Commit Graph

37379 Commits

Author SHA1 Message Date
Peter Steinberger
ab5d143d59 feat(openai): default new setups to GPT-5.6 (#103581)
* feat(openai): default fresh setup to GPT-5.6

* test(crestodian): expect GPT-5.6 Codex defaults

* test(crestodian): expect GPT-5.6 bootstrap default
2026-07-10 10:22:58 +01:00
Josh Avant
fc60a8e66b fix(android): show Canvas outside Settings (#103330)
* test(android): reproduce detached canvas lifecycle failures

* fix(android): restore shell-owned canvas presentation

* fix(android): avoid canvas renderer crash loops

* fix(android): keep canvas within safe drawing bounds

* fix(android): cover canvas inset gutters

* chore(android): refresh native i18n inventory

* fix(android): keep canvas host lint-clean

* style(android): format canvas host documentation
2026-07-10 04:20:53 -05:00
Peter Steinberger
2c909212f1 fix(tool-call-repair): preserve stream content order after repair (#103585)
Keep byte-over-cap visible suffixes at their streamed content indexes when terminal message snapshots are normalized.

Co-authored-by: ZOOWH <ZOOWH@users.noreply.github.com>
2026-07-10 10:16:09 +01:00
Michael Appel
6f01c23e71 fix: guard generated video downloads (#101854)
Co-authored-by: Pavan Kumar Gondhi <pavangondhi@gmail.com>
2026-07-10 14:35:53 +05:30
Ayaan Zaidi
ef103205ad feat(channels): add turn-adoption ack to channel inbound dispatch 2026-07-10 14:32:11 +05:30
Peter Steinberger
57f72bcca0 perf(test): avoid image tool runtime warmup 2026-07-10 04:38:55 -04:00
Eva
ae63a48e94 fix(auto-reply): recover stranded message-tool finals by default (#99536)
In messages.visibleReplies "message_tool" sessions, a successful agent turn that produced a substantive private final without calling message(action=send) previously left the user with silence and only an operator log. The gateway now enqueues one protected front-of-queue retry prompting the model to deliver the reply, and falls back to a sanitized visible diagnostic when the retry cannot be enqueued or also strands. Queue overflow protection is unified with the in-flight-aware drop policy (skip in-flight or protected items, reject when nothing is droppable), rejected overflow no longer refreshes the drain debounce, heartbeat turns are excluded from recovery, and recovery retries no longer share the client turn's queued-turn lifecycle.

Fixes #85714

Thanks to Eva (@100yenadmin) for the contribution.
2026-07-10 14:01:01 +05:30
Peter Steinberger
26d200c6a3 feat(channels): narrated progress drafts + activity receipt on the final answer (#103463)
* feat(channels): narrated progress drafts + activity receipt on the final answer

Progress mode replaces raw tool lines with short utility-model narration of
what the agent is doing (streaming.progress.narration, default on, requires
an explicit utilityModel). On Discord the final answer now carries the
-# activity receipt and the working draft is deleted once the answer lands,
so busy channels keep no orphaned tool log above the reply.

Formatting verified remotely via Testbox oxfmt --check (hook bypassed:
no node_modules in this worktree).

* fix(channels): keep narration toggle independent of channel-default stream mode

Discord resolves its own progress default, so the resolver must not re-derive
mode with the generic partial fallback (narration was off for unset config).

* fix(auto-reply): honor status-only command text in narration model input

streaming.progress.commandText: "status" hides raw exec/bash text from the
channel draft; narration input now mirrors that policy so the utility model
never receives more command detail than the draft shows (Codex review P2).

Formatting verified remotely via Testbox oxfmt --check.

* fix(auto-reply): share the draft's command-tool set for narration and regen channel metadata

Reuse isCommandToolName (exec|shell|bash) so narration's commandText policy
matches the draft formatter exactly, and regenerate bundled channel config
metadata for the new streaming.progress.narration key (Codex review round 2).

Gates verified on Testbox: config:channels:check, oxfmt --check, 4 test shards.

* fix(channels): clear stale narration when the narrator stops mid-turn

An empty narration update now falls the draft back to raw tool lines, and the
narrator emits that clear when it disables after consecutive failures or the
per-turn cap, so drafts never pin stale status text (Codex review round 3).

Gates verified on Testbox: oxfmt --check + 4 test shards.

* chore(config): regen bundled channel metadata after rebase onto main

* chore: CI fixups — lint nits, test harness types, docs map, SDK surface budget

Two deliberate public SDK additions (resolveChannelStreamingProgressNarration,
isCommandToolName via the streaming wildcard re-export) bump the pinned
public-surface budgets to current counts (exports 10488, callable 5235).

Gates verified on Testbox: oxfmt, targeted oxlint, docs:map:check,
config:channels:check, check:test-types, 5 test shards.
2026-07-10 09:28:47 +01:00
Peter Steinberger
4a4a32a5de feat(cli,webchat): lobster wild cards — a CLI cousin, moving day, and opt-in sounds (#103412)
* feat(cli,webchat): lobster wild cards - a CLI cousin, moving day, and opt-in sounds

The openclaw banner gains a rare day-seeded ASCII lobster (rich TTYs,
random tagline mode, never CI). The web pet notices gateway upgrades and
arrives carrying a bindle for one load. A new default-off Lobster sounds
quick setting adds tiny WebAudio chirps on pokes and pets. The lobster
docs page learns about petting, sounds, and this batch's field notes.

* chore(webchat): regenerate keyless raw-copy i18n baseline after rebase
2026-07-10 08:49:27 +01:00
Peter Steinberger
b07ebe3ff3 feat: correlate managed agent requests (#103476) 2026-07-10 08:42:55 +01:00
Peter Steinberger
d133f28cfb fix: preserve selected models through hot reloads and fallbacks (#103510)
* fix(agents): keep model fallback turn-local instead of persisting over user pins

* fix(telegram): use live config snapshots per operation

Co-authored-by: Ayaan Zaidi <hi@obviy.us>

* test(telegram): fix config snapshot type coverage

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-07-10 08:26:33 +01:00
Vincent Koc
8017deb871 test(gateway): allow loaded CI media mirror completion
(cherry picked from commit 0f52c07e29)
2026-07-10 00:21:22 -07:00
rvdlaar
fc507c70c5 fix(agents): xAI/Grok requests fail after a stale reasoning replay ("could not decrypt encrypted_content") (#97926)
* fix(agents): recover xAI/Grok "could not decrypt encrypted_content" 400 instead of tripping the circuit breaker

openclaw already strips a stale reasoning replay and retries the Responses call, but the
recovery is gated on isInvalidEncryptedContentError(), which only recognizes the
`invalid_encrypted_content` / `thinking_signature_invalid` codes/messages. xAI/Grok returns
a prose 400 with no error code — "Could not decrypt the provided encrypted_content. Ensure
the value is the unmodified encrypted_content from a previous response." — so the matcher
returns false, the call fails, and the per-model circuit breaker trips, blocking ALL
grok-4.3 traffic through the gateway until manual intervention.

Match that message (contains `encrypted_content` and a decrypt-failure phrase) so the
existing strip-and-retry path handles it too. Narrow enough to avoid unrelated
"could not decrypt" messages (e.g. the OAuth sidecar warning), which do not mention
`encrypted_content`.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fix(agents): narrow xAI decrypt retry detection

Co-authored-by: rvdlaar <rvdlaar@gmail.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 08:17:29 +01:00
Peter Steinberger
c6ddb4bda9 fix: stabilize gateway deletion admission CI fixture (#103486)
* test(gateway): stabilize deletion admission fixture

* test(gateway): delete session through lifecycle owner
2026-07-10 08:12:51 +01:00
Peter Steinberger
ce47e6ac53 fix(mcp): keep server config private in groups (#103502)
* fix(mcp): keep server config private in groups

* fix(config): redact underscore credential flags

* fix(config): redact plural credential flags
2026-07-10 08:09:48 +01:00
SunnyShu
a1d03f1cfd fix(gateway): re-check session runtime model against current agent defaults after hot-reload (#102305)
* fix(gateway): re-check session runtime model against current agent defaults after hot-reload

Agent model hot-reload silently did not take effect because session entries
cached modelProvider/model from agent defaults during reset, and the resolver
returned these cached values before checking current config.

Fix (three-pronged):
1. Reset-side: only cache modelProvider/model when the resolved model came
   from a user override — default-derived values are no longer persisted.
2. Resolver-side: when runtime metadata exists without overrides and an
   agentId is available, the values are default-derived and may be stale —
   skip them in the persisted-model fallback so current config defaults win.
3. Inheritance: only inherit runtime model metadata from parent when it
   carries explicit user overrides (align with reset-side contract).

Reset response includes resolvedModel so API and TUI consumers always get
the effective model identity.

Fixes #102269

* fix(gateway): restore truncateUtf16Safe and emoji-boundary title test per ClawSweeper review

* fix(gateway): only skip stale session runtime model metadata when it actually differs from current defaults

The previous change unconditionally skipped cached modelProvider/model when no
user overrides were present and an agentId was available, assuming it was always
stale. This broke sessions that legitimately had non-default models set through
normal session creation (e.g. custom vision models).

Now the resolver resolves the current agent default first and compares: if the
cached runtime metadata matches the current default it is returned directly
(not stale); only when it differs is it treated as stale and re-resolved.

Also updates tests that set modelProvider/model without overrides to configure
their agent defaults so the expected model matches the resolution result.

* fix(session-model-ref): add stale-metadata detection for config hot-reload

* fix(test): remove strict timeoutMs assertion in provider catalog live-runtime test

The remainingTimeoutMs calculation can be off by 1ms depending on timing
(Date.now() - startedAt = 1ms on fast CI runners), causing a flaky failure.
This assertion is not the test's focus — dedicated timeout behavior is already
covered by 'uses one timeout budget across paginated live catalog discovery'.

* fix: restore AVATAR_MAX_BYTES to 2MB (revert accidental merge contamination)

* fix(gateway): resolve session models from current config

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 08:04:55 +01:00
Peter Steinberger
19111cf29d fix(xai): route provider alias to native endpoint (#103488) 2026-07-10 08:02:08 +01:00
Pavan Kumar Gondhi
0ac5394192 fix: enforce sandbox tool policy for loopback tools [AI] (#103074)
* fix: apply sandbox policy to gateway loopback tools

* test: type gateway sandbox policy helper

* style: format gateway sandbox policy import

* test: exercise sandbox deny on allowed loopback tool
2026-07-10 12:30:51 +05:30
wuqxuan
9e74dabad2 fix: parse zero-argument XML tool calls (#103220)
* fix: parse zero-argument XML tool calls

* fix(tool-call-repair): handle empty XML calls safely

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 07:39:23 +01:00
Peter Steinberger
f698703934 fix(sandbox): reap orphaned container processes (#103441)
Co-authored-by: hobo <hobo.l@binance.com>
Co-authored-by: aaajiao <aaajiao@gmail.com>
2026-07-10 07:09:57 +01:00
Ayaan Zaidi
08b6996cd5 fix(mcp): redact secrets from /mcp show in group chats (#103396)
* fix(mcp): redact secrets in /mcp show replies

Prevent owner /mcp show from dumping raw headers/env credentials into
group chats. Mark MCP env values sensitive, restore redaction sentinels
on set so show→set cannot overwrite real secrets.

Fixes #103053

* test(mcp): e2e redaction of /mcp show secrets on live gateway

Spin up an ephemeral gateway process, chat.send /mcp show with live
credential-bearing config, and prove secrets never leave the reply path.
Also prove show→set sentinel restore on disk via chat and CLI.
2026-07-10 11:28:23 +05:30
tzy-17
2f7e2aee15 fix(queue): prevent applyQueueDropPolicy from selecting in-flight items as overflow victims (#103284)
* fix(queue): prevent applyQueueDropPolicy from selecting in-flight items as overflow victims

When a burst of inbound messages hits the followup queue cap while the
head item is mid-delivery, applyQueueDropPolicy can select that same
in-flight item as an overflow victim. With the default
dropPolicy: "summarize", the in-flight item ends up recorded in the
overflow summary as dropped even though it is still being delivered,
producing a contradictory record where the same message is both
answered and reported as unanswered-due-to-overflow.

The fix introduces an optional `inFlight` Set parameter to
applyQueueDropPolicy and drainNextQueueItem. The followup queue state
now owns a shared inFlight set that is:
- Populated by drainNextQueueItem during the await run(next) window
- Populated by the collect-merge drain path for activeGroupItems
- Passed to applyQueueDropPolicy in enqueueFollowupRun

The drop policy now computes an effective queue length that excludes
in-flight items, and skips them when selecting splice victims.

Fixes #103246

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(queue): align pending depth with active deliveries

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 06:53:29 +01:00
Peter Steinberger
120385a88a fix(media-core): detect encoded URL extensions (#103410)
Co-authored-by: VectorPeak <73048950+VectorPeak@users.noreply.github.com>
2026-07-10 06:50:01 +01:00
krissding
1a0dc9b83f fix(opencode-go): remove deprecated mimo-v2-omni and mimo-v2-pro model aliases (#103329)
* fix(opencode-go): remove deprecated mimo-v2-omni and mimo-v2-pro model aliases

These deprecated aliases reject agent requests from the OpenCode Go gateway.
Remove them from the provider catalog and clean up all references in probe
skip lists, CI workflows, and tests.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(opencode-go): complete deprecated MiMo cleanup

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 06:49:09 +01:00
Peter Steinberger
461772868d fix(computer): prevent stale, replayed, and post-cancel desktop actions (#103422)
* fix(ai): preserve streamed tool-call identity

* fix(computer): bind actions to current tool authority

* fix(macos): serialize computer control lifecycle

* docs(computer): document hardened control contract

* chore: follow release-owned changelog policy

* test(agents): cover node list cancellation
2026-07-10 06:47:56 +01:00
Pavan Kumar Gondhi
c70f3d0dae fix: block unspecified trusted DNS targets (#103075) 2026-07-10 11:16:26 +05:30
Peter Steinberger
e1c144a003 fix(xai): preserve Grok thinking through the x-ai alias (#103340)
* fix(xai): honor provider alias runtime policy

* fix(xai): preserve alias billed tool defaults
2026-07-10 06:45:10 +01:00
Peter Steinberger
9d4fb60e90 fix: harden exec auto-review approvals (#103430) 2026-07-10 06:44:03 +01:00
sunlit-deng
8711f6108a fix(config): cap legacy toolsBySender deprecation warning cache with shared dedupe helper (#101696)
* fix(config): use shared dedupe cache for legacy toolsBySender warnings

Replace unbounded Set with createDedupeCache({ ttlMs: 0, maxSize: 4096 })
from src/infra/dedupe.ts. The shared helper provides check() with
touch-on-read and max-size pruning — no custom LRU stack needed.
Tests verify eviction and hot-key retention through the public
resolveToolsBySender API without a testing-only cache export.

* test(config): tighten legacy warning cache proof

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 06:43:17 +01:00
lsr911
2cd831a0e3 fix(agents): use Buffer.byteLength for bash output rolling buffer accounting (#103272)
* fix(agents): use Buffer.byteLength for bash output rolling buffer accounting

The outputBytes variable tracks the rolling output buffer size for
bash command execution, but it used string .length (UTF-16 code units)
instead of Buffer.byteLength (UTF-8 bytes). When command output
contains multi-byte UTF-8 characters (emoji, CJK, etc.), the .length
undercount causes the rolling buffer to exceed maxOutputBytes.

Replace .length with Buffer.byteLength() at both increment and
decrement sites to correctly track byte-level buffer size.

Co-Authored-By: Claude <noreply@anthropic.com>

* refactor(agents): unify bash output accumulation

* refactor(agents): unify bash output accumulation

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 06:41:50 +01:00
Peter Steinberger
e7b652798f fix(xai): remove synthetic batch STT model (#103419) 2026-07-10 06:32:45 +01:00
neilofneils404
dc783bbde8 fix(restart): ignore missing lsof during startup (#76364)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 06:31:50 +01:00
Peter Steinberger
c7909ead5c fix(update): prevent build workers surviving timeouts (#103406)
* fix(update): terminate timed-out process trees

* chore: leave changelog to release generation
2026-07-10 06:30:07 +01:00
lsr911
a3f9f3567f fix(terminal): strip C1 control characters (0x80-0x9f) in renderTerminalBufferText (#103274)
renderTerminalBufferText filters C0 control characters (0x00-0x1f)
and DEL (0x7f) but did not filter C1 controls (0x80-0x9f). The C1
range includes the CSI (Control Sequence Introducer) at 0x9b, an
alternative ANSI escape prefix that stripAnsiSequences() may miss.

Add the C1 range to CONTROL_BYTES_REGEX to strip all C1 bytes.

Same pattern as the C1 fix in sanitizeForConsole (#103226).

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-10 06:21:29 +01:00
mikasa
541c9f0bf0 fix(cli): bound node camera URL downloads (#103266)
* fix(cli): bound node camera URL downloads

* refactor(cli): enforce camera download policy at guard

* refactor(cli): enforce camera download policy at guard

* refactor(cli): enforce camera download policy at guard

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-10 06:21:01 +01:00
iloveleon19
70a7e6e658 feat(mattermost): add opt-in DM threading by chat type (#98111)
* feat(mattermost): add opt-in DM threading via dmReplyToMode

Resolves #93203.

Mattermost direct messages are hardcoded non-threaded: resolveMattermostReplyToMode
returns "off" for direct chats before consulting config, and the reply-root /
effective-reply resolvers short-circuit for direct chats. So every DM accretes into
one ever-growing session with unbounded per-session token usage, with no way to
isolate each DM topic the way groups/channels (and Slack) can.

Add channels.mattermost.dmReplyToMode (same enum as replyToMode), default "off" so
existing flat-DM deployments are unchanged. When set to "first"/"all", a DM @mention
starts an independent, thread-scoped session:

- resolveMattermostReplyToMode: direct chats return config.dmReplyToMode ?? "off".
- resolveMattermostEffectiveReplyToId: direct early-return gated on replyToMode "off"
  (the value already reflects dmReplyToMode for direct chats).
- resolveMattermostReplyRootId: direct early-return gated on the absence of a thread
  root (a DM carries one only when DM threading is enabled).
- New DM threads start fresh (no parent-session inheritance) so each topic is isolated;
  a threaded DM keeps its own history key while a flat DM root keeps none.

Default-off preserves the documented flat-DM contract, so this changes no existing
behavior. Adds unit coverage and documents the opt-in. The only open question is the
knob shape (dmReplyToMode enum vs a boolean dmThreading) — happy to adjust.

Refs #65729.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(mattermost): register dmReplyToMode in config schema

dmReplyToMode was wired into the account config type and reply
resolution but never added to MattermostConfigSchema, so setting it in
openclaw.json failed config validation ("must not have additional
properties: dmReplyToMode") and the gateway refused to start — the knob
could not actually be enabled. Register it in the schema, regenerate the
bundled channel config metadata and doc baseline, and add a
config-schema test.

* fix(mattermost): thread direct reply transport when dmReplyToMode is on

resolveReplyTransport nulled the direct reply root/thread id
unconditionally, so routed replies and message-tool follow-ups in an
opted-in DM thread were still sent flat even when the effective
replyToMode was first/all. Keep direct transport flat only when the mode
is off (the historical contract) and preserve the thread root otherwise,
matching the monitor-level DM threading gates. Adds channel.test.ts
coverage for resolveReplyTransport.

* fix(mattermost): use per-chat reply mode overrides

* fix(mattermost): bound direct thread history

* chore(config): refresh docs baseline

---------

Co-authored-by: leon <leon@gmail.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 06:19:03 +01:00
Peter Steinberger
a7c5b2c6e6 fix(onboarding): preserve plugin ownership from included config (#103372)
* fix(onboarding): preserve included plugin install records

* fix(config): validate inherited plugin install records

* fix(onboarding): preserve canonical plugin install ownership

* test(onboarding): cover completed install migrations
2026-07-10 06:07:41 +01:00
Peter Steinberger
b6a86b34ce improve: retry transient live image probe mismatches (#103327)
* test: retry transient live image probe mismatches

* test: keep live probe test in unit-fast shard

* test: harden live image probe retry
2026-07-10 05:58:21 +01:00
Peter Steinberger
cd9db5ed9a fix(doctor): keep automated repair from moving approval state (#103353)
* fix(doctor): isolate automated cross-state imports

* test(update): cover isolated doctor finalization
2026-07-10 05:42:36 +01:00
Peter Steinberger
d7d210f7e0 test(gateway): prove Claude CLI warm-session continuity (#103343)
* test(gateway): prove Claude CLI warm-session continuity

Co-authored-by: Brad Reaves <reaves.brad@gmail.com>

* test(gateway): satisfy continuity helper lint

---------

Co-authored-by: Brad Reaves <reaves.brad@gmail.com>
2026-07-10 05:31:37 +01:00
Peter Steinberger
ef555b13c1 fix(agents): contain progress callback failures (#103351)
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
2026-07-10 05:26:02 +01:00
Peter Steinberger
98b8c8c4ae feat(memory-wiki): isolate vaults per agent (#103349)
* feat(memory-wiki): isolate per-agent vaults

Refs #63829.

Co-authored-by: SunnyShu <shu.zongyu@xydigit.com>

* fix(memory-wiki): scope agent status metadata

Refs #103088 and #103196.

Co-authored-by: SunnyShu <shu.zongyu@xydigit.com>

---------

Co-authored-by: SunnyShu <shu.zongyu@xydigit.com>
2026-07-10 05:19:13 +01:00
Peter Steinberger
6fd9c1df69 fix(status): keep diagnostics config reads read-only (#103252)
* fix: keep status config reads non-observing

Co-authored-by: Sascha Kuhlmann <coolmanns@users.noreply.github.com>

* fix: keep status preflight non-observing

* fix: keep status-all diagnosis non-observing

* chore: leave release changelog to maintainers

---------

Co-authored-by: Sascha Kuhlmann <coolmanns@users.noreply.github.com>
2026-07-10 05:16:44 +01:00
Peter Steinberger
a789b92b39 fix(macos): harden fresh AI onboarding (#102637)
* fix(macos): bootstrap Codex before onboarding test

* fix(plugins): activate deferred runtimes on demand

* fix(macos): stage Codex runtime for onboarding probe

* fix(macos): expose sanitized onboarding errors

* fix(codex): reuse native CLI auth during onboarding

* fix(macos): hide Crestodian without inference

* fix(codex): honor explicit runtime policy during setup

* fix(onboarding): redact verification errors

* fix(macos): reset onboarding state with gateway route

* fix(onboarding): persist Codex plugin install metadata

* chore: refresh onboarding inventories

* fix(macos): restart AI setup after gateway change

* chore: refresh native onboarding inventory

* fix(onboarding): defer gateway restart until setup persists

* fix(macos): reset Crestodian on gateway changes

* chore(macos): refresh native i18n inventory

* fix(onboarding): harden inference setup state

* docs(skills): reuse pristine Parallels snapshots

* chore(macos): refresh onboarding i18n inventory

* fix(onboarding): prevent stale gateway and install state

* docs(skills): preserve saved Parallels sessions

* fix(macos): balance AI onboarding layout

* fix(parallels): parse npm workspace pack output

* chore(macos): refresh onboarding i18n inventory

* fix(parallels): bundle workspace runtime in package artifact

* fix(parallels): isolate canonical package helper

* fix(parallels): pack self-contained workspace artifact

* fix(packaging): exclude macOS app bundle

* fix(macos): restart inference checks after route changes

* docs(changelog): defer onboarding note to release

* fix(onboarding): enforce inference-first gateway setup
2026-07-10 04:59:15 +01:00
SunnyShu
ec83152786 fix(openai): preserve complete tool calls from clean streams without finish_reason (#98124)
* [AI] fix(openai): preserve native tool calls from clean streams without finish_reason

OpenAI-compatible providers that emit delta.tool_calls during streaming but
terminate with data: [DONE] without a final finish_reason chunk (e.g. Evolink
DeepSeek V4) have their tool calls silently stripped.

Introduce sawNativeToolCallDelta (structured provider intent) and
sawStreamDONE (exact SSE data: [DONE] detection via TransformStream).
Pass sawStreamDONE as a getter so the live value is read after stream
consumption. Promotion requires (sawStopFinishReason || (sawNativeToolCallDelta
&& sawStreamDONE?.())). SSE parsing uses line-boundary-aware regex; [DONE]
inside tool arguments or content does not match.

EOF without [DONE] remains fail-closed. DSML still requires sawStopFinishReason.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Fixes #97994

* [AI] test(openai): add fetch-wrapper loopback tests for [DONE] detection proof

Prove sawStreamDONE works through the full transport chain:
- Local HTTP server → TransformStream → OpenAI SDK → processOpenAICompletionsStream
- [DONE] without finish_reason → promoted to toolUse
- EOF without [DONE] → fail-closed (tool calls stripped)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix: harden clean SSE terminal detection

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 04:52:15 +01:00
Peter Steinberger
75dfd3dc09 feat(xai): support Grok Imagine Video 1.5 (#103316)
* feat(media): add per-model generation catalog metadata

* feat(xai): support Grok Imagine Video 1.5

* test(plugin-sdk): update public surface budget
2026-07-10 04:49:42 +01:00
Peter Steinberger
071e30ecd5 perf(test): trim secrets suite setup 2026-07-09 23:44:00 -04:00
Peter Steinberger
6db586a388 fix(clawrouter): support managed gateway configuration (#103299)
* fix(clawrouter): support managed gateway configuration

* docs(clawrouter): refresh provider map
2026-07-10 04:25:41 +01:00
Peter Steinberger
1696366f88 feat(android): add safe cron job management (#102997)
* feat(android): add safe cron job management

Co-authored-by: snowzlmbot <293528334+snowzlmbot@users.noreply.github.com>

* fix(android): harden cron editor state

* fix(android): preserve cron state across lifecycle

* fix(android): satisfy cron release gates

* fix(android): retain cron drafts outside saved state

* fix(android): scope cron auto-delete to one-shot jobs

* fix(android): use Compose activity owner

* docs(changelog): note Android cron management

* fix(cron): harden Android job management

* chore(i18n): refresh Android cron inventory

* test(cron): cover enriched read views

* chore(changelog): defer Android cron note to release

---------

Co-authored-by: snowzlmbot <293528334+snowzlmbot@users.noreply.github.com>
2026-07-10 04:12:18 +01:00
Peter Steinberger
e8fcc93cd3 fix(talk): await realtime tool result delivery (#103268)
* fix(talk): await realtime tool result delivery

* fix(talk): terminally cancel queued results

* chore: keep release changelog out of PR

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-09 20:11:20 -07:00