3928b4872a
fix: persist context-engine auto-compaction counts ( #42629 )
...
Merged via squash.
Prepared head SHA: df8f292039
2026-03-14 16:22:10 -07:00
9aac55d306
Add /btw side questions ( #45444 )
...
* feat(agent): add /btw side questions
* fix(agent): gate and log /btw reviews
* feat(btw): isolate side-question delivery
* test(reply): update route reply runtime mocks
* fix(btw): complete side-result delivery across clients
* fix(gateway): handle streamed btw side results
* fix(telegram): unblock btw side questions
* fix(reply): make external btw replies explicit
* fix(chat): keep btw side results ephemeral in internal history
* fix(btw): address remaining review feedback
* fix(chat): preserve btw history on mobile refresh
* fix(acp): keep btw replies out of prompt history
* refactor(btw): narrow side questions to live channels
* fix(btw): preserve channel typing indicators
* fix(btw): keep side questions isolated in chat
* fix(outbound): restore typed channel send deps
* fix(btw): avoid blocking replies on transcript persistence
* fix(btw): keep side questions fast
* docs(commands): document btw slash command
* docs(changelog): add btw side questions entry
* test(outbound): align session transcript mocks
2026-03-14 17:27:54 +02:00
439c21e078
refactor: remove channel shim directories, point all imports to extensions ( #45967 )
...
* refactor: remove channel shim directories, point all imports to extensions
Delete the 6 backward-compat shim directories (src/telegram, src/discord,
src/slack, src/signal, src/imessage, src/web) that were re-exporting from
extensions. Update all 112+ source files to import directly from
extensions/{channel}/src/ instead of through the shims.
Also:
- Move src/channels/telegram/ (allow-from, api) to extensions/telegram/src/
- Fix outbound adapters to use resolveOutboundSendDep (fixes 5 pre-existing TS errors)
- Update cross-extension imports (src/web/media.js → extensions/whatsapp/src/media.js)
- Update vitest, tsdown, knip, labeler, and script configs for new paths
- Update guard test allowlists for extension paths
After this, src/ has zero channel-specific implementation code — only the
generic plugin framework remains.
* fix: update raw-fetch guard allowlist line numbers after shim removal
* refactor: document direct extension channel imports
* test: mock transcript module in delivery helpers
2026-03-14 03:43:07 -07:00
16505718e8
refactor: move WhatsApp channel implementation to extensions/ ( #45725 )
...
* refactor: move WhatsApp channel from src/web/ to extensions/whatsapp/
Move all WhatsApp implementation code (77 source/test files + 9 channel
plugin files) from src/web/ and src/channels/plugins/*/whatsapp* to
extensions/whatsapp/src/.
- Leave thin re-export shims at all original locations so cross-cutting
imports continue to resolve
- Update plugin-sdk/whatsapp.ts to only re-export generic framework
utilities; channel-specific functions imported locally by the extension
- Update vi.mock paths in 15 cross-cutting test files
- Rename outbound.ts -> send.ts to match extension naming conventions
and avoid false positive in cfg-threading guard test
- Widen tsconfig.plugin-sdk.dts.json rootDir to support shim->extension
cross-directory references
Part of the core-channels-to-extensions migration (PR 6/10).
* style: format WhatsApp extension files
* fix: correct stale import paths in WhatsApp extension tests
Fix vi.importActual, test mock, and hardcoded source paths that weren't
updated during the file move:
- media.test.ts: vi.importActual path
- onboarding.test.ts: vi.importActual path
- test-helpers.ts: test/mocks/baileys.js path
- monitor-inbox.test-harness.ts: incomplete media/store mock
- login.test.ts: hardcoded source file path
- message-action-runner.media.test.ts: vi.mock/importActual path
2026-03-14 02:44:55 -07:00
0c926a2c5e
fix(mattermost): carry thread context to non-inbound reply paths ( #44283 )
...
Merged via squash.
Prepared head SHA: 2846a6cfa9
2026-03-14 12:23:23 +05:30
f4094ab19e
refactor: share slack text truncation
2026-03-14 01:41:17 +00:00
0e8672af87
fix(ui): stop dashboard chat history reload storm ( #45541 )
...
* UI: stop dashboard chat history reload storm
* Changelog: add PR number for chat reload fix
* fix: resolve branch typecheck regressions
2026-03-13 19:19:53 -05:00
a54bf71b4c
fix(imessage): sanitize SCP remote path to prevent shell metacharacter injection
...
References GHSA-g2f6-pwvx-r275.
2026-03-14 00:38:14 +01:00
46d4fe2fa1
refactor: share embedded run and discord test helpers
2026-03-13 23:35:28 +00:00
0201f3ff7b
refactor: share auto reply helper fixtures
2026-03-13 23:35:28 +00:00
6cabcf3fd2
test: dedupe session idle timeout assertions
2026-03-13 23:35:27 +00:00
801113b46a
refactor: share session entry persistence update
2026-03-13 23:35:27 +00:00
cad1c95405
test: dedupe inline action skip assertions
2026-03-13 23:35:27 +00:00
8cd48c2896
test: dedupe model info reply setup
2026-03-13 23:35:27 +00:00
0f9e16ca46
refactor: share provider chunk context resolution
2026-03-13 23:35:27 +00:00
da51e40638
refactor: share auth label suffix formatting
2026-03-13 23:35:27 +00:00
bd758bb438
refactor: share abort target apply params
2026-03-13 23:35:27 +00:00
aaea0b2f28
test: dedupe directive auth ref label setup
2026-03-13 23:35:27 +00:00
07b3f5233e
test: dedupe post compaction legacy fallback checks
2026-03-13 23:35:27 +00:00
91c94c8b95
test: dedupe elevated permission assertions
2026-03-13 23:35:27 +00:00
b9e5f23914
test: dedupe route reply slack no-op cases
2026-03-13 23:35:27 +00:00
467a7bae3f
refactor: share session conversation normalization
2026-03-13 21:40:53 +00:00
0f637b5e30
refactor: share acp conversation text normalization
2026-03-13 21:40:53 +00:00
a976cc2e95
Slack: add opt-in interactive reply directives ( #44607 )
...
* Reply: add Slack interactive directive parser
* Reply: wire Slack directives into normalization
* Reply: cover Slack directive parsing
* Reply: test Slack directive normalization
* Slack: hint interactive reply directives
* Config: add Slack interactive reply capability type
* Config: validate Slack interactive reply capability
* Reply: gate Slack directives behind capability
* Slack: gate interactive reply hints by capability
* Tests: cover Slack interactive reply capability gating
* Changelog: note opt-in Slack interactive replies
* Slack: fix interactive reply review findings
* Slack: harden interactive reply routing and limits
* Slack: harden interactive reply trust and validation
2026-03-13 14:08:04 -07:00
2c39cd0953
fix(agents): rephrase session reset prompt to avoid Azure content filter ( #43403 )
...
* fix(agents): rephrase session reset prompt to avoid Azure content filter
Azure OpenAI's content filter flags the phrase 'Execute your Session
Startup sequence now' as potentially harmful, causing /new and /reset
to return 400 for all Azure-hosted deployments.
Replace 'Execute ... now' with 'Run your Session Startup sequence' in
session-reset-prompt.ts and post-compaction-context.ts. The semantics
are identical but the softer phrasing avoids the false-positive.
Closes #42769
* ci: retrigger checks (windows shard timeout)
* fix: add changelog for Azure startup prompt fix (#43403 ) (thanks @xingsy97)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-03-13 15:07:03 +05:30
61d219cb39
feat: show status reaction during context compaction ( #35474 )
...
Merged via squash.
Prepared head SHA: 145a7b7c4e
2026-03-12 21:06:15 -07:00
6b14e6b55b
test(commands): align slash-command config persistence coverage
2026-03-13 02:51:55 +00:00
268a8592de
fix: avoid ineffective dynamic imports
2026-03-13 01:33:37 +00:00
d5bffcdeab
feat: add fast mode toggle for OpenAI models
2026-03-12 23:31:31 +00:00
4ca84acf24
fix(runtime): duplicate messages, share singleton state across bundled chunks ( #43683 )
...
* Tests: add fresh module import helper
* Process: share command queue runtime state
* Agents: share embedded run runtime state
* Reply: share followup queue runtime state
* Reply: share followup drain callback state
* Reply: share queued message dedupe state
* Reply: share inbound dedupe state
* Tests: cover shared command queue runtime state
* Tests: cover shared embedded run runtime state
* Tests: cover shared followup queue runtime state
* Tests: cover shared inbound dedupe state
* Tests: cover shared Slack thread participation state
* Slack: share sent thread participation state
* Tests: document fresh import helper
* Telegram: share draft stream runtime state
* Tests: cover shared Telegram draft stream state
* Telegram: share sent message cache state
* Tests: cover shared Telegram sent message cache
* Telegram: share thread binding runtime state
* Tests: cover shared Telegram thread binding state
* Tests: avoid duplicate shared queue reset
* refactor(runtime): centralize global singleton access
* refactor(runtime): preserve undefined global singleton values
* test(runtime): cover undefined global singleton values
---------
Co-authored-by: Nimrod Gutman <nimrod.gutman@gmail.com>
2026-03-12 14:59:27 -04:00
08aa57a3de
Commands: require owner for /config and /debug ( #44305 )
...
* Commands: add non-owner gate helper
* Commands: enforce owner-only config and debug
* Commands/test: cover owner-only config and debug
* Changelog: add owner-only config debug entry
* Commands/test: split config owner gating section
* Commands: redact sender ids in verbose command logs
* Commands: preserve internal read-only config access
* Commands/test: keep operator.write config show coverage non-owner
2026-03-12 14:58:14 -04:00
f2e28fc30f
fix(telegram): allow fallback models in /model validation ( #40105 )
...
Merged via squash.
Prepared head SHA: de07585e03
2026-03-12 13:55:51 +01:00
e8a162d3d8
fix(mattermost): prevent duplicate messages when block streaming + threading are active ( #41362 )
...
* fix(mattermost): prevent duplicate messages when block streaming + threading are active
Remove replyToId from createBlockReplyPayloadKey so identical content is
deduplicated regardless of threading target. Add explicit threading dock
to the Mattermost plugin with resolveReplyToMode reading from config
(default "all"), and add replyToMode to the Mattermost config schema.
Fixes #41219
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(mattermost): address PR review — per-account replyToMode and test clarity
Read replyToMode from the merged per-account config via
resolveMattermostAccount so account-level overrides are honored in
multi-account setups. Add replyToMode to MattermostAccountConfig type.
Rename misleading test to clarify it exercises shouldDropFinalPayloads
short-circuit, not payload key dedup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Replies: keep block-pipeline reply targets distinct
* Tests: cover block reply target-aware dedupe
* Update CHANGELOG.md
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-12 03:15:17 -04:00
58634c9c65
fix(agents): check billing errors before context overflow heuristics ( #40409 )
...
Merged via squash.
Prepared head SHA: c88f89c462
2026-03-11 21:08:55 +03:00
7761e7626f
Providers: add Opencode Go support ( #42313 )
...
* feat(providers): add opencode-go provider support and onboarding
* Onboard: unify OpenCode auth handling openclaw#42313 thanks @ImLukeF
* Docs: merge OpenCode Zen and Go docs openclaw#42313 thanks @ImLukeF
* Update CHANGELOG.md
---------
Co-authored-by: Ubuntu <ubuntu@vps-90352893.vps.ovh.ca>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-11 01:31:06 -04:00
aad014c7c1
fix: harden subagent control boundaries
2026-03-11 01:44:38 +00:00
3a39dc4e18
refactor(security): unify config write target policy
2026-03-11 01:35:04 +00:00
8eac939417
fix(security): enforce target account configWrites
2026-03-11 01:24:36 +00:00
36d2ae2a22
SecretRef: harden custom/provider secret persistence and reuse ( #42554 )
...
* Models: gate custom provider keys by usable secret semantics
* Config: project runtime writes onto source snapshot
* Models: prevent stale apiKey preservation for marker-managed providers
* Runner: strip SecretRef marker headers from resolved models
* Secrets: scan active agent models.json path in audit
* Config: guard runtime-source projection for unrelated configs
* Extensions: fix onboarding type errors in CI
* Tests: align setup helper account-enabled expectation
* Secrets audit: harden models.json file reads
* fix: harden SecretRef custom/provider secret persistence (#42554 ) (thanks @joshavant)
2026-03-10 23:55:10 +00:00
53374394fb
Fix stale runtime model reuse on session reset ( #41173 )
...
Merged via squash.
Prepared head SHA: d8a04a466a
2026-03-10 14:02:43 -07:00
96e4975922
fix: protect bootstrap files during memory flush ( #38574 )
...
Merged via squash.
Prepared head SHA: a0b9a02e2e
2026-03-10 12:44:33 +08:00
de49a8b72c
Telegram: exec approvals for OpenCode/Codex ( #37233 )
...
Merged via squash.
Prepared head SHA: f243379094
2026-03-09 23:04:35 -04:00
531e8362b1
Agents: add fallback error observations ( #41337 )
...
Merged via squash.
Prepared head SHA: 852469c82f
2026-03-10 01:12:10 +03:00
3c3474360b
acp: harden follow-up reliability and attachments ( #41464 )
...
Merged via squash.
Prepared head SHA: 7d167dff54
2026-03-09 23:03:50 +01:00
4aebff78bc
acp: forward attachments into ACP runtime sessions ( #41427 )
...
Merged via squash.
Prepared head SHA: f2ac51df2c
2026-03-09 22:32:32 +01:00
26e76f9a61
fix: dedupe inbound Telegram DM replies per agent ( #40519 )
...
Merged via squash.
Prepared head SHA: 6e235e7d1f
2026-03-09 09:31:05 +05:30
e3df94365b
ACP: add optional ingress provenance receipts ( #40473 )
...
Merged via squash.
Prepared head SHA: b63e46dd94
2026-03-09 04:19:03 +01:00
f6cb77134c
refactor: centralize acp session resolution guards
2026-03-08 18:40:14 +00:00
c942655451
fix(hooks): use resolveAgentIdFromSessionKey in runBeforeReset ( #39875 )
...
Merged via squash.
Prepared head SHA: 00a2b241df
2026-03-08 19:07:28 +03:00
9425209602
fix(mattermost): pass payload.replyToId as root_id for threaded replies ( #27744 )
...
Merged via squash.
Prepared head SHA: e029079872
2026-03-08 14:13:13 +05:30
ufhy
Nimrod Gutman
scoootscooob
Teconomix
Peter Steinberger
Val Alexander
Robin Waslander
Vincent Koc
xingsy97
Cypherm
avirweb
Mathias Nagler
ademczuk
Luke
Josh Avant
PonyX-lab
Frank Yang
Harold Hunt
Altay
Mariano
Ayaan Zaidi
Mariano
Hermione
Daniel Hnyk