Adds a bounded browser-local Control UI text size setting in Appearance and Quick Settings, persists it in UiSettings, and applies CSS text-scale variables across chat text, composer input, sidebars, and tool cards while preserving mobile Safari input zoom safety.
Fixes#8547.
Thanks @BunsDev.
Classify ACP spawn-child sessions via persisted spawnedBy metadata and share the session kind classifier across sessions/status output.
Verified with Azure Crabbox seeded ACP session-store proof, targeted session/status tests, touched-file lint, build, and green PR CI.
Display the ACP runtime sentinel for ACP control-plane session rows in openclaw sessions output, while preserving configured model/provider display for direct sessions.
Verified with focused sessions tests, touched-file oxlint, check:test-types, Crabbox after-fix proof, and exact-head GitHub CI.
Restructure the migrate codex CLI output:
- Split into separate Before (preview) and After (result) messages
so each can be tuned independently. Both render through clack's
log.message so they pick up the standard '|' gutter.
- Group items by kind (Skills, Plugins, Memory, Secrets, Archive,
Manual review, Other) instead of one flat list. Hide config items
from display and exclude them from the summary count.
- Drop the internal kind/action tag (e.g. 'manual/manual'), strip
'<kind>:' id prefixes and trailing ':N' disambiguators, and use
'•' for bullets.
- Mute parenthetical action text.
- In result mode: replace status text with emoji (✅ migrated,
❌ error, ⏭️ skipped, ⚠️ conflict), show '(Migrated)' on success,
show humanized failure reasons for known codes (plugin_missing,
marketplace_missing, etc.), say '(Skipped)' for user-deselected
skill/plugin items but keep the real message on manual-review
skips. Drop warnings from the result message.
- In preview mode: omit the 'Next' section and move warnings to
the bottom. Use generic action descriptions ('Copy Codex skill
into OpenClaw', 'Install Codex plugin into OpenClaw').
- Drop the redundant 'Codex cached plugin bundles remain
manual-review only.' warning — covered by the source-installed
warning above it.
Carry Windows ACL world-principal classification through @openclaw/fs-safe@0.2.2 so Anonymous Logon, Guests, Interactive, Network, and Local SID/principal variants are treated as world-equivalent in filesystem audit findings.
Also add regression coverage, changelog coverage, a narrow lint cleanup, and a UI test isolation fix needed by the current CI shard.
Co-authored-by: dwc <118101032587@njust.edu.cn>
Adds Windows USERPROFILE to the sandbox blocked home roots so credential binds are denied even when HOME points at a different shell home.
Verified:
- node scripts/test-projects.mjs src/agents/sandbox/validate-sandbox-security.test.ts
- node scripts/test-projects.mjs src/agents/sandbox/bind-spec.test.ts src/agents/sandbox/host-paths.test.ts src/agents/sandbox/validate-sandbox-security.test.ts
- git diff --check HEAD^ HEAD
Co-authored-by: luoyanglang <hanwanlonga@gmail.com>
Keep media-only iMessage sends from delivering visible <media:image> text while preserving a non-visible echo key for self-echo dedupe. Thanks @homer-byte.
