026-07-01 23:01:46 +08:00
Fede Kamelhar
f35fbc898c fix(gateway): cap agentRunCache to prevent unbounded growth under run fan-out (#77973)
* fix(gateway): cap agentRunCache to prevent unbounded growth under run fan-out

Time-based prune only reclaims entries past the 10-minute TTL window; a burst
of run fan-out can add far more entries than the window reclaims, so the cache
could grow without bound between prunes. Add a FIFO entry cap (5000) enforced
on insert, mirroring the existing Discord REST entity-cache bound.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* test(gateway): preserve waited run snapshots under cache cap

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-01 07:48:58 -07:00
Peter Steinberger
909be7bcbc fix: validate message timeout before secret resolution (#98652)
Co-authored-by: Peter Steinberger <58493+steipete@users.noreply.github.com>
2026-07-01 15:35:58 +01:00
huangjianxiong
8abd5d4071 fix(tlon): bound error response body reads to prevent OOM (#98496)
* fix(tlon): bound error response body reads to prevent OOM

Replace bare response.text() on non-ok paths with readResponseTextLimited
capped at 16 KiB so a hostile or misconfigured Urbit ship cannot force the
gateway to buffer an arbitrary-size error body into process memory.

Affected paths:
- pokeUrbitChannel (channel-ops.ts)
- channel.runtime.ts poke path
- sendSubscription (sse-client.ts)

* fix(tlon): fix lint issues in error-body-boundary test

- Remove unused beforeEach import
- Wrap if/else bodies in braces (curly)
- Use block body for Promise executors (no-promise-executor-return)

* fix(types): resolve pre-existing TS test type errors

- Fix TS2493 tuple type errors in server-cron-notifications and
  server-cron tests by adding explicit type annotations on mock.calls
- Fix TS2322 in anthropic.test.ts by adding as const to resource
  content block type

* chore: trigger CI
2026-07-01 06:57:21 -07:00
lizeyu
733de866eb fix(update-check): bound npm registry JSON response read to prevent OOM (#98508)
* fix(update-check): bound npm registry JSON response read to prevent OOM

- Replace unbounded res.json() with readProviderJsonResponse capped at 16 MiB
- Update test mock to use real Response instead of bare object
- Verified against live npm registry: openclaw update status --json returns latestVersion: 2026.6.11

* fix(update-check): add 4 boundary tests for bounded npm registry read

- Tests: oversized response >16 MiB, near-boundary success
- Tests: malformed JSON, non-200 status code
- All pass with the readProviderJsonResponse bounded reader

* chore: add real behavior proof script for bounded JSON reader

Adds a standalone proof script that starts a local HTTP server and
drives the bounded reader against it with real HTTP requests, showing:
- Normal responses (~1 MB) parse correctly
- Oversized responses (>20 MB) are rejected with a descriptive error
- Malformed JSON is caught
- RSS does not spike on oversized responses

Ref. https://github.com/openclaw/openclaw/pull/98508

* chore: remove PR-specific proof script before merge

The proof script was accepted by ClawSweeper (proof: sufficient,
rating: diamond lobster), but it duplicates repository logic and
fails the scripts lint lane. Removing it per review feedback.

The real behavior proof remains in the PR body.

Ref. https://github.com/openclaw/openclaw/pull/98508
2026-07-01 06:56:06 -07:00
JC
bd5bf4820a fix(cli): retry logs.tail after journal fallback in logs follow (#88159)
* fix(cli): retry logs.tail after journal fallback in logs follow

Rebase #88159 onto current main and keep systemd journal fallback temporary in follow mode. Preserve the journal cursor across repeated fallback outages, but retry logs.tail on the next loop so recovered Gateway RPC returns to normal log output.

This refresh also replaces the stale red checks-node-core-fast result from the old head with a current-head CI run.

* Keep log source metadata explicit

* ci: retrigger checks for PR #88159

* docs: clarify logs follow JSON source transitions

* fix(cli): keep journal logs responsive during recovery

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-01 06:55:11 -07:00
Wynne668
b6ad30625d fix(status): bound systemd service probes so status cannot hang on a wedged systemctl (#84698) (#94149)
* fix(status): bound systemd service probes so status cannot hang on a wedged systemctl (#84698)

* test(daemon): assert readRuntime receives the threaded status timeout opts (#84698)

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-01 06:52:14 -07:00
Wynne668
cb1e822f7a fix(cron): preserve provider/model on isolated-run timeout row (#95943)
* fix(cron): preserve provider/model on isolated-run timeout row

* fix(cron): carry provider/model/session into timer-built timeout rows

The reporter's blank cron_run_logs row (cron: job execution timed out
(last phase: ...)) comes from the wall-clock/cancel outcome built in
executeJobCoreWithTimeout, not the inner run catch the prior commit
patched (that catch result loses the Promise.race). Carry the
already-resolved attribution from watchdog-visible execution state into
the timer-built timeout and post-runner cancel outcomes so the persisted
row keeps provider/model/session. Pre-runner setup timeouts stay blank.

Refs #95873

* fix(cron): attribute timeout-disabled isolated-run operator-cancel rows

The timeoutSeconds:0 branch in executeJobCoreWithTimeout has no watchdog,
so it returned createOperatorCancellationOutcome() with no execution data
and never wired the execution callbacks. An operator-cancelled isolated run
with timeouts disabled still wrote a blank provider/model/session row.
Track the resolved identity locally from the same onExecutionStarted/
onExecutionPhase callbacks and carry it into the cancel outcome, matching
the timed branch. Adds a focused regression with negative control (#95873).

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-01 06:48:46 -07:00
dwc1997
f936c6b495 test(shared): add unit tests for human-readable list formatting
Squashed from PR #98605 after updating branch with current main and passing CI.
2026-07-01 06:42:54 -07:00
Masato Hoshino
5ada3acb5a feat(doctor): warn about in-flight cron jobs
Squashed from PR #98620 after updating branch with current main and passing CI.
2026-07-01 06:41:37 -07:00
Vincent Koc
2611ebeb2e test(ci): route shared temp-dir dependents 2026-07-01 06:16:30 -07:00
amittell
7b5d86e89a fix(subagent): preserve steered task text on restart redispatch
Squashed from PR #77539 after maintainer CI repair.
2026-07-01 06:14:00 -07:00
Peter Steinberger
e7c689f410 fix: restore tooling CI after transcript test addition (#98610)
* test: update transcript helper routing expectation

* test: update transcript helper routing expectation

---------

Co-authored-by: Peter Steinberger <58493+steipete@users.noreply.github.com>
2026-07-01 14:04:00 +01:00
Sanjay Santhanam
4dcd95d1bc fix(cli): show exit code when plugin npm install returns empty output (#98497)
* fix(cli): show exit code when npm install returns empty output

installPackageDir previously produced 'npm install failed:' with an empty
suffix when npm exited non-zero without writing to stdout or stderr. Users
running 'openclaw plugins install @openclaw/acpx' saw only that empty line
followed by the misleading hook-pack fallback error, leaving nothing
actionable in the output.

Add a small helper that keeps npm's own output when it exists but falls
back to reporting the exit code, signal, and termination reason when both
streams are empty. Regression tests cover the empty-output exit case and
the signal-terminated case; the existing stderr surfacing test still
passes unchanged.

Refs #98484

* fix(cli): narrow npm install failure diagnostics

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-01 05:04:27 -07:00
wangmiao0668000666
94cb14b97e fix(transcripts): close stream on parse failure 2026-07-01 04:52:13 -07:00
Peter Steinberger
60d55a1725 fix: restore main lint after timer repairs
Preserve the Tailscale timeout cleanup from #98134 and the Feishu TDZ fix from #98137 while satisfying the repository lint rules.

Credit: @zhangLei99586 authored both underlying fixes.

Co-authored-by: Peter Steinberger <58493+steipete@users.noreply.github.com>
Co-authored-by: zhangLei99586 <zhang.lei162@xydigit.com>
2026-07-01 04:43:24 -07:00
lizeyu
1b0b8c294a fix(reload): cancel deferred channel reload on restart
Fixes #79487
2026-07-01 04:35:16 -07:00
Moeed Ahmed
c99add65a2 fix(reply): honor suppressToolErrors for progress
5.22 already drops the tool-error WARNING text via payloads.ts, but the
error tool-result payload was still delivered as channel progress unless
sourceReplyDeliveryMode was message_tool_only. Operators who opt into
messages.suppressToolErrors expect no tool-error noise in chat at all.
Add a config-gated early-return in the onToolResult dispatch path so the
visible progress delivery is dropped too, matching the warning-text policy.
No-op unless messages.suppressToolErrors is true. Folds the mac-mini deploy
hotfix into the tracked branch.

(cherry picked from commit a973410e6d3ddbbaa4c3fb308ad4247274a9633a)

Co-authored-by: amittell <mittell@me.com>
2026-07-01 04:15:23 -07:00
zhangLei99586
3241936526 fix: clear Tailscale probe timeout
The checkBinary helper used Promise.race with a setTimeout-based timeout
but never cleared the timer when runExec completed first. Wrap the race
in a try/finally that clears the timer handle to avoid a dangling timer.
2026-07-01 04:08:39 -07:00
wm0018
dcc2db1825 feat(node): add gateway context path support 2026-07-01 03:58:47 -07:00
An Dang
98254634f1 fix(docker): reduce local build memory pressure 2026-07-01 03:58:21 -07:00
lizeyu
daffe593aa fix(embedded-agent): classify Cloudflare challenge HTML as upstream failure
* fix: #94432 classify Cloudflare challenge 403 as upstream_html instead of auth_html

* chore: trigger CI re-run for Real behavior proof validation

* fix: align Cloudflare challenge detector with shared challenge markers

Extend CLOUDFLARE_CHALLENGE_RE to also match cdn-cgi/challenge-platform
and challenge-error-text — patterns already recognized by the shared
STANDALONE_HTML_ERROR_HINT_RE in assistant-error-format.ts.

Add regression tests for both new marker variants to ensure coverage.

* fix(embedded-agent): suppress raw Cloudflare HTML in console after upstream_html reclassification

- Add upstream_html to RAW_ERROR_CONSOLE_SUPPRESSED_FAILURE_KINDS so
  Cloudflare challenge 403 pages classified as upstream_html do not
  leak raw HTML into lifecycle/failover console rawError= diagnostics
- Add regression test verifying upstream_html suppression in
  failover observation console messages

Re: #94432

---------

Co-authored-by: lzyyzznl <lzyyzznl@users.noreply.github.com>
Co-authored-by: lizeyu-xydt <lizeyu@xydigit.com>
2026-07-01 03:58:09 -07:00
Wynne668
2af2eb2dfb fix(message-tool): apply responsePrefix to outbound sends
* fix(message-tool): apply messages.responsePrefix to outbound sends

* fix(message-tool): interpolate responsePrefix templates on sends and skip unresolved model tokens
2026-07-01 03:57:30 -07:00
xingzhou
36e7f214db fix(sessions): preserve lineage metadata in JSON 2026-07-01 03:54:57 -07:00
Eldar Shlomi
5d52b5be38 fix(agents): skip implicit discovery in models replace mode
* fix(agents): skip implicit provider discovery when models.mode is 'replace' [AI-assisted]

resolveProvidersForModelsJsonWithDeps unconditionally awaited the implicit
provider resolver before honoring models.mode. With mode: 'replace' the user
opts out of discovery, so add a 3-line early-return guard that returns only the
explicit providers — eliminating the (slow) discovery pass for replace-mode.

Closes #66957.
AI-assisted contribution.

* chore: re-trigger CI (transient checkout/flaky core-check failures + cancelled gates; no code change)
2026-07-01 03:54:26 -07:00
VectorPeak
fbceb309e7 fix(media): normalize Windows inbound paths case-insensitively
* fix Windows inbound media path casing

* test: cover Windows inbound path casing

* test(plugin-sdk): cover media runtime inbound path casing
2026-07-01 03:53:54 -07:00
chenyangjun-xy
73e6a626b8 fix(usage-bar): use Object.hasOwn instead of in operator to avoid prototype chain pollution (#98503)
The in operator traverses the prototype chain, causing keys like toString,
constructor, valueOf, and __proto__ to incorrectly match Object.prototype
inherited properties in alias table lookups and map segment case lookups.
Replace with Object.hasOwn (ES2022) which only checks own properties.

Fixes #98466

Co-authored-by: Claude <noreply@anthropic.com>
2026-07-01 03:37:45 -07:00
Momo
91cfac8ee0 fix: allow config.patch with defaulted provider baseUrl (#98396)
Summary:
- Merged fix: allow config.patch with defaulted provider baseUrl after ClawSweeper review.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head 68fbf67640.
- Required merge gates passed before the squash merge.

Prepared head SHA: 68fbf67640
Review: https://github.com/openclaw/openclaw/pull/98396#issuecomment-4853365525

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
2026-07-01 10:30:40 +00:00
Vincent Koc
249d4904af fix(ci): route native locale refresh checks 2026-07-01 03:28:23 -07:00
Vincent Koc
9fd6ca9602 fix(i18n): route native inventory checks narrowly 2026-07-01 03:28:23 -07:00
LiLan0125
4391041026 fix(update): validate bundle plugin payloads by manifest contract (#98010)
* fix(update): validate bundle plugin payloads by manifest contract

Closes #97985

* fix(update): preserve native payload checks for dual-format plugins

* fix(update): satisfy payload validation lint

* fix(update): cover persisted marketplace bundles
2026-07-01 03:18:03 -07:00
Wynne668
dff45cae4c fix(code-mode): surface QuickJS error name and message to the model (#95906)
* fix(code-mode): surface QuickJS error name and message to the model

* fix(code-mode): preserve host error diagnostics

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-01 03:07:09 -07:00
Dallin Romney
129f1bcf28 test: fix stale core test type failures (#98551) 2026-07-01 03:01:46 -07:00
Omar Shahine
c92c33d108 feat(imessage): native poll support — create, read, vote (#98421)
* feat(imessage): add native poll action

Wire the imsg CLI 'poll send' bridge command into the iMessage channel
message-tool action surface, mirroring the existing Discord poll action.
Adds the 'poll' action (gate: polls), a sendPoll runtime, selector-gated
capability advertisement (pollPayloadMessage), config type + zod schema,
regenerated channel metadata, docs, and tests.

* feat(imessage): read inbound polls, vote, and suppress vote echo

Builds on the native poll send action:

- Inbound polls now render to the agent as a readable line (question +
  numbered options + tallies) instead of the raw 0xFFFD balloon placeholder,
  so a received poll no longer reads as an empty message.
- New `poll-vote` action casts a vote via `imsg poll vote`, resolving a
  1-based option index / text / UUID to the poll's option identifier.
- message_tool_only echo guard: the model tends to narrate its choice in a
  text reply right after voting ("Blue."), which is redundant since the vote
  shows on the poll. A new `poll_vote_echo` suppression reason (alongside
  inbound_metadata_echo / internal_runtime_context_echo) drops a send/reply
  that exactly restates the just-cast vote, using the option label imsg
  returns. Extra content passes through untouched.

* fix(imessage): gate poll-vote on imsg poll.vote rpc capability

Released imsg carries the pollPayloadMessage selector (poll create) but
predates the poll.vote CLI/RPC. Gating both poll and poll-vote on that
selector alone would advertise a vote action the released CLI rejects.
Gate poll-vote additionally on the advertised poll.vote rpc method so this
plugin can ship ahead of the imsg release.

* fix(imessage): enforce poll.vote capability at execution, not just discovery

Codex review flagged the discovery gate as bypassable: a caller that already
knows action=poll-vote skips describeMessageTool and reaches handleAction
directly. Add the same imessageRpcSupportsMethod(status, 'poll.vote') check in
the poll-vote execution path (after assertPrivateApiEnabled), so a direct
dispatch on released imsg fails closed with a clear message instead of an
opaque CLI rejection. Adds a negative handleAction test.

* fix(imessage): harden native poll support

* fix(message): validate targets before channel discovery

* fix(message): validate targets before channel discovery

---------

Co-authored-by: Omar Shahine <lobster@users.noreply.github.com>
Co-authored-by: Omar Shahine <10343873+omarshahine@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-01 10:48:32 +01:00
Peter Steinberger
aae1189d90 test: repair hosted CI baseline assertions (#98533) 2026-07-01 10:34:23 +01:00
Chris Anderson
f3ac874fd2 Recover archived (.reset) session transcripts in memory hook + session-logs skill (#71537)
* fix(session-memory): recover archived reset transcripts

* docs(session-logs): include archived transcripts in skill examples

Plain .jsonl globs miss .jsonl.reset.*Z and .jsonl.deleted.*Z files,
which still contain real transcript content. Add explicit guidance and
a list_session_transcripts helper so searches can opt in to full
history when needed.

Pairs with the session-memory recover-from-archive fix in the same
branch.

* docs(session-logs): scope nullglob and use while-read in helper

Address Greptile review feedback on PR #71537:

* nullglob is now saved and restored inside list_session_transcripts so
  the helper does not change the caller shell environment when sourced.
* Replace 'for f in $(list_session_transcripts)' tip with a 'while
  IFS= read -r' loop so paths with spaces or other IFS characters are
  handled correctly. Include a worked example using the same date+size
  listing the surrounding section already documents.

Doc only, no runtime behavior change.
2026-07-01 02:07:58 -07:00
Josh Avant
ba5244c189 fix: advertise route-aware LAN Control UI links (#98482)
* Route LAN pairing URLs by default route

* Advertise route-aware LAN Control UI links

* Fix route-aware LAN test mocks

* Narrow advertised LAN SDK export
2026-07-01 04:02:12 -05:00
NIO
7391024106 fix(config): warn when permission hardening fails during recovery (#95348)
Surface chmod failures during config backup restore, last-known-good
promotion/recovery, and prefix recovery instead of swallowing them silently.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-01 01:56:37 -07:00
Peter Lee
b9ae0a76fa test: prefer shared temp dir helpers in config, gateway, cron, crestodian, and state tests (#96711)
* fix: add temp dir cleanup to 14 P0 test files (Group A)

* fix: restore os import and fix fs.rmSync call in temp dir cleanup

* fix: use shared temp dir helpers in config, gateway, cron, crestodian, and state tests

* fix(test): rename underscore-prefixed temp dir vars and remove unused imports

* fix(test): remove unused path import in crestodian audit test

* fix(test): reorder expected plans to match buildVitestRunPlans output after rebase
2026-07-01 01:24:21 -07:00
dwc1997
dff572d78d test(agents): add unit tests for thinking block detection (#98370) 2026-07-01 01:23:30 -07:00
Yzx
7b8f50d229 fix: report codex chatgpt status auth (#91240) 2026-07-01 01:23:21 -07:00
sunlit-deng
95aced10b0 fix(agents): recover thinking errors from provider body (#98411) 2026-07-01 01:13:24 -07:00
dwc1997
d18b843a47 test(shared): add unit tests for account enabled guard (#98395) 2026-07-01 01:10:57 -07:00
Yuval Dinodia
7c5ce40598 fix(cron): keep provider-owned CLI sessions across the daily default reset (#98356)
The provider-owned CLI session exemption added for the gateway agent.run path
in #97931 was not applied to the non-gateway session resolvers. Scheduled
isolated-agent cron jobs run through runCronIsolatedAgentTurn ->
resolveCronSession, and the local openclaw command runs through resolveSession;
both called evaluateSessionFreshness directly with no provider-owned guard.

Under the default reset config a persistent-target cron job on a CLI runtime
(claude-cli, codex, gemini-cli) therefore rotated its session after the daily
boundary, minting a new sessionId and dropping the cliSessionBindings, so the
agent silently lost its underlying CLI conversation every morning and the
transcript was split. Because resolveCronSession also backs the heartbeat
runner, that surface was affected too.

Route both resolvers through the same
resetPolicy.configured !== true && hasProviderOwnedSession(entry) skip the
gateway and inbound paths already use. Explicit session.reset and configured
resets still rotate these sessions, and the command path still rotates when the
terminal main transcript is newer than the registry.
2026-07-01 01:10:21 -07:00
lizeyu
15bb4874bf fix(ports): validate lsof PID parsing before assignment (#98371)
* fix(ports): validate lsof PID parsing before assignment

Add Number.isFinite guard on lsof 'p' line PID parsing in
parseLsofOutput, consistent with the netstat branch in the same
function which already validates with Number.isNaN.

While the downstream if (current.pid) truthiness check catches
NaN (falsy), adding validation at the parse site is defense-in-
depth and eliminates an inconsistency within the same function.

* test(ports): add edge case tests for parseLsofOutput

Add test coverage for malformed lsof 'p' lines (empty PID, non-numeric
suffix), zero PID, and empty input to verify the Number.isFinite guard
correctly filters invalid entries.
2026-07-01 01:08:20 -07:00
Sahibzada
7cf3a56ade fix(agents): warn on cron announce skip (#90566)
* fix(agents): warn on cron announce skip

* fix(agents): gate cron announce skip warnings
2026-07-01 01:08:11 -07:00
pick-cat
302524bbd0 fix(infra): guard delivery queue inflate against corrupted entry_json (#98354)
* fix(infra): guard delivery queue inflate against corrupted entry_json

* fix(infra): use toSorted in delivery queue test
2026-07-01 01:07:44 -07:00