* fix(hooks): flag hook event names that no trigger site emits
* docs(hooks): clarify bare family subscriptions in unknown-event note
* fix(hooks): word unknown-event diagnostics around core-emitted keys
* fix(hooks): apply unknown-event advisory to legacy config handlers too
* improve(health): surface dead-lettered delivery queue entries
Deliveries that exhaust retries are moved to the failed status in the
SQLite delivery queue for diagnostics, but no health surface ever read
them back: openclaw health stayed all-green while messages sat
dead-lettered, visible only in gateway logs. Add a per-queue failed
count accessor and report dead-lettered entries in the health snapshot
(JSON field plus a warning line), following the existing plugin and
context-engine health section pattern. Observer-only: no retry, purge,
or behavior change.
* test(health): cover snapshot and CLI dead-letter reporting
Add getHealthSnapshot coverage against an isolated state dir, an
openclaw health text-output test for the warning line, exact
oldest-failure timestamp assertions via fake timers, and a debug log
when the delivery-queue health read fails.
* fix(health): recompute dead-letter counts for cached gateway responses
The gateway health handler can serve a cached snapshot for up to a
refresh interval, so a delivery dead-lettered after the cache was
filled stayed hidden from openclaw health. Recompute the delivery
queue summary in mergeCachedHealthRuntimeState alongside the existing
context-engine and model-pricing live merges, and cover the cached
handler path with a regression test.
* fix(usage-bar): bound template file cache to prevent unbounded watcher growth
Add MAX_CACHED_TEMPLATE_FILES=64 limit; evict the oldest entry (closing
its fs.watch watcher) before allocating a watcher for a new key when
the cache is full.
Eviction runs before watcher allocation so we never create a watcher
only to close it immediately. Eviction triggers only when inserting a
new key (!fileCache.has(path)) — retries for an existing key must
not evict other entries.
Fixes#98960
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor(test): replace mutable dir variable with cleanup-stack pattern in template.test.ts
Co-Authored-By: Claude <noreply@anthropic.com>
* chore(test): add curly braces for eslint curly rule
Co-Authored-By: Claude <noreply@anthropic.com>
* test(usage-bar): register watcher proof cleanup
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
* fix(transcripts): handle read stream errors gracefully in TranscriptsStore
* proof(transcripts): add real behavior proof script for store stream error catch
* fix(transcripts): reject with Error in stream error handler
* proof(transcripts): replace wrapper with real EISDIR stream error proof
* fix(transcripts): reject non-ENOENT stream errors after stream close
The markdown link regex character class [^)\s>]+ stopped at the first
closing paren, truncating URLs like wikipedia.org/wiki/URL_(disambiguation)
at the opening (. Replace with a balanced-parens pattern that supports
one level of parenthetical groups inside the URL path.
Add trimUnbalancedTrailingParens for bare URLs in prose where a trailing
) belongs to surrounding punctuation rather than the URL itself.
* fix(tools-manager): replace spawnSync extraction with safe extractArchive API
Replace the synchronous spawnSync-based archive extraction (unzip/tar)
with the safe extractArchive from @openclaw/fs-safe, which enforces:
- maxArchiveBytes: 100 MB (prevents oversized compressed input)
- maxExtractedBytes: 500 MB (prevents decompression bomb OOM)
- maxEntries: 1000 (prevents zip bomb from exhausting inodes)
- timeoutMs: 60,000 (prevents hung extraction)
- Path traversal and symlink/hardlink protection (built-in)
Removes 5 functions (formatSpawnFailure, runExtractionCommand,
extractTarGzArchive, getWindowsTarCommand, extractZipArchive) and their
associated imports, replacing them with a single async wrapper around
the existing @openclaw/fs-safe infrastructure (re-exported from
src/infra/archive.ts).
Net: -83 lines, + security boundaries across all platforms.
* fix(tools-manager): add download-stream byte cap and regression tests
Add a maxBytes parameter to downloadFile that checks Content-Length
before reading the body and enforces a streaming byte cap during
transfer, so oversized archives are rejected before hitting disk.
Extract MAX_ARCHIVE_BYTES as a module-level constant shared between
downloadFile and extractArchiveSafe, ensuring both gates use the same
100 MB limit.
Add two regression tests:
- rejects downloads with Content-Length exceeding the archive byte cap
- accepts downloads with Content-Length under the archive byte cap
Ref. https://github.com/openclaw/openclaw/pull/98988
* fix(tools-manager): replace PassThrough with Transform stream limiter
- Replace PassThrough data listener with Transform that rejects overflow
chunks *before* they are forwarded to the file pipeline, preventing the
offending chunk from landing on disk.
- Add completion guard and cleanup of partial downloads on failure so
downloadTool does not leave a partial archive on disk.
- Add real behavior proof: test output and live fd/rg download and
extraction through the safe extractArchive code path.
🦞 diamond lobster: L2 evidence (real function calls + real objects)
Ref. https://github.com/openclaw/openclaw/pull/98988
* fix(tools-manager): replace PassThrough with Transform stream limiter
Uses a Transform to reject overflow chunks *before* they are forwarded
to the file pipeline (a PassThrough data listener acts *after* emission
and cannot prevent the offending chunk from landing on disk).
Wraps the pipeline in a completion-guarded block so that partial
downloads are removed when the transfer fails mid-way.
Ref. https://github.com/openclaw/openclaw/pull/98988
* fix(agents): harden helper archive downloads
* fix(agents): preserve archive extraction cause
---------
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
* fix(infra): include update timeout in managed-service handoff parent exit wait
The handoff parent exit grace was hard-coded to 60s regardless of
the overall update timeout. When the gateway is draining active
tasks, 60s is often not enough, causing
managed-service-handoff-parent-timeout.
Use the existing timeoutMs parameter as a floor for the parent
exit wait so callers can extend it for long-running drains.
Refs #99666
* fix(infra): add shutdown reserve to managed-service handoff parent exit wait
* fix(infra): align update handoff with restart drain
Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
* fix(infra): arm restart with managed handoff
* fix(infra): use live restart drain for auto-update
* fix(infra): force process exit for managed updates
* fix(infra): normalize managed handoff restart delay
* test(infra): cover handoff drain argument
* fix(gateway): upgrade accepted restarts for managed updates
* fix(gateway): bound managed update restart upgrades
* test(gateway): stabilize managed update handoff proof
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(agents): prefer current attempt terminal state
Co-authored-by: weiqinl <liu.weiqin@xydigit.com>
* test(agents): model current attempt terminal state
---------
Co-authored-by: weiqinl <liu.weiqin@xydigit.com>
* fix(agents): keep background exec exit notifications UTF-16 safe at the snippet cut
Background exec exit notifications truncate the command's tail output with a
raw String.slice, which can split a UTF-16 surrogate pair when an emoji lands
at the cut. Use the existing truncateUtf16Safe helper so the message delivered
to the channel never ends with a dangling surrogate half.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(agents): protect exec notify tail boundaries
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(agents): protect node exec follow-up tails
Co-authored-by: Cursor <cursoragent@cursor.com>
* test(agents): type node exec follow-up assertions
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(agents): keep bounded exec output Unicode-safe
* docs(changelog): note exec output Unicode safety
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Adds the middle tier between capture-off and autonomous capture: when
autonomy is disabled, detected durable-instruction signals record a
one-shot pendingSkillSuggestion on the session entry (signal-hash
fingerprint prevents transcript-history replay), and the next
non-heartbeat turn atomically consumes it and injects one bounded
user-role line offering to save the skill. The agent offers, the user
decides; skill_workshop approval flow unchanged; no new config.
Gateways that crash-loop under systemd/launchd previously flapped forever
with no persisted state and no supervisor signal. The gateway now records
every boot outcome in the shared state DB (gateway_boot_lifecycle); three
unclean boots within five minutes trip a breaker that boots the gateway in
safe mode: full control plane available, channel/provider auto-start
suppressed at the channel-manager seam (startup, config hot-reload,
secrets.reload) with manual channels.start override, one stability bundle
per trip. The breaker re-evaluates each boot and logs recovery when the
window drains. Slow shutdowns record forced_stop and never count as
crashes; /readyz stays ready and reports suppressed channels; the health
monitor treats suppressed accounts as expected-stopped. Fatal invalid-config
errors now exit 78 (EX_CONFIG) on both the startup and unhandled-rejection
paths, engaging the systemd unit's pre-existing RestartPreventExitStatus=78
so supervisors stop relaunching until the config is fixed.
* [AI] fix(agents): detect legacy openai-codex provider in model-not-found hint
In buildMissingProviderModelRegistrationHint, add an early-return check
for the legacy openai-codex alias (via normalizeProviderId). Instead
of suggesting a models.providers[] config entry that the config
validator rejects without baseUrl, the hint now points operators to
run openclaw doctor --fix for migration or check provider auth.
Fixes#100066
Co-Authored-By: Claude <noreply@anthropic.com>
* fix(agents): cover legacy Codex provider config hint
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
* feat(skills): diagnose skill_workshop hidden by tool policy (#87570)
Workshop can be enabled and auto-capturing while tools.profile hides the
skill_workshop tool; every inspection surface looked healthy. plugins
inspect and openclaw doctor now name the excluding policy layer (global/
agent/provider profile, allowlist, denylist) and the exact alsoAllow
grant to add, via a shared resolveSkillWorkshopToolPolicyAvailability
helper that /learn's guard now reuses instead of composing policy
itself. Diagnosis only; no policy behavior change.
* ci: retrigger
* style: restore exec approval e2e formatting
* fix(install): trap SIGINT so Ctrl+C exits cleanly during upgrade doctor
Three changes to fix the install script's Ctrl+C handling:
1. Add INT/TERM signal traps that clean up temp files and exit with
the correct signal exit codes (130 for SIGINT, 143 for SIGTERM).
2. Preserve signal exit codes (>128) through run_quiet_step so the
doctor path can distinguish user cancellation from normal errors.
Non-signal failures still return 1, preserving existing caller
semantics for all other installer steps.
3. Fix guardCancel in onboard-helpers.ts: exit(0) changed to exit(1)
so Clack prompt cancellation (Escape/Ctrl+C) is treated as failure,
not success. This prevents the installer from continuing with plugin
updates after the user explicitly cancelled.
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
* fix(install): abort dashboard launch on doctor cancellation
When a user cancels the interactive upgrade-doctor prompt (Clack
cancellation exits 1, SIGINT exits 130), clear should_open_dashboard
so the installer does not launch a dead dashboard after an incomplete
upgrade.
Also propagate non-zero exit from run_doctor() so the non-interactive
upgrade path correctly skips dashboard launch on failure.
* fix: guard every run_doctor caller and add focused tests
The existing-config path called run_doctor without checking its return
value, so a failed or cancelled doctor would still launch the dashboard.
Now both run_doctor call sites guard the return value with if-then.
Adds focused tests verifying: every run_doctor caller is guarded,
dashboard flag is cleared on doctor failure, signal exit codes
propagate through run_quiet_step, and SIGINT (exit 130) triggers
abort_install_int.
* retrigger proof check
* fix: exit 130 on Clack cancellation so installer treats it as SIGINT
guardCancel now exits with 130 (SIGINT convention) instead of 1. When
the user presses Ctrl+C at an interactive doctor prompt, the installer
sees doctor_exit=130 and calls abort_install_int, aborting cleanly
instead of continuing after exit 1.
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
* fix: narrow exit 130 to doctor-prompter path only
Revert guardCancel to exit 0 by default (matching main) and pass
exit code 130 only from doctor-prompter where the installer needs
to distinguish user cancellation from normal failures.
This preserves the existing cancellation behavior for configure,
wizard, gateway, and daemon prompts while keeping the SIGINT
convention for the installer's doctor subprocess.
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
---------
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
new Date(parsed.timestamp).getTime() can return NaN for unparseable
strings. Without a guard, NaN silently propagates into downstream
usage/cost calculations and corrupts billing data.
Add Number.isNaN(timestamp) check, falling back to 0 (same default
as the path when no timestamp key is present).
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(infra): enforce maxBytes in body-less HTTP error snippet path
* chore: rebase to trigger CI after boundaries check fix
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix(sessions): log warning when parseJsonlEntries skips malformed lines
* fix(sessions): also warn in buildSessionInfo for malformed JSONL lines
* fix(sessions): warn in parseSessionEntries for malformed JSONL lines
* test(sessions): add warning regression tests for parseSessionEntries
* test(sessions): add parseJsonlEntries warning regression test
Add test verifying parseJsonlEntries logs warning for malformed JSONL
lines via loadEntriesFromFile, covering the second of three instrumented
session JSONL readers.
Co-Authored-By: Claude <noreply@anthropic.com>
* test(sessions): update parseSessionEntries warning expectations after rebase
* style(sessions): remove unnecessary type assertion in test
* test(sessions): add buildSessionInfo warning regression tests via SessionManager.list
---------
Co-authored-by: Claude <noreply@anthropic.com>