0a3b9a9a09
fix(ui): keep shared auth on insecure control-ui connects ( #45088 )
...
Merged via squash.
Prepared head SHA: 99eb3fd928
2026-03-13 14:25:31 +01:00
be8d51c301
fix(node-host): harden perl approval binding
2026-03-13 13:09:36 +00:00
2f03de029c
fix(node-host): harden pnpm approval binding
2026-03-13 12:59:55 +00:00
af4731aa5f
fix(discovery): add missing domain to wideArea Zod config schema ( #35615 )
...
Merged via squash.
Prepared head SHA: d81d3321b6
2026-03-13 15:52:54 +03:00
496176d738
feat(ios): add onboarding welcome pager ( #45054 )
...
* feat(ios): add onboarding welcome pager
* feat(ios): add onboarding welcome pager (#45054 ) (thanks @ngutman)
2026-03-13 14:24:15 +02:00
61429230b2
fix(signal): add groups config to Signal channel schema ( #27199 )
...
Merged via squash.
Prepared head SHA: 4ba4a39ddf
2026-03-13 15:14:30 +03:00
4e68684bd2
fix: restore web fetch firecrawl config in runtime zod schema ( #42583 )
...
Merged via squash.
Prepared head SHA: e37f965b8e
2026-03-13 14:56:26 +03:00
45721d5dec
fix: polish Android QR scanner onboarding ( #45021 )
2026-03-13 17:13:54 +05:30
b72c87712d
fix(config): add missing params field to agents.list[] validation schema ( #41171 )
...
Merged via squash.
Prepared head SHA: 9522761cf1
2026-03-13 14:29:36 +03:00
2c39cd0953
fix(agents): rephrase session reset prompt to avoid Azure content filter ( #43403 )
...
* fix(agents): rephrase session reset prompt to avoid Azure content filter
Azure OpenAI's content filter flags the phrase 'Execute your Session
Startup sequence now' as potentially harmful, causing /new and /reset
to return 400 for all Azure-hosted deployments.
Replace 'Execute ... now' with 'Run your Session Startup sequence' in
session-reset-prompt.ts and post-compaction-context.ts. The semantics
are identical but the softer phrasing avoids the false-positive.
Closes #42769
* ci: retrigger checks (windows shard timeout)
* fix: add changelog for Azure startup prompt fix (#43403 ) (thanks @xingsy97)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-03-13 15:07:03 +05:30
60cb1d683c
fix(agents): respect explicit user compat overrides for non-native openai-completions ( #44432 )
...
Reviewed-by: @frankekn
2026-03-13 17:30:24 +08:00
4d3a2f674b
Docker: add OPENCLAW_TZ timezone support ( #34119 )
...
* Docker: add OPENCLAW_TZ timezone support
* fix: validate docker timezone names
* fix: support Docker timezone override (#34119 ) (thanks @Lanfei)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-03-13 14:51:55 +05:30
a3eed2b70f
fix(agents): avoid injecting memory file twice on case-insensitive mounts ( #26054 )
...
* fix(agents): avoid injecting memory file twice on case-insensitive mounts
On case-insensitive file systems mounted into Docker from macOS, both
MEMORY.md and memory.md pass fs.access() even when they are the same
underlying file. The previous dedup via fs.realpath() failed in this
scenario because realpath does not normalise case through the Docker
mount layer, so both paths were treated as distinct entries and the
same content was injected into the bootstrap context twice, wasting
tokens.
Fix by replacing the collect-then-dedup approach with an early-exit:
try MEMORY.md first; fall back to memory.md only when MEMORY.md is
absent. This makes the function return at most one entry regardless
of filesystem case-sensitivity.
* docs: clarify singular memory bootstrap fallback
* fix: note memory bootstrap fallback docs and changelog (#26054 ) (thanks @Lanfei)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-03-13 14:39:51 +05:30
7638052178
fix: note android chat settings redesign ( #44894 )
2026-03-13 14:31:39 +05:30
5ca0233db0
fix(agents): drop Anthropic thinking blocks on replay ( #44843 )
...
* agents: drop Anthropic thinking blocks on replay
* fix: extend anthropic replay sanitization openclaw#44429 thanks @jmcte
* fix: extend anthropic replay sanitization openclaw#44843 thanks @jmcte
* test: add bedrock replay sanitization coverage openclaw#44843
* test: cover anthropic provider drop-thinking hints openclaw#44843
---------
Co-authored-by: johnmteneyckjr <john.m.teneyck@gmail.com>
2026-03-13 16:57:56 +08:00
0705225274
docs: fix changelog credit for xhigh help ( #44874 )
2026-03-13 16:40:53 +08:00
4e27c9b958
CLI: align xhigh thinking help text ( #44819 )
...
Merged via squash.
Prepared head SHA: ff1f127176
2026-03-13 16:37:11 +08:00
f07033ed3f
fix: address delivery dedupe review follow-ups ( #44666 )
...
Merged via squash.
Prepared head SHA: 8e6d254cc4
2026-03-13 16:18:01 +08:00
d40a4e343c
fix: add gateway session reset routing coverage ( #44773 ) (thanks @Lanfei)
2026-03-13 12:39:44 +05:30
93e7fcaa73
docs: move post-release changelog entries to Unreleased ( #44691 )
...
4 entries were added to the 2026.3.12 section after the v2026.3.12
tag was cut. Move them to ## Unreleased where they belong.
Verified: 2026.3.12 section now matches the 74 entries present at
the v2026.3.12 release tag (28d64c48e
2026-03-12 22:42:06 -07:00
32d8ec9482
fix: harden windows gateway fallback launch
2026-03-13 04:58:35 +00:00
6d0939d84e
fix: handle Discord gateway metadata fetch failures ( #44397 )
...
Merged via squash.
Prepared head SHA: edd17c0eff
2026-03-12 21:52:17 -07:00
8023f4c701
fix(telegram): thread media transport policy into SSRF ( #44639 )
...
* fix(telegram): preserve media download transport policy
* refactor(telegram): thread media transport policy
* fix(telegram): sync fallback media policy
* fix: note telegram media transport fix (#44639 )
2026-03-13 10:11:43 +05:30
771066d122
fix(compaction): use full-session token count for post-compaction sanity check ( #28347 )
...
Merged via squash.
Prepared head SHA: cf4eab1c51
2026-03-12 21:26:30 -07:00
61d219cb39
feat: show status reaction during context compaction ( #35474 )
...
Merged via squash.
Prepared head SHA: 145a7b7c4e
2026-03-12 21:06:15 -07:00
255414032f
changelog: move ACP final-snapshot entry to active 2026.3.12 section
2026-03-12 20:31:03 -07:00
17c954c46e
fix(acp): preserve final assistant message snapshot before end_turn ( #44597 )
...
Process messageData via handleDeltaEvent for both delta and final states
before resolving the turn, so ACP clients no longer drop the last visible
assistant text when the gateway sends the final message body on the
terminal chat event.
Closes #15377
Based on #17615
Co-authored-by: PJ Eby <3527052+pjeby@users.noreply.github.com>
2026-03-12 20:23:57 -07:00
42efd98ff8
Slack: support Block Kit payloads in agent replies ( #44592 )
...
* Slack: route reply blocks through outbound adapter
* Slack: cover Block Kit outbound payloads
* Changelog: add Slack Block Kit agent reply entry
2026-03-12 23:18:59 -04:00
433e65711f
fix: fall back to a startup entry for windows gateway install
2026-03-13 03:18:17 +00:00
ff2368af57
fix: stop false cron payload-kind warnings in doctor ( #44012 ) (thanks @shuicici)
2026-03-13 08:38:52 +05:30
b858d6c3a9
fix: clarify windows onboarding gateway health
2026-03-13 02:40:40 +00:00
23c7fc745f
refactor(agents): replace console.warn with SubsystemLogger in compaction-safeguard.ts ( #9974 )
...
Merged via squash.
Prepared head SHA: 35dcc5ba35
2026-03-12 19:34:55 -07:00
4fb3b88e57
docs: reorder latest release changelog
2026-03-13 02:11:50 +00:00
d6d01f853f
fix: align Ollama onboarding docs before landing ( #43473 ) (thanks @BruceMacD)
...
(cherry picked from commit 19fa274343a102ca85c7679ec28c5a3503a99f55)
2026-03-13 02:03:54 +00:00
0068f55dd8
fix(memory): fail closed for Windows qmd wrappers
2026-03-13 01:56:20 +00:00
ddeb423944
fix: quiet Telegram command overflow retry logs
2026-03-13 01:45:56 +00:00
de3e6a8c5b
fix(routing): require ids for slack and msteams allowlists
2026-03-13 01:44:42 +00:00
c25e46a433
chore: prepare 2026.3.12 release
2026-03-13 01:38:20 +00:00
e951a42bcb
fix(mac): adopt canonical session key and add reset triggers ( #10898 )
...
Add shared native chat handling for /new, /reset, and /clear.
This also aligns main session key handling in the shared chat UI and includes follow-up test and CI fixes needed to keep the branch mergeable.
Co-authored-by: Nachx639 <71144023+Nachx639@users.noreply.github.com>
Co-authored-by: Luke <92253590+ImLukeF@users.noreply.github.com>
2026-03-13 12:35:39 +11:00
b14a5c6713
fix(zalouser): require ids for group allowlist auth
2026-03-13 01:31:17 +00:00
d5b3f2ed71
fix(models): keep codex spark codex-only
2026-03-13 00:53:21 +00:00
d4f535b203
fix(hooks): fail closed on unreadable loader paths ( #44437 )
...
* Hooks: fail closed on unreadable loader paths
* Changelog: note hooks loader hardening
* Tests: cover sanitized hook loader logs
* Hooks: use realpath containment for legacy loaders
* Hooks: sanitize unreadable workspace log path
2026-03-12 20:47:30 -04:00
2649c03cdb
fix(hooks): dedupe repeated agent deliveries by idempotency key ( #44438 )
...
* Hooks: add hook idempotency key resolution
* Hooks: dedupe repeated agent deliveries by idempotency key
* Tests: cover hook idempotency dedupe
* Changelog: note hook idempotency dedupe
* Hooks: cap hook idempotency key length
* Gateway: hash hook replay cache keys
* Tests: cover hook replay key hardening
2026-03-12 20:43:38 -04:00
91b701e183
fix: harden windows native updates
2026-03-12 23:42:14 +00:00
35aafd7ca8
feat: add Anthropic fast mode support
2026-03-12 23:39:03 +00:00
d5bffcdeab
feat: add fast mode toggle for OpenAI models
2026-03-12 23:31:31 +00:00
ddcaec89e9
fix(node-host): fail closed on ruby approval preload flags
2026-03-12 23:23:54 +00:00
2c8f31135b
test: cover provider plugin boundaries
2026-03-12 22:43:55 +00:00
9692dc7668
fix(security): harden nodes owner-only tool gating
2026-03-12 22:27:52 +00:00
bf89947a8e
fix: switch pairing setup codes to bootstrap tokens
2026-03-12 22:23:07 +00:00
Radek Sienkiewicz
Peter Steinberger
ingyukoh
Nimrod Gutman
Alex Zaytsev
stim64045-spec
Ayaan Zaidi
atian8179
xingsy97
cheapestinference
Jealous
Frank Yang
Josh Lehman
Efe Büken
Cypherm
scoootscooob
scoootscooob
Vincent Koc
Dinakar Sarbada
Nachx639