vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 10:10:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
37,734 Commits 1,843 Branches 149 Tags
955d62b952a1ca2df466d5a63a5ef8767f980e63
Commit Graph

7462 Commits

Author SHA1 Message Date
Pavan Kumar Gondhi
bdfb408ce6 fix(plugins): restrict bundled plugin dir resolution to trusted package roots (#73275) 
* fix: address issue

* fix: address review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address codex review feedback

* fix: address codex review feedback

* fix: address codex review feedback

* fix: address PR review feedback

* fix: address review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review feedback

* docs: add changelog entry for PR merge
 2026-04-28 21:35:32 +05:30
Pavan Kumar Gondhi
230f7122dd fix(security): prevent workspace PATH injection via service env and trash helpers (#73264) 
* fix: address issue

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address build feedback

* fix: address PR review feedback

* docs: add changelog entry for PR merge
 2026-04-28 21:30:51 +05:30
Ayaan Zaidi
c57960b8d1 fix(telegram): distill native metadata session key 2026-04-28 21:18:58 +05:30
MrBrain
c4f741e534 fix(telegram): persist native command metadata to target sessions 2026-04-28 21:18:58 +05:30
Harry Xie
891c7d9f1c fix(active-memory): align recall timeout with hook runner 
Fixes #72606.
 2026-04-28 10:15:01 -05:00
Tak Hoffman
f256eeba43 fix(active-memory): use bundled recall tool 
Fixes #73502.

Active Memory now allows its hidden recall sub-agent to use both bundled memory tool contracts: memory_recall for memory-lancedb and memory_search/memory_get for memory-core. The prompt prefers memory_recall when available and falls back to the legacy tool pair when that is the active backend surface.

Also updates Active Memory docs, QA mock fixtures, and debug parsing compatibility for the two recall paths.
 2026-04-28 09:03:47 -05:00
Radek Sienkiewicz
dd643c82b5 fix(whatsapp): expose Baileys socket timing (#73580) 
Merged via squash.

Prepared head SHA: d34755262f
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com>
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com>
Reviewed-by: @velvet-shark
 2026-04-28 15:46:47 +02:00
Joseph Krug
16906780fd feat(active-memory): return partial transcript on timeout (openclaw#73219) 
Verified:
- pnpm test extensions/active-memory/index.test.ts
- pnpm exec oxfmt --check --threads=1 extensions/active-memory/index.ts extensions/active-memory/index.test.ts CHANGELOG.md
- git diff --check

Co-authored-by: joeykrug <5925937+joeykrug@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-04-28 08:44:46 -05:00
Lidang Jiang
6d539db011 fix: support explicit active-memory chat types (openclaw#66285) 
Verified:
- pnpm install --frozen-lockfile
- pnpm test extensions/active-memory/config.test.ts extensions/active-memory/index.test.ts
- pnpm exec oxfmt --check --threads=1 CHANGELOG.md extensions/active-memory/index.ts extensions/active-memory/index.test.ts extensions/active-memory/config.test.ts extensions/active-memory/openclaw.plugin.json
- git diff --check

Co-authored-by: Lidang-Jiang <119769478+Lidang-Jiang@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-04-28 08:43:06 -05:00
quengh
373e7fc242 feat(active-memory): add allowedChatIds/deniedChatIds per-conversation filters (openclaw#67977) 
Verified:
- pnpm install --frozen-lockfile
- git diff --check
- pnpm exec oxfmt --check --threads=1 extensions/active-memory/index.ts extensions/active-memory/index.test.ts docs/concepts/active-memory.md CHANGELOG.md
- OPENCLAW_TEST_HEAVY_CHECK_LOCK_HELD=1 OPENCLAW_VITEST_FS_MODULE_CACHE_PATH=.vitest-cache-pr67977 pnpm test extensions/active-memory/index.test.ts extensions/active-memory/config.test.ts
- gh pr checks 67977 --repo openclaw/openclaw --required

Co-authored-by: quengh <3940773+quengh@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-04-28 08:37:55 -05:00
Spolen23
12aaef9035 Fix infer CLI reliability gaps (openclaw#63263) 
Verified:
- pnpm install --frozen-lockfile
- git diff --check
- pnpm test src/media-understanding/defaults.test.ts src/media-understanding/runner.vision-skip.test.ts src/media-understanding/runner.cli-audio.test.ts src/web-search/runtime.test.ts
- pnpm tsgo:test:src

Co-authored-by: Spolen23 <215900770+Spolen23@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-04-28 08:36:41 -05:00
SimbaKingjoe
bdb75bd8c7 fix(active-memory): skip payload-less memory_search toolResults in tr… (openclaw#68773) 
Verified:
- pnpm install --frozen-lockfile
- pnpm test extensions/active-memory/index.test.ts
- pnpm exec oxfmt --check --threads=1 extensions/active-memory/index.ts extensions/active-memory/index.test.ts CHANGELOG.md
- git diff --check origin/main..HEAD
- gh pr checks 68773 --repo openclaw/openclaw --required

Co-authored-by: SimbaKingjoe <126222269+SimbaKingjoe@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-04-28 08:20:13 -05:00
Alex Knight
7a23c18830 fix(acpx): validate runtime session mode at wrapper boundary (#73071) (#73548) 2026-04-28 22:35:25 +10:00
Alex Knight
e4ff7c1620 fix: Discord read/search timeout, session-key fallback, and gateway execution mode (#73521) 
* fix: Discord read/search timeout, session-key fallback, and gateway execution mode

- Add 15s timeout to readMessagesDiscord and searchMessagesDiscord so they
  fail fast instead of hanging indefinitely (#73431)
- Fall back to CommandTargetSessionKey in dispatchReplyFromConfig when
  SessionKey is empty, so Discord inbound message:received hooks fire
  reliably (#73431, refs #33038)
- Add resolveExecutionMode to Discord channel actions routing read/search
  through gateway timeout path, matching Telegram's pattern (#73431)

* fix: move timeout to fetch layer, drop send.messages wrapper

Inject AbortSignal.timeout into the Discord proxy-request-client fetch
wrapper so every Discord REST call gets a 15s timeout at the HTTP level.
This replaces the Promise.race wrapper in send.messages.ts — cleaner,
covers all calls, and actually aborts the TCP connection.

* fix: remove unused callerController variable in proxy-request-client test

* fix: remove unnecessary mergeAbortSignal helper
 2026-04-28 21:46:05 +10:00
Alex Knight
e84ebeafbd fix(memory-core): retry dreaming cron startup reconciliation (#73493) 
Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>
 2026-04-28 21:15:23 +10:00
Vincent Koc
d55c7ea997 fix(plugins): bound prompt memory recall latency 2026-04-28 03:46:18 -07:00
Peter Steinberger
5de284c2e3 fix(release): restore main release checks 2026-04-28 11:44:44 +01:00
Peter Steinberger
6dec2e1852 fix(telegram): scope native approvals by target account 2026-04-28 11:38:18 +01:00
Peter Steinberger
d770a3b786 test(memory): stabilize reindex and cron checks 2026-04-28 11:36:28 +01:00
Peter Steinberger
6a387afc53 refactor(memory-host): route sdk shims to package source 2026-04-28 11:36:28 +01:00
Peter Steinberger
5a1ff1347d fix(slack): bound inbound media downloads 2026-04-28 11:35:26 +01:00
Peter Steinberger
35bc13f9ef fix: prefer OpenAI media for Codex defaults 2026-04-28 11:30:17 +01:00
Vincent Koc
7950a18025 fix(whatsapp): recover stale listener after auth conflict churn (#72621) 
* fix(whatsapp): recover stale listener after auth conflict churn

* fix(whatsapp): block symlink auth cleanup escapes

* fix(whatsapp): refuse external auth cleanup
 2026-04-28 03:24:57 -07:00
Vincent Koc
e2f3044b8f fix(memory-wiki): route bridge CLI through gateway 
Route Memory Wiki bridge-mode status, doctor, and bridge import CLI paths through Gateway RPC when bridge artifact reads are active, while preserving local/offline fallbacks.

Harden Gateway CLI rendering and imported-source writes: validate RPC response shapes, bound response strings before rendering/JSON serialization, sanitize/escape terminal-controlled output, avoid redundant JSON forwarding, and replace imported source pages through a temp-file rename path with symlink and hardlink regressions.

Fixes #65722
Fixes #65976
Fixes #66082
Fixes #67979
Fixes #68371
Fixes #68828
Fixes #69019
Fixes #70181
Fixes #70242
Fixes #70842

Thanks @moorsecopers99, @vincentkoc, and @prasad-yashdeep.
 2026-04-28 03:22:12 -07:00
Peter Steinberger
1b13f53047 fix(ollama): reject garbled Kimi symbol output 2026-04-28 11:20:15 +01:00
Peter Steinberger
6cc6996a1c fix(slack): tune socket mode pong timeout 2026-04-28 11:13:03 +01:00
Gabriel Kripalani
17ef9ef895 feat(openrouter): add video generation provider (#72700) 
Adds OpenRouter video generation via video_generate, with hardened async polling/download handling, docs, and regression coverage.

Validation:
- pnpm test src/plugins/plugin-lookup-table.test.ts src/secrets/target-registry.fast-path.test.ts src/gateway/server-startup-post-attach.test.ts extensions/openrouter/video-generation-provider.test.ts src/video-generation/live-test-helpers.test.ts src/media-generation/provider-capabilities.contract.test.ts src/agents/pi-embedded-helpers/failover-matches.test.ts src/plugins/manifest-metadata-scan.test.ts src/agents/openai-transport-stream.test.ts src/media-understanding/openai-compatible-audio.test.ts src/agents/schema-normalization-runtime-contract.test.ts src/agents/provider-request-config.test.ts src/plugin-sdk/provider-stream.test.ts src/agents/pi-embedded-runner/run/attempt.spawn-workspace.websocket.test.ts -- --reporter=verbose
- OPENCLAW_LIVE_TEST=1 OPENCLAW_LIVE_TEST_QUIET=0 OPENCLAW_LIVE_VIDEO_GENERATION_MODELS=openrouter/google/veo-3.1-fast pnpm test:live src/video-generation/video-generation.live.test.ts -- --runInBand

Co-authored-by: notamicrodose <gabrielkripalani@me.com>
 2026-04-28 10:57:31 +01:00
Vincent Koc
058b57867e fix(qwen): allow explicit qwen3.6-plus on Coding Plan (#72664) 2026-04-28 02:38:47 -07:00
Peter Steinberger
b4ffef5c5f fix(plugins): prune inactive bundled runtime deps 2026-04-28 10:34:24 +01:00
Vincent Koc
aa2f964bda fix(mattermost): keep inspector capture quiet 2026-04-28 02:19:57 -07:00
Vincent Koc
ad954dd1ca test(plugins): fix codex inspector capture regression 2026-04-28 02:19:56 -07:00
Vincent Koc
5f3b8b4100 fix(plugins): harden inspector runtime capture 2026-04-28 02:19:56 -07:00
Peter Steinberger
62997f7fce fix(deepseek): backfill v4 assistant reasoning replay 2026-04-28 10:07:39 +01:00
Peter Steinberger
8a98c08c8a fix(mattermost): avoid system events for user posts 2026-04-28 09:41:04 +01:00
Peter Steinberger
732e5805e3 fix(ollama): preserve configured native thinking 2026-04-28 09:20:44 +01:00
Peter Steinberger
67b16a4a6d fix: centralize source reply delivery mode 2026-04-28 09:14:19 +01:00
Peter Steinberger
4e921808d1 fix(line): persist inbound media in shared store 2026-04-28 09:12:11 +01:00
Vincent Koc
a9a689ed2a fix(plugins): keep qa sdk aliases private 2026-04-28 01:01:19 -07:00
Peter Steinberger
f3191b7962 fix(agents): abort stalled Anthropic SSE reads 2026-04-28 09:00:37 +01:00
scoootscooob
3c636208b0 fix(messages): keep group replies tool-only by default 
Rewrites the always-on reply handling so group/channel rooms default to message-tool-visible output, while `messages.groupChat.visibleReplies: \"automatic\"` preserves legacy auto-posting.\n\nThanks @scoootscooob.
 2026-04-28 07:36:43 +01:00
Peter Steinberger
f321036a00 fix(acpx): tolerate wrapper chmod failures 2026-04-28 07:30:00 +01:00
darkamenosa
cb8b327488 fix(zalouser): persist refreshed session cookies 
Persist refreshed `zca-js` session cookies after QR login, session restore, and successful API calls so gateway restarts restore the freshest local Zalo Personal session.

- Adds stable credential cookie signatures so equivalent cookie-jar reorderings do not rewrite credentials.
- Adds regression coverage for reordered live cookie jars preserving credential file content and mtime.
- Updates CHANGELOG.md: (#73277) Thanks @darkamenosa.

Co-authored-by: Tuyen <hxtxmu@gmail.com>
Co-authored-by: Frank Yang <frank.ekn@gmail.com>
 2026-04-28 14:26:37 +08:00
Shakker
7b3d3ce361 feat: declare together model catalog 2026-04-28 07:25:03 +01:00
Shakker
1aa62c0b0a feat: declare fireworks model catalog 2026-04-28 07:25:03 +01:00
Peter Steinberger
9b556291e9 test(openai): split codex catalog fixtures 2026-04-28 07:04:22 +01:00
Peter Steinberger
4397717322 fix(telegram): report unauthorized startup tokens 2026-04-28 06:50:51 +01:00
Peter Steinberger
dc6031197b fix(models): hide unsupported codex mini route 2026-04-28 06:43:51 +01:00
Ke Wang
b4e9f1bd1c fix(memory-core): cap detached dream narratives (#73287) 
Cap detached Dream Diary narrative subagent runs across cron dreaming sweeps so multi-workspace runs cannot fan out unbounded subagent sessions.

Adds regression coverage that queued detached narratives resume and clean up, plus a unit-fast lane correction for the security symlink audit test.
 2026-04-28 06:42:07 +01:00
Peter Steinberger
59a4d7fb06 fix(telegram): normalize bot endpoint api roots 2026-04-28 06:36:38 +01:00
Vincent Koc
4c72e605cd fix(feishu): recover mojibake filenames from Content-Disposition (#72388) 2026-04-27 22:23:16 -07:00