Commit Graph

14835 Commits

Author SHA1 Message Date
Gio Della-Libera
f466ebc00c policy: classify doctor fix recommendations 2026-07-04 19:34:17 -07:00
NIO
b4f09fe7fa fix(qa-lab): bound suite runtime gateway JSON response reads (#99165)
Summary:
- The PR replaces QA Lab suite gateway `fetchJson` success-path `response.json()` with shared `readProviderJsonResponse` and adds an oversized-response regression test.
- PR surface: Source +1, Tests +33. Total +34 across 2 files.
- Reproducibility: yes. Current main still has the unbounded `response.json()` success path in `fetchJson`, an ... l proof for oversized streamed bodies, early cancellation, normal parsing, and the focused regression test.

Automerge notes:
- PR branch already contained follow-up commit before automerge: fix(scripts): satisfy oxlint in qa-lab suite gateway bound proof
- PR branch already contained follow-up commit before automerge: fix(qa-lab): bound suite runtime gateway JSON response reads
- PR branch already contained follow-up commit before automerge: chore: drop local proof script from qa-lab gateway bound PR

Validation:
- ClawSweeper review passed for head 8c0eb49fcb.
- Required merge gates passed before the squash merge.

Prepared head SHA: 8c0eb49fcb
Review: https://github.com/openclaw/openclaw/pull/99165#issuecomment-4868175663

Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Approved-by: takhoffman
2026-07-05 02:16:25 +00:00
Yuya Hirayama
fe8234621e Fail closed when Slack mention detection is unavailable (#91584)
* fix(slack): fail closed when mention detection is unavailable

* fix(slack): coordinate app mention retry history

* fix(slack): reject user-token mention identity

* fix(slack): reject user-token mention identity

---------

Co-authored-by: OpenClaw Agent <openclaw-agent@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 21:36:53 -04:00
Peter Steinberger
d460635185 fix(browser): point Playwright 501 error at existing docs anchor 2026-07-05 01:44:19 +01:00
Peter Steinberger
73fc0f5c5f fix(channels): expose inbound media download failures [AI-assisted] (#100119)
* fix(channels): expose inbound media download failures

* fix(msteams): correlate attachment references
2026-07-04 20:28:52 -04:00
Vincent Koc
890f4efc88 fix(qa-channel): handle metadata-free final replies
Fix qa-channel final reply preview delivery when a harness or plugin path calls deliver without dispatcher metadata. Verified with remote Testbox proof plus hosted PR checks.
2026-07-04 17:23:52 -07:00
Hana Chang
4ec7842be0 feat(slack): add ignoreOtherMentions channel config (#53467)
* feat(slack): add ignoreOtherMentions channel config

Mirrors the existing Discord `ignoreOtherMentions` option for Slack
channels. When set on a channel entry, drop channel/group/MPIM messages
that mention another user or subteam but not this bot — the inverse of
`requireMention`. Useful in busy channels where the bot would otherwise
reply to side conversations.

Implementation lives in `prepareSlackMessage` right after the
`allowBots: "mentions"` bot-drop gate and before the `shouldRequireMention`
non-mention drop, so it integrates with the new `messageIngress` ingress
pipeline. The gate is conditional on `canDetectMention` (botUserId
resolvable via `auth.test` or explicit mention regexes configured) to
avoid false drops when we have no reliable way to tell bot vs non-bot
mentions apart.

Slack implicit mentions (thread participation) are intentionally NOT
respected here — they fire for every message in a bot-participated
thread, so honoring them would defeat the feature in any active thread.
The gate matches on `wasMentioned` (explicit) and `hasAnyMention`, with
the existing `shouldBypassMention` override (e.g. authorized commands)
also respected.

Includes config types, zod schema, channel-config resolution,
prepare-message implementation, full test coverage in
`prepare.test.ts`, regenerated channel + docs baselines, and Slack
docs entry.

* refactor(slack): harden other-mention filtering

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 20:08:14 -04:00
Rohang2005
03fe813d1e fix(slack): forward per-agent identity overlay on heartbeat and runtimeSend (#84297) (#84335)
* fix(slack): preserve agent identity on heartbeat sends

Co-authored-by: Rohang2005 <rohan.ganesh05@gmail.com>

* fix(slack): preserve identity when custom icons fail

* fix(slack): reuse accepted identity across chunks

* fix(slack): narrow identity fallback input

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 20:05:47 -04:00
TwinsLee
568237b3ab fix(feishu): emit non-empty value schema for bitable write tools (#94547) (#94990)
Type.Record(Type.String(), Type.Any()) serializes via TypeBox to an empty nested value schema (patternProperties: { "^.*$": {} }). AWS Bedrock's strict tool-schema validation rejects the empty sub-schema, breaking all agent turns for Bedrock-backed Anthropic users with Feishu bitable tools enabled.

Replace the three affected free-form field maps (create_record, update_record, create_field) with an explicit non-empty FlexibleFieldValue value schema that still accepts any JSON value. Type.Unknown() is avoided because it also serializes to an empty schema. Adds regression coverage asserting the emitted value schema is non-empty.

Co-authored-by: TwinsLee <1460694+TwinsLee@users.noreply.github.com>
2026-07-04 17:05:32 -07:00
Dallin Romney
bfffa950d7 refactor(plugin-sdk): consolidate tool result helpers (#99740)
* refactor(plugin-sdk): consolidate tool result helpers

* docs(plugin-sdk): tighten tool result guidance

* refactor(feishu): use tool results directly
2026-07-04 16:50:44 -07:00
Dallin Romney
c2fc7aa28a refactor: consolidate exact keyed async queues (#99691)
* refactor: consolidate keyed async queues

* chore: refresh merge-ref CI

* refactor: encapsulate keyed queue ownership
2026-07-04 16:45:07 -07:00
Dallin Romney
194dd6fe50 refactor(security): consolidate secret primitives (#99746)
* refactor(security): consolidate secret primitives

* fix(plugin-sdk): align secret display metadata

* chore(plugin-sdk): refresh API baseline after rebase

* refactor(security): trim secret primitive consolidation
2026-07-04 16:38:13 -07:00
Dallin Romney
dc3b5df684 refactor(types): remove redundant local aliases (#100061)
* refactor(models): remove redundant generation model ref alias

* refactor(types): remove redundant local aliases

* refactor(types): preserve shipped model ref type
2026-07-04 16:34:47 -07:00
Peter Steinberger
be8b5f6c4f fix(slack): preserve custom identity while streaming (#100084)
Use supported chat.startStream authorship and avoid edit-based previews when custom identity cannot stream.

Co-authored-by: MoerAI <friendnt@g.skku.edu>
2026-07-04 18:56:36 -04:00
Peter
526c024fc0 fix(slack): preserve interaction thread status (#82895)
* fix(slack): preserve interaction thread status

Co-authored-by: Intern Dev <dev@wukongai.io>

* test(slack): type message thread timestamps

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Intern Dev <dev@wukongai.io>
2026-07-04 18:56:11 -04:00
Shakker
65e12328aa feat: refactor the Control UI architecture
Refactor the Control UI around route-owned page lifecycle and state while preserving existing behavior and design.

Prepared head SHA: bd51b6fa76
Co-authored-by: Shakker <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
2026-07-04 23:19:38 +01:00
Gio Della-Libera
144e5894f6 fix(policy): honor node command deny overrides 2026-07-04 15:06:10 -07:00
Gio Della-Libera
997f74f42b policy: cover gateway node commands 2026-07-04 15:06:10 -07:00
xingzhou
27d6c88167 feat: add utility models and generated session titles (#87643)
* feat: add utility model session titles

* docs: clarify utility model calls

* fix: budget utility title reasoning

* docs: refresh config baseline

* docs: refresh plugin sdk baseline

* docs: refresh plugin sdk baseline

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 17:24:51 -04:00
Peter Steinberger
bbb744269f test: make the local pnpm test gate green on macOS hosts (#100069)
Fixes 21 macOS-only failing test cases across three classes: canonicalized fixture roots (macOS /var -> /private/var tmpdir symlink vs production realpathing), load-tolerant process-spawn tests (content-gated pid files, readiness-sequenced kill windows, bounded-window timer assertions), and cross-file worker leak guards (skip-channel env, gateway token env, imessage runtime singleton). Test-only; no production changes. Fixes #100025.
2026-07-04 17:17:42 -04:00
Jason (Json)
0221544190 fix(release): block stale Codex runtime pins (#100015)
Prevents opted-in plugin runtime dependencies from being published with stale
registry pins. The same freshness assertion now guards both npm and ClawHub
release paths, including the managed Codex runtime.

Prepared head SHA: d5d0ecba4b
Reviewed-by: @fuller-stack-dev

Closes #99951
2026-07-04 15:13:31 -06:00
Dizesales
ff58d23e8f fix(telegram): resolve local Bot API container file paths against trustedLocalFileRoots [AI-assisted] (#91984)
* fix(telegram): resolve local Bot API container file paths against trustedLocalFileRoots

When the self-hosted telegram-bot-api server runs with --local inside a
container, getFile returns absolute file_path values rooted at the
container data dir (/var/lib/telegram-bot-api/...). The host process
mounts that volume at a different path, so the absolute path never
matches a trustedLocalFileRoots entry and inbound media fails to
materialize (messages reach the agent as bare <media:document>
placeholders without bytes).

Map container-absolute paths back to relative candidates and resolve
them under each trusted root, trying both with and without the
per-token directory segment the local server uses. Relative file_path
values are now also resolved against trusted roots before falling back
to the HTTP file endpoint, which keeps large-file (>20MB) local-mode
downloads working.

Path traversal protections: candidates are normalized, NUL bytes and
dot-segments are rejected, and reads stay behind the trusted-roots
file-access sandbox.

AI-assisted (Claude Code), validated with targeted vitest run.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

Co-Authored-By: Dizesales <269209351+Dizesales@users.noreply.github.com>

* fix(telegram): map local Bot API container media paths

Co-authored-by: Lucas Magalhaes <ellucasrj@gmail.com>

* chore(config): refresh channel metadata

---------

Co-authored-by: Lucas Magalhaes <ellucasrj@gmail.com>
Co-authored-by: Dizesales <269209351+Dizesales@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 17:07:51 -04:00
grifjef
7a0188cbd2 fix(memory-core): treat dreaming fence marker lines as inside-fence in promotion guard (#83718)
The lineRangeOverlapsDreamingFence guard tracked insideFence state from
the marker lines but did not flag ranges that included the marker lines
themselves. A relocated promotion range that ended on a start marker,
began on an end marker, or covered only a marker line passed the guard,
and the snippet built from those raw lines carried the marker text into
MEMORY.md.

Treat marker lines as inside-fence content for range overlap purposes
and add unit + integration coverage. The integration test exercises the
real applyShortTermPromotions path: pre-patch a recall whose stored
snippet is the start-marker text produces a 'Promoted From Short-Term
Memory' entry containing the literal marker; post-patch the same input
yields applied=0 and no MEMORY.md write. Refs #80613.
2026-07-04 13:01:04 -07:00
Vincent Koc
2f6459093a improve(web-fetch): speed up provider fallback loading (#98559)
* perf(web-fetch): add web fetch benchmark

* perf(web-fetch): cache provider fallback resolution

* perf(firecrawl): avoid duplicate scrape payload wrapping

* perf(web-readability): reuse void tag lookup

* fix(web-fetch): keep provider cache live

* fix(web-fetch): invalidate provider cache on registry swap

* perf(web-fetch): reduce html extraction overhead

* fix(web-fetch): bound provider discovery cache

* perf(web-fetch): avoid full plugin load on fallback
2026-07-04 12:47:10 -07:00
Dallin Romney
6c53dfa1df refactor(infra): consolidate bounded HTTP body reads (#99744)
* refactor(infra): consolidate bounded HTTP body reads

* fix(plugin-sdk): preserve HTTP body export boundaries
2026-07-04 12:15:57 -07:00
Peter Steinberger
614e87cce1 chore: update dependencies (#100027) 2026-07-04 14:56:50 -04:00
Peter Steinberger
77f0f40bb1 fix(telegram): surface inbound media fetch failures (#100051) 2026-07-04 14:54:43 -04:00
notask-007
94ff3c6b85 fix(slack): include attachment text in thread context (#97727)
* fix(slack): include attachment text in thread context

* fix(slack): cover attachment block fallback

* fix(slack): collect full block thread text

* refactor(slack): share thread block text extraction

Co-authored-by: notask-007 <37237335+chthtlo@users.noreply.github.com>

---------

Co-authored-by: notask-007 <>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 14:49:43 -04:00
Dallin Romney
939f9aeff5 test(qa): record Matrix route state inventory (#100039) 2026-07-04 11:48:18 -07:00
Dallin Romney
dbdaad1c2e refactor(providers): table-drive paired catalogs (#99777) 2026-07-04 11:35:55 -07:00
Peter Steinberger
6df0fb818d feat: add session thread management (#98510)
* feat: add session thread management

Squash of codex/thread-management (025aefc3ad1) onto origin/main:
pin/archive/rename sessions via sessions.patch, archived-aware
sessions.list, lifecycle fencing, read-only archived chat, SDK +
Swift protocol support, Control UI session management.

* refactor(ui): minimal session rows with hover-revealed management

Chat picker and sidebar recents share session-row primitives: single-line
rows, relative timestamps, rename/archive/pin revealed on hover or focus,
accent pin badge for pinned rows, and an active-run spinner in the trail
slot. Sidebar floats pinned sessions above recency via the shared
comparator and gains archive/pin actions through the unified sessions-view
patch fallback. Archive eligibility is one shared policy
(canArchiveSessionRow); the sidebar/picker active-run tooltip now uses the
real sessionsView.activeRun locale key.

* fix: align session admission with mailbox-era main

Integration fixes after rebasing onto current main: sessions_list mailbox
test expectations learn the archived/pinned row fields and archived:false
list param; gateway agent admission treats a session as deleted only when
both the requested and canonical alias sets miss it (legacy bare-main
stores and exec-approval followups read under different spellings); cron
persist tests keep a consistent store across claim-guarded persist calls;
the ACP abort hook test asserts abort propagation instead of signal
identity; drop dead lifecycle writes flagged by no-useless-assignment and
fix the promise-executor return in the codex compact test.

* fix(qa): align UI e2e and shard fixtures with redesigned session rows

Sidebar session rows are wrapper divs with an inner link now: update the
navigation browser tests and chat-flow Playwright selectors. Seed a real
per-test session store for the auto-fallback admission guard instead of
depending on leftover host files at /tmp/sessions.json. Teach the
test-projects routing fixture about the suites that newly import the
shared temp-dir helper. Document the Codex thread-format contract for
archivedAt/pinnedAt (flag derived from server-stamped timestamp, epoch ms
here vs Codex epoch seconds) at the type and in the session docs.

* test: route auto-fallback suite through temp-dir helper plans

The auto-fallback suite now imports the shared temp-dir helper for its
seeded session store, so the top-level helper routing fixture must list
it in the auto-reply plan.
2026-07-04 14:30:47 -04:00
sunlit-deng
3644946230 fix(acpx): handle MCP proxy stdio pipe errors (#99852)
* fix(acpx): handle MCP proxy stdio pipe errors

* fix(acpx): handle proxy stdout pipe failures

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-04 11:30:23 -07:00
Peter Steinberger
7a92c473c1 test(qqbot): fix macOS-only outbound media test failures
The scoped outbound media tests added in #92872 assert raw mkdtemp paths,
but prod resolvers canonicalize roots, so on macOS the /var -> /private/var
tmpdir symlink made three tests fail (green on Linux CI). Realpath the tmp
roots like sibling tests, and export the real UploadDailyLimitExceededError
from the outbound-dispatch sender.js mock so prod instanceof checks in error
paths hit real assertions instead of vitest's missing-export guard.

Also add AGENTS.md test guidance covering both patterns.
2026-07-04 19:20:22 +01:00
Dallin Romney
d96db362bd refactor(voice-call): reuse webhook path normalization (#99766) 2026-07-04 10:53:07 -07:00
Peter Steinberger
0869edc23b fix(slack): stop logging inbound message previews (#96312) 2026-07-04 13:14:09 -04:00
ash
b0476e5c8e fix(slack): include assistant loading messages (#85507)
* fix(slack): include assistant loading messages

* fix(slack): preserve assistant status wording

* fix(slack): preserve assistant status wording

* fix(slack): preserve assistant status wording

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 13:13:11 -04:00
Jonathan Tsai
6169e5ddae fix(slack): allow channel-id reads for name-allowlisted channels (#95313)
* fix(slack): allow channel-id reads for name-allowlisted channels

* fix(slack): trust API lookup for read target names

* fix(slack): resolve name-allowlisted reads safely

Co-authored-by: Jonathan Tsai <jontsai@users.noreply.github.com>

* fix(slack): resolve name-allowlisted reads safely

* fix(slack): resolve name-allowlisted reads safely

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 12:03:34 -04:00
ZOOWH
f683c9e9bd fix(slack): restore native presentation delivery (#95463)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 11:06:08 -04:00
Mason Huang
4287d2629f [codex] fix(copilot): preserve BYOK bearer auth through proxy (#99955)
Summary:
- Merged [codex] fix(copilot): preserve BYOK bearer auth through proxy after ClawSweeper review.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head ef753a9929.
- Required merge gates passed before the squash merge.

Prepared head SHA: ef753a9929
Review: https://github.com/openclaw/openclaw/pull/99955#issuecomment-4882241627

Co-authored-by: Mason Huang <masonxhuang@tencent.com>
Approved-by: hxy91819
2026-07-04 13:48:27 +00:00
Vincent Koc
787f3a2ce5 test(channels): align outbound delivery assertions 2026-07-04 15:13:16 +02:00
Peter Steinberger
706443c79b fix(slack): remove unused unsafe auth fetch helper (#99944)
* fix(slack): remove unused unsafe auth fetch helper

Co-authored-by: liyuanbin <li.yuanbin1@xydigit.com>

* fix(slack): remove unused unsafe auth fetch helper

---------

Co-authored-by: liyuanbin <li.yuanbin1@xydigit.com>
2026-07-04 08:21:32 -04:00
Peter Steinberger
65e2819136 fix(slack): warn when bot token authenticates as user (#99931)
Co-authored-by: luyifan <al3060388206@gmail.com>
2026-07-04 07:04:30 -04:00
qingminlong
bd2740fedc fix(slack): preserve time colons in interactive labels (#99877)
* fix(slack): preserve time colons in button labels

* fix(slack): preserve clock labels in interactive replies

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 03:14:13 -07:00
Peter Steinberger
82610d3b15 feat(whatsapp): add requester-bound MeowCaller calls (#99635)
* feat(whatsapp): add requester-bound MeowCaller calls

* fix(whatsapp): align MeowCaller CLI contract

* test(whatsapp): narrow MeowCaller audio path

* fix(whatsapp): budget MeowCaller setup phases

* feat(whatsapp): gate experimental calls

* fix(whatsapp): use managed call temp storage

* fix(whatsapp): preserve channel entry boundary
2026-07-04 02:19:28 -07:00
Peter Steinberger
be95bb72d4 refactor: consolidate core stream cleanup, watchdog locality, and approval text duplication (#99901)
* refactor(infra): share guarded body-stream cleanup across fetch consumers

* refactor(agents): extract shared runtime model locality for llm watchdogs

* refactor(auto-reply): share exec approval route resolution between command handlers

* refactor(plugin-sdk): share approval reaction hint text helpers

* refactor(plugin-sdk): share planned migration target resolution

* refactor(infra): use canonical sleep helper in backup retry

* docs(plugins): mention shared migration targets and reaction hint helpers

* chore(plugin-sdk): pin surface budgets for reaction hint and migration target helpers
2026-07-04 02:08:35 -07:00
Peter Steinberger
eafe2a8d0b refactor: consolidate duplicated plugin state and doctor migration plumbing onto SDK seams (#99850)
* refactor(plugin-sdk): add createPersistentDedupeCache and migrate channel presence caches

* refactor(matrix): adopt SDK approval reaction target store

* refactor(plugin-sdk): share doctor legacy-state migration fs helpers

* refactor(memory-core): dedupe qmd cache entry envelope validation

* chore(plugin-sdk): pin surface budgets for shared dedupe and doctor helpers

* test(matrix): use future approval expiry fixtures for reaction targets

* test(matrix): use future approval expiry fixtures for reaction targets
2026-07-04 01:51:03 -07:00
Peter Steinberger
3d6a2216ea feat(codex): share native threads across Codex clients (#99821)
* feat(codex): share native threads across clients

* test(codex): track coexistence temp dirs

* fix(codex): preserve native source on thread forks

* test(codex): use public temp fixtures

* fix(codex): preserve owner context for deferred tools

* fix(codex): forward owner identity to dynamic tools

* fix(codex): forward owner status to harness attempts

* docs(security): document shared Codex home

* docs(security): document shared Codex home

* docs(security): document shared Codex home
2026-07-04 01:43:21 -07:00
Peter Steinberger
55d0d037bf test(codex): expect canonical assistant text blocks in mirrored history
Session ingest has normalized legacy assistant string content into
[{ type: "text" }] blocks since #98908, which updated the core
cli-runner session-history analog but missed this extension file.
The suite only runs in full local runs and the dispatch-only
plugin-prerelease lane, so push/PR CI stayed green while local
scripts/pr prepare-gates failed on any OS.

refs #99857
2026-07-04 09:15:14 +01:00
xingzhou
741d9524be fix: outbound recovery can replay already sent replies (#99600)
* fix(outbound): avoid replaying sent recovery deliveries

* fix(outbound): persist recovery send state before ack

Co-authored-by: zhang-guiping <zhang.guiping@xydigit.com>

* fix(outbound): preserve partial send evidence across adapters

* test(line): cover multi-send delivery progress

* fix(outbound): preserve repeated receipt result multiplicity

* test(heartbeat): expect delivery progress callback

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 01:09:12 -07:00
Vincent Koc
d226afbc5c test(telegram): type inbound body fixture 2026-07-04 09:19:04 +02:00