nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,916 Commits 712 Branches 79 Tags 2.1 GiB
Commit Graph

3230 Commits

Author SHA1 Message Date
Vignesh Natarajan cd6bbe8cea Session: enforce startup sequence on bare reset greeting 2026-02-20 20:38:56 -08:00
Tak Hoffman 7417c36268
fix(cron): honor maxConcurrentRuns in timer loop (openclaw#22413) thanks @Takhoffman 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini (failed on unrelated baseline test: src/memory/qmd-manager.test.ts > throws when sqlite index is busy)

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-20 22:31:58 -06:00
Vignesh Natarajan 93c2f20a23 Memory: surface explicit memory_search unavailable status 2026-02-20 20:30:52 -08:00
Vignesh Natarajan 1cc2263578 TUI: bound chat-log growth to prevent render overflows 2026-02-20 20:27:58 -08:00
Vignesh Natarajan 2227840989 Gateway/TUI: filter heartbeat ACK noise in chat events 2026-02-20 20:23:28 -08:00
Vignesh Natarajan d583399c92 Hooks: persist session memory on /reset 2026-02-20 20:19:29 -08:00
Vignesh Natarajan 544c213d42 Memory/QMD: diversify mixed-source search results 2026-02-20 20:13:24 -08:00
Vignesh Natarajan d7a7ebb75a TUI: dedupe duplicate backspace events in input 2026-02-20 20:10:22 -08:00
Vignesh Natarajan 18b4b47708 TUI: guide pairing-required recovery in disconnect state 2026-02-20 20:04:19 -08:00
Vignesh Natarajan c0d5fc8d1e CLI: default pairing channel for pairing commands 2026-02-20 19:59:54 -08:00
Vignesh Natarajan be756b9a89 Memory: fix async sync close race 2026-02-20 19:55:11 -08:00
Ayaan Zaidi 2649e9e044
fix: preselect Telegram-supported status reaction variants (#22380) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 018fcd6e2e
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 09:20:20 +05:30
Vignesh Natarajan a305dfe626 Memory/QMD: harden multi-collection search and embed scheduling 2026-02-20 19:41:51 -08:00
Glucksberg 1410d15c5e
fix: compaction safeguard extension not loading in production builds (openclaw#22349) thanks @Glucksberg 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini (local run had unrelated baseline failures; Tak approved proceed)

Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-20 21:21:09 -06:00
Shadow e2dbd45418 fix: add configurable ephemeral defaults for Discord slash commands (#16563) (thanks @wei) 2026-02-20 21:19:21 -06:00
Shadow b294342d7f feat(discord): support forum tag edits via channel-edit (#12070) (thanks @xiaoyaner0201) 2026-02-20 21:17:04 -06:00
Shadow b7644d61a2 fix: restore Discord model picker UX (#21458) (thanks @pejmanjohn) 2026-02-20 21:04:04 -06:00
hcoj 5dae5e6ef2
fix(tools): forward senderIsOwner to embedded runner so owner-only tools work (#22296) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0baca5ccc1
Co-authored-by: hcoj <1169805+hcoj@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 08:33:58 +05:30
Vincent Koc d94d21f9b0
test: isolate local media regression fixtures to allowed roots (#22369) 
* fix(tui): strip inbound metadata blocks from user text

* chore: clean up metadata-strip format and changelog credit

* chore: format tui metadata-strip tests

* test(web): isolate local media fixture paths to allow-listed roots
 2026-02-20 21:50:50 -05:00
Vincent Koc 9a6b26d427
fix(ui): strip inbound metadata blocks and guard reply-tag streaming (clean rewrite) (#22346) 
* fix(ui): strip inbound metadata blocks from user messages

* chore: clean up metadata-strip format and changelog credit

* Update src/shared/chat-envelope.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-02-20 21:41:32 -05:00
Taras Lukavyi 0e068194ad
fix(tool-display): `cd ~/dir && npm install` shows as `run cd` — compound commands truncated to first stage (#21925) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 4728bfe8e7
Co-authored-by: Lukavyi <1013690+Lukavyi@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 08:03:32 +05:30
Shadow 866b33e0d3 fix: lazy-load Discord allowlist guilds (#20208) (thanks @zhangjunmengyang) 2026-02-20 20:26:46 -06:00
Harold Hunt 844d84a7f5
Issue 17774 - Usage - Local - Show data from midnight to midnight of selected dates for browser time zone (AI assisted) (openclaw#19357) thanks @huntharo 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini (override approved by Tak for this run; local baseline failures outside PR scope)

Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-20 20:09:03 -06:00
Harold Hunt 02ac5b59d1
Skills: add SonosCLI troubleshooting guidance (openclaw#21316) thanks @huntharo 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-20 19:52:42 -06:00
jackheuberger feccac6723
fix: sanitize thinking blocks for GitHub Copilot Claude models (openclaw#19459) thanks @jackheuberger 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: jackheuberger <12731288+jackheuberger@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-20 19:48:09 -06:00
Mars a4e7e952e1
fix(ui): strip injected inbound metadata from user messages in history (#22142) 
* fix(ui): strip injected inbound metadata from user messages in history

Fixes #21106
Fixes #21109
Fixes #22116

OpenClaw prepends structured metadata blocks ("Conversation info",
"Sender:", reply-context) to user messages before sending them to the
LLM. These blocks are intentionally AI-context-only and must never reach
the chat history that users see.

Root cause:
`buildInboundUserContextPrefix` in `inbound-meta.ts` prepends the
blocks directly to the stored user message content string, so they are
persisted verbatim and later shown in webchat, TUI, and every other
rendering surface.

Fix:
• `src/auto-reply/reply/strip-inbound-meta.ts` — new utility with a
  6-sentinel fast-path strip (zero-alloc on miss) + 9-test suite.
• `src/tui/tui-session-actions.ts` — wraps `chatLog.addUser(...)` with
  `stripInboundMetadata()` so the TUI never stores the prefix.
• `ui/src/ui/chat/message-normalizer.ts` — strips user-role text content
  items during normalisation so webchat renders clean messages.

* fix(ui): strip inbound metadata for user messages in display path

* test: fix discord component send test spread typing

* fix: strip inbound metadata from mac chat history decode

* fix: align Swift metadata stripping parser with TS implementation

* fix: normalize line endings in inbound metadata stripper

* chore: document Swift/TS metadata-sentinel ownership

* chore: update changelog for inbound metadata strip fix

* changelog: credit Mellowambience for 22142

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-20 17:35:13 -08:00
Shadow f555835b09
Channels: add thread-aware model overrides 2026-02-20 19:26:25 -06:00
Shadow eedea6cf34
Discord: add trusted channel topics on new sessions 2026-02-20 18:22:13 -06:00
Tyler Yust fe57bea088
Subagents: restore announce chain + fix nested retry/drop regressions (#22223) 
* Subagents: restore announce flow and fix nested delivery retries

* fix: prep subagent announce + docs alignment (#22223) (thanks @tyler6204)
 2026-02-20 15:39:09 -08:00
Shadow 086af56867
Discord: keep DM component sessions 2026-02-20 17:37:44 -06:00
Harold Hunt 0f1b2ad962
chore: Reduce app-specific docker image size by ~50% / ~900 MB (AI assisted) (#22019) 
* chore: Reduce docker image size by 50%

* Changelog: note Docker build ownership

---------

Co-authored-by: Shadow <hi@shadowing.dev>
 2026-02-20 17:32:48 -06:00
Shadow 3e1ed0032d
Docs: add Discord forum thread docs 2026-02-20 17:20:24 -06:00
Shadow 68fd8ed866
clankers are dumb 2026-02-20 16:51:12 -06:00
Shadow 1eec2aee4f
Discord: ingest inbound stickers 2026-02-20 16:47:47 -06:00
Shadow 64c29c3755
Discord: avoid reply spam on chunked sends 2026-02-20 16:37:28 -06:00
Shadow 4ab946eebf
Discord VC: voice channels, transcription, and TTS (#18774) 2026-02-20 16:06:07 -06:00
Shadow 3100b77f12
Agents: clarify authorized sender prompt (Closes #19794) 2026-02-20 15:55:36 -06:00
Shadow 30a0d3fce1
Status reactions: fix stall timers and gating (#22190) 
* feat: add shared status reaction controller

* feat: add statusReactions config schema

* feat: wire status reactions for Discord and Telegram

* fix: restore original 10s/30s stall defaults for Discord compatibility

* Status reactions: fix stall timers and gating

* Format status reaction imports

---------

Co-authored-by: Matt <mateus.carniatto@gmail.com>
 2026-02-20 15:27:42 -06:00
Shadow c378439246
Security: harden tool media paths 2026-02-20 13:32:49 -06:00
Mariano 67edc7790f
iOS: gate capabilities by permissions and add settings controls (#22135) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 92c2660d08
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 19:26:30 +00:00
Shadow 39816e61b0
Security: restrict canvas jsonlPath file reads 2026-02-20 13:21:55 -06:00
Shadow 0692927ccd
Changelog: note canvas auth hardening 2026-02-20 13:11:55 -06:00
Mariano f52476f18c
iOS Watch: bridge mirrored notification actions into quick replies (#22123) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 401fbe8a7a
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 19:04:58 +00:00
Mariano 9476dda9f6
iOS Chat: clean UI noise and format tool outputs (#22122) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 34dd87b0c0
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 19:01:03 +00:00
Mariano 5828708343
iOS/Gateway: harden pairing resolution and settings-driven capability refresh (#22120) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 55b8a93a99
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 18:57:04 +00:00
Shadow 61f646c41f
Daemon: harden systemd unit env rendering 2026-02-20 12:51:14 -06:00
Shadow 84281abd4b
Docker: drop root in test images 2026-02-20 12:45:34 -06:00
Shadow 8c9f35cdb5
Agents: sanitize skill env overrides 2026-02-20 12:38:54 -06:00
Shadow 09e6970386
Discord: implement stream preview mode (#22111) 
* Discord: implement stream preview mode

* Changelog: note Discord stream preview mode

* Tests: type discord draft stream mocks

* Docs: document Discord stream preview
 2026-02-20 12:37:15 -06:00
Mariano 5dd304d1c6
fix(gateway): clear pairing state on device token mismatch (#22071) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ad38d1a529
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 18:21:13 +00:00
Mariano 094dbdaf2b
fix(gateway): require loopback proxy IP for trusted-proxy + bind=loopback (#22082) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 6ff3ca9b5d
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 18:03:53 +00:00
Xinhua Gu 9c5249714d
fix(gateway): trusted-proxy auth rejected when bind=loopback (#20097) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 8de62f1a8f
Co-authored-by: xinhuagu <562450+xinhuagu@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:51:35 +00:00
Nachx639 868fe48d58
fix(gateway): allow health method for all authenticated roles (#19699) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b976443267
Co-authored-by: Nachx639 <71144023+Nachx639@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:48:44 +00:00
Marcus Castro c8ee33c162
fix(gateway): include export name in hook transform cache key (#13855) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: a9eea919b8
Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:44:51 +00:00
Marcus Castro 618b36f07a
fix(gateway): return 404 for missing static assets instead of SPA fallback (#12060) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 32d2ca7a13
Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:41:57 +00:00
Coy Geek 914a7c5359
fix: Device Token Scope Escalation via Rotate Endpoint (#20703) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 4f2c2ecef4
Co-authored-by: coygeek <65363919+coygeek@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:38:58 +00:00
Coy Geek 40a292619e
fix: Control UI Insecure Auth Bypass Allows Token-Only Auth Over HTTP (#20684) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ad9be4b4d6
Co-authored-by: coygeek <65363919+coygeek@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:34:34 +00:00
Mariano fe3215092c
test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy (#22045) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ec952f0a80
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:23:33 +00:00
Mariano fd8c6d1f77
iOS: refresh phone/watch app icons with lobster assets (#21997) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: d41caeff38
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 16:41:41 +00:00
Mariano 738b011624
iOS/watch: add actionable watch approvals and quick replies (#21996) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 3c2a01f903
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 16:39:13 +00:00
Mariano 8e4f6c0384
fix(browser): block upload symlink escapes (#21972) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 4381ef9a4d
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 16:36:25 +00:00
Mariano 774d73b458
fix(macos): reject insecure non-loopback ws remote gateway urls (#21971) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9e8cdbf095
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 16:34:00 +00:00
Mariano ebae6f918e
fix(shared): reject insecure non-loopback gateway deep links (#21970) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279173c7db
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 16:31:40 +00:00
Mariano 8fa46d709a
fix(ios): force tls for non-loopback manual gateway hosts (#21969) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9fb39f566e
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 16:28:47 +00:00
mudrii 7ecfc1d93c
fix(auth): bidirectional mode/type compat + sync OAuth to all agents (#12692) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 2dee8e1174
Co-authored-by: mudrii <220262+mudrii@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-20 16:01:09 +05:30
Vignesh Natarajan 083298ab9d fix: memory ENOENT handling (#20680) (thanks @pahdo) 2026-02-19 23:33:28 -08:00
Logan Pritchett 8f80e2a467
fix(macos): set release bundle ID so Sparkle auto-update works (#19750) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: d16e61e35a
Co-authored-by: loganprit <72722788+loganprit@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-20 12:08:10 +05:30
Ayaan Zaidi ab256b8ec7
fix: split telegram reasoning and answer draft streams (#20774) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7458444144
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-20 11:14:39 +05:30
mudrii beb2b74b5b
fix(telegram): prevent silent message loss across all streamMode settings (#19041) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 82898339f0
Co-authored-by: mudrii <220262+mudrii@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-20 10:46:55 +05:30
Shakker 99db4c7903 Changelog: document pairing bootstrap recovery (#21616) 2026-02-20 05:12:05 +00:00
Sean McLellan 86f207adb0
fix: clean tool schemas and thinking blocks for google-antigravity (openclaw#19732) thanks @Oceanswave 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Oceanswave <760674+Oceanswave@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 22:49:57 -06:00
Hudson 7b81383d44
fix(signal): preserve case for Base64 group IDs in target normalization (openclaw#10623) thanks @heyhudson 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: heyhudson <258693705+heyhudson@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 22:41:55 -06:00
Kirill Shchetynin ee519086f6
Feature/default messenger delivery target (openclaw#16985) thanks @KirillShchetinin 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: KirillShchetinin <13061871+KirillShchetinin@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 22:37:19 -06:00
Ephraim Moss 59e58bf81c
fix: strip unsupported JSON Schema keywords for Claude via Cloud Code Assist (openclaw#20124) thanks @ephraimm 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check (fails on existing unrelated type error: src/agents/subagent-announce.format.e2e.test.ts:71)
- pnpm test:e2e src/agents/pi-embedded-runner/google.e2e.test.ts
- pnpm test:macmini (fails on existing unrelated test: src/agents/subagent-registry.steer-restart.test.ts)

Co-authored-by: ephraimm <2803669+ephraimm@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 22:31:20 -06:00
Nabbil Khan f91034aa6b
fix(auth): clear all usage stats fields in clearAuthProfileCooldown (openclaw#19211) thanks @nabbilkhan 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: nabbilkhan <203121263+nabbilkhan@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 22:21:37 -06:00
Mr. Guy dece0fa146
fix: add customBindHost to gateway config validation (openclaw#20318) thanks @MisterGuy420 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: MisterGuy420 <255743668+MisterGuy420@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 22:06:22 -06:00
Tak Hoffman 14618af237
chore: bump Pi SDK packages to 0.54.0 (openclaw#21578) thanks @Takhoffman 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 22:04:33 -06:00
Clawborn cbcc75f6c7
Add Claude Sonnet 4.6 and 4.5 to GitHub Copilot model catalog (openclaw#20270) thanks @Clawborn 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Clawborn <261310391+Clawborn@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 21:54:52 -06:00
Tak Hoffman c1ac37a641
Config: expose Pi compaction tuning values (openclaw#21568) thanks @Takhoffman 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 21:41:09 -06:00
Dale Babiy 10dab4f2c7
fix(anthropic): preserve pi-ai default betas when injecting anthropic-beta header (openclaw#19789) thanks @minupla 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: minupla <42547246+minupla@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 21:23:00 -06:00
Glucksberg 38b4fb5d55
fix(auth/session): preserve override reset behavior and repair oauth profile-id drift (openclaw#18820) thanks @Glucksberg 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 21:16:26 -06:00
Vishal f1e1cc4ee3
feat: surface cached token counts in /status output (openclaw#21248) thanks @vishaltandale00 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: vishaltandale00 <9222298+vishaltandale00@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 21:06:13 -06:00
George Pickett db8ffb13f4 fix: prevent whatsapp fallback for webchat sessions (#21534) (thanks @lbo728) 2026-02-19 18:41:57 -08:00
青雲 21448508a1
fix: Grok web_search extracts output_text blocks at top level (openclaw#20508) thanks @echoVic 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: echoVic <16428813+echoVic@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 20:37:15 -06:00
Tak Hoffman d9e46028f5
fix(cron/whatsapp): route implicit delivery to allowlisted recipients (openclaw#21533) thanks @Takhoffman 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 20:33:37 -06:00
Rodrigo Uroz a87b5fb009
(feat): MMR and temporal decay / bring back schema changes (openclaw#18786) thanks @rodrigouroz 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 20:20:02 -06:00
adhitShet 164d478652
fix(cli): correct --verbose / -v option syntax in acp commands (#21303) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 20d058dcf5
Co-authored-by: adhitShet <131381638+adhitShet@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-19 21:04:22 -05:00
ahdernasr e321f21daa
fix: serialize tool result delivery to preserve message ordering (#21231) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 68adbf58c8
Co-authored-by: ahdernasr <44983175+ahdernasr@users.noreply.github.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Reviewed-by: @joshavant
 2026-02-19 17:23:23 -08:00
adhitShet d871ee91d0
fix(config-cli): correct misleading --json flag description (#21332) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b6c8d1edfa
Co-authored-by: adhitShet <131381638+adhitShet@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-19 20:09:17 -05:00
adhitShet ae4907ce6e
fix(heartbeat): return false for zero-width active-hours window (#21408) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 993860bd03
Co-authored-by: adhitShet <131381638+adhitShet@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-19 20:03:57 -05:00
adhitShet 57f0ac21e9
fix(heartbeat): constrain 24-hour sentinel to 24:00 only in regex (#21410) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7b8fe75738
Co-authored-by: adhitShet <131381638+adhitShet@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-19 19:52:38 -05:00
Gustavo Madeira Santana ffa7de0467 chore: add CHANGELOG entry 2026-02-19 19:34:30 -05:00
Josh Avant 29ad0736f4
fix(gateway): tolerate legacy paired metadata in ws upgrade checks (#21447) 
Fixes the pairing required regression from #21236 for legacy paired devices
created without roles/scopes metadata. Detects legacy paired metadata shape
and skips upgrade enforcement while backfilling metadata in place on reconnect.

Co-authored-by: Josh Avant <830519+joshavant@users.noreply.github.com>
Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com>
 2026-02-19 17:45:56 -06:00
Vincent Koc ce2a39a271 Security: bump hono for timing-safe auth hardening 2026-02-19 15:13:38 -08:00
Vincent Koc 2c93f6656a Docs: record PR #21336 anthropic onboarding fix 2026-02-19 15:13:38 -08:00
Vincent Koc 4883aa5439
docs(changelog): credit prior Slack recipient-id groundwork for 20988 (#21434) 2026-02-19 14:48:29 -08:00
Josh Avant c2876b69fb
feat(auto-reply): add model fallback lifecycle visibility in status, verbose logs, and WebUI (#20704) 2026-02-19 14:33:02 -08:00
Vincent Koc 6cdcb5904d
chore: update changelog for merged fixes 7734 and 21086 (#21254) 2026-02-19 13:00:40 -08:00
Mariano e98ccc8e17
iOS/Gateway: stabilize background wake and reconnect behavior (#21226) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7705a7741e
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 20:20:28 +00:00
Shadow f7a8c2df2c
Discord: handle gateway 4014 close 2026-02-19 13:47:28 -06:00
George Pickett 85fee30e6b fix: changelog for cross-origin redirect header stripping (#20313) (thanks @afurm) 2026-02-19 11:42:25 -08:00
Shakker eec5a6d6f1
Changelog: move prompt caching fix to unreleased 2026-02-19 19:22:46 +00:00
Shakker 45b54d90ab Changelog: add auto-reply run-start fix (#21165) (thanks @shakkernerd) 2026-02-19 19:15:09 +00:00
Isis Anisoptera 4b7d89100e
fix(auto-reply): restore prompt cache stability by moving per-turn ids to user context (#20597) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 175919afb6
Co-authored-by: anisoptera <768771+anisoptera@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 19:11:47 +00:00
Shakker ff3a7e5635
chore: bump release metadata to 2026.2.20 2026-02-19 18:57:08 +00:00
Mariano a1d5dce7ab
iOS: use dedicated session key for chat sheet (#21139) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 31a27b0c5b
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 18:42:56 +00:00
Mariano 42d11a3ec5
iOS: auto-resync chat after reconnect gaps (#21135) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 1beca3a76d
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 18:37:13 +00:00
Peter Steinberger 9f5429e528 docs: trim refactor-only and duplicate changelog entries 2026-02-19 16:34:10 +01:00
Peter Steinberger b0e55283d5 chore: bump release metadata to 2026.2.19 2026-02-19 16:17:34 +01:00
Peter Steinberger 280c6b117b fix(daemon): harden windows schtasks script quoting 2026-02-19 16:16:51 +01:00
Peter Steinberger 2e421f32df fix(security): restore trusted plugin runtime exec default 2026-02-19 16:01:29 +01:00
Peter Steinberger 8288702f51 docs(changelog): add Windows schtasks injection fix note 2026-02-19 15:57:42 +01:00
Peter Steinberger c45f3c5b00 fix(gateway): harden canvas auth with session capabilities 2026-02-19 15:51:22 +01:00
Peter Steinberger 63e39d7f57 fix(security): harden ACP prompt size guardrails 2026-02-19 15:41:01 +01:00
Peter Steinberger c9dee59266 refactor(security): centralize trusted sender checks for discord moderation 2026-02-19 15:39:56 +01:00
Peter Steinberger 81b19aaa1a fix(security): enforce plugin and hook path containment 2026-02-19 15:37:29 +01:00
Peter Steinberger 10379e7dcd fix: harden voice-call tts deep merge 2026-02-19 15:37:01 +01:00
Peter Steinberger b40821b068 fix: harden ACP secret handling and exec preflight boundaries 2026-02-19 15:34:20 +01:00
Peter Steinberger 3d7ad1cfca fix(security): centralize owner-only tool gating and scope maps 2026-02-19 15:29:23 +01:00
Peter Steinberger 26c9b37f5b fix(security): enforce strict IPv4 SSRF literal handling 2026-02-19 15:24:47 +01:00
Peter Steinberger 77c748304b refactor(plugins): extract safety and provenance helpers 2026-02-19 15:24:14 +01:00
Peter Steinberger 775816035e fix(security): enforce trusted sender auth for discord moderation 2026-02-19 15:18:24 +01:00
Peter Steinberger baa335f258 fix(security): harden SSRF IPv4 literal parsing 2026-02-19 15:14:46 +01:00
Peter Steinberger 3561442a9f fix(plugins): harden discovery trust checks 2026-02-19 15:14:12 +01:00
Peter Steinberger 5dc50b8a3f fix(security): harden npm plugin and hook install integrity flow 2026-02-19 15:11:25 +01:00
Peter Steinberger 2777d8ad93 refactor(security): unify gateway scope authorization flows 2026-02-19 15:06:38 +01:00
Peter Steinberger b54ba3391b fix: credit contributor in changelog (#20916) (thanks @orlyjamie) 2026-02-19 15:00:10 +01:00
Peter Steinberger 29118995ad refactor(lobster): remove lobsterPath overrides 2026-02-19 14:58:13 +01:00
Peter Steinberger 7426848913 test(feishu): add mention regex injection regressions 2026-02-19 14:51:41 +01:00
Peter Steinberger e01011e3e4 fix(acp): harden session lifecycle against flooding 2026-02-19 14:50:17 +01:00
Peter Steinberger cf6edc6d57 docs(changelog): credit allsmog for Lobster security report 2026-02-19 14:43:03 +01:00
Peter Steinberger a40c10d3e2 fix: harden agent gateway authorization scopes 2026-02-19 14:37:56 +01:00
Peter Steinberger ff74d89e86 fix: harden gateway control-plane restart protections 2026-02-19 14:30:15 +01:00
Peter Steinberger e3e0ffd801 feat(security): audit gateway HTTP no-auth exposure 2026-02-19 14:25:56 +01:00
Thorfinn b45bb6801c
fix(doctor): skip embedding provider check when QMD backend is active (openclaw#17295) thanks @miloudbelarebia 
Verified:
- pnpm build
- pnpm check (fails on baseline formatting drift in files identical to origin/main)
- pnpm test:macmini

Co-authored-by: miloudbelarebia <52387093+miloudbelarebia@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 07:21:27 -06:00
Peter Steinberger bafdbb6f11 fix(security): eliminate safeBins file-existence oracle 2026-02-19 14:18:11 +01:00
Peter Steinberger cfe8457a0f fix(security): harden safeBins stdin-only enforcement 2026-02-19 14:10:45 +01:00
Peter Steinberger 6195660b1a fix(browser): unify SSRF guard path for navigation 2026-02-19 13:44:01 +01:00
Peter Steinberger 3c419b7bd3 docs(security): document webhook hardening and changelog 2026-02-19 13:31:44 +01:00
Vincent Koc 043b2f5e7a
changelog: add unreleased fixes from recent PRs (#20897) 2026-02-19 03:44:15 -08:00
Mariano db73402235
Security: add explicit opt-in for deprecated plugin runtime exec (#20874) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: de69f81725
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 11:30:36 +00:00
Vincent Koc 267bb3c81c
changelog: backfill PR release-note entries (#20839) 
* Docs: backfill changelog entries

* Docs: mark PR 20836 as merged in changelog
 2026-02-19 02:43:57 -08:00
Peter Steinberger 49d0def6d1 fix(security): harden imessage remote scp/ssh handling 2026-02-19 11:08:23 +01:00
Mariano a7c0aa94d9
refactor(security): share safe temp media path builder (#20810) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7a088e6801
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 09:59:21 +00:00
Peter Steinberger ee1d6427b5 fix(security): enforce symlink-safe skill packaging 2026-02-19 10:56:17 +01:00
Vincent Koc 981d266480
security(gateway): block webchat session mutators (#20800) 
* chore(ci): local claude settings gitignore

* Gateway: block webchat session mutators

* Changelog: note webchat session mutator guard

* Changelog: credit report for webchat mutator guard
 2026-02-19 01:54:02 -08:00
Mariano 8e6d1e6368
LINE/Security: harden inbound media temp-file naming (#20792) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: f6f3eecdb3
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 09:37:33 +00:00
Peter Steinberger ba7be018da fix(security): remove lobster windows shell fallback 2026-02-19 10:22:59 +01:00
Mariano Belinky 65a7fc6de7 Changelog: note Feishu traversal hardening 2026-02-19 10:14:31 +01:00
Peter Steinberger d51929ecb5 fix: block ISATAP SSRF bypass via shared host/ip guard 2026-02-19 09:59:47 +01:00
Peter Steinberger cfc5e7bd82 fix(media): harden saveMediaSource against symlink TOCTOU 2026-02-19 09:51:57 +01:00
Vignesh Natarajan d3dab089d7 fix: preserve reasoning stream partial contract (#20635) (thanks @obviyus) 2026-02-19 00:05:10 -08:00
Peter Steinberger 7e54b6c96f fix(browser): unify extension relay auth on gateway token 2026-02-19 08:40:40 +01:00
Gustavo Madeira Santana c5698caca3
Security: default gateway auth bootstrap and explicit mode none (#20686) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: be1b73182c
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-19 02:35:50 -05:00
vikpos f855d0be4f
fix: skip heartbeat when HEARTBEAT.md does not exist (#20461) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: f6e5f8172a
Co-authored-by: vikpos <24960005+vikpos@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-19 01:09:33 -05:00
Marcus Castro 48e6b4fca3
fix: run BOOT.md for each configured agent at startup (#20569) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9098a4cc64
Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-19 00:58:56 -05:00
Ayaan Zaidi d17a1f387b
fix(telegram): unify inbound handling for message-like updates (#20591) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 442a100071
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-19 09:54:47 +05:30
Ayaan Zaidi 6b05916c14
fix: gate Telegram exec tool warnings behind verbose mode (#20560) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7ce94931f0
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-19 09:05:49 +05:30
青雲 3d4ef56044
fix: include provider and model name in billing error message (#20510) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 40dbdf62e8
Co-authored-by: echoVic <16428813+echoVic@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-18 21:56:00 -05:00
Clawborn 2bb8ead187
Fix LaunchAgent missing TMPDIR causing SQLITE_CANTOPEN on macOS (#20512) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 25ba59765d
Co-authored-by: Clawborn <261310391+Clawborn@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-18 21:42:35 -05:00
Xinhe Hu b62bd290cb
fix: remove hardcoded disableBlockStreaming to honor agent config for TUI (#19693) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 710d449080
Co-authored-by: neipor <191749196+neipor@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-18 16:25:59 -05:00
Nimrod Gutman dd28a77df0
fix(ios): refactor screen webview lifecycle handling (#20366) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7beb794a06
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Reviewed-by: @ngutman
 2026-02-19 05:05:40 +08:00
Mariano e67da1538c
iOS/Gateway: wake disconnected iOS nodes via APNs before invoke (#20332) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7751f9c531
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 21:00:17 +00:00
Mariano 750276fa36
fix(protocol): regenerate Swift models for push.test (#20325) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9281e7ad03
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 20:04:03 +00:00
Mariano 264131eb9f
Canvas: improve A2UI asset resolution and empty state (#20312) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: adce485695
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 19:44:55 +00:00
Mariano fe3f0759b5
Chat UI: accept canonical main session key alias (#20311) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: a4ed5235bc
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 19:42:18 +00:00
Mariano 6e7f1a6a1b
iOS onboarding: prevent pairing flicker during auto-resume (#20310) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 691808b747
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 19:39:41 +00:00
Mariano c2d12b7e31
iOS: add APNs registration and notification signing config (#20308) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 614180020e
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 19:37:03 +00:00
Mariano 99d099aa84
Gateway: add APNs push test pipeline (#20307) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 6a1c442207
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 19:32:42 +00:00
Mariano e9b4d86e37
fix(protocol): preserve AnyCodable booleans from JSON bridge (#20220) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 1d86183e3b
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 17:39:54 +00:00
Peter Steinberger 797a47c3ce docs: harden coding-agent skill guidance example 2026-02-18 16:55:50 +01:00
Pejman Pour-Moezzi a0d904dc23
docs(discord): replace quick setup and add recommended guild setup (#20088) 
Co-authored-by: Shadow <shadow@openclaw.ai>
 2026-02-18 09:39:09 -06:00
Mariano 57083e4220
iOS: add Apple Watch companion message MVP (#20054) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 720791ae6b
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 13:37:41 +00:00
Mariano 1437ed76a0
Gateway/CLI: add paired-device remove and clear flows (#20057) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 26523f8a38
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 13:27:31 +00:00
Mariano fc65f70a9b
iOS: stabilize pairing/reconnect loops (#20056) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b01a482a17
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 13:23:06 +00:00
Mariano 39881a318a
Browser: reuse extension relay when relay port is already occupied (#20035) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b310666d39
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-18 13:13:04 +00:00
Nimrod Gutman cb34e80f98
fix(ios): restore auto-selected team for local signing (#19993) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 6f375238f0
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Reviewed-by: @ngutman
 2026-02-18 19:38:23 +08:00
Taras Lukavyi d833dcd731
fix(telegram): cron and heartbeat messages land in wrong chat instead of target topic (#19367) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: bf02bbf9ce
Co-authored-by: Lukavyi <1013690+Lukavyi@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-18 15:31:01 +05:30
Gustavo Madeira Santana 07fdceb5fd
refactor: centralize presence routing and version precedence coverage (#19609) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 10d9df5263
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-18 00:02:51 -05:00
Robby 5c69e625f5
fix(cli): display correct model for sub-agents in sessions list (#18660) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ba54c5a351
Co-authored-by: robbyczgw-cla <239660374+robbyczgw-cla@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-17 23:59:20 -05:00
Peter Steinberger 28bac46c92 fix(security): harden safeBins path trust 2026-02-18 04:55:31 +01:00
Peter Steinberger 42d2a61888 chore(changelog): move SSRF transition fix to 2026.2.18 2026-02-18 04:53:50 +01:00
Peter Steinberger 442fdbf3d8 fix(security): block SSRF IPv6 transition bypasses 2026-02-18 04:53:09 +01:00
Peter Steinberger 35851cdaff chore(changelog): move cron SSRF fix into 2026.2.18 2026-02-18 04:52:13 +01:00
Peter Steinberger 516046dba8 fix: avoid doctor token regeneration on invalid repairs 2026-02-18 04:51:25 +01:00
Peter Steinberger 99db4d13e5 fix(gateway): guard cron webhook delivery against SSRF 2026-02-18 04:48:08 +01:00
Ayaan Zaidi 6a5f887b3d
test: harden Telegram command menu sanitization coverage (#19703) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 6a41b11590
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-18 09:16:31 +05:30
Peter Steinberger cc29be8c9b fix: serialize sandbox registry writes 2026-02-18 04:44:56 +01:00
Peter Steinberger 4bf3338834 chore: bump version to 2026.2.18 unreleased 2026-02-18 04:40:06 +01:00
Peter Steinberger c90b09cb02 feat(agents): support Anthropic 1M context beta header 2026-02-18 03:29:48 +01:00
Peter Steinberger d1c00dbb7c fix: harden include confinement edge cases (#18652) (thanks @aether-ai-agent) 2026-02-18 03:27:16 +01:00
Gustavo Madeira Santana 985ec71c55
CLI: resolve parent/subcommand option collisions (#18725) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b7e51cf909
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-17 20:57:09 -05:00
Peter Steinberger 414b996b0c fix(agents): make image resize logs single-line with size 2026-02-18 01:58:33 +01:00
Peter Steinberger 3459200444 docs: reorder unreleased changelog by user-impact highlights 2026-02-18 01:51:28 +01:00
Peter Steinberger 76949001ea fix: compact skill paths in prompt (#14776) (thanks @bitfish3) 2026-02-18 01:35:37 +01:00
DylanWoodAkers cfd384ead2
feat(skills): improve descriptions with routing logic (#14577) 
* feat(skills): improve descriptions with routing logic

Apply OpenAI's recommended pattern for skill descriptions:
- Add 'Use when' conditions for clear triggering
- Add 'NOT for' negative examples to reduce misfires
- Make descriptions act as routing logic, not marketing copy

Based on: https://developers.openai.com/blog/skills-shell-tips/

Skills updated:
- coding-agent: clarify when to delegate vs direct edit
- github: add boundaries vs browser/scripting
- weather: add scope limitations

Glean reported 20% drop in skill triggering without negative
examples, recovering after adding them. This change brings
Clawdbot skills in line with that pattern.

* docs(skills): clarify routing boundaries (openclaw#14577) (thanks @DylanWoodAkers)

* docs(changelog): add PR 14577 release note (openclaw#14577) (thanks @DylanWoodAkers)

---------

Co-authored-by: ClawdBotWolf <clawdbotwolf@proton.me>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-18 01:31:28 +01:00
Peter Steinberger 1d23934c09 fix: follow-up slack streaming routing/tests (#9972) (thanks @natedenh) 2026-02-18 00:50:22 +01:00
Peter Steinberger f07bb8e8fc fix(hooks): backport internal message hook bridge with safe delivery semantics 2026-02-18 00:35:41 +01:00
Tyler Yust 087dca8fa9
fix(subagent): harden read-tool overflow guards and sticky reply threading (#19508) 
* fix(gateway): avoid premature agent.wait completion on transient errors

* fix(agent): preemptively guard tool results against context overflow

* fix: harden tool-result context guard and add message_id metadata

* fix: use importOriginal in session-key mock to include DEFAULT_ACCOUNT_ID

The run.skill-filter test was mocking ../../routing/session-key.js with only
buildAgentMainSessionKey and normalizeAgentId, but the module also exports
DEFAULT_ACCOUNT_ID which is required transitively by src/web/auth-store.ts.

Switch to importOriginal pattern so all real exports are preserved alongside
the mocked functions.

* pi-runner: guard accumulated tool-result overflow in transformContext

* PI runner: compact overflowing tool-result context

* Subagent: harden tool-result context recovery

* Enhance tool-result context handling by adding support for legacy tool outputs and improving character estimation for message truncation. This includes a new function to create legacy tool results and updates to existing functions to better manage context overflow scenarios.

* Enhance iMessage handling by adding reply tag support in send functions and tests. This includes modifications to prepend or rewrite reply tags based on provided replyToId, ensuring proper message formatting for replies.

* Enhance message delivery across multiple channels by implementing sticky reply context for chunked messages. This includes preserving reply references in Discord, Telegram, and iMessage, ensuring that follow-up messages maintain their intended reply targets. Additionally, improve handling of reply tags in system prompts and tests to support consistent reply behavior.

* Enhance read tool functionality by implementing auto-paging across chunks when no explicit limit is provided, scaling output budget based on model context window. Additionally, add tests for adaptive reading behavior and capped continuation guidance for large outputs. Update related functions to support these features.

* Refine tool-result context management by stripping oversized read-tool details payloads during compaction, ensuring repeated read calls do not bypass context limits. Introduce new utility functions for handling truncation content and enhance character estimation for tool results. Add tests to validate the removal of excessive details in context overflow scenarios.

* Refine message delivery logic in Matrix and Telegram by introducing a flag to track if a text chunk was sent. This ensures that replies are only marked as delivered when a text chunk has been successfully sent, improving the accuracy of reply handling in both channels.

* fix: tighten reply threading coverage and prep fixes (#19508) (thanks @tyler6204)
 2026-02-17 15:32:52 -08:00
Peter Steinberger ae2c8f2cf0 feat(models): support anthropic sonnet 4.6 2026-02-18 00:00:31 +01:00
Peter Steinberger c26cf6aa83 feat(cron): add default stagger controls for scheduled jobs 2026-02-17 23:48:14 +01:00
Peter Steinberger 9a2c39419e chore(release): bump version to 2026.2.17 2026-02-17 23:08:55 +01:00
Peter Steinberger 25a9e7ed97 docs(changelog): add missing 2026.2.16 entries and reorder by user impact 2026-02-17 23:05:08 +01:00
Mariano bfc9736366
feat: share to openclaw ios app (#19424) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0a7ab8589a
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-17 20:08:50 +00:00
Tyler Yust 81c5c02e53 changelog: add @tyler6204 credit for today's entries 2026-02-17 11:40:20 -08:00
Tyler Yust 75001a0490 fix cron announce routing and timeout handling 2026-02-17 11:40:04 -08:00
Tyler Yust e1015a5197 fix(bluebubbles): recover outbound message IDs and include sender metadata 2026-02-17 11:39:58 -08:00
Nimrod Gutman 98962ed81d
feat(ios): auto-select local signing team (#18421) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: bbb9c3aa48
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Reviewed-by: @ngutman
 2026-02-18 03:16:10 +08:00
Tyler Yust 2362aac3db chore: document sessions_spawn response note and subagent context prefix 2026-02-17 11:05:37 -08:00
Sk Akram c4e9bb3b99
fix: sanitize native command names for Telegram API (#19257) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b608be3488
Co-authored-by: akramcodez <179671552+akramcodez@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-17 23:20:36 +05:30
Mariano 20a561224c
iOS: use operator session for ChatSheet RPCs (#19320) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0753b3a1a2
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-17 17:42:47 +00:00
Sebastian 2caf7e7612 docs(changelog): remove revert entries 2026-02-17 10:46:54 -05:00
Sebastian e0e2184b90 test(release): add appcast regression coverage 2026-02-17 10:43:39 -05:00
Sebastian 19a8f8bbf6 test(cron): add model fallback regression coverage 2026-02-17 10:40:25 -05:00
Sebastian e7c19cb52d test(telegram): cover autoSelectFamily env precedence 2026-02-17 10:10:32 -05:00
Seb Slight 9f261f592d
revert: PR 18288 accidental merge (#19224) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 3cda31578c
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com>
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com>
Reviewed-by: @sebslight
 2026-02-17 10:05:29 -05:00
Sebastian 21978303a9 test(auto-reply): cover sender_id metadata 2026-02-17 10:02:26 -05:00
Sebastian 11fcbadec8 fix(daemon): guard preferred node selection 2026-02-17 10:01:54 -05:00
Sebastian 3f66280c3c test(sessions): add delivery info regression coverage 2026-02-17 10:00:08 -05:00
Sebastian c0072be6a6 docs(cli): add components send example 2026-02-17 09:58:47 -05:00
Sebastian bd1e7fadd5 test: cover cron telemetry and typed fetch mocks 2026-02-17 09:47:29 -05:00
Seb Slight f44e3b2a34
revert: fix models set catalog validation (#19194) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7e3b2ff7af
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com>
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com>
Reviewed-by: @sebslight
 2026-02-17 09:43:41 -05:00
Sebastian dd0b789669 fix(mattermost): surface reactions support 2026-02-17 09:30:50 -05:00
Shakker 2547b782d7
Agents: add before_message_write persistence regression tests 2026-02-17 14:29:41 +00:00
Seb Slight 3211280bed
revert: per-model thinkingDefault override (#19195) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: fe2c59e222
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com>
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com>
Reviewed-by: @sebslight
 2026-02-17 09:25:18 -05:00
Sebastian 5d1bcc76cc docs(zai): document tool_stream defaults 2026-02-17 09:22:55 -05:00
Sebastian 7caf874546 test(update): cover restart gating 2026-02-17 09:20:21 -05:00
Sebastian a19ea7d400 test(discord): cover auto-thread skip types 2026-02-17 09:19:04 -05:00
Sebastian cc359d338e test: add fetch mock helper and reaction coverage 2026-02-17 09:02:39 -05:00
Sebastian 9772a28f0e test(gateway): cover trusted proxy trimming 2026-02-17 08:49:16 -05:00
Sebastian e74ec2acd3 fix(cron): add spin-loop regression coverage 2026-02-17 08:48:11 -05:00
Sebastian 366da7569a fix(cli): honor update restart overrides 2026-02-17 08:47:25 -05:00
Sebastian dff8692613 fix(discord): normalize command allowFrom prefixes 2026-02-17 08:45:41 -05:00
Sebastian 96fb276481 docs(changelog): note webhook session reuse fix 2026-02-17 08:44:42 -05:00
Sebastian 111a24d55c fix(daemon): scope token drift warnings 2026-02-17 08:44:24 -05:00
Sebastian 210bc37971 chore(subagents): add regression coverage and changelog 2026-02-17 08:40:36 -05:00
Mariano 836e77449c
iOS onboarding: stop auth step-3 retry loop churn (#19153) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: a38ec42bdd
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-17 13:12:53 +00:00
Mariano 0c87dbdcfc
voice-call: harden closed-loop turn loop and transcript routing (#19140) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 14a3edb005
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-17 13:02:38 +00:00
Sam Padilla 32d12fcae9
feat(telegram): add channel_post support for bot-to-bot communication (#17857) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 27a343cd4d
Co-authored-by: theSamPadilla <35386211+theSamPadilla@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-17 14:44:18 +05:30
Benjamin Jesuiter 19f8b6bf4f fix: searchable model picker in configure (#19010) (thanks @bjesuiter) 2026-02-17 09:15:55 +01:00
Ayaan Zaidi 7be63ec74a fix: align tool execute arg parsing for hooks 2026-02-17 13:30:29 +05:30
Sascha Reuter 60dc3741c0
fix: before_tool_call hook double-fires with abort signal (#16852) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 6269d617f3
Co-authored-by: sreuter <550246+sreuter@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-17 12:53:54 +05:30
Ayaan Zaidi 583844ecf6
fix(telegram): avoid duplicate preview bubbles in partial stream mode (#18956) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: cf4eca71d4
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-17 12:36:15 +05:30
cpojer bcf862f69f
chore: Typecheck tests. 2026-02-17 15:50:07 +09:00
Hongwei Ma 7ffc8f9f7c
fix(telegram): add initial message debounce for better push notifications (#18147) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 5e2285b6a0
Co-authored-by: Marvae <11957602+Marvae@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-17 11:21:49 +05:30
Sebastian f8adfcf60e test(agents): cover exec non-zero exits 2026-02-16 23:12:06 -05:00
Sebastian 4b40bdb98e fix(telegram): clear offsets on token change 2026-02-16 23:07:26 -05:00
Sebastian 67014228cf fix(subagents): harden announce retry guards 2026-02-16 22:57:15 -05:00
Sebastian f7d2e15a2e test: stabilize infra tests 2026-02-16 22:37:34 -05:00
Sebastian b7cf28f407 test(docker): cover browser install build arg 2026-02-16 22:35:27 -05:00