266f10d47d
docs: clarify Sparkle build version policy
2026-02-28 10:04:25 +05:30
6e645300a8
docs(feishu): clarify oc_ group allowlist vs ou_ command allowFrom for /reset ( #26835 )
...
* docs(feishu): clarify oc_* group allowlist vs ou_* command allowFrom
* docs(feishu): avoid direct edits to generated zh-CN docs
---------
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-27 22:30:05 -06:00
4f8a54eeaa
docs: add cardkit permissions to Feishu channel setup ( #9410 )
...
- Add cardkit:card:read and cardkit:card:write to tenant scopes
- Format user scopes array for better readability
- Update both English and Chinese documentation
Co-authored-by: hezhizhou.606 <hezhizhou.606@bytedance.com>
2026-02-27 22:29:54 -06:00
f16ecd1dac
fix(ollama): unify context window handling across discovery, merge, and OpenAI-compat transport ( #29205 )
...
* fix(ollama): inject num_ctx for OpenAI-compatible transport
* fix(ollama): discover per-model context and preserve higher limits
* fix(agents): prefer matching provider model for fallback limits
* fix(types): require numeric token limits in provider model merge
* fix(types): accept unknown payload in ollama num_ctx wrapper
* fix(types): simplify ollama settled-result extraction
* config(models): add provider flag for Ollama OpenAI num_ctx injection
* config(schema): allow provider num_ctx injection flag
* config(labels): label provider num_ctx injection flag
* config(help): document provider num_ctx injection flag
* agents(ollama): gate OpenAI num_ctx injection with provider config
* tests(ollama): cover provider num_ctx injection flag behavior
* docs(config): list provider num_ctx injection option
* docs(ollama): document OpenAI num_ctx injection toggle
* docs(config): clarify merge token-limit precedence
* config(help): note merge uses higher model token limits
* fix(ollama): cap /api/show discovery concurrency
* fix(ollama): restrict num_ctx injection to OpenAI compat
* tests(ollama): cover ipv6 and compat num_ctx gating
* fix(ollama): detect remote compat endpoints for ollama-labeled providers
* fix(ollama): cap per-model /api/show lookups to bound discovery load
2026-02-27 17:20:47 -08:00
d17c083803
docs(ollama): clarify /v1 tool-calling guidance ( #29204 )
2026-02-27 15:21:13 -08:00
de77497ea8
chore: add convex to sponsors table
2026-02-27 23:27:27 +01:00
8bc80fad47
fix(slack): land #29032 /agentstatus alias from @maloqab
...
Land contributor PR #29032 by @maloqab with Slack native alias docs, integration tests, and changelog entry.
Co-authored-by: maloqab <mitebaloqab@gmail.com>
2026-02-27 19:09:38 +00:00
dede4089a6
docs(openai): add clear server compaction toggle examples
2026-02-27 16:21:08 +00:00
8da3a9a92d
fix(agents): auto-enable OpenAI Responses server-side compaction ( #16930 , #22441 , #25088 )
...
Landed from contributor PRs #16930 , #22441 , and #25088 .
Co-authored-by: liweiguang <codingpunk@gmail.com>
Co-authored-by: EdwardWu7 <wuzhiyuan7@gmail.com>
Co-authored-by: MoerAI <friendnt@g.skku.edu>
2026-02-27 16:15:50 +00:00
fe807e4bed
chore(release): bump 2026.2.27 and split changelog
2026-02-27 16:09:28 +01:00
0fe6cf06b2
Compaction: preserve opaque identifiers in summaries (openclaw#25553) thanks @rodrigouroz
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-27 08:14:05 -06:00
a7929abad8
Discord: thread bindings idle + max-age lifecycle ( #27845 ) (thanks @osolmaz)
...
* refactor discord thread bindings to idle and max-age lifecycle
* fix: migrate legacy thread binding expiry and reduce hot-path disk writes
* refactor: remove remaining thread-binding ttl legacy paths
* fix: harden thread-binding lifecycle persistence
* Discord: fix thread binding types in message/reply paths
* Infra: handle win32 unknown inode in file identity checks
* Infra: relax win32 guarded-open identity checks
* Config: migrate threadBindings ttlHours to idleHours
* Revert "Infra: relax win32 guarded-open identity checks"
This reverts commit de9412677196fc5ddfb3#27845 ) (thanks @osolmaz)
---------
Co-authored-by: Onur Solmaz <onur@textcortex.com>
2026-02-27 10:02:39 +01:00
6ed00abc1e
docs: document android capability sweep in testing guide
2026-02-27 12:16:36 +05:30
cb9374a2a1
Gateway: improve device-auth v2 migration diagnostics ( #28305 )
...
* Gateway: add device-auth detail code resolver
* Gateway: emit specific device-auth detail codes
* Gateway tests: cover nonce and signature detail codes
* Docs: add gateway device-auth migration diagnostics
* Docs: add device-auth v2 troubleshooting signatures
2026-02-26 21:05:43 -08:00
29f5da5b2a
feat(nodes): expose device diagnostics and notification actions
2026-02-27 10:15:21 +05:30
c1e0f8cfb1
docs(nodes): document android camera list and device actions
2026-02-27 10:15:21 +05:30
88a0d87490
Docs: align gateway config key paths with metadata ( #28196 )
...
* Docs: align gateway config key paths in reference
* Docs: expand config reference coverage for channels plugins and providers
2026-02-26 22:35:43 -05:00
418111adb9
docs(telegram): align channel docs with runtime behavior
2026-02-27 08:00:29 +05:30
7149ba5574
docs: remove legacy grammy page
2026-02-27 08:00:29 +05:30
035a2dbb40
docs: consolidate grammy links to telegram
2026-02-27 08:00:29 +05:30
1f68010bd6
docs(telegram): clarify group auth boundary
2026-02-27 08:00:29 +05:30
d320b30b9b
Docs: expand ACP first-use naming and link protocol site
2026-02-27 00:33:58 +01:00
297cca0565
docs(cli): improve secrets command guide
2026-02-27 00:20:02 +01:00
1d43202930
fix: repair Telegram allowlist DM migrations ( #27936 ) (thanks @widingmarcus-cyber)
2026-02-26 22:53:13 +00:00
5a453eacbd
chore(onboarding): add explicit account-risk warning for Gemini CLI OAuth and docs ( #16683 )
...
* docs: add account-risk caution to Google OAuth provider docs
* docs(plugin): add Gemini CLI account safety caution
* CLI: add risk hint for Gemini CLI auth choice
* Onboarding: require confirmation for Gemini CLI OAuth
* Tests: cover Gemini CLI OAuth risk confirmation flow
2026-02-26 15:25:42 -05:00
9f154efa8d
docs(acp): expand /acp operator playbook
2026-02-26 16:49:20 +00:00
0ec7711bc2
fix(agents): harden compaction and reset safety
...
Co-authored-by: jaden-clovervnd <91520439+jaden-clovervnd@users.noreply.github.com>
Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: Marcus Widing <245375637+widingmarcus-cyber@users.noreply.github.com>
2026-02-26 17:41:24 +01:00
c81e9866ff
fix(pi): stop history image reinjection token blowup
2026-02-26 16:38:20 +01:00
03d7641b0e
feat(agents): default codex transport to websocket-first
2026-02-26 16:22:53 +01:00
cc1eaf130b
docs(gateway): clarify remote token local fallback semantics
2026-02-26 15:59:44 +01:00
4380d74d49
docs(secrets): add dedicated apply plan contract page
2026-02-26 14:47:22 +00:00
14897e8de7
docs(secrets): clarify partial migration guidance
2026-02-26 14:47:22 +00:00
ea1ccf4896
docs(secrets): add direct 1password exec example
2026-02-26 14:47:22 +00:00
f46b9c996f
feat(secrets): allow opt-in symlink exec command paths
2026-02-26 14:47:22 +00:00
06290b49b2
feat(secrets): finalize mode rename and validated exec docs
2026-02-26 14:47:22 +00:00
f413e314b9
feat(secrets): replace migrate flow with audit/configure/apply
2026-02-26 14:47:22 +00:00
bde9cbb058
docs(secrets): align provider model and add exec resolver coverage
2026-02-26 14:47:22 +00:00
5e3a86fd2f
feat(secrets): expand onboarding secret-ref flows and custom-provider parity
2026-02-26 14:47:22 +00:00
e8637c79b3
fix(secrets): harden sops migration sops rule matching
2026-02-26 14:47:22 +00:00
0e69660c41
feat(secrets): finalize external secrets runtime and migration hardening
2026-02-26 14:47:22 +00:00
c5b89fbaea
Docs: address review feedback on secrets docs
2026-02-26 14:47:22 +00:00
9203d583f9
Docs: add secrets and CLI secrets reference pages
2026-02-26 14:47:22 +00:00
c0a3801086
Docs: document secrets refs runtime and migration
2026-02-26 14:47:22 +00:00
7d8aeaaf06
fix(gateway): pin paired reconnect metadata for node policy
2026-02-26 14:11:04 +01:00
5df9aacf68
fix(podman): default run-openclaw-podman bind to loopback (land #27491 , thanks @robbyczgw-cla)
...
Co-authored-by: robbyczgw-cla <robbyczgw@gmail.com>
2026-02-26 12:13:20 +00:00
8bdda7a651
fix(security): keep DM pairing allowlists out of group auth
2026-02-26 12:58:18 +01:00
caace61ba1
chore: bump versions to 2026.2.26
2026-02-26 12:11:02 +01:00
1ffc319831
Doctor: keep allowFrom account-scoped in multi-account configs
2026-02-26 05:34:58 -05:00
a7d56e3554
feat: ACP thread-bound agents ( #23580 )
...
* docs: add ACP thread-bound agents plan doc
* docs: expand ACP implementation specification
* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup
* feat(acp): add /acp commands and Discord spawn gate
* ACP: add acpx runtime plugin backend
* fix(subagents): defer transient lifecycle errors before announce
* Agents: harden ACP sessions_spawn and tighten spawn guidance
* Agents: require explicit ACP target for runtime spawns
* docs: expand ACP control-plane implementation plan
* ACP: harden metadata seeding and spawn guidance
* ACP: centralize runtime control-plane manager and fail-closed dispatch
* ACP: harden runtime manager and unify spawn helpers
* Commands: route ACP sessions through ACP runtime in agent command
* ACP: require persisted metadata for runtime spawns
* Sessions: preserve ACP metadata when updating entries
* Plugins: harden ACP backend registry across loaders
* ACPX: make availability probe compatible with adapters
* E2E: add manual Discord ACP plain-language smoke script
* ACPX: preserve streamed spacing across Discord delivery
* Docs: add ACP Discord streaming strategy
* ACP: harden Discord stream buffering for thread replies
* ACP: reuse shared block reply pipeline for projector
* ACP: unify streaming config and adopt coalesceIdleMs
* Docs: add temporary ACP production hardening plan
* Docs: trim temporary ACP hardening plan goals
* Docs: gate ACP thread controls by backend capabilities
* ACP: add capability-gated runtime controls and /acp operator commands
* Docs: remove temporary ACP hardening plan
* ACP: fix spawn target validation and close cache cleanup
* ACP: harden runtime dispatch and recovery paths
* ACP: split ACP command/runtime internals and centralize policy
* ACP: harden runtime lifecycle, validation, and observability
* ACP: surface runtime and backend session IDs in thread bindings
* docs: add temp plan for binding-service migration
* ACP: migrate thread binding flows to SessionBindingService
* ACP: address review feedback and preserve prompt wording
* ACPX plugin: pin runtime dependency and prefer bundled CLI
* Discord: complete binding-service migration cleanup and restore ACP plan
* Docs: add standalone ACP agents guide
* ACP: route harness intents to thread-bound ACP sessions
* ACP: fix spawn thread routing and queue-owner stall
* ACP: harden startup reconciliation and command bypass handling
* ACP: fix dispatch bypass type narrowing
* ACP: align runtime metadata to agentSessionId
* ACP: normalize session identifier handling and labels
* ACP: mark thread banner session ids provisional until first reply
* ACP: stabilize session identity mapping and startup reconciliation
* ACP: add resolved session-id notices and cwd in thread intros
* Discord: prefix thread meta notices consistently
* Discord: unify ACP/thread meta notices with gear prefix
* Discord: split thread persona naming from meta formatting
* Extensions: bump acpx plugin dependency to 0.1.9
* Agents: gate ACP prompt guidance behind acp.enabled
* Docs: remove temp experiment plan docs
* Docs: scope streaming plan to holy grail refactor
* Docs: refactor ACP agents guide for human-first flow
* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow
* Docs/Skill: add OpenCode and Pi to ACP harness lists
* Docs/Skill: align ACP harness list with current acpx registry
* Dev/Test: move ACP plain-language smoke script and mark as keep
* Docs/Skill: reorder ACP harness lists with Pi first
* ACP: split control-plane manager into core/types/utils modules
* Docs: refresh ACP thread-bound agents plan
* ACP: extract dispatch lane and split manager domains
* ACP: centralize binding context and remove reverse deps
* Infra: unify system message formatting
* ACP: centralize error boundaries and session id rendering
* ACP: enforce init concurrency cap and strict meta clear
* Tests: fix ACP dispatch binding mock typing
* Tests: fix Discord thread-binding mock drift and ACP request id
* ACP: gate slash bypass and persist cleared overrides
* ACPX: await pre-abort cancel before runTurn return
* Extension: pin acpx runtime dependency to 0.1.11
* Docs: add pinned acpx install strategy for ACP extension
* Extensions/acpx: enforce strict local pinned startup
* Extensions/acpx: tighten acp-router install guidance
* ACPX: retry runtime test temp-dir cleanup
* Extensions/acpx: require proactive ACPX repair for thread spawns
* Extensions/acpx: require restart offer after acpx reinstall
* extensions/acpx: remove workspace protocol devDependency
* extensions/acpx: bump pinned acpx to 0.1.13
* extensions/acpx: sync lockfile after dependency bump
* ACPX: make runtime spawn Windows-safe
* fix: align doctor-config-flow repair tests with default-account migration (#23580 ) (thanks @osolmaz)
2026-02-26 11:00:09 +01:00
dfa0b5b4fc
Channels: move single-account config into accounts.default ( #27334 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 50b5771808
2026-02-26 04:06:03 -05:00
c289b5ff9f
fix(config): preserve agent-level apiKey/baseUrl during models.json merge ( #27293 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 6b4b37b03d
2026-02-26 03:46:36 -05:00
92c309f2e1
docs: fix wrong Providers link in configuration examples
2026-02-26 02:41:07 -06:00
96c7702526
Agents: add account-scoped bind and routing commands ( #27195 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: ad35a458a5
2026-02-26 02:36:56 -05:00
f08fe02a1b
Onboarding: support plugin-owned interactive channel flows ( #27191 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 53872cf8e7
2026-02-26 01:14:57 -05:00
91a3f0a3fe
pairing: enforce strict account-scoped state
2026-02-26 00:31:24 -05:00
35976da7a0
fix: harden Docker/GCP onboarding flow ( #26253 ) (thanks @pandego)
2026-02-26 04:46:18 +00:00
e8197404d0
Docker/docs: reduce docker build OOM risk on small GCP hosts
2026-02-26 04:46:18 +00:00
cb3e5c35b0
docs: fix onboarding markdown list spacing
2026-02-26 05:23:30 +01:00
4ada143794
docs(heartbeat): add directPolicy to config examples
2026-02-26 03:59:38 +01:00
8a006a3260
feat(heartbeat): add directPolicy and restore default direct delivery
2026-02-26 03:57:03 +01:00
b8bb8ab3ca
docs: clarify personal-by-default onboarding security notice
2026-02-26 02:59:34 +01:00
c736f11a16
fix(gateway): harden browser websocket auth chain
2026-02-26 01:22:49 +01:00
e56b0cf1a0
fix: enforce telegram reaction authorization
2026-02-26 01:03:03 +01:00
42f455739f
fix(security): clarify denyCommands exact-match guidance
2026-02-26 00:55:35 +01:00
eb73e87f18
fix(session): prevent silent overflow on parent thread forks ( #26912 )
...
Lands #26912 from @markshields-tl with configurable session.parentForkMaxTokens and docs/tests/changelog updates.
Co-authored-by: Mark Shields <239231357+markshields-tl@users.noreply.github.com>
2026-02-25 23:54:02 +00:00
8f3310000a
refactor(macos): remove anthropic oauth onboarding flow
2026-02-26 00:17:03 +01:00
8f5f599a34
docs(security): note narrow filesystem roots for tool access
2026-02-25 05:10:10 +00:00
52d933b3a9
refactor: replace bot.molt identifiers with ai.openclaw
2026-02-25 05:03:24 +00:00
480cc4b85c
chore: roll to 2026.2.25 unreleased
2026-02-25 03:35:33 +00:00
069c495df6
docs: clarify pairing commands in faq and troubleshooting
2026-02-25 02:50:17 +00:00
c2a837565c
docs: fix configure section example
2026-02-25 02:44:49 +00:00
bfafec2271
docs: expand doctor and devices CLI references
2026-02-25 02:41:13 +00:00
a12cbf8994
docs: refresh CLI and trusted-proxy docs
2026-02-25 02:40:12 +00:00
24d7612ddf
refactor(heartbeat): harden dm delivery classification
2026-02-25 02:13:07 +00:00
a805d6b439
fix(heartbeat): block dm targets and internalize blocked prompts
2026-02-25 02:05:45 +00:00
eb4a93a8db
refactor(sandbox): share container-path utils and tighten fs bridge tests
2026-02-25 01:59:53 +00:00
e2362d352d
fix(heartbeat): default target none and internalize relay prompts
2026-02-25 01:28:47 +00:00
ee6fec36eb
docs(discord): document DAVE defaults and decrypt recovery
2026-02-25 00:28:06 +00:00
9cd50c51b0
fix(discord): harden voice DAVE receive reliability ( #25861 )
...
Reimplements and consolidates related work:
- #24339 stale disconnect/destroyed session guards
- #25312 voice listener cleanup on stop
- #23036 restore @snazzah/davey runtime dependency
Adds Discord voice DAVE config passthrough, repeated decrypt failure
rejoin recovery, regression tests, docs, and changelog updates.
Co-authored-by: Frank Yang <frank.ekn@gmail.com>
Co-authored-by: Do Cao Hieu <admin@docaohieu.com>
2026-02-25 00:19:50 +00:00
b4010a0b62
fix(zalo): enforce group sender policy in groups
2026-02-24 23:30:43 +00:00
9fccf60733
refactor(synology-chat): centralize DM auth and fail fast startup
2026-02-24 23:28:40 +00:00
14b6eea6e3
feat(sandbox): block container namespace joins by default
2026-02-24 23:20:34 +00:00
0ee30361b8
fix(synology-chat): fail closed empty allowlist
2026-02-24 23:18:17 +00:00
b67e600bff
fix(security): restrict default safe-bin trusted dirs
2026-02-24 23:13:37 +00:00
e806b34779
chore: remove changelog add helper script
2026-02-24 15:33:09 +00:00
d18ae2256f
refactor: unify channel plugin resolution, family ordering, and changelog entry tooling
2026-02-24 15:15:22 +00:00
370d115549
fix: enforce workspaceOnly for native prompt image autoload
2026-02-24 14:47:59 +00:00
31b1b20b3c
docs: add WeChat community plugin listing
...
Add @icesword760/openclaw-wechat to the community plugins page.
This plugin connects OpenClaw to WeChat personal accounts via
WeChatPadPro (iPad protocol) with support for text, image, and
file exchange.
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-24 08:41:28 -06:00
8cc841766c
docs(security): enumerate dangerous config parameters
2026-02-24 14:25:43 +00:00
4d124e4a9b
feat(security): warn on likely multi-user trust-model mismatch
2026-02-24 14:03:19 +00:00
2bad30b4d3
chore(release): bump version to 2026.2.24
2026-02-24 13:42:43 +00:00
8ea936cdda
docs: clarify prompt caching intro
2026-02-24 05:22:00 +00:00
8c5cf2d5b2
docs(subagents): document default runTimeoutSeconds config ( #24594 ) (thanks @mitchmcalister)
2026-02-24 04:22:43 +00:00
1fdaaaedd3
Docs: clarify Chrome extension relay port derivation (gateway + 3)
2026-02-24 04:16:08 +00:00
aea28e26fb
fix(auto-reply): expand standalone stop phrases
2026-02-24 04:02:43 +00:00
a67689a7e3
fix: harden allow-always shell multiplexer wrapper handling
2026-02-24 03:06:51 +00:00
1d28da55a5
fix(voice-call): block Twilio webhook replay and stale transitions
2026-02-24 02:37:24 +00:00
5239b55c0a
Config: expand Kilo catalog and persist selected Kilo models ( #24921 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f5a7e1a385
2026-02-23 21:17:37 -05:00
6c441ea797
fix: support legacy and beta prerelease version formats
2026-02-24 02:05:37 +00:00
223d7dc23d
feat(gateway)!: require explicit non-loopback control-ui origins
2026-02-24 01:57:11 +00:00
5eb72ab769
fix(security): harden browser SSRF defaults and migrate legacy key
2026-02-24 01:52:01 +00:00
f0f886ecc4
docs(security): clarify gateway-node trust boundary in docs
2026-02-24 01:35:44 +00:00
12cc754332
fix(acp): harden permission auto-approval policy
2026-02-24 01:03:30 +00:00
ddf93d9845
docs(security): add vps trust-boundary guidance
2026-02-24 01:02:11 +00:00
cfa44ea6b4
fix(security): make allowFrom id-only by default with dangerous name opt-in ( #24907 )
...
* fix(channels): default allowFrom to id-only; add dangerous name opt-in
* docs(security): align channel allowFrom docs with id-only default
2026-02-24 01:01:51 +00:00
41b0568b35
docs(security): clarify shared-agent trust boundaries
2026-02-24 01:00:05 +00:00
400220275c
docs: clarify multi-instance recommendations for user isolation
2026-02-24 00:40:08 +00:00
7d55277d72
docs: clarify operator trust boundary for shared gateways
2026-02-24 00:25:01 +00:00
3b8e33037a
fix(security): harden safeBins long-option validation
2026-02-23 23:58:58 +00:00
13f32e2f7d
feat: Add Kilo Gateway provider ( #20212 )
...
* feat: Add Kilo Gateway provider
Add support for Kilo Gateway as a model provider, similar to OpenRouter.
Kilo Gateway provides a unified API that routes requests to many models
behind a single endpoint and API key.
Changes:
- Add kilocode provider option to auth-choice and onboarding flows
- Add KILOCODE_API_KEY environment variable support
- Add kilocode/ model prefix handling in model-auth and extra-params
- Add provider documentation in docs/providers/kilocode.md
- Update model-providers.md with Kilo Gateway section
- Add design doc for the integration
* kilocode: add provider tests and normalize onboard auth-choice registration
* kilocode: register in resolveImplicitProviders so models appear in provider filter
* kilocode: update base URL from /api/openrouter/ to /api/gateway/
* docs: fix formatting in kilocode docs
* fix: address PR review — remove kilocode from cacheRetention, fix stale model refs and CLI name in docs, fix TS2742
* docs: fix stale refs in design doc — Moltbot to OpenClaw, MoltbotConfig to OpenClawConfig, remove extra-params section, fix doc path
* fix: use resolveAgentModelPrimaryValue for AgentModelConfig union type
---------
Co-authored-by: Mark IJbema <mark@kilocode.ai>
2026-02-23 23:29:27 +00:00
eff3c5c707
Session/Cron maintenance hardening and cleanup UX ( #24753 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7533b85156
2026-02-23 22:39:48 +00:00
9af3ec92a5
fix(gateway): add HSTS header hardening and docs
2026-02-23 19:47:29 +00:00
69b17a37e8
docs(reference): add cache trace diagnostics knobs to prompt-caching guide
2026-02-23 19:39:35 +00:00
46dee26600
docs(reference): add prompt-caching guide and knobs
...
Co-authored-by: Axel Svensson <svenssonaxel@users.noreply.github.com>
2026-02-23 19:19:45 +00:00
78e7f41d28
docs: detail per-agent prompt caching configuration
2026-02-23 18:46:40 +00:00
f03ff39754
Providers: skip context1m beta for Anthropic OAuth tokens ( #24620 )
...
* Providers: skip context1m beta for Anthropic OAuth tokens
* Tests: cover OAuth context1m beta skip behavior
* Docs: note context1m OAuth incompatibility
* Agents: add context1m-aware context token resolver
* Agents: cover context1m context-token resolver
* Commands: apply context1m-aware context tokens in session store
* Commands: apply context1m-aware context tokens in status summary
* Status: resolve context tokens with context1m model params
* Status: test context1m status context display
2026-02-23 12:29:09 -05:00
eb4ff6df81
Allow Claude model requests to route through Google Vertex AI ( #23985 )
...
* feat: add anthropic-vertex provider for Claude via GCP Vertex AI
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: sallyom <somalley@redhat.com>
* docs: add anthropic-vertex provider guide
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: sallyom <somalley@redhat.com>
* Agents: validate Anthropic Vertex project env
* Changelog: format update for Vertex entry
* Providers: rename Anthropic Vertex to Google Vertex Claude
* Providers: remove Vertex Claude provider path
* Models: normalize Vercel Claude shorthand refs
* Onboarding: default Vercel model to Claude shorthand
* Changelog: add @vincentkoc credit for #23985
* Onboarding: keep canonical Vercel default model ref
* Tests: expand Vercel model normalization coverage
---------
Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-23 11:04:31 -05:00
3a3c2da916
[Feature]: Add Gemini (Google Search grounding) as web_search provider ( #13075 )
...
* feat: add Gemini (Google Search grounding) as web_search provider
Add Gemini as a fourth web search provider alongside Brave, Perplexity,
and Grok. Uses Gemini's built-in Google Search grounding tool to return
search results with citations.
- Add runGeminiSearch() with Google Search grounding via tools API
- Resolve Gemini's grounding redirect URLs to direct URLs via parallel
HEAD requests (5s timeout, graceful fallback)
- Add Gemini config block (apiKey, model) with env var fallback
- Default model: gemini-2.5-flash (fast, cheap, grounding-capable)
- Strip API key from error messages for security
- Add config validation tests for Gemini provider
- Update docs/tools/web.md with Gemini provider documentation
Closes #13074
* feat: auto-detect search provider from available API keys
When no explicit provider is configured, resolveSearchProvider now
checks for available API keys in priority order (Brave → Gemini →
Perplexity → Grok) and selects the first provider with a valid key.
- Add auto-detection logic using existing resolve*ApiKey functions
- Export resolveSearchProvider via __testing_provider for tests
- Add 8 tests covering auto-detection, priority order, and explicit override
- Update docs/tools/web.md with auto-detection documentation
* fix: merge __testing exports, downgrade auto-detect log to debug
* fix: use defaultRuntime.log instead of .debug (not in RuntimeEnv type)
* fix: mark gemini apiKey as sensitive in zod schema
* fix: address Greptile review — add externalContent to Gemini payload, add Gemini/Grok entries to schema labels/help, remove dead schema-fields.ts
* fix(web-search): add JSON parse guard for Gemini API responses
Addresses Greptile review comment: add try/catch to handle non-JSON
responses from Gemini API gracefully, preventing runtime errors on
malformed responses.
Note: FIELD_HELP entries for gemini.apiKey and gemini.model were
already present in schema.help.ts, and gemini.apiKey was already
marked as sensitive in zod-schema.agent-runtime.ts (both fixed in
earlier commits).
* fix: use structured readResponseText result in Gemini error path
readResponseText returns { text, truncated, bytesRead }, not a string.
The Gemini error handler was using the result object directly, which
would always be truthy and never fall through to res.statusText.
Align with Perplexity/xAI/Brave error patterns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: fix import order and formatting after rebase onto main
* Web search: send Gemini API key via header
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-23 09:30:51 -05:00
c92c3ad224
Tests: isolate quick_validate stub and remove DS_Store
2026-02-23 03:25:37 -05:00
a4c373935f
fix(agents): fall back to agents.defaults.model when agent has no model config ( #24210 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 0f272b1027
2026-02-23 03:18:55 -05:00
9e1a13bf4c
Gateway/UI: data-driven agents tools catalog with provenance (openclaw#24199) thanks @Takhoffman
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- gh pr checks 24199 --watch --fail-fast
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 23:55:59 -06:00
77c3b142a9
Web UI: add full cron edit parity, all-jobs run history, and compact filters (openclaw#24155) thanks @Takhoffman
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 23:05:42 -06:00
558a0137bb
chore(release): bump versions to 2026.2.23
2026-02-23 05:13:46 +01:00
278331c49c
fix(exec): restore sandbox as implicit host default
2026-02-23 01:48:24 +01:00
1c2c7843a8
docs: add synology channel docs and fix unreleased changelog
2026-02-23 01:16:05 +01:00
d92ba4f8aa
feat: Provider/Mistral full support for Mistral on OpenClaw 🇫🇷 ( #23845 )
...
* Onboard: add Mistral auth choice and CLI flags
* Onboard/Auth: add Mistral provider config defaults
* Auth choice: wire Mistral API-key flow
* Onboard non-interactive: support --mistral-api-key
* Media understanding: add Mistral Voxtral audio provider
* Changelog: note Mistral onboarding and media support
* Docs: add Mistral provider and onboarding/media references
* Tests: cover Mistral media registry/defaults and auth mapping
* Memory: add Mistral embeddings provider support
* Onboarding: refresh Mistral model metadata
* Docs: document Mistral embeddings and endpoints
* Memory: persist Mistral embedding client state in managers
* Memory: add regressions for mistral provider wiring
* Gateway: add live tool probe retry helper
* Gateway: cover live tool probe retry helper
* Gateway: retry malformed live tool-read probe responses
* Memory: support plain-text batch error bodies
* Tests: add Mistral Voxtral live transcription smoke
* Docs: add Mistral live audio test command
* Revert: remove Mistral live voice test and docs entry
* Onboard: re-export Mistral default model ref from models
* Changelog: credit joeVenner for Mistral work
* fix: include Mistral in auto audio key fallback
* Update CHANGELOG.md
* Update CHANGELOG.md
---------
Co-authored-by: Shakker <shakkerdroid@gmail.com>
2026-02-23 00:03:56 +00:00
1d8968c8a8
fix(voice-call): harden media stream pre-start websocket handling
2026-02-22 23:25:32 +01:00
24c954d972
fix(security): harden allow-always wrapper persistence
2026-02-22 22:55:33 +01:00
64b273a71c
fix(exec): harden safe-bin trust and add explicit trusted dirs
2026-02-22 22:43:18 +01:00
e4d67137db
fix(node): default mac headless system.run to local host
...
Co-authored-by: aethnova <262512133+aethnova@users.noreply.github.com>
2026-02-22 22:24:28 +01:00
6817c0ec7b
fix(security): tighten elevated allowFrom sender matching
2026-02-22 22:00:08 +01:00
3a088c9f4f
docs: prune completed experiment plan notes
2026-02-22 21:56:01 +01:00
b0252ab90c
docs: fix canonical session doc path hint
2026-02-22 21:35:14 +01:00
acfbe158c6
docs: point pi extension paths to real source files
2026-02-22 21:32:28 +01:00
820d765553
docs: update outbound refactor test path
2026-02-22 21:28:08 +01:00
6ed08ddc24
docs: fix stale test file paths in experiment plans
2026-02-22 21:24:48 +01:00
c73837d269
docs: replace stale pi test file list with maintained patterns
2026-02-22 21:21:08 +01:00
dff9ead59a
docs: refresh gateway test references in testing guide
2026-02-22 21:16:53 +01:00
30e8f41cfc
docs: fix stale release checklist source paths
2026-02-22 21:15:09 +01:00
06b4baf67f
docs: remove internal hook import paths from examples
2026-02-22 21:12:49 +01:00
5dba7501c9
docs: update stale tsgo reference in pty plan
2026-02-22 21:10:14 +01:00
9c480d4dea
docs: replace removed pi test script with current commands
2026-02-22 21:07:34 +01:00
5547a2275c
fix(security): harden toolsBySender sender-key matching
2026-02-22 21:04:37 +01:00
3461dda880
docs: fix voicecall expose disable example
2026-02-22 20:58:28 +01:00
0d4c806406
docs: fix devices approve command in exe.dev guide
2026-02-22 20:52:46 +01:00
e0d4194869
docs: add missing summary/read_when metadata
2026-02-22 20:45:09 +01:00
371a7da9c8
docs: add missing summaries and read_when hints
2026-02-22 20:37:02 +01:00
f5814cc002
docs: add extension channels to Channels nav
2026-02-22 20:28:05 +01:00
290f375aa1
docs: fix Together provider env path
2026-02-22 20:23:40 +01:00
6fef318fda
docs: replace legacy chat examples in Venice provider guide
2026-02-22 20:15:07 +01:00
72446f419f
docs: align CLI docs and help surface
2026-02-22 20:05:01 +01:00
0c1f491a02
fix(gateway): clarify pairing and node auth guidance
2026-02-22 19:50:29 +01:00
89a1e99815
fix(slack): finalize replyToMode off threading behavior ( #23799 )
...
* fix: make replyToMode 'off' actually prevent threading in Slack
Three independent bugs caused Slack replies to always create threads
even when replyToMode was set to 'off':
1. Typing indicator created threads via statusThreadTs fallback (#16868 )
- resolveSlackThreadTargets fell back to messageTs for statusThreadTs
- 'is typing...' was posted as thread reply, creating a thread
- Fix: remove messageTs fallback, let statusThreadTs be undefined
2. [[reply_to_current]] tags bypassed replyToMode entirely (#16080 )
- Slack dock had allowExplicitReplyTagsWhenOff: true
- Reply tags from system prompt always threaded regardless of config
- Fix: set allowExplicitReplyTagsWhenOff to false for Slack
3. Contradictory replyToMode defaults in codebase (#20827 )
- monitor/provider.ts defaulted to 'all'
- accounts.ts defaulted to 'off' (matching docs)
- Fix: align provider.ts default to 'off' per documentation
Fixes : openclaw/openclaw#16868 , openclaw/openclaw#16080 , openclaw/openclaw#20827
* fix(slack): respect replyToMode in DMs even with typing indicator thread
When replyToMode is 'off' in DMs, replies should stay in the main
conversation even when the typing indicator creates a thread context.
Previously, when incomingThreadTs was set (from the typing indicator's
thread), replyToMode was forced to 'all', causing all replies to go
into the thread.
Now, for direct messages, the user's configured replyToMode is always
respected. For channels/groups, the existing behavior is preserved
(stay in thread if already in one).
This fix:
- Keeps the typing indicator working (statusThreadTs fallback preserved)
- Prevents DM replies from being forced into threads
- Maintains channel thread continuity
Fixes #16868
* refactor(slack): eliminate redundant resolveSlackThreadContext call
- Add isThreadReply to resolveSlackThreadTargets return value
- Remove duplicate call in dispatch.ts
- Addresses greptile review feedback with cleaner DRY approach
* docs(slack): add JSDoc to resolveSlackThreadTargets
Document return values including isThreadReply distinction between
genuine user thread replies vs bot status message thread context.
* docs(changelog): record Slack replyToMode off threading fixes
---------
Co-authored-by: James <jamesrp13@gmail.com>
Co-authored-by: theoseo <suhong.seo@gmail.com>
2026-02-22 13:27:50 -05:00
08431da5d5
refactor(gateway): unify credential precedence across entrypoints
2026-02-22 18:55:44 +01:00
e58054b85c
docs(telegram): align Node22 network defaults and setup guidance
2026-02-22 17:54:16 +01:00
f442a3539f
feat(update): add core auto-updater and dry-run preview
2026-02-22 17:11:36 +01:00
a5e2bd4eaa
docs: document verbose-gated tool error details
2026-02-22 15:26:48 +01:00
adfbbcf1f6
chore: merge origin/main into main
2026-02-22 13:42:52 +00:00
3308c86002
docs: keep channel names only in thread-support list
2026-02-22 14:39:40 +01:00
418e4e32c9
docs: clarify thread-bound subagents are Discord-only
2026-02-22 14:39:40 +01:00
c952334808
docs: list thread supporting channels in subagents guide
2026-02-22 14:39:40 +01:00
0b9b9d4301
docs: make subagents thread guidance channel-first
2026-02-22 14:39:40 +01:00
0d0f4c6992
refactor(exec): centralize safe-bin policy checks
2026-02-22 13:18:25 +01:00
47c3f742b6
fix(exec): require explicit safe-bin profiles
2026-02-22 12:58:55 +01:00
e80c803fa8
fix(security): block shell env allowlist bypass in system.run
2026-02-22 12:47:05 +01:00
6fda04e938
refactor: tighten onboarding dmScope typing and docs links
2026-02-22 12:46:09 +01:00
65dccbdb4b
fix: document onboarding dmScope default as breaking change ( #23468 ) (thanks @bmendonca3)
2026-02-22 12:36:49 +01:00
85e5ed3f78
refactor(channels): centralize runtime group policy handling
2026-02-22 12:35:41 +01:00
777817392d
fix: fail closed missing provider group policy across message channels ( #23367 ) (thanks @bmendonca3)
2026-02-22 12:21:04 +01:00
3700151ec0
Channels: fail closed when Slack/Discord config is missing
2026-02-22 12:18:43 +01:00
b98d3330f6
docs: update pty supervision test command paths
2026-02-22 10:48:37 +00:00
2739328508
fix(telegram): classify undici fetch errors as recoverable for retry ( #16699 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 67b5bce44f
2026-02-22 16:16:11 +05:30
c995f9be07
test: reclassify mocked announce and sandbox suites as unit tests
2026-02-22 10:28:43 +00:00
bc78b343ba
Security: expand audit checks for mDNS and real-IP fallback
2026-02-22 11:26:17 +01:00
98a03c490b
Feat/logger support log level validation0222 ( #23436 )
...
* 1、环境变量**:新增 `OPENCLAW_LOG_LEVEL`,可取值 `silent|fatal|error|warn|info|debug|trace`。设置后同时覆盖**文件日志**与**控制台**的级别,优先级高于配置文件。
2、启动参数**:在 `openclaw gateway run` 上新增 `--log-level <level>`,对该次进程同时生效于文件与控制台;未传时仍使用环境变量或配置文件。
* fix(logging): make log-level override global and precedence-safe
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-22 11:15:13 +01:00
1b327da6e3
fix: harden exec sandbox fallback semantics ( #23398 ) (thanks @bmendonca3)
2026-02-22 11:12:01 +01:00
c76a47cce2
Exec: fail closed when sandbox host is unavailable
2026-02-22 11:12:01 +01:00
8887f41d7d
refactor(gateway)!: remove legacy v1 device-auth handshake
2026-02-22 09:27:03 +01:00
008a8c9dc6
chore(docs): normalize security finding table formatting
2026-02-22 08:03:29 +00:00
265da4dd2a
fix(security): harden gateway command/audit guardrails
2026-02-22 08:45:48 +01:00
121d027229
chore: remove dead plugin hook loader
2026-02-22 08:45:24 +01:00
049b8b14bc
fix(security): flag open-group runtime/fs exposure in audit
2026-02-22 08:22:51 +01:00
817905f3a0
docs: document thread-bound subagent sessions and remove plan
2026-02-21 19:59:55 +01:00
2c14b0cf4c
refactor(config): unify streaming config across channels
2026-02-21 19:53:42 +01:00
f97c45c5b5
fix(security): warn on Discord name-based allowlists in audit
2026-02-21 19:45:17 +01:00
89aad7b922
refactor: tighten safe-bin policy model and docs parity
2026-02-21 19:24:23 +01:00
4c1dd9d068
fix(security): harden macos rawCommand allowlist resolution
2026-02-21 19:17:56 +01:00
57fbbaebca
fix: block safeBins sort --compress-program bypass
2026-02-21 19:13:53 +01:00
59c78c105a
docs: revert automated heading consistency edits ( #22743 )
2026-02-21 11:18:29 -05:00
8178ea472d
feat: thread-bound subagents on Discord ( #21805 )
...
* docs: thread-bound subagents plan
* docs: add exact thread-bound subagent implementation touchpoints
* Docs: prioritize auto thread-bound subagent flow
* Docs: add ACP harness thread-binding extensions
* Discord: add thread-bound session routing and auto-bind spawn flow
* Subagents: add focus commands and ACP/session binding lifecycle hooks
* Tests: cover thread bindings, focus commands, and ACP unbind hooks
* Docs: add plugin-hook appendix for thread-bound subagents
* Plugins: add subagent lifecycle hook events
* Core: emit subagent lifecycle hooks and decouple Discord bindings
* Discord: handle subagent bind lifecycle via plugin hooks
* Subagents: unify completion finalizer and split registry modules
* Add subagent lifecycle events module
* Hooks: fix subagent ended context key
* Discord: share thread bindings across ESM and Jiti
* Subagents: add persistent sessions_spawn mode for thread-bound sessions
* Subagents: clarify thread intro and persistent completion copy
* test(subagents): stabilize sessions_spawn lifecycle cleanup assertions
* Discord: add thread-bound session TTL with auto-unfocus
* Subagents: fail session spawns when thread bind fails
* Subagents: cover thread session failure cleanup paths
* Session: add thread binding TTL config and /session ttl controls
* Tests: align discord reaction expectations
* Agent: persist sessionFile for keyed subagent sessions
* Discord: normalize imports after conflict resolution
* Sessions: centralize sessionFile resolve/persist helper
* Discord: harden thread-bound subagent session routing
* Rebase: resolve upstream/main conflicts
* Subagents: move thread binding into hooks and split bindings modules
* Docs: add channel-agnostic subagent routing hook plan
* Agents: decouple subagent routing from Discord
* Discord: refactor thread-bound subagent flows
* Subagents: prevent duplicate end hooks and orphaned failed sessions
* Refactor: split subagent command and provider phases
* Subagents: honor hook delivery target overrides
* Discord: add thread binding kill switches and refresh plan doc
* Discord: fix thread bind channel resolution
* Routing: centralize account id normalization
* Discord: clean up thread bindings on startup failures
* Discord: add startup cleanup regression tests
* Docs: add long-term thread-bound subagent architecture
* Docs: split session binding plan and dedupe thread-bound doc
* Subagents: add channel-agnostic session binding routing
* Subagents: stabilize announce completion routing tests
* Subagents: cover multi-bound completion routing
* Subagents: suppress lifecycle hooks on failed thread bind
* tests: fix discord provider mock typing regressions
* docs/protocol: sync slash command aliases and delete param models
* fix: add changelog entry for Discord thread-bound subagents (#21805 ) (thanks @onutc)
---------
Co-authored-by: Shadow <hi@shadowing.dev>
2026-02-21 16:14:55 +01:00
166068dfbe
test: add byteplus coding-plan live test
2026-02-21 15:42:44 +01:00
581868365d
fix: finish volcengine/byteplus landing polish ( #7967 ) (thanks @funmore123)
2026-02-21 15:05:09 +01:00
559736a5a0
feat(volcengine): integrate Volcengine & Byteplus Provider
2026-02-21 15:05:09 +01:00
f48698a50b
fix(security): harden sandbox browser network defaults
2026-02-21 14:02:53 +01:00
8c1518f0f3
fix(sandbox): use one-time noVNC observer tokens
2026-02-21 13:56:58 +01:00
621d8e1312
fix(sandbox): require noVNC observer password auth
2026-02-21 13:44:24 +01:00
be7f825006
refactor(gateway): harden proxy client ip resolution
2026-02-21 13:36:23 +01:00
1835dec200
fix(security): force sandbox browser hash migration and audit stale labels
2026-02-21 13:25:41 +01:00
14b0d2b816
refactor: harden control-ui auth flow and add insecure-flag audit summary
2026-02-21 13:18:23 +01:00
f265d45840
fix(tts): make model provider overrides opt-in
2026-02-21 13:16:07 +01:00
356d61aacf
fix(gateway): scope tailscale tokenless auth to websocket
2026-02-21 13:03:13 +01:00
073651fb57
docs: add sponsors section to README
2026-02-21 13:00:02 +01:00
99048dbec2
fix(gateway): align insecure-auth toggle messaging
2026-02-21 12:57:22 +01:00
810218756d
docs(security): clarify trusted-host deployment assumptions
2026-02-21 12:53:12 +01:00
ede496fa1a
docs: clarify trusted-host assumption for tokenless tailscale
2026-02-21 12:52:49 +01:00
6b2f2811dc
fix(security): require BlueBubbles webhook auth
2026-02-21 11:41:50 +01:00
c6ee14d60e
fix(security): block grep safe-bin file-read bypass
2026-02-21 11:18:29 +01:00
9231d7d30f
chore: bump version to 2026.2.21
2026-02-21 11:02:30 +01:00
677384c519
refactor: simplify Telegram preview streaming to single boolean ( #22012 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: a4017d3b94
2026-02-21 15:19:13 +05:30
e1cb73cdeb
fix: unblock Docker build by aligning commands schema default ( #22558 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 1ad610176d
2026-02-21 14:47:28 +05:30
dcf2c6d7f1
docs: normalize Amazon Bedrock setup section labels ( #22549 )
...
* docs(channels): promote Signal option setups to onboarding sections
* docs(channels): rename Microsoft Teams minimal setup section
* docs(channels): standardize onboarding option headings for Zalo and Twitch
* docs(providers): normalize Amazon Bedrock onboarding section labels
2026-02-21 03:40:54 -05:00
e36245bd37
docs: finalize onboarding option heading normalization ( #22547 )
...
* docs(channels): promote Signal option setups to onboarding sections
* docs(channels): rename Microsoft Teams minimal setup section
* docs(channels): standardize onboarding option headings for Zalo and Twitch
2026-02-21 03:38:37 -05:00
ef42fe0094
docs: rename Tlon setup heading ( #22544 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
* docs(thinking): link reasoning section heading to in-page anchor
* docs(channels): normalize BlueBubbles configuration heading
* docs(channels): normalize Feishu configuration heading
* docs(channels): standardize Signal setup option headings
* docs(channels): refine Twitch setup heading clarity
* docs(channels): simplify Zalo setup heading phrasing
* docs(channels): trim Microsoft Teams minimal setup heading
* docs(channels): rename Tlon setup to onboarding
2026-02-21 03:37:27 -05:00
b5a77b9cb2
docs: finalize remaining setup heading phrasing ( #22543 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
* docs(thinking): link reasoning section heading to in-page anchor
* docs(channels): normalize BlueBubbles configuration heading
* docs(channels): normalize Feishu configuration heading
* docs(channels): standardize Signal setup option headings
* docs(channels): refine Twitch setup heading clarity
* docs(channels): simplify Zalo setup heading phrasing
* docs(channels): trim Microsoft Teams minimal setup heading
2026-02-21 03:36:39 -05:00
d7891badda
docs: more channel heading consistency updates ( #22541 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
* docs(thinking): link reasoning section heading to in-page anchor
* docs(channels): normalize BlueBubbles configuration heading
* docs(channels): normalize Feishu configuration heading
* docs(channels): standardize Signal setup option headings
2026-02-21 03:36:03 -05:00
e93e67bc8e
docs: fix thinking section heading link target ( #22539 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
* docs(thinking): link reasoning section heading to in-page anchor
2026-02-21 03:33:06 -05:00
7c593cd333
docs: finish onboarding/config heading consistency ( #22537 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
2026-02-21 03:32:37 -05:00
79183852f9
docs: more channel onboarding naming cleanup ( #22536 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
2026-02-21 03:31:55 -05:00
4c4147fb0a
docs: continue onboarding terminology cleanup ( #22535 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
2026-02-21 03:31:22 -05:00
12d75ff7f5
docs: continue channel onboarding/config naming cleanup ( #22533 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
2026-02-21 03:30:35 -05:00
436f79839b
docs: more channel onboarding heading consistency ( #22532 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
2026-02-21 03:29:42 -05:00
325992b777
docs: small docs sweep consistency updates ( #22531 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
2026-02-21 03:29:17 -05:00
3002be76e4
docs: add custom spellcheck dictionary and fix docs typos ( #22457 )
...
* docs: fix typos and add docs spellcheck workflow
* docs: add changelog entry for docs spellcheck updates
* docs: fix FAQ TOC fragment links for markdownlint
* docs: fix TOC nesting and spellcheck dictionary flags
2026-02-21 01:35:35 -05:00
122bdfa4e1
feat(discord): add configurable ephemeral option for slash commands
2026-02-20 21:19:21 -06:00
b7644d61a2
fix: restore Discord model picker UX ( #21458 ) (thanks @pejmanjohn)
2026-02-20 21:04:04 -06:00
f555835b09
Channels: add thread-aware model overrides
2026-02-20 19:26:25 -06:00
eedea6cf34
Discord: add trusted channel topics on new sessions
2026-02-20 18:22:13 -06:00
fe57bea088
Subagents: restore announce chain + fix nested retry/drop regressions ( #22223 )
...
* Subagents: restore announce flow and fix nested delivery retries
* fix: prep subagent announce + docs alignment (#22223 ) (thanks @tyler6204)
2026-02-20 15:39:09 -08:00
3e1ed0032d
Docs: add Discord forum thread docs
2026-02-20 17:20:24 -06:00
4ab946eebf
Discord VC: voice channels, transcription, and TTS ( #18774 )
2026-02-20 16:06:07 -06:00
09e6970386
Discord: implement stream preview mode ( #22111 )
...
* Discord: implement stream preview mode
* Changelog: note Discord stream preview mode
* Tests: type discord draft stream mocks
* Docs: document Discord stream preview
2026-02-20 12:37:15 -06:00
094dbdaf2b
fix(gateway): require loopback proxy IP for trusted-proxy + bind=loopback ( #22082 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 6ff3ca9b5d
2026-02-20 18:03:53 +00:00
8fa46d709a
fix(ios): force tls for non-loopback manual gateway hosts ( #21969 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 9fb39f566e
2026-02-20 16:28:47 +00:00
1b886e7378
docs(ui): add animated underline for nav tabs ( #21912 )
...
Add a responsive, animated underline indicator for navigation tabs to
improve visual focus and active-state feedback.
- Introduce CSS for .nav-tabs, .nav-tabs-item and a .nav-tabs-underline
element, including transitions, positioning, and dark mode color.
- Hide default first h1 in #content to keep header layout consistent.
- Add docs/nav-tabs-underline.js to create and manage the underline
element, observe DOM mutations, and update underline position/width on
changes, resize, and when fonts load.
- Preserve last known underline position/width across re-initializations
to avoid visual jumps.
This change makes active tab state visible with smooth movement and
ensures the underline stays synchronized with dynamic content.
2026-02-20 09:33:46 -05:00
5542a43623
Memory: share ENOENT helpers
2026-02-19 23:33:28 -08:00
d871ee91d0
fix(config-cli): correct misleading --json flag description ( #21332 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b6c8d1edfa
2026-02-19 20:09:17 -05:00
ae4907ce6e
fix(heartbeat): return false for zero-width active-hours window ( #21408 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 993860bd03
2026-02-19 20:03:57 -05:00
cf4ffff3e1
fix(heartbeat): run when HEARTBEAT.md is missing
2026-02-19 19:32:18 -05:00
7ce357ff8b
docs: add Vincent Koc to contributor credits
2026-02-19 15:13:38 -08:00
f66b23de75
chore(release): bump versions to 2026.2.20
2026-02-20 00:02:53 +01:00
ce1f0c0a10
ci: move workflows to blacksmith 16vcpu runners
2026-02-19 17:25:15 +01:00
2435499862
ci: move blacksmith runners to 8 vcpu
2026-02-19 16:50:22 +01:00
b0e55283d5
chore: bump release metadata to 2026.2.19
2026-02-19 16:17:34 +01:00
c45f3c5b00
fix(gateway): harden canvas auth with session capabilities
2026-02-19 15:51:22 +01:00
81b19aaa1a
fix(security): enforce plugin and hook path containment
2026-02-19 15:37:29 +01:00
b40821b068
fix: harden ACP secret handling and exec preflight boundaries
2026-02-19 15:34:20 +01:00
3561442a9f
fix(plugins): harden discovery trust checks
2026-02-19 15:14:12 +01:00
5dc50b8a3f
fix(security): harden npm plugin and hook install integrity flow
2026-02-19 15:11:25 +01:00
29118995ad
refactor(lobster): remove lobsterPath overrides
2026-02-19 14:58:13 +01:00
a40c10d3e2
fix: harden agent gateway authorization scopes
2026-02-19 14:37:56 +01:00
ff74d89e86
fix: harden gateway control-plane restart protections
2026-02-19 14:30:15 +01:00
e3e0ffd801
feat(security): audit gateway HTTP no-auth exposure
2026-02-19 14:25:56 +01:00
bafdbb6f11
fix(security): eliminate safeBins file-existence oracle
2026-02-19 14:18:11 +01:00
1316e57403
fix: enforce inbound attachment root policy across pipelines
2026-02-19 14:15:51 +01:00
cfe8457a0f
fix(security): harden safeBins stdin-only enforcement
2026-02-19 14:10:45 +01:00
3c419b7bd3
docs(security): document webhook hardening and changelog
2026-02-19 13:31:44 +01:00
49d0def6d1
fix(security): harden imessage remote scp/ssh handling
2026-02-19 11:08:23 +01:00
7255c20ddc
fix(docker): harden docker-setup mount validation
2026-02-19 10:44:46 +01:00
b4dbe03298
refactor: unify restart gating and update availability sync
2026-02-19 10:00:41 +01:00
9c2640a810
docs: clarify WhatsApp group allowlist and reply mention behavior
2026-02-19 09:19:34 +01:00
7e54b6c96f
fix(browser): unify extension relay auth on gateway token
2026-02-19 08:40:40 +01:00
c5698caca3
Security: default gateway auth bootstrap and explicit mode none ( #20686 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: be1b73182c
2026-02-19 02:35:50 -05:00
87d8331150
docs: warn against third-party 1-click marketplace images
2026-02-19 08:30:29 +01:00
f855d0be4f
fix: skip heartbeat when HEARTBEAT.md does not exist ( #20461 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f6e5f8172a
2026-02-19 01:09:33 -05:00
a0d904dc23
docs(discord): replace quick setup and add recommended guild setup ( #20088 )
...
Co-authored-by: Shadow <shadow@openclaw.ai>
2026-02-18 09:39:09 -06:00
d833dcd731
fix(telegram): cron and heartbeat messages land in wrong chat instead of target topic ( #19367 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: bf02bbf9ce
2026-02-18 15:31:01 +05:30
ac0db68235
refactor(security): extract safeBins trust resolver
2026-02-18 05:01:31 +01:00
28bac46c92
fix(security): harden safeBins path trust
2026-02-18 04:55:31 +01:00
4bf3338834
chore: bump version to 2026.2.18 unreleased
2026-02-18 04:40:06 +01:00
c90b09cb02
feat(agents): support Anthropic 1M context beta header
2026-02-18 03:29:48 +01:00
d1c00dbb7c
fix: harden include confinement edge cases ( #18652 ) (thanks @aether-ai-agent)
2026-02-18 03:27:16 +01:00
edf7d6af61
fix: harden subagent completion announce retries
2026-02-18 03:19:50 +01:00
985ec71c55
CLI: resolve parent/subcommand option collisions ( #18725 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b7e51cf909
2026-02-17 20:57:09 -05:00
fa4f66255c
fix(subagents): return completion message for manual session spawns
2026-02-18 02:52:35 +01:00
01672a8f25
Revert "Add mesh auto-planning with chat command UX and hardened auth/session behavior"
...
This reverts commit 16e59b26a6
2026-02-18 02:18:02 +01:00
2e91552f09
feat(agents): add generic provider api key rotation ( #19587 )
2026-02-18 01:31:11 +01:00
4c569ce246
docs(tokens): document image dimension token tradeoffs
2026-02-18 00:56:57 +01:00
b05e89e5e6
fix(agents): make image sanitization dimension configurable
2026-02-18 00:54:20 +01:00
bb9a539d1d
Merge remote-tracking branch 'prhead/feat/slack-text-streaming'
...
# Conflicts:
# docs/channels/slack.md
# src/config/types.slack.ts
# src/slack/monitor/message-handler/dispatch.ts
2026-02-18 00:49:30 +01:00
f07bb8e8fc
fix(hooks): backport internal message hook bridge with safe delivery semantics
2026-02-18 00:35:41 +01:00
ae2c8f2cf0
feat(models): support anthropic sonnet 4.6
2026-02-18 00:00:31 +01:00
a333d92013
docs(security): harden gateway security guidance
2026-02-17 23:48:49 +01:00
c26cf6aa83
feat(cron): add default stagger controls for scheduled jobs
2026-02-17 23:48:14 +01:00
9a2c39419e
chore(release): bump version to 2026.2.17
2026-02-17 23:08:55 +01:00
2cf82c357e
Docs: expand multi-agent routing
2026-02-17 14:28:08 -06:00
ab94295541
docs(slack): add assistant:write requirement for typing status
2026-02-18 02:22:54 +08:00
0978d63edd
docs: add community plugins guide
2026-02-17 17:42:37 +01:00
19a8f8bbf6
test(cron): add model fallback regression coverage
2026-02-17 10:40:25 -05:00
c0072be6a6
docs(cli): add components send example
2026-02-17 09:58:47 -05:00
dd0b789669
fix(mattermost): surface reactions support
2026-02-17 09:30:50 -05:00
5d1bcc76cc
docs(zai): document tool_stream defaults
2026-02-17 09:22:55 -05:00
b114c82701
CLI: approve latest pending device request
2026-02-17 14:08:04 +00:00
0e023e300e
Revert: fully roll back #17986 templates
2026-02-17 13:57:50 +00:00
ddee6291eb
Docs: add screenshot showing model picker usability issue
2026-02-17 09:15:55 +01:00
b2fef5ebc4
Revert "Default Telegram polls to public"
...
This reverts commit c43e95e011
2026-02-17 09:38:15 +02:00
df8f7ff1ab
docs(voice-call): document stale call reaper config
2026-02-16 22:26:31 -05:00
81fd771cb9
fix(gateway): preserve chat.history context under hard caps
2026-02-16 21:50:01 -05:00
f6e68b917b
docs(cron): clarify webhook posting summary condition
2026-02-16 21:48:57 -05:00
6070116382
revert(exec): undo accidental merge of PR #18521
2026-02-16 21:47:18 -05:00
ae82371d8a
revert(docs): undo accidental merge of #18516
2026-02-16 21:46:45 -05:00
0c1c34c950
refactor(plugins): split before-agent hooks by model and prompt phases
2026-02-17 03:28:20 +01:00
81741c37fd
fix(gateway): remove watch-mode build/start race ( #18782 )
2026-02-17 11:24:08 +09:00
0158e41298
Revert "fix: resolve #12770 - update Antigravity default model and trim leading whitespace in BlueBubbles replies"
...
This reverts commit e179d453c7
2026-02-16 21:11:53 -05:00
d6226355e6
fix(slack): validate interaction payloads and handle malformed actions
2026-02-17 02:51:00 +01:00
accb673490
revert(telegram): undo accidental merge of PR #18601
2026-02-16 20:46:05 -05:00
c0c367fde7
docs: clarify discord proxy scope for startup REST calls
2026-02-17 02:30:55 +01:00
25126d75c3
Revert "Agents: improve Windows scaffold helpers for venture studio"
...
This reverts commit b6d934c2c7
2026-02-17 02:26:36 +01:00
d4385e67aa
chore(docs): drop accidental .DS_Store artifacts
2026-02-17 02:23:41 +01:00
c65b3c2ed9
fix(docs): revert accidental es/pt-BR translation scaffold from #18473
2026-02-17 02:23:41 +01:00
83b1ae895e
fix(transcript): always drop orphaned OpenAI reasoning blocks
2026-02-16 20:20:32 -05:00
170e6f33b9
docs(commands): add export-session aliases to slash command list
2026-02-16 23:48:43 +00:00
12a947223b
fix(ci): restore main checks after bulk merges
2026-02-16 23:47:27 +00:00
076df941a3
feat: add configurable tool loop detection
2026-02-17 00:17:01 +01:00
4f5b9da503
Update docs/reference/templates/SOUVENIR.md
...
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-02-17 00:01:30 +01:00
8a3f3a49a5
Update docs/reference/templates/GOALS.md
...
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-02-17 00:01:30 +01:00
bf1b4386df
Update docs/reference/templates/GOALS.md
...
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-02-17 00:01:30 +01:00
1a9a2e396f
feat: Add GOALS.md and SOUVENIR.md template files
...
- GOALS.md: Direction & Execution Strategy template
- SOUVENIR.md: Memory & Reflection Layer template
- Both files pass oxfmt formatting check
2026-02-17 00:01:30 +01:00
6b3e0710f4
feat(memory): Add opt-in temporal decay for hybrid search scoring
...
Exponential decay (half-life configurable, default 30 days) applied
before MMR re-ranking. Dated daily files (memory/YYYY-MM-DD.md) use
filename date; evergreen files (MEMORY.md, topic files) are not
decayed; other sources fall back to file mtime.
Config: memorySearch.query.hybrid.temporalDecay.{enabled, halfLifeDays}
Default: disabled (backwards compatible, opt-in).
2026-02-16 23:59:19 +01:00
fa9420069a
feat(memory): Add MMR re-ranking for search result diversity
...
Adds Maximal Marginal Relevance (MMR) re-ranking to hybrid search results.
- New mmr.ts with tokenization, Jaccard similarity, and MMR algorithm
- Integrated into mergeHybridResults() with optional mmr config
- 40 comprehensive tests covering edge cases and diversity behavior
- Configurable lambda parameter (default 0.7) to balance relevance vs diversity
- Updated CHANGELOG.md and memory docs
This helps avoid redundant results when multiple chunks contain similar content.
2026-02-16 23:59:19 +01:00
16e59b26a6
Add mesh auto-planning with chat command UX and hardened auth/session behavior
2026-02-16 23:58:23 +01:00
0a02b91638
Handle Telegram poll vote updates for agent context
2026-02-16 23:54:56 +01:00
4641e452dd
fix(docs): update English fallback links after file reorganization
...
After rebasing onto current main, many English docs were reorganized
into subdirectories. This updates all "Open English doc" fallback links
in pt-BR and es translations to point to the correct new paths.
Fixed 30 broken links across 15 pages × 2 languages:
- /bedrock → /providers/bedrock
- /broadcast-groups → /channels/broadcast-groups
- /debugging → /help/debugging
- /environment → /help/environment
- /hooks → /cli/hooks
- /scripts → /help/scripts
- /multi-agent-sandbox-tools → /tools/multi-agent-sandbox-tools
- /testing → /help/testing
- /token-use → /reference/token-use
- /concepts/channel-routing → /channels/channel-routing
- /concepts/group-messages → /channels/group-messages
- /concepts/groups → /channels/groups
- /start/pairing → /cli/pairing
- /gateway/security/formal-verification → /security/formal-verification
- /hooks/soul-evil → /cli/hooks (no English version exists)
Verified with: node scripts/docs-link-audit.mjs (0 broken links)
2026-02-16 23:52:06 +01:00
84764eea52
fix(docs): remove dead references to railway, render and northflank
...
Remove references in the navigation to deployment pages that do not exist:
- railway.md
- render.md
- northflank.md
These pages were listed in docs.json but the files do not exist
in any of the languages (en, es, pt-BR, zh-CN), causing broken links
in the documentation.
Fixes issues identified in the review of PR #14415 .
2026-02-16 23:52:06 +01:00
97bdfb6aac
docs: scaffold full es and pt-BR doc routes with localized placeholders
2026-02-16 23:52:06 +01:00
72676d318e
docs: replace english locale mirrors with translated landing pages
2026-02-16 23:52:06 +01:00
8bccf9e8ed
docs: expand es and pt-BR docs trees
2026-02-16 23:52:06 +01:00
a03098ca49
docs(cron): add subagent announce retry troubleshooting section
2026-02-16 23:51:29 +01:00
348ea6be96
docs: fix missing period in fly.io frontmatter description
2026-02-16 23:51:25 +01:00
d2dd282034
docs(exec): document pty for TTY-only CLIs (gog)
2026-02-16 23:51:22 +01:00
b6d934c2c7
Agents: improve Windows scaffold helpers for venture studio
2026-02-16 23:50:34 +01:00
e179d453c7
fix: resolve #12770 - update Antigravity default model and trim leading whitespace in BlueBubbles replies
2026-02-16 23:50:14 +01:00
290f337594
fix: remove references to non-existent test file
2026-02-16 23:50:01 +01:00
eec1f3e9db
fix: address code review feedback - move test data, fix patterns, rewrite docs as RFC
2026-02-16 23:50:01 +01:00
5801c4f983
feat(telegram): add outbound sanitizer leak corpus and docs
...
- Add leak corpus test cases (tests/data/telegram_leak_cases.json)
- Add sanitizer documentation (docs/telegram-sanitizer.md)
- Block internal diagnostics from reaching users
- Strip wrapper artifacts from LLM output
- Static response for unknown slash commands
2026-02-16 23:50:01 +01:00
c593709d25
Discord: add per-button component allowlist
2026-02-16 15:15:00 -06:00
05a83b9e97
Discord: add reusable component option
2026-02-16 14:22:49 -06:00
72e228e14b
Heartbeat: allow suppressing tool warnings ( #18497 )
...
* Heartbeat: allow suppressing tool warnings
* Changelog: note heartbeat tool-warning suppression
2026-02-16 13:29:24 -06:00
8a67016646
Agents: raise bootstrap total cap and warn on /context truncation ( #18229 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f6620526df
2026-02-16 12:04:53 -05:00
bc67af6ad8
cron: separate webhook POST delivery from announce ( #17901 )
...
* cron: split webhook delivery from announce mode
* cron: validate webhook delivery target
* cron: remove legacy webhook fallback config
* fix: finalize cron webhook delivery prep (#17901 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-02-16 02:36:00 -08:00
39fa81dc96
chore: bump version to 2026.2.16
2026-02-16 06:08:47 +01:00
a61c2dc4bd
Discord: add component v2 UI tool support ( #17419 )
2026-02-15 21:19:25 -06:00
c6c53437f7
fix(security): scope session tools and webhook secret fallback
2026-02-16 03:47:10 +01:00
1b6704ef53
docs: update sandbox bind mount guidance
2026-02-16 03:05:16 +01:00
cd44a0d01e
fix: codex and similar processes keep dying on pty, solved by refactoring process spawning ( #14257 )
...
* exec: clean up PTY resources on timeout and exit
* cli: harden resume cleanup and watchdog stalled runs
* cli: productionize PTY and resume reliability paths
* docs: add PTY process supervision architecture plan
* docs: rewrite PTY supervision plan as pre-rewrite baseline
* docs: switch PTY supervision plan to one-go execution
* docs: add one-line root cause to PTY supervision plan
* docs: add OS contracts and test matrix to PTY supervision plan
* docs: define process-supervisor package placement and scope
* docs: tie supervisor plan to existing CI lanes
* docs: place PTY supervisor plan under src/process
* refactor(process): route exec and cli runs through supervisor
* docs(process): refresh PTY supervision plan
* wip
* fix(process): harden supervisor timeout and PTY termination
* fix(process): harden supervisor adapters env and wait handling
* ci: avoid failing formal conformance on comment permissions
* test(ui): fix cron request mock argument typing
* fix(ui): remove leftover conflict marker
* fix: supervise PTY processes (#14257 ) (openclaw#14257) (thanks @onutc)
2026-02-16 02:32:05 +01:00
14fb2c05b1
Gateway/Control UI: preserve partial output on abort ( #15026 )
...
* Gateway/Control UI: preserve partial output on abort
* fix: finalize abort partial handling and tests (#15026 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-02-15 16:55:28 -08:00
166cf6a3e0
fix(web_fetch): cap response body before parsing
2026-02-16 01:21:11 +01:00
115cfb4430
gateway: add cron finished-run webhook ( #14535 )
...
* gateway: add cron finished webhook delivery
* config: allow cron webhook in runtime schema
* cron: require notify flag for webhook posts
* ui/docs: add cron notify toggle and webhook docs
* fix: harden cron webhook auth and fill notify coverage (#14535 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-02-15 16:14:17 -08:00
b6069fc68c
feat: support per-channel ackReaction config ( #17092 ) (thanks @zerone0x)
2026-02-15 11:30:25 -06:00
9203a2fdb1
Discord: CV2! ( #16364 )
2026-02-15 10:24:53 -06:00
a69e82765f
fix(telegram): stream replies in-place without duplicate final sends
2026-02-15 20:32:51 +05:30
b8f66c260d
Agents: add nested subagent orchestration controls and reduce subagent token waste ( #14447 )
...
* Agents: add subagent orchestration controls
* Agents: add subagent orchestration controls (WIP uncommitted changes)
* feat(subagents): add depth-based spawn gating for sub-sub-agents
* feat(subagents): tool policy, registry, and announce chain for nested agents
* feat(subagents): system prompt, docs, changelog for nested sub-agents
* fix(subagents): prevent model fallback override, show model during active runs, and block context overflow fallback
Bug 1: When a session has an explicit model override (e.g., gpt/openai-codex),
the fallback candidate logic in resolveFallbackCandidates silently appended the
global primary model (opus) as a backstop. On reinjection/steer with a transient
error, the session could fall back to opus which has a smaller context window
and crash. Fix: when storedModelOverride is set, pass fallbacksOverride ?? []
instead of undefined, preventing the implicit primary backstop.
Bug 2: Active subagents showed 'model n/a' in /subagents list because
resolveModelDisplay only read entry.model/modelProvider (populated after run
completes). Fix: fall back to modelOverride/providerOverride fields which are
populated at spawn time via sessions.patch.
Bug 3: Context overflow errors (prompt too long, context_length_exceeded) could
theoretically escape runEmbeddedPiAgent and be treated as failover candidates
in runWithModelFallback, causing a switch to a model with a smaller context
window. Fix: in runWithModelFallback, detect context overflow errors via
isLikelyContextOverflowError and rethrow them immediately instead of trying the
next model candidate.
* fix(subagents): track spawn depth in session store and fix announce routing for nested agents
* Fix compaction status tracking and dedupe overflow compaction triggers
* fix(subagents): enforce depth block via session store and implement cascade kill
* fix: inject group chat context into system prompt
* fix(subagents): always write model to session store at spawn time
* Preserve spawnDepth when agent handler rewrites session entry
* fix(subagents): suppress announce on steer-restart
* fix(subagents): fallback spawned session model to runtime default
* fix(subagents): enforce spawn depth when caller key resolves by sessionId
* feat(subagents): implement active-first ordering for numeric targets and enhance task display
- Added a test to verify that subagents with numeric targets follow an active-first list ordering.
- Updated `resolveSubagentTarget` to sort subagent runs based on active status and recent activity.
- Enhanced task display in command responses to prevent truncation of long task descriptions.
- Introduced new utility functions for compacting task text and managing subagent run states.
* fix(subagents): show model for active runs via run record fallback
When the spawned model matches the agent's default model, the session
store's override fields are intentionally cleared (isDefault: true).
The model/modelProvider fields are only populated after the run
completes. This left active subagents showing 'model n/a'.
Fix: store the resolved model on SubagentRunRecord at registration
time, and use it as a fallback in both display paths (subagents tool
and /subagents command) when the session store entry has no model info.
Changes:
- SubagentRunRecord: add optional model field
- registerSubagentRun: accept and persist model param
- sessions-spawn-tool: pass resolvedModel to registerSubagentRun
- subagents-tool: pass run record model as fallback to resolveModelDisplay
- commands-subagents: pass run record model as fallback to resolveModelDisplay
* feat(chat): implement session key resolution and reset on sidebar navigation
- Added functions to resolve the main session key and reset chat state when switching sessions from the sidebar.
- Updated the `renderTab` function to handle session key changes when navigating to the chat tab.
- Introduced a test to verify that the session resets to "main" when opening chat from the sidebar navigation.
* fix: subagent timeout=0 passthrough and fallback prompt duplication
Bug 1: runTimeoutSeconds=0 now means 'no timeout' instead of applying 600s default
- sessions-spawn-tool: default to undefined (not 0) when neither timeout param
is provided; use != null check so explicit 0 passes through to gateway
- agent.ts: accept 0 as valid timeout (resolveAgentTimeoutMs already handles
0 → MAX_SAFE_TIMEOUT_MS)
Bug 2: model fallback no longer re-injects the original prompt as a duplicate
- agent.ts: track fallback attempt index; on retries use a short continuation
message instead of the full original prompt since the session file already
contains it from the first attempt
- Also skip re-sending images on fallback retries (already in session)
* feat(subagents): truncate long task descriptions in subagents command output
- Introduced a new utility function to format task previews, limiting their length to improve readability.
- Updated the command handler to use the new formatting function, ensuring task descriptions are truncated appropriately.
- Adjusted related tests to verify that long task descriptions are now truncated in the output.
* refactor(subagents): update subagent registry path resolution and improve command output formatting
- Replaced direct import of STATE_DIR with a utility function to resolve the state directory dynamically.
- Enhanced the formatting of command output for active and recent subagents, adding separators for better readability.
- Updated related tests to reflect changes in command output structure.
* fix(subagent): default sessions_spawn to no timeout when runTimeoutSeconds omitted
The previous fix (75a791106) correctly handled the case where
runTimeoutSeconds was explicitly set to 0 ("no timeout"). However,
when models omit the parameter entirely (which is common since the
schema marks it as optional), runTimeoutSeconds resolved to undefined.
undefined flowed through the chain as:
sessions_spawn → timeout: undefined (since undefined != null is false)
→ gateway agent handler → agentCommand opts.timeout: undefined
→ resolveAgentTimeoutMs({ overrideSeconds: undefined })
→ DEFAULT_AGENT_TIMEOUT_SECONDS (600s = 10 minutes)
This caused subagents to be killed at exactly 10 minutes even though
the user's intent (via TOOLS.md) was for subagents to run without a
timeout.
Fix: default runTimeoutSeconds to 0 (no timeout) when neither
runTimeoutSeconds nor timeoutSeconds is provided by the caller.
Subagent spawns are long-running by design and should not inherit the
600s agent-command default timeout.
* fix(subagent): accept timeout=0 in agent-via-gateway path (second 600s default)
* fix: thread timeout override through getReplyFromConfig dispatch path
getReplyFromConfig called resolveAgentTimeoutMs({ cfg }) with no override,
always falling back to the config default (600s). Add timeoutOverrideSeconds
to GetReplyOptions and pass it through as overrideSeconds so callers of the
dispatch chain can specify a custom timeout (0 = no timeout).
This complements the existing timeout threading in agentCommand and the
cron isolated-agent runner, which already pass overrideSeconds correctly.
* feat(model-fallback): normalize OpenAI Codex model references and enhance fallback handling
- Added normalization for OpenAI Codex model references, specifically converting "gpt-5.3-codex" to "openai-codex" before execution.
- Updated the `resolveFallbackCandidates` function to utilize the new normalization logic.
- Enhanced tests to verify the correct behavior of model normalization and fallback mechanisms.
- Introduced a new test case to ensure that the normalization process works as expected for various input formats.
* feat(tests): add unit tests for steer failure behavior in openclaw-tools
- Introduced a new test file to validate the behavior of subagents when steer replacement dispatch fails.
- Implemented tests to ensure that the announce behavior is restored correctly and that the suppression reason is cleared as expected.
- Enhanced the subagent registry with a new function to clear steer restart suppression.
- Updated related components to support the new test scenarios.
* fix(subagents): replace stop command with kill in slash commands and documentation
- Updated the `/subagents` command to replace `stop` with `kill` for consistency in controlling sub-agent runs.
- Modified related documentation to reflect the change in command usage.
- Removed legacy timeoutSeconds references from the sessions-spawn-tool schema and tests to streamline timeout handling.
- Enhanced tests to ensure correct behavior of the updated commands and their interactions.
* feat(tests): add unit tests for readLatestAssistantReply function
- Introduced a new test file for the `readLatestAssistantReply` function to validate its behavior with various message scenarios.
- Implemented tests to ensure the function correctly retrieves the latest assistant message and handles cases where the latest message has no text.
- Mocked the gateway call to simulate different message histories for comprehensive testing.
* feat(tests): enhance subagent kill-all cascade tests and announce formatting
- Added a new test to verify that the `kill-all` command cascades through ended parents to active descendants in subagents.
- Updated the subagent announce formatting tests to reflect changes in message structure, including the replacement of "Findings:" with "Result:" and the addition of new expectations for message content.
- Improved the handling of long findings and stats in the announce formatting logic to ensure concise output.
- Refactored related functions to enhance clarity and maintainability in the subagent registry and tools.
* refactor(subagent): update announce formatting and remove unused constants
- Modified the subagent announce formatting to replace "Findings:" with "Result:" and adjusted related expectations in tests.
- Removed constants for maximum announce findings characters and summary words, simplifying the announcement logic.
- Updated the handling of findings to retain full content instead of truncating, ensuring more informative outputs.
- Cleaned up unused imports in the commands-subagents file to enhance code clarity.
* feat(tests): enhance billing error handling in user-facing text
- Added tests to ensure that normal text mentioning billing plans is not rewritten, preserving user context.
- Updated the `isBillingErrorMessage` and `sanitizeUserFacingText` functions to improve handling of billing-related messages.
- Introduced new test cases for various scenarios involving billing messages to ensure accurate processing and output.
- Enhanced the subagent announce flow to correctly manage active descendant runs, preventing premature announcements.
* feat(subagent): enhance workflow guidance and auto-announcement clarity
- Added a new guideline in the subagent system prompt to emphasize trust in push-based completion, discouraging busy polling for status updates.
- Updated documentation to clarify that sub-agents will automatically announce their results, improving user understanding of the workflow.
- Enhanced tests to verify the new guidance on avoiding polling loops and to ensure the accuracy of the updated prompts.
* fix(cron): avoid announcing interim subagent spawn acks
* chore: clean post-rebase imports
* fix(cron): fall back to child replies when parent stays interim
* fix(subagents): make active-run guidance advisory
* fix(subagents): update announce flow to handle active descendants and enhance test coverage
- Modified the announce flow to defer announcements when active descendant runs are present, ensuring accurate status reporting.
- Updated tests to verify the new behavior, including scenarios where no fallback requester is available and ensuring proper handling of finished subagents.
- Enhanced the announce formatting to include an `expectFinal` flag for better clarity in the announcement process.
* fix(subagents): enhance announce flow and formatting for user updates
- Updated the announce flow to provide clearer instructions for user updates based on active subagent runs and requester context.
- Refactored the announcement logic to improve clarity and ensure internal context remains private.
- Enhanced tests to verify the new message expectations and formatting, including updated prompts for user-facing updates.
- Introduced a new function to build reply instructions based on session context, improving the overall announcement process.
* fix: resolve prep blockers and changelog placement (#14447 ) (thanks @tyler6204)
* fix: restore cron delivery-plan import after rebase (#14447 ) (thanks @tyler6204)
* fix: resolve test failures from rebase conflicts (#14447 ) (thanks @tyler6204)
* fix: apply formatting after rebase (#14447 ) (thanks @tyler6204)
2026-02-14 22:03:45 -08:00
f29567b436
perf(test): run coverage gate on unit suite
2026-02-15 04:20:15 +00:00
379b445582
chore: bump version to 2026.2.15
2026-02-15 04:50:31 +01:00
ddfdd20d79
docs: update Slack/Discord allowFrom references
2026-02-15 03:49:33 +01:00
f9bb748a6c
fix(memory): prevent QMD scope deny bypass
2026-02-15 02:41:45 +00:00
4a44da7d91
fix(security): default apply_patch workspace containment
2026-02-15 03:19:27 +01:00
1ff15e60d3
chore(release): bump versions to 2026.2.14
2026-02-15 02:53:35 +01:00
5b23999404
docs: document bootstrap total cap and exec log/notify behavior
2026-02-14 18:36:35 -05:00
5e7c3250cb
fix(security): add optional workspace-only path guards for fs tools
2026-02-14 23:50:24 +01:00
6a1ad2b499
docs(matrix): clarify allowlist requires full MXIDs
2026-02-14 22:13:41 +01:00
2a1ed0ed41
docs(whatsapp): document account-level dmPolicy precedence
2026-02-14 21:09:30 +01:00
9abf86f7e0
docs(changelog): document Slack/Discord dmPolicy aliases
2026-02-14 21:04:27 +01:00
21f0e3fa0c
docs: prefer Slack/Discord dmPolicy keys
2026-02-14 21:04:27 +01:00
e4d63818f5
fix: ignore tools.exec.pathPrepend for node hosts
2026-02-14 20:45:05 +01:00
65eefd65e1
docs: clarify node host PATH override behavior
2026-02-14 20:17:07 +01:00
24d2c6292e
refactor(security): refine safeBins hardening
2026-02-14 19:59:13 +01:00
53af46ffb8
docs: note WhatsApp per-account dmPolicy override
2026-02-14 19:52:39 +01:00
743f4b2849
fix(security): harden BlueBubbles webhook auth behind proxies
2026-02-14 19:47:51 +01:00
77b89719d5
fix(security): block safeBins shell expansion
2026-02-14 19:44:14 +01:00
5ba72bd9bf
fix: add discord exec approval channel targeting ( #16051 ) (thanks @leonnardo)
2026-02-14 12:05:53 -06:00
f47584fec8
refactor(voice-call): centralize Telnyx webhook verification
2026-02-14 19:02:10 +01:00
71f357d949
bluebubbles: harden local media path handling against LFI ( #16322 )
...
* bluebubbles: harden local media path handling
* bluebubbles: remove racy post-open symlink lstat
* fix: bluebubbles mediaLocalRoots docs + typing fix (#16322 ) (thanks @mbelinky)
2026-02-14 17:43:44 +00:00
bfa7d21e99
fix(security): harden tlon Urbit requests against SSRF
2026-02-14 18:42:10 +01:00
8e5689a84d
feat(telegram): add sendPoll support ( #16193 ) ( #16209 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b58492cfed
2026-02-14 18:34:30 +01:00
29b587e73c
fix(voice-call): fail closed when Telnyx webhook public key missing
2026-02-14 18:17:20 +01:00
a3c9bc792e
docs(podman): add gateway.mode=local troubleshooting note
2026-02-14 18:07:05 +01:00
709c225b2b
fix(podman): bootstrap config and token
2026-02-14 18:07:05 +01:00
054366dea4
fix(security): require explicit trust for first-time TLS pins
2026-02-14 17:55:20 +01:00
81b5e2766b
feat(podman): add optional Podman setup and documentation ( #16273 )
...
* feat(podman): add optional Podman setup and documentation
- Introduced `setup-podman.sh` for one-time host setup of OpenClaw in a rootless Podman environment, including user creation, image building, and launch script installation.
- Added `run-openclaw-podman.sh` for running the OpenClaw gateway as a Podman container.
- Created `openclaw.podman.env` for environment variable configuration.
- Updated documentation to include Podman installation instructions and a new dedicated Podman guide.
- Added a systemd Quadlet unit for managing the OpenClaw service as a user service.
* fix: harden Podman setup and docs (#16273 ) (thanks @DarwinsBuddy)
* style: format cli credentials
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 17:39:06 +01:00
d583782ee3
fix(security): harden discovery routing and TLS pins
2026-02-14 17:18:14 +01:00
226bf74634
docs(telegram): document allowlist id requirement
2026-02-14 16:51:59 +01:00
aa1dbd34a1
docs: fix typo p-coding-agent -> pi-coding-agent
2026-02-14 16:30:48 +01:00
e3b432e481
fix(telegram): require sender ids for allowlist auth
2026-02-14 16:09:00 +01:00
09e1cbc35d
fix(cron): pass agent identity through delivery path ( #16218 ) ( #16242 )
...
* fix(cron): pass agent identity through delivery path
Cron delivery messages now include agent identity (name, avatar) in
outbound messages. Identity fields are passed best-effort for Slack
(graceful fallback if chat:write.customize scope is missing).
Fixes #16218
* fix: fix Slack cron delivery identity (#16242 ) (thanks @robbyczgw-cla)
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 16:08:51 +01:00
c8424bf29a
fix(googlechat): deprecate users/<email> allowlists ( #16243 )
2026-02-14 15:31:26 +01:00
cb9a5e1cb9
feat(sandbox): separate bind mounts for browser containers ( #16230 )
...
* feat(sandbox): add separate browser.binds config for browser containers
Allow configuring bind mounts independently for browser containers via
sandbox.browser.binds. When set, browser containers use browser-specific
binds instead of inheriting docker.binds. Falls back to docker.binds
when browser.binds is not configured for backwards compatibility.
Closes #14614
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(sandbox): honor empty browser binds override (#16230 ) (thanks @seheepeak)
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 15:27:41 +01:00
302dafbe1a
Docs: move submission guidance to GitHub templates ( #16232 )
...
* Docs: move submission guidance to GitHub templates
* Docs: make PR risk template entries flexible
* Docs: remove PR reviewer checklist section
2026-02-14 08:27:01 -06:00
28d9dd7a77
fix(macos): harden openclaw deep links
2026-02-14 15:03:27 +01:00
644bef157a
docs: clarify hook transform module path constraints
2026-02-14 15:03:27 +01:00
35c0e66ed0
fix(security): harden hooks module loading
2026-02-14 15:03:27 +01:00
6a386a7886
docs(security): clarify canvas host exposure and auth
2026-02-14 14:57:19 +01:00
3aa94afcfd
fix(security): harden archive extraction ( #16203 )
...
* fix(browser): confine upload paths for file chooser
* fix(browser): sanitize suggested download filenames
* chore(lint): avoid control regex in download sanitizer
* test(browser): cover absolute escape paths
* docs(browser): update upload example path
* refactor(browser): centralize upload path confinement
* fix(infra): harden tmp dir selection
* fix(security): harden archive extraction
* fix(infra): harden tar extraction filter
2026-02-14 14:42:08 +01:00
6f7d31c426
fix(security): harden plugin/hook npm installs
2026-02-14 14:07:14 +01:00
a0361b8ba9
fix(security): restrict hook transform module loading
2026-02-14 13:46:09 +01:00
7b39543e8d
fix(reply): honour explicit [[reply_to_*]] tags when replyToMode is off ( #16174 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 778fc2559a
2026-02-14 13:29:42 +01:00
f8ba8f7699
fix(docs): update outdated hooks documentation URLs ( #16165 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 8ed13fb02f
2026-02-14 13:05:37 +01:00
fba19fe942
docs: link trusted-proxy auth from gateway docs ( #16172 )
2026-02-14 12:44:25 +01:00
3b56a6252b
chore!: remove moltbot legacy state/config support
2026-02-14 12:40:47 +01:00
1fb52b4d7b
feat(gateway): add trusted-proxy auth mode ( #15940 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 279d4b304f
2026-02-14 12:32:17 +01:00
9475791d98
fix: update remaining replyToMode "first" defaults to "off"
...
- src/channels/dock.ts: core channel dock fallback
- src/auto-reply/reply/reply-routing.test.ts: test expectation
- docs/zh-CN/channels/telegram.md: Chinese docs reference
Comprehensive grep confirms no remaining Telegram-specific "first"
defaults after this commit.
2026-02-13 23:31:17 -08:00
Logan Pritchett
longfros
Cassius0924
Vincent Koc
Agent
Peter Steinberger
Rodrigo Uroz
Onur Solmaz
Ayaan Zaidi
Philipp Spiess
joshavant
Gustavo Madeira Santana
Sid
yinghaosang
pandego
zzzz
Kriz Poon
Peter Steinberger
John Fawcett
Gustavo Madeira Santana
Sally O'Malley
AkosCz
边黎安
Tak Hoffman
Brian Mendonca
Glucksberg
maweibin
Onur
fanziqing
Ayaan Zaidi
Wei He
Shadow
Shadow
Tyler Yust
Mariano
Seb Slight
Vignesh Natarajan
adhitShet
vikpos
Pejman Pour-Moezzi
Taras Lukavyi
Mariano Belinky
Muhammed Mukhthar CM
Benjamin Jesuiter
Nimrod Gutman
Ibrahim Qureshi
Rodrigo Uroz
ranausmanai
Krish
Jadilson Guedes
xvlad
Marcus Widing
saurav470
Mrseenz
Jean Carlos Nunez
Daniel Wondyifraw
Advait Paliwal
Robby
Christoph Spörk
Andres G. Aragoneses
seheepeak
Aldo
Nicholas
Nick Taylor