When allowPrivateProxy is true, the explicit proxy hostname is operator-
configured and trusted. The SSRF guard was checking the proxy hostname
against the target-scoped hostnameAllowlist (e.g. ["api.telegram.org"]),
which rejected localhost and other local proxy hostnames. This broke
Telegram media downloads (and any channel using a local proxy) after
the url-fetch security hardening in 2026.4.x.
Clear the hostnameAllowlist for the proxy hostname check while keeping
private-network IP validation in place via allowPrivateNetwork.
Fixes#61906
Co-authored-by: Devin Robison <drobison00@users.noreply.github.com>
* Context engine: plumb prompt cache runtime context
Add a typed prompt-cache payload to the context-engine runtime context and populate it from the embedded runner's resolved retention, last-call usage, cache-break observation, and cache-touch metadata. Also pass the same payload through the retry compaction runtime context when a run attempt already has it.
Regeneration-Prompt: |
Expose OpenClaw prompt-cache telemetry to context engines in a narrow,
additive way without changing compaction policy. Keep the public change on
the OpenClaw side only: add a typed promptCache payload to the context-engine
runtime context, thread it into afterTurn, and also into compact where the
existing run loop already has the data cheaply available.
Use OpenClaw's resolved cache retention, not raw config. Use last-call usage
for the new payload, not accumulated retry or tool-loop totals. Reuse the
existing prompt-cache observability result and tracked change causes instead
of inventing a new heuristic. If cache-touch metadata is already available
from the cache-TTL bookkeeping, include it; do not invent expiry timestamps
for providers where OpenClaw cannot know them confidently.
Keep the interface backward-compatible for engines that ignore the new field.
Add focused tests around the existing attempt/context-engine helpers and the
compaction runtime-context propagation path rather than broad new integration
coverage.
* Agents: fix prompt-cache afterTurn usage
Regeneration-Prompt: |
Fix PR #62179 so context-engine prompt-cache metadata uses only the current attempt's usage. The review comment pointed out that early exits could reuse a prior turn's assistant usage when no new assistant message was produced. Restrict the prompt-cache lastCallUsage lookup to assistant messages added after prePromptMessageCount, and fall back to current-attempt usage totals instead of stale snapshot history. Also repair the PR's new context-engine test typings and add a regression test for the stale prior-turn case. Two import-only fixes in doctor-state-integrity and config/talk were already broken on origin/main, but they blocked build/check and the gateway-watch regression harness, so include the minimum unblocking imports as well.
* Agents: document prompt-cache context
* Agents: address prompt-cache review feedback
* Doctor: drop unused isRecord import
