Follow-up to the previous commit on this branch. The agent message-tool
schema now describes forceDocument/asDocument as a cross-channel knob,
so the public CLI help and the user-facing CLI docs need to match, and
the regenerated prompt snapshot fixtures need to drop the stale
"Telegram only" string the schema no longer emits.
* src/cli/program/message/register.send.ts: rephrase the `--force-document`
CLI option help from "Send media as document to avoid Telegram
compression (Telegram only)" to "Send media as document to avoid
channel compression (Telegram, WhatsApp)" so `openclaw message send
--help` no longer claims Telegram exclusivity.
* docs/cli/message.md: change the per-flag entry under `send` from
"Telegram only: --force-document (...avoid Telegram compression)" to
"Telegram + WhatsApp: --force-document (...avoid channel compression)"
so the public docs match both the schema and the CLI help.
* test/fixtures/agents/prompt-snapshots/codex-runtime-happy-path/*:
regenerate via `pnpm prompt:snapshots:gen` so the captured tool
descriptions, dynamic-tools JSON, and rough-token counts reflect the
new schema strings. Six fixtures change in lockstep:
- discord-group-codex-message-tool.md
- telegram-direct-codex-message-tool.md
- telegram-heartbeat-codex-tool.md
- codex-dynamic-tools.discord-group.json
- codex-dynamic-tools.telegram-direct.json
- codex-dynamic-tools.heartbeat-turn.json
Verified locally:
* `pnpm prompt:snapshots:check` reports 7 files current.
* `pnpm exec oxfmt --check --threads=1` is clean for both touched ts
files plus docs/cli/message.md and CHANGELOG.md.
* `pnpm test extensions/whatsapp/src/send.test.ts
extensions/whatsapp/src/inbound/send-api.test.ts` keeps the 51-case
WhatsApp send/inbound suite green, including the three new
forceDocument/asDocument cases from the previous commit.
Fix CLI web search/fetch command SecretRef resolution for provider-scoped plugin credentials.
- Carry command provider overrides through gateway and local secret resolution.
- Mark the selected web provider targets active and unrelated plugin refs inactive.
- Cover Tavily, DuckDuckGo, legacy Firecrawl fetch, protocol overrides, and runtime command-secret behavior.
- Add public plugin-sdk test mock exports needed by existing plugin tests after CI boundary enforcement.
Fixes#82621.
Replacement for #82699.
Co-authored-by: 吴杨帆 <39647285+leno23@users.noreply.github.com>
* Add config unset dry-run
Add --dry-run support to config unset, including JSON output and allow-exec validation parity with config set/patch dry-run handling.
* Refresh checks after proof update
* fix(config): address unset dry-run review
Return structured JSON when config unset dry-run misses a path and validate broad secret provider/default unsets against affected SecretRefs.
Fix logs.tail credential-header redaction and JSON-mode gateway transport errors.\n\nFixes #66832.\nFixes #79108.\nSupersedes #67041.\nSupersedes #79233.\n\nCo-authored-by: Mil Wang <mingjwan@microsoft.com>\nCo-authored-by: Andy Ye <35905412+TurboTheTurtle@users.noreply.github.com>
* fix(plugins): keep metadata memo freshness
* fix(plugins): keep metadata memo freshness
* fix(plugins): resolve metadata memo review gaps
* fix(plugins): scope metadata memo watches to env
* fix(plugins): tighten metadata memo fingerprint return type
`resolvePersistedRegistryFastMemoFingerprint` was annotated `: unknown`
but always returns object literals (`{ disabled: true }` or
`{ index, npmPackageJson }`). Spreading the unknown-typed result on
line 478 (`...fastFingerprint`) was rejected by tsgo with TS2698, which
cascaded across every check that runs the project compile (build,
tsgo:prod, check:test-types, lint, all node test shards).
Tighten the return type to `Record<string, unknown>` to match the
function's actual return shapes and unblock the spread.
* test(gateway): tolerate ENOENT in sessions.list spy predicate
The `sessions.list configuredAgentsOnly hides disk-discovered
unregistered agent stores` test spies on `fsSync.readFileSync` and
predicates with `fsSync.realpathSync.native(file) === realDiskOnlyStorePath`
for every captured read. The native realpath call throws on missing
files, so any new readFileSync of a path that may not exist (e.g. the
persisted plugin install records probe added in this PR) crashes the
predicate before the assertion runs.
Wrap the predicate in ENOENT tolerance so the test stays robust against
any future readFileSync of files that may not exist on disk.
* fix(plugins): refresh memo from cached registry
* fix(plugins): use high resolution memo fingerprints
* test(plugins): stabilize memo freshness regression
* test(cli): satisfy config mutation mock hash contract
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Route managed LaunchAgent package self-updates through the post-exit CLI handoff path and persist handoff helper failures through the update restart sentinel so agent-invoked updates cannot stay pending indefinitely.
Add handoff ownership guards for stale helpers, atomic helper sentinel writes, and regression coverage for unrelated and newer pending sentinels.
Fixes#81894.
Co-authored-by: B.K. <bandark@mac.com>
