Vignesh Natarajan
2484064c48
chore(lint): clear extension lint regressions and add #63416 changelog
2026-04-08 17:17:29 -07:00
Peter Steinberger
ac57c7c309
docs: reorder unreleased changelog
2026-04-09 00:00:49 +01:00
Mariano
d514f4de83
Dreaming: surface grounded scene lane ( #63395 )
...
Merged via squash.
Prepared head SHA: 0c7f586f32132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
2026-04-09 00:24:47 +02:00
Pinghuachiu
68630a9e6d
fix(gateway): suppress announce/reply skip chat leakage ( #51739 )
...
Merged via squash.
Prepared head SHA: 2f53f3b0b79033138+Pinghuachiu@users.noreply.github.com >
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com >
Reviewed-by: @jalehman
2026-04-08 15:18:57 -07:00
Accunza
8190cc4d21
fix: inter-session messages must not overwrite established external lastRoute ( #58013 )
...
Merged via squash.
Prepared head SHA: 820ea20cb812242811+duqaXxX@users.noreply.github.com >
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com >
Reviewed-by: @jalehman
2026-04-08 15:12:27 -07:00
Altay
554bc0a9fd
fix(plugins): keep test helpers out of contract barrels ( #63311 )
...
Merged via squash.
Prepared head SHA: 769e90c6af9790196+altaywtf@users.noreply.github.com >
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com >
Reviewed-by: @altaywtf
2026-04-08 22:59:05 +01:00
Gustavo Madeira Santana
10c87527d5
Slack: dedupe partial streaming replies ( #62859 )
...
Merged via squash.
Prepared head SHA: cbecb50c065599352+gumadeiras@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-04-08 17:55:30 -04:00
Peter Steinberger
9286de5d95
fix(deps): patch basic-ftp advisory
2026-04-08 22:49:45 +01:00
Mariano Belinky
a71ad12044
Memory/dreaming: harden grounded backfill follow-ups
2026-04-08 23:43:39 +02:00
Peter Steinberger
6b73a74d53
docs: update unreleased changelog
2026-04-08 22:37:47 +01:00
Mariano
e8209e4cf9
Memory/dreaming: feed grounded backfill into short-term promotion ( #63370 )
...
Merged via squash.
Prepared head SHA: 5dfe246ef9132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
2026-04-08 23:31:37 +02:00
lukeboyett
f6e1da3ab3
fix(matrix/doctor): migrate legacy channels.matrix.dm.policy 'trusted' ( fixes #62931 ) ( #62942 )
...
Merged via squash.
Prepared head SHA: d9f553bccf46942646+lukeboyett@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-04-08 17:00:19 -04:00
Shakker
540fcd48f7
docs(changelog): add qa auth fail-fast entry ( #63333 ) (thanks @shakkernerd)
2026-04-08 21:55:39 +01:00
Gustavo Madeira Santana
30211be1cb
Slack: treat ACP block text as visible output ( #62858 )
...
Merged via squash.
Prepared head SHA: 14f202e1cc5599352+gumadeiras@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-04-08 16:33:43 -04:00
Eva H
d7bf97adb3
fix: enable thinking support for the ollama api ( #62712 )
...
Merged via squash.
Prepared head SHA: c0b995035e63033505+hoyyeva@users.noreply.github.com >
Co-authored-by: BruceMacD <5853428+BruceMacD@users.noreply.github.com >
Reviewed-by: @BruceMacD
2026-04-08 13:26:18 -07:00
Agustin Rivera
5f5b3d733b
fix(browser): re-check interaction-driven navigations ( #63226 )
...
* fix(browser): guard interaction-driven navigations
* fix(browser): avoid rechecking unchanged interaction urls
* fix(browser): guard delayed interaction navigations
* fix(browser): guard interaction-driven navigations for full action duration
* fix(browser): avoid waiting on interaction grace timer
* fix(browser): ignore same-document hash-only URL changes in navigation guard
* fix(browser): dedupe interaction nav guards
* fix(browser): guard same-URL reloads in interaction navigation listeners
* docs(changelog): add interaction navigation guard entry
* fix(browser): drop duplicate ssrfPolicy props
* fix(browser): tighten interaction navigation guards
---------
Co-authored-by: Devin Robison <drobison@nvidia.com >
2026-04-08 13:39:07 -06:00
Agustin Rivera
dafcaf9d69
fix(browser): harden browser control override loading ( #62663 )
...
* fix(browser): harden browser control overrides
* fix(lint): prepare boundary artifacts for extension oxlint
* docs(changelog): add browser override hardening entry
* fix(lint): avoid duplicate boundary prep
---------
Co-authored-by: Devin Robison <drobison@nvidia.com >
Co-authored-by: Devin Robison <drobison00@users.noreply.github.com >
2026-04-08 13:24:47 -06:00
Agustin Rivera
dbfcef3196
fix(dotenv): block workspace runtime env vars ( #62660 )
...
* fix(dotenv): block workspace runtime env vars
Co-authored-by: zsx <git@zsxsoft.com >
* docs(changelog): add workspace dotenv runtime-control entry
* fix(dotenv): block workspace gateway port override
---------
Co-authored-by: zsx <git@zsxsoft.com >
Co-authored-by: Devin Robison <drobison@nvidia.com >
2026-04-08 13:04:00 -06:00
Agustin Rivera
4a60087cd0
Align remote node exec event system messages with untrusted handling ( #62659 )
...
* fix(nodes): downgrade remote exec system events
* docs(changelog): add remote node exec event entry
---------
Co-authored-by: Devin Robison <drobison@nvidia.com >
2026-04-08 12:47:24 -06:00
Gustavo Madeira Santana
0c00c3c230
fix(matrix): contain sync outage failures ( #62779 )
...
Merged via squash.
Prepared head SHA: 901bb767b55599352+gumadeiras@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-04-08 14:41:28 -04:00
Mariano
66b824870d
feat(ui): add dreaming diary controls and navigation ( #63298 )
...
Merged via squash.
Prepared head SHA: 0a2ae66913132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
2026-04-08 20:34:24 +02:00
Mariano
078e7a6586
feat(memory): harden grounded REM extraction ( #63297 )
...
Merged via squash.
Prepared head SHA: e188b7e26d132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
2026-04-08 20:28:03 +02:00
Mariano
dbf5960bd9
feat(memory): add grounded REM backfill lane ( #63273 )
...
Merged via squash.
Prepared head SHA: 4450f25485132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
2026-04-08 20:23:28 +02:00
Peter Steinberger
9e4f478f86
feat(plugins): support provider auth aliases
2026-04-08 19:03:04 +01:00
Pavan Kumar Gondhi
2d97eae53e
fix(plugins): prevent untrusted workspace plugins from hijacking bundled provider auth choices [AI] ( #62368 )
...
* fix: address issue
* fix: address review feedback
* docs(changelog): add onboarding auth-choice guard entry
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
---------
Co-authored-by: Devin Robison <drobison@nvidia.com >
2026-04-08 23:08:14 +05:30
Peter Steinberger
2d0e25c23a
fix: pass system prompt to codex cli
2026-04-08 18:15:10 +01:00
Frank Yang
5d46e4dc4f
fix(gateway): clear auto-fallback model override on session reset ( #63155 )
...
* fix(gateway): clear auto-fallback model override on session reset
When `persistFallbackCandidateSelection()` writes a fallback provider
override with `authProfileOverrideSource: "auto"`, the override was
incorrectly preserved across `/reset` and `/new` commands. This caused
sessions to keep using the fallback provider even after the user changed
the agent config primary provider, because the session store override
takes precedence over the config default.
Now the override fields (`providerOverride`, `modelOverride`,
`authProfileOverride`, `authProfileOverrideSource`,
`authProfileOverrideCompactionCount`) are only carried forward when
`authProfileOverrideSource === "user"` (i.e. explicit `/model` command).
System-driven overrides are dropped on reset so the session picks up the
current config default.
Introduced in cb0a752156termtek@ubuntu.tail2b72cd.ts.net >
2026-04-09 00:31:05 +08:00
Frank Yang
153e3add68
fix(auto-reply): strip leading NO_REPLY tokens to prevent silent-reply leak ( #63068 )
...
* fix(auto-reply): strip leading NO_REPLY tokens to prevent silent-reply leak
* fix(auto-reply): preserve substantive NO_REPLY leading text
* fix(agents): preserve ACP silent-prefix cumulative deltas
* fix(auto-reply): harden silent-token streaming paths
* fix(auto-reply): normalize glued silent tokens consistently
---------
Co-authored-by: termtek <termtek@ubuntu.tail2b72cd.ts.net >
2026-04-09 00:30:13 +08:00
Ayaan Zaidi
21d0f7c5f1
fix: restore android qr pairing flow ( #63199 )
2026-04-08 21:58:56 +05:30
Mariano
b77db8c0b6
Reply: surface OAuth reauth failures ( #63217 )
...
Merged via squash.
Prepared head SHA: 68b7ffd59e132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
2026-04-08 18:03:03 +02:00
Peter Steinberger
ca09c954da
docs: reorder changelog entries
2026-04-08 16:41:03 +01:00
Peter Steinberger
f27d382873
fix: default OpenAI reasoning effort to high
2026-04-08 16:29:46 +01:00
Peter Steinberger
edf6b490a6
fix: harden bundled plugin dependency release checks
2026-04-08 15:15:44 +01:00
Peter Steinberger
d9dc75774b
fix: align LLM idle timeout policy
2026-04-08 14:31:41 +01:00
Tyler Warburton
a48c1e8cca
fix: allow blank TLS manual port default ( #63134 ) (thanks @Tyler-RNG)
...
* make port optional for TLS manual connections
* fix: restrict manual blank-port fallback to tls
* fix: allow blank TLS manual port default (#63134 ) (thanks @Tyler-RNG)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us >
2026-04-08 18:54:03 +05:30
scoootscooob
d52d5ad6ff
release: mirror bundled channel deps at root ( #63065 )
...
Merged via squash.
Prepared head SHA: ac26799a54167050519+scoootscooob@users.noreply.github.com >
Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com >
Reviewed-by: @scoootscooob
2026-04-08 04:00:17 -07:00
Vicky
f25127f31c
fix: classify Z.ai error codes 1311 (billing) and 1113 (auth) ( #49552 )
...
Merged via squash.
Prepared head SHA: 3e7b8bb260195689928+1bcMax@users.noreply.github.com >
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com >
Reviewed-by: @altaywtf
2026-04-08 11:54:41 +01:00
游乐场
210ee4cfd2
fix(qqbot): support HTML entities in media tags (< >) ( #60493 )
...
* fix(qqbot): 支持媒体标签中的 HTML 实体(< >)
* fix(qqbot): support HTML entities in media tags
* test(qqbot): add unit tests for media tag regex with HTML entities
* test(qqbot): export regex constants to enable unit tests
* fix(qqbot): reset regex lastIndex in tests to avoid state pollution
* test(qqbot): add .js extension to import in media-tags.test.ts
* fix(qqbot): support HTML entities in media tags (#60493 ) (thanks @ylc0919)
---------
Co-authored-by: sliverp <870080352@qq.com >
2026-04-08 18:35:14 +08:00
scoootscooob
34c1f43df1
Control UI: guard stale session history reloads ( #62975 )
...
* Control UI: guard stale session history reloads
* control-ui: guard stale session history reloads
* control-ui: refresh avatar on session switch
* Control UI: refresh and guard chat avatars on session switch
2026-04-08 01:35:43 -07:00
Mariano
93e509ccfe
fix(reply): use runtime snapshot for queued reply runs ( #62693 )
...
Merged via squash.
Prepared head SHA: 2a3e4e5c60132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
2026-04-08 10:31:01 +02:00
Nimrod Gutman
6681878339
feat(ios): pin calver release versioning ( #63001 )
...
* feat(ios): decouple app versioning from gateway
* feat(ios): pin calver release versioning
* refactor(ios): drop prerelease version helper fields
* docs(changelog): note pinned ios release versioning (#63001 ) (thanks @ngutman)
2026-04-08 11:25:35 +03:00
Vincent Koc
55cbcd829d
fix(slack): preserve auth on same-origin media redirects ( #62996 ) (thanks @vincentkoc)
...
- Verified: pnpm build\n- Verified: pnpm test extensions/slack/src/monitor/media.test.ts\n- Verified: pnpm exec oxlint extensions/slack/src/monitor/media.ts extensions/slack/src/monitor/media.test.ts\n- Verified: pnpm exec oxfmt --check extensions/slack/src/monitor/media.ts extensions/slack/src/monitor/media.test.ts CHANGELOG.md\n\nRepo-wide pnpm lint and pnpm test were not clean on current main outside this fix, and the first full-suite test attempt from the default core sparse profile was additionally contaminated by missing ui/packages/OpenClawKit paths until they were materialized.
2026-04-08 08:11:27 +01:00
Peter Steinberger
a53c13fc06
chore: prepare 2026.4.8 npm release
2026-04-08 06:03:20 +01:00
Peter Steinberger
825028289b
fix: pass resolved Slack download tokens ( #62097 ) (thanks @martingarramon)
2026-04-08 05:44:23 +01:00
Maxime Grenu
d7c3210cd6
fix(net): skip DNS pinning before trusted env proxy dispatch
2026-04-08 05:41:58 +01:00
Peter Steinberger
b4034b32c3
fix: honor Slack Socket Mode env proxies ( #62878 ) (thanks @mjamiv)
2026-04-08 05:38:45 +01:00
Peter Steinberger
a4b9755999
chore: prepare 2026.4.7-1 npm release
2026-04-08 05:08:17 +01:00
Peter Steinberger
d03fa0899f
fix: repair bundled channel secret sidecars
2026-04-08 04:56:58 +01:00
Peter Steinberger
5982f2e5e4
fix: repair Telegram setup package entry
2026-04-08 04:48:32 +01:00
Peter Steinberger
9d31c5ad53
fix: compact update_plan tool result
2026-04-08 04:43:09 +01:00
