bc0288bcfb
docs: clarify adaptive thinking and openai websocket docs
2026-03-02 05:46:57 +00:00
3002f13ca7
feat(config): add `openclaw config validate` and improve startup error messages ( #31220 )
...
Merged via squash.
Prepared head SHA: 4598f2a541
2026-03-02 00:45:51 -05:00
548a502c69
docs: sync android node docs with current pairing and capabilities
2026-03-02 11:08:51 +05:30
a9f1188785
sessions_spawn: inline attachments with redaction, lifecycle cleanup, and docs ( #16761 )
...
Add inline file attachment support for sessions_spawn (subagent runtime only):
- Schema: attachments[] (name, content, encoding, mimeType) and attachAs.mountPath hint
- Materialization: files written to .openclaw/attachments/<uuid>/ with manifest.json
- Validation: strict base64 decode, filename checks, size limits, duplicate detection
- Transcript redaction: sanitizeToolCallInputs redacts attachment content from persisted transcripts
- Lifecycle cleanup: safeRemoveAttachmentsDir with symlink-safe path containment check
- Config: tools.sessions_spawn.attachments (enabled, maxFiles, maxFileBytes, maxTotalBytes, retainOnSessionKeep)
- Registry: attachmentsDir/attachmentsRootDir/retainAttachmentsOnKeep on SubagentRunRecord
- ACP rejection: attachments rejected for runtime=acp with clear error message
- Docs: updated tools/index.md, concepts/session-tool.md, configuration-reference.md
- Tests: 85 new/updated tests across 5 test files
Fixes:
- Guard fs.rm in materialization catch block with try/catch (review concern #1 )
- Remove unreachable fallback in safeRemoveAttachmentsDir (review concern #7 )
- Move attachment cleanup out of retry path to avoid timing issues with announce loop
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
Co-authored-by: napetrov <napetrov@users.noreply.github.com>
2026-03-01 21:33:51 -08:00
842deefe5d
test: split fast lane from channel and gateway suites
2026-03-02 05:33:07 +00:00
4a1be98254
fix(diffs): harden viewer security and docs
2026-03-02 05:07:09 +00:00
6ba7238ac6
build: bump versions to 2026.3.2
2026-03-02 04:55:53 +00:00
d2472af724
Chore: add Dockerfile HEALTHCHECK and debug-log silent catch blocks ( #11478 )
...
* Docker: add /healthz-based container HEALTHCHECK
* Docs/Docker: document built-in image HEALTHCHECK
* Changelog: note Dockerfile healthcheck probe
* Docs/Docker: explain HEALTHCHECK behavior in plain language
* Docker: relax HEALTHCHECK interval to 3m
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-01 20:52:14 -08:00
449511484d
fix(gateway): allow ws:// to private network addresses ( #28670 )
...
* fix(gateway): allow ws:// to RFC 1918 private network addresses
resolve ws-private-network conflicts
* gateway: keep ws security strict-by-default with private opt-in
* gateway: apply private ws opt-in in connection detail guard
* gateway: apply private ws opt-in in websocket client
* onboarding: gate private ws urls behind explicit opt-in
* gateway tests: enforce strict ws defaults with private opt-in
* onboarding tests: validate private ws opt-in behavior
* gateway client tests: cover private ws env override
* gateway call tests: cover private ws env override
* changelog: add ws strict-default security entry for pr 28670
* docs(onboard): document private ws break-glass env
* docs(gateway): add private ws env to remote guide
* docs(docker): add private ws break-glass env var
* docs(security): add private ws break-glass guidance
* docs(config): document OPENCLAW_ALLOW_PRIVATE_WS
* Update CHANGELOG.md
* gateway: normalize private-ws host classification
* test(gateway): cover non-unicast ipv6 private-ws edges
* changelog: rename insecure private ws break-glass env
* docs(onboard): rename insecure private ws env
* docs(gateway): rename insecure private ws env in config reference
* docs(gateway): rename insecure private ws env in remote guide
* docs(security): rename insecure private ws env
* docs(docker): rename insecure private ws env
* test(onboard): rename insecure private ws env
* onboard: rename insecure private ws env
* test(gateway): rename insecure private ws env in call tests
* gateway: rename insecure private ws env in call flow
* test(gateway): rename insecure private ws env in client tests
* gateway: rename insecure private ws env in client
* docker: pass insecure private ws env to services
* docker-setup: persist insecure private ws env
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-01 20:49:45 -08:00
eeb72097ba
Gateway: add healthz/readyz probe endpoints for container checks ( #31272 )
...
* Gateway: add HTTP liveness/readiness probe routes
* Gateway tests: cover probe route auth bypass and methods
* Docker Compose: add gateway /healthz healthcheck
* Docs: document Docker probe endpoints
* Dockerfile: note built-in probe endpoints
* Gateway: make probe routes fallback-only to avoid shadowing
* Gateway tests: verify probe paths do not shadow plugin routes
* Changelog: note gateway container probe endpoints
2026-03-01 20:36:58 -08:00
96ffbb5aaf
CLI: add config path subcommand to print active config file path ( #26256 )
...
Merged via squash.
Prepared head SHA: b11c593a34
2026-03-01 23:33:20 -05:00
b7615e0ce3
Exec/ACP: inject OPENCLAW_SHELL into child shell env ( #31271 )
...
* exec: mark runtime shell context in exec env
* tests(exec): cover OPENCLAW_SHELL in gateway exec
* tests(exec): cover OPENCLAW_SHELL in pty mode
* acpx: mark runtime shell context for spawned process
* tests(acpx): log OPENCLAW_SHELL in runtime fixture
* tests(acpx): assert OPENCLAW_SHELL in runtime prompt
* docs(env): document OPENCLAW_SHELL runtime markers
* docs(exec): describe OPENCLAW_SHELL exec marker
* docs(acp): document OPENCLAW_SHELL acp marker
* docs(gateway): note OPENCLAW_SHELL for background exec
* tui: tag local shell runs with OPENCLAW_SHELL
* tests(tui): assert OPENCLAW_SHELL in local shell runner
* acp client: tag spawned bridge env with OPENCLAW_SHELL
* tests(acp): cover acp client OPENCLAW_SHELL env helper
* docs(env): include acp-client and tui-local shell markers
* docs(acp): document acp-client OPENCLAW_SHELL marker
* docs(tui): document tui-local OPENCLAW_SHELL marker
* exec: keep shell runtime env string-only for docker args
* changelog: note OPENCLAW_SHELL runtime markers
2026-03-01 20:31:06 -08:00
41537e9303
fix(channels): add optional defaultAccount routing
2026-03-02 04:03:46 +00:00
61ef76edb5
docs(gateway): document Docker bridge networking and loopback bind caveat ( #28001 )
...
* docs(gateway): document Docker bridge networking and loopback bind caveat
The default loopback bind makes the gateway unreachable with Docker
bridge networking because port-forwarded traffic arrives on eth0, not
lo. Add a note in both the Dockerfile and the configuration reference
explaining the workarounds (--network host or bind: lan).
Fixes #27950
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs(docker): note legacy gateway.bind alias migration
* docs(gateway): clarify legacy bind alias auto-migration
* docs(docker): require bind mode values in gateway.bind
* docs(gateway): avoid bind alias auto-migration claim
* changelog: add #28001 docker bind docs credit
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-01 19:45:27 -08:00
6532757cdf
Diffs: add viewer payload validation and presentation defaults
2026-03-01 22:38:14 -05:00
030565b18c
Docker: add OCI base-image labels and document base-image metadata ( #31196 )
...
* Docker: add OCI base image labels
* Docs(Docker): document base image metadata context
* Changelog: note Docker base annotation docs update
* Changelog: add author credit for Docker base annotations
* Update docker.md
* Docker: add OCI source and docs labels
* CI(Docker): publish OCI revision/version labels
* Docs(Docker): list OCI image annotations
* Changelog: expand OCI annotation coverage note
* Docker: set OCI license annotation to MIT
* Docs(Docker): align OCI license annotation to MIT
* Docker: note docs sync path for OCI annotations
* Docker: normalize OCI label block indentation
2026-03-01 19:22:44 -08:00
6ea3a47dae
fix(feishu): harden routing, parsing, and media delivery
2026-03-02 03:22:07 +00:00
b0c7f1ebe2
fix: harden sessions_spawn delivery params and telegram account routing ( #31000 , #31110 )
2026-03-02 02:35:48 +00:00
601d1ccd24
Docs(Docker): clarify official GHCR image usage and setup flow ( #31180 )
...
* Add pre built images to docker docs
* Docs(Docker): clarify official GHCR image guidance
* Changelog: document Docker docs image clarification
* Update CHANGELOG.md
---------
Co-authored-by: Ken <ken@ipl31.net>
2026-03-01 18:31:20 -08:00
cc0806dfab
docs(discord): standardize eventQueue timeout guidance
2026-03-02 02:22:59 +00:00
f8459ef46c
docs(security): document sessions_spawn sandbox=require hardening
2026-03-02 01:29:19 +00:00
feefedfb83
fix: allow docker cli container to connect to gateway ( #12504 )
...
* Docker: route CLI through gateway network namespace
* Tests: assert Docker Compose CLI namespace wiring
* Changelog: add Docker Compose CLI connectivity fix
* Docker: pin docker setup gateway mode and bind
* Tests: cover docker setup mode and bind sync
* Docs: clarify Docker LAN vs loopback gateway targeting
* Changelog: expand Docker #12504 targeting note
* Docker: default optional CLAUDE compose vars to empty
* Docs(Docker): document non-interactive compose runs
* Changelog: note docker compose env-noise reduction
* Docker: restore onboarding Tailscale guidance
* Docker: simplify onboarding output and clarify Tailscale
* Docker: harden shared-namespace CLI container
* Docs(Docker): document shared-namespace trust boundary
* Changelog: note docker shared-namespace hardening
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-01 17:28:35 -08:00
bfeadb80b6
feat(agents): add sessions_spawn sandbox require mode
2026-03-02 01:27:34 +00:00
155118751f
refactor!: remove versioned system-run approval contract
2026-03-02 01:12:53 +00:00
b9aa2d436b
fix(security): enforce sandbox inheritance for sessions_spawn
2026-03-02 01:11:13 +00:00
085c23ce5a
fix(security): block private-network web_search citation redirects
2026-03-02 01:05:20 +00:00
f696b64b51
Doctor: warn when Linux state dir is on SD/eMMC mounts ( #31033 )
...
* Doctor state: warn on Linux SD or eMMC state mounts
* Doctor tests: cover Linux SD or eMMC state mount detection
* Docs doctor: document Linux SD or eMMC state warning
* Changelog: add Linux SD or eMMC doctor warning
* Update CHANGELOG.md
* Doctor: escape mountinfo control chars in SD warning
* Doctor tests: cover escaped mountinfo control chars
2026-03-01 16:36:01 -08:00
58659b931b
fix(gateway): enforce owner boundary for agent runs
2026-03-02 00:27:44 +00:00
0eac494db7
fix(gateway): harden node metadata policy classification
2026-03-02 00:15:34 +00:00
ccb415b69a
fix: align ACP permission docs defaults ( #31044 ) (thanks @barronlroth)
2026-03-01 23:30:39 +00:00
bed1cb9600
docs(acp): add permission configuration section and troubleshooting entries
...
Document permissionMode and nonInteractivePermissions plugin config
keys for the acpx backend. Add troubleshooting entries for:
- Permission prompt errors in non-interactive ACP sessions
- Silent session failures from swallowed permission errors
- Stalled ACP sessions that never report completion
Relates to #29195
AI-assisted (lightly tested)
2026-03-01 23:30:39 +00:00
4c43fccb3e
feat(agents): use structured internal completion events
2026-03-01 23:11:48 +00:00
eb20793550
Docs: add all unlisted docs routes to navigation ( #31027 )
...
* Docs: add missing platform pages to nav
* Docs: include all unlisted docs routes in nav
* Docs nav: classify routes by area and remove catch-all groups
* Docs nav: remove ja-JP AGENTS page entry
* Docs ja-JP: remove AGENTS translation workspace page
* Docs nav: remove refactor plans group
* Docs nav: remove .dev template pages
* Docs nav: remove operations hubs group
2026-03-01 15:09:35 -08:00
d1615eb35f
feat(openai): add websocket warm-up with configurable toggle
2026-03-01 22:45:03 +00:00
002539c01e
fix(security): harden sandbox novnc observer flow
2026-03-01 22:44:28 +00:00
eee870576d
doctor: warn on macOS cloud-synced state directories ( #31004 )
...
* Doctor: detect macOS cloud-synced state directories
* Doctor tests: cover cloud-synced macOS state detection
* Docs: note cloud-synced state warning in doctor guide
* Docs: recommend local macOS state dir placement
* Changelog: add macOS cloud-synced state dir warning
* Changelog: credit macOS cloud state warning PR
* Doctor state: anchor cloud-sync roots to macOS home
* Doctor tests: cover OPENCLAW_HOME cloud-sync override
* Doctor state: prefer resolved target for cloud detection
* Doctor tests: cover local-target cloud symlink case
2026-03-01 14:35:46 -08:00
063c4f00ea
docs: clarify Anthropic context1m long-context requirements
2026-03-01 22:35:26 +00:00
7ced38b5ef
feat(agents): make openai responses websocket-first with fallback
2026-03-01 22:32:37 +00:00
38da2d076c
CLI: add root --help fast path and lazy channel option resolution ( #30975 )
...
* CLI argv: add strict root help invocation guard
* Entry: add root help fast-path bootstrap bypass
* CLI context: lazily resolve channel options
* CLI context tests: cover lazy channel option resolution
* CLI argv tests: cover root help invocation detection
* Changelog: note additional startup path optimizations
* Changelog: split startup follow-up into #30975 entry
* CLI channel options: load precomputed startup metadata
* CLI channel options tests: cover precomputed metadata path
* Build: generate CLI startup metadata during build
* Build script: invoke CLI startup metadata generator
* CLI routes: preload plugins for routed health
* CLI routes tests: assert health plugin preload
* CLI: add experimental bundled entry and snapshot helper
* Tools: compare CLI startup entries in benchmark script
* Docs: add startup tuning notes for Pi and VM hosts
* CLI: drop bundled entry runtime toggle
* Build: remove bundled and snapshot scripts
* Tools: remove bundled-entry benchmark shortcut
* Docs: remove bundled startup bench examples
* Docs: remove Pi bundled entry mention
* Docs: remove VM bundled entry mention
* Changelog: remove bundled startup follow-up claims
* Build: remove snapshot helper script
* Build: remove CLI bundle tsdown config
* Doctor: add low-power startup optimization hints
* Doctor: run startup optimization hint checks
* Doctor tests: cover startup optimization host targeting
* Doctor tests: mock startup optimization note export
* CLI argv: require strict root-only help fast path
* CLI argv tests: cover mixed root-help invocations
* CLI channel options: merge metadata with runtime catalog
* CLI channel options tests: assert dynamic catalog merge
* Changelog: align #30975 startup follow-up scope
* Docs tests: remove secondary-entry startup bench note
* Docs Pi: add systemd recovery reference link
* Docs VPS: add systemd recovery reference link
2026-03-01 14:23:46 -08:00
e7cafed424
chore(release): bump version to 2026.3.1
2026-03-01 21:14:17 +00:00
c161e141f3
Docs tests: add CLI startup benchmark usage
2026-03-01 12:56:56 -08:00
08ea7f0cf6
Docs VPS: add startup tuning for small hosts
2026-03-01 12:56:56 -08:00
86e4f3e7e2
Docs Pi: add startup tuning for compile cache
2026-03-01 12:56:56 -08:00
921ebfb25e
ACPX plugin: allow configurable command and expected version
2026-03-01 20:39:24 +01:00
b9e07ad7b4
docs(slack): add missing DM scopes to manifest (openclaw#29999) thanks @JcMinarro
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: JcMinarro <4047514+JcMinarro@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 11:25:52 -06:00
ea3955cd78
fix(cron): add retry policy for one-shot jobs on transient errors ( #24355 ) (openclaw#24435) thanks @hugenshen
...
Verified:
- pnpm install --frozen-lockfile
- pnpm check
- pnpm test -- --run src/cron/service.issue-regressions.test.ts src/config/config-misc.test.ts
Co-authored-by: hugenshen <16300669+hugenshen@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 06:58:03 -06:00
39e09273ca
docs(diffs): update docs for diffs plugin
2026-02-28 20:40:30 -05:00
27882dc73e
feat(feishu): add quota optimization flags (openclaw#10513) thanks @BigUncle
...
Verified:
- pnpm build
- pnpm check
- pnpm vitest run --config vitest.extensions.config.ts extensions/feishu/src/config-schema.test.ts extensions/feishu/src/reply-dispatcher.test.ts extensions/feishu/src/bot.test.ts
Co-authored-by: BigUncle <9360607+BigUncle@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-27 23:05:54 -06:00
af9edc98e4
fix(release): unify sparkle build policy and defaults
2026-02-28 10:04:25 +05:30
08fd579412
macos: make derived Sparkle build unique for same-day releases
2026-02-28 10:04:25 +05:30
266f10d47d
docs: clarify Sparkle build version policy
2026-02-28 10:04:25 +05:30
6e645300a8
docs(feishu): clarify oc_ group allowlist vs ou_ command allowFrom for /reset ( #26835 )
...
* docs(feishu): clarify oc_* group allowlist vs ou_* command allowFrom
* docs(feishu): avoid direct edits to generated zh-CN docs
---------
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-27 22:30:05 -06:00
4f8a54eeaa
docs: add cardkit permissions to Feishu channel setup ( #9410 )
...
- Add cardkit:card:read and cardkit:card:write to tenant scopes
- Format user scopes array for better readability
- Update both English and Chinese documentation
Co-authored-by: hezhizhou.606 <hezhizhou.606@bytedance.com>
2026-02-27 22:29:54 -06:00
f16ecd1dac
fix(ollama): unify context window handling across discovery, merge, and OpenAI-compat transport ( #29205 )
...
* fix(ollama): inject num_ctx for OpenAI-compatible transport
* fix(ollama): discover per-model context and preserve higher limits
* fix(agents): prefer matching provider model for fallback limits
* fix(types): require numeric token limits in provider model merge
* fix(types): accept unknown payload in ollama num_ctx wrapper
* fix(types): simplify ollama settled-result extraction
* config(models): add provider flag for Ollama OpenAI num_ctx injection
* config(schema): allow provider num_ctx injection flag
* config(labels): label provider num_ctx injection flag
* config(help): document provider num_ctx injection flag
* agents(ollama): gate OpenAI num_ctx injection with provider config
* tests(ollama): cover provider num_ctx injection flag behavior
* docs(config): list provider num_ctx injection option
* docs(ollama): document OpenAI num_ctx injection toggle
* docs(config): clarify merge token-limit precedence
* config(help): note merge uses higher model token limits
* fix(ollama): cap /api/show discovery concurrency
* fix(ollama): restrict num_ctx injection to OpenAI compat
* tests(ollama): cover ipv6 and compat num_ctx gating
* fix(ollama): detect remote compat endpoints for ollama-labeled providers
* fix(ollama): cap per-model /api/show lookups to bound discovery load
2026-02-27 17:20:47 -08:00
d17c083803
docs(ollama): clarify /v1 tool-calling guidance ( #29204 )
2026-02-27 15:21:13 -08:00
de77497ea8
chore: add convex to sponsors table
2026-02-27 23:27:27 +01:00
8bc80fad47
fix(slack): land #29032 /agentstatus alias from @maloqab
...
Land contributor PR #29032 by @maloqab with Slack native alias docs, integration tests, and changelog entry.
Co-authored-by: maloqab <mitebaloqab@gmail.com>
2026-02-27 19:09:38 +00:00
dede4089a6
docs(openai): add clear server compaction toggle examples
2026-02-27 16:21:08 +00:00
8da3a9a92d
fix(agents): auto-enable OpenAI Responses server-side compaction ( #16930 , #22441 , #25088 )
...
Landed from contributor PRs #16930 , #22441 , and #25088 .
Co-authored-by: liweiguang <codingpunk@gmail.com>
Co-authored-by: EdwardWu7 <wuzhiyuan7@gmail.com>
Co-authored-by: MoerAI <friendnt@g.skku.edu>
2026-02-27 16:15:50 +00:00
fe807e4bed
chore(release): bump 2026.2.27 and split changelog
2026-02-27 16:09:28 +01:00
0fe6cf06b2
Compaction: preserve opaque identifiers in summaries (openclaw#25553) thanks @rodrigouroz
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-27 08:14:05 -06:00
a7929abad8
Discord: thread bindings idle + max-age lifecycle ( #27845 ) (thanks @osolmaz)
...
* refactor discord thread bindings to idle and max-age lifecycle
* fix: migrate legacy thread binding expiry and reduce hot-path disk writes
* refactor: remove remaining thread-binding ttl legacy paths
* fix: harden thread-binding lifecycle persistence
* Discord: fix thread binding types in message/reply paths
* Infra: handle win32 unknown inode in file identity checks
* Infra: relax win32 guarded-open identity checks
* Config: migrate threadBindings ttlHours to idleHours
* Revert "Infra: relax win32 guarded-open identity checks"
This reverts commit de9412677196fc5ddfb3#27845 ) (thanks @osolmaz)
---------
Co-authored-by: Onur Solmaz <onur@textcortex.com>
2026-02-27 10:02:39 +01:00
6ed00abc1e
docs: document android capability sweep in testing guide
2026-02-27 12:16:36 +05:30
cb9374a2a1
Gateway: improve device-auth v2 migration diagnostics ( #28305 )
...
* Gateway: add device-auth detail code resolver
* Gateway: emit specific device-auth detail codes
* Gateway tests: cover nonce and signature detail codes
* Docs: add gateway device-auth migration diagnostics
* Docs: add device-auth v2 troubleshooting signatures
2026-02-26 21:05:43 -08:00
29f5da5b2a
feat(nodes): expose device diagnostics and notification actions
2026-02-27 10:15:21 +05:30
c1e0f8cfb1
docs(nodes): document android camera list and device actions
2026-02-27 10:15:21 +05:30
88a0d87490
Docs: align gateway config key paths with metadata ( #28196 )
...
* Docs: align gateway config key paths in reference
* Docs: expand config reference coverage for channels plugins and providers
2026-02-26 22:35:43 -05:00
418111adb9
docs(telegram): align channel docs with runtime behavior
2026-02-27 08:00:29 +05:30
7149ba5574
docs: remove legacy grammy page
2026-02-27 08:00:29 +05:30
035a2dbb40
docs: consolidate grammy links to telegram
2026-02-27 08:00:29 +05:30
1f68010bd6
docs(telegram): clarify group auth boundary
2026-02-27 08:00:29 +05:30
d320b30b9b
Docs: expand ACP first-use naming and link protocol site
2026-02-27 00:33:58 +01:00
297cca0565
docs(cli): improve secrets command guide
2026-02-27 00:20:02 +01:00
1d43202930
fix: repair Telegram allowlist DM migrations ( #27936 ) (thanks @widingmarcus-cyber)
2026-02-26 22:53:13 +00:00
5a453eacbd
chore(onboarding): add explicit account-risk warning for Gemini CLI OAuth and docs ( #16683 )
...
* docs: add account-risk caution to Google OAuth provider docs
* docs(plugin): add Gemini CLI account safety caution
* CLI: add risk hint for Gemini CLI auth choice
* Onboarding: require confirmation for Gemini CLI OAuth
* Tests: cover Gemini CLI OAuth risk confirmation flow
2026-02-26 15:25:42 -05:00
9f154efa8d
docs(acp): expand /acp operator playbook
2026-02-26 16:49:20 +00:00
0ec7711bc2
fix(agents): harden compaction and reset safety
...
Co-authored-by: jaden-clovervnd <91520439+jaden-clovervnd@users.noreply.github.com>
Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: Marcus Widing <245375637+widingmarcus-cyber@users.noreply.github.com>
2026-02-26 17:41:24 +01:00
c81e9866ff
fix(pi): stop history image reinjection token blowup
2026-02-26 16:38:20 +01:00
03d7641b0e
feat(agents): default codex transport to websocket-first
2026-02-26 16:22:53 +01:00
cc1eaf130b
docs(gateway): clarify remote token local fallback semantics
2026-02-26 15:59:44 +01:00
4380d74d49
docs(secrets): add dedicated apply plan contract page
2026-02-26 14:47:22 +00:00
14897e8de7
docs(secrets): clarify partial migration guidance
2026-02-26 14:47:22 +00:00
ea1ccf4896
docs(secrets): add direct 1password exec example
2026-02-26 14:47:22 +00:00
f46b9c996f
feat(secrets): allow opt-in symlink exec command paths
2026-02-26 14:47:22 +00:00
06290b49b2
feat(secrets): finalize mode rename and validated exec docs
2026-02-26 14:47:22 +00:00
f413e314b9
feat(secrets): replace migrate flow with audit/configure/apply
2026-02-26 14:47:22 +00:00
bde9cbb058
docs(secrets): align provider model and add exec resolver coverage
2026-02-26 14:47:22 +00:00
5e3a86fd2f
feat(secrets): expand onboarding secret-ref flows and custom-provider parity
2026-02-26 14:47:22 +00:00
e8637c79b3
fix(secrets): harden sops migration sops rule matching
2026-02-26 14:47:22 +00:00
0e69660c41
feat(secrets): finalize external secrets runtime and migration hardening
2026-02-26 14:47:22 +00:00
c5b89fbaea
Docs: address review feedback on secrets docs
2026-02-26 14:47:22 +00:00
9203d583f9
Docs: add secrets and CLI secrets reference pages
2026-02-26 14:47:22 +00:00
c0a3801086
Docs: document secrets refs runtime and migration
2026-02-26 14:47:22 +00:00
7d8aeaaf06
fix(gateway): pin paired reconnect metadata for node policy
2026-02-26 14:11:04 +01:00
5df9aacf68
fix(podman): default run-openclaw-podman bind to loopback (land #27491 , thanks @robbyczgw-cla)
...
Co-authored-by: robbyczgw-cla <robbyczgw@gmail.com>
2026-02-26 12:13:20 +00:00
8bdda7a651
fix(security): keep DM pairing allowlists out of group auth
2026-02-26 12:58:18 +01:00
caace61ba1
chore: bump versions to 2026.2.26
2026-02-26 12:11:02 +01:00
1ffc319831
Doctor: keep allowFrom account-scoped in multi-account configs
2026-02-26 05:34:58 -05:00
a7d56e3554
feat: ACP thread-bound agents ( #23580 )
...
* docs: add ACP thread-bound agents plan doc
* docs: expand ACP implementation specification
* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup
* feat(acp): add /acp commands and Discord spawn gate
* ACP: add acpx runtime plugin backend
* fix(subagents): defer transient lifecycle errors before announce
* Agents: harden ACP sessions_spawn and tighten spawn guidance
* Agents: require explicit ACP target for runtime spawns
* docs: expand ACP control-plane implementation plan
* ACP: harden metadata seeding and spawn guidance
* ACP: centralize runtime control-plane manager and fail-closed dispatch
* ACP: harden runtime manager and unify spawn helpers
* Commands: route ACP sessions through ACP runtime in agent command
* ACP: require persisted metadata for runtime spawns
* Sessions: preserve ACP metadata when updating entries
* Plugins: harden ACP backend registry across loaders
* ACPX: make availability probe compatible with adapters
* E2E: add manual Discord ACP plain-language smoke script
* ACPX: preserve streamed spacing across Discord delivery
* Docs: add ACP Discord streaming strategy
* ACP: harden Discord stream buffering for thread replies
* ACP: reuse shared block reply pipeline for projector
* ACP: unify streaming config and adopt coalesceIdleMs
* Docs: add temporary ACP production hardening plan
* Docs: trim temporary ACP hardening plan goals
* Docs: gate ACP thread controls by backend capabilities
* ACP: add capability-gated runtime controls and /acp operator commands
* Docs: remove temporary ACP hardening plan
* ACP: fix spawn target validation and close cache cleanup
* ACP: harden runtime dispatch and recovery paths
* ACP: split ACP command/runtime internals and centralize policy
* ACP: harden runtime lifecycle, validation, and observability
* ACP: surface runtime and backend session IDs in thread bindings
* docs: add temp plan for binding-service migration
* ACP: migrate thread binding flows to SessionBindingService
* ACP: address review feedback and preserve prompt wording
* ACPX plugin: pin runtime dependency and prefer bundled CLI
* Discord: complete binding-service migration cleanup and restore ACP plan
* Docs: add standalone ACP agents guide
* ACP: route harness intents to thread-bound ACP sessions
* ACP: fix spawn thread routing and queue-owner stall
* ACP: harden startup reconciliation and command bypass handling
* ACP: fix dispatch bypass type narrowing
* ACP: align runtime metadata to agentSessionId
* ACP: normalize session identifier handling and labels
* ACP: mark thread banner session ids provisional until first reply
* ACP: stabilize session identity mapping and startup reconciliation
* ACP: add resolved session-id notices and cwd in thread intros
* Discord: prefix thread meta notices consistently
* Discord: unify ACP/thread meta notices with gear prefix
* Discord: split thread persona naming from meta formatting
* Extensions: bump acpx plugin dependency to 0.1.9
* Agents: gate ACP prompt guidance behind acp.enabled
* Docs: remove temp experiment plan docs
* Docs: scope streaming plan to holy grail refactor
* Docs: refactor ACP agents guide for human-first flow
* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow
* Docs/Skill: add OpenCode and Pi to ACP harness lists
* Docs/Skill: align ACP harness list with current acpx registry
* Dev/Test: move ACP plain-language smoke script and mark as keep
* Docs/Skill: reorder ACP harness lists with Pi first
* ACP: split control-plane manager into core/types/utils modules
* Docs: refresh ACP thread-bound agents plan
* ACP: extract dispatch lane and split manager domains
* ACP: centralize binding context and remove reverse deps
* Infra: unify system message formatting
* ACP: centralize error boundaries and session id rendering
* ACP: enforce init concurrency cap and strict meta clear
* Tests: fix ACP dispatch binding mock typing
* Tests: fix Discord thread-binding mock drift and ACP request id
* ACP: gate slash bypass and persist cleared overrides
* ACPX: await pre-abort cancel before runTurn return
* Extension: pin acpx runtime dependency to 0.1.11
* Docs: add pinned acpx install strategy for ACP extension
* Extensions/acpx: enforce strict local pinned startup
* Extensions/acpx: tighten acp-router install guidance
* ACPX: retry runtime test temp-dir cleanup
* Extensions/acpx: require proactive ACPX repair for thread spawns
* Extensions/acpx: require restart offer after acpx reinstall
* extensions/acpx: remove workspace protocol devDependency
* extensions/acpx: bump pinned acpx to 0.1.13
* extensions/acpx: sync lockfile after dependency bump
* ACPX: make runtime spawn Windows-safe
* fix: align doctor-config-flow repair tests with default-account migration (#23580 ) (thanks @osolmaz)
2026-02-26 11:00:09 +01:00
dfa0b5b4fc
Channels: move single-account config into accounts.default ( #27334 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 50b5771808
2026-02-26 04:06:03 -05:00
c289b5ff9f
fix(config): preserve agent-level apiKey/baseUrl during models.json merge ( #27293 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 6b4b37b03d
2026-02-26 03:46:36 -05:00
92c309f2e1
docs: fix wrong Providers link in configuration examples
2026-02-26 02:41:07 -06:00
96c7702526
Agents: add account-scoped bind and routing commands ( #27195 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: ad35a458a5
2026-02-26 02:36:56 -05:00
f08fe02a1b
Onboarding: support plugin-owned interactive channel flows ( #27191 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 53872cf8e7
2026-02-26 01:14:57 -05:00
91a3f0a3fe
pairing: enforce strict account-scoped state
2026-02-26 00:31:24 -05:00
35976da7a0
fix: harden Docker/GCP onboarding flow ( #26253 ) (thanks @pandego)
2026-02-26 04:46:18 +00:00
e8197404d0
Docker/docs: reduce docker build OOM risk on small GCP hosts
2026-02-26 04:46:18 +00:00
cb3e5c35b0
docs: fix onboarding markdown list spacing
2026-02-26 05:23:30 +01:00
4ada143794
docs(heartbeat): add directPolicy to config examples
2026-02-26 03:59:38 +01:00
8a006a3260
feat(heartbeat): add directPolicy and restore default direct delivery
2026-02-26 03:57:03 +01:00
b8bb8ab3ca
docs: clarify personal-by-default onboarding security notice
2026-02-26 02:59:34 +01:00
c736f11a16
fix(gateway): harden browser websocket auth chain
2026-02-26 01:22:49 +01:00
e56b0cf1a0
fix: enforce telegram reaction authorization
2026-02-26 01:03:03 +01:00
42f455739f
fix(security): clarify denyCommands exact-match guidance
2026-02-26 00:55:35 +01:00
eb73e87f18
fix(session): prevent silent overflow on parent thread forks ( #26912 )
...
Lands #26912 from @markshields-tl with configurable session.parentForkMaxTokens and docs/tests/changelog updates.
Co-authored-by: Mark Shields <239231357+markshields-tl@users.noreply.github.com>
2026-02-25 23:54:02 +00:00
8f3310000a
refactor(macos): remove anthropic oauth onboarding flow
2026-02-26 00:17:03 +01:00
8f5f599a34
docs(security): note narrow filesystem roots for tool access
2026-02-25 05:10:10 +00:00
52d933b3a9
refactor: replace bot.molt identifiers with ai.openclaw
2026-02-25 05:03:24 +00:00
480cc4b85c
chore: roll to 2026.2.25 unreleased
2026-02-25 03:35:33 +00:00
069c495df6
docs: clarify pairing commands in faq and troubleshooting
2026-02-25 02:50:17 +00:00
c2a837565c
docs: fix configure section example
2026-02-25 02:44:49 +00:00
bfafec2271
docs: expand doctor and devices CLI references
2026-02-25 02:41:13 +00:00
a12cbf8994
docs: refresh CLI and trusted-proxy docs
2026-02-25 02:40:12 +00:00
24d7612ddf
refactor(heartbeat): harden dm delivery classification
2026-02-25 02:13:07 +00:00
a805d6b439
fix(heartbeat): block dm targets and internalize blocked prompts
2026-02-25 02:05:45 +00:00
eb4a93a8db
refactor(sandbox): share container-path utils and tighten fs bridge tests
2026-02-25 01:59:53 +00:00
e2362d352d
fix(heartbeat): default target none and internalize relay prompts
2026-02-25 01:28:47 +00:00
ee6fec36eb
docs(discord): document DAVE defaults and decrypt recovery
2026-02-25 00:28:06 +00:00
9cd50c51b0
fix(discord): harden voice DAVE receive reliability ( #25861 )
...
Reimplements and consolidates related work:
- #24339 stale disconnect/destroyed session guards
- #25312 voice listener cleanup on stop
- #23036 restore @snazzah/davey runtime dependency
Adds Discord voice DAVE config passthrough, repeated decrypt failure
rejoin recovery, regression tests, docs, and changelog updates.
Co-authored-by: Frank Yang <frank.ekn@gmail.com>
Co-authored-by: Do Cao Hieu <admin@docaohieu.com>
2026-02-25 00:19:50 +00:00
b4010a0b62
fix(zalo): enforce group sender policy in groups
2026-02-24 23:30:43 +00:00
9fccf60733
refactor(synology-chat): centralize DM auth and fail fast startup
2026-02-24 23:28:40 +00:00
14b6eea6e3
feat(sandbox): block container namespace joins by default
2026-02-24 23:20:34 +00:00
0ee30361b8
fix(synology-chat): fail closed empty allowlist
2026-02-24 23:18:17 +00:00
b67e600bff
fix(security): restrict default safe-bin trusted dirs
2026-02-24 23:13:37 +00:00
e806b34779
chore: remove changelog add helper script
2026-02-24 15:33:09 +00:00
d18ae2256f
refactor: unify channel plugin resolution, family ordering, and changelog entry tooling
2026-02-24 15:15:22 +00:00
370d115549
fix: enforce workspaceOnly for native prompt image autoload
2026-02-24 14:47:59 +00:00
31b1b20b3c
docs: add WeChat community plugin listing
...
Add @icesword760/openclaw-wechat to the community plugins page.
This plugin connects OpenClaw to WeChat personal accounts via
WeChatPadPro (iPad protocol) with support for text, image, and
file exchange.
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-24 08:41:28 -06:00
8cc841766c
docs(security): enumerate dangerous config parameters
2026-02-24 14:25:43 +00:00
4d124e4a9b
feat(security): warn on likely multi-user trust-model mismatch
2026-02-24 14:03:19 +00:00
2bad30b4d3
chore(release): bump version to 2026.2.24
2026-02-24 13:42:43 +00:00
8ea936cdda
docs: clarify prompt caching intro
2026-02-24 05:22:00 +00:00
8c5cf2d5b2
docs(subagents): document default runTimeoutSeconds config ( #24594 ) (thanks @mitchmcalister)
2026-02-24 04:22:43 +00:00
1fdaaaedd3
Docs: clarify Chrome extension relay port derivation (gateway + 3)
2026-02-24 04:16:08 +00:00
aea28e26fb
fix(auto-reply): expand standalone stop phrases
2026-02-24 04:02:43 +00:00
a67689a7e3
fix: harden allow-always shell multiplexer wrapper handling
2026-02-24 03:06:51 +00:00
1d28da55a5
fix(voice-call): block Twilio webhook replay and stale transitions
2026-02-24 02:37:24 +00:00
5239b55c0a
Config: expand Kilo catalog and persist selected Kilo models ( #24921 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f5a7e1a385
2026-02-23 21:17:37 -05:00
6c441ea797
fix: support legacy and beta prerelease version formats
2026-02-24 02:05:37 +00:00
223d7dc23d
feat(gateway)!: require explicit non-loopback control-ui origins
2026-02-24 01:57:11 +00:00
5eb72ab769
fix(security): harden browser SSRF defaults and migrate legacy key
2026-02-24 01:52:01 +00:00
f0f886ecc4
docs(security): clarify gateway-node trust boundary in docs
2026-02-24 01:35:44 +00:00
12cc754332
fix(acp): harden permission auto-approval policy
2026-02-24 01:03:30 +00:00
ddf93d9845
docs(security): add vps trust-boundary guidance
2026-02-24 01:02:11 +00:00
cfa44ea6b4
fix(security): make allowFrom id-only by default with dangerous name opt-in ( #24907 )
...
* fix(channels): default allowFrom to id-only; add dangerous name opt-in
* docs(security): align channel allowFrom docs with id-only default
2026-02-24 01:01:51 +00:00
41b0568b35
docs(security): clarify shared-agent trust boundaries
2026-02-24 01:00:05 +00:00
400220275c
docs: clarify multi-instance recommendations for user isolation
2026-02-24 00:40:08 +00:00
7d55277d72
docs: clarify operator trust boundary for shared gateways
2026-02-24 00:25:01 +00:00
3b8e33037a
fix(security): harden safeBins long-option validation
2026-02-23 23:58:58 +00:00
13f32e2f7d
feat: Add Kilo Gateway provider ( #20212 )
...
* feat: Add Kilo Gateway provider
Add support for Kilo Gateway as a model provider, similar to OpenRouter.
Kilo Gateway provides a unified API that routes requests to many models
behind a single endpoint and API key.
Changes:
- Add kilocode provider option to auth-choice and onboarding flows
- Add KILOCODE_API_KEY environment variable support
- Add kilocode/ model prefix handling in model-auth and extra-params
- Add provider documentation in docs/providers/kilocode.md
- Update model-providers.md with Kilo Gateway section
- Add design doc for the integration
* kilocode: add provider tests and normalize onboard auth-choice registration
* kilocode: register in resolveImplicitProviders so models appear in provider filter
* kilocode: update base URL from /api/openrouter/ to /api/gateway/
* docs: fix formatting in kilocode docs
* fix: address PR review — remove kilocode from cacheRetention, fix stale model refs and CLI name in docs, fix TS2742
* docs: fix stale refs in design doc — Moltbot to OpenClaw, MoltbotConfig to OpenClawConfig, remove extra-params section, fix doc path
* fix: use resolveAgentModelPrimaryValue for AgentModelConfig union type
---------
Co-authored-by: Mark IJbema <mark@kilocode.ai>
2026-02-23 23:29:27 +00:00
eff3c5c707
Session/Cron maintenance hardening and cleanup UX ( #24753 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7533b85156
2026-02-23 22:39:48 +00:00
9af3ec92a5
fix(gateway): add HSTS header hardening and docs
2026-02-23 19:47:29 +00:00
69b17a37e8
docs(reference): add cache trace diagnostics knobs to prompt-caching guide
2026-02-23 19:39:35 +00:00
46dee26600
docs(reference): add prompt-caching guide and knobs
...
Co-authored-by: Axel Svensson <svenssonaxel@users.noreply.github.com>
2026-02-23 19:19:45 +00:00
78e7f41d28
docs: detail per-agent prompt caching configuration
2026-02-23 18:46:40 +00:00
f03ff39754
Providers: skip context1m beta for Anthropic OAuth tokens ( #24620 )
...
* Providers: skip context1m beta for Anthropic OAuth tokens
* Tests: cover OAuth context1m beta skip behavior
* Docs: note context1m OAuth incompatibility
* Agents: add context1m-aware context token resolver
* Agents: cover context1m context-token resolver
* Commands: apply context1m-aware context tokens in session store
* Commands: apply context1m-aware context tokens in status summary
* Status: resolve context tokens with context1m model params
* Status: test context1m status context display
2026-02-23 12:29:09 -05:00
eb4ff6df81
Allow Claude model requests to route through Google Vertex AI ( #23985 )
...
* feat: add anthropic-vertex provider for Claude via GCP Vertex AI
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: sallyom <somalley@redhat.com>
* docs: add anthropic-vertex provider guide
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: sallyom <somalley@redhat.com>
* Agents: validate Anthropic Vertex project env
* Changelog: format update for Vertex entry
* Providers: rename Anthropic Vertex to Google Vertex Claude
* Providers: remove Vertex Claude provider path
* Models: normalize Vercel Claude shorthand refs
* Onboarding: default Vercel model to Claude shorthand
* Changelog: add @vincentkoc credit for #23985
* Onboarding: keep canonical Vercel default model ref
* Tests: expand Vercel model normalization coverage
---------
Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-23 11:04:31 -05:00
3a3c2da916
[Feature]: Add Gemini (Google Search grounding) as web_search provider ( #13075 )
...
* feat: add Gemini (Google Search grounding) as web_search provider
Add Gemini as a fourth web search provider alongside Brave, Perplexity,
and Grok. Uses Gemini's built-in Google Search grounding tool to return
search results with citations.
- Add runGeminiSearch() with Google Search grounding via tools API
- Resolve Gemini's grounding redirect URLs to direct URLs via parallel
HEAD requests (5s timeout, graceful fallback)
- Add Gemini config block (apiKey, model) with env var fallback
- Default model: gemini-2.5-flash (fast, cheap, grounding-capable)
- Strip API key from error messages for security
- Add config validation tests for Gemini provider
- Update docs/tools/web.md with Gemini provider documentation
Closes #13074
* feat: auto-detect search provider from available API keys
When no explicit provider is configured, resolveSearchProvider now
checks for available API keys in priority order (Brave → Gemini →
Perplexity → Grok) and selects the first provider with a valid key.
- Add auto-detection logic using existing resolve*ApiKey functions
- Export resolveSearchProvider via __testing_provider for tests
- Add 8 tests covering auto-detection, priority order, and explicit override
- Update docs/tools/web.md with auto-detection documentation
* fix: merge __testing exports, downgrade auto-detect log to debug
* fix: use defaultRuntime.log instead of .debug (not in RuntimeEnv type)
* fix: mark gemini apiKey as sensitive in zod schema
* fix: address Greptile review — add externalContent to Gemini payload, add Gemini/Grok entries to schema labels/help, remove dead schema-fields.ts
* fix(web-search): add JSON parse guard for Gemini API responses
Addresses Greptile review comment: add try/catch to handle non-JSON
responses from Gemini API gracefully, preventing runtime errors on
malformed responses.
Note: FIELD_HELP entries for gemini.apiKey and gemini.model were
already present in schema.help.ts, and gemini.apiKey was already
marked as sensitive in zod-schema.agent-runtime.ts (both fixed in
earlier commits).
* fix: use structured readResponseText result in Gemini error path
readResponseText returns { text, truncated, bytesRead }, not a string.
The Gemini error handler was using the result object directly, which
would always be truthy and never fall through to res.statusText.
Align with Perplexity/xAI/Brave error patterns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: fix import order and formatting after rebase onto main
* Web search: send Gemini API key via header
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-23 09:30:51 -05:00
c92c3ad224
Tests: isolate quick_validate stub and remove DS_Store
2026-02-23 03:25:37 -05:00
a4c373935f
fix(agents): fall back to agents.defaults.model when agent has no model config ( #24210 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 0f272b1027
2026-02-23 03:18:55 -05:00
9e1a13bf4c
Gateway/UI: data-driven agents tools catalog with provenance (openclaw#24199) thanks @Takhoffman
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- gh pr checks 24199 --watch --fail-fast
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 23:55:59 -06:00
77c3b142a9
Web UI: add full cron edit parity, all-jobs run history, and compact filters (openclaw#24155) thanks @Takhoffman
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 23:05:42 -06:00
558a0137bb
chore(release): bump versions to 2026.2.23
2026-02-23 05:13:46 +01:00
278331c49c
fix(exec): restore sandbox as implicit host default
2026-02-23 01:48:24 +01:00
1c2c7843a8
docs: add synology channel docs and fix unreleased changelog
2026-02-23 01:16:05 +01:00
d92ba4f8aa
feat: Provider/Mistral full support for Mistral on OpenClaw 🇫🇷 ( #23845 )
...
* Onboard: add Mistral auth choice and CLI flags
* Onboard/Auth: add Mistral provider config defaults
* Auth choice: wire Mistral API-key flow
* Onboard non-interactive: support --mistral-api-key
* Media understanding: add Mistral Voxtral audio provider
* Changelog: note Mistral onboarding and media support
* Docs: add Mistral provider and onboarding/media references
* Tests: cover Mistral media registry/defaults and auth mapping
* Memory: add Mistral embeddings provider support
* Onboarding: refresh Mistral model metadata
* Docs: document Mistral embeddings and endpoints
* Memory: persist Mistral embedding client state in managers
* Memory: add regressions for mistral provider wiring
* Gateway: add live tool probe retry helper
* Gateway: cover live tool probe retry helper
* Gateway: retry malformed live tool-read probe responses
* Memory: support plain-text batch error bodies
* Tests: add Mistral Voxtral live transcription smoke
* Docs: add Mistral live audio test command
* Revert: remove Mistral live voice test and docs entry
* Onboard: re-export Mistral default model ref from models
* Changelog: credit joeVenner for Mistral work
* fix: include Mistral in auto audio key fallback
* Update CHANGELOG.md
* Update CHANGELOG.md
---------
Co-authored-by: Shakker <shakkerdroid@gmail.com>
2026-02-23 00:03:56 +00:00
1d8968c8a8
fix(voice-call): harden media stream pre-start websocket handling
2026-02-22 23:25:32 +01:00
24c954d972
fix(security): harden allow-always wrapper persistence
2026-02-22 22:55:33 +01:00
64b273a71c
fix(exec): harden safe-bin trust and add explicit trusted dirs
2026-02-22 22:43:18 +01:00
e4d67137db
fix(node): default mac headless system.run to local host
...
Co-authored-by: aethnova <262512133+aethnova@users.noreply.github.com>
2026-02-22 22:24:28 +01:00
6817c0ec7b
fix(security): tighten elevated allowFrom sender matching
2026-02-22 22:00:08 +01:00
3a088c9f4f
docs: prune completed experiment plan notes
2026-02-22 21:56:01 +01:00
b0252ab90c
docs: fix canonical session doc path hint
2026-02-22 21:35:14 +01:00
acfbe158c6
docs: point pi extension paths to real source files
2026-02-22 21:32:28 +01:00
820d765553
docs: update outbound refactor test path
2026-02-22 21:28:08 +01:00
6ed08ddc24
docs: fix stale test file paths in experiment plans
2026-02-22 21:24:48 +01:00
c73837d269
docs: replace stale pi test file list with maintained patterns
2026-02-22 21:21:08 +01:00
dff9ead59a
docs: refresh gateway test references in testing guide
2026-02-22 21:16:53 +01:00
30e8f41cfc
docs: fix stale release checklist source paths
2026-02-22 21:15:09 +01:00
06b4baf67f
docs: remove internal hook import paths from examples
2026-02-22 21:12:49 +01:00
5dba7501c9
docs: update stale tsgo reference in pty plan
2026-02-22 21:10:14 +01:00
9c480d4dea
docs: replace removed pi test script with current commands
2026-02-22 21:07:34 +01:00
5547a2275c
fix(security): harden toolsBySender sender-key matching
2026-02-22 21:04:37 +01:00
3461dda880
docs: fix voicecall expose disable example
2026-02-22 20:58:28 +01:00
0d4c806406
docs: fix devices approve command in exe.dev guide
2026-02-22 20:52:46 +01:00
e0d4194869
docs: add missing summary/read_when metadata
2026-02-22 20:45:09 +01:00
371a7da9c8
docs: add missing summaries and read_when hints
2026-02-22 20:37:02 +01:00
f5814cc002
docs: add extension channels to Channels nav
2026-02-22 20:28:05 +01:00
290f375aa1
docs: fix Together provider env path
2026-02-22 20:23:40 +01:00
6fef318fda
docs: replace legacy chat examples in Venice provider guide
2026-02-22 20:15:07 +01:00
72446f419f
docs: align CLI docs and help surface
2026-02-22 20:05:01 +01:00
0c1f491a02
fix(gateway): clarify pairing and node auth guidance
2026-02-22 19:50:29 +01:00
89a1e99815
fix(slack): finalize replyToMode off threading behavior ( #23799 )
...
* fix: make replyToMode 'off' actually prevent threading in Slack
Three independent bugs caused Slack replies to always create threads
even when replyToMode was set to 'off':
1. Typing indicator created threads via statusThreadTs fallback (#16868 )
- resolveSlackThreadTargets fell back to messageTs for statusThreadTs
- 'is typing...' was posted as thread reply, creating a thread
- Fix: remove messageTs fallback, let statusThreadTs be undefined
2. [[reply_to_current]] tags bypassed replyToMode entirely (#16080 )
- Slack dock had allowExplicitReplyTagsWhenOff: true
- Reply tags from system prompt always threaded regardless of config
- Fix: set allowExplicitReplyTagsWhenOff to false for Slack
3. Contradictory replyToMode defaults in codebase (#20827 )
- monitor/provider.ts defaulted to 'all'
- accounts.ts defaulted to 'off' (matching docs)
- Fix: align provider.ts default to 'off' per documentation
Fixes : openclaw/openclaw#16868 , openclaw/openclaw#16080 , openclaw/openclaw#20827
* fix(slack): respect replyToMode in DMs even with typing indicator thread
When replyToMode is 'off' in DMs, replies should stay in the main
conversation even when the typing indicator creates a thread context.
Previously, when incomingThreadTs was set (from the typing indicator's
thread), replyToMode was forced to 'all', causing all replies to go
into the thread.
Now, for direct messages, the user's configured replyToMode is always
respected. For channels/groups, the existing behavior is preserved
(stay in thread if already in one).
This fix:
- Keeps the typing indicator working (statusThreadTs fallback preserved)
- Prevents DM replies from being forced into threads
- Maintains channel thread continuity
Fixes #16868
* refactor(slack): eliminate redundant resolveSlackThreadContext call
- Add isThreadReply to resolveSlackThreadTargets return value
- Remove duplicate call in dispatch.ts
- Addresses greptile review feedback with cleaner DRY approach
* docs(slack): add JSDoc to resolveSlackThreadTargets
Document return values including isThreadReply distinction between
genuine user thread replies vs bot status message thread context.
* docs(changelog): record Slack replyToMode off threading fixes
---------
Co-authored-by: James <jamesrp13@gmail.com>
Co-authored-by: theoseo <suhong.seo@gmail.com>
2026-02-22 13:27:50 -05:00
08431da5d5
refactor(gateway): unify credential precedence across entrypoints
2026-02-22 18:55:44 +01:00
e58054b85c
docs(telegram): align Node22 network defaults and setup guidance
2026-02-22 17:54:16 +01:00
f442a3539f
feat(update): add core auto-updater and dry-run preview
2026-02-22 17:11:36 +01:00
a5e2bd4eaa
docs: document verbose-gated tool error details
2026-02-22 15:26:48 +01:00
adfbbcf1f6
chore: merge origin/main into main
2026-02-22 13:42:52 +00:00
3308c86002
docs: keep channel names only in thread-support list
2026-02-22 14:39:40 +01:00
418e4e32c9
docs: clarify thread-bound subagents are Discord-only
2026-02-22 14:39:40 +01:00
c952334808
docs: list thread supporting channels in subagents guide
2026-02-22 14:39:40 +01:00
0b9b9d4301
docs: make subagents thread guidance channel-first
2026-02-22 14:39:40 +01:00
0d0f4c6992
refactor(exec): centralize safe-bin policy checks
2026-02-22 13:18:25 +01:00
47c3f742b6
fix(exec): require explicit safe-bin profiles
2026-02-22 12:58:55 +01:00
e80c803fa8
fix(security): block shell env allowlist bypass in system.run
2026-02-22 12:47:05 +01:00
6fda04e938
refactor: tighten onboarding dmScope typing and docs links
2026-02-22 12:46:09 +01:00
65dccbdb4b
fix: document onboarding dmScope default as breaking change ( #23468 ) (thanks @bmendonca3)
2026-02-22 12:36:49 +01:00
85e5ed3f78
refactor(channels): centralize runtime group policy handling
2026-02-22 12:35:41 +01:00
777817392d
fix: fail closed missing provider group policy across message channels ( #23367 ) (thanks @bmendonca3)
2026-02-22 12:21:04 +01:00
3700151ec0
Channels: fail closed when Slack/Discord config is missing
2026-02-22 12:18:43 +01:00
b98d3330f6
docs: update pty supervision test command paths
2026-02-22 10:48:37 +00:00
2739328508
fix(telegram): classify undici fetch errors as recoverable for retry ( #16699 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 67b5bce44f
2026-02-22 16:16:11 +05:30
c995f9be07
test: reclassify mocked announce and sandbox suites as unit tests
2026-02-22 10:28:43 +00:00
bc78b343ba
Security: expand audit checks for mDNS and real-IP fallback
2026-02-22 11:26:17 +01:00
98a03c490b
Feat/logger support log level validation0222 ( #23436 )
...
* 1、环境变量**:新增 `OPENCLAW_LOG_LEVEL`,可取值 `silent|fatal|error|warn|info|debug|trace`。设置后同时覆盖**文件日志**与**控制台**的级别,优先级高于配置文件。
2、启动参数**:在 `openclaw gateway run` 上新增 `--log-level <level>`,对该次进程同时生效于文件与控制台;未传时仍使用环境变量或配置文件。
* fix(logging): make log-level override global and precedence-safe
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-22 11:15:13 +01:00
1b327da6e3
fix: harden exec sandbox fallback semantics ( #23398 ) (thanks @bmendonca3)
2026-02-22 11:12:01 +01:00
c76a47cce2
Exec: fail closed when sandbox host is unavailable
2026-02-22 11:12:01 +01:00
8887f41d7d
refactor(gateway)!: remove legacy v1 device-auth handshake
2026-02-22 09:27:03 +01:00
008a8c9dc6
chore(docs): normalize security finding table formatting
2026-02-22 08:03:29 +00:00
265da4dd2a
fix(security): harden gateway command/audit guardrails
2026-02-22 08:45:48 +01:00
121d027229
chore: remove dead plugin hook loader
2026-02-22 08:45:24 +01:00
049b8b14bc
fix(security): flag open-group runtime/fs exposure in audit
2026-02-22 08:22:51 +01:00
817905f3a0
docs: document thread-bound subagent sessions and remove plan
2026-02-21 19:59:55 +01:00
2c14b0cf4c
refactor(config): unify streaming config across channels
2026-02-21 19:53:42 +01:00
f97c45c5b5
fix(security): warn on Discord name-based allowlists in audit
2026-02-21 19:45:17 +01:00
89aad7b922
refactor: tighten safe-bin policy model and docs parity
2026-02-21 19:24:23 +01:00
4c1dd9d068
fix(security): harden macos rawCommand allowlist resolution
2026-02-21 19:17:56 +01:00
57fbbaebca
fix: block safeBins sort --compress-program bypass
2026-02-21 19:13:53 +01:00
59c78c105a
docs: revert automated heading consistency edits ( #22743 )
2026-02-21 11:18:29 -05:00
8178ea472d
feat: thread-bound subagents on Discord ( #21805 )
...
* docs: thread-bound subagents plan
* docs: add exact thread-bound subagent implementation touchpoints
* Docs: prioritize auto thread-bound subagent flow
* Docs: add ACP harness thread-binding extensions
* Discord: add thread-bound session routing and auto-bind spawn flow
* Subagents: add focus commands and ACP/session binding lifecycle hooks
* Tests: cover thread bindings, focus commands, and ACP unbind hooks
* Docs: add plugin-hook appendix for thread-bound subagents
* Plugins: add subagent lifecycle hook events
* Core: emit subagent lifecycle hooks and decouple Discord bindings
* Discord: handle subagent bind lifecycle via plugin hooks
* Subagents: unify completion finalizer and split registry modules
* Add subagent lifecycle events module
* Hooks: fix subagent ended context key
* Discord: share thread bindings across ESM and Jiti
* Subagents: add persistent sessions_spawn mode for thread-bound sessions
* Subagents: clarify thread intro and persistent completion copy
* test(subagents): stabilize sessions_spawn lifecycle cleanup assertions
* Discord: add thread-bound session TTL with auto-unfocus
* Subagents: fail session spawns when thread bind fails
* Subagents: cover thread session failure cleanup paths
* Session: add thread binding TTL config and /session ttl controls
* Tests: align discord reaction expectations
* Agent: persist sessionFile for keyed subagent sessions
* Discord: normalize imports after conflict resolution
* Sessions: centralize sessionFile resolve/persist helper
* Discord: harden thread-bound subagent session routing
* Rebase: resolve upstream/main conflicts
* Subagents: move thread binding into hooks and split bindings modules
* Docs: add channel-agnostic subagent routing hook plan
* Agents: decouple subagent routing from Discord
* Discord: refactor thread-bound subagent flows
* Subagents: prevent duplicate end hooks and orphaned failed sessions
* Refactor: split subagent command and provider phases
* Subagents: honor hook delivery target overrides
* Discord: add thread binding kill switches and refresh plan doc
* Discord: fix thread bind channel resolution
* Routing: centralize account id normalization
* Discord: clean up thread bindings on startup failures
* Discord: add startup cleanup regression tests
* Docs: add long-term thread-bound subagent architecture
* Docs: split session binding plan and dedupe thread-bound doc
* Subagents: add channel-agnostic session binding routing
* Subagents: stabilize announce completion routing tests
* Subagents: cover multi-bound completion routing
* Subagents: suppress lifecycle hooks on failed thread bind
* tests: fix discord provider mock typing regressions
* docs/protocol: sync slash command aliases and delete param models
* fix: add changelog entry for Discord thread-bound subagents (#21805 ) (thanks @onutc)
---------
Co-authored-by: Shadow <hi@shadowing.dev>
2026-02-21 16:14:55 +01:00
166068dfbe
test: add byteplus coding-plan live test
2026-02-21 15:42:44 +01:00
581868365d
fix: finish volcengine/byteplus landing polish ( #7967 ) (thanks @funmore123)
2026-02-21 15:05:09 +01:00
559736a5a0
feat(volcengine): integrate Volcengine & Byteplus Provider
2026-02-21 15:05:09 +01:00
f48698a50b
fix(security): harden sandbox browser network defaults
2026-02-21 14:02:53 +01:00
8c1518f0f3
fix(sandbox): use one-time noVNC observer tokens
2026-02-21 13:56:58 +01:00
621d8e1312
fix(sandbox): require noVNC observer password auth
2026-02-21 13:44:24 +01:00
be7f825006
refactor(gateway): harden proxy client ip resolution
2026-02-21 13:36:23 +01:00
1835dec200
fix(security): force sandbox browser hash migration and audit stale labels
2026-02-21 13:25:41 +01:00
14b0d2b816
refactor: harden control-ui auth flow and add insecure-flag audit summary
2026-02-21 13:18:23 +01:00
f265d45840
fix(tts): make model provider overrides opt-in
2026-02-21 13:16:07 +01:00
356d61aacf
fix(gateway): scope tailscale tokenless auth to websocket
2026-02-21 13:03:13 +01:00
073651fb57
docs: add sponsors section to README
2026-02-21 13:00:02 +01:00
99048dbec2
fix(gateway): align insecure-auth toggle messaging
2026-02-21 12:57:22 +01:00
810218756d
docs(security): clarify trusted-host deployment assumptions
2026-02-21 12:53:12 +01:00
ede496fa1a
docs: clarify trusted-host assumption for tokenless tailscale
2026-02-21 12:52:49 +01:00
6b2f2811dc
fix(security): require BlueBubbles webhook auth
2026-02-21 11:41:50 +01:00
c6ee14d60e
fix(security): block grep safe-bin file-read bypass
2026-02-21 11:18:29 +01:00
9231d7d30f
chore: bump version to 2026.2.21
2026-02-21 11:02:30 +01:00
677384c519
refactor: simplify Telegram preview streaming to single boolean ( #22012 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: a4017d3b94
2026-02-21 15:19:13 +05:30
e1cb73cdeb
fix: unblock Docker build by aligning commands schema default ( #22558 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 1ad610176d
2026-02-21 14:47:28 +05:30
dcf2c6d7f1
docs: normalize Amazon Bedrock setup section labels ( #22549 )
...
* docs(channels): promote Signal option setups to onboarding sections
* docs(channels): rename Microsoft Teams minimal setup section
* docs(channels): standardize onboarding option headings for Zalo and Twitch
* docs(providers): normalize Amazon Bedrock onboarding section labels
2026-02-21 03:40:54 -05:00
e36245bd37
docs: finalize onboarding option heading normalization ( #22547 )
...
* docs(channels): promote Signal option setups to onboarding sections
* docs(channels): rename Microsoft Teams minimal setup section
* docs(channels): standardize onboarding option headings for Zalo and Twitch
2026-02-21 03:38:37 -05:00
ef42fe0094
docs: rename Tlon setup heading ( #22544 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
* docs(thinking): link reasoning section heading to in-page anchor
* docs(channels): normalize BlueBubbles configuration heading
* docs(channels): normalize Feishu configuration heading
* docs(channels): standardize Signal setup option headings
* docs(channels): refine Twitch setup heading clarity
* docs(channels): simplify Zalo setup heading phrasing
* docs(channels): trim Microsoft Teams minimal setup heading
* docs(channels): rename Tlon setup to onboarding
2026-02-21 03:37:27 -05:00
b5a77b9cb2
docs: finalize remaining setup heading phrasing ( #22543 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
* docs(thinking): link reasoning section heading to in-page anchor
* docs(channels): normalize BlueBubbles configuration heading
* docs(channels): normalize Feishu configuration heading
* docs(channels): standardize Signal setup option headings
* docs(channels): refine Twitch setup heading clarity
* docs(channels): simplify Zalo setup heading phrasing
* docs(channels): trim Microsoft Teams minimal setup heading
2026-02-21 03:36:39 -05:00
d7891badda
docs: more channel heading consistency updates ( #22541 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
* docs(thinking): link reasoning section heading to in-page anchor
* docs(channels): normalize BlueBubbles configuration heading
* docs(channels): normalize Feishu configuration heading
* docs(channels): standardize Signal setup option headings
2026-02-21 03:36:03 -05:00
e93e67bc8e
docs: fix thinking section heading link target ( #22539 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
* docs(thinking): link reasoning section heading to in-page anchor
2026-02-21 03:33:06 -05:00
7c593cd333
docs: finish onboarding/config heading consistency ( #22537 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
2026-02-21 03:32:37 -05:00
79183852f9
docs: more channel onboarding naming cleanup ( #22536 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
2026-02-21 03:31:55 -05:00
4c4147fb0a
docs: continue onboarding terminology cleanup ( #22535 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
2026-02-21 03:31:22 -05:00
12d75ff7f5
docs: continue channel onboarding/config naming cleanup ( #22533 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
2026-02-21 03:30:35 -05:00
436f79839b
docs: more channel onboarding heading consistency ( #22532 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
2026-02-21 03:29:42 -05:00
325992b777
docs: small docs sweep consistency updates ( #22531 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
2026-02-21 03:29:17 -05:00
3002be76e4
docs: add custom spellcheck dictionary and fix docs typos ( #22457 )
...
* docs: fix typos and add docs spellcheck workflow
* docs: add changelog entry for docs spellcheck updates
* docs: fix FAQ TOC fragment links for markdownlint
* docs: fix TOC nesting and spellcheck dictionary flags
2026-02-21 01:35:35 -05:00
122bdfa4e1
feat(discord): add configurable ephemeral option for slash commands
2026-02-20 21:19:21 -06:00
b7644d61a2
fix: restore Discord model picker UX ( #21458 ) (thanks @pejmanjohn)
2026-02-20 21:04:04 -06:00
f555835b09
Channels: add thread-aware model overrides
2026-02-20 19:26:25 -06:00
eedea6cf34
Discord: add trusted channel topics on new sessions
2026-02-20 18:22:13 -06:00
fe57bea088
Subagents: restore announce chain + fix nested retry/drop regressions ( #22223 )
...
* Subagents: restore announce flow and fix nested delivery retries
* fix: prep subagent announce + docs alignment (#22223 ) (thanks @tyler6204)
2026-02-20 15:39:09 -08:00
3e1ed0032d
Docs: add Discord forum thread docs
2026-02-20 17:20:24 -06:00
4ab946eebf
Discord VC: voice channels, transcription, and TTS ( #18774 )
2026-02-20 16:06:07 -06:00
09e6970386
Discord: implement stream preview mode ( #22111 )
...
* Discord: implement stream preview mode
* Changelog: note Discord stream preview mode
* Tests: type discord draft stream mocks
* Docs: document Discord stream preview
2026-02-20 12:37:15 -06:00
094dbdaf2b
fix(gateway): require loopback proxy IP for trusted-proxy + bind=loopback ( #22082 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 6ff3ca9b5d
2026-02-20 18:03:53 +00:00
8fa46d709a
fix(ios): force tls for non-loopback manual gateway hosts ( #21969 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 9fb39f566e
2026-02-20 16:28:47 +00:00
1b886e7378
docs(ui): add animated underline for nav tabs ( #21912 )
...
Add a responsive, animated underline indicator for navigation tabs to
improve visual focus and active-state feedback.
- Introduce CSS for .nav-tabs, .nav-tabs-item and a .nav-tabs-underline
element, including transitions, positioning, and dark mode color.
- Hide default first h1 in #content to keep header layout consistent.
- Add docs/nav-tabs-underline.js to create and manage the underline
element, observe DOM mutations, and update underline position/width on
changes, resize, and when fonts load.
- Preserve last known underline position/width across re-initializations
to avoid visual jumps.
This change makes active tab state visible with smooth movement and
ensures the underline stays synchronized with dynamic content.
2026-02-20 09:33:46 -05:00
5542a43623
Memory: share ENOENT helpers
2026-02-19 23:33:28 -08:00
d871ee91d0
fix(config-cli): correct misleading --json flag description ( #21332 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b6c8d1edfa
2026-02-19 20:09:17 -05:00
ae4907ce6e
fix(heartbeat): return false for zero-width active-hours window ( #21408 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 993860bd03
2026-02-19 20:03:57 -05:00
cf4ffff3e1
fix(heartbeat): run when HEARTBEAT.md is missing
2026-02-19 19:32:18 -05:00
7ce357ff8b
docs: add Vincent Koc to contributor credits
2026-02-19 15:13:38 -08:00
f66b23de75
chore(release): bump versions to 2026.2.20
2026-02-20 00:02:53 +01:00
ce1f0c0a10
ci: move workflows to blacksmith 16vcpu runners
2026-02-19 17:25:15 +01:00
2435499862
ci: move blacksmith runners to 8 vcpu
2026-02-19 16:50:22 +01:00
b0e55283d5
chore: bump release metadata to 2026.2.19
2026-02-19 16:17:34 +01:00
c45f3c5b00
fix(gateway): harden canvas auth with session capabilities
2026-02-19 15:51:22 +01:00
81b19aaa1a
fix(security): enforce plugin and hook path containment
2026-02-19 15:37:29 +01:00
b40821b068
fix: harden ACP secret handling and exec preflight boundaries
2026-02-19 15:34:20 +01:00
3561442a9f
fix(plugins): harden discovery trust checks
2026-02-19 15:14:12 +01:00
5dc50b8a3f
fix(security): harden npm plugin and hook install integrity flow
2026-02-19 15:11:25 +01:00
29118995ad
refactor(lobster): remove lobsterPath overrides
2026-02-19 14:58:13 +01:00
a40c10d3e2
fix: harden agent gateway authorization scopes
2026-02-19 14:37:56 +01:00
ff74d89e86
fix: harden gateway control-plane restart protections
2026-02-19 14:30:15 +01:00
e3e0ffd801
feat(security): audit gateway HTTP no-auth exposure
2026-02-19 14:25:56 +01:00
bafdbb6f11
fix(security): eliminate safeBins file-existence oracle
2026-02-19 14:18:11 +01:00
1316e57403
fix: enforce inbound attachment root policy across pipelines
2026-02-19 14:15:51 +01:00
cfe8457a0f
fix(security): harden safeBins stdin-only enforcement
2026-02-19 14:10:45 +01:00
3c419b7bd3
docs(security): document webhook hardening and changelog
2026-02-19 13:31:44 +01:00
49d0def6d1
fix(security): harden imessage remote scp/ssh handling
2026-02-19 11:08:23 +01:00
7255c20ddc
fix(docker): harden docker-setup mount validation
2026-02-19 10:44:46 +01:00
b4dbe03298
refactor: unify restart gating and update availability sync
2026-02-19 10:00:41 +01:00
9c2640a810
docs: clarify WhatsApp group allowlist and reply mention behavior
2026-02-19 09:19:34 +01:00
7e54b6c96f
fix(browser): unify extension relay auth on gateway token
2026-02-19 08:40:40 +01:00
c5698caca3
Security: default gateway auth bootstrap and explicit mode none ( #20686 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: be1b73182c
2026-02-19 02:35:50 -05:00
87d8331150
docs: warn against third-party 1-click marketplace images
2026-02-19 08:30:29 +01:00
f855d0be4f
fix: skip heartbeat when HEARTBEAT.md does not exist ( #20461 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f6e5f8172a
2026-02-19 01:09:33 -05:00
a0d904dc23
docs(discord): replace quick setup and add recommended guild setup ( #20088 )
...
Co-authored-by: Shadow <shadow@openclaw.ai>
2026-02-18 09:39:09 -06:00
d833dcd731
fix(telegram): cron and heartbeat messages land in wrong chat instead of target topic ( #19367 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: bf02bbf9ce
2026-02-18 15:31:01 +05:30
ac0db68235
refactor(security): extract safeBins trust resolver
2026-02-18 05:01:31 +01:00
28bac46c92
fix(security): harden safeBins path trust
2026-02-18 04:55:31 +01:00
4bf3338834
chore: bump version to 2026.2.18 unreleased
2026-02-18 04:40:06 +01:00
c90b09cb02
feat(agents): support Anthropic 1M context beta header
2026-02-18 03:29:48 +01:00
d1c00dbb7c
fix: harden include confinement edge cases ( #18652 ) (thanks @aether-ai-agent)
2026-02-18 03:27:16 +01:00
edf7d6af61
fix: harden subagent completion announce retries
2026-02-18 03:19:50 +01:00
985ec71c55
CLI: resolve parent/subcommand option collisions ( #18725 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b7e51cf909
2026-02-17 20:57:09 -05:00
fa4f66255c
fix(subagents): return completion message for manual session spawns
2026-02-18 02:52:35 +01:00
01672a8f25
Revert "Add mesh auto-planning with chat command UX and hardened auth/session behavior"
...
This reverts commit 16e59b26a6
2026-02-18 02:18:02 +01:00
2e91552f09
feat(agents): add generic provider api key rotation ( #19587 )
2026-02-18 01:31:11 +01:00
4c569ce246
docs(tokens): document image dimension token tradeoffs
2026-02-18 00:56:57 +01:00
b05e89e5e6
fix(agents): make image sanitization dimension configurable
2026-02-18 00:54:20 +01:00
bb9a539d1d
Merge remote-tracking branch 'prhead/feat/slack-text-streaming'
...
# Conflicts:
# docs/channels/slack.md
# src/config/types.slack.ts
# src/slack/monitor/message-handler/dispatch.ts
2026-02-18 00:49:30 +01:00
f07bb8e8fc
fix(hooks): backport internal message hook bridge with safe delivery semantics
2026-02-18 00:35:41 +01:00
ae2c8f2cf0
feat(models): support anthropic sonnet 4.6
2026-02-18 00:00:31 +01:00
a333d92013
docs(security): harden gateway security guidance
2026-02-17 23:48:49 +01:00
c26cf6aa83
feat(cron): add default stagger controls for scheduled jobs
2026-02-17 23:48:14 +01:00
9a2c39419e
chore(release): bump version to 2026.2.17
2026-02-17 23:08:55 +01:00
2cf82c357e
Docs: expand multi-agent routing
2026-02-17 14:28:08 -06:00
ab94295541
docs(slack): add assistant:write requirement for typing status
2026-02-18 02:22:54 +08:00
0978d63edd
docs: add community plugins guide
2026-02-17 17:42:37 +01:00
19a8f8bbf6
test(cron): add model fallback regression coverage
2026-02-17 10:40:25 -05:00
c0072be6a6
docs(cli): add components send example
2026-02-17 09:58:47 -05:00
dd0b789669
fix(mattermost): surface reactions support
2026-02-17 09:30:50 -05:00
5d1bcc76cc
docs(zai): document tool_stream defaults
2026-02-17 09:22:55 -05:00
b114c82701
CLI: approve latest pending device request
2026-02-17 14:08:04 +00:00
0e023e300e
Revert: fully roll back #17986 templates
2026-02-17 13:57:50 +00:00
ddee6291eb
Docs: add screenshot showing model picker usability issue
2026-02-17 09:15:55 +01:00
b2fef5ebc4
Revert "Default Telegram polls to public"
...
This reverts commit c43e95e011
2026-02-17 09:38:15 +02:00
df8f7ff1ab
docs(voice-call): document stale call reaper config
2026-02-16 22:26:31 -05:00
81fd771cb9
fix(gateway): preserve chat.history context under hard caps
2026-02-16 21:50:01 -05:00
f6e68b917b
docs(cron): clarify webhook posting summary condition
2026-02-16 21:48:57 -05:00
6070116382
revert(exec): undo accidental merge of PR #18521
2026-02-16 21:47:18 -05:00
ae82371d8a
revert(docs): undo accidental merge of #18516
2026-02-16 21:46:45 -05:00
Peter Steinberger
Sid
Ayaan Zaidi
Nikolay Petrov
Umut CAN
Alberto Leal
Vincent Koc
cyb1278588254
Anandesh Sharma
Gustavo Madeira Santana
Beer van der Drift
Barron Roth
Agent
Onur
Jc Miñarro
NIO
BigUncle
Logan Pritchett
longfros
Cassius0924
Rodrigo Uroz
Philipp Spiess
joshavant
yinghaosang
pandego
zzzz
Kriz Poon
Peter Steinberger
John Fawcett
Gustavo Madeira Santana
Sally O'Malley
AkosCz
边黎安
Tak Hoffman
Brian Mendonca
Glucksberg
maweibin
Onur
fanziqing
Ayaan Zaidi
Wei He
Shadow
Shadow
Tyler Yust
Mariano
Seb Slight
Vignesh Natarajan
adhitShet
vikpos
Pejman Pour-Moezzi
Taras Lukavyi
Mariano Belinky
Muhammed Mukhthar CM
Benjamin Jesuiter
Nimrod Gutman