openclaw

mirror of https://github.com/openclaw/openclaw.git synced 2026-06-25 15:59:34 +00:00

Author	SHA1	Message	Date
Vincent Koc	6774e7f259	chore(release): sync main to 2026.6.8	2026-06-17 07:25:30 +08:00
Shakker	920e6a8eec	chore: set version 2026.6.9	2026-06-16 19:54:07 +01:00
Rohit	e55cebf4c2	fix(canvas): validate CLI numeric options Validate Canvas CLI numeric arguments before node invocation. - Reject malformed `--invoke-timeout` values through the shared Canvas invoke path before resolving a node. - Keep snapshot `--quality` bounded to the existing Canvas tool schema range of 0..1. - Add focused CLI regressions for timeout validation, quality bounds, and accepted boundary values. Verification: - `node scripts/run-vitest.mjs extensions/canvas/src/cli.test.ts --maxWorkers=1` - `.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main ...` - AWS Crabbox `cbx_b7838c58daba`, run `run_bbb58ca536f4`: `check:changed` - Exact PR head `a970ce594ea6e7284ace519352fc258b1b81cb80`: GitHub checks green	2026-06-14 07:39:17 +08:00
Peter Steinberger	68222ba5e3	fix: harden websocket payload handling	2026-06-12 21:03:10 -07:00
Peter Steinberger	6f2b3830f1	fix(qqbot): migrate group tool policy config (#91128 ) * fix(qqbot): migrate group tool policy config * test: stabilize changed check lanes * style: format changed main files * test: align CI matrix expectations	2026-06-07 02:33:06 -07:00
Peter Steinberger	4fa5092cdc	docs: document small extension sources	2026-06-04 21:02:07 -04:00
Peter Steinberger	4726aaa08c	docs: document canvas plugin	2026-06-04 08:07:38 -04:00
Peter Steinberger	1878ca0820	chore(release): prepare 2026.6.2 beta	2026-06-04 00:06:52 +01:00
Vincent Koc	28a2e795da	test(canvas): pin a2ui compatibility assets	2026-06-04 00:58:33 +02:00
Vincent Koc	8fe67e4b70	test(canvas): verify a2ui compatibility assets	2026-06-04 00:45:34 +02:00
Peter Steinberger	e254346bc2	chore(release): prepare 2026.6.3 beta	2026-06-03 23:42:34 +01:00
Vincent Koc	ec47d1cdd5	fix(canvas): restore A2UI compatibility assets	2026-06-03 17:31:15 +02:00
Vincent Koc	3a64302585	test(canvas): cover A2UI static asset compatibility	2026-06-03 16:42:55 +02:00
Peter Steinberger	a14eacf372	chore(release): set version 2026.6.2	2026-06-01 23:06:55 +01:00
Peter Steinberger	8e28c773fe	chore(release): prepare 2026.6.1	2026-06-01 10:30:15 +01:00
Peter Steinberger	27dde7a4d6	chore(lint): enable stricter error rules	2026-06-01 01:12:21 +01:00
Peter Steinberger	22cb7fb6b7	chore(lint): enable no-promise-executor-return	2026-05-31 23:06:13 +01:00
Peter Steinberger	b653d94918	chore(lint): enable no-useless-assignment	2026-05-31 22:40:48 +01:00
Peter Steinberger	0d17623f00	chore: bump OpenClaw version to 2026.5.31 Bumps OpenClaw release metadata to 2026.5.31 across package manifests, app version files, plugin metadata, changelog headings, and generated shrinkwraps. Verification: - pnpm plugins:sync:check - pnpm ios:version:check - pnpm deps:shrinkwrap:check - git diff --check - stale 2026.5.30/build-code scan across changed files - autoreview clean: no accepted/actionable findings - PR CI green for real gates: Checks, security scans, dependency guard, app lanes, real behavior proof Known non-code workflow issue: - label workflow failed because this PR hits GitHub's 100-label issue cap before the size-label step.	2026-05-31 14:46:17 +01:00
Peter Steinberger	48ccc50282	chore: update dependencies	2026-05-31 09:07:53 +01:00
Peter Steinberger	deb7bc6539	chore(lint): enable readability lint rules	2026-05-31 07:17:57 +01:00
scotthuang	7920af0c9e	refactor: route browser screenshot vision through shared media understanding * feat(browser): add optional vision understanding to screenshot tool * fix(browser): wrap vision output as external content, enforce maxBytes, forward auth profiles * fix(browser): remove no-op scope/attachments config, drop profile pass-through lacking runtime support * feat(media-understanding): add profile/preferredProfile to DescribeImageFileWithModelParams and forward to describeImage * style(browser): add curly braces to satisfy eslint curly rule * fix(browser): correct tools.browser.enabled help text to match actual behavior * fix(browser): thread agentDir/workspaceDir from plugin tool context into browser vision * refactor(browser): move vision config from tools.browser to browser.models The browser plugin's vision configuration now lives on the top-level `browser` config namespace (browser.models, browser.visionEnabled, browser.visionPrompt, etc.) instead of `tools.browser`. This aligns with the plugin's existing config location and avoids confusion between tool-level and plugin-level settings. - Remove tools.browser from ToolsSchema and ToolsConfig - Add models/vision* fields to BrowserConfig and its zod schema - Update getBrowserVisionConfig to read from cfg.browser - Update schema help, labels, and quality test - Update vision.test.ts to use new config shape * docs(browser): add screenshot vision configuration section Document the new browser.models config for automatic screenshot description via vision models, enabling text-only main models to reason about web page content. * fix(browser): remove deliverable media markers from vision result, drop unused import P1: Vision-success path no longer exposes the raw screenshot as deliverable media (removes MEDIA: line and details.media.mediaUrl). This prevents channel delivery from auto-sending sensitive page content when the intended output is a text description. P2: Remove unused ToolsMediaUnderstandingSchema import that would fail noUnusedLocals typecheck. * fix(browser): add command/args fields to browser models schema The browser vision model schema uses .strict(), so CLI-type entries with command/args were rejected by TypeScript. Add these fields to align with MediaUnderstandingModelSchema. * chore(browser): remove debug console.log statements * fix(browser): harden screenshot vision result against MEDIA: directive injection and restore image sanitization on failure fallback ClawSweeper #84247 review round 2: P1 (security, high): neutralize line-start MEDIA: directives in vision descriptions before wrapping with wrapExternalContent. The agent media extractor scans every browser tool-result text block via splitMediaFromOutput which treats line-start MEDIA: as a trusted local-media delivery directive, and browser is on the trusted-media allowlist. Without neutralization, page or vision-provider output containing 'MEDIA:/tmp/secret.png' could synthesize a channel-deliverable media artifact from untrusted content. wrapExternalContent itself does not strip line-start directives. Introduce neutralizeMediaDirectives in vision.ts that prepends '[neutralized] ' to any line whose trimStart() begins with MEDIA: (case-insensitive), defanging the parser anchor while keeping the original text human-readable. P2 (compatibility): pass resolveRuntimeImageSanitization() to imageResultFromFile in the vision-failure catch fallback. The non-vision screenshot path already forwards this option (`d5cc0d53b7`) so configured agents.defaults.imageMaxDimensionPx takes effect. Without this fix, any provider timeout/error silently bypasses the sanitization guard and returns a raw full-resolution screenshot. Regression coverage: - vision.test.ts: 6 unit cases for neutralizeMediaDirectives (no-op fast path, mid-line MEDIA: untouched, line-start defanged, leading-whitespace defanged, case-insensitive, multiple directives per blob). - browser-tool.test.ts: 2 integration cases that drive the full screenshot tool execute path: - 'neutralizes MEDIA: directives in vision text and does not attach media' asserts no line matches /^\sMEDIA:/i in returned text, secret path text is preserved verbatim, details.media is absent, and imageResultFromFile is not called on the success path. - 'preserves screenshot image sanitization on vision failure fallback' mocks describeImageFileWithModel to reject and asserts the fallback imageResultFromFile call receives imageSanitization: {maxDimensionPx:1600} plus the 'browser screenshot vision failed' extraText. fix(browser): apply clawsweeper fallback media fix from PR #84247 * refactor: reuse media image understanding for browser screenshots * refactor: use structured media delivery * test: update music completion media instruction expectation * fix: trim buffered reply directive padding * test: refresh codex prompt snapshots for message media aliases --------- Co-authored-by: scotthuang <scotthuang@tencent.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>	2026-05-31 00:00:19 +01:00
Peter Steinberger	cd07d013ba	chore(release): bump version to 2026.5.30	2026-05-30 06:49:13 +01:00
Peter Steinberger	e9d49299d6	fix(canvas): default malformed host base paths	2026-05-29 01:34:30 -04:00
Peter Steinberger	61cf005437	fix: normalize canvas numeric params	2026-05-28 20:45:27 -04:00
Dallin Romney	3005b62242	perf(plugins) refactor plugin SDK declarations for flat package types (#87165 ) * refactor: flatten plugin sdk declarations * fix: align package inventory with flat sdk declarations * refactor: move packed sdk smoke to fixture * test: simplify packed sdk type smoke * fix(canvas): use focused number runtime helpers * fix(ci): stabilize sdk boundary checks * test: guard private sdk declaration leaks Co-authored-by: Peter Steinberger <steipete@gmail.com> --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>	2026-05-27 19:22:32 -07:00
Peter Steinberger	cee2a50fe6	chore(release): prepare 2026.5.28	2026-05-28 01:48:07 +01:00
Peter Steinberger	2f710f5604	fix(ci): avoid deprecated sdk import in canvas cli	2026-05-27 14:57:00 -04:00
Peter Steinberger	0f5ea87244	fix(cli): reject partial numeric options	2026-05-27 14:36:06 -04:00
Peter Steinberger	7aaca4a8a6	chore(release): prepare 2026.5.27	2026-05-27 16:53:50 +01:00
Vincent Koc	fb853de554	fix(scripts): preserve native pnpm exec paths	2026-05-26 17:36:48 +02:00
Peter Steinberger	884d346999	fix(canvas): reject invalid snapshot formats	2026-05-26 12:42:36 +01:00
Peter Steinberger	d00d0a21c2	chore: bump OpenClaw to 2026.5.26	2026-05-26 01:26:00 +01:00
Peter Steinberger	cda7c30150	build: refresh dependency pins (#86628 ) * build: refresh dependencies * build: align pi fallback version	2026-05-25 21:55:46 +01:00
Peter Steinberger	77d9ac30bb	refactor: reuse shared coercion helpers (#86419 ) * refactor: share talk event metric extraction * refactor: reuse shared coercion helpers * refactor: reuse shared primitive guards * refactor: reuse shared record guard * refactor: reuse shared primitive helpers * refactor: reuse shared string guards * refactor: reuse shared non-empty string guard * refactor: share plugin primitive coercion helpers * refactor: reuse plugin coercion helpers * refactor: reuse plugin coercion helpers in more plugins * refactor: reuse channel coercion helpers * refactor: reuse monitor coercion helpers * refactor: reuse provider coercion helpers * refactor: reuse core coercion helpers * refactor: reuse runtime coercion helpers * refactor: reuse helper coercion in codex paths * refactor: reuse helper coercion in runtime paths * refactor: reuse codex app-server coercion helpers * refactor: reuse codex record helpers * refactor: reuse migration and qa record helpers * refactor: reuse feishu and core helper guards * refactor: reuse browser and policy coercion helpers * refactor: reuse memory wiki record helper * refactor: share boolean coercion helpers * refactor: reuse finite number coercion * refactor: reuse trimmed string list helpers * refactor: reuse string list normalization * refactor: reuse remaining string list helpers * refactor: reuse string entry normalizer * refactor: share sorted string helpers * refactor: share string list normalization * test: preserve command registry browser imports * refactor: reuse trimmed list helpers * refactor: reuse string dedupe helpers * refactor: reuse local dedupe helpers * refactor: reuse more string dedupe helpers * refactor: reuse command string dedupe helpers * refactor: dedupe memory path lists with helper * refactor: expose string dedupe helpers to plugins * refactor: reuse core string dedupe helpers * refactor: reuse shared unique value helpers * refactor: reuse unique helpers in agent utilities * refactor: reuse unique helpers in config plumbing * refactor: reuse unique helpers in extensions * refactor: reuse unique helpers in core utilities * refactor: reuse unique helpers in qa plugins * refactor: reuse unique helpers in memory plugins * refactor: reuse unique helpers in channel plugins * refactor: reuse unique helpers in core tails * refactor: reuse unique helper in comfy workflow * refactor: reuse unique helpers in test utilities * refactor: expose unique value helper to plugins * refactor: reuse unique helpers for numeric lists * refactor: replace index dedupe filters * refactor: reuse string entry normalization * refactor: reuse string normalization in plugin helpers * refactor: reuse string normalization in extension helpers * refactor: reuse string normalization in channel parsers * refactor: reuse string normalization in memory search * refactor: reuse string normalization in provider parsers * refactor: reuse string normalization in qa helpers * refactor: reuse string normalization in infra parsers * refactor: reuse string normalization in messaging parsers * refactor: reuse string normalization in core parsers * refactor: reuse string normalization in extension parsers * refactor: reuse string normalization in remaining parsers * refactor: reuse string normalization in final parser spots * refactor: reuse string normalization in qa media helpers * refactor: reuse normalization in provider and media lists * refactor: reuse normalization for remaining set filters * refactor: reuse normalization in policy allowlists * refactor: reuse normalization in session and owner lists * refactor: centralize primitive string lists * refactor: reuse lowercase entry helpers * refactor: reuse sorted string helpers * refactor: reuse unique trimmed helpers * refactor: reuse string normalization helpers * refactor: reuse catalog string helpers * refactor: reuse remaining string helpers * refactor: simplify remaining list normalization * refactor: reuse codex auth order normalization * chore: refresh plugin sdk api baseline * fix: make shared string sorting deterministic * chore: refresh plugin sdk api baseline * fix: align host env security ordering	2026-05-25 21:20:41 +01:00
Peter Steinberger	0cba872e38	chore: bump version to 2026.5.24	2026-05-24 02:40:16 +01:00
Peter Steinberger	4df34cb790	chore(release): bump version to 2026.5.22	2026-05-22 21:25:16 +01:00
Peter Steinberger	e2c92be90b	chore(release): bump version to 2026.5.21	2026-05-22 00:09:45 +01:00
Vincent Koc	88c49f9e68	chore(deadcode): dedupe repeated helpers	2026-05-21 18:47:09 +08:00
Peter Steinberger	7b9066120a	chore(release): bump version to 2026.5.20	2026-05-20 21:58:56 +01:00
Peter Steinberger	c1579b7727	chore: bump release version to 2026.5.19	2026-05-18 23:11:42 +01:00
Peter Steinberger	4f4d108639	chore(lint): remove underscore-dangle allow list (#83542 ) * chore(lint): reduce underscore-dangle exceptions * chore(lint): reduce more underscore exceptions * chore(lint): remove underscore-dangle allow list * fix(lint): repair underscore cleanup regressions * test(lint): track version define suppression	2026-05-18 14:56:06 +01:00
Peter Steinberger	1d22578c6c	chore: drop generated artifacts from refactor branch	2026-05-17 00:10:29 +01:00
Peter Steinberger	07f05e972e	refactor: move inbound event classification into core	2026-05-17 00:10:29 +01:00
Peter Steinberger	9c5acb7ea3	chore: release 2026.5.17	2026-05-16 10:11:41 +01:00
Vincent Koc	f553dad560	Reapply "chore(release): set 2026.5.16 version" This reverts commit `73aab6abd8`.	2026-05-16 08:59:33 +08:00
Vincent Koc	73aab6abd8	Revert "chore(release): set 2026.5.16 version" This reverts commit `b7e8f6da6a`.	2026-05-16 08:20:19 +08:00
Peter Steinberger	b7e8f6da6a	chore(release): set 2026.5.16 version	2026-05-15 22:06:19 +01:00
Pavan Kumar Gondhi	238b0fc76f	fix(canvas): validate snapshot response formats [AI] (#81881 ) * fix: validate canvas snapshot formats * addressing codex review * docs: add changelog entry for PR merge	2026-05-15 14:51:38 +05:30
Peter Steinberger	4a188e7ca5	chore: update dependencies	2026-05-15 07:28:28 +01:00

1 2

94 Commits