diff --git a/CHANGELOG.md b/CHANGELOG.md index a9ad5a94a26..521b3b99dea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,19 +10,22 @@ Docs: https://docs.openclaw.ai ### Fixes -- Release/install: Keep previously released bundled plugins and Control UI assets in published openclaw npm installs, and fail release checks when those shipped artifacts are missing. Thanks @vincentkoc. +- Plugins/message tool: make Discord `components` and Slack `blocks` optional again, and route Feishu `message(..., media=...)` sends through the outbound media path, so pin/unpin/react flows stop failing schema validation and Feishu file/image attachments actually send. Fixes #52970 and #52962. Thanks @vincentkoc. +- Gateway/model pricing: stop `openrouter/auto` pricing refresh from recursing indefinitely during bootstrap, so OpenRouter auto routes can populate cached pricing and `usage.cost` again. Fixes #53035. Thanks @vincentkoc. +- Browser/Chrome MCP: wait for existing-session browser tabs to become usable after attach instead of treating the initial Chrome MCP handshake as ready, which reduces user-profile timeouts and repeated consent churn on macOS Chrome attach flows. Fixes #52930. Thanks @vincentkoc. +- Browser/CDP: reuse an already-running loopback browser after a short initial reachability miss instead of immediately falling back to relaunch detection, which fixes second-run browser start/open regressions on slower headless Linux setups. Fixes #53004. Thanks @vincentkoc. +- ClawHub/skills: resolve the local ClawHub auth token for gateway skill browsing and switch browse-all requests to search so ClawControl stops falling into unauthenticated 429s and empty authenticated skill lists. Fixes #52949. Thanks @vincentkoc. +- ClawHub/macOS auth: honor macOS auth config and XDG auth paths for saved ClawHub credentials, so `openclaw skills ...` and gateway skill browsing keep using the signed-in auth state instead of silently falling back to unauthenticated mode. Fixes #53034. +- Agents/web_search: use the active runtime `web_search` provider instead of stale/default selection, so agent turns keep hitting the provider you actually configured. Fixes #53020. +- Channels/catalog: let external channel catalogs override shipped fallback metadata and honor overridden npm specs during channel setup, so custom channel catalogs no longer fall back to bundled packages when a channel id matches. (#52988) +- Gateway/auth: require auth for canvas routes and admin scope for agent session reset, so anonymous canvas access and non-admin reset requests fail closed. +- Gateway/probe: stop successful gateway handshakes from timing out as unreachable while post-connect detail RPCs are still loading, so slow devices report a reachable RPC failure instead of a false negative dead gateway. Fixes #52927. Thanks @vincentkoc. +- Gateway/supervision: stop lock conflicts from crash-looping under launchd and systemd by keeping the duplicate process in a retry wait instead of exiting as a failure while another healthy gateway still owns the lock. Fixes #52922. Thanks @vincentkoc. +- Config/plugins: treat stale unknown `plugins.allow` ids as warnings instead of fatal config errors, so recovery commands like `plugins install`, `doctor --fix`, and `status` still run when a plugin is missing locally. Fixes #52992. Thanks @vincentkoc. - Doctor/WhatsApp: stop auto-enable from appending built-in channel ids like `whatsapp` to `plugins.allow`, so `openclaw doctor --fix` no longer writes schema-invalid plugin allowlist entries when repairing built-in channels. Fixes #52931. Thanks @vincentkoc. - Agents/Anthropic: preserve latest assistant thinking and redacted-thinking block ordering during transcript image sanitization so follow-up turns do not trip Anthropic's unmodified-thinking validation. (#52961) Thanks @vincentkoc. -- Gateway/supervision: stop lock conflicts from crash-looping under launchd and systemd by keeping the duplicate process in a retry wait instead of exiting as a failure while another healthy gateway still owns the lock. Fixes #52922. Thanks @vincentkoc. -- Browser/Chrome MCP: wait for existing-session browser tabs to become usable after attach instead of treating the initial Chrome MCP handshake as ready, which reduces user-profile timeouts and repeated consent churn on macOS Chrome attach flows. Fixes #52930. Thanks @vincentkoc. -- Gateway/probe: stop successful gateway handshakes from timing out as unreachable while post-connect detail RPCs are still loading, so slow devices report a reachable RPC failure instead of a false negative dead gateway. Fixes #52927. Thanks @vincentkoc. -- Config/plugins: treat stale unknown `plugins.allow` ids as warnings instead of fatal config errors, so recovery commands like `plugins install`, `doctor --fix`, and `status` still run when a plugin is missing locally. Fixes #52992. Thanks @vincentkoc. -- Browser/CDP: reuse an already-running loopback browser after a short initial reachability miss instead of immediately falling back to relaunch detection, which fixes second-run browser start/open regressions on slower headless Linux setups. Fixes #53004. Thanks @vincentkoc. -- Plugins/message tool: make Discord `components` and Slack `blocks` optional again so pin/unpin/react flows stop failing schema validation and Slack media sends are no longer forced into an invalid blocks-plus-media payload. Fixes #52970 and #52962. Thanks @vincentkoc. -- Plugins/Feishu: route `message(..., media=...)` sends through the Feishu outbound media path so file and image attachments actually send instead of being silently dropped. Fixes #52962. Thanks @vincentkoc. -- ClawHub/skills: resolve the local ClawHub auth token for gateway skill browsing and switch browse-all requests to search so ClawControl stops falling into unauthenticated 429s and empty authenticated skill lists. Fixes #52949. Thanks @vincentkoc. -- Gateway/model pricing: stop `openrouter/auto` pricing refresh from recursing indefinitely during bootstrap, so OpenRouter auto routes can populate cached pricing and `usage.cost` again. Fixes #53035. Thanks @vincentkoc. -- Channels/catalog: let external channel catalogs override shipped fallback metadata and honor overridden npm specs during channel setup, so custom channel catalogs no longer fall back to bundled packages when a channel id matches. (#52988) +- Voice-call/Plivo: stabilize Plivo v2 replay keys so webhook retries and replay protection stop colliding on valid follow-up deliveries. +- Release/install: keep previously released bundled plugins and Control UI assets in published openclaw npm installs, and fail release checks when those shipped artifacts are missing. Thanks @vincentkoc. ## 2026.3.22 diff --git a/src/cli/daemon-cli/install.test.ts b/src/cli/daemon-cli/install.test.ts index 9d14c895ba1..33f07c8585f 100644 --- a/src/cli/daemon-cli/install.test.ts +++ b/src/cli/daemon-cli/install.test.ts @@ -355,4 +355,34 @@ describe("runDaemonInstall", () => { }), ); }); + + it("reuses env-backed service secrets during forced reinstall when the current shell is missing them", async () => { + service.isLoaded.mockResolvedValue(true); + service.readCommand.mockResolvedValue({ + programArguments: ["openclaw", "gateway", "run"], + environment: { + OPENAI_API_KEY: "service-openai-key", + }, + } as never); + const previous = process.env.OPENAI_API_KEY; + delete process.env.OPENAI_API_KEY; + try { + await runDaemonInstall({ json: true, force: true }); + + expect(buildGatewayInstallPlanMock).toHaveBeenCalledWith( + expect.objectContaining({ + env: expect.objectContaining({ + OPENAI_API_KEY: "service-openai-key", + }), + }), + ); + expect(installDaemonServiceAndEmitMock).toHaveBeenCalledTimes(1); + } finally { + if (previous === undefined) { + delete process.env.OPENAI_API_KEY; + } else { + process.env.OPENAI_API_KEY = previous; + } + } + }); }); diff --git a/src/cli/daemon-cli/install.ts b/src/cli/daemon-cli/install.ts index bb7fe984d18..e494315fe7f 100644 --- a/src/cli/daemon-cli/install.ts +++ b/src/cli/daemon-cli/install.ts @@ -18,6 +18,19 @@ import { } from "./shared.js"; import type { DaemonInstallOptions } from "./types.js"; +function mergeInstallInvocationEnv(params: { + env: NodeJS.ProcessEnv; + existingServiceEnv?: Record; +}): NodeJS.ProcessEnv { + if (!params.existingServiceEnv || Object.keys(params.existingServiceEnv).length === 0) { + return params.env; + } + return { + ...params.existingServiceEnv, + ...params.env, + }; +} + export async function runDaemonInstall(opts: DaemonInstallOptions) { const { json, stdout, warnings, emit, fail } = createDaemonInstallActionContext(opts.json); if (failIfNixDaemonInstallMode(fail)) { @@ -43,6 +56,7 @@ export async function runDaemonInstall(opts: DaemonInstallOptions) { const service = resolveGatewayService(); let loaded = false; + let existingServiceEnv: Record | undefined; try { loaded = await service.isLoaded({ env: process.env }); } catch (err) { @@ -53,6 +67,13 @@ export async function runDaemonInstall(opts: DaemonInstallOptions) { return; } } + if (loaded) { + existingServiceEnv = (await service.readCommand(process.env).catch(() => null))?.environment; + } + const installEnv = mergeInstallInvocationEnv({ + env: process.env, + existingServiceEnv, + }); if (loaded) { if (!opts.force) { if (await gatewayServiceNeedsAutoNodeExtraCaCertsRefresh({ service, env: process.env })) { @@ -82,7 +103,7 @@ export async function runDaemonInstall(opts: DaemonInstallOptions) { const tokenResolution = await resolveGatewayInstallToken({ config: cfg, - env: process.env, + env: installEnv, explicitToken: opts.token, autoGenerateWhenMissing: true, persistGeneratedToken: true, @@ -100,7 +121,7 @@ export async function runDaemonInstall(opts: DaemonInstallOptions) { } const { programArguments, workingDirectory, environment } = await buildGatewayInstallPlan({ - env: process.env, + env: installEnv, port, runtime: runtimeRaw, warn: (message) => { @@ -121,7 +142,7 @@ export async function runDaemonInstall(opts: DaemonInstallOptions) { fail, install: async () => { await service.install({ - env: process.env, + env: installEnv, stdout, programArguments, workingDirectory, diff --git a/src/cli/update-cli.test.ts b/src/cli/update-cli.test.ts index c2e6983e1f8..888745121f7 100644 --- a/src/cli/update-cli.test.ts +++ b/src/cli/update-cli.test.ts @@ -1,4 +1,5 @@ import fs from "node:fs/promises"; +import os from "node:os"; import path from "node:path"; import { Command } from "commander"; import { beforeEach, describe, expect, it, vi } from "vitest"; @@ -145,6 +146,7 @@ const { runDaemonRestart, runDaemonInstall } = await import("./daemon-cli.js"); const { doctorCommand } = await import("../commands/doctor.js"); const { defaultRuntime } = await import("../runtime.js"); const { updateCommand, updateStatusCommand, updateWizardCommand } = await import("./update-cli.js"); +const { resolveGitInstallDir } = await import("./update-cli/shared.js"); describe("update-cli", () => { const fixtureRoot = "/tmp/openclaw-update-tests"; @@ -714,6 +716,92 @@ describe("update-cli", () => { } }); + it("persists the requested channel only after a successful package update", async () => { + const tempDir = createCaseDir("openclaw-update"); + mockPackageInstallStatus(tempDir); + + await updateCommand({ channel: "beta", yes: true }); + + const installCallIndex = vi + .mocked(runCommandWithTimeout) + .mock.calls.findIndex( + (call) => + Array.isArray(call[0]) && + call[0][0] === "npm" && + call[0][1] === "i" && + call[0][2] === "-g", + ); + expect(installCallIndex).toBeGreaterThanOrEqual(0); + expect(writeConfigFile).toHaveBeenCalledTimes(1); + expect(writeConfigFile).toHaveBeenCalledWith({ + update: { + channel: "beta", + }, + }); + expect( + vi.mocked(runCommandWithTimeout).mock.invocationCallOrder[installCallIndex] ?? 0, + ).toBeLessThan( + vi.mocked(writeConfigFile).mock.invocationCallOrder[0] ?? Number.MAX_SAFE_INTEGER, + ); + }); + + it("does not persist the requested channel when the package update fails", async () => { + const tempDir = createCaseDir("openclaw-update"); + mockPackageInstallStatus(tempDir); + vi.mocked(runCommandWithTimeout).mockImplementation(async (argv) => { + if (Array.isArray(argv) && argv[0] === "npm" && argv[1] === "i" && argv[2] === "-g") { + return { + stdout: "", + stderr: "install failed", + code: 1, + signal: null, + killed: false, + termination: "exit", + }; + } + return { + stdout: "", + stderr: "", + code: 0, + signal: null, + killed: false, + termination: "exit", + }; + }); + + await updateCommand({ channel: "beta", yes: true }); + + expect(writeConfigFile).not.toHaveBeenCalled(); + expect(defaultRuntime.exit).toHaveBeenCalledWith(1); + }); + + it("keeps the requested channel when plugin sync writes config after update", async () => { + const tempDir = createCaseDir("openclaw-update"); + mockPackageInstallStatus(tempDir); + syncPluginsForUpdateChannel.mockImplementation(async ({ config }) => ({ + changed: true, + config, + summary: { + switchedToBundled: [], + switchedToNpm: [], + warnings: [], + errors: [], + }, + })); + updateNpmInstalledPlugins.mockImplementation(async ({ config }) => ({ + changed: false, + config, + outcomes: [], + })); + + await updateCommand({ channel: "beta", yes: true }); + + const lastWrite = vi.mocked(writeConfigFile).mock.calls.at(-1)?.[0] as + | { update?: { channel?: string } } + | undefined; + expect(lastWrite?.update?.channel).toBe("beta"); + }); + it("updateCommand handles service env refresh and restart behavior", async () => { const cases = [ { @@ -1040,4 +1128,12 @@ describe("update-cli", () => { expect(call?.channel).toBe("dev"); }); }); + + it("uses ~/openclaw as the default dev checkout directory", async () => { + const homedirSpy = vi.spyOn(os, "homedir").mockReturnValue("/tmp/oc-home"); + await withEnvAsync({ OPENCLAW_GIT_DIR: undefined }, async () => { + expect(resolveGitInstallDir()).toBe("/tmp/oc-home/openclaw"); + }); + homedirSpy.mockRestore(); + }); }); diff --git a/src/cli/update-cli/shared.ts b/src/cli/update-cli/shared.ts index 1f934f3c9be..27f8fc459f2 100644 --- a/src/cli/update-cli/shared.ts +++ b/src/cli/update-cli/shared.ts @@ -2,7 +2,6 @@ import { spawnSync } from "node:child_process"; import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; -import { resolveStateDir } from "../../config/paths.js"; import { resolveOpenClawPackageRoot } from "../../infra/openclaw-root.js"; import { readPackageName, readPackageVersion } from "../../infra/package-json.js"; import { normalizePackageTagInput } from "../../infra/package-tag.js"; @@ -11,6 +10,7 @@ import { parseSemver } from "../../infra/runtime-guard.js"; import { fetchNpmTagVersion } from "../../infra/update-check.js"; import { canResolveRegistryVersionForPackageTarget, + createGlobalInstallEnv, detectGlobalInstallManagerByPresence, detectGlobalInstallManagerForRoot, type CommandRunner, @@ -121,7 +121,7 @@ export function resolveGitInstallDir(): string { } function resolveDefaultGitDir(): string { - return resolveStateDir(process.env, os.homedir); + return path.join(os.homedir(), "openclaw"); } export function resolveNodeRunner(): string { @@ -192,12 +192,15 @@ export async function ensureGitCheckout(params: { dir: string; timeoutMs: number; progress?: UpdateStepProgress; + env?: NodeJS.ProcessEnv; }): Promise { + const gitEnv = params.env ?? (await createGlobalInstallEnv()); const dirExists = await pathExists(params.dir); if (!dirExists) { return await runUpdateStep({ name: "git clone", argv: ["git", "clone", OPENCLAW_REPO_URL, params.dir], + env: gitEnv, timeoutMs: params.timeoutMs, progress: params.progress, }); @@ -215,6 +218,7 @@ export async function ensureGitCheckout(params: { name: "git clone", argv: ["git", "clone", OPENCLAW_REPO_URL, params.dir], cwd: params.dir, + env: gitEnv, timeoutMs: params.timeoutMs, progress: params.progress, }); diff --git a/src/cli/update-cli/update-command.ts b/src/cli/update-cli/update-command.ts index b98b9c8732d..d96cc7a4a84 100644 --- a/src/cli/update-cli/update-command.ts +++ b/src/cli/update-cli/update-command.ts @@ -385,10 +385,12 @@ async function runGitUpdate(params: { }): Promise { const updateRoot = params.switchToGit ? resolveGitInstallDir() : params.root; const effectiveTimeout = params.timeoutMs ?? 20 * 60_000; + const installEnv = await createGlobalInstallEnv(); const cloneStep = params.switchToGit ? await ensureGitCheckout({ dir: updateRoot, + env: installEnv, timeoutMs: effectiveTimeout, progress: params.progress, }) @@ -429,7 +431,7 @@ async function runGitUpdate(params: { name: "global install", argv: globalInstallArgs(manager, updateRoot), cwd: updateRoot, - env: await createGlobalInstallEnv(), + env: installEnv, timeoutMs: effectiveTimeout, progress: params.progress, }); @@ -859,20 +861,6 @@ export async function updateCommand(opts: UpdateCommandOptions): Promise { ); } - if (requestedChannel && configSnapshot.valid) { - const next = { - ...configSnapshot.config, - update: { - ...configSnapshot.config.update, - channel: requestedChannel, - }, - }; - await writeConfigFile(next); - if (!opts.json) { - defaultRuntime.log(theme.muted(`Update channel set to ${requestedChannel}.`)); - } - } - const showProgress = !opts.json && process.stdout.isTTY; if (!opts.json) { defaultRuntime.log(theme.heading("Updating OpenClaw...")); @@ -956,10 +944,31 @@ export async function updateCommand(opts: UpdateCommandOptions): Promise { return; } + let postUpdateConfigSnapshot = configSnapshot; + if (requestedChannel && configSnapshot.valid && requestedChannel !== storedChannel) { + const next = { + ...configSnapshot.config, + update: { + ...configSnapshot.config.update, + channel: requestedChannel, + }, + }; + await writeConfigFile(next); + postUpdateConfigSnapshot = { + ...configSnapshot, + parsed: next, + resolved: next, + config: next, + }; + if (!opts.json) { + defaultRuntime.log(theme.muted(`Update channel set to ${requestedChannel}.`)); + } + } + await updatePluginsAfterCoreUpdate({ root, channel, - configSnapshot, + configSnapshot: postUpdateConfigSnapshot, opts, }); diff --git a/src/infra/update-runner.ts b/src/infra/update-runner.ts index 65bd4bff815..373fe42e768 100644 --- a/src/infra/update-runner.ts +++ b/src/infra/update-runner.ts @@ -410,12 +410,32 @@ function normalizeTag(tag?: string) { return normalizePackageTagInput(tag, ["openclaw", DEFAULT_PACKAGE_NAME]) ?? "latest"; } +function mergeCommandEnvironments( + baseEnv: NodeJS.ProcessEnv | undefined, + overrideEnv: NodeJS.ProcessEnv | undefined, +): NodeJS.ProcessEnv | undefined { + if (!baseEnv) { + return overrideEnv; + } + if (!overrideEnv) { + return baseEnv; + } + return { + ...baseEnv, + ...overrideEnv, + }; +} + export async function runGatewayUpdate(opts: UpdateRunnerOptions = {}): Promise { const startedAt = Date.now(); + const defaultCommandEnv = await createGlobalInstallEnv(); const runCommand = opts.runCommand ?? (async (argv, options) => { - const res = await runCommandWithTimeout(argv, options); + const res = await runCommandWithTimeout(argv, { + ...options, + env: mergeCommandEnvironments(defaultCommandEnv, options.env), + }); return { stdout: res.stdout, stderr: res.stderr, code: res.code }; }); const timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;