Vincent Koc
f16ecd1dac
fix(ollama): unify context window handling across discovery, merge, and OpenAI-compat transport ( #29205 )
...
* fix(ollama): inject num_ctx for OpenAI-compatible transport
* fix(ollama): discover per-model context and preserve higher limits
* fix(agents): prefer matching provider model for fallback limits
* fix(types): require numeric token limits in provider model merge
* fix(types): accept unknown payload in ollama num_ctx wrapper
* fix(types): simplify ollama settled-result extraction
* config(models): add provider flag for Ollama OpenAI num_ctx injection
* config(schema): allow provider num_ctx injection flag
* config(labels): label provider num_ctx injection flag
* config(help): document provider num_ctx injection flag
* agents(ollama): gate OpenAI num_ctx injection with provider config
* tests(ollama): cover provider num_ctx injection flag behavior
* docs(config): list provider num_ctx injection option
* docs(ollama): document OpenAI num_ctx injection toggle
* docs(config): clarify merge token-limit precedence
* config(help): note merge uses higher model token limits
* fix(ollama): cap /api/show discovery concurrency
* fix(ollama): restrict num_ctx injection to OpenAI compat
* tests(ollama): cover ipv6 and compat num_ctx gating
* fix(ollama): detect remote compat endpoints for ollama-labeled providers
* fix(ollama): cap per-model /api/show lookups to bound discovery load
2026-02-27 17:20:47 -08:00
Rodrigo Uroz
0fe6cf06b2
Compaction: preserve opaque identifiers in summaries (openclaw#25553) thanks @rodrigouroz
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-02-27 08:14:05 -06:00
Onur Solmaz
a7929abad8
Discord: thread bindings idle + max-age lifecycle ( #27845 ) (thanks @osolmaz)
...
* refactor discord thread bindings to idle and max-age lifecycle
* fix: migrate legacy thread binding expiry and reduce hot-path disk writes
* refactor: remove remaining thread-binding ttl legacy paths
* fix: harden thread-binding lifecycle persistence
* Discord: fix thread binding types in message/reply paths
* Infra: handle win32 unknown inode in file identity checks
* Infra: relax win32 guarded-open identity checks
* Config: migrate threadBindings ttlHours to idleHours
* Revert "Infra: relax win32 guarded-open identity checks"
This reverts commit de9412677196fc5ddfb3#27845 ) (thanks @osolmaz)
---------
Co-authored-by: Onur Solmaz <onur@textcortex.com >
2026-02-27 10:02:39 +01:00
Vincent Koc
cb9374a2a1
Gateway: improve device-auth v2 migration diagnostics ( #28305 )
...
* Gateway: add device-auth detail code resolver
* Gateway: emit specific device-auth detail codes
* Gateway tests: cover nonce and signature detail codes
* Docs: add gateway device-auth migration diagnostics
* Docs: add device-auth v2 troubleshooting signatures
2026-02-26 21:05:43 -08:00
Vincent Koc
88a0d87490
Docs: align gateway config key paths with metadata ( #28196 )
...
* Docs: align gateway config key paths in reference
* Docs: expand config reference coverage for channels plugins and providers
2026-02-26 22:35:43 -05:00
Peter Steinberger
cc1eaf130b
docs(gateway): clarify remote token local fallback semantics
2026-02-26 15:59:44 +01:00
Peter Steinberger
4380d74d49
docs(secrets): add dedicated apply plan contract page
2026-02-26 14:47:22 +00:00
joshavant
14897e8de7
docs(secrets): clarify partial migration guidance
2026-02-26 14:47:22 +00:00
joshavant
ea1ccf4896
docs(secrets): add direct 1password exec example
2026-02-26 14:47:22 +00:00
joshavant
f46b9c996f
feat(secrets): allow opt-in symlink exec command paths
2026-02-26 14:47:22 +00:00
joshavant
06290b49b2
feat(secrets): finalize mode rename and validated exec docs
2026-02-26 14:47:22 +00:00
joshavant
f413e314b9
feat(secrets): replace migrate flow with audit/configure/apply
2026-02-26 14:47:22 +00:00
joshavant
bde9cbb058
docs(secrets): align provider model and add exec resolver coverage
2026-02-26 14:47:22 +00:00
joshavant
5e3a86fd2f
feat(secrets): expand onboarding secret-ref flows and custom-provider parity
2026-02-26 14:47:22 +00:00
joshavant
e8637c79b3
fix(secrets): harden sops migration sops rule matching
2026-02-26 14:47:22 +00:00
joshavant
0e69660c41
feat(secrets): finalize external secrets runtime and migration hardening
2026-02-26 14:47:22 +00:00
joshavant
9203d583f9
Docs: add secrets and CLI secrets reference pages
2026-02-26 14:47:22 +00:00
joshavant
c0a3801086
Docs: document secrets refs runtime and migration
2026-02-26 14:47:22 +00:00
Peter Steinberger
7d8aeaaf06
fix(gateway): pin paired reconnect metadata for node policy
2026-02-26 14:11:04 +01:00
Gustavo Madeira Santana
dfa0b5b4fc
Channels: move single-account config into accounts.default ( #27334 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 50b57718085599352+gumadeiras@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-02-26 04:06:03 -05:00
Sid
c289b5ff9f
fix(config): preserve agent-level apiKey/baseUrl during models.json merge ( #27293 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 6b4b37b03d201593046+Sid-Qin@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-02-26 03:46:36 -05:00
yinghaosang
92c309f2e1
docs: fix wrong Providers link in configuration examples
2026-02-26 02:41:07 -06:00
Gustavo Madeira Santana
91a3f0a3fe
pairing: enforce strict account-scoped state
2026-02-26 00:31:24 -05:00
Peter Steinberger
4ada143794
docs(heartbeat): add directPolicy to config examples
2026-02-26 03:59:38 +01:00
Peter Steinberger
8a006a3260
feat(heartbeat): add directPolicy and restore default direct delivery
2026-02-26 03:57:03 +01:00
Peter Steinberger
c736f11a16
fix(gateway): harden browser websocket auth chain
2026-02-26 01:22:49 +01:00
Peter Steinberger
42f455739f
fix(security): clarify denyCommands exact-match guidance
2026-02-26 00:55:35 +01:00
Peter Steinberger
eb73e87f18
fix(session): prevent silent overflow on parent thread forks ( #26912 )
...
Lands #26912 from @markshields-tl with configurable session.parentForkMaxTokens and docs/tests/changelog updates.
Co-authored-by: Mark Shields <239231357+markshields-tl@users.noreply.github.com >
2026-02-25 23:54:02 +00:00
Peter Steinberger
8f5f599a34
docs(security): note narrow filesystem roots for tool access
2026-02-25 05:10:10 +00:00
Peter Steinberger
52d933b3a9
refactor: replace bot.molt identifiers with ai.openclaw
2026-02-25 05:03:24 +00:00
Peter Steinberger
069c495df6
docs: clarify pairing commands in faq and troubleshooting
2026-02-25 02:50:17 +00:00
Peter Steinberger
a12cbf8994
docs: refresh CLI and trusted-proxy docs
2026-02-25 02:40:12 +00:00
Peter Steinberger
24d7612ddf
refactor(heartbeat): harden dm delivery classification
2026-02-25 02:13:07 +00:00
Peter Steinberger
a805d6b439
fix(heartbeat): block dm targets and internalize blocked prompts
2026-02-25 02:05:45 +00:00
Peter Steinberger
e2362d352d
fix(heartbeat): default target none and internalize relay prompts
2026-02-25 01:28:47 +00:00
Peter Steinberger
ee6fec36eb
docs(discord): document DAVE defaults and decrypt recovery
2026-02-25 00:28:06 +00:00
Peter Steinberger
9cd50c51b0
fix(discord): harden voice DAVE receive reliability ( #25861 )
...
Reimplements and consolidates related work:
- #24339 stale disconnect/destroyed session guards
- #25312 voice listener cleanup on stop
- #23036 restore @snazzah/davey runtime dependency
Adds Discord voice DAVE config passthrough, repeated decrypt failure
rejoin recovery, regression tests, docs, and changelog updates.
Co-authored-by: Frank Yang <frank.ekn@gmail.com >
Co-authored-by: Do Cao Hieu <admin@docaohieu.com >
2026-02-25 00:19:50 +00:00
Peter Steinberger
14b6eea6e3
feat(sandbox): block container namespace joins by default
2026-02-24 23:20:34 +00:00
Peter Steinberger
370d115549
fix: enforce workspaceOnly for native prompt image autoload
2026-02-24 14:47:59 +00:00
Peter Steinberger
8cc841766c
docs(security): enumerate dangerous config parameters
2026-02-24 14:25:43 +00:00
Peter Steinberger
4d124e4a9b
feat(security): warn on likely multi-user trust-model mismatch
2026-02-24 14:03:19 +00:00
Peter Steinberger
8c5cf2d5b2
docs(subagents): document default runTimeoutSeconds config ( #24594 ) (thanks @mitchmcalister)
2026-02-24 04:22:43 +00:00
Peter Steinberger
223d7dc23d
feat(gateway)!: require explicit non-loopback control-ui origins
2026-02-24 01:57:11 +00:00
Peter Steinberger
5eb72ab769
fix(security): harden browser SSRF defaults and migrate legacy key
2026-02-24 01:52:01 +00:00
Peter Steinberger
f0f886ecc4
docs(security): clarify gateway-node trust boundary in docs
2026-02-24 01:35:44 +00:00
Peter Steinberger
cfa44ea6b4
fix(security): make allowFrom id-only by default with dangerous name opt-in ( #24907 )
...
* fix(channels): default allowFrom to id-only; add dangerous name opt-in
* docs(security): align channel allowFrom docs with id-only default
2026-02-24 01:01:51 +00:00
Peter Steinberger
41b0568b35
docs(security): clarify shared-agent trust boundaries
2026-02-24 01:00:05 +00:00
Peter Steinberger
400220275c
docs: clarify multi-instance recommendations for user isolation
2026-02-24 00:40:08 +00:00
Peter Steinberger
7d55277d72
docs: clarify operator trust boundary for shared gateways
2026-02-24 00:25:01 +00:00
Gustavo Madeira Santana
eff3c5c707
Session/Cron maintenance hardening and cleanup UX ( #24753 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7533b851565599352+gumadeiras@users.noreply.github.com >
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com >
Reviewed-by: @shakkernerd
2026-02-23 22:39:48 +00:00
