Commit Graph

301 Commits

Author SHA1 Message Date
Peter Steinberger
a9582a1bb6 fix: keep bounded text truncation UTF-16 safe (#101654)
* fix: keep bounded text UTF-16 safe

Co-authored-by: wm0018 <wu.min5@xydigit.com>
Co-authored-by: 廖石荣 0668000909 <liao.shirong@xydigit.com>
Co-authored-by: 0668000787 <ma.weibin@xydigit.com>

* chore: keep UTF-16 release note in PR body

---------

Co-authored-by: wm0018 <wu.min5@xydigit.com>
Co-authored-by: 廖石荣 0668000909 <liao.shirong@xydigit.com>
Co-authored-by: 0668000787 <ma.weibin@xydigit.com>
2026-07-07 13:44:32 +01:00
Petros Dhespollari
6894bb7508 fix(gateway): persist media metadata in agent.request transcripts (#86936)
* fix(gateway): persist agent request transcript media

Route inline and offloaded agent.request images through the canonical user-turn transcript recorder across embedded, CLI, and ACP runtimes. Share ordered media persistence with chat.send and cover media-only empty-reply turns.

Co-authored-by: Petros Dhespollari <info@peterdsp.dev>

* fix(gateway): avoid transcript media shadowing

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 09:16:15 +01:00
Peter Steinberger
88f1ec38d4 feat(sessions): grouping, unread state, and full session controls on web, iOS, and Android (#100814)
Gateway (additive, no protocol version bump): SessionEntry gains
lastReadAt/markedUnreadAt/lastActivityAt; session rows expose a derived
unread flag (explicit mark, or last read before latest activity; never-read
sessions stay read so upgrades do not light up). lastActivityAt is stamped
in the canonical post-run store update - user, channel, and cron runs count
as activity; heartbeat, internal-event, and preserved-state runs do not.
sessions.patch gains unread; sessions.create gains fork (transcript fork
from parentSessionKey under the parent lifecycle lock, refusing active,
concurrently-changed, and oversized parents, cross-agent aware).

Web sidebar: Pinned/custom-group/Ungrouped sections, unread dots, kebab and
right-click context menu (pin, mark unread/read, rename, fork, move to group,
archive, delete guarded for agent main sessions and active runs), mark-read
on view with loop-safe re-acknowledgement and failure retry; sessions page
gets unread + fork actions and shared custom-group helpers.

iOS Command Center: grouped sections, unread/pin indicators, Show Archived
gated on per-entry state, full context menu with rename/new-group alerts and
delete confirmation, current-session preview guarantee, read-episode
re-acknowledgement; new patch/delete/fork transport calls; Swift protocol
models regenerated.

Android SessionsScreen: grouped headers, unread/pin indicators, Archived
filter gated on per-entry state, long-press menu with the full control set,
agent-scoped forks, explicit label/category clears from session events,
main-session fallback when archiving/deleting the open chat, read-episode
re-acknowledgement with failure retry.

Closes #100739
2026-07-06 14:30:55 +01:00
Peter Steinberger
f53346944d feat: correlate native search outcomes in audit history (#98704)
* feat: correlate native search outcomes in audit history

Metadata-only audit ledger for agent runs and tool actions in the shared
state DB: stable event identity, closed action/status/error vocabularies,
one-way-hashed tool-call ids, never-inferred terminal outcomes for native
web-search (explicit completed/failed only; otherwise unknown), bounded
retention, audit.list gateway RPC and openclaw audit CLI. Squashed from
the 82-commit audit stack for replay onto current main.

* feat(audit): add audit.enabled config gate (default on)

The metadata-only audit ledger records by default: an audit trail enabled
only after an incident cannot explain the incident, and the rows are
strictly less sensitive than the transcripts every install already
stores. audit.enabled=false stops new writes at the gateway subscription
seam; audit.list and openclaw audit keep serving existing records until
they expire. Documented in the configuration reference, protocol page,
and CLI reference.

* fix: repair full-matrix CI findings after rebase

- break the dynamic-tools/dynamic-tool-execution import cycle by
  extracting resolveCodexToolAbortTerminalReason into a leaf module
- restore main's session-worktree protocol exports lost in the
  index.ts auto-merge
- register the audit event writer worker as a knip entry point
- docs table formatting; subagent wait-cancellation test scoped to its
  audit intent (outcome + timing) and advanced past main's new
  lifecycle-timeout retry grace
2026-07-06 12:30:12 +01:00
mushuiyu886
806397f0d9 Treat already-compacted CLI compaction as no-op (#99136) 2026-07-06 06:34:05 +00:00
Masato Hoshino
ff759b3f1a fix(outbound): report honest message delivery status (#99928)
* fix(outbound): report delivery status in best-effort message send results

Best-effort sends (forced on for implicit message_tool_only source
replies) previously collapsed failed and partial_failed durable send
results into a success-shaped MessageSendResult, so agents saw a
normal-looking envelope while delivery had actually failed. Surface
deliveryStatus, a formatted error, sentBeforeError, and per-payload
outcomes without changing throw semantics.

* fix(outbound): centralize message delivery outcomes

Co-authored-by: masatohoshino <g515hoshino@gmail.com>

* docs(changelog): split aggregate entries from code landing

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 07:18:03 -07:00
LZY3538
e6ec74c254 fix(compaction): preserve Anthropic context usage (#99864) 2026-07-05 02:33:43 -07:00
Sanjay Santhanam
6cc534bbad fix(discord): reuse stored sessionId across voice (stt-tts) turns (#97746)
* fix(discord): reuse stored sessionId across voice (stt-tts) turns

Discord voice turns previously called agentCommandFromIngress without a
sessionId, so the core session resolver minted a fresh UUID per turn.
Because the codex app-server thread is bound beside the per-session
file, every voice turn produced a new codex thread, a brand-new
rollout-*.jsonl, and lost all prior context.

The fix reads the persisted session entry for the route's sessionKey
(the same supervisor entry already used for the route) and threads that
sessionId into agentCommandFromIngress, mirroring how voice-call's
response-generator and the gateway 'voice.transcript' dispatcher already
keep voice conversations stable.

Adds extensions/discord/src/voice/ingress.test.ts covering both
directions: reuses the stored id when present, and lets core mint a
fresh one when the store is empty.

Fixes #97688

* fix(discord): preserve voice session after rollover

* refactor(discord): keep voice session ownership in core

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 03:00:08 -04:00
Peter Steinberger
6df0fb818d feat: add session thread management (#98510)
* feat: add session thread management

Squash of codex/thread-management (025aefc3ad1) onto origin/main:
pin/archive/rename sessions via sessions.patch, archived-aware
sessions.list, lifecycle fencing, read-only archived chat, SDK +
Swift protocol support, Control UI session management.

* refactor(ui): minimal session rows with hover-revealed management

Chat picker and sidebar recents share session-row primitives: single-line
rows, relative timestamps, rename/archive/pin revealed on hover or focus,
accent pin badge for pinned rows, and an active-run spinner in the trail
slot. Sidebar floats pinned sessions above recency via the shared
comparator and gains archive/pin actions through the unified sessions-view
patch fallback. Archive eligibility is one shared policy
(canArchiveSessionRow); the sidebar/picker active-run tooltip now uses the
real sessionsView.activeRun locale key.

* fix: align session admission with mailbox-era main

Integration fixes after rebasing onto current main: sessions_list mailbox
test expectations learn the archived/pinned row fields and archived:false
list param; gateway agent admission treats a session as deleted only when
both the requested and canonical alias sets miss it (legacy bare-main
stores and exec-approval followups read under different spellings); cron
persist tests keep a consistent store across claim-guarded persist calls;
the ACP abort hook test asserts abort propagation instead of signal
identity; drop dead lifecycle writes flagged by no-useless-assignment and
fix the promise-executor return in the codex compact test.

* fix(qa): align UI e2e and shard fixtures with redesigned session rows

Sidebar session rows are wrapper divs with an inner link now: update the
navigation browser tests and chat-flow Playwright selectors. Seed a real
per-test session store for the auto-fallback admission guard instead of
depending on leftover host files at /tmp/sessions.json. Teach the
test-projects routing fixture about the suites that newly import the
shared temp-dir helper. Document the Codex thread-format contract for
archivedAt/pinnedAt (flag derived from server-stamped timestamp, epoch ms
here vs Codex epoch seconds) at the type and in the session docs.

* test: route auto-fallback suite through temp-dir helper plans

The auto-fallback suite now imports the shared temp-dir helper for its
seeded session store, so the top-level helper routing fixture must list
it in the auto-reply plan.
2026-07-04 14:30:47 -04:00
Vincent Koc
3d3a29413a fix(agents): replay images across cli fallback (#100035) 2026-07-04 10:50:42 -07:00
Vincent Koc
9a0c9f8395 fix(agents): preserve images on cli fallback (#99891) 2026-07-04 01:29:03 -07:00
Vincent Koc
03fafe2364 fix(agents): preserve fallback tool-call hints (#99851) 2026-07-03 23:42:05 -07:00
ZOOWH
9aa4250c58 fix(cli): hide synthetic Claude reseed prompts (#99653)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-03 22:56:06 -07:00
Peter Steinberger
1fef99962e feat(nodes): add auto-discovered Ollama inference (#99234)
* feat(nodes): add local Ollama inference

* fix(gateway): preserve plugin node runtime for agent turns

* feat(ollama): add node inference opt-out

* test(security): preserve plugin runtime exports

* test(security): preserve plugin runtime exports

* test(security): preserve plugin runtime exports

* fix(ci): raise artifact build heap
2026-07-03 01:14:30 -07:00
Yuval Dinodia
7c5ce40598 fix(cron): keep provider-owned CLI sessions across the daily default reset (#98356)
The provider-owned CLI session exemption added for the gateway agent.run path
in #97931 was not applied to the non-gateway session resolvers. Scheduled
isolated-agent cron jobs run through runCronIsolatedAgentTurn ->
resolveCronSession, and the local openclaw command runs through resolveSession;
both called evaluateSessionFreshness directly with no provider-owned guard.

Under the default reset config a persistent-target cron job on a CLI runtime
(claude-cli, codex, gemini-cli) therefore rotated its session after the daily
boundary, minting a new sessionId and dropping the cliSessionBindings, so the
agent silently lost its underlying CLI conversation every morning and the
transcript was split. Because resolveCronSession also backs the heartbeat
runner, that surface was affected too.

Route both resolvers through the same
resetPolicy.configured !== true && hasProviderOwnedSession(entry) skip the
gateway and inbound paths already use. Explicit session.reset and configured
resets still rotate these sessions, and the command path still rotates when the
terminal main transcript is newer than the registry.
2026-07-01 01:10:21 -07:00
Ben Badejo
180a970ac0 fix(heartbeat): scope commitment fan-out prompts (#98169)
* fix(heartbeat): scope commitment fan-out prompts

* fix(heartbeat): isolate commitment fan-out runs

* fix(heartbeat): isolate commitment fan-out runs

---------

Co-authored-by: Benjamin Badejo <ben@benbadejo.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-06-30 20:25:28 -07:00
Vincent Koc
a0f93cf88f fix(agents): gate subagent stream suppression 2026-06-23 15:54:57 +08:00
chenhaoqiang
1876e3e1c1 perf: skip per-chunk live parsing for subagents
Subagent runs do not have a live stream consumer; their result is delivered from
the terminal message path after the child run finishes. The intermediate
message_update stream work only feeds live preview output.

Thread suppressLiveStreamOutput from the subagent lane into the embedded runner
subscription and return from handleMessageUpdate after accumulating the raw
chunk. This keeps final delivery unchanged while skipping per-chunk visible text
and reasoning stream parsing for subagents, which reduces event-loop pressure
when multiple child agents stream long answers in parallel.

Interactive and Control UI runs keep the existing live preview path.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
(cherry picked from commit e0382c2c58c3eabdf64638777ec82cb1e68514e9)
2026-06-23 15:54:57 +08:00
兰之
bd479958c0 feat(plugin-sdk): add extensible channel identity hook context (#91903)
Merged via squash.

Prepared head SHA: 90f51eafd5
Co-authored-by: lanzhi-lee <36190508+lanzhi-lee@users.noreply.github.com>
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Reviewed-by: @vincentkoc
2026-06-23 11:56:49 +08:00
Vincent Koc
0a338147a5 refactor(numbers): share non-negative finite guard 2026-06-23 03:46:22 +08:00
Vincent Koc
80805ad7a5 refactor(agents): share error normalization helpers 2026-06-23 00:36:31 +08:00
Vincent Koc
aa3797c8d0 fix: complete fast mode fallback and status wiring 2026-06-22 09:37:10 +08:00
Vincent Koc
2b75806197 feat: forward-port fast talks auto mode (#85104) 2026-06-22 09:37:09 +08:00
Josh Avant
5d1e649aea fix: route mobile exec approvals to reviewer device (#95175)
* fix: route mobile exec approvals to reviewer device

* fix: surface iOS approval events in foreground

* fix: forward codex approval reviewer device

* test: harden approval reviewer device contract

* test: cover reviewer approval fallback resolvers
2026-06-21 08:47:52 -05:00
Shakker
a536a0ddbc fix: isolate cli attempt home env 2026-06-19 16:54:05 +01:00
Stellar鱼
20dd2be0f2 fix(agents): skip auth gate for CLI-owned transport (#88551)
* fix(agents): skip fallback auth gate for CLI runtimes

* fix(agents): skip auth gate for CLI-owned transport

* fix(agents): skip auth gate for CLI-owned transport

---------

Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
2026-06-19 09:54:15 +08:00
Vincent Koc
4106794ff5 refactor(agents): remove stale acp error alias 2026-06-18 13:42:11 +08:00
Vincent Koc
0da706dbfb refactor(sessions): dedupe session helpers 2026-06-18 12:25:23 +08:00
Peter Lee
402c85b07a fix(session): fence stale post-run session writes
* fix(session): prevent stale finalizer from recreating deleted session rows

After sessions.delete removes a session row, updateSessionStoreAfterAgentRun
could still recreate it via the fallbackEntry path in patchSessionEntry when
preserveUserFacingRunState was false. Changed the guard from only checking
preserveUserFacingRunState to checking whether the session key exists in the
in-memory store but not on disk — indicating the session was intentionally
deleted mid-run.

Fixes #40840

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* test(session): cover deleted session finalizer fence

* fix(session): fence post-run writes after deletion

* fix(session): guard post-run transcript persistence

* fix(session): fence metadata after session reset

---------

Co-authored-by: Peter Lee <22994703+xialonglee@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-06-17 22:57:45 +08:00
Vincent Koc
e349bdb949 refactor(agents): narrow command helper types 2026-06-17 15:33:16 +08:00
Shakker
4377bd189d fix: ignore stale auto auth for Gemini CLI 2026-06-17 03:31:14 +01:00
Shakker
625085187e fix: forward pinned Gemini CLI auth for validation 2026-06-17 03:31:14 +01:00
Shakker
8d3929e86f fix: honor Google auth order for Gemini CLI 2026-06-17 03:31:14 +01:00
Shakker
eb92a0bf76 fix: accept Google API keys for Gemini CLI 2026-06-17 03:31:14 +01:00
Shakker
defaffbb93 fix: keep CLI auth fallback scoped 2026-06-17 03:31:14 +01:00
Shakker
e834249db3 fix: preserve runtime auth alias scope 2026-06-17 03:31:14 +01:00
Jason O'Neal
94a4a3fbc4 fix(gemini): bridge OAuth profiles into CLI runtime 2026-06-17 03:31:14 +01:00
ragesaq
f94a2506d2 feat(context-engine): pass runtime settings into lifecycle (#88750)
Merged via squash.

Prepared head SHA: 9a19334ee5
Co-authored-by: ragesaq <11304287+ragesaq@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
2026-06-16 16:23:19 -07:00
Josh Lehman
00a75db428 refactor: route transcript writers through session seam (#89123)
* clawdbot-d08: route transcript writers through accessor seam

* fix: refresh transcript writer seam proofs

* refactor: add transcript turn writer operation

* fix: preserve transcript writer store targeting

* fix: preserve transcript append lock ordering

* refactor: guard transcript turn session rebound

* clawdbot-d02.1.9.1.35: route transcript rewrites through runtime scope

* fix: preserve transcript event append return type

* fix: publish transcript turn owned entries
2026-06-16 13:59:48 -07:00
Josh Lehman
127e174c9e refactor: route auto-reply sessions through session seam (#89124)
* clawdbot-6f0: route agent runtime session writes through seam

* clawdbot-6f0: route command entry persistence through seam

* test: ratchet auto-reply session accessor writes

* refactor: scope embedded attempt quota reads

* test: ratchet session store save writer
2026-06-15 15:50:38 -07:00
Vincent Koc
0ea08076c3 fix(agents): preserve CLI message delivery evidence 2026-06-16 02:45:41 +08:00
Peter Steinberger
0314819f91 fix(agents): replace prose terminal classifiers (#93228)
* fix(agents): replace prose terminal classifiers

Co-authored-by: fuller-stack-dev <263060202+fuller-stack-dev@users.noreply.github.com>

* fix(agents): preserve terminal failure lifecycles

* fix(agents): order parallel terminal summaries

* fix(agents): preserve structured post-tool silence

* fix(agents): preserve structured replay provenance

---------

Co-authored-by: fuller-stack-dev <263060202+fuller-stack-dev@users.noreply.github.com>
2026-06-15 02:53:14 -07:00
zhang-guiping
ba1be23821 fix #69443: [Bug] Subagent RPC callback to WeChat session key routed to main session instead (#90231)
* fix agent session-key callback routing

* fix reset ack session-key delivery

* fix direct agent to session key routing

* fix lint in direct agent session routing

* fix: route subagent RPC callbacks to agent-shaped --to session key instead of main session (#90231) (thanks @zhangguiping-xydt)

---------

Co-authored-by: sliverp <870080352@qq.com>
2026-06-15 17:10:50 +08:00
clawsweeper[bot]
399f5bc993 fix: refresh model context metadata safely
Cap configured session context overrides by the selected model's known context window, refresh provider/model metadata consistently, and preserve the fixed Anthropic 1M context contract.

Fixes #39857

Co-authored-by: Kros Dai <7087+xdanger@users.noreply.github.com>
2026-06-13 18:48:43 -07:00
ooiuuii
d20fdf3b38 fix(gateway): mark active main sessions before restart shutdown aborts (#91357)
* Mark active main sessions during restart shutdown

* Type restart marker mock in close tests

* fix(gateway): preserve active run ownership across restart

* fix(gateway): preserve active runs across restart

* fix(gateway): close restart recovery edge cases

* fix(cron): preserve lifecycle ownership across restart

* fix(gateway): release rejected run contexts

* fix(gateway): preserve restart lifecycle ownership

* fix(cron): retain overlapping run ownership

* fix(agents): preserve restart terminal precedence

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-06-13 10:49:17 -07:00
Andy Ye
ddacb7ba39 fix(memory): keep memory_search in transient qmd mode (#92639)
Summary:
- Merged fix(memory): keep memory_search in transient qmd mode after ClawSweeper review.

Automerge notes:
- PR branch already contained follow-up commit before automerge: fix(memory): close transient search managers
- PR branch already contained follow-up commit before automerge: fix(memory): preserve default search managers
- PR branch already contained follow-up commit before automerge: fix(memory): preserve qmd cli boot freshness

Validation:
- ClawSweeper review passed for head 64fe82c24c.
- Required merge gates passed before the squash merge.

Prepared head SHA: 64fe82c24c
Review: https://github.com/openclaw/openclaw/pull/92639#issuecomment-4698763950

Co-authored-by: Andy Ye <35905412+TurboTheTurtle@users.noreply.github.com>
Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com>
Approved-by: takhoffman
Co-authored-by: takhoffman <781889+takhoffman@users.noreply.github.com>
2026-06-13 14:14:54 +00:00
Vincent Koc
60e818f563 fix(agents): forward channel identity to CLI hooks 2026-06-11 19:33:00 +09:00
NVIDIAN
0328ca53cd fix(agents): honor configured CLI resume timeouts (#90912)
* fix(agents): honor configured CLI resume timeouts

* fix(agents): pass explicit CLI timeout overrides

* fix(agents): preserve timeout provenance

* test(agents): cover configured timeout provenance

* fix(agents): resolve CLI timeout provenance centrally

* fix(agents): carry reply timeout provenance

* fix(agents): forward CLI run lane

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-06-11 10:05:43 +09:00
Vincent Koc
7f1d82ab25 revert(sessions): defer session metadata sqlite
Reverts 538d36eaaa while preserving subsequent main changes. The beta-only SQLite downgrade rescue and reverse migration remain excluded.
2026-06-10 16:34:06 +09:00
Peter Steinberger
538d36eaaa refactor: move session metadata to SQLite (#91322)
* refactor: move session metadata to sqlite

* test: seed session stores with sqlite fixtures

* test: seed remaining session stores with sqlite fixtures

* fix: stabilize sqlite session cache freshness

* test: seed cli transcript metadata in sqlite
2026-06-07 23:17:35 -07:00