Peter Steinberger
76154d9275
test(macos): deflake browser proxy gate tests via injectable browser control ( #100517 )
...
MacNodeRuntime's browser proxy gate read OPENCLAW_CONFIG_PATH-resolved config
at invoke time, so parallel tests mutating process env (raw setenv outside
TestIsolationLock in LogLocatorTests/WideAreaGatewayDiscoveryTests) could make
the gate read the real host config. Inject the gate state in tests, cover the
config flag parsing in OpenClawConfigFileTests, and route remaining raw setenv
test users through TestIsolation.withEnvValues.
2026-07-06 02:13:05 +01:00
Peter Steinberger
37c67b0d27
fix(macos): reduce idle CPU wakeups ( #100463 )
...
* fix(macos): reduce idle CPU wakeups
* chore(macos): sync native i18n inventory
* chore(macos): sync native i18n inventory
* chore(macos): sync native i18n inventory
* chore(macos): sync native i18n inventory
* chore(macos): sync native i18n inventory
* chore(macos): sync native i18n inventory
2026-07-05 23:35:50 +01:00
Peter Steinberger
6a7b62889e
feat(macos): install and run the local Gateway automatically ( #99767 )
...
* feat(macos): automate local gateway setup
* fix(macos): auto-approve the local Mac node
* chore(macos): refresh generated setup metadata
* chore(macos): refresh generated setup metadata
* chore(macos): refresh generated setup metadata
* chore(macos): refresh generated setup metadata
* chore(macos): refresh generated setup metadata
2026-07-03 22:09:56 -07:00
clawsweeper[bot]
9cbf18293b
fix #90668 : [Bug]: macOS node mode can silently self-reconnect in a healthy direct gateway session ( #90815 )
...
Summary:
- Adds a macOS node-mode TLS session cache keyed by gateway URL and TLS pin parameters, with Swift tests for reuse and rebuild behavior.
- PR surface: Other +78. Total +78 across 2 files.
- Reproducibility: yes. The source path is clear: current main supplies a fresh TLS session identity into `Gat ... inked macOS WSS proof demonstrates repeated connected callbacks before the cache and one callback after it.
Automerge notes:
- PR branch already contained follow-up commit before automerge: fix(macos): make TLS session cache lint-safe
- PR branch already contained follow-up commit before automerge: fix #90668 : [Bug]: macOS node mode can silently self-reconnect in a h…
Validation:
- ClawSweeper review passed for head 1496eac8c1 .
- Required merge gates passed before the squash merge.
Prepared head SHA: 1496eac8c1
Review: https://github.com/openclaw/openclaw/pull/90815#issuecomment-4637057530
Co-authored-by: 张贵萍0668001030 <zhang.guiping@xydigit.com >
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com>
Approved-by: takhoffman
Co-authored-by: takhoffman <781889+takhoffman@users.noreply.github.com >
2026-06-06 02:44:59 +00:00
joshavant
d5d3e9983e
fix: harden mobile a2ui bridge trust
2026-06-03 16:50:08 -07:00
Jesse Merhi
42f0822bfa
fix(exec): hide unavailable durable approval actions ( #86359 )
...
* fix(macos): align ask always approval actions
* fix(macos): harden approval prompt decisions
* fix(ui): satisfy approval action lint
* fix(infra): settle jsonl sockets on close
* fix(ui): explain unavailable durable approvals
* test(macos): document legacy approval fallback
2026-05-27 14:58:11 +10:00
Val Alexander
5f89cabeb5
fix(macos): harden screen.snapshot validation and payload bounds
...
Fixes #68181 .
Rejects malformed macOS screen.snapshot params before capture, sanitizes capture failures, and bounds inline base64 snapshot responses against the projected node.invoke.result frame size.
Supersedes #68186 .
2026-05-15 02:27:33 -05:00
Val Alexander
6a41a54212
fix(macos): harden direct gateway TLS pinning
...
Summary:
- Require macOS system trust before saving and accepting first-use direct `wss://` gateway TLS pins.
- Honor `gateway.remote.tlsFingerprint` in macOS direct node-mode TLS params.
- Add focused Swift coverage and update remote gateway docs/changelog.
Verification:
- Local: swiftformat --lint on touched Swift files.
- Local: git diff --check HEAD~1..HEAD.
- Local: swift test --package-path apps/shared/OpenClawKit --filter GatewayTLSPinningTests.
- Local: swift test --package-path apps/macos --filter 'MacNodeModeCoordinatorTests|GatewayEndpointStoreTests'.
- Local: PATH=/Users/buns/.nvm/versions/node/v24.13.0/bin:$PATH pnpm docs:list.
- CI: macos-node, macos-swift, check-docs, security-fast, security-scm-fast, security-dependency-audit, Opengrep OSS, and changed-path checks passed on PR head cf383fc047 .
Fixes #50642 .
Supersedes #50643 .
2026-05-13 21:30:22 -05:00
Peter Steinberger
694ca50e97
Revert "refactor: move runtime state to SQLite"
...
This reverts commit f91de52f0d .
2026-05-13 13:33:38 +01:00
Peter Steinberger
f91de52f0d
refactor: move runtime state to SQLite
...
* refactor: remove stale file-backed shims
* fix: harden sqlite state ci boundaries
* refactor: store matrix idb snapshots in sqlite
* fix: satisfy rebased CI guardrails
* refactor: store current conversation bindings in sqlite table
* refactor: store tui last sessions in sqlite table
* refactor: reset sqlite schema history
* refactor: drop unshipped sqlite table migration
* refactor: remove plugin index file rollback
* refactor: drop unshipped sqlite sidecar migrations
* refactor: remove runtime commitments kv migration
* refactor: preserve kysely sync result types
* refactor: drop unshipped sqlite schema migration table
* test: keep session usage coverage sqlite-backed
* refactor: keep sqlite migration doctor-only
* refactor: isolate device legacy imports
* refactor: isolate push voicewake legacy imports
* refactor: isolate remaining runtime legacy imports
* refactor: tighten sqlite migration guardrails
* test: cover sqlite persisted enum parsing
* refactor: isolate legacy update and tui imports
* refactor: tighten sqlite state ownership
* refactor: move legacy imports behind doctor
* refactor: remove legacy session row lookup
* refactor: canonicalize memory transcript locators
* refactor: drop transcript path scope fallbacks
* refactor: drop runtime legacy session delivery pruning
* refactor: store tts prefs only in sqlite
* refactor: remove cron store path runtime
* refactor: use cron sqlite store keys
* refactor: rename telegram message cache scope
* refactor: read memory dreaming status from sqlite
* refactor: rename cron status store key
* refactor: stop remembering transcript file paths
* test: use sqlite locators in agent fixtures
* refactor: remove file-shaped commitments and cron store surfaces
* refactor: keep compaction transcript handles out of session rows
* refactor: derive transcript handles from session identity
* refactor: derive runtime transcript handles
* refactor: remove gateway session locator reads
* refactor: remove transcript locator from session rows
* refactor: store raw stream diagnostics in sqlite
* refactor: remove file-shaped transcript rotation
* refactor: hide legacy trajectory paths from runtime
* refactor: remove runtime transcript file bridges
* refactor: repair database-first rebase fallout
* refactor: align tests with database-first state
* refactor: remove transcript file handoffs
* refactor: sync post-compaction memory by transcript scope
* refactor: run codex app-server sessions by id
* refactor: bind codex runtime state by session id
* refactor: pass memory transcripts by sqlite scope
* refactor: remove transcript locator cleanup leftovers
* test: remove stale transcript file fixtures
* refactor: remove transcript locator test helper
* test: make cron sqlite keys explicit
* test: remove cron runtime store paths
* test: remove stale session file fixtures
* test: use sqlite cron keys in diagnostics
* refactor: remove runtime delivery queue backfill
* test: drop fake export session file mocks
* refactor: rename acp session read failure flag
* refactor: rename acp row session key
* refactor: remove session store test seams
* refactor: move legacy session parser tests to doctor
* refactor: reindex managed memory in place
* refactor: drop stale session store wording
* refactor: rename session row helpers
* refactor: rename sqlite session entry modules
* refactor: remove transcript locator leftovers
* refactor: trim file-era audit wording
* refactor: clean managed media through sqlite
* fix: prefer explicit agent for exports
* fix: use prepared agent for session resets
* fix: canonicalize legacy codex binding import
* test: rename state cleanup helper
* docs: align backup docs with sqlite state
* refactor: drop legacy Pi usage auth fallback
* refactor: move legacy auth profile imports to doctor
* refactor: keep Pi model discovery auth in memory
* refactor: remove MSTeams legacy learning key fallback
* refactor: store model catalog config in sqlite
* refactor: use sqlite model catalog at runtime
* refactor: remove model json compatibility aliases
* refactor: store auth profiles in sqlite
* refactor: seed copied auth profiles in sqlite
* refactor: make auth profile runtime sqlite-addressed
* refactor: migrate hermes secrets into sqlite auth store
* refactor: move plugin install config migration to doctor
* refactor: rename plugin index audit checks
* test: drop auth file assumptions
* test: remove legacy transcript file assertions
* refactor: drop legacy cli session aliases
* refactor: store skill uploads in sqlite
* refactor: keep subagent attachments in sqlite vfs
* refactor: drop subagent attachment cleanup state
* refactor: move legacy session aliases to doctor
* refactor: require node 24 for sqlite state runtime
* refactor: move provider caches into sqlite state
* fix: harden virtual agent filesystem
* refactor: enforce database-first runtime state
* refactor: rename compaction transcript rotation setting
* test: clean sqlite refactor test types
* refactor: consolidate sqlite runtime state
* refactor: model session conversations in sqlite
* refactor: stop deriving cron delivery from session keys
* refactor: stop classifying sessions from key shape
* refactor: hydrate announce targets from typed delivery
* refactor: route heartbeat delivery from typed sqlite context
* refactor: tighten typed sqlite session routing
* refactor: remove session origin routing shadow
* refactor: drop session origin shadow fixtures
* perf: query sqlite vfs paths by prefix
* refactor: use typed conversation metadata for sessions
* refactor: prefer typed session routing metadata
* refactor: require typed session routing metadata
* refactor: resolve group tool policy from typed sessions
* refactor: delete dead session thread info bridge
* Show Codex subscription reset times in channel errors (#80456 )
* feat(plugin-sdk): consolidate session workflow APIs
* fix(agents): allow read-only agent mount reads
* [codex] refresh plugin regression fixtures
* fix(agents): restore compaction gateway logs
* test: tighten gateway startup assertions
* Redact persisted secret-shaped payloads [AI] (#79006 )
* test: tighten device pair notify assertions
* test: tighten hermes secret assertions
* test: assert matrix client error shapes
* test: assert config compat warnings
* fix(heartbeat): remap cron-run exec events to session keys (#80214 )
* fix(codex): route btw through native side threads
* fix(auth): accept friendly OpenAI order for Codex profiles
* fix(codex): rotate auth profiles inside harness
* fix: keep browser status page probe within timeout
* test: assert agents add outputs
* test: pin cron read status
* fix(agents): avoid Pi resource discovery stalls
Co-authored-by: dataCenter430 <titan032000@gmail.com >
* fix: retire timed-out codex app-server clients
* test: tighten qa lab runtime assertions
* test: check security fix outputs
* test: verify extension runtime messages
* feat(wake): expose typed sessionKey on wake protocol + system event CLI
* fix(gateway): await session_end during shutdown drain and track channel + compaction lifecycle paths (#57790 )
* test: guard talk consult call helper
* fix(codex): scale context engine projection (#80761 )
* fix(codex): scale context engine projection
* fix: document Codex context projection scaling
* fix: document Codex context projection scaling
* fix: document Codex context projection scaling
* fix: document Codex context projection scaling
* chore: align Codex projection changelog
* chore: realign Codex projection changelog
* fix: isolate Codex projection patch
---------
Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org >
Co-authored-by: Josh Lehman <josh@martian.engineering >
* refactor: move agent runtime state toward piless
* refactor: remove cron session reaper
* refactor: move session management to sqlite
* refactor: finish database-first state migration
* chore: refresh generated sqlite db types
* refactor: remove stale file-backed shims
* test: harden kysely type coverage
# Conflicts:
# .agents/skills/kysely-database-access/SKILL.md
# src/infra/kysely-sync.types.test.ts
# src/proxy-capture/store.sqlite.test.ts
# src/state/openclaw-agent-db.test.ts
# src/state/openclaw-state-db.test.ts
* refactor: remove cron store path runtime
* refactor: keep compaction transcript handles out of session rows
* refactor: derive embedded transcripts from sqlite identity
* refactor: remove embedded transcript locator handoff
* refactor: remove runtime transcript file bridges
* refactor: remove transcript file handoffs
* refactor: remove MSTeams legacy learning key fallback
* refactor: store model catalog config in sqlite
* refactor: use sqlite model catalog at runtime
# Conflicts:
# docs/cli/secrets.md
# docs/gateway/authentication.md
# docs/gateway/secrets.md
* fix: keep oauth sibling sync sqlite-local
# Conflicts:
# src/commands/onboard-auth.test.ts
* refactor: remove task session store maintenance
# Conflicts:
# src/commands/tasks.ts
* refactor: keep diagnostics in state sqlite
* refactor: enforce database-first runtime state
* refactor: consolidate sqlite runtime state
* Show Codex subscription reset times in channel errors (#80456 )
* fix(codex): refresh subscription limit resets
* fix(codex): format reset times for channels
* Update CHANGELOG with latest changes and fixes
Updated CHANGELOG with recent fixes and improvements.
* fix(codex): keep command load failures on codex surface
* fix(codex): format account rate limits as rows
* fix(codex): summarize account limits as usage status
* fix(codex): simplify account limit status
* test: tighten subagent announce queue assertion
* test: tighten session delete lifecycle assertions
* test: tighten cron ops assertions
* fix: track cron execution milestones
* test: tighten hermes secret assertions
* test: assert matrix sync store payloads
* test: assert config compat warnings
* fix(codex): align btw side thread semantics
* fix(codex): honor codex fallback blocking
* fix(agents): avoid Pi resource discovery stalls
* test: tighten codex event assertions
* test: tighten cron assertions
* Fix Codex app-server OAuth harness auth
* refactor: move agent runtime state toward piless
* refactor: move device and push state to sqlite
* refactor: move runtime json state imports to doctor
* refactor: finish database-first state migration
* chore: refresh generated sqlite db types
* refactor: clarify cron sqlite store keys
* refactor: remove stale file-backed shims
* refactor: bind codex runtime state by session id
* test: expect sqlite trajectory branch export
* refactor: rename session row helpers
* fix: keep legacy device identity import in doctor
* refactor: enforce database-first runtime state
* refactor: consolidate sqlite runtime state
* build: align pi contract wrappers
* chore: repair database-first rebase
* refactor: remove session file test contracts
* test: update gateway session expectations
* refactor: stop routing from session compatibility shadows
* refactor: stop persisting session route shadows
* refactor: use typed delivery context in clients
* refactor: stop echoing session route shadows
* refactor: repair embedded runner rebase imports
# Conflicts:
# src/agents/pi-embedded-runner/run/attempt.tool-call-argument-repair.ts
* refactor: align pi contract imports
* refactor: satisfy kysely sync helper guard
* refactor: remove file transcript bridge remnants
* refactor: remove session locator compatibility
* refactor: remove session file test contracts
* refactor: keep rebase database-first clean
* refactor: remove session file assumptions from e2e
* docs: clarify database-first goal state
* test: remove legacy store markers from sqlite runtime tests
* refactor: remove legacy store assumptions from runtime seams
* refactor: align sqlite runtime helper seams
* test: update memory recall sqlite audit mock
* refactor: align database-first runtime type seams
* test: clarify doctor cron legacy store names
* fix: preserve sqlite session route projections
* test: fix copilot token cache test syntax
* docs: update database-first proof status
* test: align database-first test fixtures
* docs: update database-first proof status
* refactor: clean extension database-first drift
* test: align agent session route proof
* test: clarify doctor legacy path fixtures
* chore: clean database-first changed checks
* chore: repair database-first rebase markers
* build: allow baileys git subdependency
* chore: repair exp-vfs rebase drift
* chore: finish exp-vfs rebase cleanup
* chore: satisfy rebase lint drift
* chore: fix qqbot rebase type seam
* chore: fix rebase drift leftovers
* fix: keep auth profile oauth secrets out of sqlite
* fix: repair rebase drift tests
* test: stabilize pairing request ordering
* test: use source manifests in plugin contract checks
* fix: restore gateway session metadata after rebase
* fix: repair database-first rebase drift
* fix: clean up database-first rebase fallout
* test: stabilize line quick reply receipt time
* fix: repair extension rebase drift
* test: keep transcript redaction tests sqlite-backed
* fix: carry injected transcript redaction through sqlite
* chore: clean database branch rebase residue
* fix: repair database branch CI drift
* fix: repair database branch CI guard drift
* fix: stabilize oauth tls preflight test
* test: align database branch fast guards
* test: repair build artifact boundary guards
* chore: clean changelog rebase markers
---------
Co-authored-by: pashpashpash <nik@vault77.ai >
Co-authored-by: Eva <eva@100yen.org >
Co-authored-by: stainlu <stainlu@newtype-ai.org >
Co-authored-by: Jason Zhou <jason.zhou.design@gmail.com >
Co-authored-by: Ruben Cuevas <hi@rubencu.com >
Co-authored-by: Pavan Kumar Gondhi <pavangondhi@gmail.com >
Co-authored-by: Shakker <shakkerdroid@gmail.com >
Co-authored-by: Kaspre <36520309+Kaspre@users.noreply.github.com >
Co-authored-by: dataCenter430 <titan032000@gmail.com >
Co-authored-by: Kaspre <kaspre@gmail.com >
Co-authored-by: pandadev66 <nova.full.stack@outlook.com >
Co-authored-by: Eva <admin@100yen.org >
Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org >
Co-authored-by: Josh Lehman <josh@martian.engineering >
Co-authored-by: jeffjhunter <support@aipersonamethod.com >
2026-05-13 13:15:12 +01:00
Pavan Kumar Gondhi
17fa101c16
Validate node exec event provenance [AI] ( #81071 )
...
* fix: validate node exec event provenance
* addressing codex review
* addressing codex review
* addressing codex review
* addressing codex review
* addressing codex review
* addressing claude review
* addressing ci
* addressing ci
* addressing ci
* docs: add changelog entry for PR merge
2026-05-13 09:56:09 +05:30
Peter Steinberger
af9baddac0
fix(release): align beta plugin install expectations
2026-05-09 23:25:26 +01:00
Peter Steinberger
330ba1fa31
refactor: move canvas to plugin surfaces
2026-05-07 09:07:18 +01:00
Nimrod Gutman
eecd758e39
fix(macos): repair stale gateway tls pins ( #75038 )
...
Merged via squash.
Prepared head SHA: 35196f8f71
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com >
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com >
Reviewed-by: @ngutman
2026-04-30 14:14:03 +03:00
Peter Steinberger
ae45eebef1
fix: route remote mac browser through node host
2026-04-26 05:25:59 +01:00
Peter Steinberger
a290e91b12
style: fix macos app lint warnings
2026-04-20 14:17:25 +01:00
Val Alexander
f377db1015
feat: add macOS screen snapshots for monitor preview ( #67954 ) thanks @BunsDev
...
Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com >
2026-04-17 02:58:21 -05:00
Peter Steinberger
719bfb46ff
style: format macos sources for ci
2026-03-22 17:32:30 +00:00
Josh Avant
7abfff756d
Exec: harden host env override handling across gateway and node ( #51207 )
...
* Exec: harden host env override enforcement and fail closed
* Node host: enforce env override diagnostics before shell filtering
* Env overrides: align Windows key handling and mac node rejection
2026-03-20 15:44:15 -05:00
Nimrod Gutman
c4a4050ce4
fix(macos): align exec command parity ( #50386 )
...
* fix(macos): align exec command parity
* fix(macos): address exec review follow-ups
2026-03-19 13:51:17 +02:00
Peter Steinberger
bf89947a8e
fix: switch pairing setup codes to bootstrap tokens
2026-03-12 22:23:07 +00:00
Luke
f063e57d4b
fix(macos): use foundationValue when serializing browser proxy POST body ( #43069 )
...
Merged via squash.
Prepared head SHA: 04c33fa061
Co-authored-by: ImLukeF <1272861+Effet@users.noreply.github.com >
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com >
Reviewed-by: @frankekn
2026-03-11 19:14:01 +08:00
Peter Steinberger
53fb317e7f
fix(macos): clean swiftformat pass and sendable warning
2026-03-08 13:22:46 +00:00
Peter Steinberger
d15b6af77b
fix: land contributor PR #39516 from @Imhermes1
...
macOS app/chat/browser/cron/permissions fixes.
Co-authored-by: ImHermes1 <lukeforn@gmail.com >
2026-03-08 06:11:20 +00:00
Peter Steinberger
04a8f97c57
fix(swift): align async helper callsites across iOS and macOS
2026-03-03 03:07:54 +00:00
Peter Steinberger
cf67e374c0
refactor(macos): dedupe UI, pairing, and runtime helpers
2026-03-02 11:32:20 +00:00
Peter Steinberger
e371da38aa
fix(macos): consolidate exec approval evaluation
2026-02-21 19:30:35 +01:00
Peter Steinberger
5da03e6221
fix(macos): harden exec allowlist shell-chain checks
2026-02-21 16:27:18 +01:00
Peter Steinberger
2cdbadee1f
fix(security): block startup-file env injection across host execution paths
2026-02-21 11:44:20 +01:00
Peter Steinberger
8725c2b19f
style(swift): run swiftformat + swiftlint autocorrect
2026-02-15 05:38:35 +01:00
Peter Steinberger
9a7160786a
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00