58659b931b
fix(gateway): enforce owner boundary for agent runs
2026-03-02 00:27:44 +00:00
4c43fccb3e
feat(agents): use structured internal completion events
2026-03-01 23:11:48 +00:00
62a7683ce6
fix(cron): add audit logging for job create/update/remove (openclaw#25090) thanks @MoerAI
...
Verified:
- pnpm install --frozen-lockfile
- pnpm check
- pnpm test -- --run src/gateway/server-cron.test.ts src/gateway/server-methods/server-methods.test.ts src/gateway/protocol/cron-validators.test.ts
Co-authored-by: MoerAI <26067127+MoerAI@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 06:55:48 -06:00
0929c233d8
TUI: sync /model status immediately
2026-02-28 14:02:56 -08:00
9868d5cd8b
Gateway: allow control-ui session deletion
2026-02-28 13:01:10 -08:00
54eaf17327
feat(gateway): add node canvas capability refresh flow
2026-02-27 12:16:36 +05:30
df65ed7e9e
test(gateway): align outbound session assertion shape
2026-02-26 22:14:32 +01:00
4e690e09c7
refactor(gateway): centralize system.run approval context and errors
2026-02-26 22:01:16 +01:00
78a7ff2d50
fix(security): harden node exec approvals against symlink rebind
2026-02-26 21:47:45 +01:00
a1628d89ec
refactor: unify outbound session context wiring
2026-02-26 21:03:28 +01:00
10481097f8
refactor(security): enforce v1 node exec approval binding
2026-02-26 18:09:01 +01:00
6fd9ec97de
fix(gateway): preserve turn-origin messageChannel in agent runs
2026-02-26 17:25:56 +01:00
4894d907fa
refactor(exec-approvals): unify system.run binding and generate host env policy
2026-02-26 16:58:01 +01:00
9a4b2266cc
fix(security): bind node system.run approvals to env
2026-02-26 16:38:07 +01:00
fe56700026
Gateway: add manual secrets reload command
2026-02-26 14:47:22 +00:00
e3385a6578
fix(security): harden root file guards and host writes
2026-02-26 13:32:58 +01:00
46eba86b45
fix: harden workspace boundary path resolution
2026-02-26 13:19:59 +01:00
eac86c2081
refactor: unify boundary hardening for file reads
2026-02-26 13:04:37 +01:00
da0ba1b73a
fix(security): harden channel auth path checks and exec approval routing
2026-02-26 12:46:05 +01:00
a7d56e3554
feat: ACP thread-bound agents ( #23580 )
...
* docs: add ACP thread-bound agents plan doc
* docs: expand ACP implementation specification
* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup
* feat(acp): add /acp commands and Discord spawn gate
* ACP: add acpx runtime plugin backend
* fix(subagents): defer transient lifecycle errors before announce
* Agents: harden ACP sessions_spawn and tighten spawn guidance
* Agents: require explicit ACP target for runtime spawns
* docs: expand ACP control-plane implementation plan
* ACP: harden metadata seeding and spawn guidance
* ACP: centralize runtime control-plane manager and fail-closed dispatch
* ACP: harden runtime manager and unify spawn helpers
* Commands: route ACP sessions through ACP runtime in agent command
* ACP: require persisted metadata for runtime spawns
* Sessions: preserve ACP metadata when updating entries
* Plugins: harden ACP backend registry across loaders
* ACPX: make availability probe compatible with adapters
* E2E: add manual Discord ACP plain-language smoke script
* ACPX: preserve streamed spacing across Discord delivery
* Docs: add ACP Discord streaming strategy
* ACP: harden Discord stream buffering for thread replies
* ACP: reuse shared block reply pipeline for projector
* ACP: unify streaming config and adopt coalesceIdleMs
* Docs: add temporary ACP production hardening plan
* Docs: trim temporary ACP hardening plan goals
* Docs: gate ACP thread controls by backend capabilities
* ACP: add capability-gated runtime controls and /acp operator commands
* Docs: remove temporary ACP hardening plan
* ACP: fix spawn target validation and close cache cleanup
* ACP: harden runtime dispatch and recovery paths
* ACP: split ACP command/runtime internals and centralize policy
* ACP: harden runtime lifecycle, validation, and observability
* ACP: surface runtime and backend session IDs in thread bindings
* docs: add temp plan for binding-service migration
* ACP: migrate thread binding flows to SessionBindingService
* ACP: address review feedback and preserve prompt wording
* ACPX plugin: pin runtime dependency and prefer bundled CLI
* Discord: complete binding-service migration cleanup and restore ACP plan
* Docs: add standalone ACP agents guide
* ACP: route harness intents to thread-bound ACP sessions
* ACP: fix spawn thread routing and queue-owner stall
* ACP: harden startup reconciliation and command bypass handling
* ACP: fix dispatch bypass type narrowing
* ACP: align runtime metadata to agentSessionId
* ACP: normalize session identifier handling and labels
* ACP: mark thread banner session ids provisional until first reply
* ACP: stabilize session identity mapping and startup reconciliation
* ACP: add resolved session-id notices and cwd in thread intros
* Discord: prefix thread meta notices consistently
* Discord: unify ACP/thread meta notices with gear prefix
* Discord: split thread persona naming from meta formatting
* Extensions: bump acpx plugin dependency to 0.1.9
* Agents: gate ACP prompt guidance behind acp.enabled
* Docs: remove temp experiment plan docs
* Docs: scope streaming plan to holy grail refactor
* Docs: refactor ACP agents guide for human-first flow
* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow
* Docs/Skill: add OpenCode and Pi to ACP harness lists
* Docs/Skill: align ACP harness list with current acpx registry
* Dev/Test: move ACP plain-language smoke script and mark as keep
* Docs/Skill: reorder ACP harness lists with Pi first
* ACP: split control-plane manager into core/types/utils modules
* Docs: refresh ACP thread-bound agents plan
* ACP: extract dispatch lane and split manager domains
* ACP: centralize binding context and remove reverse deps
* Infra: unify system message formatting
* ACP: centralize error boundaries and session id rendering
* ACP: enforce init concurrency cap and strict meta clear
* Tests: fix ACP dispatch binding mock typing
* Tests: fix Discord thread-binding mock drift and ACP request id
* ACP: gate slash bypass and persist cleared overrides
* ACPX: await pre-abort cancel before runTurn return
* Extension: pin acpx runtime dependency to 0.1.11
* Docs: add pinned acpx install strategy for ACP extension
* Extensions/acpx: enforce strict local pinned startup
* Extensions/acpx: tighten acp-router install guidance
* ACPX: retry runtime test temp-dir cleanup
* Extensions/acpx: require proactive ACPX repair for thread spawns
* Extensions/acpx: require restart offer after acpx reinstall
* extensions/acpx: remove workspace protocol devDependency
* extensions/acpx: bump pinned acpx to 0.1.13
* extensions/acpx: sync lockfile after dependency bump
* ACPX: make runtime spawn Windows-safe
* fix: align doctor-config-flow repair tests with default-account migration (#23580 ) (thanks @osolmaz)
2026-02-26 11:00:09 +01:00
39a1c13635
chore(ci): fix cross-platform symlink path assertions in agents file tests
2026-02-26 00:39:18 -05:00
92eb3dfc9d
refactor(security): unify exec approval request matching
2026-02-26 03:54:37 +01:00
03e689fc89
fix(security): bind system.run approvals to argv identity
2026-02-26 03:41:31 +01:00
f312222159
test: preserve config exports in agent handler mock
2026-02-26 00:42:51 +00:00
aaeed3c4ea
test(agents): add missing announce delivery regressions
2026-02-26 00:38:34 +00:00
4258a3307f
refactor(agents): unify subagent announce delivery pipeline
...
Co-authored-by: Smith Labs <SmithLabsLLC@users.noreply.github.com>
Co-authored-by: Do Cao Hieu <docaohieu2808@users.noreply.github.com>
2026-02-26 00:30:44 +00:00
2011edc9e5
fix(gateway): preserve agentId through gateway send path
...
Landed from #23249 by @Sid-Qin.
Includes extra regression tests for agentId precedence + blank fallback.
Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com>
2026-02-25 23:31:35 +00:00
125f4071bc
fix(gateway): block agents.files symlink escapes
2026-02-26 00:31:08 +01:00
177386ed73
fix(tui): resolve wrong provider prefix when session has model without modelProvider ( #25874 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f0953a7284
2026-02-25 00:36:27 -05:00
885452f5c1
fix: fail-closed shared-session reply routing ( #24571 ) (thanks @brandonwise)
2026-02-25 02:11:34 +00:00
d58f71571a
feat(talk): add provider-agnostic config with legacy compatibility
2026-02-24 15:02:52 +00:00
4a3f8438e5
fix(gateway): bind node exec approvals to nodeId
2026-02-24 03:05:58 +00:00
f58c1ef34e
test(gateway): speed up contract and polling suites
2026-02-24 00:31:58 +00:00
75423a00d6
refactor: deduplicate shared helpers and test setup
2026-02-23 20:40:44 +00:00
40db3fef49
fix(agents): cache bootstrap snapshots per session key
...
Co-authored-by: Isis Anisoptera <github@lotuswind.net>
2026-02-23 19:19:45 +00:00
8d69251475
fix(doctor): use gateway health status for memory search key check ( #22327 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 2f02ec9403
2026-02-23 14:07:16 -05:00
d00d814ad1
fix(gateway): include platform and reason in node command rejection error
...
The generic "node command not allowed" error gives no indication of why the
command was rejected, making it hard to diagnose issues (e.g. running
`nodes notify` against a Linux node that does not declare `system.notify`).
Include the rejection reason and node platform in the error message so
callers can tell whether the command is not supported by the node, not in
the platform allowlist, or the node did not advertise its capabilities.
Fixes #24616
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
(cherry picked from commit e3d74619bc
2026-02-23 18:56:14 +00:00
2fa6aa6ea6
test(agents): add comprehensive kimi regressions
2026-02-23 18:27:36 +00:00
118611465c
test(gateway): make strict-delivery bestEffort case deterministic
2026-02-23 11:45:18 +05:30
d589b3a95c
test(gateway): clear agentCommand mock before strict bestEffort assert
2026-02-23 11:45:18 +05:30
03122e5933
fix(cron): preserve telegram announce target + delivery truth
2026-02-23 11:45:18 +05:30
35fbf26d24
Gateway: suppress tools.catalog plugin conflict diagnostics
2026-02-23 00:05:57 -06:00
9e1a13bf4c
Gateway/UI: data-driven agents tools catalog with provenance (openclaw#24199) thanks @Takhoffman
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- gh pr checks 24199 --watch --fail-fast
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 23:55:59 -06:00
1c753ea786
test: dedupe fixtures and test harness setup
2026-02-23 05:45:54 +00:00
77c3b142a9
Web UI: add full cron edit parity, all-jobs run history, and compact filters (openclaw#24155) thanks @Takhoffman
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 23:05:42 -06:00
259d863353
Gateway: harden cron.runs jobId path handling (openclaw#24038) thanks @Takhoffman
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 19:35:26 -06:00
a10ec2607f
Gateway/Chat UI: sanitize untrusted wrapper markup in final payloads
2026-02-22 16:53:54 -08:00
d24f5c1e3a
fix(gateway): fail fast exec approvals when no approvers are reachable
...
Co-authored-by: fanxian831-netizen <262880470+fanxian831-netizen@users.noreply.github.com>
2026-02-22 22:24:27 +01:00
51b0772e14
fix(exec-approvals): harden forwarding target and resolve delivery paths
...
Co-authored-by: bubmiller <bubmiller@users.noreply.github.com>
2026-02-22 20:37:22 +01:00
1685a0dd12
fix: remove trailing newline from CLAUDE.md symlink target ( #21160 )
...
* fix: remove trailing newline from CLAUDE.md symlink target
* Dev tooling: prevent CLAUDE symlink newline regressions
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-22 12:40:06 -05:00
Peter Steinberger
ToToKr
Vignesh Natarajan
Ayaan Zaidi
joshavant
Onur Solmaz
Gustavo Madeira Santana
byungsker
Nimrod Gutman
Ruslan Kharitonov
justinhuangcode
Tak Hoffman
Alex Zaytsev