Commit Graph

4853 Commits

Author SHA1 Message Date
Vincent Koc
b3db79929f fix(test): preflight targeted UI e2e (#100950) 2026-07-06 07:46:08 -07:00
SunnyShu
a98a64649e fix(cron): accept null fallbacks in update patch payload (#100707) (#100801)
* fix(cron): accept null fallbacks in cron update patch payload

createCronPatchObjectSchema passes nullableStringArraySchema for model and
toolsAllow, but fallbacks was still hardcoded as a non-nullable array in
cronPayloadObjectSchema, rejecting null clears before they reach the
Gateway service layer.

Switch fallbacks to a parameter so the patch context can pass the nullable
variant, matching the existing pattern for model and toolsAllow.

Fixes #100707

Co-Authored-By: Claude <noreply@anthropic.com>

* test(cron): cover model+fallbacks null clear in patch schema test

---------

Co-authored-by: Claude <noreply@anthropic.com>
2026-07-06 06:48:00 -07:00
Onur Solmaz
f41e3b14d2 chore(cli): cover HF local app flow (#100887)
* test(cli): cover HF local app flow

* test(cli): isolate HF local app auth fixture
2026-07-06 15:25:30 +02:00
Peter Steinberger
876ab9bb0b feat(android): add chat message actions (#100879)
* fix(android): add chat message actions

* chore(android): sync native i18n inventory

* fix(i18n): collect Android action labels

* fix(i18n): preserve Android placeholders
2026-07-06 13:50:16 +01:00
Vincent Koc
56fe5d0459 fix(release): skip loader lifecycle scripts on Windows 2026-07-06 04:57:57 -07:00
Peter Steinberger
f53346944d feat: correlate native search outcomes in audit history (#98704)
* feat: correlate native search outcomes in audit history

Metadata-only audit ledger for agent runs and tool actions in the shared
state DB: stable event identity, closed action/status/error vocabularies,
one-way-hashed tool-call ids, never-inferred terminal outcomes for native
web-search (explicit completed/failed only; otherwise unknown), bounded
retention, audit.list gateway RPC and openclaw audit CLI. Squashed from
the 82-commit audit stack for replay onto current main.

* feat(audit): add audit.enabled config gate (default on)

The metadata-only audit ledger records by default: an audit trail enabled
only after an incident cannot explain the incident, and the rows are
strictly less sensitive than the transcripts every install already
stores. audit.enabled=false stops new writes at the gateway subscription
seam; audit.list and openclaw audit keep serving existing records until
they expire. Documented in the configuration reference, protocol page,
and CLI reference.

* fix: repair full-matrix CI findings after rebase

- break the dynamic-tools/dynamic-tool-execution import cycle by
  extracting resolveCodexToolAbortTerminalReason into a leaf module
- restore main's session-worktree protocol exports lost in the
  index.ts auto-merge
- register the audit event writer worker as a knip entry point
- docs table formatting; subagent wait-cancellation test scoped to its
  audit intent (outcome + timing) and advanced past main's new
  lifecycle-timeout retry grace
2026-07-06 12:30:12 +01:00
Vincent Koc
96e676c2b3 fix(release): hydrate fresh Anthropic OAuth access 2026-07-06 04:20:58 -07:00
Huang Wanjia
8f2986290d fix: silence heartbeat notify=false fallback replies (#100735)
* fix(heartbeat): consume trailing notify=false fallback marker

* fix(heartbeat): keep notify=false marker fully silent

---------

Co-authored-by: martin <huangtongxuedev@outlook.com>
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-06 03:50:54 -07:00
Vincent Koc
cbf9acff37 fix(release): reuse setup-token for Anthropic live checks 2026-07-06 03:46:22 -07:00
Vincent Koc
fa70403403 fix(release): isolate Claude ACP subscription auth 2026-07-06 02:58:59 -07:00
Vincent Koc
c42ef8b267 fix(release): harden Claude CLI live probe 2026-07-06 02:52:24 -07:00
Vincent Koc
c9abc75884 refactor: remove dead code and consolidate repeated paths (#100650)
* refactor(search): reuse provider setup finalizer

* refactor(android): remove unused helpers

* refactor(apps): remove unused Swift declarations

* refactor(diagnostics): reuse private reply delivery

* refactor(memory): reuse raw short-term store writer

* refactor(logbook): reuse batch row mapping

* refactor(scripts): centralize oxlint format policy

* refactor(memory): share qmd cache context hashing

* refactor(doctor): share auth issue classification

* chore(i18n): refresh native source inventory
2026-07-06 02:24:37 -07:00
Vincent Koc
65131633a1 fix(ci): tolerate periphery comment permission denials 2026-07-06 11:18:58 +02:00
Vincent Koc
d9a2b7c6a9 fix(pr-gates): reject normal root changelog edits 2026-07-06 11:09:49 +02:00
Vincent Koc
0c38082c6d fix(maint): use canonical hosted gate verifier 2026-07-06 01:18:19 -07:00
Vincent Koc
23f492fcaf test(release): cover pinned Claude CLI install 2026-07-06 00:41:41 -07:00
Glen - I am an OpenClaw+Codex bot
23998a148f fix(build): fall back to tsx for build TypeScript scripts (#91262)
* fix(build): fall back to tsx for build TypeScript scripts

* fix(build): use tsx across TypeScript build scripts

---------

Co-authored-by: Steffen Moeller <moeller@debian.org>
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-06 06:55:20 +00:00
Peter Steinberger
5d9cec16f3 fix(maint): reuse recent hosted gates after rebase (#100663)
* fix(maint): reuse recent hosted gates after rebase

* fix(maint): preserve whitespace in gate fingerprints
2026-07-06 07:43:03 +01:00
Sebastien Tardif
0d6a1dcb53 fix(install): trap SIGINT so Ctrl+C exits cleanly during upgrade doctor (#76386)
* style: restore exec approval e2e formatting

* fix(install): trap SIGINT so Ctrl+C exits cleanly during upgrade doctor

Three changes to fix the install script's Ctrl+C handling:

1. Add INT/TERM signal traps that clean up temp files and exit with
   the correct signal exit codes (130 for SIGINT, 143 for SIGTERM).

2. Preserve signal exit codes (>128) through run_quiet_step so the
   doctor path can distinguish user cancellation from normal errors.
   Non-signal failures still return 1, preserving existing caller
   semantics for all other installer steps.

3. Fix guardCancel in onboard-helpers.ts: exit(0) changed to exit(1)
   so Clack prompt cancellation (Escape/Ctrl+C) is treated as failure,
   not success. This prevents the installer from continuing with plugin
   updates after the user explicitly cancelled.

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

* fix(install): abort dashboard launch on doctor cancellation

When a user cancels the interactive upgrade-doctor prompt (Clack
cancellation exits 1, SIGINT exits 130), clear should_open_dashboard
so the installer does not launch a dead dashboard after an incomplete
upgrade.

Also propagate non-zero exit from run_doctor() so the non-interactive
upgrade path correctly skips dashboard launch on failure.

* fix: guard every run_doctor caller and add focused tests

The existing-config path called run_doctor without checking its return
value, so a failed or cancelled doctor would still launch the dashboard.
Now both run_doctor call sites guard the return value with if-then.

Adds focused tests verifying: every run_doctor caller is guarded,
dashboard flag is cleared on doctor failure, signal exit codes
propagate through run_quiet_step, and SIGINT (exit 130) triggers
abort_install_int.

* retrigger proof check

* fix: exit 130 on Clack cancellation so installer treats it as SIGINT

guardCancel now exits with 130 (SIGINT convention) instead of 1. When
the user presses Ctrl+C at an interactive doctor prompt, the installer
sees doctor_exit=130 and calls abort_install_int, aborting cleanly
instead of continuing after exit 1.

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

* fix: narrow exit 130 to doctor-prompter path only

Revert guardCancel to exit 0 by default (matching main) and pass
exit code 130 only from doctor-prompter where the installer needs
to distinguish user cancellation from normal failures.

This preserves the existing cancellation behavior for configure,
wizard, gateway, and daemon prompts while keeping the SIGINT
convention for the installer's doctor subprocess.

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

---------

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 06:19:44 +00:00
Peter Steinberger
2559c92a25 perf(test): reuse unit-fast discovery analysis 2026-07-06 02:15:32 -04:00
Vincent Koc
7b6b39e0f8 fix(ci): keep full Anthropic Docker proof advisory 2026-07-05 23:01:01 -07:00
Sulaga
2b51c255f8 feat(tencent): add Tencent Hy3 provider (TokenHub and TokenPlan) (#99076)
Summary:
- Merged feat(tencent): add Tencent Hy3 provider (TokenHub and TokenPlan) after ClawSweeper review.

Automerge notes:
- Ran the ClawSweeper repair loop before final review.
- Included post-review commit in the final squash: fix(tencent): preserve TokenHub auth compatibility
- Included post-review commit in the final squash: refactor(tencent): unify TokenPlan env/flag naming with TokenHub
- Included post-review commit in the final squash: docs: refresh Tencent provider docs metadata
- Included post-review commit in the final squash: fix: allow TokenPlan provider config overlays
- Included post-review commit in the final squash: docs: dedupe Tencent provider glossary labels
- Included post-review commit in the final squash: fix(tencent): repair TokenHub model defaults

Validation:
- ClawSweeper review passed for head 30c9fc130f.
- Required merge gates passed before the squash merge.

Prepared head SHA: 30c9fc130f
Review: https://github.com/openclaw/openclaw/pull/99076#issuecomment-4888527271

Co-authored-by: leisang <leisang@tencent.com>
Co-authored-by: Mason Huang <masonxhuang@tencent.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Approved-by: hxy91819
2026-07-06 04:29:48 +00:00
Gorkem Erdogan
39916560e4 improve(auto-reply): render chat history since last reply as per-message prose (#100366)
* fix(auto-reply): render chat history since last reply as per-message prose

The inbound chat-history block dumped batched history as a raw JSON array, which models read poorly compared to the chat-window block's per-message prose. Reuse the existing formatChatWindowMessage renderer for history entries so both blocks share one shape, keep the untrusted framing label, and keep media rendered as a bare content-type tag so local paths and URLs stay redacted. Teach the metadata stripper to consume the new prose block form.

* fix(auto-reply): preserve every media content type in chat-history prose

The prose chat-history renderer only forwarded the first attachment's
content type per history message, dropping the rest for entries with
multiple media items. Join all bounded content types instead, and
regenerate the prompt snapshot fixture this changes.

* test(qa-lab): accept prose pending history

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 03:59:29 +01:00
Peter Steinberger
fdc9aa82d7 feat(cron): declarative jobs with owner attribution and richer status (#100480)
Adds scope-local declaration-key convergence, immutable owner attribution, richer status projection, and delivery validation to canonical cron jobs.

Supersedes the #98727 routines registry approach; no parallel registry, RPC namespace, or CLI noun.
2026-07-06 03:35:26 +01:00
Tyler Nishida
2db5bd3394 feat(ios): refresh onboarding setup flow (#98868) 2026-07-05 21:38:54 -04:00
Peter Steinberger
95f12178a7 perf(ci): shorten stalled gateway retry 2026-07-05 20:40:16 -04:00
Peter Steinberger
c9349d1fb4 fix(build): make tsdown configs self-contained (#100499)
Co-authored-by: Peter Steinberger <steipete@openai.com>
2026-07-06 01:06:02 +01:00
Peter Steinberger
2ded26a5d6 fix(diffs): share SSR preloads and repair language-pack hydration (#100487)
* fix(diffs): share SSR preloads and repair language-pack hydration

Render viewer and file documents from a single @pierre/diffs SSR preload
per file (mode=both previously ran the full diff+highlight pipeline
twice; 651ms -> 303ms on an 8-file patch), apply the file-mode font bump
as a document-level override, and keep hydration payloads
variant-faithful.

Fix the language-pack runtime downgrading pack-only languages to plain
text at hydration by defining a per-target build flag and forwarding it
to payload normalization.

Also: case-insensitive language hints, identical before/after
short-circuit with details.changed, patch input failures classified as
tool input errors, canonical config values now win over deprecated
aliases, hash-pinned viewer runtime served immutable, truthful
browser-vs-render errors, timing-safe artifact token compare, unref
idle browser timer.

* docs(changelog): link diffs rendering entry to PR

* test(diffs): narrow manifest validation results before value access

* test(tooling): allowlist diffs viewer-client define suppression
2026-07-06 00:34:17 +01:00
Peter Steinberger
f20159e240 perf(ci): accelerate gateway startup tests 2026-07-05 19:31:28 -04:00
Kevin Lin
9d2d517296 feat: publish plugins with extended-stable releases (#100448)
* feat(release): publish plugins on extended-stable

* feat(plugins): align extended-stable with core

* docs: explain extended-stable plugin alignment

* fix(release): make plugin convergence recoverable

* fix(plugins): preserve extended-stable fallback intent

* fix(release): keep plugin tag mutation credential-isolated
2026-07-05 16:16:26 -07:00
Peter Steinberger
a905eb42ac perf(test): skip fixture-only browser startup 2026-07-05 18:40:20 -04:00
Vincent Koc
c4a862ab53 fix(release): package legacy candidates without AI workspace (#100469) 2026-07-05 15:19:00 -07:00
Kevin Lin
5fdaa04eca feat(qa-lab): add Codex Slack approval scenarios (#91519)
* feat(qa-lab): add codex slack approval scenarios

* fix(qa-lab): harden Codex Slack approval proof

* fix(qa-lab): validate Codex approval model

* test(qa-lab): verify approved Codex operation

* fix(qa-lab): normalize Slack QA account routing

* fix(qa-lab): read Codex tool result transcripts

* fix(qa-lab): harden Codex approval cleanup

* fix(qa-lab): support Codex Mantis checkpoints

* fix(qa-lab): repair Mantis pnpm bootstrap

* fix(qa-lab): normalize Codex tool result text

* fix(qa-lab): scope Mantis pnpm fallback

* fix(qa-lab): bootstrap pinned pnpm without npm

* fix(qa-lab): terminate pnpm metadata record

* fix(qa-lab): bootstrap official node for mantis

* fix(qa-lab): make mantis pnpm shim executable

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 22:47:18 +01:00
Vincent Koc
7dac5c2778 fix(ci): install release packaging dependencies (#100459) 2026-07-05 14:33:10 -07:00
Vincent Koc
13e5902578 fix(ci): keep release helper args historical 2026-07-05 22:18:09 +02:00
Vincent Koc
1408deede7 fix(ci): keep npm debug diagnostics best-effort 2026-07-05 22:18:09 +02:00
Vincent Koc
fdb112970f fix(ci): preserve cross-os candidate fallbacks 2026-07-05 22:18:09 +02:00
Vincent Koc
8a378fe84f fix(ci): honor npm logs-dir diagnostics 2026-07-05 22:18:09 +02:00
Vincent Koc
63257a2b0e fix(ci): scope package tarball runtime checks 2026-07-05 22:18:09 +02:00
Vincent Koc
0cd2bc474f fix(ci): bundle private AI runtime in release candidates 2026-07-05 22:18:08 +02:00
Vincent Koc
d5ac8555bf fix(ci): accept pnpm pack destination paths 2026-07-05 22:18:08 +02:00
Vincent Koc
a1aaa1c6de fix(ci): pack cross-os candidates with pnpm 2026-07-05 22:18:08 +02:00
Peter Steinberger
426010dfb9 test: shorten daemon timeout proof 2026-07-05 16:13:25 -04:00
Peter Steinberger
a04b6ced4f test: stabilize load-sensitive test families that break gates under parallel load (#100420)
* test: stabilize process-heavy fixtures under load

* test: stabilize channel mocks under load
2026-07-05 12:53:06 -07:00
Peter Steinberger
f141408e77 fix(test): bound local full-suite RAM (#100437) 2026-07-05 12:16:41 -07:00
Peter Steinberger
8ccacd9f4e test: batch PowerShell function probes 2026-07-05 15:16:11 -04:00
Peter Steinberger
d7e2096dc7 test: avoid redundant skip-report process 2026-07-05 14:25:57 -04:00
Peter Steinberger
f04d18a394 test: avoid redundant env-report processes 2026-07-05 14:19:13 -04:00
Peter Steinberger
b22c36f112 fix: land ten small reliability fixes (#100399)
* fix(cron): reject sub-millisecond durations

* fix(skill-workshop): preserve proposal terminal newline

Preserve proposal_content exactly at the agent tool boundary and make
renderProposalMarkdown defensively emit a terminal newline.

Add focused regressions for the tool write path and markdown renderer.

* fix(skill-workshop): reject blank raw proposal content

* fix: treat empty-string optional integer tool params as unset

Optional positive-integer tool params (e.g. Telegram replyTo/threadId)
threw ToolInputError when a tool-calling model populated them with an
empty-string or whitespace-only default. Those defaults carry no value,
so readPositiveIntegerParam/readNonNegativeIntegerParam now treat a
blank string as unset (undefined) instead of throwing, while still
rejecting genuinely invalid present values (0, "42.5", "-3"). This
prevents silent message-delivery failures when models emit empty
routing-param defaults. Adds unit tests covering blank vs invalid.

* fix(gateway): log start session persistence failures

The gateway session-lifecycle "start" event persistence
(persistGatewaySessionLifecycleEvent, which surfaces write failures via
requireWriteSuccess) was fired as void ...catch(() => undefined), swallowing
the rejection with zero logging. A failed start-marker write silently dropped
the run's start record from restart-recovery accounting, with no
operator-visible trace.

The sibling terminal-phase catch already logs this since #97839; the start
path was the unfixed sibling. Mirror that fix: log the swallowed start-phase
persistence failure with the same redacted message shape via formatForLog,
keeping the fire-and-forget semantics unchanged. Adds a focused regression
test asserting the log fires on start-persist rejection.

* fix(memory): report close-time pending work failures

* fix(shared): return "" from sliceUtf16Safe when end <= start, matching native .slice

sliceUtf16Safe silently swapped reversed bounds (to < from) instead of
returning "" like String.prototype.slice, creating a subtle footgun for
callers with dynamic start/end pairs.

Caller scan across src/, extensions/, and packages/ confirmed no production
code relies on the old swap behavior — all callers use (text, 0, N) or
(text, -N) forms only.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(plugins): require plugin manifest in npm verifier

* fix(android): propagate CancellationException in CameraHandler catch blocks

Catch (err: Throwable) swallows kotlinx.coroutines.CancellationException,
breaking structured concurrency when the coroutine scope is cancelled
during camera operations (handleList/handleSnap/handleClip).

Add CancellationException rethrow before each Throwable catch to match
the existing pattern used in GatewaySession and TalkModeManager.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fix(android): propagate CancellationException past GatewaySession invoke boundary

* chore: sync native i18n inventory after gateway session line shift

* fix(agents): prevent native hook relay bridge race condition on renew and registration

Remove synchronous bridge record write after server.listen() that races
before the TCP server binds, and guard renew handler with server.listening
check to prevent stale relay registrations.

Closes #98650

* fix: harden small reliability fixes

Co-authored-by: cxbAsDev <cxbAsDev@users.noreply.github.com>

* docs(agents): explain buffered LSP spawn failures

* docs(agents): clarify LSP spawn timeout invariant

---------

Co-authored-by: qingminlong <qing.minlong@xydigit.com>
Co-authored-by: anyech <anyech@gmail.com>
Co-authored-by: snotty <snotty@users.noreply.github.com>
Co-authored-by: masatohoshino <g515hoshino@gmail.com>
Co-authored-by: lin-hongkuan <lin-hongkuan@users.noreply.github.com>
Co-authored-by: simon-w <weng.qimeng@xydigit.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: 宇宙熊Yzx <53250620+849261680@users.noreply.github.com>
Co-authored-by: xialonglee <li.xialong@xydigit.com>
Co-authored-by: nankingjing <1079826437@qq.com>
Co-authored-by: cxbAsDev <cxbAsDev@users.noreply.github.com>
2026-07-05 11:12:55 -07:00
Peter Steinberger
c757675f34 improve: keep isolated tests under one second (#100019)
* test: speed up isolated test suite

* test: finish isolated latency cleanup

* test: eliminate remaining isolated latency spikes

* test: remove final isolated timing outliers

* test: bound full-suite tooling processes

* test: bound native test process lifetime

* test: warm isolated runtime suites

* test: eliminate final isolated timing outliers

* test: fix isolated timing fixture types

* test: make timeout cleanup timing deterministic

* test: pin media manifests to source checkout

* test: isolate provider manifest contracts

* test: eliminate residual isolated timing spikes

* test: restore final isolated timing fixes

* test: eliminate remaining isolated timing spikes

* test: warm Zalo lifecycle imports

* test: keep isolated suites below one second

* test: use readable browser response fixtures
2026-07-05 10:57:19 -07:00