vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-24 07:29:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
49,754 Commits 1,843 Branches 149 Tags
f74436dc81bce8ed3fac701d4dc110293ba6bdcd
Commit Graph

29561 Commits

Author SHA1 Message Date
Jerome Xu
8cc1aee9d8 fix(xiaomi): surface MiMo reasoning-only finals (#60304) 
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-05-15 14:12:44 +01:00
Peter Steinberger
38e53a89b2 fix(cron): align runtime plugin preload mode 2026-05-15 14:04:56 +01:00
郑苏波 (Super Zheng)
5779d485fd fix(cron): lazily load runtime plugins to fix external channel resolution 
Ensure runtime plugins are loaded before resolving cron delivery context,
preventing multi-channel ambiguity errors when using external channels.
Implemented via a lazy facade to preserve fast isolated agent startup.
 2026-05-15 14:04:56 +01:00
Peter Steinberger
6de8563827 refactor: centralize channel history window 2026-05-15 13:56:17 +01:00
Peter Steinberger
2ea0c6c929 docs(slack): align unfurl default docs (#82123) 2026-05-15 13:25:52 +01:00
Peter Steinberger
d89732efca fix(slack): route plugin modal submissions 
Co-authored-by: shannon0430 <258282406+shannon0430@users.noreply.github.com>

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>

Co-authored-by: Jin Kim <198280395+jink-ucla@users.noreply.github.com>
 2026-05-15 13:18:55 +01:00
Peter Steinberger
391b4916dc fix(auto-reply): cover surface silent reply fallback 2026-05-15 13:18:16 +01:00
taozengabc
a541aa3b0b fix(auto-reply): honor silentReply policy on group failure-fallback path 
Threads the runtime config through buildKnownAgentRunFailureReplyPayload
into resolveExternalRunFailureTextForConversation so the documented
agents.defaults.silentReply / surfaces.<id>.silentReply policy is
consulted before silencing failure copy in groups/channels. Default
policy (group: allow, direct: disallow, internal: allow) preserves the
existing 'groups stay quiet on generic runner failure' behavior; opting
into silentReply.group: disallow now lets the run-failure copy reach
the chat instead of disappearing.

Resolves an internal inconsistency: route-reply.ts already routes
NO_REPLY-style payloads through resolveSilentReplyPolicy(), but the
failure-fallback path in agent-runner-execution.ts hardcoded silence on
chat type alone, ignoring the operator-visible knob.

Refs #82060.
 2026-05-15 13:18:16 +01:00
Peter Steinberger
2a02d83e2e refactor: record dropped channel history in turn kernel 2026-05-15 13:06:25 +01:00
Peter Steinberger
8859e89e07 feat: attach recent inbound history images to agent turns (#82068) 
* feat: attach recent inbound history images

* fix: bound recent history media downloads

* fix: preserve sticker history media

* fix: enforce history media cap for stickers

* refactor: name agent turn attachments generically

* refactor: share pending history media recording

* fix: gate historical media attachment visibility

* fix: avoid media runtime on text-only turns

* fix: preserve fallback history media selection

* fix: avoid sparse media history index collisions

* fix: skip history images for current non-image media

* test: import history media type directly

* test: satisfy agent media runtime mock lint

* fix: respect mocked Slack media fetches

* fix: settle history media recording races
 2026-05-15 12:41:52 +01:00
Peter Steinberger
2d8339529b fix: preserve reasoning_content replay for MiMo proxies 2026-05-15 12:35:44 +01:00
Jim Dawdy
aeb06bf4ef fix(agents): apply MiMo reasoning_content fallback wrapper for unowned proxy providers 2026-05-15 12:35:44 +01:00
Jim Dawdy
795ad845d6 fix(xiaomi): address review findings — remove speculative models, add xiaomi-native to native+nonstandard lists, test host resolution 2026-05-15 12:35:44 +01:00
Jim Dawdy
d00cd314d1 fix(transport): drop compat override for requiresReasoningContentOnAssistantMessages (detection-only field) 2026-05-15 12:35:44 +01:00
Jim Dawdy
d4c83edba8 fix(transport): propagate requiresReasoningContentOnAssistantMessages to convertMessages 2026-05-15 12:35:44 +01:00
Jim Dawdy
e6dc6c52fe fix(compat): detect xiaomi-native endpoints, set deepseek thinkingFormat and requiresReasoningContentOnAssistantMessages 2026-05-15 12:35:44 +01:00
Jim Dawdy
215e43aa94 fix(transport): add xiaomi-native to ProviderEndpointClass and manifest endpoint classes 2026-05-15 12:35:44 +01:00
Peter Steinberger
e360e105a3 fix: require web search query schema 2026-05-15 12:32:52 +01:00
Peter Steinberger
b3d9bef38d [codex] Fix Codex OAuth refresh fallback (#82117) 
* fix: fall back to Codex CLI OAuth after refresh failure

* fix: support Codex CLI fallback for named profiles
 2026-05-15 12:32:00 +01:00
Peter Steinberger
b6809b5e31 fix(gateway): keep config schema admin scoped 2026-05-15 12:25:31 +01:00
Peter Steinberger
3bedce151e fix(gateway): keep exec approvals policy admin scoped 2026-05-15 12:25:31 +01:00
Peter Steinberger
373f709130 fix(gateway): preserve core method collision guards 2026-05-15 12:25:31 +01:00
Peter Steinberger
a383baac03 test(logging): fix stalled recovery threshold test 2026-05-15 12:25:31 +01:00
Peter Steinberger
93b9223bee fix(plugins): tolerate legacy inspect reports 2026-05-15 12:25:31 +01:00
Peter Steinberger
4aa37c3261 fix(gateway): allow partial method registries 2026-05-15 12:25:31 +01:00
Peter Steinberger
db3c4ba8d3 refactor(gateway): collapse method metadata shims 2026-05-15 12:25:31 +01:00
Peter Steinberger
7c639d4b46 fix(gateway): accept legacy plugin registries 2026-05-15 12:25:31 +01:00
Peter Steinberger
fb7dc43043 fix(gateway): preserve lazy method boundaries 2026-05-15 12:25:31 +01:00
Peter Steinberger
386fbd6594 fix(gateway): preserve advertised method ordering 2026-05-15 12:25:31 +01:00
Peter Steinberger
e4a1032072 style(gateway): avoid method list spread allocations 2026-05-15 12:25:31 +01:00
Peter Steinberger
622728757f refactor(gateway): add method descriptor registry 2026-05-15 12:25:31 +01:00
Peter Steinberger
c0fe7ab34a fix: keep queued system event authority structured 
Keep queued system-event owner downgrades as structured runtime metadata while rendering the model-visible prompt as plain `System:` lines.

This preserves least-privilege wakeups for webhook/node/exec/cron/reaction/hook producers, keeps legacy `trusted: false` compatibility for installed plugins and older hosts, and updates representative gateway, agent, cron, plugin, and OpenGrep coverage.
 2026-05-15 12:24:27 +01:00
Peter Steinberger
3537d8a613 fix: preserve valid completions reasoning replay 2026-05-15 11:59:07 +01:00
sliverp
8bfb943945 fix: strip response-only reasoning fields from OpenAI Completions requests 
Prevents providers like OpenRouter from returning HTTP 500 errors when replayed assistant messages include fields such as `reasoning_details`.
 2026-05-15 11:59:07 +01:00
Peter Steinberger
a1a6cd6508 refactor: centralize inbound history shaping 
Centralize inbound history shaping through shared reply-history helpers and preserve existing channel behavior.
 2026-05-15 11:56:38 +01:00
Peter Steinberger
f686bb519f fix: force ffmpeg muxers for staged audio outputs 
* fix: force ffmpeg muxers for staged audio outputs

* docs: clarify staged audio changelog
 2026-05-15 11:56:12 +01:00
solodmd
239def7838 perf(skills): cache hydrated resolved skills (#81451) 
Merged via squash.

Prepared head SHA: e202d16e50
Co-authored-by: solodmd <51304754+solodmd@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-05-15 13:48:22 +03:00
Peter Steinberger
764cfd5552 feat: add bundled admin HTTP RPC plugin 2026-05-15 11:44:58 +01:00
Peter Steinberger
dfeaf6f7cf refactor: add gateway method dispatch contract 2026-05-15 11:44:58 +01:00
Peter Steinberger
0e5f4ea18c perf: reuse manifest metadata for read-only model catalogs 2026-05-15 11:24:06 +01:00
Kaspre
44840007d4 fix(agents): scope custom provider baseUrl SSRF trust by origin (#80751) 
* fix(agents): scope provider SSRF trust by origin

* fix(provider): preserve explicit private-network deny

* docs(provider): document exact-origin SSRF trust

* test(provider): cover exact-origin SSRF edges

* docs(provider): align local model private-origin guidance

* refactor(ssrf): keep policy merging in infra

* test(ssrf): cover exact-origin trust through guard

* test(ssrf): block sibling private-origin redirects

* fix(provider): keep loopback trust origin-scoped

* fix(provider): block metadata origin trust

* fix(ssrf): keep metadata rebinding blocked

* fix(ssrf): block cloud metadata origins

* fix(ssrf): block ipv6 metadata origins

* fix(ssrf): block embedded metadata origins

* test(ssrf): cover embedded link-local metadata

* test(provider): cover custom anthropic proxy classification

* test(provider): widen transport policy mock

* test(plugin-sdk): assert metadata-IP allowedOrigins entries are rejected

Plugin authors can construct an SsrFPolicy that lists any well-formed
http(s) origin in allowedOrigins. The abuse-resistance lives one layer
deeper, in resolvePinnedHostnameWithPolicy's metadata/link-local block.
Add an SDK-level smoke test asserting that contract directly:

- AWS/Alibaba IMDS IPv4 literals, GCP metadata canonical hostname,
  IPv6 ULA metadata literal, and non-metadata link-local IPv4 entries
  build a policy via ssrfPolicyFromHttpBaseUrlAllowedOrigin and are
  then rejected at resolvePinnedHostnameWithPolicy.
- DNS rebinding from a trusted private DNS origin to a metadata IP is
  rejected even when the request hostname is origin-trusted.

This would fail if the SDK helper or resolveSsrFPolicyForUrl ever
short-circuited past the metadata block.

* chore(docs): regenerate baselines after upstream rebase

upstream/main moved between rebases; the merged source state for the
PR's `src/config/schema.help.ts` change and the upstream plugin-sdk
surface changes both produce different hashes than the committed
baselines, so `config:docs:check` and `plugin-sdk:api:check` would fail.

Regenerated via `pnpm config:docs:gen` + `pnpm plugin-sdk:api:gen` on
Crabbox; both baselines verified with their respective `--check`
generators.

* test(plugin-sdk): assert SSRF blocked error class

* fix(lint): satisfy exact-origin PR lint rules

* docs: clarify custom provider origin trust

* chore(docs): refresh plugin sdk api baseline

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-05-15 11:00:29 +01:00
Peter Steinberger
778ad09ff2 test(logging): derive diagnostic abort threshold 2026-05-15 10:38:43 +01:00
Peter Steinberger
3b1497789c refactor(channels): derive command turns from turn facts 2026-05-15 10:38:43 +01:00
Pavan Kumar Gondhi
b9fbc57bbd Bind shell script operands after combined options [AI] (#81882) 
* fix: bind shell script operands after combined options

* addressing codex review

* docs: add changelog entry for PR merge
 2026-05-15 14:55:37 +05:30
Peter Steinberger
e30be460e1 fix: shorten stalled Codex recovery window 2026-05-15 10:19:37 +01:00
Pavan Kumar Gondhi
eb1e6099d2 Constrain provider catalog entry paths [AI] (#81884) 
* fix: constrain provider catalog entries to plugin root

* addressing review-skill

* docs: add changelog entry for PR merge
 2026-05-15 14:48:24 +05:30
Pavan Kumar Gondhi
d656087b31 Require canonical node platform IDs [AI] (#81880) 
* fix: require canonical node platform ids

* addressing review-skill

* addressing review-skill

* addressing codex review

* addressing codex review

* fix: require consistent node platform metadata

* addressing review-skill

* addressing codex review

* fix: complete root-cause handling

* addressing review-skill

* addressing review-skill

* addressing codex review

* addressing codex review

* docs: add changelog entry for PR merge
 2026-05-15 14:46:46 +05:30
Peter Steinberger
df70ed2b9c fix: force message through empty allowlists 2026-05-15 10:16:27 +01:00
Peter Steinberger
63ad5b4f97 fix: send structured message attachments 2026-05-15 10:16:27 +01:00
Peter Steinberger
3fd4b02eb5 fix: track message attachment aliases 2026-05-15 10:16:27 +01:00