Gemini 2.5 Pro only works in thinking mode and rejects thinkingBudget=0
with 'Budget 0 is invalid. This model only works in thinking mode.' The
existing sanitizer in the embedded runner only handled negative budgets;
now it also removes zero budgets for the thinking-required model so the
API uses its default thinking behavior. When thinkingBudget was the only
key in thinkingConfig, the empty object is also removed to match the
Gemma 4 cleanup path.
* fix(config): preserve \$schema field across config rewrites
Add \$schema to the OpenClawConfig TypeScript type so it survives
the config write-back cycle. The Zod schema already accepted it
(added in #14998) but the TypeScript type omitted it, causing the
field to be silently stripped during config serialization.
Adds a round-trip test through validateConfigObject to prevent
regression.
Closes#43578
* fix(config): preserve root $schema during partial writes
* fix(config): preserve root $schema only when omitted
* fix(config): preserve root-authored $schema only
---------
Co-authored-by: Altay <altay@uinaf.dev>
PR #67679 landed a duplicate line under ### Changes in the Unreleased
block in addition to the detailed entry that was already present under
### Fixes. The short ### Changes line (auto-generated from the PR title
during merge) is a duplicate of the same PR's ### Fixes line and also
mis-categorizes a security redaction fix as a feature change.
Remove the duplicate and keep the ### Fixes entry, which is the right
section and carries the descriptive text.
zizmor v1.24.1 reports 8 template-injection findings across three workflow files where GitHub Actions ${{ ... }} expressions are interpolated directly into shell run: blocks. Applies the canonical fix pattern: hoist every dynamic value into a step-level env: block and reference it as a shell variable ("${VAR}") from the script.
Files changed:
- control-ui-locale-refresh.yml: move matrix.locale into env as LOCALE (1 site)
- docker-release.yml: hoist steps.tags.outputs.{value,slim} plus the four needs.build-{amd64,arm64}.outputs.{digest,slim-digest} values into env for both manifest-creation steps (6 sites)
- openclaw-npm-release.yml: hoist steps.publish_tarball.outputs.path into env as PUBLISH_TARBALL_PATH in the Publish step (1 site)
Verified locally with zizmor --persona regular on the three files: 'No findings to report. Good job!'. pnpm format:check and pnpm lint pass.
Refs #68428. Complements #66884, which covers the remaining 12 sites in openclaw-cross-os-release-checks-reusable.yml.
* fix: allow unknown properties in WakeParams schema (#68347)
WakeParamsSchema used additionalProperties: false, rejecting unknown
properties like 'paperclip' from external tools. Changed to
additionalProperties: true for forward compatibility.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: trim wake params schema comments
* fix: allow unknown properties in WakeParams schema (#68355) (thanks @kagura-agent)
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
