Commit Graph

2381 Commits

Author SHA1 Message Date
Peter Steinberger
6df0fb818d feat: add session thread management (#98510)
* feat: add session thread management

Squash of codex/thread-management (025aefc3ad1) onto origin/main:
pin/archive/rename sessions via sessions.patch, archived-aware
sessions.list, lifecycle fencing, read-only archived chat, SDK +
Swift protocol support, Control UI session management.

* refactor(ui): minimal session rows with hover-revealed management

Chat picker and sidebar recents share session-row primitives: single-line
rows, relative timestamps, rename/archive/pin revealed on hover or focus,
accent pin badge for pinned rows, and an active-run spinner in the trail
slot. Sidebar floats pinned sessions above recency via the shared
comparator and gains archive/pin actions through the unified sessions-view
patch fallback. Archive eligibility is one shared policy
(canArchiveSessionRow); the sidebar/picker active-run tooltip now uses the
real sessionsView.activeRun locale key.

* fix: align session admission with mailbox-era main

Integration fixes after rebasing onto current main: sessions_list mailbox
test expectations learn the archived/pinned row fields and archived:false
list param; gateway agent admission treats a session as deleted only when
both the requested and canonical alias sets miss it (legacy bare-main
stores and exec-approval followups read under different spellings); cron
persist tests keep a consistent store across claim-guarded persist calls;
the ACP abort hook test asserts abort propagation instead of signal
identity; drop dead lifecycle writes flagged by no-useless-assignment and
fix the promise-executor return in the codex compact test.

* fix(qa): align UI e2e and shard fixtures with redesigned session rows

Sidebar session rows are wrapper divs with an inner link now: update the
navigation browser tests and chat-flow Playwright selectors. Seed a real
per-test session store for the auto-fallback admission guard instead of
depending on leftover host files at /tmp/sessions.json. Teach the
test-projects routing fixture about the suites that newly import the
shared temp-dir helper. Document the Codex thread-format contract for
archivedAt/pinnedAt (flag derived from server-stamped timestamp, epoch ms
here vs Codex epoch seconds) at the type and in the session docs.

* test: route auto-fallback suite through temp-dir helper plans

The auto-fallback suite now imports the shared temp-dir helper for its
seeded session store, so the top-level helper routing fixture must list
it in the auto-reply plan.
2026-07-04 14:30:47 -04:00
Peter Steinberger
49cc59b1e8 refactor: consolidate markdown code fences, error coercion, and byte-identical helper pairs (#99932)
* refactor(shared): add markdown code span/fence helpers and migrate seven call sites

* refactor(normalization-core): add canonical toErrorObject and migrate six copies

* refactor: consolidate byte-identical helper pairs onto owner modules

* refactor: reuse canonical path and token helpers in session tools and credentials

* refactor(packages): dedupe compaction summarization tail and session dir parsing

* fix(security): keep missing extensions dir silent in shared plugin dir lister

* refactor: reuse media-core chunk reader and shared dreaming session key helper

* fix(plugins): register error-coercion subpath in sdk alias table

* chore(plugin-sdk): re-pin callable export count after rebase

* chore(plugin-sdk): re-pin callable export count after rebase
2026-07-04 08:40:41 -04:00
Peter Steinberger
be95bb72d4 refactor: consolidate core stream cleanup, watchdog locality, and approval text duplication (#99901)
* refactor(infra): share guarded body-stream cleanup across fetch consumers

* refactor(agents): extract shared runtime model locality for llm watchdogs

* refactor(auto-reply): share exec approval route resolution between command handlers

* refactor(plugin-sdk): share approval reaction hint text helpers

* refactor(plugin-sdk): share planned migration target resolution

* refactor(infra): use canonical sleep helper in backup retry

* docs(plugins): mention shared migration targets and reaction hint helpers

* chore(plugin-sdk): pin surface budgets for reaction hint and migration target helpers
2026-07-04 02:08:35 -07:00
Peter Steinberger
eafe2a8d0b refactor: consolidate duplicated plugin state and doctor migration plumbing onto SDK seams (#99850)
* refactor(plugin-sdk): add createPersistentDedupeCache and migrate channel presence caches

* refactor(matrix): adopt SDK approval reaction target store

* refactor(plugin-sdk): share doctor legacy-state migration fs helpers

* refactor(memory-core): dedupe qmd cache entry envelope validation

* chore(plugin-sdk): pin surface budgets for shared dedupe and doctor helpers

* test(matrix): use future approval expiry fixtures for reaction targets

* test(matrix): use future approval expiry fixtures for reaction targets
2026-07-04 01:51:03 -07:00
xingzhou
741d9524be fix: outbound recovery can replay already sent replies (#99600)
* fix(outbound): avoid replaying sent recovery deliveries

* fix(outbound): persist recovery send state before ack

Co-authored-by: zhang-guiping <zhang.guiping@xydigit.com>

* fix(outbound): preserve partial send evidence across adapters

* test(line): cover multi-send delivery progress

* fix(outbound): preserve repeated receipt result multiplicity

* test(heartbeat): expect delivery progress callback

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 01:09:12 -07:00
Dallin Romney
80d129212c refactor: consolidate deferred promise construction (#99755) 2026-07-03 19:55:00 -07:00
Dallin Romney
7b2c51573f refactor: consolidate free-port test helpers (#99771) 2026-07-03 19:53:43 -07:00
Dallin Romney
febc70036f refactor: consolidate exact boolean coercion (#99750)
* refactor: consolidate exact boolean parsing

* test: fix normalization subpath resolution

* fix: resolve normalization boolean subpath
2026-07-03 19:42:06 -07:00
Dallin Romney
c7aca4f029 refactor: consolidate async timing helpers (#99721) 2026-07-03 17:58:15 -07:00
Alex Knight
342d13a914 fix(plugins): resolve public artifacts from installed plugin roots (#98819)
* fix(plugins): resolve public artifacts from installed plugin roots

Externalized official plugins ship gateway-auth/doctor/secret/message-tool
public artifacts in their installed npm package, but the public-surface
loader only searched bundled locations. On packaged installs this emptied
the gateway auth bypass set for /api/channels/mattermost/command, so every
Mattermost slash callback was rejected 401 before the plugin ran.

Fall back to the plugin's installed package root (install-record index)
when bundled resolution misses; bundled/source locations keep precedence.

Fixes #98740

* fix(gateway): resolve channel auth-bypass artifacts via activation-gated facade

Route gateway-auth bypass artifact loading through the activation-gated
facade seam so externalized (installed) channel plugins keep their
unauthenticated callback paths, while denied/disabled plugins contribute
nothing and never execute artifact code. Reject hardlinked artifacts for
installed plugin roots in the facade loader per hardlink-policy.

Replaces the earlier install-record fallback in the shared bundled
artifact loader, which broadened every artifact surface past its trust
boundary (see PR review); other externalized-plugin surfaces are #98842.

Fixes #98740

* fix(gateway): load facade activation runtime via async lazy import

The sync createRequire/jiti candidate loader for
facade-activation-check.runtime.js only resolves from built dist; under
vitest source runs it cannot follow .js->.ts specifiers or workspace
package subpaths, so the gateway auth-bypass path threw 'Unable to load
facade activation check runtime' (CI shard failure). Add an async
activated-load API backed by dynamic import (vitest- and dist-native),
warm the shared runtime memo, and make the bypass consumer async - its
single caller already awaits behind the config-snapshot promise cache.

* revert(plugins): drop install-record fallback from public-surface loader

Superseded by the activation-gated facade seam in gateway-auth-bypass;
review found the loader-level fallback broadened every artifact surface
past its trust boundary (see PR #98819 discussion).

* fix(plugin-sdk): drop unused oxlint disable on async facade loader

* test(plugin-sdk): cover facade hardlink policy for installed vs core roots

* test(plugin-sdk): cover facade hardlink policy for installed vs core roots

---------

Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>
2026-07-04 10:57:42 +10:00
Dallin Romney
00b7eac5c3 refactor: consolidate number coercion callers (#99671)
* refactor: consolidate number coercion callers

* fix: stabilize plugin sdk surface resolution
2026-07-03 16:24:43 -07:00
Ayaan Zaidi
3ad465d32b fix(telegram): persist ambient transcript rows
Persist room-event observations as durable bare user transcript rows and carry an ambient transcript watermark through session state so Telegram chat windows only include the unpersisted gap.

Fixes #99257
2026-07-02 19:01:22 -07:00
Dallin Romney
b98c11a46e refactor(shared): consolidate gateway and stateful runtime lazy loaders (#99296) 2026-07-02 18:43:14 -07:00
Dallin Romney
e701dc76b0 test(qa): prove native command targeting across QA transports (#98751)
* QA: prove native command session targeting

* QA: remove superseded native stop e2e

* test(qa): run native commands through Crabline Telegram

* chore(deps): scope Crabline release exception

* test(qa): retain native stop queue cleanup regression
2026-07-02 16:51:30 -07:00
Ayaan Zaidi
568be74e15 fix(auto-reply): trim inbound prompt metadata
Merge sender identity into conversation info, remove duplicate per-turn delivery hints, demote inbound metadata heading, keep room-event default-silent guidance singular, strip rendered chat-window context on replay, and refresh prompt snapshots.
2026-07-02 16:05:49 -07:00
Ted Li
b67df3797a fix(telegram): explain disabled plugin approval failures (#95973)
* fix: explain disabled Telegram plugin approvals

* fix: handle disabled Telegram native plugin approvals

* fix: resolve exec approval surface independently

* fix: tie plugin approval setup guidance to plugin surface

* Revert "fix: tie plugin approval setup guidance to plugin surface"

This reverts commit 34e3c10e23.

* fix: gate plugin approval setup guidance

* fix: gate plugin approval availability by delivery

* fix: preserve plugin approval approver auth

* fix: make plugin setup guidance explicit

* test: trim approval guidance proof radius

* Avoid setup guidance on routed approval timeout

* Carry plugin approval delivery route into timeouts

* Keep turn-source approval route visible

* fix(approvals): prefer delivered approval clients

* fix(approvals): prefer delivered approval clients

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-02 14:15:25 -07:00
Ayaan Zaidi
59a6240dae fix(auto-reply): default room events to silence 2026-07-02 09:12:35 -07:00
Ayaan Zaidi
53fe2e4bc3 refactor(auth): simplify codex login follow-up 2026-07-01 11:16:49 -07:00
Josh Lehman
bde0e4541e refactor: share codex login flow helpers 2026-07-01 11:16:49 -07:00
Eva
af8a4540ed Address Codex login review feedback 2026-07-01 11:16:49 -07:00
Eva
918612513f Use nondeprecated provider auth SDK path 2026-07-01 11:16:49 -07:00
Eva
72653b600c Narrow Codex login SDK export 2026-07-01 11:16:49 -07:00
Eva
77edfe7414 Add Telegram Codex login pairing 2026-07-01 11:16:49 -07:00
VectorPeak
fbceb309e7 fix(media): normalize Windows inbound paths case-insensitively
* fix Windows inbound media path casing

* test: cover Windows inbound path casing

* test(plugin-sdk): cover media runtime inbound path casing
2026-07-01 03:53:54 -07:00
Josh Avant
ba5244c189 fix: advertise route-aware LAN Control UI links (#98482)
* Route LAN pairing URLs by default route

* Advertise route-aware LAN Control UI links

* Fix route-aware LAN test mocks

* Narrow advertised LAN SDK export
2026-07-01 04:02:12 -05:00
snowzlmbot
b63e06f68a fix(llm): preserve structured tool result replay
Preserve structured tool-result replay text across provider transports while keeping provider-facing redaction and Anthropic media ordering intact.

Thanks @snowzlmbot!
2026-06-30 23:44:02 -07:00
Peter Steinberger
c52583a022 feat(openai): add GPT-5.6 series support (#98333)
* feat(openai): add GPT-5.6 series support

* docs: refresh map for GPT-5.6

* fix(openai): preserve GPT-5.6 thinking metadata

* fix(codex): sync managed app server version

* fix(codex): sync managed app server version

* fix(openai): account for GPT-5.6 cache writes

---------

Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
2026-07-01 06:48:57 +01:00
Marvinthebored
b3b51b0c91 fix(anthropic): surface Discord pre-tool commentary
Route Anthropic pre-tool narration through the commentary progress lane, preserve shared channel progress defaults, and keep Discord/Telegram reasoning gates explicit.

Thanks @Marvinthebored!
2026-06-30 18:12:07 -07:00
pick-cat
169acd1e4e fix(plugin-sdk): guard legacy dedupe JSON parse against malformed files (#98125) 2026-06-30 09:56:20 -07:00
Momo
db2488b6e3 fix(memory): record structured dreaming outcomes (#97723)
Summary:
- Merged fix(memory): record structured dreaming outcomes after ClawSweeper review.

Automerge notes:
- PR branch already contained follow-up commit before automerge: chore(plugin-sdk): update surface budgets

Validation:
- ClawSweeper review passed for head 9fa7d20a96.
- Required merge gates passed before the squash merge.

Prepared head SHA: 9fa7d20a96
Review: https://github.com/openclaw/openclaw/pull/97723#issuecomment-4831902831

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
2026-06-29 11:23:38 +00:00
Vincent Koc
0392ff7242 fix(test): remove duplicate provider HTTP mock export 2026-06-28 21:44:50 -07:00
wangmiao0668000666
238398e331 fix(video-generation): bound DashScope JSON response reads 2026-06-28 21:33:09 -07:00
Omar Shahine
9b9a124cc5 Fix Codex message-tool-only source reply completion (#95942)
* fix(codex): recognize message tool source replies

* fix(codex): accept numeric source message ids

* fix(codex): account for source reply SDK surface

* fix(codex): require delivered reply receipts

* fix(codex): reject alias-routed source replies

* fix(codex): require delivered non-send telemetry

* fix(codex): honor normalized source routes

---------

Co-authored-by: Omar Shahine <10343873+omarshahine@users.noreply.github.com>
2026-06-28 12:02:36 -07:00
Josh Lehman
b5e9179063 docs: deprecate legacy session file helpers (#97494)
* docs: deprecate legacy session file helpers

* docs: update sdk deprecation budgets
2026-06-28 07:33:34 -07:00
xingzhou
4d292caaa4 fix(plugin-sdk): follow paginated live model catalogs (#97012)
* fix(plugin-sdk): follow paginated live model catalogs

* fix(plugin-sdk): bound paginated live catalog discovery

* fix(plugin-sdk): reject incomplete live catalog pagination

* fix(plugin-sdk): resolve live catalog next links after redirects

* fix(plugin-sdk): preserve redirect auth boundary in catalog pagination
2026-06-28 10:08:36 -04:00
Bek
9c95abd49d fix: seed Slack thread context after reset (#97100) 2026-06-28 02:36:53 -04:00
mushuiyu886
5ccfc97b31 fix(google): bound TTS success JSON response reads (#96984) 2026-06-27 07:00:36 -07:00
Peter Steinberger
56259606d1 fix(agent-core): ignore truncated tool calls (#97140)
* fix(agent-core): ignore truncated tool calls

Co-authored-by: Galin Iliev <5711535+galiniliev@users.noreply.github.com>

* fix(agent-core): require explicit tool-call terminals

---------

Co-authored-by: Galin Iliev <5711535+galiniliev@users.noreply.github.com>
2026-06-27 03:31:42 +01:00
Bek
9636bea901 perf(memory): add QMD search diagnostics and runtime cache (#96655) 2026-06-26 16:16:12 -04:00
NIO
527f8f0cbb fix(image-gen): bound image generation provider JSON response reads (#96495)
* fix(image-gen): bound image generation provider JSON response reads

Route success JSON reads through readProviderJsonResponse (16 MiB cap)
in openrouter, google, fal, minimax, openai, and vydra image generation
providers to prevent OOM from oversized or hostile endpoint responses.
Mirrors the response-limit campaign already applied to other provider paths.

AI-assisted.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(image-gen): size bounded JSON caps for inline image payloads

Signed-off-by: sallyom <somalley@redhat.com>

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: sallyom <somalley@redhat.com>
2026-06-26 07:08:30 -04:00
Renaud Cerrato
95b97e5b0b fix(exec): fail invalid explicit workdir before running (#94441)
* fix(exec): fail invalid explicit workdir before running

* test(exec): tighten invalid workdir regression

* fix(exec): clarify invalid workdir recovery

* refactor(exec): centralize workdir resolution

* test(exec): update invalid workdir assertion

* fix(exec): harden backend workdir contract

* fix(exec): map missing backend host workdirs

* fix(exec): reject control commands before workdir prep

* fix(exec): defer env hook until backend cwd validation

* chore(sdk): refresh plugin api baseline

* test(agents): drop redundant definition assertions

* test(exec): use real config workdirs

* test(exec): use tracked temp dirs

* test(openshell): keep temp setup local

* test: update temp-dir route fixture

---------

Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
2026-06-26 08:02:00 +10:00
joshavant
0a14444924 Bound successful provider response reads 2026-06-24 19:08:22 -05:00
Josh Lehman
fab0048d7b fix: preserve plugin maintenance config compatibility 2026-06-24 13:42:39 -07:00
Josh Lehman
070996e5c3 fix: keep model-run pruning internal 2026-06-24 13:42:39 -07:00
wanglu241
af8cd23f17 fix(sessions): keep plugin SDK maintenanceConfig backward-compatible
The model-run maintenance fields (modelRunPruneAfterMs from #88632 base work,
modelRunPruneAfterConfigured from the pressure-gating fix) were required on the
resolved maintenance config exposed to plugins via patchSessionEntry's
maintenanceConfig. External plugin TypeScript callers that construct a
pre-#88632 maintenanceConfig would fail to compile.

Make both fields optional on ResolvedSessionMaintenanceConfig (and the runtime
type), so old-shape plugin configs keep compiling. All internal readers already
treat an absent value as unset: shouldRunModelRunPrune returns false when
modelRunPruneAfterMs == null and modelRunPruneAfterConfigured is falsy, so a
plugin-supplied config without the fields runs no model-run pruning — the
pre-#88632 behavior. The resolver still always populates both fields, so normal
runtime behavior is unchanged. Add an old-shape maintenanceConfig SDK
regression test.
2026-06-24 13:42:39 -07:00
wanglu241
fc198d862a Gate default model-run session pruning 2026-06-24 13:42:39 -07:00
Shakker
c561319708 test: centralize plugin temp home env 2026-06-24 20:14:51 +01:00
Josh Lehman
4d4769c0d6 refactor(path3): narrow bundled session runtime barrels (#96507) 2026-06-24 10:33:40 -07:00
Ayaan Zaidi
f1e38f2ed6 fix(telegram): narrow rich table alignment surface 2026-06-24 06:41:38 -07:00
张贵萍0668001030
77eb0fdbaa fix(telegram): preserve rich table styling 2026-06-24 06:41:38 -07:00