Commit Graph

5758 Commits

Author SHA1 Message Date
Vincent Koc
bf8626c0e9 feat(providers): add LongCat API support (#100501)
* fix(ai): honor provider reasoning compatibility

* feat(longcat): add hosted provider plugin

* chore(longcat): register package metadata

* docs(longcat): add provider setup guide

* docs(longcat): document self-hosted model routing

* refactor(longcat): externalize provider plugin

* chore(longcat): add npm release artifacts
2026-07-06 10:07:08 -07:00
Dallin Romney
5af7ba92ce refactor: consolidate byte-size formatting (#99768)
* refactor: consolidate byte-size formatting

* fix: stabilize byte formatter import boundary

* fix: keep byte formatter within SDK budget

* fix: emit byte formatter package entry

* refactor: trim byte formatter surface

* fix: use narrow byte formatter import

* refactor: remove byte formatter dependency changes

* fix: refresh rebased byte formatter baseline
2026-07-06 09:26:04 -07:00
Dallin Romney
b29d472e41 refactor(qa): add canonical live channel adapters (#99707) 2026-07-06 09:24:34 -07:00
Peter Steinberger
83f0527724 feat(ios): word-paced fade-in for streaming assistant prose (#100884) 2026-07-06 15:50:58 +01:00
Vincent Koc
b3db79929f fix(test): preflight targeted UI e2e (#100950) 2026-07-06 07:46:08 -07:00
machine3at
5c2604f8cd fix(cron): use direct lookup instead of paginated search in cron edit (#100836)
* fix(cron): use direct lookup instead of paginated search in cron edit

* fix(test): update cron-cli tests to mock cron.get and remove obsolete pagination checks

* fix(cron): preserve edit compatibility with older gateways

* fix(cron): preserve legacy lookup error cause

---------

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-06 06:58:22 -07:00
Peter Steinberger
f623d81f52 feat(ui): show background tasks live in the web Control UI (#100789)
* feat(gateway): broadcast task ledger changes as task events

* feat(ui): add background Tasks page to Control UI

* fix(gateway): address tasks page review findings

* fix(ui): surface tasks.cancel refusals on the Tasks page

* fix(gateway): guard stale task observer disposal against replacement gateways

* chore: satisfy lint and docs-map gates for tasks page

* test(gateway): await async agent unsub in stale-dispose test
2026-07-06 14:36:33 +01:00
Peter Steinberger
876ab9bb0b feat(android): add chat message actions (#100879)
* fix(android): add chat message actions

* chore(android): sync native i18n inventory

* fix(i18n): collect Android action labels

* fix(i18n): preserve Android placeholders
2026-07-06 13:50:16 +01:00
Vincent Koc
56fe5d0459 fix(release): skip loader lifecycle scripts on Windows 2026-07-06 04:57:57 -07:00
Peter Steinberger
f53346944d feat: correlate native search outcomes in audit history (#98704)
* feat: correlate native search outcomes in audit history

Metadata-only audit ledger for agent runs and tool actions in the shared
state DB: stable event identity, closed action/status/error vocabularies,
one-way-hashed tool-call ids, never-inferred terminal outcomes for native
web-search (explicit completed/failed only; otherwise unknown), bounded
retention, audit.list gateway RPC and openclaw audit CLI. Squashed from
the 82-commit audit stack for replay onto current main.

* feat(audit): add audit.enabled config gate (default on)

The metadata-only audit ledger records by default: an audit trail enabled
only after an incident cannot explain the incident, and the rows are
strictly less sensitive than the transcripts every install already
stores. audit.enabled=false stops new writes at the gateway subscription
seam; audit.list and openclaw audit keep serving existing records until
they expire. Documented in the configuration reference, protocol page,
and CLI reference.

* fix: repair full-matrix CI findings after rebase

- break the dynamic-tools/dynamic-tool-execution import cycle by
  extracting resolveCodexToolAbortTerminalReason into a leaf module
- restore main's session-worktree protocol exports lost in the
  index.ts auto-merge
- register the audit event writer worker as a knip entry point
- docs table formatting; subagent wait-cancellation test scoped to its
  audit intent (outcome + timing) and advanced past main's new
  lifecycle-timeout retry grace
2026-07-06 12:30:12 +01:00
Vincent Koc
96e676c2b3 fix(release): hydrate fresh Anthropic OAuth access 2026-07-06 04:20:58 -07:00
Peter Steinberger
827402243d feat: add Anthropic and OpenAI cost history (#100672)
* feat(providers): add admin cost history

* fix(ui): sync cron raw-copy baseline

* fix(usage): harden provider cost credentials

* fix(ui): refresh raw-copy baseline

* docs: refresh documentation map

* fix(ci): sync provider usage baselines

* fix(ui): hide zero-cost history bars

* docs(changelog): defer provider cost note
2026-07-06 12:06:55 +01:00
Vincent Koc
cbf9acff37 fix(release): reuse setup-token for Anthropic live checks 2026-07-06 03:46:22 -07:00
Peter Steinberger
1f06b890a6 feat(ios): add model picker favorites and recents with working iOS model switching (#100774) 2026-07-06 11:44:13 +01:00
Vincent Koc
17777b3a9f refactor: remove proven dead code across runtime surfaces (#100823)
* refactor: remove unused internal helpers

* refactor(ui): remove unused compatibility helpers

* refactor(android): remove unused talk cleanup shim

* refactor(android): remove orphaned legacy UI

* refactor: remove unused private exports

* refactor(docs-i18n): remove dead matcher and satisfy lint
2026-07-06 03:31:19 -07:00
Vincent Koc
fa70403403 fix(release): isolate Claude ACP subscription auth 2026-07-06 02:58:59 -07:00
Vincent Koc
c42ef8b267 fix(release): harden Claude CLI live probe 2026-07-06 02:52:24 -07:00
Vincent Koc
c9abc75884 refactor: remove dead code and consolidate repeated paths (#100650)
* refactor(search): reuse provider setup finalizer

* refactor(android): remove unused helpers

* refactor(apps): remove unused Swift declarations

* refactor(diagnostics): reuse private reply delivery

* refactor(memory): reuse raw short-term store writer

* refactor(logbook): reuse batch row mapping

* refactor(scripts): centralize oxlint format policy

* refactor(memory): share qmd cache context hashing

* refactor(doctor): share auth issue classification

* chore(i18n): refresh native source inventory
2026-07-06 02:24:37 -07:00
Vincent Koc
d9a2b7c6a9 fix(pr-gates): reject normal root changelog edits 2026-07-06 11:09:49 +02:00
cxbAsDev
b80c276f13 fix(crestodian): catch rejection from async respond in sendChat (#100341)
* fix(crestodian): catch rejection from async respond in sendChat

* test(crestodian): fix type cast in sendChat rejection test

* proof(crestodian): remove unused finish binding in proof script

* test(crestodian): make sendChat proof fail on current main by rejecting respond itself

* test(crestodian): remove unused eslint-disable directives

* fix(crestodian): isolate TUI event consumer failures

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-06 01:42:47 -07:00
chenyangjun-xy
a152a45284 fix(usage-bar): bound template file cache to prevent unbounded watche… (#98990)
* fix(usage-bar): bound template file cache to prevent unbounded watcher growth

Add MAX_CACHED_TEMPLATE_FILES=64 limit; evict the oldest entry (closing
its fs.watch watcher) before allocating a watcher for a new key when
the cache is full.

Eviction runs before watcher allocation so we never create a watcher
only to close it immediately. Eviction triggers only when inserting a
new key (!fileCache.has(path)) — retries for an existing key must
not evict other entries.

Fixes #98960

Co-Authored-By: Claude <noreply@anthropic.com>

* refactor(test): replace mutable dir variable with cleanup-stack pattern in template.test.ts

Co-Authored-By: Claude <noreply@anthropic.com>

* chore(test): add curly braces for eslint curly rule

Co-Authored-By: Claude <noreply@anthropic.com>

* test(usage-bar): register watcher proof cleanup

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-06 01:21:32 -07:00
Vincent Koc
0c38082c6d fix(maint): use canonical hosted gate verifier 2026-07-06 01:18:19 -07:00
cxbAsDev
6ae4bbafb0 fix(transcripts): handle read stream errors gracefully in TranscriptsStore (#100524)
* fix(transcripts): handle read stream errors gracefully in TranscriptsStore

* proof(transcripts): add real behavior proof script for store stream error catch

* fix(transcripts): reject with Error in stream error handler

* proof(transcripts): replace wrapper with real EISDIR stream error proof

* fix(transcripts): reject non-ENOENT stream errors after stream close
2026-07-06 01:07:32 -07:00
cxbAsDev
c9a0783922 fix(secrets): suppress unhandled stdout/stderr stream errors in exec resolver (#100521)
* fix(secrets): suppress unhandled stdout/stderr stream errors in exec resolver

* proof(secrets): add real behavior proof script for exec resolver stream error catch

* proof(secrets): replace wrapper with real exec resolver stream error proof

* style: apply oxfmt to changed files
2026-07-06 00:52:22 -07:00
Vincent Koc
798d4796e7 fix(release): pin Claude live CLI to SDK version 2026-07-06 00:22:26 -07:00
cxbAsDev
e66f43e276 fix(hooks): suppress unhandled stdout/stderr stream errors in gmail watcher (#100519)
* fix(hooks): suppress unhandled stdout/stderr stream errors in gmail watcher

* proof(gmail-watcher): add real behavior proof script for stream error catch

* proof(gmail-watcher): replace wrapper with real stream error proof

* style: apply oxfmt to changed files
2026-07-06 06:58:07 +00:00
Glen - I am an OpenClaw+Codex bot
23998a148f fix(build): fall back to tsx for build TypeScript scripts (#91262)
* fix(build): fall back to tsx for build TypeScript scripts

* fix(build): use tsx across TypeScript build scripts

---------

Co-authored-by: Steffen Moeller <moeller@debian.org>
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-06 06:55:20 +00:00
Peter Steinberger
5d9cec16f3 fix(maint): reuse recent hosted gates after rebase (#100663)
* fix(maint): reuse recent hosted gates after rebase

* fix(maint): preserve whitespace in gate fingerprints
2026-07-06 07:43:03 +01:00
Sebastien Tardif
0d6a1dcb53 fix(install): trap SIGINT so Ctrl+C exits cleanly during upgrade doctor (#76386)
* style: restore exec approval e2e formatting

* fix(install): trap SIGINT so Ctrl+C exits cleanly during upgrade doctor

Three changes to fix the install script's Ctrl+C handling:

1. Add INT/TERM signal traps that clean up temp files and exit with
   the correct signal exit codes (130 for SIGINT, 143 for SIGTERM).

2. Preserve signal exit codes (>128) through run_quiet_step so the
   doctor path can distinguish user cancellation from normal errors.
   Non-signal failures still return 1, preserving existing caller
   semantics for all other installer steps.

3. Fix guardCancel in onboard-helpers.ts: exit(0) changed to exit(1)
   so Clack prompt cancellation (Escape/Ctrl+C) is treated as failure,
   not success. This prevents the installer from continuing with plugin
   updates after the user explicitly cancelled.

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

* fix(install): abort dashboard launch on doctor cancellation

When a user cancels the interactive upgrade-doctor prompt (Clack
cancellation exits 1, SIGINT exits 130), clear should_open_dashboard
so the installer does not launch a dead dashboard after an incomplete
upgrade.

Also propagate non-zero exit from run_doctor() so the non-interactive
upgrade path correctly skips dashboard launch on failure.

* fix: guard every run_doctor caller and add focused tests

The existing-config path called run_doctor without checking its return
value, so a failed or cancelled doctor would still launch the dashboard.
Now both run_doctor call sites guard the return value with if-then.

Adds focused tests verifying: every run_doctor caller is guarded,
dashboard flag is cleared on doctor failure, signal exit codes
propagate through run_quiet_step, and SIGINT (exit 130) triggers
abort_install_int.

* retrigger proof check

* fix: exit 130 on Clack cancellation so installer treats it as SIGINT

guardCancel now exits with 130 (SIGINT convention) instead of 1. When
the user presses Ctrl+C at an interactive doctor prompt, the installer
sees doctor_exit=130 and calls abort_install_int, aborting cleanly
instead of continuing after exit 1.

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

* fix: narrow exit 130 to doctor-prompter path only

Revert guardCancel to exit 0 by default (matching main) and pass
exit code 130 only from doctor-prompter where the installer needs
to distinguish user cancellation from normal failures.

This preserves the existing cancellation behavior for configure,
wizard, gateway, and daemon prompts while keeping the SIGINT
convention for the installer's doctor subprocess.

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

---------

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 06:19:44 +00:00
Sulaga
2b51c255f8 feat(tencent): add Tencent Hy3 provider (TokenHub and TokenPlan) (#99076)
Summary:
- Merged feat(tencent): add Tencent Hy3 provider (TokenHub and TokenPlan) after ClawSweeper review.

Automerge notes:
- Ran the ClawSweeper repair loop before final review.
- Included post-review commit in the final squash: fix(tencent): preserve TokenHub auth compatibility
- Included post-review commit in the final squash: refactor(tencent): unify TokenPlan env/flag naming with TokenHub
- Included post-review commit in the final squash: docs: refresh Tencent provider docs metadata
- Included post-review commit in the final squash: fix: allow TokenPlan provider config overlays
- Included post-review commit in the final squash: docs: dedupe Tencent provider glossary labels
- Included post-review commit in the final squash: fix(tencent): repair TokenHub model defaults

Validation:
- ClawSweeper review passed for head 30c9fc130f.
- Required merge gates passed before the squash merge.

Prepared head SHA: 30c9fc130f
Review: https://github.com/openclaw/openclaw/pull/99076#issuecomment-4888527271

Co-authored-by: leisang <leisang@tencent.com>
Co-authored-by: Mason Huang <masonxhuang@tencent.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Approved-by: hxy91819
2026-07-06 04:29:48 +00:00
Peter Steinberger
785f197de6 chore(maint): make the PR merge drift guard advisory by default (#100593)
The relevant-mainline-drift check in scripts/pr merge-verify hard-failed
any landing whose prepared head predated a sibling merge, serializing all
agent landings behind a fresh CI cycle per merged PR. Required checks
still gate at the prepared head and GitHub mergeable state still blocks
real conflicts. OPENCLAW_PR_STRICT_DRIFT=1 restores the previous hard
gate for release-critical flows.
2026-07-06 05:14:39 +01:00
Peter Steinberger
07e2d633cc feat: show auto-detected provider plans and billing (#100520)
* feat(providers): auto-discover usage billing

* feat(ui): show provider plans and billing

* fix(ui): translate provider billing labels
2026-07-06 04:53:09 +01:00
Peter Steinberger
fdc9aa82d7 feat(cron): declarative jobs with owner attribution and richer status (#100480)
Adds scope-local declaration-key convergence, immutable owner attribution, richer status projection, and delivery validation to canonical cron jobs.

Supersedes the #98727 routines registry approach; no parallel registry, RPC namespace, or CLI noun.
2026-07-06 03:35:26 +01:00
Tyler Nishida
2db5bd3394 feat(ios): refresh onboarding setup flow (#98868) 2026-07-05 21:38:54 -04:00
Peter Steinberger
95f12178a7 perf(ci): shorten stalled gateway retry 2026-07-05 20:40:16 -04:00
Peter Steinberger
5d8293c1fe feat(ios): read-only offline cache for chat sessions and transcripts (#100219)
* feat(ios): read-only offline cache for chat sessions and transcripts

Cache-first cold open for the iOS chat tab: the last known transcript and
session list render immediately from a local SQLite cache, then live gateway
history replaces them wholesale through the existing reconciliation path.
When the gateway is unreachable, recent sessions and transcripts stay
browsable read-only; sending remains gated by the existing connection state.

- New OpenClawChatTranscriptCache protocol seam plus SQLite-backed store in
  OpenClawChatUI (raw SQLite3, no new dependencies), scoped per gateway
  stableID so transcripts never leak across paired gateways.
- Bounds: 50 sessions, 50 transcripts, 200 messages per session; text rows
  only (attachment/binary payloads and tool arguments are stripped).
- Disposable cache: schema versioned via user_version; any open/schema/decode
  mismatch drops and rebuilds silently. File protection
  completeUntilFirstUserAuthentication on iOS.
- View model pre-paints from cache only until a live response applies
  (hasAppliedLiveHistory/hasAppliedLiveSessions guards); write-through is
  chained and off the render path.
- iOS wiring keys the chat view model identity on transport mode plus cache
  gateway ID so switching paired gateways rebuilds the view model.

Part of #100194

* fix(ios): harden offline transcript cache

* fix(ios): expose offline cached sessions

* fix(ios): isolate transcript caches by gateway

* chore(i18n): sync native inventory

* fix(ios): allow cache extension to replace messages
2026-07-06 01:02:15 +01:00
Peter Steinberger
2ded26a5d6 fix(diffs): share SSR preloads and repair language-pack hydration (#100487)
* fix(diffs): share SSR preloads and repair language-pack hydration

Render viewer and file documents from a single @pierre/diffs SSR preload
per file (mode=both previously ran the full diff+highlight pipeline
twice; 651ms -> 303ms on an 8-file patch), apply the file-mode font bump
as a document-level override, and keep hydration payloads
variant-faithful.

Fix the language-pack runtime downgrading pack-only languages to plain
text at hydration by defining a per-target build flag and forwarding it
to payload normalization.

Also: case-insensitive language hints, identical before/after
short-circuit with details.changed, patch input failures classified as
tool input errors, canonical config values now win over deprecated
aliases, hash-pinned viewer runtime served immutable, truthful
browser-vs-render errors, timing-safe artifact token compare, unref
idle browser timer.

* docs(changelog): link diffs rendering entry to PR

* test(diffs): narrow manifest validation results before value access

* test(tooling): allowlist diffs viewer-client define suppression
2026-07-06 00:34:17 +01:00
Peter Steinberger
f20159e240 perf(ci): accelerate gateway startup tests 2026-07-05 19:31:28 -04:00
Kevin Lin
9d2d517296 feat: publish plugins with extended-stable releases (#100448)
* feat(release): publish plugins on extended-stable

* feat(plugins): align extended-stable with core

* docs: explain extended-stable plugin alignment

* fix(release): make plugin convergence recoverable

* fix(plugins): preserve extended-stable fallback intent

* fix(release): keep plugin tag mutation credential-isolated
2026-07-05 16:16:26 -07:00
Peter Steinberger
a905eb42ac perf(test): skip fixture-only browser startup 2026-07-05 18:40:20 -04:00
Vincent Koc
c4a862ab53 fix(release): package legacy candidates without AI workspace (#100469) 2026-07-05 15:19:00 -07:00
Vincent Koc
13e5902578 fix(ci): keep release helper args historical 2026-07-05 22:18:09 +02:00
Vincent Koc
1408deede7 fix(ci): keep npm debug diagnostics best-effort 2026-07-05 22:18:09 +02:00
Vincent Koc
79f7d90cb9 fix(ci): satisfy changed-gate npm log lint 2026-07-05 22:18:09 +02:00
Vincent Koc
fdb112970f fix(ci): preserve cross-os candidate fallbacks 2026-07-05 22:18:09 +02:00
Vincent Koc
8a378fe84f fix(ci): honor npm logs-dir diagnostics 2026-07-05 22:18:09 +02:00
Vincent Koc
63257a2b0e fix(ci): scope package tarball runtime checks 2026-07-05 22:18:09 +02:00
Vincent Koc
035d9975a2 fix(ci): preserve npm install failure cause 2026-07-05 22:18:08 +02:00
Vincent Koc
0cd2bc474f fix(ci): bundle private AI runtime in release candidates 2026-07-05 22:18:08 +02:00
Vincent Koc
d5ac8555bf fix(ci): accept pnpm pack destination paths 2026-07-05 22:18:08 +02:00