Commit Graph

14905 Commits

Author SHA1 Message Date
pick-cat
ca4e8a7dc8 fix(skills): apply command description limits per channel (#99593)
* fix(skills): keep command spec descriptions UTF-16 safe at the truncation cut

* chore: fix oxlint no-unnecessary-type-assertion in test

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* chore: fix Skill type completeness in test fixture

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(skills): prove UTF-16-safe command truncation

* fix(skills): apply description limits per channel

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 18:12:51 -07:00
Andy Ye
d9289a19e1 fix(browser): persist managed Chrome cookies across restarts (#98284)
* fix(browser): preserve managed Chrome cookies

* fix(browser): guard graceful close process ownership

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 01:32:13 +01:00
scoootscooob
7e7fc0075e [codex] Honor all ack scope for room events (#87433)
* fix(discord): honor all ack scope for room events

* fix(channels): align all ack scope for room events

* fix(channels): centralize ambient ack scope

* test(telegram): restore room-event ack fixture

* test(discord): satisfy promise executor lint

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 01:28:41 +01:00
Hemant Sudarshan
bacd1c512a fix(browser): time out remote tab enumeration (#80147)
* fix(browser): time out remote tab enumeration

* chore: remove stale changelog entry

* fix(browser): isolate timed-out read cleanup

* fix(browser): isolate timed-out read cleanup

* test(browser): satisfy connection regression lint

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 00:56:05 +01:00
Peter Steinberger
2ded26a5d6 fix(diffs): share SSR preloads and repair language-pack hydration (#100487)
* fix(diffs): share SSR preloads and repair language-pack hydration

Render viewer and file documents from a single @pierre/diffs SSR preload
per file (mode=both previously ran the full diff+highlight pipeline
twice; 651ms -> 303ms on an 8-file patch), apply the file-mode font bump
as a document-level override, and keep hydration payloads
variant-faithful.

Fix the language-pack runtime downgrading pack-only languages to plain
text at hydration by defining a per-target build flag and forwarding it
to payload normalization.

Also: case-insensitive language hints, identical before/after
short-circuit with details.changed, patch input failures classified as
tool input errors, canonical config values now win over deprecated
aliases, hash-pinned viewer runtime served immutable, truthful
browser-vs-render errors, timing-safe artifact token compare, unref
idle browser timer.

* docs(changelog): link diffs rendering entry to PR

* test(diffs): narrow manifest validation results before value access

* test(tooling): allowlist diffs viewer-client define suppression
2026-07-06 00:34:17 +01:00
Gorkem Erdogan
e7c0673fc5 fix(slack): react action rejects emoji glyphs; member-info userId affordance unclear (#100375)
* fix(slack): normalize react emoji glyphs and clarify member-info userId param

Slack's reactions.add/remove only accept shortcode names, never a raw
Unicode glyph, but the react action's emoji param had no description
steering models away from passing one, so calls like
emoji="" failed with invalid_name. Consolidates the glyph-to-shortcode
map that already existed privately in the ack-reaction dispatch path into
the shared normalizeSlackEmojiName export in actions.ts, the layer that
owns the actual Slack API calls, so the message-tool react action gets the
same normalization.

Also tightens the generic userId param description so models stop trying
target on member-info, which has no target mode and requires userId
directly.

* fix(slack): preserve emoji reaction semantics

* fix(slack): default reactions to inbound message

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 00:15:32 +01:00
sunlit-deng
2525ea41fd fix(openai): bound realtime voice websocket payload at 16 MiB (#99450)
* fix(openai): bound realtime voice websocket payload at 16 MiB

* test(openai): cover realtime voice payload cap

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 00:12:27 +01:00
Peter Steinberger
aaf5ab910c fix: land ten small reliability fixes (#100483)
* fix(agents): harden LSP process failures

Source: #100450

Co-authored-by: morluto <williamlin1327@gmail.com>

* fix(sandbox): report effective workspace layout

Sources: #100435, #100439

Co-authored-by: Aniruddha Adak <aniruddhaadak80@users.noreply.github.com>

Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com>

* fix(security): fail install checks on stream errors

Source: #100413

Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>

* fix(android): normalize all-day calendar events

Source: #100032

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>

* fix(ios): serialize push-to-talk lifecycle

Source: #99942

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>

* fix(talk): reject inherited provider names

Source: #99849

Co-authored-by: zenglingbiao <zeng.lingbiao@xydigit.com>

* fix(android): stop voice capture in background

Source: #99840

Co-authored-by: xialonglee <li.xialong@xydigit.com>

* fix(cron): preserve fallback result classification

Source: #99913

Co-authored-by: jincheng-xydt <xu.jincheng@xydigit.com>

* fix(google): bound Vertex response decompression

Source: #99812

Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>

* fix(plugins): report malformed discovery JSON

Source: #99892

Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>

* test(sandbox): configure non-default workspace fixture

* test: fix small-fix batch validation

---------

Co-authored-by: morluto <williamlin1327@gmail.com>
Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com>
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
Co-authored-by: zenglingbiao <zeng.lingbiao@xydigit.com>
Co-authored-by: xialonglee <li.xialong@xydigit.com>
Co-authored-by: jincheng-xydt <xu.jincheng@xydigit.com>
Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>
2026-07-06 00:08:51 +01:00
Vincent Koc
7dfc499299 fix(agents): trim media tools in lean mode (#88881)
* fix(agents): trim media tools in lean mode

* fix(agents): preserve lean tool allowlists

* fix(agents): preserve lean tool overrides

* fix(agents): enforce lean policy at harness boundary

* fix(agents): preserve lean override provenance

* test(agents): satisfy lean harness contracts

* docs(changelog): record lean local-model tool trimming

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 00:06:06 +01:00
Vincent Koc
17ba497424 fix(codex): ignore missing mirrored session history (#100484)
* fix(codex): ignore missing mirrored session history

* test(codex): prove missing mirrored history stays quiet

* fix(codex): narrow missing history proof

---------

Co-authored-by: Alex Tang <alextangli@outlook.com>
2026-07-05 16:04:34 -07:00
Peter Steinberger
4da855a1ff fix(slack): prefer native status by default (#100462)
Co-authored-by: Peter Steinberger <steipete@openai.com>
2026-07-05 23:10:08 +01:00
Wei Songqu
46d8e96503 fix(discord): isolate voice connections and close auto-join race (#87530)
* fix(discord): isolate voice connections by account

Co-authored-by: geekhuashan <geekhuashan@gmail.com>

* chore: defer Discord voice accounts changelog

* fix(discord): own auto-join cleanup in lifecycle

* test(discord): bind lifecycle voice mocks

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 23:09:57 +01:00
Omar Shahine
91f5a65df9 fix(imessage): plain-send fallback for threaded replies + db-scoped recovery cursor (#99638) (#100446)
* fix(imessage): retry unthreaded when a threaded reply is unsupported (#99638)

* fix(imessage): scope downtime-recovery cursor to the watched database (#99638)

---------

Co-authored-by: Omar Shahine <10343873+omarshahine@users.noreply.github.com>
2026-07-05 14:58:38 -07:00
Kevin Lin
5fdaa04eca feat(qa-lab): add Codex Slack approval scenarios (#91519)
* feat(qa-lab): add codex slack approval scenarios

* fix(qa-lab): harden Codex Slack approval proof

* fix(qa-lab): validate Codex approval model

* test(qa-lab): verify approved Codex operation

* fix(qa-lab): normalize Slack QA account routing

* fix(qa-lab): read Codex tool result transcripts

* fix(qa-lab): harden Codex approval cleanup

* fix(qa-lab): support Codex Mantis checkpoints

* fix(qa-lab): repair Mantis pnpm bootstrap

* fix(qa-lab): normalize Codex tool result text

* fix(qa-lab): scope Mantis pnpm fallback

* fix(qa-lab): bootstrap pinned pnpm without npm

* fix(qa-lab): terminate pnpm metadata record

* fix(qa-lab): bootstrap official node for mantis

* fix(qa-lab): make mantis pnpm shim executable

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 22:47:18 +01:00
Vincent Koc
8ec5e06cbf fix(realtime): filter malformed provider tool names (#89175)
* fix(realtime): filter malformed provider tool names

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

* chore: defer realtime tools changelog

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 22:25:24 +01:00
Yuval Dinodia
89881b6611 fix(irc): long non-ASCII messages are silently truncated at the 512-byte line limit (#99138)
* fix(irc): chunk PRIVMSG by UTF-8 byte budget so long non-ASCII messages are not truncated

IRC caps a full protocol line at 512 bytes, but sendPrivmsg split outbound
text by UTF-16 code units against the 350 char default. Multi-byte text such
as CJK or emoji produced lines far beyond 512 bytes and servers silently
dropped the tail of every oversized chunk. The chunker now also enforces a
UTF-8 byte budget derived from the line framing overhead, splitting on code
point boundaries and preferring spaces, while ASCII chunking is unchanged.

* test(irc): move loopback IRC server helper to shared test helpers

The colocated node:net import tripped the network-runtime-boundary PR diff
scan for extensions/irc/src. The loopback server now lives in test/helpers,
outside the scanned network runtime paths, and the CJK, emoji, and ASCII
chunking cases keep driving the real client over a real TCP socket.

* fix(irc): decouple byte budget from character cap and move loopback helper to irc test-support

The byte budget is now derived only from the 512-byte line limit and framing
overhead, independent of messageChunkMaxChars, so low character caps with
multibyte text keep advancing instead of dropping the message. The loopback
IRC server helper moves from test/helpers to the extension-local package-root
test-support surface so extension tests stay off repo helper bridges and raw
socket use stays outside extensions/irc/src.

* fix(irc): enforce UTF-8 wire limits

* test(irc): satisfy loopback harness lint

* test(irc): avoid implicit Promise return

* test(irc): handle loopback close errors

* fix(irc): preserve boundary word splitting

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 22:10:59 +01:00
asock
20163ee182 [codex] fix discord missing voice state handling (#90969)
* fix(discord): treat missing voice state as absent

* fix(discord): narrow absent voice state handling

* chore: defer Discord voice changelog

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 22:10:46 +01:00
frank-beans
664464c750 Preserve provider settings during onboarding updates (#100107)
* Preserve provider settings during onboarding updates

* fix(onboarding): clear omitted request auth

* fix(onboarding): retain canonical provider keys

* fix(onboarding): canonicalize provider updates

* fix(minimax): preserve models across provider aliases

* fix(minimax): preserve secret references during onboarding

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 21:49:58 +01:00
Peter Steinberger
5e0504aa43 feat(ui): simplify Talk settings (#100453)
Co-authored-by: Peter Steinberger <steipete@openai.com>
2026-07-05 21:31:52 +01:00
Gio Della-Libera
85ad4cb200 fix(voice-call): avoid OpenAI realtime double greeting (#86285)
* fix(voice-call): avoid OpenAI realtime double greeting

* fix(voice-call): keep openai greeting proactive

* fix(openai): preserve deferred realtime instructions

* fix(openai): preserve instructions across response retry

* fix(openai): clear stale deferred response instructions

* fix(openai): keep latest deferred response intent

* fix(openai): keep base instructions for explicit speech

* fix(openai): only dedupe prefixed response instructions

* test(openai): narrow realtime user message callback

* fix(voice-call): suppress duplicate OpenAI realtime greeting

* fix(voice-call): keep OpenAI manual speech semantics

* fix(voice-call): keep OpenAI greeting trigger active

* fix(openai): suppress realtime auto responses during manual turns

* test(openai): import realtime bridge type

* refactor(openai): narrow realtime response suppression

* refactor(openai): share realtime turn detection config

* fix(openai): correlate realtime response errors

* fix(openai): flush queued realtime responses

* fix(openai): correlate realtime cancellation errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 21:13:20 +01:00
Wynne668
d405cda95a fix(browser): resolve act targetId aliases before mismatch check (#96178)
* fix(browser): resolve act targetId aliases before mismatch check

The /act top-level and batch targetId guards compared the caller-supplied
targetId against the resolved canonical tab.targetId with raw string
equality. Any supported alias form (tabId, label, suggestedTargetId, or a
unique id prefix) resolves to a different canonical id, so act requests that
followed the documented 'prefer suggestedTargetId/tabId/label' guidance were
rejected with 403 ACT_TARGET_ID_MISMATCH even though they named the correct
tab. snapshot/open/close/tabs lack this guard and kept working, matching the
reported symptom matrix.

Resolve the action targetId through the same tab alias resolution the route
used and reject only ids that resolve to a different tab.

* fix(browser): canonicalize act targetId aliases before Playwright dispatch

The /act gate accepted tabId/label/suggested/prefix aliases of the request
tab but left them on action.targetId. The managed executor reads
action.targetId ?? targetId for an exact page lookup (executeSingleAction ->
getPageForTargetId), so an alias missed the lookup and broke the action at
runtime whenever more than one page was open (single-page masked it via the
pages.length===1 fallback). Canonicalize the action targetId (top-level and
nested batch sub-actions) to the resolved tab id before dispatch; reject ids
that resolve to a different tab. Replace the mock-masked contract assertions
with executor-action assertions plus direct canonicalizer unit tests.

* test(browser): brace act-targetId guard clauses for curly lint

* docs(changelog): note browser target alias fix

* docs(changelog): note browser target alias fix

* fix(browser): reject ambiguous batch target aliases

* test(browser): type targetless act fixture

* docs(changelog): move browser alias fix to unreleased

* chore: drop nonessential browser changelog entry

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 21:12:13 +01:00
Peter Steinberger
a04b6ced4f test: stabilize load-sensitive test families that break gates under parallel load (#100420)
* test: stabilize process-heavy fixtures under load

* test: stabilize channel mocks under load
2026-07-05 12:53:06 -07:00
llagy009
685c22dfb7 fix(irc): chunk PRIVMSG on UTF-16 boundary to avoid lone surrogates (#96572)
* fix(irc): chunk PRIVMSG on UTF-16 boundary to avoid lone surrogates

sendPrivmsg split long messages with String.slice on a UTF-16 code-unit
index, so an emoji (or other astral character) straddling the split
point was cut into a lone high/low surrogate, sending broken bytes in
the PRIVMSG to the IRC server.

Slice each chunk with sliceUtf16Safe so a surrogate pair is never split.
When the budget is too small to fit even the leading astral character,
emit that character whole so chunking still makes progress.

Adds a socket-level test (fake net/tls socket) asserting no PRIVMSG
chunk contains a lone surrogate, including the one-code-unit budget
edge case, while the existing space-preferring split is preserved.

* refactor(irc): make surrogate-safe chunking direct

* fix(irc): preserve one-unit chunk limits

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 12:14:05 -07:00
Darren2030
39b5bf38f7 fix(voice-call): resolve completed calls from the persisted store on status misses (#99797)
* fix(voice-call): resolve completed calls from the persisted store on status misses

get_status, the legacy status mode, and the voicecall.status gateway method
only consulted the in-memory call manager. Once a call was evicted (finalize,
gateway restart, or max-duration expiry) they reported { found: false } even
though the full record remained on disk. Fall back to the persisted call
history and resolve the NEWEST matching snapshot — history is oldest-first, so
a forward find() returns a stale record (the regression in the prior attempt).

Closes #96586

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* test(voice-call): use bracket access for mocked getCallHistory assertion

Avoids the typescript(unbound-method) lint rule that flags referencing a
typed method (`runtimeStub.manager.getCallHistory`) as an unbound value.
Bracket access matches the existing mock-assertion pattern in this file
(e.g. `runtimeStub.manager["sendDtmf"]`).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* ci: re-trigger QA Smoke (transient build-OOM, also failing main run 28695162780)

* fix(voice-call): resolve persisted calls in the CLI status fallback too

The local CLI `voicecall status` gateway-unavailable fallback only consulted
the in-memory manager, so a completed/evicted call still returned
{ found: false } even though the gateway/tool/legacy status paths now fall
back to the persisted store. Align this fourth status reader: consult
getCallByProviderCallId in addition to getCall, and on an active miss resolve
the NEWEST matching persisted snapshot via getCallHistory(100) +
toReversed().find(...) (history is oldest-first), mirroring the gateway/tool
paths. Return shape is unchanged.

Per review on #96586 (align CLI status before merge).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* refactor(voice-call): centralize persisted status lookup

Co-authored-by: 曾文锋0668000834 <zeng.wenfeng@xydigit.com>

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 12:05:01 -07:00
Peter Steinberger
c730d8f1f1 feat(logbook): automatic work journal plugin with Control UI timeline tab (#99930)
* feat(logbook): automatic work journal plugin with a plugin-contributed Control UI tab

Squash of PR #99930 work for rebase onto the Control UI route refactor:
- extensions/logbook: Dayflow-style capture -> observations -> timeline cards
  pipeline with SQLite store, node capture commands, standup/ask, retention
- plugin SDK/gateway seam: surface "tab" Control UI descriptors projected
  into hello-ok controlUiTabs (scope-filtered, deterministic order)
- Control UI: dynamic plugin tabs with bundled Logbook view
- docs, tests, labeler wiring

* feat(ui): port plugin tabs and Logbook to the route-owned Control UI architecture

- shared /plugin route carries the tab id in the query (?id=<tab>), matching
  the router's exact-path contract
- openclaw-plugin-page renders bundled views (Logbook), sandboxed plugin
  frames (descriptor path), or the unavailable card
- sidebar renders hello controlUiTabs after each group's static routes
- Logbook view/controller live under ui/src/pages/plugin/

* fix(ui): namespace plugin tabs by pluginId to prevent cross-plugin tab id collisions

* fix(logbook): prefer app capture nodes and rotate off failing nodes

* fix(plugins): reject protocol-relative Control UI tab paths

* fix(logbook): harden automatic journal

* docs(changelog): remove maintainer self-credit

* chore(ui): refresh locale metadata after rebase

* fix(logbook): preserve analysis window boundaries

* fix(logbook): align status privacy and timezone

* fix(ui): stop hidden plugin tab polling
2026-07-05 11:50:44 -07:00
Peter Steinberger
b22c36f112 fix: land ten small reliability fixes (#100399)
* fix(cron): reject sub-millisecond durations

* fix(skill-workshop): preserve proposal terminal newline

Preserve proposal_content exactly at the agent tool boundary and make
renderProposalMarkdown defensively emit a terminal newline.

Add focused regressions for the tool write path and markdown renderer.

* fix(skill-workshop): reject blank raw proposal content

* fix: treat empty-string optional integer tool params as unset

Optional positive-integer tool params (e.g. Telegram replyTo/threadId)
threw ToolInputError when a tool-calling model populated them with an
empty-string or whitespace-only default. Those defaults carry no value,
so readPositiveIntegerParam/readNonNegativeIntegerParam now treat a
blank string as unset (undefined) instead of throwing, while still
rejecting genuinely invalid present values (0, "42.5", "-3"). This
prevents silent message-delivery failures when models emit empty
routing-param defaults. Adds unit tests covering blank vs invalid.

* fix(gateway): log start session persistence failures

The gateway session-lifecycle "start" event persistence
(persistGatewaySessionLifecycleEvent, which surfaces write failures via
requireWriteSuccess) was fired as void ...catch(() => undefined), swallowing
the rejection with zero logging. A failed start-marker write silently dropped
the run's start record from restart-recovery accounting, with no
operator-visible trace.

The sibling terminal-phase catch already logs this since #97839; the start
path was the unfixed sibling. Mirror that fix: log the swallowed start-phase
persistence failure with the same redacted message shape via formatForLog,
keeping the fire-and-forget semantics unchanged. Adds a focused regression
test asserting the log fires on start-persist rejection.

* fix(memory): report close-time pending work failures

* fix(shared): return "" from sliceUtf16Safe when end <= start, matching native .slice

sliceUtf16Safe silently swapped reversed bounds (to < from) instead of
returning "" like String.prototype.slice, creating a subtle footgun for
callers with dynamic start/end pairs.

Caller scan across src/, extensions/, and packages/ confirmed no production
code relies on the old swap behavior — all callers use (text, 0, N) or
(text, -N) forms only.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(plugins): require plugin manifest in npm verifier

* fix(android): propagate CancellationException in CameraHandler catch blocks

Catch (err: Throwable) swallows kotlinx.coroutines.CancellationException,
breaking structured concurrency when the coroutine scope is cancelled
during camera operations (handleList/handleSnap/handleClip).

Add CancellationException rethrow before each Throwable catch to match
the existing pattern used in GatewaySession and TalkModeManager.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fix(android): propagate CancellationException past GatewaySession invoke boundary

* chore: sync native i18n inventory after gateway session line shift

* fix(agents): prevent native hook relay bridge race condition on renew and registration

Remove synchronous bridge record write after server.listen() that races
before the TCP server binds, and guard renew handler with server.listening
check to prevent stale relay registrations.

Closes #98650

* fix: harden small reliability fixes

Co-authored-by: cxbAsDev <cxbAsDev@users.noreply.github.com>

* docs(agents): explain buffered LSP spawn failures

* docs(agents): clarify LSP spawn timeout invariant

---------

Co-authored-by: qingminlong <qing.minlong@xydigit.com>
Co-authored-by: anyech <anyech@gmail.com>
Co-authored-by: snotty <snotty@users.noreply.github.com>
Co-authored-by: masatohoshino <g515hoshino@gmail.com>
Co-authored-by: lin-hongkuan <lin-hongkuan@users.noreply.github.com>
Co-authored-by: simon-w <weng.qimeng@xydigit.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: 宇宙熊Yzx <53250620+849261680@users.noreply.github.com>
Co-authored-by: xialonglee <li.xialong@xydigit.com>
Co-authored-by: nankingjing <1079826437@qq.com>
Co-authored-by: cxbAsDev <cxbAsDev@users.noreply.github.com>
2026-07-05 11:12:55 -07:00
Peter Steinberger
c757675f34 improve: keep isolated tests under one second (#100019)
* test: speed up isolated test suite

* test: finish isolated latency cleanup

* test: eliminate remaining isolated latency spikes

* test: remove final isolated timing outliers

* test: bound full-suite tooling processes

* test: bound native test process lifetime

* test: warm isolated runtime suites

* test: eliminate final isolated timing outliers

* test: fix isolated timing fixture types

* test: make timeout cleanup timing deterministic

* test: pin media manifests to source checkout

* test: isolate provider manifest contracts

* test: eliminate residual isolated timing spikes

* test: restore final isolated timing fixes

* test: eliminate remaining isolated timing spikes

* test: warm Zalo lifecycle imports

* test: keep isolated suites below one second

* test: use readable browser response fixtures
2026-07-05 10:57:19 -07:00
Ayaan Zaidi
2b7003d535 fix(clickclack): gate provenance stamping behind agentActivity opt-in 2026-07-05 09:32:37 -07:00
ragesaq
00f345a82b fix(clickclack): forward native activity callbacks
Allow ClickClack-owned progress rendering to receive item callbacks when source delivery is suppressed. This lets native agentActivity persist commentary and tool rows instead of relying on default progress texts.

HyperReview-Reflex: pass
HyperReview-Tier: light
HyperReview-Scope: staged-tree:e4d63a7648ad03f91fe81588cce783fd686b6488
HyperReview-Paths-SHA256: 94ae4829752bfdafc02191354cac5ae2a2ca9fc899ad02a7ced71d38829dd352
HyperReview-Reflex-Version: 0.3.3
HyperReview-Routed-To: none
2026-07-05 09:32:37 -07:00
ragesaq
67044ce7c7 feat(clickclack): normalize reasoning progress as commentary
ClickClack durable activity now treats preamble, commentary, analysis, thinking, and reasoning as streaming commentary segments. Reasoning-family lanes get a normalized Thinking label, while lifecycle frames stay hidden.

Why: native ClickClack needs Clickglass parity for commentary progress, tool calls, and final assistant delivery before the sidecar can be retired.

Validation:

pnpm tsgo:extensions

pnpm tsgo:extensions:test

pnpm exec oxlint extensions/clickclack/src/activity.ts extensions/clickclack/src/activity.test.ts

pnpm exec vitest run extensions/clickclack/src/activity.test.ts

HyperReview-Reflex: pass-with-conditions
HyperReview-Tier: light
HyperReview-Scope: staged-tree:ed2adf325ad5beffcb55d7c6b929b0be7a752b61
HyperReview-Paths-SHA256: e5499bb489781e9c4dd31828a71220bbe89c4e646011a7f31f5ce3b8db8d54c6
HyperReview-Reflex-Version: 0.3.3
HyperReview-Routed-To: none
HyperReview-Receipt-SHA256: 4d3480047c0b66556236cecde7dd3e199b57a027b8dd894acab47056d9be5b4c
2026-07-05 09:32:37 -07:00
ragesaq
a08ca5fc5d feat(clickclack): stamp model/thinking attribution onto agent posts
Wires replyOptions.onModelSelected so the resolved provider/model and
thinking level for each turn (including after fallback) are sent as
author_model / author_thinking fields on activity rows and the final
reply. Servers without these columns ignore the unknown JSON fields, so
the wire shape is backward compatible; servers that persist them get
per-message attribution.
2026-07-05 09:32:37 -07:00
ragesaq
339cc4f12a fix(clickclack): address review — docs, lint lanes, activity coalescing
- docs: document agentActivity option, the non-inherited agent_activity:write
  scope, default-off and best-effort degradation behavior
- activity: type the enqueue catch parameter as unknown (lint lane)
- activity: treat toolCallId as opaque; normalize only itemId lane prefixes
- activity: skip identical/stale-shorter commentary snapshots so no
  redundant PATCHes queue
- http-client: fail fast when createActivityMessage has no channel or
  conversation target; narrow mocked request bodies before JSON.parse
2026-07-05 09:32:37 -07:00
ragesaq
01b34139b1 feat(clickclack): publish durable agent activity rows (commentary + tool)
Opt-in per-account (agentActivity: true): the ClickClack channel extension
now mirrors streamed commentary and tool progress into durable
agent_commentary / agent_tool message rows via the existing
replyOptions.onItemEvent seam, coalesced so one logical step is one row.
Requires a bot token carrying the agent_activity:write scope; publishing
is best-effort and never interrupts final text delivery.
2026-07-05 09:32:37 -07:00
Vincent Koc
a308e3b834 fix(qa): serialize channel-driver isolated smoke workers 2026-07-05 17:33:28 +02:00
Gio Della-Libera
14b2ca11ff policy: repair automatic narrowing findings (#99690) 2026-07-05 08:11:38 -07:00
Peter Steinberger
862de9f1a1 fix(pairing): advertise reachable Tailnet routes (#100317)
* fix(pairing): advertise reachable tailnet routes

* fix(pairing): satisfy native and SDK checks

* fix(ios): cancel stale pairing route probes

* test(pairing): document LAN-only Serve fallback

* fix(ios): preserve pairing result initializer
2026-07-05 07:43:43 -07:00
Leonidas Lux
42464de58d fix(whatsapp): restore malformed credentials from backup (#99070)
* fix(whatsapp): wrap JSON.parse with try-catch in auth store and test helpers

Add defensive try-catch around JSON.parse calls in WhatsApp extension
to prevent crashes from corrupted state files.

- restoreCredsFromBackupIfNeeded: wrap creds.json/backup validation
  JSON.parse with try-catch; corrupted creds.json now properly falls
  through to backup restoration instead of skipping it entirely
- updateLastRouteMock: wrap JSON.parse with try-catch, initialize
  empty store on corrupted file

* test(whatsapp): add regression test for malformed creds.json longer than one byte

- Add a focused regression test for the exact case ClawSweeper
  flagged: readWebCredsJsonRawSync returns non-null content for
  files with stat.size > 1, so malformed JSON like "{x" (2 bytes)
  reaches JSON.parse — the inner try-catch now catches the parse
  failure and falls through to backup restoration
- Without this patch, JSON.parse("{x") throws to the outer catch
  and restoreCredsFromBackupIfNeeded returns false, skipping backup

🦞 diamond lobster: L2 evidence (real function call + real filesystem objects)

Ref. https://github.com/openclaw/openclaw/pull/99070

* fix(whatsapp): restore malformed creds from backup

Co-authored-by: LeonidasLux <LeonidasLux@users.noreply.github.com>

* docs(changelog): defer credential recovery entry to aggregate

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: LeonidasLux <LeonidasLux@users.noreply.github.com>
2026-07-05 06:50:28 -07:00
Bartok
ccdbb70cf0 fix(whatsapp): preserve bot-authored quote replies (#94879)
* fix(whatsapp): cache bot's own outbound messages for quote metadata

When a user swipe-replies to a message the bot itself sent, the outbound
quote-key lookup misses the inbound-only metadata cache and falls back to
fromMe:false with the replying user's JID as participant. That mismatched
quoted.key is silently dropped by WhatsApp Desktop, so the bot's reply
bubble never renders there (it renders on Android, which is more lenient).

Cache quote metadata for the bot's own outbound messages at the send
choke point (rememberOutboundMessage) with fromMe:true and the bot's own
participant JID (group only; omitted for direct chats, matching WhatsApp
semantics). Future swipe-reply lookups then build a correct quoted.key.

Closes #91445.

* fix(whatsapp): preserve outbound quote metadata

Co-authored-by: Bartok9 <danielrpike9@gmail.com>

* docs(changelog): defer quoted replies entry to aggregate

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 06:47:50 -07:00
Vishal Jain
4c42815348 fix(whatsapp): bound reconnect catch-up replies (#80642)
* fix(whatsapp): bound reconnect catch-up replies

Co-authored-by: Vishal Jain <jainvishal2212@gmail.com>

* docs(changelog): defer reconnect entry to aggregate

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 06:34:57 -07:00
Peter Steinberger
c3b479b8e2 fix(voice-call): auto-respond to webhook transcripts (#100255)
Co-authored-by: dvy <dvy@users.noreply.github.com>
2026-07-05 06:21:45 -07:00
Peter Steinberger
f535b2a3ec fix(voice-call): normalize mapped proxy addresses (#100261)
Co-authored-by: Rohit <rohitjavvadi2@gmail.com>
2026-07-05 06:10:36 -07:00
Peter Steinberger
1349027171 fix(google): normalize Live function declarations (#100260)
Co-authored-by: happydog-bot <bot@happydog.digital>
2026-07-05 06:08:23 -07:00
Chunyue Wang
e29448df08 fix(gateway): stop terminal WhatsApp restart loops (#78511)
* fix(gateway): prevent restart loops after terminal WhatsApp disconnects

Track `terminalDisconnect` through the WhatsApp status controller, channel
runtime snapshot, and `ChannelAccountSnapshot` so the health-monitor and
the `ChannelManager` task-exit handler both skip auto-restart when Baileys
signals a terminal session end (loggedOut / connectionReplaced).

Adds a `terminal-disconnect` `ChannelHealthEvaluationReason` so the policy
layer returns a stable, named reason rather than falling through to
`not-running`, preventing unbounded WebSocket/heap growth on multi-tenant
gateways. Fixes #78419.

* fix(gateway): prioritize terminal disconnect recovery

Co-authored-by: openperf <16864032@qq.com>

* docs(changelog): move WhatsApp restart fix to unreleased

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 05:49:33 -07:00
Peter Lee
66081c09ee fix(core): keep backend truncation UTF-16 safe (#100244)
* fix(core): use UTF-16-safe truncation for chat display, ACP stream relay, and native hook relay

* fix(core): narrow UTF-16 truncation repair

Co-authored-by: xialonglee <li.xialong@xydigit.com>

Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com>

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com>
2026-07-05 05:48:35 -07:00
Peter Steinberger
deac98eb72 fix: harden small runtime and installer edge cases (#100258)
* fix(media): preserve dollar sequences in transcript echoes

Co-authored-by: uditDewan <udit.dewan21@gmail.com>

* fix(mcp): catch rejected gateway event handlers

Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>

* fix(auto-reply): support punctuated silent token prefixes

Co-authored-by: simon-w <weng.qimeng@xydigit.com>

* fix(discord): keep voice log previews UTF-16 safe

Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>

* fix(clawrouter): bound usage response reads

Co-authored-by: 杨浩宇0668001029 <yang.haoyu@xydigit.com>

* fix(browser): bound CDP JSON response reads

Co-authored-by: hailory <hailory@xydigit.com>

* fix(status): include current time in session status

Co-authored-by: connermo <conner.mo@gmail.com>

* fix(installer): require Arch detection before pacman

Co-authored-by: Iliya Abolghasemi <gfaerny@gmail.com>

* fix(apps): default TLS gateway deep links to port 443

Co-authored-by: ben.li <li.yang6@xydigit.com>

* fix(infra): keep Undici terminated exceptions nonfatal

Co-authored-by: harjoth <harjoth.khara@gmail.com>

* fix(auto-reply): avoid Unicode-unsafe token spread

---------

Co-authored-by: uditDewan <udit.dewan21@gmail.com>
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>
Co-authored-by: simon-w <weng.qimeng@xydigit.com>
Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>
Co-authored-by: 杨浩宇0668001029 <yang.haoyu@xydigit.com>
Co-authored-by: hailory <hailory@xydigit.com>
Co-authored-by: connermo <conner.mo@gmail.com>
Co-authored-by: Iliya Abolghasemi <gfaerny@gmail.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>
Co-authored-by: harjoth <harjoth.khara@gmail.com>
2026-07-05 05:33:11 -07:00
Peter Steinberger
43fd44a28c fix(voice-call): share webhook replay tracking (#100263)
* fix(voice-call): share webhook replay tracking

Co-authored-by: xialonglee <li.xialong@xydigit.com>

* fix(voice-call): share webhook replay tracking

* fix(voice-call): share webhook replay tracking

* fix(voice-call): share webhook replay tracking

* fix(voice-call): share webhook replay tracking

* fix(voice-call): share webhook replay tracking

* fix(voice-call): share webhook replay tracking

* fix(voice-call): share webhook replay tracking

---------

Co-authored-by: xialonglee <li.xialong@xydigit.com>
2026-07-05 05:32:41 -07:00
Peter Steinberger
1f484a8dbd test: speed up and stabilize full suite 2026-07-05 08:00:23 -04:00
Peter Steinberger
c00d79a1d1 fix(imessage): false group drop-all startup warning when groupAllowFrom is set without groups (#100046)
* fix(imessage): only warn about empty group allowlist when messages actually drop

With groupPolicy="allowlist", a non-empty effective groupAllowFrom admits
group messages even when channels.imessage.groups is empty (senderFilterBypass
in src/config/group-policy.ts), so the startup warning "Every inbound group
message will be dropped" fired as a false positive for that configuration.

The warning now mirrors the runtime gate's effective sender allowlist (same
allowFrom fallback + legacy chat-target merge) and fires only when both the
groups registry and the effective group sender allowlist are empty - the only
startup-provable drop-all config. The message now names groupAllowFrom as the
fix, since adding groups entries alone leaves the sender gate blocking.

Docs: describe the two group gates' warnings separately with per-warning
remedies instead of implying both fire for the same config.

* docs(imessage): format migration guide

* fix(imessage): warn on empty group sender allowlist

* docs: move iMessage fix to unreleased
2026-07-05 04:21:22 -07:00
Masato Hoshino
cbb920c7d9 fix(qqbot): channel status keeps reporting connected after the gateway websocket dies (#100127)
* fix(qqbot): publish disconnected channel status when the gateway closes or gives up

The QQBot channel only ever set connected: true (onReady/onResumed);
no close path updated the status, so a fatal close (bot banned or
offline, 4914/4915) or reconnect exhaustion left channels.status
claiming a live connection forever, and the channel-health monitor
never saw connected=false for a dead gateway.

Thread an onDisconnected callback from GatewayConnection.handleClose
(fatal and pre-reconnect branches) and the reconnect-exhaustion path
through the engine/bridge layers into channel.ts, which now records
connected: false and, for fatal closes, the close reason as lastError.
The running flag stays owned by the gateway lifecycle store, matching
the sibling channel convention.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* fix(qqbot): import ChannelAccountSnapshot from the channel-contract subpath

The monolithic openclaw/plugin-sdk root entry is a legacy surface;
plugin-sdk contract guardrails and extension boundary checks require
focused subpath imports in bundled plugin sources.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* fix(qqbot): ignore stale socket closes from superseded gateway connections

A server-driven RECONNECT / INVALID_SESSION tears the old socket down
and brings up a replacement; the old socket's close event can arrive
after the replacement is live. Reacting to it again would tear down the
new socket and regress the connected status, so the close handler now
ignores closes from sockets that are no longer current.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* fix(qqbot): harden disconnect status recovery

* fix(qqbot): report opcode-driven reconnects

* fix(qqbot): keep fatal disconnect health visible

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-05 04:18:01 -07:00
Vincent Koc
c22270a917 fix(build): restore package artifact declarations (#100249)
* fix(build): restore package artifact declarations

* fix(build): stage plugin sdk strict smoke artifacts

* test(exec): accept resolved safe-bin paths

* test(qa): type missing delivery metadata regression

* fix(build): restore llm runtime tsdown root

* fix(build): drop removed llm runtime tsdown root
2026-07-05 02:22:11 -07:00