zhang-guiping
689e8ec893
fix(agents): forward ACP spawn attachments
...
Forward initial image/file attachments when spawning ACP subagents through the existing sessions_spawn attachment opt-in. Remove the PR-only acpEnabled config split so ACP uses the same attachment gate as other runtimes.
Also fix the PR branch CI fallout: type the browser element CLI request mock and use Vitest env stubs in the Azure speech test to satisfy the changed-path security scan.
Verification:
- GitHub CI passed on f6ca26b160
2026-05-29 22:08:19 +02:00
Peter Steinberger
f8ad20b87e
fix(signal): cap container timeout timers
2026-05-29 16:08:08 -04:00
Nimrod Gutman
6897711d19
feat(ios): add talk tab realtime playback ( #88105 )
...
Merged via squash.
Prepared head SHA: f41112a8821540134+ngutman@users.noreply.github.com >
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com >
Reviewed-by: @ngutman
2026-05-29 23:06:19 +03:00
Peter Steinberger
4b9a80d895
fix(discord): cap request timeout signals
2026-05-29 16:03:39 -04:00
Peter Steinberger
b245cb2b6d
docs(plugins): add external package readmes
2026-05-29 21:00:29 +01:00
Peter Steinberger
2b15850b47
build(plugins): externalize tokenjuice
2026-05-29 21:00:29 +01:00
Peter Steinberger
c8f5a2e0e2
fix(qa-lab): cap credential broker request timeouts
2026-05-29 15:49:38 -04:00
Peter Steinberger
1e2fda9e68
docs(plugins): clarify external plugin installs
2026-05-29 20:43:51 +01:00
Peter Steinberger
a0c1f5962d
fix(runtime): centralize safe timer timeout resolution
2026-05-29 15:36:38 -04:00
Vincent Koc
33b81686ad
test(file-transfer): remove stale tar fixture awaits
2026-05-29 21:23:11 +02:00
Vincent Koc
07870dff45
refactor: share codex app server start context
2026-05-29 21:19:55 +02:00
Peter Steinberger
99b24a80fb
build(plugins): externalize copilot runtime
2026-05-29 20:14:38 +01:00
Peter Steinberger
a39c2d784e
fix(minimax): cap tts timeout delays
2026-05-29 15:11:01 -04:00
Peter Steinberger
11e82bdef2
fix(lmstudio): cap model fetch timeout delays
2026-05-29 15:05:20 -04:00
Peter Steinberger
7f4338d435
test: speed up slow assertions
2026-05-29 20:52:18 +02:00
Peter Steinberger
61031d1b1c
feat(workboard): add agent coordination tools
...
Summary:
- Add Workboard agent coordination tools for list/read/claim/heartbeat/release/comment/proof/unblock flows.
- Store artifacts, claims, diagnostics, and notifications in the Workboard SQLite-backed plugin state; surface the new metadata through Gateway, Control UI, docs, and plugin manifest contracts.
- Add scoped claim authorization, token redaction, stale diagnostic cleanup, atomic proof artifact writes, and generated i18n metadata.
Verification:
- pnpm test ui/src/i18n/test/translate.test.ts extensions/browser/src/cli/browser-cli-actions-input/register.element.test.ts extensions/workboard/src/store.test.ts extensions/workboard/src/gateway.test.ts extensions/workboard/src/tools.test.ts ui/src/ui/controllers/workboard.test.ts ui/src/ui/views/workboard.test.ts
- pnpm ui:i18n:check
- env -u OPENCLAW_TESTBOX pnpm check:changed
- autoreview --mode local: clean
- PR CI passed; Windows checkout failure rerun passed on attempt 2
2026-05-29 20:23:21 +02:00
Peter Steinberger
e3be541a6c
fix(google): reject unsafe vertex adc lifetimes
2026-05-29 13:57:34 -04:00
Peter Steinberger
b9d7dd4a84
fix(feishu): normalize app registration poll timers
2026-05-29 13:53:05 -04:00
Vincent Koc
6d362dbe9a
fix(minimax): guard oauth token fetches ( #88088 )
2026-05-29 18:50:20 +01:00
Peter Steinberger
bf3921dab7
refactor: centralize timer-safe timeout bounds
2026-05-29 13:44:41 -04:00
Peter Steinberger
c36b2bf64e
fix(openshell): cap command timeout config
2026-05-29 13:33:41 -04:00
Peter Steinberger
04de01f8cf
fix(feishu): bound streaming token expiry
2026-05-29 13:28:40 -04:00
Peter Steinberger
f499841be6
fix(google-meet): normalize oauth expiry
2026-05-29 13:22:07 -04:00
Peter Steinberger
604a6b5452
fix(minimax): reject unsafe oauth expiry
2026-05-29 13:15:00 -04:00
Peter Steinberger
5e2c200d06
test(xai): type device-code note mock
2026-05-29 13:15:00 -04:00
Peter Steinberger
58c46ec03b
fix(openai): normalize codex device lifetimes
2026-05-29 13:03:32 -04:00
Peter Steinberger
4ef77dadec
fix(google): normalize unsafe oauth expiry
2026-05-29 12:59:28 -04:00
Peter Steinberger
1ec23446a0
fix(xai): normalize unsafe oauth lifetimes
2026-05-29 12:55:24 -04:00
Peter Steinberger
ece92bcbde
fix: persist Copilot SDK session bindings
...
Persist GitHub Copilot SDK session ids in the plugin-state SQLite store so separate OpenClaw process turns can resume the same Copilot-side session when the compatibility fingerprint still matches.
The fingerprint covers provider/model/cwd, resolved agent id, resolved Copilot home, and auth identity. Plugin-state lookup/register/delete failures are non-fatal, stale rows are invalidated, and reset delete failures use an in-process tombstone so reset does not accidentally reuse a durable binding.
Also routes the QQBot token POST through the plugin SDK SSRF guard with capture disabled for the secret-bearing request, preserving the current token lifetime validation from main.
Verification: focused Copilot and QQBot Vitest suites, raw channel fetch guard, autoreview clean, Blacksmith Testbox pnpm check:changed tbx_01kst9fwjmsfzwaxqatszcbf40, live local Copilot two-turn smoke with the same SDK session id persisted in SQLite.
Refs #88064
2026-05-29 18:46:03 +02:00
Peter Steinberger
5a294cb2bd
refactor: centralize safe expiry parsing
2026-05-29 12:38:11 -04:00
Peter Steinberger
8c0aaee882
fix(chutes): validate oauth token lifetimes
2026-05-29 12:19:29 -04:00
Peter Steinberger
7a750100c9
fix(msteams): validate oauth token lifetimes
2026-05-29 12:01:59 -04:00
Peter Steinberger
64e6ea0727
fix(github-copilot): validate device code lifetimes
2026-05-29 11:56:26 -04:00
Peter Steinberger
806b3b73bb
fix(openai): validate codex oauth token lifetimes
2026-05-29 11:42:49 -04:00
Peter Steinberger
91ecd9645f
fix(qqbot): validate token expiry lifetimes
2026-05-29 11:36:36 -04:00
Peter Steinberger
7dbc7702c3
fix(googlechat): drop invalid inbound timestamps
2026-05-29 11:29:49 -04:00
Peter Steinberger
3654ea32a9
fix(telegram): centralize safe thread id parsing
2026-05-29 11:24:27 -04:00
Peter Steinberger
aa75477533
fix(zalouser): reject unsafe inbound timestamps
2026-05-29 11:13:09 -04:00
Peter Steinberger
3d7df2bc07
fix(discord): bound delivery retry delays
2026-05-29 11:02:34 -04:00
Vincent Koc
e394e0f9b8
fix(qa-matrix): cap fault proxy bodies
2026-05-29 17:02:11 +02:00
Peter Steinberger
fb37811b65
fix(discord): reject unsafe retry-after delays
2026-05-29 10:58:36 -04:00
Peter Steinberger
f2ba23424e
fix(slack): reject unsafe inbound timestamps
2026-05-29 10:52:02 -04:00
Peter Steinberger
ec1e27d562
fix(msteams): ignore unsafe retry-after delays
2026-05-29 10:48:05 -04:00
Peter Steinberger
cde6aff622
fix(whatsapp): validate inbound timestamps
2026-05-29 10:25:59 -04:00
Peter Steinberger
0fa034ed6d
fix(discord): reject unsafe rate limit headers
2026-05-29 10:17:42 -04:00
Peter Steinberger
9ae38ac821
fix(discord): validate error code integers
2026-05-29 10:13:15 -04:00
Vincent Koc
0902ee723b
fix(provider): bound Vydra and Comfy media downloads
2026-05-29 16:12:23 +02:00
Peter Steinberger
c093e4508d
fix(tts): centralize directive number parsing
2026-05-29 10:05:37 -04:00
joshavant
209732535f
fix(exec): align release validation checks
...
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com >
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com >
2026-05-30 00:04:06 +10:00
joshavant
765477d77a
fix(codex): preserve read-only approval floors
...
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com >
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com >
2026-05-30 00:04:06 +10:00
