4807e40cbd
Agents: restore auth.json static scrub during pi auth discovery
2026-02-26 14:47:22 +00:00
f6a854bd37
Secrets: add migrate rollback and skill ref support
2026-02-26 14:47:22 +00:00
301fe18909
Agents: inject pi auth storage from runtime profiles
2026-02-26 14:47:22 +00:00
6a251d8d74
Auth profiles: resolve keyRef/tokenRef outside gateway
2026-02-26 14:47:22 +00:00
5ae367aadd
Tests: stub discoverAuthStorage in model catalog mocks
2026-02-26 14:47:22 +00:00
cec404225d
Auth labels: handle token refs and share Pi credential conversion
2026-02-26 14:47:22 +00:00
e1301c31e7
Auth profiles: never persist plaintext when refs are present
2026-02-26 14:47:22 +00:00
4c5a2c3c6d
Agents: inject pi auth storage from runtime profiles
2026-02-26 14:47:22 +00:00
45ec5aaf2b
Secrets: keep read-only runtime sync in-memory
2026-02-26 14:47:22 +00:00
8e33ebe471
Secrets: make runtime activation auth loads read-only
2026-02-26 14:47:22 +00:00
b50c4c2c44
Gateway: add eager secrets runtime snapshot activation
2026-02-26 14:47:22 +00:00
8315c58675
refactor(auth-profiles): unify coercion and add rejected-entry diagnostics
2026-02-26 14:42:11 +01:00
96aad965ab
fix: land NO_REPLY announce suppression and auth scope assertions
...
Landed follow-up for #27535 and aligned shared-auth gateway expectations after #27498 .
Co-authored-by: kevinWangSheng <118158941+kevinWangSheng@users.noreply.github.com>
2026-02-26 13:40:58 +00:00
0ab5f4c43b
fix: enable store=true for Azure OpenAI Responses API
...
Azure OpenAI endpoints were not recognized by shouldForceResponsesStore(),
causing store=false to be sent with all Azure Responses API requests.
This broke multi-turn conversations because previous_response_id referenced
responses that Azure never stored.
Add "azure-openai-responses" to the provider whitelist and
*.openai.azure.com to the URL check in isDirectOpenAIBaseUrl().
Fixes #27497
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit 185f3814e9
2026-02-26 13:40:58 +00:00
4b259ab81b
fix(models): normalize trailing @profile parsing across resolver paths
...
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
Co-authored-by: Marcus Castro <mcaxtr@gmail.com>
Co-authored-by: Brandon Wise <brandonawise@gmail.com>
2026-02-26 14:34:15 +01:00
7e7ca43a79
fix(auth-profiles): accept mode/apiKey aliases to prevent silent credential loss
...
Users following openclaw.json auth.profiles examples (which use 'mode' for
the credential type) would write their auth-profiles.json entries with:
{ provider: "anthropic", mode: "api_key", apiKey: "sk-ant-..." }
The actual auth-profiles.json schema uses:
{ provider: "anthropic", type: "api_key", key: "sk-ant-..." }
coerceAuthStore() and coerceLegacyStore() validated entries strictly on
typed.type, silently skipping any entry that used the mode/apiKey spelling.
The user would get 'No API key found for provider anthropic' with no hint
about the field name mismatch.
Add normalizeRawCredentialEntry() which, before validation:
- coerces mode → type when type is absent
- coerces apiKey → key when key is absent
Both functions now call the normalizer before the type guard so
mode/apiKey entries are loaded and resolved correctly.
Fixes #26916
2026-02-26 13:32:05 +00:00
e3385a6578
fix(security): harden root file guards and host writes
2026-02-26 13:32:58 +01:00
4fd29a35bb
fix: block broken-symlink sandbox path escapes
2026-02-26 13:30:45 +01:00
452a8c9db9
fix: use canonical cron session detection for spawn note
2026-02-26 17:54:27 +05:30
69590de276
fix: suppress SUBAGENT_SPAWN_ACCEPTED_NOTE for cron isolated sessions
...
The 'do not poll/sleep' note added to sessions_spawn tool results causes
cron isolated agents to immediately end their turn, since the note tells
them not to wait for subagent results. In cron isolated sessions, the
agent turn IS the entire run, so ending early means subagent results
are never collected.
Fix: detect cron sessions via includes(':cron:') in agentSessionKey
and suppress the note, allowing the agent to poll/wait naturally.
Note: PR #27330 used startsWith('cron:') which never matches because
the session key format is 'agent:main:cron:...' (starts with 'agent:').
Fixes #27308
Fixes #25069
2026-02-26 17:54:27 +05:30
46eba86b45
fix: harden workspace boundary path resolution
2026-02-26 13:19:59 +01:00
da0ba1b73a
fix(security): harden channel auth path checks and exec approval routing
2026-02-26 12:46:05 +01:00
b74be2577f
refactor(web): unify proxy-guarded fetch path for web tools
2026-02-26 12:44:18 +01:00
242188b7b1
refactor: unify boundary-safe reads for bootstrap and includes
2026-02-26 12:42:14 +01:00
46003e85bf
fix: unify web tool proxy path ( #27430 ) (thanks @kevinWangSheng)
2026-02-26 11:32:43 +00:00
d8e2030d47
fix(web-search): honor HTTP_PROXY environment variable for Brave Search API
...
The web_search tool was not respecting HTTP_PROXY/HTTPS_PROXY environment
variables, causing 'fetch failed' errors when running behind a proxy.
This fix adds ProxyAgent support for the Brave Search API, similar to how
other tools in OpenClaw handle proxy configuration.
Fixes #27405
2026-02-26 11:32:43 +00:00
a7d56e3554
feat: ACP thread-bound agents ( #23580 )
...
* docs: add ACP thread-bound agents plan doc
* docs: expand ACP implementation specification
* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup
* feat(acp): add /acp commands and Discord spawn gate
* ACP: add acpx runtime plugin backend
* fix(subagents): defer transient lifecycle errors before announce
* Agents: harden ACP sessions_spawn and tighten spawn guidance
* Agents: require explicit ACP target for runtime spawns
* docs: expand ACP control-plane implementation plan
* ACP: harden metadata seeding and spawn guidance
* ACP: centralize runtime control-plane manager and fail-closed dispatch
* ACP: harden runtime manager and unify spawn helpers
* Commands: route ACP sessions through ACP runtime in agent command
* ACP: require persisted metadata for runtime spawns
* Sessions: preserve ACP metadata when updating entries
* Plugins: harden ACP backend registry across loaders
* ACPX: make availability probe compatible with adapters
* E2E: add manual Discord ACP plain-language smoke script
* ACPX: preserve streamed spacing across Discord delivery
* Docs: add ACP Discord streaming strategy
* ACP: harden Discord stream buffering for thread replies
* ACP: reuse shared block reply pipeline for projector
* ACP: unify streaming config and adopt coalesceIdleMs
* Docs: add temporary ACP production hardening plan
* Docs: trim temporary ACP hardening plan goals
* Docs: gate ACP thread controls by backend capabilities
* ACP: add capability-gated runtime controls and /acp operator commands
* Docs: remove temporary ACP hardening plan
* ACP: fix spawn target validation and close cache cleanup
* ACP: harden runtime dispatch and recovery paths
* ACP: split ACP command/runtime internals and centralize policy
* ACP: harden runtime lifecycle, validation, and observability
* ACP: surface runtime and backend session IDs in thread bindings
* docs: add temp plan for binding-service migration
* ACP: migrate thread binding flows to SessionBindingService
* ACP: address review feedback and preserve prompt wording
* ACPX plugin: pin runtime dependency and prefer bundled CLI
* Discord: complete binding-service migration cleanup and restore ACP plan
* Docs: add standalone ACP agents guide
* ACP: route harness intents to thread-bound ACP sessions
* ACP: fix spawn thread routing and queue-owner stall
* ACP: harden startup reconciliation and command bypass handling
* ACP: fix dispatch bypass type narrowing
* ACP: align runtime metadata to agentSessionId
* ACP: normalize session identifier handling and labels
* ACP: mark thread banner session ids provisional until first reply
* ACP: stabilize session identity mapping and startup reconciliation
* ACP: add resolved session-id notices and cwd in thread intros
* Discord: prefix thread meta notices consistently
* Discord: unify ACP/thread meta notices with gear prefix
* Discord: split thread persona naming from meta formatting
* Extensions: bump acpx plugin dependency to 0.1.9
* Agents: gate ACP prompt guidance behind acp.enabled
* Docs: remove temp experiment plan docs
* Docs: scope streaming plan to holy grail refactor
* Docs: refactor ACP agents guide for human-first flow
* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow
* Docs/Skill: add OpenCode and Pi to ACP harness lists
* Docs/Skill: align ACP harness list with current acpx registry
* Dev/Test: move ACP plain-language smoke script and mark as keep
* Docs/Skill: reorder ACP harness lists with Pi first
* ACP: split control-plane manager into core/types/utils modules
* Docs: refresh ACP thread-bound agents plan
* ACP: extract dispatch lane and split manager domains
* ACP: centralize binding context and remove reverse deps
* Infra: unify system message formatting
* ACP: centralize error boundaries and session id rendering
* ACP: enforce init concurrency cap and strict meta clear
* Tests: fix ACP dispatch binding mock typing
* Tests: fix Discord thread-binding mock drift and ACP request id
* ACP: gate slash bypass and persist cleared overrides
* ACPX: await pre-abort cancel before runTurn return
* Extension: pin acpx runtime dependency to 0.1.11
* Docs: add pinned acpx install strategy for ACP extension
* Extensions/acpx: enforce strict local pinned startup
* Extensions/acpx: tighten acp-router install guidance
* ACPX: retry runtime test temp-dir cleanup
* Extensions/acpx: require proactive ACPX repair for thread spawns
* Extensions/acpx: require restart offer after acpx reinstall
* extensions/acpx: remove workspace protocol devDependency
* extensions/acpx: bump pinned acpx to 0.1.13
* extensions/acpx: sync lockfile after dependency bump
* ACPX: make runtime spawn Windows-safe
* fix: align doctor-config-flow repair tests with default-account migration (#23580 ) (thanks @osolmaz)
2026-02-26 11:00:09 +01:00
a0cf753b2e
refactor(agents): dedupe node read invoke commands
2026-02-26 14:33:14 +05:30
c0073b3d47
feat(agents): add nodes notifications_list action
2026-02-26 14:33:14 +05:30
c289b5ff9f
fix(config): preserve agent-level apiKey/baseUrl during models.json merge ( #27293 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 6b4b37b03d
2026-02-26 03:46:36 -05:00
8117a13dd6
fix(nodes): default camera snap to front high-quality image
2026-02-26 12:17:32 +05:30
e35fe7888b
refactor: centralize message-provider tool filtering
2026-02-26 04:22:49 +01:00
e4d62c21be
test: expand voice provider tts regression coverage
2026-02-26 04:15:11 +01:00
8f8e2b13b4
fix: disable tts tool for voice provider
2026-02-26 04:12:39 +01:00
8a97803474
fix(agents): normalize malformed tool results in adapter ( #27007 )
2026-02-26 04:11:44 +01:00
de61e9c977
refactor(security): unify path alias guard policies
2026-02-26 03:59:17 +01:00
04d91d0319
fix(security): block workspace hardlink alias escapes
2026-02-26 03:42:54 +01:00
03e689fc89
fix(security): bind system.run approvals to argv identity
2026-02-26 03:41:31 +01:00
acbb93be48
fix(agents): comprehensive quota fallback fixes - session overrides + surgical cooldown logic ( #23816 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: e6f2b4742b
2026-02-25 20:35:40 -05:00
c0026274d9
fix(auth): distinguish revoked API keys from transient auth errors ( #25754 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 8f9c07a200
2026-02-25 19:47:16 -05:00
aaeed3c4ea
test(agents): add missing announce delivery regressions
2026-02-26 00:38:34 +00:00
4258a3307f
refactor(agents): unify subagent announce delivery pipeline
...
Co-authored-by: Smith Labs <SmithLabsLLC@users.noreply.github.com>
Co-authored-by: Do Cao Hieu <docaohieu2808@users.noreply.github.com>
2026-02-26 00:30:44 +00:00
975c9f4b54
Agents: emphasize config.schema usage
2026-02-25 09:45:39 -06:00
fb76e316fb
fix(test): use valid brave ui_lang locale
2026-02-25 11:58:52 +05:30
177386ed73
fix(tui): resolve wrong provider prefix when session has model without modelProvider ( #25874 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f0953a7284
2026-02-25 00:36:27 -05:00
6e97470515
fix(brave-search): clarify ui_lang and search_lang format requirements ( #25130 )
...
* fix(brave-search): swap ui_lang and search_lang formats (#23826 )
* fix(web-search): normalize Brave ui_lang/search_lang params
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-25 04:59:38 +00:00
156f13aa64
fix(agents): continue fallback loop for unrecognized provider errors ( #26106 )
...
* fix(agents): continue fallback loop for unrecognized provider errors
When a provider returns an error that coerceToFailoverError cannot
classify (e.g., custom error messages without standard HTTP status
codes), the fallback loop threw immediately instead of trying the
next candidate. This caused fallback to stop after 2 models even
when 17 were configured.
Only rethrow unrecognized errors when they occur on the last
candidate. For intermediate candidates, record the error as an
attempt and continue to the next model.
Closes #25926
Co-authored-by: Cursor <cursoragent@cursor.com>
* test: cover unknown-error fallback telemetry and land #26106 (thanks @Sid-Qin)
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-25 04:53:26 +00:00
146c92069b
fix: stabilize live docker test handling
2026-02-25 04:35:05 +00:00
9beec48e9c
refactor(agents): centralize model fallback resolution
2026-02-25 04:32:31 +00:00
dd6ad0da8c
test(exec): stabilize Windows PATH prepend assertion
2026-02-25 04:29:48 +00:00
joshavant
Peter Steinberger
Ubuntu
lbo728
Ayaan Zaidi
Taras Lukavyi
Kevin Shenghui
Onur Solmaz
Sid
Ramez
Aleksandrs Tihenko
Shadow
byungsker
Glucksberg