* fix(acp): catch unhandled rejection from handleGatewayEvent in event callback
* fix(acp): catch unhandled rejection from handleGatewayEvent
* test(acp): add regression test for handleGatewayEvent error boundary
Verifies that when handleChatEvent throws, handleGatewayEvent catches the
error, logs it via this.log(), and does not reject.
* chore: remove committed PR body artifact
* fix(acp): contain rejected gateway events
* chore: defer ACP release note
* refactor(acp): simplify gateway rejection boundary
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* feat(ui): declutter the sidebar — pinned/chats groups, stable ordering, palette session search, titlebar brand in macOS app
- Sessions split into Pinned and Chats groups; pins are exempt from the
nine-row recency cap and the open session highlights in place instead of
hoisting to the top, so clicking a row no longer reshuffles the list.
- The command palette (Cmd+K) is the single search: it queries sessions
across agents server-side and lists matching chats next to nav commands;
the sidebar session-picker popover and its magnifier are removed, and the
topbar search pill shrinks to an icon button.
- The sidebar brand row is gone: web keeps the breadcrumb wordmark, and the
macOS app shows a compact brand mark in the native titlebar strip next to
the traffic lights (CSS-gated on the injected openclaw-native-macos class).
- The agent filter dropdown becomes a compact scope chip in the Chats group
header; the welcome badge drops its duplicate claw logo.
- Footer collapses to one icon row (status dot, settings, docs, pairing,
mobile theme switch); default pinned nav routes are now Overview-only and
the Recent-collapse preference is retired.
* test(ui): keep sidebar hover-reveal proof before the stability click; refresh locale metadata
Clicking the row leaves :focus-within on it, which keeps the management
actions visible; the hidden-actions assertion must run first.
* test(ui): archive an idle session in the sidebar e2e; assert running rows stay archive-disabled
* fix(ui): drop stale and hidden rows from palette session search
Invalidate the in-flight search and clear results on every query change so a
late-resolving previous-query request cannot leave stale rows selectable, and
run results through getVisibleSessionRows so archived/global/unknown/cron/
subagent rows stay hidden like the sidebar list. Codex review findings.
* fix(ui): over-fetch palette session search so hidden rows cannot starve visible matches
Exclude global/unknown rows server-side and fetch a full 50-row page before
applying the sidebar's hidden-row filter, keeping the 10-row display cap.
Codex review finding.
* chore(i18n): refresh sidebar locale metadata after rebase
* fix(ui): bound command palette session search
* docs: defer release notes to release generation
* fix(gateway): dedupe MCP schema conflict warnings
* fix(gateway): attribute MCP loopback schema warnings per tool
Key the loopback schema-warning dedupe on the full message (which now names
the tool as "<tool>.<field>") instead of the bare field name. Two different
tools that conflict on the same common field (action/id/type) each surface a
warning again, and the emitted line is attributable to a tool. Also route the
previously-un-deduped malformed-variant warning through the same helper so it
no longer floods on every rebuild.
* fix: preserve Bedrock live API providers
* fix: derive Bedrock smoke region from AWS config
* fix: honor Bedrock discovery region in smoke
* fix: keep Bedrock live smoke on Bedrock runtime
---------
Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
Second sweep: 13 cards from the openclaw.ai X showcase and Discord
maintainer channel — car negotiation, flight check-in, insurance
claim, Idealista skill, tokenomics cost tracker, Excalidraw
diagrams, GA4 skill, X post pipeline, lab results to Notion,
Pebble Ring voice, creator media studio, HomePod skill, holo cube,
macOS menu bar app — plus a Related link to the full X showcase.
oxfmt 0.57.0 --check passed; hook bypassed (no node_modules in
worktree).
Xcode syncs the iOS project supergraph pins (ElevenLabsKit, WebRTC, cmark,
swift-markdown) into the local swabble package's Package.resolved on every
resolve, leaving permanent dirty-worktree noise. Match the existing
OpenClawKit convention: ignore the file. Reproducibility is unaffected -
swabble's only runtime dependency is exact-pinned (Commander 0.2.2) and CI
cache keys hash Package.swift + Sources, not this file.
Adds 12 community cards sourced from Discord (#skills, #general,
shell-society) and the web: Dropage deploy, anti-scam URL checker,
product-design skill trio, miab-broker, lite-mode, ClawEval,
Music Craft, gardening back office, Obsidian second brain,
family history bot, Action Button walkie-talkie, and Clinch.
All links verified live; oxfmt 0.57.0 --check passed (worktree
lacks node_modules, hook bypassed after proof).
* fix(browser): preserve HTTP status in node-proxied browser errors
The node browser proxy (runBrowserProxyCommand) collapsed a >=400 browser-route
response into new Error(<body.error>), dropping the HTTP status. That error
crosses the node.invoke boundary as a plain string (Error properties are not
preserved over the RPC), so the gateway's stale-target retry classifier — which
keys off a leading <status>: token (msg.includes("404:") && msg.includes("tab
not found")) — never matches a node-proxied "tab not found". The drop-targetId
retry never fires and the stale-targetId error surfaces to the agent instead.
Prefix the status onto the message ("404: tab not found", "403: action
targetId must match request targetId") so the existing gateway classification
and retry work through the node proxy. Pure formatting change in the >=400
branch; validation/timeout error paths are untouched.
Tests: extensions/browser invoke-browser suite — 14/14 pass.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* fix(browser): harden node proxy status errors
* docs(changelog): credit browser proxy status fix
* chore: defer browser proxy release note
---------
Co-authored-by: rhclaw <260109027+rhclaw@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(agents): terminal-abort coverage beyond #87085's isTerminalAbort (closes#60388)
PR #87085 landed the base isTerminalAbort(signal) check (TimeoutError /
ClientDisconnectError on signal.reason) plus abortSignal threading through
the model-fallback and chat-side callers. This change adds the coverage that
PR #87085 did not include:
- ClientDisconnectError class + wiring in http-common.ts so the
reason.name === "ClientDisconnectError" branch PR #87085 added is actually
reachable (upstream watchClientDisconnect still aborts bare).
- cron run-budget string reasons (prefix match) — cron timer aborts with a
plain string, which the Error-only base check skips.
- .cause-chain walking + isTerminalAbortFromError gated on the
OPENCLAW_ABORTABLE_WRAPPER marker, for the embedded run-budget timer that
aborts a private controller (not the caller signal).
- compaction-path abortSignal forwarding (compactEmbeddedPiSessionDirect).
- timedOutByRunBudget plumbing through attempt/failover-policy/assistant-failover
so run-budget timeouts skip the fallback chain and wasted compaction.
* fix(agents): preserve wrapped restart aborts
* refactor: dedupe terminal abort classification
---------
Co-authored-by: Altay <altay@hey.com>
* fix(cron): use direct lookup instead of paginated search in cron edit
* fix(test): update cron-cli tests to mock cron.get and remove obsolete pagination checks
* fix(cron): preserve edit compatibility with older gateways
* fix(cron): preserve legacy lookup error cause
---------
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
* fix(cron): accept null fallbacks in cron update patch payload
createCronPatchObjectSchema passes nullableStringArraySchema for model and
toolsAllow, but fallbacks was still hardcoded as a non-nullable array in
cronPayloadObjectSchema, rejecting null clears before they reach the
Gateway service layer.
Switch fallbacks to a parameter so the patch context can pass the nullable
variant, matching the existing pattern for model and toolsAllow.
Fixes#100707
Co-Authored-By: Claude <noreply@anthropic.com>
* test(cron): cover model+fallbacks null clear in patch schema test
---------
Co-authored-by: Claude <noreply@anthropic.com>
Gateway (additive, no protocol version bump): SessionEntry gains
lastReadAt/markedUnreadAt/lastActivityAt; session rows expose a derived
unread flag (explicit mark, or last read before latest activity; never-read
sessions stay read so upgrades do not light up). lastActivityAt is stamped
in the canonical post-run store update - user, channel, and cron runs count
as activity; heartbeat, internal-event, and preserved-state runs do not.
sessions.patch gains unread; sessions.create gains fork (transcript fork
from parentSessionKey under the parent lifecycle lock, refusing active,
concurrently-changed, and oversized parents, cross-agent aware).
Web sidebar: Pinned/custom-group/Ungrouped sections, unread dots, kebab and
right-click context menu (pin, mark unread/read, rename, fork, move to group,
archive, delete guarded for agent main sessions and active runs), mark-read
on view with loop-safe re-acknowledgement and failure retry; sessions page
gets unread + fork actions and shared custom-group helpers.
iOS Command Center: grouped sections, unread/pin indicators, Show Archived
gated on per-entry state, full context menu with rename/new-group alerts and
delete confirmation, current-session preview guarantee, read-episode
re-acknowledgement; new patch/delete/fork transport calls; Swift protocol
models regenerated.
Android SessionsScreen: grouped headers, unread/pin indicators, Archived
filter gated on per-entry state, long-press menu with the full control set,
agent-scoped forks, explicit label/category clears from session events,
main-session fallback when archiving/deleting the open chat, read-episode
re-acknowledgement with failure retry.
Closes#100739