Commit Graph

1136 Commits

Author SHA1 Message Date
Ted Li
b67df3797a fix(telegram): explain disabled plugin approval failures (#95973)
* fix: explain disabled Telegram plugin approvals

* fix: handle disabled Telegram native plugin approvals

* fix: resolve exec approval surface independently

* fix: tie plugin approval setup guidance to plugin surface

* Revert "fix: tie plugin approval setup guidance to plugin surface"

This reverts commit 34e3c10e23.

* fix: gate plugin approval setup guidance

* fix: gate plugin approval availability by delivery

* fix: preserve plugin approval approver auth

* fix: make plugin setup guidance explicit

* test: trim approval guidance proof radius

* Avoid setup guidance on routed approval timeout

* Carry plugin approval delivery route into timeouts

* Keep turn-source approval route visible

* fix(approvals): prefer delivered approval clients

* fix(approvals): prefer delivered approval clients

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-02 14:15:25 -07:00
Allen Hurff
968aa51b80 [codex] fix(memory-lancedb): align apache arrow peer dependency (#99118)
* fix(memory-lancedb): align apache arrow peer dependency

* fix(memory-lancedb): refresh arrow dependency graph

---------

Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-07-02 15:59:13 -05:00
lsr911
badbae77df fix(slack): guard relay frame parsing
* fix(slack): guard relay WebSocket frame JSON.parse against malformed input

Slack Socket Mode relay receives WebSocket frames from external
infrastructure. parseRelayFrame() used bare JSON.parse() which would
throw raw SyntaxError on malformed frames, potentially crashing the
relay connection.

Wrap JSON.parse in try/catch and throw SlackRelayMalformedFrameError
with the original SyntaxError as cause, so callers can distinguish
transport errors from parse errors.

D4 dimension — all competitors have zero coverage.

Signed-off-by: lsr911 <liao.shirong@xydigit.com>

* fix(slack): repair relay frame guard tests

---------

Signed-off-by: lsr911 <liao.shirong@xydigit.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-01 04:50:08 -07:00
Sachintha Bhashitha
5113fbf4cc fix(slack): truncate served arg-menu option labels on a surrogate boundary (#97923) 2026-07-01 03:12:56 -07:00
weiqinl
5e572dcf78 fix(slack): prefer current thread session for inherited outbound replies (#97168)
* fix(slack): prefer current thread session for inherited outbound replies to avoid delivery-mirror session sprawl

* fix(slack): require explicit replyToIsExplicit===false for current-session precedence

* fix(slack): canonicalize inherited thread replies

---------

Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
2026-06-30 16:38:34 -07:00
Vincent Koc
3e2646a786 fix(release): use workspace host deps in release lockfile
(cherry picked from commit d377c0f910)
2026-06-30 15:54:12 -07:00
Vincent Koc
66e676d29b chore(release): close out 2026.6.11 on main 2026-06-30 11:31:08 -07:00
Masato Hoshino
5c4e478df4 fix(slack): expose sender bot status in context (#97822)
* fix(slack): expose sender bot status in context

* fix(slack): expose sender bot status in context

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-06-30 10:29:42 -07:00
Dallin Romney
39e1be080c feat(slack): support alternate Web API roots (#97154)
* Allow Slack to target alternate Web API roots

* Protect Slack API URL routing

* Simplify Slack API URL routing

* Use env-only Slack API root routing

* Remove Slack client option alias

* Keep Slack API URL dotenv test inline

* Remove leftover Slack PR churn

* Block workspace Slack API URL dotenv

* Preserve Slack proxy HTTPS protocol

* Keep Slack option resolution explicit

* Remove Slack probe formatting diff

* fix(slack): preserve explicit API root precedence

* fix(slack): narrow cached write client options
2026-06-28 18:52:37 -07:00
llagy009
e8d7b1feaf fix(slack): truncate rich text preview on UTF-16 boundary (#96577)
summarizeRichTextPreview truncated the block-action rich text preview
with String.slice(0, 119) on a UTF-16 code-unit index, so an astral
character straddling the 120-char boundary was cut into a lone
surrogate in the interaction summary preview.

Use truncateUtf16Safe so truncation never splits a surrogate pair,
keeping the existing 120-char budget and ellipsis suffix.

Adds tests driving the block_actions handler with a rich_text_input at
the truncation boundary, asserting the preview stays UTF-16 well formed
and that a complete emoji is kept when it fits.
2026-06-28 16:50:34 -07:00
Masato Hoshino
cd6d0f9b00 fix(slack): sanitize internal tool-trace lines from outbound text (#97367)
Wrap the slack outbound sanitizeText hook with sanitizeAssistantVisibleText so assistant internal tool-trace scaffolding is stripped before delivery, matching the sibling channel fixes under #90684 (Telegram #95774, Google Chat #95084, IRC #97214).
2026-06-28 12:14:35 -07:00
Bek
9c95abd49d fix: seed Slack thread context after reset (#97100) 2026-06-28 02:36:53 -04:00
llagy009
90c20d15c2 fix(slack): truncate approval mrkdwn on UTF-16 boundary (#96576)
truncateSlackMrkdwn cut approval Block Kit mrkdwn (Command/Request/
plugin description) with String.slice(0, maxChars - 1), which can split
an astral character's surrogate pair at the 2600-char preview limit,
leaving a lone surrogate in the chat.postMessage/chat.update payload.

Slice with sliceUtf16Safe so truncation never splits a surrogate pair,
keeping the existing ellipsis suffix and length budget.

Adds tests asserting exec command and plugin request mrkdwn stay free of
lone surrogates, plus a BMP regression keeping the existing limit.
2026-06-27 09:31:20 -07:00
Josh Lehman
7e2b2d2987 refactor: migrate bundled session metadata reads (#96527) 2026-06-24 12:19:53 -07:00
ly-wang19
1069c60e1e fix(slack): truncate on code-point boundaries to avoid splitting surrogate pairs (#96382)
truncateSlackText sliced by UTF-16 code unit ('trimmed.slice(0, max - 1)'), so an
emoji or other astral character straddling the limit was cut in half, leaving a
lone high surrogate before the ellipsis — e.g. truncateSlackText('abc😀def', 5)
returned 'abc\uD83D…' instead of 'abc…'. That invalid half-character is sent in
live Slack payloads (message text and Block Kit section/button/header/option
labels, which truncate at limits as small as 75).

Use the repo's canonical sliceUtf16Safe (already re-exported from
plugin-sdk/text-utility-runtime, the module slack code imports from) so a
straddling pair is dropped whole. Behavior is byte-identical for all-BMP input.

Co-authored-by: ly-wang19 <ly-wang19@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-24 19:30:29 +08:00
Vincent Koc
0671c08900 chore(release): close out 2026.6.10 on main (#96271)
* chore(release): close out 2026.6.10 on main

* chore(release): align native app metadata for 2026.6.10

* chore(release): sync Android 2026.6.10 notes

* docs(changelog): preserve 2026.6.9 history

* docs(changelog): preserve 2026.6.9 history
2026-06-24 11:51:14 +08:00
Vincent Koc
f378de9d5b refactor(slack): share posted chunk loop 2026-06-22 19:16:55 +08:00
Vincent Koc
c57fee8239 chore(deadcode): remove stale preview helper APIs 2026-06-22 15:07:07 +08:00
Vincent Koc
674b4f3372 refactor(plugins): move owner skills into plugins
Move Canvas, Discord, Slack, voice-call, and WhatsApp skill docs from the root bundled skill tree into their owning plugin packages, with manifest skills declarations and docs/test path updates.

Validation:
- node --import tsx scripts/sync-plugin-versions.ts --check
- node scripts/run-vitest.mjs src/skills/loading/env-path-guidance.test.ts
- autoreview clean
- Crabbox Azure pnpm check:changed run_59ba76511d57 / lease cbx_cbc6750dad72
- wrapper prepare passed pnpm install --frozen-lockfile, pnpm build, and pnpm check before the oversized full local pnpm test was stopped

Follow-up: #95132 remains as the stacked PR for the rest of the starter-skill/Sherpa/ClawHub work.
2026-06-22 13:54:08 +08:00
Vincent Koc
7da955fae4 fix(config): type slack secret refs 2026-06-21 20:58:33 +02:00
Sarah Fortune
6fa944e80f [codex] Add Slack relay mode for incoming messages (#94707) 2026-06-21 11:28:33 -07:00
Vincent Koc
b039e949b6 chore(release): close out 2026.6.9 2026-06-21 12:24:15 +08:00
Chunyue Wang
e3ccf8743f fix(channels): resolve native /think menu levels via runtime catalog for live-discovered models (#94067)
Merged via squash.

Prepared head SHA: 079347b8b8
Co-authored-by: openperf <80630709+openperf@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
2026-06-20 23:56:53 -04:00
Bek
3d05e973f0 fix(slack): record canonical sent thread (#95250) 2026-06-20 02:45:58 -04:00
Vincent Koc
0a3e0d081d test: remove no-op mock registrars 2026-06-19 22:55:38 +08:00
Peter Steinberger
341ae21d03 feat(slack): handle global and message shortcuts (#94881)
Merged via squash.

Prepared head SHA: 32dea12d7a
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
2026-06-19 14:12:30 +01:00
Andrew Stroup
378c4134f1 fix(slack): default member-info userId to inbound sender (#89236)
Merged via squash.

Prepared head SHA: c7a39e54f7
Co-authored-by: stroupaloop <2424551+stroupaloop@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
2026-06-19 14:03:29 +01:00
Vincent Koc
cd2d837a1f fix(slack): preserve buffered thread stream replies (#78536)
Merged via squash.

Prepared head SHA: 0d8d75918d
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
2026-06-19 14:02:50 +01:00
NIO
47545e04c4 fix(channels): stop duplicating inbound previews in system events (#94589)
Merged via squash.

Prepared head SHA: 981003591c
Co-authored-by: hugenshen <16300669+hugenshen@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
2026-06-19 13:37:28 +01:00
Vincent Koc
7211d77553 refactor(channels): drop unused approval aliases 2026-06-19 16:41:19 +08:00
Vincent Koc
44b0644e88 fix(slack): cancel followed redirect bodies 2026-06-19 10:12:35 +02:00
clawsweeper[bot]
308fb97f7a feat(slack): log INFO receipt for inbound app_mention events (#94790)
Summary:
- The branch adds a Slack subsystem INFO receipt formatter/logger for accepted non-DM app_mention events before dispatch, plus direct log tests and a test-harness team id.
- PR surface: Source +37, Tests +81. Total +118 across 3 files.
- Reproducibility: yes. from source inspection. Current main and v2026.6.8 route accepted Slack app_mention ev ... andleSlackMessage without a per-inbound INFO receipt, while Telegram emits an inbound line before dispatch.

Automerge notes:
- PR branch already contained follow-up commit before automerge: feat(slack): log INFO receipt for inbound app_mention events

Validation:
- ClawSweeper review passed for head b174201e0a.
- Required merge gates passed before the squash merge.

Prepared head SHA: b174201e0a
Review: https://github.com/openclaw/openclaw/pull/94790#issuecomment-4748509343

Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Co-authored-by: ZengWen-DT <290981215+ZengWen-DT@users.noreply.github.com>
2026-06-19 05:10:54 +00:00
Xavier Coulon
fbc12e0879 fix(slack): stop leaking bot token into /api/auth.test request body (#94574)
* fix(slack): stop leaking bot token into /api/auth.test request body

The bot token is already passed as an `Authorization` header,
so we don't need to send it in the request body when calling `/api/auth.test`.

See [Slack API documentation](https://api.slack.com/methods/auth.test).

Also, showing with `curl` that the bot token is not needed in the request body when passed as an `Authorization` header when calling `/api/auth.test`:
```
curl -X POST https://slack.com:443/api/auth.test -H "Authorization: Bearer xoxb-..."
{"ok":true,"url":"https://xcoulonworkspace.slack.com/","team":"xcoulon",...}
```

Signed-off-by: Xavier Coulon <xcoulon@redhat.com>

* add test for slack auth.test token handling

verify that the bot token is not passed in the request body when calling `/api/auth.test`.

Signed-off-by: Xavier Coulon <xcoulon@redhat.com>

---------

Signed-off-by: Xavier Coulon <xcoulon@redhat.com>
2026-06-18 18:09:37 -04:00
Vincent Koc
153c395527 test(slack): throw Error instances in reconnect loop test 2026-06-18 08:40:02 +02:00
Subash Natarajan
01dcaba78d fix(slack): remove socket reconnect attempt cap so gateway stays connected indefinitely (#73162)
Merged via squash.

Prepared head SHA: ac51979a7f
Co-authored-by: suboss87 <11032439+suboss87@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
2026-06-18 08:18:30 +02:00
Vincent Koc
abb6f04e0c ci(release): harden release controls
One-time maintainer-authorized bootstrap merge for the release-gate verifier policy. Exact hosted CI and all supporting workflow gates passed on 66133de419.
2026-06-18 03:11:20 +08:00
Alix-007
d2bf67f4b7 fix(slack): recognize MiniMax mm: namespaced reasoning tags in monitor preview (#93874) 2026-06-17 11:44:19 +08:00
Vincent Koc
975d2e9b2b fix(slack): preserve completed native progress titles 2026-06-17 11:06:28 +08:00
Vincent Koc
00d2452fac chore(release): refresh npm shrinkwrap versions 2026-06-17 07:32:37 +08:00
Vincent Koc
6774e7f259 chore(release): sync main to 2026.6.8 2026-06-17 07:25:30 +08:00
Shakker
920e6a8eec chore: set version 2026.6.9 2026-06-16 19:54:07 +01:00
keshavbotagent
257d540297 Keep command text in progress drafts (#93711)
* Keep command text in progress drafts

* test(channels): align successful progress drafts

---------

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-06-17 02:41:59 +08:00
lizeyu-xydt
5afddf547e fix(discord): apply tool status emojis immediately to avoid override by thinking reactions (#93488)
* fix(discord): apply tool status emojis immediately to avoid override by thinking reactions

Tool emoji reactions (🛠️, 🌐, 🔎, etc.) during Discord tool/skill execution
were not appearing because setTool() used a 700ms debounce shared with
setThinking(). Rapid onReasoningStream calls from overlapping reasoning
would repeatedly overwrite the pending tool emoji with 🧠, so the tool
emoji never reached Discord.

Fix by making setTool() apply emojis immediately (skip debounce). Tool
transitions are user-facing state changes that should be visible without
delay, and the terminal done/error transitions already flush any pending
state.

Fixes #92715.

* fix(discord): forward quiet tool lifecycle status

* fix(slack): preserve tool status reactions

* test(channels): type quiet tool lifecycle options

---------

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
2026-06-16 13:33:32 +08:00
Shakker
dc573a38dc fix: update dependency pins 2026-06-15 19:48:43 +01:00
Vincent Koc
0ea08076c3 fix(agents): preserve CLI message delivery evidence 2026-06-16 02:45:41 +08:00
Ben Badejo
3fc850fe86 fix(matrix): replace recovered command progress lines (#89920)
* fix(matrix): replace recovered command progress lines

* fix(matrix): replace recovered command progress lines

* fix(matrix): share command progress identity

* fix(channels): share command progress identity

* fix command progress draft replacement

* fix command progress ids without changing public line ids

* test(telegram): assert command progress preview update

* fix(telegram): keep progress preview test typed

---------

Co-authored-by: Benjamin Badejo <ben@benbadejo.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
2026-06-15 19:14:43 +10:00
Ciward
364461949d fix: refresh slash command routing config (#39617)
Use the active runtime snapshot for Discord and Slack native command routing and Discord autocomplete after config hot writes.

Fixes #39605

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-06-14 09:32:18 -07:00
sandieman2
c67dc59b02 fix(reply): deliver final reply when queued follow-up claims session; scope dedupe to routed thread (#90943)
* fix(reply): deliver final reply when queued follow-up claims session; scope dedupe to routed thread

Two core bugs caused composed replies to be silently dropped (no delivery,
no error) when a second message arrived in the same thread mid-run:

1. dispatch-from-config: ensureDispatchReplyOperation only kept the
   dispatch-owned operation authoritative while it had no result. Once
   runReplyAgent completed the operation to drain queued follow-ups, a
   second same-thread inbound could claim the session and the first final
   reply would try to re-acquire the lane instead of finishing delivery,
   deadlocking behind the queued work. Keep the dispatch-owned operation
   authoritative through final delivery.

2. reply-payloads-dedupe: messaging-tool reply dedupe compared only the
   channel target, not the routed thread, so a send in one thread could
   suppress a later reply in a different thread. Thread the routed thread
   id through buildReplyPayloads + follow-up delivery and only fall back to
   channel-only matching for providers without a thread-aware suppression
   matcher when neither side carries thread evidence.

Adds regression tests; existing Telegram topic-suppression behavior is
preserved by gating the thread guard to providers lacking a plugin matcher.

* fix(reply): preserve threaded message delivery evidence

* fix(reply): dedupe final payloads by delivery route

* fix(slack): preserve native send thread evidence

* fix(reply): preserve explicit reply thread evidence

* fix(reply): align explicit reply route dedupe

* fix(reply): preserve delivery lane through final dispatch

* fix(mattermost): preserve threaded tool send routes

* chore(plugin-sdk): refresh API baseline

* fix(reply): align final delivery route dedupe

* fix(reply): gate followups on final delivery

* fix(reply): keep send receipts private

* fix(reply): infer implicit message provider

* fix(reply): align routed threading policy

* fix(reply): preserve queued delivery context

* fix(reply): hydrate queued system event routes

* fix(reply): hydrate queued execution routes

* fix(reply): scope final delivery barriers

* fix(slack): preserve DM target aliases

* fix(reply): mirror resolved source thread routes

* fix(mattermost): retain delayed delivery barrier

* fix(codex): separate message routing from tool policy

* fix(reply): consume normalized Slack DM targets once

* fix(slack): remove stale target alias

* style(reply): satisfy changed lint gates

* fix(mattermost): preserve explicit reply targets

* test: align Slack reply branch checks

* fix(reply): persist overflow summaries to admitted session

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-06-14 09:11:05 -07:00
Rishi Tamrakar
dc493bc9a2 fix(slack): emit message_sent on outbound replies (#89943)
Emit terminal Slack message_sent and message:sent hooks across normal, streaming, preview, fallback, slash, failure, and TTS reply paths with canonical session/target correlation and one outcome per logical payload.

Fixes #89942

Co-authored-by: Rishi Tamrakar <rishi.ktamrakar@gmail.com>
2026-06-13 06:10:51 -07:00
Alix-007
26281a8a11 fix(slack): diagnose invalid channel map keys (#89438)
Diagnose Slack channel-map keys that cannot route as configured, including account inheritance, open-policy overrides, malformed room identifiers, and DM identifiers.

Fixes #81665

Co-authored-by: Alix-007 <li.long15@xydigit.com>
2026-06-13 03:13:14 -07:00