Commit Graph

15095 Commits

Author SHA1 Message Date
xingzhou
f14eb97ae7 fix(codex): honor Pro reasoning effort contracts (#101484)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 03:13:50 -07:00
Alix-007
079a704dda fix(voice-call): keep realtime context truncation UTF-16 safe (#101304)
* Fix UTF-16-safe realtime context truncation

* test(voice-call): tighten UTF-16 context regression

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 11:01:48 +01:00
Peter Steinberger
6b76a306d4 fix(zalo): accept opaque string chat IDs (#101548)
Co-authored-by: Goutam Adwant <workwithgoutam@gmail.com>
2026-07-07 10:58:59 +01:00
Alix-007
0f775fa25e fix(msteams): bound Microsoft Graph API response reads in graph-upload to prevent OOM (#97784)
* fix(msteams): bound Microsoft Graph API response reads in graph-upload to prevent OOM

* test(msteams): prove graph upload oversized JSON rejection

* test(msteams): tighten Graph response bound proof

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 10:36:54 +01:00
Vincent Koc
ccbd9eb28d fix(qqbot): keep bounded previews UTF-16 safe (#101516)
Co-authored-by: wangmiao0668000666 <wang.miao86@xydigit.com>
2026-07-07 02:18:57 -07:00
Peter Steinberger
a2a68d154b fix(agent): preserve explicit recipient sessions (#101507)
* fix(agent): honor recipient session routing

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: pingfanfan <pingfan.work@gmail.com>

* fix(agent): preserve canonical recipient routes

* fix(agent): require exact recipient routes

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>

Co-authored-by: pingfanfan <pingfan.work@gmail.com>

* fix(agent): harden recipient route resolution

* fix(imessage): require canonical recipient handles

* fix(agent): refine provider recipient exactness

* fix(agent): bound direct alias session routing

* fix(signal): preserve direct alias route type

* fix(agent): honor binding-scoped recipient sessions

* fix(routing): honor configured main session aliases

* fix(clickclack): align account-owned session routes

* fix(twitch): preserve canonical recipient sessions

* fix(routing): isolate stable outbound identities

* chore: defer recipient session changelog

* fix(sms): use dedicated channel SDK facade

---------

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: pingfanfan <pingfan.work@gmail.com>
2026-07-07 10:07:13 +01:00
ml12580
c1f9087e8e fix(cli): accept parent options placed after lazy subcommands (#55563 regression 1) [AI-assisted] (#94431)
* fix(cli): restore lazy parent option ordering

Co-authored-by: ml12580 <long.xinyuan3@xydigit.com>

* chore: defer release-owned changelog entry

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 09:45:04 +01:00
Ayaan Zaidi
01f6593ea5 fix(telegram): reduce durable empty-rich guard to skip 2026-07-07 14:14:03 +05:30
snowzlmbot
2f98e1fdb5 fix(telegram): address rich fallback proof review 2026-07-07 14:14:03 +05:30
snowzlmbot
982328218b fix(telegram): harden rich send fallback and typing breaker
- Raise typing-breaker default from 2 to 5 consecutive failures via a
  named constant, keeping explicit overrides intact.
- Extend rich-plain-fallback trigger map to classify
  RICH_MESSAGE_CONTENT_REQUIRED alongside existing invalid-entity
  errors so both durable and streaming send funnels benefit.
- Add empty rendered-rich-HTML guards before sendRichMessage in both
  the durable chunk loop (send.ts) and the streaming delivery funnel
  (delivery.send.ts), preventing doomed Bot API calls and preserving
  later valid chunks.
- Add regression tests for the default typing breaker, delivery-side
  and durable-side RICH_MESSAGE_CONTENT_REQUIRED fallback behavior.
2026-07-07 14:14:03 +05:30
sunlit-deng
24330a82b4 fix(mattermost): reject oversized websocket events (#99366)
* fix(mattermost): bound monitor websocket payloads

* fix(mattermost): preserve websocket payload headroom

Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 09:35:00 +01:00
cxbAsDev
e1b79346c5 fix(signal): bound outbound container attachment file reads (#101391)
* fix(signal): bound outbound container attachment file reads

* fix(signal): honor configured container attachment limits

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 09:17:14 +01:00
pick-cat
e72dadbb3b fix(anthropic): resolve thinking as disabled when legacy budget is below 1024 (#101415)
* fix(anthropic): resolve thinking as disabled when legacy budget is below 1024

When adjustMaxTokensForThinking collapses the thinking budget below the
Anthropic minimum (1024), option resolution now sets thinkingEnabled to
false instead of always forcing it to true. This keeps every downstream
consumer (payload, replay, temperature, tool-choice) consistent — they
all see the same disabled state instead of an enabled flag with a
missing or API-rejected thinking block.

|| → ?? in both builders is defensive: the resolution layer already
prevents invalid budgets from reaching the builder through the normal
path, but ?? preserves an explicit zero when the builder is called
directly.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(anthropic): guard raw streamAnthropic builder path against sub-minimum budgets

Add budget guards in both Anthropic payload builders so direct
streamAnthropic and bundled-plugin callers (e.g. Mantle) that bypass
option resolution also get the disabled-state rule instead of producing
API-rejected { type: "enabled", budget_tokens: < 1024 } requests.

Add proof-anthropic-thinking-budget.mts driving real production
functions with terminal output and negative control.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(anthropic): normalize legacy thinking budgets

Co-authored-by: Pick-cat <huang.ting3@xydigit.com>

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 08:42:40 +01:00
Vincent Koc
1aeed5ec26 refactor(plugins): localize private config types (#101452) 2026-07-07 00:34:46 -07:00
cxbAsDev
735b7b2f34 fix(voice-call): handle tunnel child stream errors and stop-after-exit hang (#101394)
* fix(voice-call): handle tunnel child stream errors and stop-after-exit hang

* fix(voice-call): stop children after stream failures

* style(voice-call): satisfy timer lint

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 08:30:02 +01:00
wangmiao0668000666
048fe0850e fix(qqbot): use UTF-16-safe truncation for messaging reply and approval previews (#101421)
* fix(qqbot): use UTF-16-safe truncation for messaging reply and approval previews

* test(qqbot): focus UTF-16 approval regression

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 08:22:06 +01:00
cxbAsDev
08abf83a66 fix(imessage): handle CLI child stdout/stderr stream errors (#101401)
* fix(imessage): handle CLI child stdout/stderr stream errors

* fix(imessage): stop CLI children after stream failures

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 08:19:52 +01:00
Vincent Koc
7c55ce53e2 refactor(opencode-go): localize stream internals (#101440) 2026-07-07 00:16:14 -07:00
Alex Knight
d09469c7a6 fix: show exported tool results in trace viewers (#101371)
* fix: show exported tool results in trace viewers

* fix(diagnostics-otel): emit semconv response key and execute_tool identity so trace viewers show tool results

---------

Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>
2026-07-07 17:14:30 +10:00
Vincent Koc
9cf5079e56 refactor(plugins): localize provider internals (#101425) 2026-07-06 23:50:12 -07:00
xingzhou
de152b1f65 fix(plugin-sdk): align speech runtime packaging (#89899)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 07:38:41 +01:00
Vincent Koc
33163d4273 refactor(plugins): localize private declarations (#101406) 2026-07-06 23:26:47 -07:00
Peter Steinberger
554d772c1a refactor(codex): keyed turn routing, client-scoped rate limits, and resume subscription safety (#101376)
* feat(codex): scope app-server rate limits to the physical client

Replace the process-global rate-limit cache with a WeakMap keyed by the
physical app-server client, tracking per-limitId revisions. Rolling
account/rateLimits/updated notifications merge sparsely per the protocol
contract (credits/individualLimit/planType survive nulls), and
usage-limit errors only trust a snapshot for auth-profile blocking when
the same client observed a primary update during the failing turn's
startup. Fixes cross-client rate-limit bleed in usage-limit error
messages. A new client-runtime module installs the
account/chatgptAuthTokens/refresh handler and the rate-limit observer
once per physical client, replacing per-start inline handlers in
shared-client, run-attempt, and side-question.

* refactor(codex): split thread/resume subscription safety into thread-resume

Move the thread/resume request out of thread-lifecycle into a dedicated
thread-resume module that retires the exact physical client when resume
acceptance is indeterminate: only a structured RPC rejection proves
Codex holds no subscription, so any other failure abandons the client
instead of returning it to the shared pool. Resume responses naming a
different thread now fail closed (assertCodexThreadResumeSubscription),
and the fresh-thread fallback requires a released subscription unless
the resume was a proven RPC rejection.

* refactor(codex): replace client-factory positional DI with shared-client factory

Delete the lazy positional-argument CodexAppServerClientFactory and use
the options-object factory type exported from shared-client. Callers in
run-attempt, compact, bounded-turn, provider-capabilities, and the
web-search provider now default to getLeasedSharedCodexAppServerClient
directly; the lazy indirection was ineffective because those modules
already import shared-client statically.

* feat(codex): route app-server turn traffic through a keyed turn router

Install one turn router per physical app-server client and replace the
broad per-attempt notification/request fanout with explicit per-thread
routes. Attempt startup reserves the thread route (before thread/resume
on the resume path, so early notifications buffer instead of racing),
run-attempt activates it with receive-time, queued, and request
handlers, arms the route before turn/start, binds the accepted turn id
to flush buffered traffic in wire order, and releases the route on
cleanup. Requests for a pending turn wait for binding instead of being
auto-declined, native turn completion waits use route state instead of
scanning buffered notifications, and correlation readers now match the
canonical v2 wire shapes only (top-level threadId, nested turn.id). The
unscoped response-delta lease-count attribution and its client API are
deleted along with the retired correlation predicates.

* test(codex): reset the shared binding store between thread-lifecycle tests

SQLite bindings are keyed by session identity rather than the per-test
temp dir, so earlier tests leaked resumable threads into fresh-start
expectations. The old silent resume-failure fallback masked the leak;
subscription safety surfaces it.

* test(codex): reset the binding store between delivery-hint iterations

The loop reuses one session identity across iterations, so the previous
iteration's thread would resume against a harness that cannot serve it.
2026-07-07 07:25:15 +01:00
Vincent Koc
f0564943a7 docs(openai): refresh realtime 2.1 examples 2026-07-06 23:22:33 -07:00
Vincent Koc
c43e020f47 feat(openai): default realtime voice to gpt-realtime-2.1 2026-07-06 23:22:33 -07:00
Dallin Romney
3175d8e742 refactor(qa): drive Matrix lifecycle through channel drivers (#101055)
* test(matrix): add substrate lifecycle contract

* fix(matrix): satisfy lifecycle dependency gates

* refactor(matrix): keep Crabline lifecycle in adapter

* refactor(qa): select Matrix lifecycle by driver lane

* refactor(matrix): keep lifecycle helpers test-only

* refactor(qa): drive Matrix lifecycle through channel drivers
2026-07-06 23:13:21 -07:00
Vincent Koc
4a9fe264e6 test(github-copilot): use real token exchange response 2026-07-07 08:07:43 +02:00
Vincent Koc
b662209488 refactor(github-copilot): localize internal helpers (#101393) 2026-07-06 22:58:46 -07:00
Vincent Koc
094c0d421f fix(voice-call): bound Twilio API hosts 2026-07-07 07:40:14 +02:00
Vincent Koc
cc085da581 refactor(copilot): localize internal runtime types (#101379) 2026-07-06 22:33:59 -07:00
snowzlmbot
53580e13a4 fix(usage): preserve provider-billed zero totals (#101177)
* fix(usage): preserve provider-billed zero totals

* fix(usage): harden provider-billed cost provenance

* fix(openrouter): retry delayed generation metadata

* fix(openrouter): satisfy retry lint

* refactor(openrouter): consume streamed billed cost

* chore: keep release notes out of contributor PR

---------

Co-authored-by: snowzlmbot <293528334+snowzlmbot@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 06:22:28 +01:00
Peter Steinberger
01d6ea1f0e feat(browser): expose agent download actions (#101369)
* feat(browser): expose agent download actions

Co-authored-by: changcy <742592895@qq.com>

* chore: keep release notes in PR context

---------

Co-authored-by: changcy <742592895@qq.com>
2026-07-07 06:17:52 +01:00
Jodok Batlogg
a2f95de750 feat(voice-call): support Twilio regions (#95832)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Jodok Batlogg <158125+jodok@users.noreply.github.com>
2026-07-07 06:05:31 +01:00
Peter Steinberger
ac24461252 fix(feishu): keep operator logs UTF-16 safe (#101364)
Co-authored-by: Wynne668 <ceng.wen@xydigit.com>
2026-07-07 05:54:50 +01:00
Peter Steinberger
90b680435a fix(minimax): clarify TTS volume boundary (#101359)
Co-authored-by: Quratulain-bilal <umayaimanshah@gmail.com>
2026-07-07 05:53:08 +01:00
shushushu
a596ca1795 fix(openai): allow fake-IP Realtime requests (#86526)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 05:48:57 +01:00
Peter Steinberger
e5798e5477 refactor(codex): raise app-server floor to 0.142, drop range compat, fix deferred spawn_agent steering (#101221)
* refactor(codex): raise app-server floor to 0.142 and drop range-compat protocol paths

* refactor(codex): model subagent mirror state as one map

* style(codex): format event-projector

* test(codex): drop unused shared-client test import

* refactor(codex): drop v1-era notification field aliases

* fix(codex): teach models to load deferred native spawn_agent via tool_search

* docs(codex): realign harness config tables

* docs(changelog): note Codex app-server protocol update
2026-07-07 05:48:53 +01:00
Wynne668
1ef4544871 fix(mattermost): strip internal tool-trace banners from outbound text (#98693)
* fix(mattermost): strip internal tool-trace banners from outbound text

Co-authored-by: Cursor <cursoragent@cursor.com>

* test(mattermost): prove outbound sanitizer send path

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 05:48:41 +01:00
Peter Steinberger
c5d42593be fix(anthropic): guard SDK client transport (#101357)
Co-authored-by: wangmiao0668000666 <wang.miao86@xydigit.com>
2026-07-07 05:45:49 +01:00
NickNMorty
59097783e2 fix(markdown-core): CJK-friendly emphasis flanking so **标签:**正文 renders bold (#101120) (#101230)
* test(telegram): reproduce CJK emphasis flanking bug

* fix(markdown-core): support CJK emphasis flanking

* fix(markdown-core): type CJK delimiter state (#101120)

* fix(markdown-core): mirror markdown-it Unicode whitespace in CJK delimiter override

Preserves markdown-it isWhiteSpace classification (U+3000, U+00A0, U+2000-200A, etc.) before forcing CJK-adjacent delimiter flags, and adds U+3000/U+2009 regressions. Addresses clawsweeper P1 finding on #101230.

* refactor(markdown): use maintained CJK flanking plugin

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 05:43:42 +01:00
Vincent Koc
84e5327720 fix(text): keep bounded outputs UTF-16 safe (#101355)
Co-authored-by: Alix-007 <li.long15@xydigit.com>
2026-07-06 21:33:24 -07:00
lzw112
da20b65231 fix(telegram): add UND_ERR_CONNECT_TIMEOUT to PRE_CONNECT_ERROR_CODES (#101258)
* fix(telegram): add UND_ERR_CONNECT_TIMEOUT to PRE_CONNECT_ERROR_CODES

UND_ERR_CONNECT_TIMEOUT occurs during TCP/TLS connect handshake,
before any HTTP request data is sent. Adding it to the pre-connect
set allows isSafeToRetrySendError to safely retry sendMessage when
undici's connect timeout fires — the message was never transmitted.

* test(telegram): cover connect-timeout retry funnels

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 05:33:02 +01:00
Vincent Koc
a7031832ec fix(browser): refresh extension relay token rotation 2026-07-07 06:12:50 +02:00
Peter Steinberger
7a5e5e1852 fix(codex): register the ring-zero crestodian tool directly instead of relying on a dead per-run plugin config override (#101281) 2026-07-07 05:08:08 +01:00
Vincent Koc
1d128b4dd2 fix(whatsapp): gate poll sends during reachout timelock 2026-07-07 06:03:09 +02:00
cxbAsDev
08349608f2 QA-lab credentials-admin response bound (#101131)
* fix(qa-lab): bound credentials admin response reads

* test(qa-lab): verify streamed response cancellation

Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>

* test(qa-lab): satisfy cleanup callback lint

Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 04:56:07 +01:00
Marcus Castro
6ba19c5ad0 fix: block WhatsApp sends during reachout timelock (#101264) 2026-07-07 00:54:43 -03:00
Jesse Merhi
4112e3a0f3 Add native Signal reply quotes (#95718)
* feat(signal): quote native replies

* Fix Signal native reply edge cases

* fix(signal): tighten native reply quotes

* fix(signal): harden native reply quotes

* fix(signal): preserve approval reaction state

* fix(signal): target native replies to edited messages

* fix(signal): preserve plugin approval reaction kind

* fix(signal): keep edit event reply ids distinct
2026-07-07 13:49:13 +10:00
Ayaan Zaidi
107a9d6d9b fix(qa-lab): skip runtime-context carrier in mock last-user matching 2026-07-06 20:34:01 -07:00
Ayaan Zaidi
c718afe247 refactor(agents): thread runtime-context carrier indexes 2026-07-06 20:34:01 -07:00