Commit Graph

37086 Commits

Author SHA1 Message Date
cxbAsDev
f92ed16e60 fix(sessions): bound trajectory snapshot and pointer reads (#101450)
* fix(sessions): bound trajectory snapshot and pointer reads

* test(sessions): align oversized snapshot assertion with bounded reader error message

* fix(sessions): cap follow-mode trajectory deltas

ClawSweeper review noted that the trajectory snapshot read was bounded
but the follow-mode delta read (Buffer.alloc(fileState.size - offset))
was not. A runaway trajectory append could still OOM the tail loop.
Reject deltas above TRAJECTORY_RUNTIME_FILE_MAX_BYTES and add regression
coverage for the oversized-delta path.

* test(sessions): exercise trajectory limits through command path

---------

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-07-07 09:49:27 -07:00
Josh Lehman
453f5968bb refactor(gateway): route chat transcript injection through the session accessor (#101688)
* refactor(gateway): route chat transcript injection through the session accessor

* fix(gateway): avoid map-spread in source reply mirror rewrite results

* perf(sessions): find injected transcript duplicates with a reverse early-exit scan
2026-07-07 09:10:30 -07:00
Shakker
9d15544038 fix: use configured Control UI base path at startup 2026-07-07 16:53:48 +01:00
Vincent Koc
3d206140f3 refactor: localize internal implementation constants (#101758) 2026-07-07 08:34:13 -07:00
wings1029
d633a2df42 fix(http-error-body): keep emoji / surrogate pairs intact during error body truncation (#101728)
* fix(http-error-body): keep emoji / surrogate pairs intact during error body truncation

Replace .slice(0, limits.maxChars) with truncateUtf16Safe() so that
emoji straddling the maxChars boundary don't produce lone surrogates
that render as � in error diagnostics. Matches the sibling http-body.ts
which already uses truncateUtf16Safe.

Co-Authored-By: Claude <noreply@anthropic.com>

* test: cover UTF-16 HTTP body branches

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 16:06:13 +01:00
Peter Steinberger
87fe266c5e fix: preserve emoji at remaining bounded-text edges (#101711)
* fix: keep remaining text bounds UTF-16 safe

Co-authored-by: ben.li <li.yang6@xydigit.com>
Co-authored-by: 0668001336 <wang.lizhang@xydigit.com>
Co-authored-by: Alix-007 <li.long15@xydigit.com>

* docs: credit bounded Unicode fixes

* test: update UTF-16 browser import boundary

* chore: leave Unicode note to release changelog

---------

Co-authored-by: ben.li <li.yang6@xydigit.com>
Co-authored-by: 0668001336 <wang.lizhang@xydigit.com>
Co-authored-by: Alix-007 <li.long15@xydigit.com>
2026-07-07 15:48:21 +01:00
Vincent Koc
fdc7892a6e refactor: localize internal implementation types (#101731) 2026-07-07 07:41:04 -07:00
Vincent Koc
c8d95da14c refactor: localize file-private exports (#101701) 2026-07-07 06:57:19 -07:00
Peter Steinberger
a7faec8ca1 fix(gateway): support native Windows exec approvals (#101669)
* fix(gateway): support native Windows exec approvals

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

* chore: defer changelog entry to release

* test: use tracked approvals temp directories

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 14:50:59 +01:00
Peter Steinberger
176fee5d07 fix: prevent garbled emoji at remaining text limits (#101685)
* fix: keep remaining bounded text UTF-16 safe

Co-authored-by: 0668000787 <ma.weibin@xydigit.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>
Co-authored-by: 廖石荣 0668000909 <liao.shirong@xydigit.com>
Co-authored-by: 陈志强0668000989 <chen.zhiqiang1@xydigit.com>

* test: use tracked prompt template fixture

---------

Co-authored-by: 0668000787 <ma.weibin@xydigit.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>
Co-authored-by: 廖石荣 0668000909 <liao.shirong@xydigit.com>
Co-authored-by: 陈志强0668000989 <chen.zhiqiang1@xydigit.com>
2026-07-07 14:49:15 +01:00
Vincent Koc
407443264c refactor: localize internal reply and plugin types (#101666) 2026-07-07 05:51:47 -07:00
Peter Steinberger
a9582a1bb6 fix: keep bounded text truncation UTF-16 safe (#101654)
* fix: keep bounded text UTF-16 safe

Co-authored-by: wm0018 <wu.min5@xydigit.com>
Co-authored-by: 廖石荣 0668000909 <liao.shirong@xydigit.com>
Co-authored-by: 0668000787 <ma.weibin@xydigit.com>

* chore: keep UTF-16 release note in PR body

---------

Co-authored-by: wm0018 <wu.min5@xydigit.com>
Co-authored-by: 廖石荣 0668000909 <liao.shirong@xydigit.com>
Co-authored-by: 0668000787 <ma.weibin@xydigit.com>
2026-07-07 13:44:32 +01:00
maweibin
4d5cd05a64 fix(tasks): keep emoji / surrogate pairs intact during terminal output truncation (#101600)
* fix(tasks): keep emoji / surrogate pairs intact during terminal output truncation

.slice() counts UTF-16 code units; use Array.from() to count full
code points instead, preventing lone surrogates in task list output.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(tasks): preserve terminal column width

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 12:54:53 +01:00
Wynne668
cd0d570164 fix(gateway): keep session history stream errors handled (#101571) 2026-07-07 04:54:38 -07:00
Peter Steinberger
7c0a7c8be2 fix(agents): keep exec visible for lean local models (#101607)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 12:46:26 +01:00
maweibin
f6ffe89df6 fix(control-ui-assets): keep emoji / surrogate pairs intact during last-line truncation (#101591)
* fix(control-ui-assets): keep emoji / surrogate pairs intact during last-line truncation

.slice(0, 239) counts UTF-16 code units; an emoji straddling the
cut point produces a lone surrogate rendering as  in WebUI assets.

Use [...last] spread to count full code points instead.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(control-ui-assets): preserve diagnostic length cap

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 12:32:21 +01:00
wm0018
d26a842799 fix(auto-reply): keep suppressed reply text preview truncation UTF-16 safe (#101575)
* fix(auto-reply): keep suppressed reply text preview truncation UTF-16 safe

String.prototype.slice at offset 160 can split surrogate pairs in
reply text previews logged for suppressed auto-replies. Replace raw
slice(0, 160) with truncateUtf16Safe — already imported in this file.

* test(auto-reply): exercise suppressed preview logging

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 12:25:53 +01:00
Peter Steinberger
a853489b3d fix(agents): clean up ls cancellation listeners (#101588)
Co-authored-by: 0668001336 <wang.lizhang@xydigit.com>
2026-07-07 12:15:49 +01:00
lsr911
42fc9e8a92 fix(acp): use truncateUtf16Safe for event mapper error text truncation (#101535)
* fix(acp): use truncateUtf16Safe for event mapper error text truncation

.slice(0, 100) on ACP event argument values can split surrogate
pairs from emoji or CJK text, producing U+FFFD in error/warning
notices shown to operators.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(acp): cover UTF-16-safe tool titles

* refactor(acp): keep event mapper import leaf-only

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 12:10:28 +01:00
Peter Steinberger
46276312d6 fix(auth): clean OAuth contention diagnostics (#101573)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 12:08:50 +01:00
Peter Steinberger
0979b51f49 fix(session-memory): preserve sibling paths in logs (#101577)
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>
2026-07-07 12:08:08 +01:00
Peter Steinberger
4172de867c fix: preserve session labels across rollover (#101576)
Co-authored-by: ZengWen-DT <290981215+ZengWen-DT@users.noreply.github.com>
2026-07-07 12:07:25 +01:00
Peter Steinberger
2fe39692ad fix(gateway): preserve UTF-16 plugin approval fields (#101580)
* fix(gateway): keep plugin approval title and description truncation UTF-16 safe

Node.js String.prototype.slice cuts at UTF-16 code unit boundaries,
which can split surrogate pairs (emoji, CJK supplementary characters)
into lone surrogates that render as U+FFFD in approval UI payloads.

Use truncateUtf16Safe for both title and description fields in
createPluginApprovalsAttachment so approval requests never deliver
broken characters to the gateway approval UI.

Fixes #???

* test(gateway): exercise UTF-16 approval payloads

---------

Co-authored-by: wm0018 <wu.min5@xydigit.com>
2026-07-07 12:06:38 +01:00
maweibin
afdb9fd264 fix(session-cost-usage): keep emoji / surrogate pairs intact during content truncation (#101517)
* fix(session-cost-usage): keep emoji / surrogate pairs intact during content truncation

.slice(0, maxLen) counts UTF-16 code units, so an emoji straddling
the cut point produces a lone surrogate that renders as � in
usage cost CLI output. Use [...str] to count full code points instead.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(usage): cover UTF-16-safe log truncation

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 12:05:15 +01:00
wm0018
e7d617d4d9 fix(agents): keep exec auto-reviewer rationale truncation UTF-16 safe (#101513)
* fix(agents): keep exec auto-reviewer rationale truncation UTF-16 safe

String.prototype.slice at offset 500 can split surrogate pairs in
LLM-generated review rationale text, rendering broken U+FFFD in
exec approval UI payloads.

Replace raw slice(0, 500) with truncateUtf16Safe.

* fix(agents): keep exec reviewer rationale and prompt template description truncation UTF-16 safe

String.prototype.slice can split surrogate pairs at truncation boundaries,
producing broken U+FFFD in both exec approval rationale (500 chars) and
session prompt-template descriptions (60 chars).

Replace raw slice with truncateUtf16Safe in both locations.

* test(exec): cover UTF-16-safe reviewer rationale

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 12:04:19 +01:00
lsr911
78f9449d73 fix(channels): use truncateUtf16Safe for thread binding name truncation (#101527)
* fix(channels): use truncateUtf16Safe for thread binding name truncation

Raw .slice(0, 100) on emoji-labelled agent names can split a
surrogate pair, producing U+FFFD replacement characters in native
channel thread names.  Use truncateUtf16Safe instead.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(channels): cover UTF-16-safe thread names

* refactor(channels): keep thread binding import leaf-only

* refactor(channels): keep thread binding import leaf-only

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 12:03:24 +01:00
Peter Steinberger
454fccd784 fix(browser): keep screenshots private by default (#101434)
* fix(browser): keep screenshots private by default

* fix(browser): preserve screenshot share handles

* fix(browser): stage explicit screenshot shares

* test(browser): avoid screenshot share temp files
2026-07-07 11:56:49 +01:00
Momo
695fa4e112 fix(infra): handle detached respawn child errors (#101489)
* fix(infra): handle detached respawn child errors

* docs(infra): explain detached respawn error listener

* fix(infra): handle detached respawn child errors

* fix(infra): handle detached respawn child errors

---------

Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
2026-07-07 03:51:55 -07:00
NianJiu
040ac31546 fix: route direct outbound polls through channel adapters (#99950)
* fix: route direct outbound polls through channel adapters

* docs: note direct poll delivery

* test: isolate direct poll formatter label

---------

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 11:46:26 +01:00
wm0018
5511b6fcaf fix(status): keep issue message truncation UTF-16 safe (#101503)
* fix(status): keep issue message truncation UTF-16 safe

String.prototype.slice at offset 90 can split surrogate pairs in issue
titles displayed by `openclaw status --all`, rendering broken U+FFFD in
the channel issues column.

Replace raw slice(0, 90) with truncateUtf16Safe to match the existing
UTF-16-safe truncation hardening pattern.

Fixes #???

* test(status): cover UTF-16-safe issue rendering

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 11:45:36 +01:00
Peter Steinberger
942b449661 fix(exec): keep pending approval warnings truthful (#101561)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 11:30:41 +01:00
VectorPeak
cd5c3fc3b7 fix(mcp): reject non-object tool call arguments (#99180)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 11:26:01 +01:00
Peter Steinberger
42e2390b31 perf(test): run TUI PTY backends concurrently 2026-07-07 06:21:13 -04:00
Peter Steinberger
0d9329d3a2 revert(test): restore session plugin cleanup 2026-07-07 06:14:43 -04:00
pick-cat
61dce7cb6e fix: forward pending timeout snapshot in waitForAgentJob fallback timer (#89367)
* fix(agents): export isHardAgentRunTimeoutPhase for wait-layer reuse

* fix(gateway): forward pending hard-timeout snapshot in waitForAgentJob fallback timer (fixes #89095)

* test(gateway): add e2e proof for subagent hard-timeout parent notification (#89095)

* fix(gateway): match fallback hard-timeout gate to terminal-outcome contract

Also treat provider-started timeout snapshots as hard timeouts in the
waitForAgentJob fallback, mirroring buildAgentRunTerminalOutcome.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(gateway): use shared hard-timeout classifier in waitForAgentJob fallback

* chore: amend author email

* chore: rebase on main, resolve conflicts

* test(gateway): focus timeout fallback coverage

* docs(changelog): note agent wait timeout fix

* fix(gateway): isolate fresh wait terminal state

---------

Co-authored-by: Pick-cat <266665499+Pick-cat@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 11:11:13 +01:00
machine3at
a00e9fc228 fix(ssrf): block loopback addresses for trusted hostname origins (#100835)
* fix(ssrf): block loopback addresses for trusted hostname origins

* fix(ssrf): allow loopback resolution for explicitly trusted loopback/localhost hostnames

* refactor(cron): remove unrelated cron session option changes from ssrf branch

* test(ssrf): add explicit loopback-origin allow tests to close ClawSweeper proof gap

* test(ssrf): add real gateway runtime proof script for loopback rebinding

* fix(ssrf): harden trusted-host loopback checks

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 11:08:51 +01:00
Peter Steinberger
2394a0a559 perf(test): reuse session plugin registry 2026-07-07 05:56:30 -04:00
Alix-007
240487179b fix(web-fetch): keep spill content truncation UTF-16 safe (#101312)
* Fix UTF-16-safe web fetch spill truncation

* fix(web-fetch): report actual spill character count
2026-07-07 10:56:14 +01:00
Peter Steinberger
354a151544 feat(gateway): archive-gated session deletes give Android delete parity (#101522)
sessions.delete gains an explicit archivedOnly param (additive protocol
schema change, Swift models regenerated): with archivedOnly=true, the
dispatcher grants operator.write and the handler requires the target to
already be archived (archive-then-delete keeps destructive intent a
two-step action). Without the flag nothing changes: deletes require
operator.admin, so internal fallback/synthetic dispatch, subagent cleanup,
and CLI minting keep their admin contracts, and the session-kill HTTP
endpoint pins admin explicitly since it terminates live runs.

Android sends archivedOnly and offers Delete only on archived rows, where
its bounded (non-admin) operator session is now authorized; active rows
archive first. iOS/web connect with admin and keep unrestricted deletes.

Refs #100712
2026-07-07 10:52:53 +01:00
Pavan Kumar Gondhi
9133d552ac fix: block mixed-case cron shell jobs from agent tool [AI] (#101350)
* fix: normalize cron tool shell guard kinds

* fix(cron): narrow mixed-case shell guard

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 10:52:20 +01:00
Alix-007
b84ae42063 fix(agents): keep prompt data truncation UTF-16 safe (#101303) 2026-07-07 10:46:23 +01:00
Alix-007
d01015b243 Fix UTF-16-safe audit context truncation (#101298) 2026-07-07 10:43:45 +01:00
Peter Steinberger
da1b0fa2a8 perf(test): skip backup retry wall-clock waits 2026-07-07 05:19:26 -04:00
clinton codes
ef985ecd91 fix(gateway): reset channel restart counter after a stable run (#101413)
* fix(gateway): reset channel restart counter after a stable run

* fix(gateway): measure stable channel runtime precisely

Co-authored-by: Ubuntu <azureuser@clinton-dev-vm.tail405bf7.ts.net>

* refactor(gateway): collapse stable-run timing state

Co-authored-by: Ubuntu <azureuser@clinton-dev-vm.tail405bf7.ts.net>

---------

Co-authored-by: Ubuntu <azureuser@clinton-dev-vm.tail405bf7.ts.net>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 10:11:44 +01:00
Peter Steinberger
a2a68d154b fix(agent): preserve explicit recipient sessions (#101507)
* fix(agent): honor recipient session routing

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: pingfanfan <pingfan.work@gmail.com>

* fix(agent): preserve canonical recipient routes

* fix(agent): require exact recipient routes

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>

Co-authored-by: pingfanfan <pingfan.work@gmail.com>

* fix(agent): harden recipient route resolution

* fix(imessage): require canonical recipient handles

* fix(agent): refine provider recipient exactness

* fix(agent): bound direct alias session routing

* fix(signal): preserve direct alias route type

* fix(agent): honor binding-scoped recipient sessions

* fix(routing): honor configured main session aliases

* fix(clickclack): align account-owned session routes

* fix(twitch): preserve canonical recipient sessions

* fix(routing): isolate stable outbound identities

* chore: defer recipient session changelog

* fix(sms): use dedicated channel SDK facade

---------

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: pingfanfan <pingfan.work@gmail.com>
2026-07-07 10:07:13 +01:00
Peter Steinberger
13c1d3c408 fix(backup): close archive stream before retry cleanup (#101464)
* fix(backup): close archive stream before retry cleanup

Own the tar source and file writer with stream.pipeline so live-file EOF failures close the partial archive before Windows cleanup. Keep one native Windows handle-release regression and focused CI coverage.

Fixes #101382

Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>

* test(backup): track archive retry temp directory

* test(backup): model tar archive streams

* test(backup): model retry cleanup streams

---------

Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
2026-07-07 09:53:31 +01:00
ml12580
c1f9087e8e fix(cli): accept parent options placed after lazy subcommands (#55563 regression 1) [AI-assisted] (#94431)
* fix(cli): restore lazy parent option ordering

Co-authored-by: ml12580 <long.xinyuan3@xydigit.com>

* chore: defer release-owned changelog entry

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 09:45:04 +01:00
Peter Steinberger
c9c4226a23 perf(test): isolate model defaults policy fixtures 2026-07-07 04:44:37 -04:00
snowzlmbot
2f98e1fdb5 fix(telegram): address rich fallback proof review 2026-07-07 14:14:03 +05:30
snowzlmbot
982328218b fix(telegram): harden rich send fallback and typing breaker
- Raise typing-breaker default from 2 to 5 consecutive failures via a
  named constant, keeping explicit overrides intact.
- Extend rich-plain-fallback trigger map to classify
  RICH_MESSAGE_CONTENT_REQUIRED alongside existing invalid-entity
  errors so both durable and streaming send funnels benefit.
- Add empty rendered-rich-HTML guards before sendRichMessage in both
  the durable chunk loop (send.ts) and the streaming delivery funnel
  (delivery.send.ts), preventing doomed Bot API calls and preserving
  later valid chunks.
- Add regression tests for the default typing breaker, delivery-side
  and durable-side RICH_MESSAGE_CONTENT_REQUIRED fallback behavior.
2026-07-07 14:14:03 +05:30