Commit Graph

36484 Commits

Author SHA1 Message Date
Ayaan Zaidi
3ad465d32b fix(telegram): persist ambient transcript rows
Persist room-event observations as durable bare user transcript rows and carry an ambient transcript watermark through session state so Telegram chat windows only include the unpersisted gap.

Fixes #99257
2026-07-02 19:01:22 -07:00
Dallin Romney
84c9f05513 Allow alternate Zalo Bot API roots (#98768)
* Allow alternate Zalo Bot API roots

* Normalize Zalo provider timestamps
2026-07-02 18:44:15 -07:00
Dallin Romney
b98c11a46e refactor(shared): consolidate gateway and stateful runtime lazy loaders (#99296) 2026-07-02 18:43:14 -07:00
Dallin Romney
5fa2082655 refactor(shared): consolidate core leaf lazy loaders (#99278) 2026-07-02 18:06:00 -07:00
Gio Della-Libera
9238d9aeae Expose legacy plugin manifest doctor lint findings (#98695)
Expose default-disabled Doctor lint findings for legacy plugin manifest contract migrations.

- Maps existing legacy manifest contract diagnostics into structured HealthFinding output.
- Keeps real manifest rewriting in the existing legacy doctor --fix path; no structured dry-run repair hook in this PR.
- Default doctor --lint remains unchanged; explicit --only core/doctor/legacy-plugin-manifests and --all can select it.

Validation:
- Hosted PR checks green on head 2a019933bb.
- node scripts/run-vitest.mjs src/commands/doctor-plugin-manifests.test.ts src/flows/doctor-health-contributions.test.ts (63 passed)
- changed-file pnpm exec oxfmt --check
- changed-file pnpm exec oxlint
- node scripts/plugin-sdk-surface-report.mjs --check
- git diff --check
2026-07-02 17:48:04 -07:00
Gio Della-Libera
dce1b0a87a Expose heartbeat template doctor lint findings (#98400)
Expose default-disabled Doctor lint findings for legacy HEARTBEAT.md documentation-template wrappers.

- Reuses the existing heartbeat template analyzer for structured `HealthFinding` output.
- Keeps replacement/mutation in the existing legacy `doctor --fix` path; no structured dry-run repair hook in this PR.
- Default `doctor --lint` remains unchanged; explicit `--only core/doctor/heartbeat-template` and `--all` can select it.

Validation:
- Hosted PR checks green on head f76623016c.
- `node scripts/run-vitest.mjs src/commands/doctor-heartbeat-template-repair.test.ts src/flows/doctor-health-contributions.test.ts` (73 passed)
- changed-file `pnpm exec oxfmt --check`
- changed-file `pnpm exec oxlint`
- `node scripts/plugin-sdk-surface-report.mjs --check`
- `git diff --check`
2026-07-02 17:40:17 -07:00
Dallin Romney
5458e316f3 refactor(shared): establish lazy runtime loader foundation (#99261) 2026-07-02 17:24:59 -07:00
Dallin Romney
e701dc76b0 test(qa): prove native command targeting across QA transports (#98751)
* QA: prove native command session targeting

* QA: remove superseded native stop e2e

* test(qa): run native commands through Crabline Telegram

* chore(deps): scope Crabline release exception

* test(qa): retain native stop queue cleanup regression
2026-07-02 16:51:30 -07:00
Ayaan Zaidi
568be74e15 fix(auto-reply): trim inbound prompt metadata
Merge sender identity into conversation info, remove duplicate per-turn delivery hints, demote inbound metadata heading, keep room-event default-silent guidance singular, strip rendered chat-window context on replay, and refresh prompt snapshots.
2026-07-02 16:05:49 -07:00
Momo
cb6611d849 fix: route strict guarded fetches through managed proxy without local DNS (#98951) 2026-07-02 16:29:27 -05:00
Ted Li
b67df3797a fix(telegram): explain disabled plugin approval failures (#95973)
* fix: explain disabled Telegram plugin approvals

* fix: handle disabled Telegram native plugin approvals

* fix: resolve exec approval surface independently

* fix: tie plugin approval setup guidance to plugin surface

* Revert "fix: tie plugin approval setup guidance to plugin surface"

This reverts commit 34e3c10e23.

* fix: gate plugin approval setup guidance

* fix: gate plugin approval availability by delivery

* fix: preserve plugin approval approver auth

* fix: make plugin setup guidance explicit

* test: trim approval guidance proof radius

* Avoid setup guidance on routed approval timeout

* Carry plugin approval delivery route into timeouts

* Keep turn-source approval route visible

* fix(approvals): prefer delivered approval clients

* fix(approvals): prefer delivered approval clients

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-02 14:15:25 -07:00
Eva
46598a120f fix: OAuth refresh failures report reauth instead of stale success (#99134)
Fail closed when managed OpenAI OAuth refresh fails instead of silently falling back to stale external Codex CLI credentials.

Make managed provider OAuth authoritative after bootstrap, preserve API-key and non-OpenAI external CLI behavior, and surface targeted re-auth guidance without exposing profile IDs in group/channel replies.

Fixes #99120.

Co-authored-by: Eva <239388517+100yenadmin@users.noreply.github.com>
2026-07-02 13:50:25 -07:00
PollyBot13
8b99c45bbb fix: route iOS OpenAI realtime Talk through WebRTC (#98563)
* fix: route iOS OpenAI realtime talk through WebRTC

* fix(ios): harden native realtime routing

* fix(ios): preserve realtime route ownership

* fix(ios): balance realtime audio sessions

* chore(ios): sync native i18n inventory

* fix(ios): preserve Azure realtime relay

* fix(ios): harden realtime session recovery

* chore(ios): sync native i18n inventory

* fix(ios): preserve selected Azure realtime routing

* fix(ios): rotate terminal realtime sessions

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-02 12:49:23 -07:00
Peter Lee
2d764dd8fe fix(feishu): preserve button command values in fallback text and add Feishu comment guidance with callback privacy (#94385)
* fix(interactive): preserve button command values in fallback text for degraded approval UX

* fix(interactive): keep callback values private in fallback text and narrow Feishu interactive detection

- P1: Skip rendering action.type === "callback" values in
  renderMessagePresentationFallbackText to avoid leaking opaque
  channel/plugin data into user-visible text. Command and legacy
  values are still rendered.
- P2: Replace hasMessagePresentationBlocks/hasInteractiveReplyBlocks
  with isMessagePresentationInteractiveBlock so Feishu comment
  guidance only appears when the presentation actually contains
  buttons or selects, not for text-only blocks.
- Update tests: callback button now shows label-only; all 137 tests pass.

* fix(interactive): only render typed command values in fallback text, keep legacy value private

* fix(feishu): gate document-comment command guidance on actual command action

* docs(message-presentation): document command/callback value fallback visibility

* fix(feishu): omit command guidance when URL overrides fallback command text

* docs: regenerate docs_map.md

* fix(interactive): exclude disabled buttons from fallback command rendering and guidance

* fix(interactive): extract hasRenderedCommandAction, exclude disabled buttons from command fallback

* fix(feishu): preserve command guidance marker through core presentation rendering

* fix(feishu): type-narrow channelData.feishu with isRecord before reading rendered-command marker

* fix(feishu): move hasRenderedCommandAction from public SDK into Feishu plugin as local helper

Keep the helper local to the only caller (Feishu outbound) instead of
adding a new public plugin SDK API contract. The shared fallback renderer
in renderMessagePresentationFallbackText already inlines the same
command-visibility logic; a local helper is sufficient for the Feishu
comment-thread guidance gate.

* refactor(feishu): tighten fallback command marker

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-02 12:42:31 -07:00
Peter Steinberger
a004e18b4b test(sessions): publish concurrency markers atomically (#99212) 2026-07-02 12:30:45 -07:00
moguangyu5-design
826c84ea19 fix(config/sessions): narrow reply-session initialization revision to identity fields (#98835)
* fix(config/sessions): narrow reply-session initialization revision to identity fields

The initialization guard compared the full persisted session entry, so
background touches to updatedAt, heartbeat timestamps, context-budget
metadata, etc. produced false-positive stale-snapshot conflicts and the
"reply session initialization conflicted" error.

Only sessionId and sessionFile matter for detecting a session rotation.
Narrow the revision to those identity fields and add a regression test.

Fixes #98672

* fix(config/sessions): merge current metadata when reply-init identity guard passes

* fix(config/sessions): preserve only snapshot-drifted metadata in reply-init commit

* fix: preserve cleared reply-session metadata

* fix: allow same-session reply initialization drift

---------

Co-authored-by: moguangyu5-design <moguangyu5-design@users.noreply.github.com>
Co-authored-by: Josh Lehman <josh@martian.engineering>
2026-07-02 10:59:45 -07:00
Gio Della-Libera
285c629ab3 Expose disk space doctor lint findings (#98391)
* Expose disk space doctor lint findings

* test(doctor): type disk-space health finding mock
2026-07-02 09:56:41 -07:00
Ayaan Zaidi
0633876530 fix(agents): sweep stale CLI image files
Fixes #98946
2026-07-02 09:31:56 -07:00
Ayaan Zaidi
8232ea0974 fix(agents): reseed oversized CLI transcript tails
Fixes #98946
2026-07-02 09:31:56 -07:00
Ayaan Zaidi
11441aefbe fix(agents): classify quiet Claude live exits
Fixes #98946
2026-07-02 09:31:56 -07:00
Ayaan Zaidi
5e4d8eda19 fix(agents): fail and clean up CLI preparation
Fixes #98946
2026-07-02 09:31:56 -07:00
Ayaan Zaidi
b07fd6f1b4 fix(telegram): keep group history always on 2026-07-02 09:22:59 -07:00
Shakker
c032f9809d fix: preserve built-in channel auto-enable fallback 2026-07-02 17:13:38 +01:00
Shakker
d2d20b5fed test: cover repaired channel plugin allowlist 2026-07-02 17:13:38 +01:00
Jacob Tomlinson
48f4a09e1f fix: enable repaired Mattermost plugin on startup 2026-07-02 17:13:38 +01:00
Ayaan Zaidi
e08102820e fix(agents): generalize group message-tool etiquette 2026-07-02 09:12:35 -07:00
Ayaan Zaidi
59a6240dae fix(auto-reply): default room events to silence 2026-07-02 09:12:35 -07:00
Ayaan Zaidi
4d5dac1836 fix(auto-reply): preserve ambient overflow summary kind 2026-07-02 08:53:10 -07:00
Ayaan Zaidi
519158c576 fix(auto-reply): suppress room-event followup notices 2026-07-02 08:53:10 -07:00
Ayaan Zaidi
dbccddbf34 fix(auto-reply): suppress room-event fast progress dispatch 2026-07-02 08:53:10 -07:00
Ayaan Zaidi
5fc9b20d24 fix(gemini): stage CLI auth inside run queue
Fixes #98945
2026-07-02 08:49:40 -07:00
Ayaan Zaidi
cc5804868f fix(cli-runner): handle variadic Claude MCP configs
Fixes #98944
2026-07-02 08:49:40 -07:00
Momo
d45b8be939 fix(agents): preserve fresh tool result text under aggregate cap (#98955)
Summary:
- The branch updates agent tool-result truncation so live prompt projection protects trailing fresh tool-resul ... ges under the aggregate cap, adds a bounded aggregate elision marker, and extends focused truncation tests.
- PR surface: Source +54, Tests +124. Total +178 across 2 files.
- Reproducibility: yes. source-level: the linked issues give a deterministic saturated-history prompt projecti ...  clear tool-result text to empty. I did not run a live WebChat or Discord session in this read-only review.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head 50069fdd6f.
- Required merge gates passed before the squash merge.

Prepared head SHA: 50069fdd6f
Review: https://github.com/openclaw/openclaw/pull/98955#issuecomment-4862947669

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
2026-07-02 08:35:20 +00:00
Ben.Li
cb44f40474 fix(agents): preserve embedded completions usage (#96523)
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-02 00:07:21 -07:00
Peter Steinberger
be5906e19d fix(cron): restore persistent session targets (#98947)
Cron jobs run in the session they were created from unless the job explicitly requests an isolated fresh session.

Co-authored-by: Peter Steinberger <58493+steipete@users.noreply.github.com>
2026-07-02 07:48:50 +01:00
Peter Steinberger
2913d3aee9 fix(anthropic): restore Fable 5 Vertex simple completions (#98932)
* fix(anthropic): restore Fable 5 Vertex simple completions

* test(agents): satisfy custom API model types

* test(ci): route reliability test from temp helper

* test(agents): satisfy custom API model types
2026-07-02 07:16:39 +01:00
Ayaan Zaidi
d18817019f fix(agents): unify cli stream output classification
Fixes #98896
2026-07-01 23:14:58 -07:00
Ayaan Zaidi
809bc619c4 fix(process): preserve split utf8 subprocess output 2026-07-01 23:14:58 -07:00
Wynne668
e0970cfec5 fix: backup skips volatile cache paths (#98879)
* fix: skip volatile backup cache paths

* fix(backup): tolerate disappearing volatile files

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-01 23:05:37 -07:00
Masato Hoshino
e845a26fd6 fix(agents): fail fast with attributable reason after MCP stdio session dies mid-run (#98738)
* fix(agents): fail fast with attributable reason after MCP stdio session dies mid-run

Wires MCP Client onclose/onerror during bundle-mcp session creation so a
crashed/exited server flips session.connected instead of staying stale.
Next tool/resource/prompt call throws a domain-specific 'is disconnected'
error immediately instead of surfacing the SDK's generic 'Not connected'.
A disconnected reused session is retired and rebuilt fresh on the next
catalog pass rather than reused, since the SDK chains onclose/onerror
cumulatively on repeat connect() and the stdio transport never clears its
read buffer on an unexpected exit.

* fix(agents): retire a reused MCP session that dies mid-refresh, not just pre-refresh

codex review found: the catch-path retirement in getCatalog()'s per-server
task only covered two cases (fresh session that never connected this pass,
and a non-reused session that failed for any reason) - a reused session
that was healthy when this pass started but disconnects mid-refresh (child
process dies between ensureSessionConnected() returning and
listAllToolsBestEffort() finishing) hit neither branch, so onclose flipped
connected=false but the dead session object stayed in the map until the
next catalog rebuild happened to notice it. Added the missing branch plus
a regression test that kills the child process mid tools/list on a reused
session and asserts the session is purged from the map within the same
refresh (not just fail-fast on tool calls, which already worked).

* fix(agents): retire a dead reused MCP session even across overlapping catalog generations

codex round-2 review found: the mid-refresh retirement branch still
skipped when sharedWithNewerGeneration was true, which protects a
still-alive session another generation is actively using - but once
onclose flips session.connected=false, the transport is dead for every
generation sharing that object, so that guard no longer applies.
Simplified to a single !session.connected branch that always retires
(retireSessionIfCurrent already no-ops safely if a newer generation
replaced the map entry), and dropped the now-write-only
connectedForCatalog local it replaced.

* test(scripts): allow MCP SDK callback suppressions

* fix(agents): retire closed MCP sessions

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-01 22:55:15 -07:00
Vincent Koc
ebb43e2dca test(ci): route cli reliability helper dependency 2026-07-01 22:53:32 -07:00
Ayaan Zaidi
a5bf55d690 refactor(agents): fold assistant string normalization into transcript ingest (#98908) 2026-07-01 22:44:02 -07:00
Ayaan Zaidi
d02d8b1ea5 fix(agents): keep cli live retry artifacts
Fixes #98897
2026-07-01 22:39:24 -07:00
Ayaan Zaidi
52cabf877d fix(agents): recover cli context overflow sessions
Fixes #98897
2026-07-01 22:39:24 -07:00
Ayaan Zaidi
b60803dfaa fix(auto-reply): persist heartbeat cli session bindings
Fixes #98895
2026-07-01 22:39:18 -07:00
Ayaan Zaidi
8939c10d77 fix(agents): handle claude live write timeout rejection
Fixes #98894
2026-07-01 22:39:18 -07:00
Gio Della-Libera
b2c507c5f0 Doctor: expose tool result cap findings (#97500)
* doctor: expose tool result cap findings

* doctor: include inherited tool cap findings

* doctor: align tool cap agent paths
2026-07-01 21:49:59 -07:00
Omar Shahine
8c7ac9b9b9 fix(imessage): native poll vote-cue, echo suppression, and same-sender comment fold
Makes native iMessage polls behave correctly end to end.

What changed:
- Inbound polls render with a numbered-options vote cue so the agent casts a native vote instead of answering the poll in prose.
- poll-vote resolves the poll reference from pollId/pollGuid/messageId and now defaults to the current inbound poll message when the model omits it; still errors when no reference exists.
- poll-vote echo suppression is session-scoped, so the redundant spoken answer is dropped across the separate poll and comment runs.
- A poll's inline-reply caption is folded (not delivered as a standalone question) only when the poll creator and reply sender are both known and equal; unknown/mismatched sender falls through to the normal inbound decision gate, so no inbound reply is silently dropped.

Evidence:
- 64 passing tests in the poll suites (poll-comment, poll-render, actions), incl. sender fail-closed regressions; pnpm build clean.
- Two Codex autoreviews clean (patch is correct); ClawSweeper re-review rated it platinum hermit.
- Live-verified on macOS 26.4.1 on the deployed gateway: poll "What color pill?" -> native vote delivered with a 7333-byte payload, caption folded, zero echo.

Note: vote delivery also depends on the imsg vote-stamp fix (openclaw/imsg#150); OpenClaw ships ahead of imsg per owner decision.
2026-07-01 21:30:29 -07:00
Ayaan Zaidi
e095dc8409 fix(agents): normalize string tool-result replay (#98891) 2026-07-01 21:19:21 -07:00
Dave Nicoll
6e79ca3cbc fix(fal): route grok-imagine and nano-banana-2-lite edits to correct endpoints (#98688)
* fix(fal): route grok-imagine and nano-banana-2-lite edits to correct endpoints

The fal image-generation provider appends '/image-to-image' to any model
that isn't 'openai/gpt-image-*' or 'fal-ai/nano-banana-*' when reference
images are supplied. That's wrong for two models fal serves:

- `xai/grok-imagine-image`: fal 404s on '/image-to-image'. The real edit
  endpoint is '/quality/edit'. The endpoint also expects lowercase
  resolution values ('1k'/'2k' only) and a distinct aspect_ratio enum.

- `google/nano-banana-2-lite`: fal 404s on '/image-to-image'. The real
  edit endpoint is '/edit'. The endpoint does not accept a 'resolution'
  parameter.

Add schema entries for both models so ensureFalModelPath and
applyFalImageGeometry pick the right suffix and body shape. Introduce
resolution allowlist support ('resolutions: readonly string[]') and
lowercase transform ('resolutionCase: "lower"') on the schema; existing
schemas keep their behaviour (nb2 still forwards uppercase resolution
unchanged; flux/gpt-image/nb2/krea untouched). Refactor
ensureFalModelPath to consult schema.appendEditPath instead of hardcoded
prefix checks so future models only need a schema entry.

Tested:
- Existing 49 fal unit tests still pass; added 9 new tests covering the
  two new endpoints and their guard conditions (32 -> 34 tests in the
  image-generation-provider suite).
- Live fal.ai calls confirm both endpoints return 200 with real
  reference images; the buggy old URLs still return 404.

* fix(fal): preserve standard edit routing

* fix(image): apply inferred resolution per model

* fix(image): preserve provider reference limits

* fix(image): resolve reference limits per model

* fix(fal): preserve nano banana family limits

* test(ios): stub generated file list helper

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-01 20:42:25 -07:00