Commit Graph

8603 Commits

Author SHA1 Message Date
Suhruth Vuppala
4440226d52 test(discord): clarify and guardrail gateway proxy selection (#99126)
* feat(discord): add HTTP_PROXY/HTTPS_PROXY env fallback for gateway WebSocket

Discord Gateway WebSocket connections now honor HTTP_PROXY/HTTPS_PROXY
environment variables as fallback before direct connection, matching the
existing pattern from Discord REST API and WhatsApp.

This enables Discord channel deployment in Kubernetes/OpenShift environments
with network policy egress restrictions, removing the need for broad :443
egress as a workaround.

- Add createEnvProxyDiscordGatewayAgent() helper (mirrors rest-fetch.ts pattern)
- Try env proxy before direct HttpsAgent in createDiscordGatewayPlugin()
- Explicit channels.discord.proxy still overrides env proxy
- Add formatErrorMessage and resolveEnvHttpProxyAgentOptions imports

Fixes #98266

* test(discord): keep gateway proxy explicit

Signed-off-by: sallyom <somalley@redhat.com>

* fix(discord): allow explicit remote proxy URLs

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: sallyom <somalley@redhat.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-07-02 20:27:19 -05:00
Peter Steinberger
af9ab9f193 fix(android): use Bluetooth microphones for voice capture (#99259)
* fix(android): route voice capture through Bluetooth microphones

* chore(i18n): refresh Android voice source inventory
2026-07-02 16:44:40 -07:00
Ted Li
b67df3797a fix(telegram): explain disabled plugin approval failures (#95973)
* fix: explain disabled Telegram plugin approvals

* fix: handle disabled Telegram native plugin approvals

* fix: resolve exec approval surface independently

* fix: tie plugin approval setup guidance to plugin surface

* Revert "fix: tie plugin approval setup guidance to plugin surface"

This reverts commit 34e3c10e23.

* fix: gate plugin approval setup guidance

* fix: gate plugin approval availability by delivery

* fix: preserve plugin approval approver auth

* fix: make plugin setup guidance explicit

* test: trim approval guidance proof radius

* Avoid setup guidance on routed approval timeout

* Carry plugin approval delivery route into timeouts

* Keep turn-source approval route visible

* fix(approvals): prefer delivered approval clients

* fix(approvals): prefer delivered approval clients

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-02 14:15:25 -07:00
Eva
46598a120f fix: OAuth refresh failures report reauth instead of stale success (#99134)
Fail closed when managed OpenAI OAuth refresh fails instead of silently falling back to stale external Codex CLI credentials.

Make managed provider OAuth authoritative after bootstrap, preserve API-key and non-OpenAI external CLI behavior, and surface targeted re-auth guidance without exposing profile IDs in group/channel replies.

Fixes #99120.

Co-authored-by: Eva <239388517+100yenadmin@users.noreply.github.com>
2026-07-02 13:50:25 -07:00
PollyBot13
8b99c45bbb fix: route iOS OpenAI realtime Talk through WebRTC (#98563)
* fix: route iOS OpenAI realtime talk through WebRTC

* fix(ios): harden native realtime routing

* fix(ios): preserve realtime route ownership

* fix(ios): balance realtime audio sessions

* chore(ios): sync native i18n inventory

* fix(ios): preserve Azure realtime relay

* fix(ios): harden realtime session recovery

* chore(ios): sync native i18n inventory

* fix(ios): preserve selected Azure realtime routing

* fix(ios): rotate terminal realtime sessions

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-02 12:49:23 -07:00
Peter Lee
2d764dd8fe fix(feishu): preserve button command values in fallback text and add Feishu comment guidance with callback privacy (#94385)
* fix(interactive): preserve button command values in fallback text for degraded approval UX

* fix(interactive): keep callback values private in fallback text and narrow Feishu interactive detection

- P1: Skip rendering action.type === "callback" values in
  renderMessagePresentationFallbackText to avoid leaking opaque
  channel/plugin data into user-visible text. Command and legacy
  values are still rendered.
- P2: Replace hasMessagePresentationBlocks/hasInteractiveReplyBlocks
  with isMessagePresentationInteractiveBlock so Feishu comment
  guidance only appears when the presentation actually contains
  buttons or selects, not for text-only blocks.
- Update tests: callback button now shows label-only; all 137 tests pass.

* fix(interactive): only render typed command values in fallback text, keep legacy value private

* fix(feishu): gate document-comment command guidance on actual command action

* docs(message-presentation): document command/callback value fallback visibility

* fix(feishu): omit command guidance when URL overrides fallback command text

* docs: regenerate docs_map.md

* fix(interactive): exclude disabled buttons from fallback command rendering and guidance

* fix(interactive): extract hasRenderedCommandAction, exclude disabled buttons from command fallback

* fix(feishu): preserve command guidance marker through core presentation rendering

* fix(feishu): type-narrow channelData.feishu with isRecord before reading rendered-command marker

* fix(feishu): move hasRenderedCommandAction from public SDK into Feishu plugin as local helper

Keep the helper local to the only caller (Feishu outbound) instead of
adding a new public plugin SDK API contract. The shared fallback renderer
in renderMessagePresentationFallbackText already inlines the same
command-visibility logic; a local helper is sufficient for the Feishu
comment-thread guidance gate.

* refactor(feishu): tighten fallback command marker

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-02 12:42:31 -07:00
Ayaan Zaidi
dad7768da8 docs(telegram): document group history removal 2026-07-02 09:22:59 -07:00
Mason Huang
b60e8c4838 ci: add process exec CodeQL security shard (#92667)
Summary:
- The PR adds a `process-exec-boundary` CodeQL high-security shard, wires it into the CodeQL workflow, expands PR path triggers for process-owning plugin/script paths, and updates CI docs.
- PR surface: Docs +1, Config +87. Total +88 across 3 files.
- Reproducibility: not applicable. this is CI/security-scanner configuration rather than a runtime bug. The behavior is source-reviewable and the exact-head `Security High (process-exec-boundary)` check passed.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head 066d54b633.
- Required merge gates passed before the squash merge.

Prepared head SHA: 066d54b633
Review: https://github.com/openclaw/openclaw/pull/92667#issuecomment-4698545987

Co-authored-by: Mason Huang <masonxhuang@tencent.com>
Approved-by: hxy91819
2026-07-02 12:50:45 +00:00
Peter Steinberger
be5906e19d fix(cron): restore persistent session targets (#98947)
Cron jobs run in the session they were created from unless the job explicitly requests an isolated fresh session.

Co-authored-by: Peter Steinberger <58493+steipete@users.noreply.github.com>
2026-07-02 07:48:50 +01:00
Vincent Koc
87178b8466 chore(config): refresh documentation baseline 2026-07-01 19:49:38 -07:00
Mason Huang
5ff247b99e test: prefer auto-cleaning temp dir helper (#93209)
Summary:
- The branch adds `useAutoCleanupTempDirTracker()`, broadens the temp-dir warning reporter to flag new manual helper imports/usages, updates docs, and migrates two script tests to the new helper.
- PR surface: Tests +301, Docs +1, Other +248. Total +550 across 8 files.
- Reproducibility: not applicable. this is test/tooling cleanup, and the changed behavior is exercised through helper/reporter tests and CI evidence rather than a user reproduction path.

Automerge notes:
- PR branch already contained follow-up commit before automerge: test: harden temp dir helper guard
- PR branch already contained follow-up commit before automerge: test: clarify auto cleanup temp dir helper name
- PR branch already contained follow-up commit before automerge: test: cover existing mkdtemp temp dir forms
- PR branch already contained follow-up commit before automerge: test: read staged temp helper source from index

Validation:
- ClawSweeper review passed for head 1fdd7d2a9a.
- Required merge gates passed before the squash merge.

Prepared head SHA: 1fdd7d2a9a
Review: https://github.com/openclaw/openclaw/pull/93209#issuecomment-4705653665

Co-authored-by: Mason Huang <masonxhuang@tencent.com>
Approved-by: hxy91819
2026-07-02 02:46:28 +00:00
Josh Avant
0cdce79221 docs: update mobile app release messaging (#98843) 2026-07-01 21:11:56 -05:00
Peter Steinberger
17482a4026 fix(ci): restore docs and test type checks (#98792) 2026-07-02 00:36:52 +01:00
anagnorisis2peripeteia
6df7db9f9e feat(cli): add attach launcher (#96454)
* feat(cli): openclaw attach — launch Claude Code bound to a gateway session with scoped MCP tools
* fix(cli): use token-only MCP config for attach

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-07-01 15:52:39 -07:00
Kevin Lin
d9b5afad18 fix(codex): rename destructive approval mode to ask (#98501)
* fix(codex): rename destructive approval mode to ask

* fix(codex): keep ask reviewer app-scoped

* test: fix current-main CI regressions
2026-07-01 15:14:55 -07:00
Josh Avant
eb417fa206 fix: diagnose Windows LAN Gateway firewall blocks (#98666)
* Diagnose Windows LAN Gateway firewall blocks

* Fix Windows firewall diagnostic lint

* fix: gate gateway firewall diagnostics to local targets

* fix: keep firewall inspection off critical flows
2026-07-01 16:24:16 -05:00
Ayaan Zaidi
bc7f9a36ec fix(cron): detach session-targeted cron runs (#98755)
* fix(cron): detach session-targeted runs
* fix(tasks): cancel stale childless cron rows

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-07-01 14:04:25 -07:00
Peter Steinberger
24d94a54a5 fix: migrate QQBot credential backups to SQLite KV (#89597)
* fix: migrate qqbot credential backups to sqlite kv

* fix: complete qqbot sqlite migration cleanup

* fix: harden qqbot doctor state migration
2026-07-01 20:03:59 +01:00
Mark
5db7c3797d Fix Telegram plugin callback routing (#97174)
* fix telegram plugin callback routing

* Add Telegram callback proof coverage

* Fix proof script lint

* Fix Telegram proof CI regressions

* test: fix telegram callback proof CI regressions

* fix: retire registry-owned callbacks

* fix: retire registry-owned callbacks

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-01 19:49:54 +01:00
Agustin Rivera
fe43343af0 fix(nvidia): use Nemotron Super 1M context (#98726)
* fix(nvidia): correct Nemotron Super context
2026-07-01 11:46:06 -07:00
Ayaan Zaidi
53fe2e4bc3 refactor(auth): simplify codex login follow-up 2026-07-01 11:16:49 -07:00
Josh Lehman
bde0e4541e refactor: share codex login flow helpers 2026-07-01 11:16:49 -07:00
Eva
af8a4540ed Address Codex login review feedback 2026-07-01 11:16:49 -07:00
Eva
918612513f Use nondeprecated provider auth SDK path 2026-07-01 11:16:49 -07:00
Ayaan Zaidi
4895a00b94 fix(usage): tidy compact footer defaults 2026-07-01 09:59:37 -07:00
Ayaan Zaidi
a5e11c0083 fix(plugin-sdk): honor suppressReply across native commands 2026-07-01 09:09:45 -07:00
Alex
6f809195b1 docs(sdk): document suppressReply as Telegram-only in SDK overview 2026-07-01 09:09:45 -07:00
JC
bd5bf4820a fix(cli): retry logs.tail after journal fallback in logs follow (#88159)
* fix(cli): retry logs.tail after journal fallback in logs follow

Rebase #88159 onto current main and keep systemd journal fallback temporary in follow mode. Preserve the journal cursor across repeated fallback outages, but retry logs.tail on the next loop so recovered Gateway RPC returns to normal log output.

This refresh also replaces the stale red checks-node-core-fast result from the old head with a current-head CI run.

* Keep log source metadata explicit

* ci: retrigger checks for PR #88159

* docs: clarify logs follow JSON source transitions

* fix(cli): keep journal logs responsive during recovery

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-01 06:55:11 -07:00
wm0018
dcc2db1825 feat(node): add gateway context path support 2026-07-01 03:58:47 -07:00
An Dang
98254634f1 fix(docker): reduce local build memory pressure 2026-07-01 03:58:21 -07:00
wm0018
fcb135dfc1 docs(onboard): document 11 missing non-interactive CLI flags (#97753)
* docs(onboard): document 11 missing non-interactive CLI flags

* docs: correct token profile default wording

* docs: update generated docs map

---------

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-01 02:49:42 -07:00
wm0018
8a519a9abe docs(matrix): document missing streaming.progress mode, progress sub-fields, and mentionPatterns config (#98318)
* docs(matrix): document missing streaming.progress mode, progress sub-fields, and mentionPatterns config

* docs: clarify Matrix progress labels

---------

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-01 02:49:23 -07:00
Omar Shahine
c92c33d108 feat(imessage): native poll support — create, read, vote (#98421)
* feat(imessage): add native poll action

Wire the imsg CLI 'poll send' bridge command into the iMessage channel
message-tool action surface, mirroring the existing Discord poll action.
Adds the 'poll' action (gate: polls), a sendPoll runtime, selector-gated
capability advertisement (pollPayloadMessage), config type + zod schema,
regenerated channel metadata, docs, and tests.

* feat(imessage): read inbound polls, vote, and suppress vote echo

Builds on the native poll send action:

- Inbound polls now render to the agent as a readable line (question +
  numbered options + tallies) instead of the raw 0xFFFD balloon placeholder,
  so a received poll no longer reads as an empty message.
- New `poll-vote` action casts a vote via `imsg poll vote`, resolving a
  1-based option index / text / UUID to the poll's option identifier.
- message_tool_only echo guard: the model tends to narrate its choice in a
  text reply right after voting ("Blue."), which is redundant since the vote
  shows on the poll. A new `poll_vote_echo` suppression reason (alongside
  inbound_metadata_echo / internal_runtime_context_echo) drops a send/reply
  that exactly restates the just-cast vote, using the option label imsg
  returns. Extra content passes through untouched.

* fix(imessage): gate poll-vote on imsg poll.vote rpc capability

Released imsg carries the pollPayloadMessage selector (poll create) but
predates the poll.vote CLI/RPC. Gating both poll and poll-vote on that
selector alone would advertise a vote action the released CLI rejects.
Gate poll-vote additionally on the advertised poll.vote rpc method so this
plugin can ship ahead of the imsg release.

* fix(imessage): enforce poll.vote capability at execution, not just discovery

Codex review flagged the discovery gate as bypassable: a caller that already
knows action=poll-vote skips describeMessageTool and reaches handleAction
directly. Add the same imessageRpcSupportsMethod(status, 'poll.vote') check in
the poll-vote execution path (after assertPrivateApiEnabled), so a direct
dispatch on released imsg fails closed with a clear message instead of an
opaque CLI rejection. Adds a negative handleAction test.

* fix(imessage): harden native poll support

* fix(message): validate targets before channel discovery

* fix(message): validate targets before channel discovery

---------

Co-authored-by: Omar Shahine <lobster@users.noreply.github.com>
Co-authored-by: Omar Shahine <10343873+omarshahine@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-01 10:48:32 +01:00
solodmd
cf2efbe5d5 docs(gateway): fix Telegram streaming default in config-channels.md (#98453)
The config example in docs/gateway/config-channels.md incorrectly
listed streaming default as "off". The actual runtime default is
"partial", as confirmed by the Telegram plugin's default resolver.

docs/channels/telegram.md already correctly documents the default
as "partial".

Co-authored-by: Claude <noreply@anthropic.com>
2026-07-01 02:33:24 -07:00
Nikhil Patel
2d9aa92d7e docs(config-agents): correct built-in alias table for opus and gpt (#96375)
The built-in alias shorthands table listed stale model ids that no longer
match src/config/defaults.ts (DEFAULT_MODEL_ALIASES):

  opus: anthropic/claude-opus-4-6 -> anthropic/claude-opus-4-8
  gpt:  openai/gpt-5.5            -> openai/gpt-5.4

These now match defaults.ts and the help/faq-models alias table, and resolve
an internal contradiction on this same page (its runtime-policy example already
uses anthropic/claude-opus-4-8).
2026-07-01 02:32:14 -07:00
Josh Avant
ba5244c189 fix: advertise route-aware LAN Control UI links (#98482)
* Route LAN pairing URLs by default route

* Advertise route-aware LAN Control UI links

* Fix route-aware LAN test mocks

* Narrow advertised LAN SDK export
2026-07-01 04:02:12 -05:00
snowzlmbot
b63e06f68a fix(llm): preserve structured tool result replay
Preserve structured tool-result replay text across provider transports while keeping provider-facing redaction and Anthropic media ordering intact.

Thanks @snowzlmbot!
2026-06-30 23:44:02 -07:00
Peter Steinberger
c52583a022 feat(openai): add GPT-5.6 series support (#98333)
* feat(openai): add GPT-5.6 series support

* docs: refresh map for GPT-5.6

* fix(openai): preserve GPT-5.6 thinking metadata

* fix(codex): sync managed app server version

* fix(codex): sync managed app server version

* fix(openai): account for GPT-5.6 cache writes

---------

Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
2026-07-01 06:48:57 +01:00
Brian Snyder
9f98b6e174 fix(gateway): emit stale exec approval followup diagnostics (#98293)
* fix(gateway): emit stale exec approval followup diagnostics

* fix(gateway): cover approval suppression diagnostics in ci

* fix(logging): preserve approval ids in stability bundles

* docs(exec): document suppression diagnostics

---------

Co-authored-by: BSnizND <199837910+BsnizND@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
2026-07-01 05:20:53 +01:00
Momo
59df350f3c fix: retry image describe fallback models (#98347)
Summary:
- Merged fix: retry image describe fallback models after ClawSweeper review.

Automerge notes:
- Addressed earlier ClawSweeper review findings before merge.

Validation:
- ClawSweeper review passed for head 55b26bd373.
- Required merge gates passed before the squash merge.

Prepared head SHA: 55b26bd373
Review: https://github.com/openclaw/openclaw/pull/98347#issuecomment-4850122718

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
2026-07-01 04:00:39 +00:00
Momo
f5d0c370d6 fix(security): warn on agent skill MCP boundary drift (#98352)
Summary:
- Merged fix(security): warn on agent skill MCP boundary drift after ClawSweeper review.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head ab3c29ef4c.
- Required merge gates passed before the squash merge.

Prepared head SHA: ab3c29ef4c
Review: https://github.com/openclaw/openclaw/pull/98352#issuecomment-4850104358

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
2026-07-01 03:56:28 +00:00
Marcus Castro
fa3c9de459 test(qa-lab): harden whatsapp qa scenarios (#95622)
* fix(whatsapp): preserve group participant identity in QA driver

* fix(whatsapp): infer same-chat action targets

* test(qa-lab): record whatsapp scenario posture

* test(qa-lab): harden whatsapp live scenario coverage

* docs(qa): describe whatsapp qa lane coverage
2026-07-01 00:01:09 -03:00
Hannes Rudolph
6603437afb docs: refresh docs map for v2026.6.11 (#98325) 2026-06-30 19:50:42 -06:00
Hannes Rudolph
7ceaf0ece3 docs: publish release notes for v2026.6.11 (#98319) 2026-06-30 19:42:12 -06:00
ooiuuii
201eb9cd29 fix(gateway): iOS Talk treats SecretRef-backed API keys as missing (#98210)
* fix(gateway): resolve Talk SecretRefs for scoped native clients

* fix(gateway): constrain Talk secret materialization

* fix(gateway): redact Talk source provider secrets

* fix(gateway): satisfy Talk config lint

* docs(gateway): clarify Talk secret config payload

---------

Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-06-30 20:17:33 -05:00
Marvinthebored
b3b51b0c91 fix(anthropic): surface Discord pre-tool commentary
Route Anthropic pre-tool narration through the commentary progress lane, preserve shared channel progress defaults, and keep Discord/Telegram reasoning gates explicit.

Thanks @Marvinthebored!
2026-06-30 18:12:07 -07:00
Wynne668
ba3f68030b fix(cron): clear agentTurn thinking override by blanking the field (#96293)
* fix(cron): clear agentTurn thinking override when patched with null

Cron agentTurn patches could clear model/fallbacks/toolsAllow overrides by
sending an explicit null, but thinking had no clear path: the patch schema and
normalizer dropped thinking:null before it reached the merge logic, and the
payload merge only handled string values. Blanking the Thinking/Effort field in
the Cron Control UI therefore silently preserved the old value.

Add thinking:null support across the patch schema, exported type, normalizer,
and payload merge (mirroring model). The Control UI now sends an explicit clear
for model/thinking when an edited job blanks a previously stored override, and
the CLI gains --clear-thinking for parity with --clear-model.

* docs(cron): document --clear-thinking beside sibling clear flags
2026-06-30 17:43:22 -07:00
ZOOWH
5a73361ed2 fix(plugins): apply output text transforms to toolcall_delta and toolcall_end events (#97769)
* fix(plugins): apply output text transforms to toolcall_delta and toolcall_end events

toolcall_delta and toolcall_end events bypassed the output replacement
pipeline, leaking masked tokens (e.g. PII placeholders) into tool call
arguments and external systems.

Closes #97761

* fix(plugins): transform nested tool call arguments in output replacements

Add recursive transformToolCallArgumentText to handle strings, arrays,
and nested objects in tool call arguments, not just the name field.

* fix(plugins): keep tool names unchanged and cover result path

- Remove toolCall.name transformation to prevent breaking tool routing
- Add arguments transform to stream.result()/done.message via
  transformContentText for tool-call content blocks

* fix(plugins): narrow argument transform to toolCall content blocks only

Only transform arguments on content blocks with type=toolCall to avoid
touching non-tool-call blocks that happen to have an arguments field.

* test(plugins): assert stream.result() tool-call content block is transformed

* test(plugins): fix result-path fixture to actually contain toolCall block

The previous fixture used makeAssistantMessage('final') which produces
a plain text content block, not a toolCall block. The stream.result()
assertion was vacuously passing.

* style(plugins): fix type cast in result-path test assertion

* fix(agents): preserve tool argument transforms after repair

* refactor(agents): keep tool transform boundary narrow

---------

Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
2026-06-30 17:15:01 -07:00
Agustin Rivera
b885c81479 fix(mcp): require owner for Claude permission replies (#98256)
* fix(mcp): require owner for Claude permission replies

* fix(mcp): prove owner-gated permission replies
2026-06-30 13:58:02 -07:00
Vincent Koc
66e676d29b chore(release): close out 2026.6.11 on main 2026-06-30 11:31:08 -07:00