61f7cea48b
fix: kill stuck ACP child processes on startup and harden sessions in discord threads ( #33699 )
...
* Gateway: resolve agent.wait for chat.send runs
* Discord: harden ACP thread binding + listener timeout
* ACPX: handle already-exited child wait
* Gateway/Discord: address PR review findings
* Discord: keep ACP error-state thread bindings on startup
* gateway: make agent.wait dedupe bridge event-driven
* discord: harden ACP probe classification and cap startup fan-out
* discord: add cooperative timeout cancellation
* discord: fix startup probe concurrency helper typing
* plugin-sdk: avoid Windows root-alias shard timeout
* plugin-sdk: keep root alias reflection path non-blocking
* discord+gateway: resolve remaining PR review findings
* gateway+discord: fix codex review regressions
* Discord/Gateway: address Codex review findings
* Gateway: keep agent.wait lifecycle active with shared run IDs
* Discord: clean up status reactions on aborted runs
* fix: add changelog note for ACP/Discord startup hardening (#33699 ) (thanks @dutifulbob)
---------
Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
2026-03-04 10:52:28 +01:00
0b3bbfec06
fix(gateway+acp): thread stopReason through final event to ACP bridge ( #24867 )
...
Complete the stop reason propagation chain so ACP clients can
distinguish end_turn from max_tokens:
- server-chat.ts: emitChatFinal accepts optional stopReason param,
includes it in the final payload, reads it from lifecycle event data
- translator.ts: read stopReason from the final payload instead of
hardcoding end_turn
Chain: LLM API → run.ts (meta.stopReason) → agent.ts (lifecycle event)
→ server-chat.ts (final payload) → ACP translator (PromptResponse)
2026-03-03 00:40:54 -05:00
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
287606e445
feat(acp): add kimi harness support surfaces
2026-03-03 01:05:24 +00:00
36dfd462a8
feat(acp): enable dispatch by default
2026-03-03 00:47:35 +00:00
fd3ca8a34c
refactor: dedupe agent and browser cli helpers
2026-03-03 00:15:00 +00:00
d01e04bcec
test(perf): reduce heavy fixture and guardrail overhead
2026-03-02 21:07:52 +00:00
3a08e69a05
refactor: unify queueing and normalize telegram slack flows
2026-03-02 20:55:15 +00:00
9617ac9dd5
refactor: dedupe agent and reply runtimes
2026-03-02 19:57:33 +00:00
cd653c55d7
windows: unify non-core spawn handling across acp qmd and docker (openclaw#31750) thanks @Takhoffman
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check (fails on pre-existing unrelated src/slack/monitor/events/messages.ts typing errors)
- pnpm vitest run src/acp/client.test.ts src/memory/qmd-manager.test.ts src/agents/sandbox/docker.execDockerRaw.enoent.test.ts src/agents/sandbox/docker.windows.test.ts extensions/acpx/src/runtime-internals/process.test.ts
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 08:05:39 -06:00
b7615e0ce3
Exec/ACP: inject OPENCLAW_SHELL into child shell env ( #31271 )
...
* exec: mark runtime shell context in exec env
* tests(exec): cover OPENCLAW_SHELL in gateway exec
* tests(exec): cover OPENCLAW_SHELL in pty mode
* acpx: mark runtime shell context for spawned process
* tests(acpx): log OPENCLAW_SHELL in runtime fixture
* tests(acpx): assert OPENCLAW_SHELL in runtime prompt
* docs(env): document OPENCLAW_SHELL runtime markers
* docs(exec): describe OPENCLAW_SHELL exec marker
* docs(acp): document OPENCLAW_SHELL acp marker
* docs(gateway): note OPENCLAW_SHELL for background exec
* tui: tag local shell runs with OPENCLAW_SHELL
* tests(tui): assert OPENCLAW_SHELL in local shell runner
* acp client: tag spawned bridge env with OPENCLAW_SHELL
* tests(acp): cover acp client OPENCLAW_SHELL env helper
* docs(env): include acp-client and tui-local shell markers
* docs(acp): document acp-client OPENCLAW_SHELL marker
* docs(tui): document tui-local OPENCLAW_SHELL marker
* exec: keep shell runtime env string-only for docker args
* changelog: note OPENCLAW_SHELL runtime markers
2026-03-01 20:31:06 -08:00
2466a9bb13
ACP: carry dedupe/projector updates onto configurable acpx branch
2026-03-01 20:39:24 +01:00
a7d56e3554
feat: ACP thread-bound agents ( #23580 )
...
* docs: add ACP thread-bound agents plan doc
* docs: expand ACP implementation specification
* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup
* feat(acp): add /acp commands and Discord spawn gate
* ACP: add acpx runtime plugin backend
* fix(subagents): defer transient lifecycle errors before announce
* Agents: harden ACP sessions_spawn and tighten spawn guidance
* Agents: require explicit ACP target for runtime spawns
* docs: expand ACP control-plane implementation plan
* ACP: harden metadata seeding and spawn guidance
* ACP: centralize runtime control-plane manager and fail-closed dispatch
* ACP: harden runtime manager and unify spawn helpers
* Commands: route ACP sessions through ACP runtime in agent command
* ACP: require persisted metadata for runtime spawns
* Sessions: preserve ACP metadata when updating entries
* Plugins: harden ACP backend registry across loaders
* ACPX: make availability probe compatible with adapters
* E2E: add manual Discord ACP plain-language smoke script
* ACPX: preserve streamed spacing across Discord delivery
* Docs: add ACP Discord streaming strategy
* ACP: harden Discord stream buffering for thread replies
* ACP: reuse shared block reply pipeline for projector
* ACP: unify streaming config and adopt coalesceIdleMs
* Docs: add temporary ACP production hardening plan
* Docs: trim temporary ACP hardening plan goals
* Docs: gate ACP thread controls by backend capabilities
* ACP: add capability-gated runtime controls and /acp operator commands
* Docs: remove temporary ACP hardening plan
* ACP: fix spawn target validation and close cache cleanup
* ACP: harden runtime dispatch and recovery paths
* ACP: split ACP command/runtime internals and centralize policy
* ACP: harden runtime lifecycle, validation, and observability
* ACP: surface runtime and backend session IDs in thread bindings
* docs: add temp plan for binding-service migration
* ACP: migrate thread binding flows to SessionBindingService
* ACP: address review feedback and preserve prompt wording
* ACPX plugin: pin runtime dependency and prefer bundled CLI
* Discord: complete binding-service migration cleanup and restore ACP plan
* Docs: add standalone ACP agents guide
* ACP: route harness intents to thread-bound ACP sessions
* ACP: fix spawn thread routing and queue-owner stall
* ACP: harden startup reconciliation and command bypass handling
* ACP: fix dispatch bypass type narrowing
* ACP: align runtime metadata to agentSessionId
* ACP: normalize session identifier handling and labels
* ACP: mark thread banner session ids provisional until first reply
* ACP: stabilize session identity mapping and startup reconciliation
* ACP: add resolved session-id notices and cwd in thread intros
* Discord: prefix thread meta notices consistently
* Discord: unify ACP/thread meta notices with gear prefix
* Discord: split thread persona naming from meta formatting
* Extensions: bump acpx plugin dependency to 0.1.9
* Agents: gate ACP prompt guidance behind acp.enabled
* Docs: remove temp experiment plan docs
* Docs: scope streaming plan to holy grail refactor
* Docs: refactor ACP agents guide for human-first flow
* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow
* Docs/Skill: add OpenCode and Pi to ACP harness lists
* Docs/Skill: align ACP harness list with current acpx registry
* Dev/Test: move ACP plain-language smoke script and mark as keep
* Docs/Skill: reorder ACP harness lists with Pi first
* ACP: split control-plane manager into core/types/utils modules
* Docs: refresh ACP thread-bound agents plan
* ACP: extract dispatch lane and split manager domains
* ACP: centralize binding context and remove reverse deps
* Infra: unify system message formatting
* ACP: centralize error boundaries and session id rendering
* ACP: enforce init concurrency cap and strict meta clear
* Tests: fix ACP dispatch binding mock typing
* Tests: fix Discord thread-binding mock drift and ACP request id
* ACP: gate slash bypass and persist cleared overrides
* ACPX: await pre-abort cancel before runTurn return
* Extension: pin acpx runtime dependency to 0.1.11
* Docs: add pinned acpx install strategy for ACP extension
* Extensions/acpx: enforce strict local pinned startup
* Extensions/acpx: tighten acp-router install guidance
* ACPX: retry runtime test temp-dir cleanup
* Extensions/acpx: require proactive ACPX repair for thread spawns
* Extensions/acpx: require restart offer after acpx reinstall
* extensions/acpx: remove workspace protocol devDependency
* extensions/acpx: bump pinned acpx to 0.1.13
* extensions/acpx: sync lockfile after dependency bump
* ACPX: make runtime spawn Windows-safe
* fix: align doctor-config-flow repair tests with default-account migration (#23580 ) (thanks @osolmaz)
2026-02-26 11:00:09 +01:00
63dcd28ae0
fix(acp): harden permission tool-name validation
2026-02-24 01:11:34 +00:00
12cc754332
fix(acp): harden permission auto-approval policy
2026-02-24 01:03:30 +00:00
1c753ea786
test: dedupe fixtures and test harness setup
2026-02-23 05:45:54 +00:00
66529c7aa5
refactor(gateway): unify auth credential resolution
2026-02-22 18:23:13 +01:00
f5ede0f2bd
test: stabilize acp cwd prefix assertions across env leakage
2026-02-22 14:18:44 +00:00
9f2b25426b
test(core): increase coverage for sessions, auth choice, and model listing
2026-02-22 14:08:51 +00:00
9f0b6a8c92
fix: harden ACP gateway startup sequencing ( #23390 ) (thanks @janckerchen)
2026-02-22 10:47:38 +01:00
7499e0f619
fix(acp): wait for gateway connection before processing ACP messages
...
- Move gateway.start() before AgentSideConnection creation
- Wait for hello message to confirm connection is established
- This fixes issues where messages were processed before gateway was ready
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 10:47:38 +01:00
d06ad6bc55
chore: remove verified dead code paths
2026-02-22 09:21:09 +01:00
86907aa500
test: dedupe lifecycle oauth and prompt-limit fixtures
2026-02-22 07:44:57 +00:00
4508b818a1
fix(acp): escape C0/C1 controls in resource link metadata
2026-02-22 08:16:38 +01:00
b2d84528f8
refactor(test): remove duplicate cron tool harnesses
2026-02-21 12:25:23 +00:00
6aa11f3092
fix(acp): harden resource link metadata formatting
2026-02-21 13:00:02 +01:00
018370e827
fix(ci): normalize path assertions across platforms
2026-02-19 15:28:14 +00:00
bc6f983f85
fix(ci): resolve format drift and acp mock typing
2026-02-19 15:11:27 +00:00
f76f98b268
chore: fix formatting drift and stabilize cron tool mocks
2026-02-19 15:41:38 +01:00
63e39d7f57
fix(security): harden ACP prompt size guardrails
2026-02-19 15:41:01 +01:00
ebcf19746f
fix(security): OC-53 validate prompt size before string concatenation to prevent memory exhaustion — Aether AI Agent
2026-02-19 15:41:01 +01:00
732e53151e
fix(security): OC-53 enforce 2MB prompt size limit to prevent ACP DoS — Aether AI Agent
2026-02-19 15:41:01 +01:00
b40821b068
fix: harden ACP secret handling and exec preflight boundaries
2026-02-19 15:34:20 +01:00
f8b61bb4ed
refactor(acp): split session tests and share rate limiter
2026-02-19 14:55:06 +01:00
19348050be
style: normalize acp translator import ordering
2026-02-19 13:54:40 +00:00
e01011e3e4
fix(acp): harden session lifecycle against flooding
2026-02-19 14:50:17 +01:00
b8b43175c5
style: align formatting with oxfmt 0.33
2026-02-18 01:34:35 +00:00
31f9be126c
style: run oxfmt and fix gate failures
2026-02-18 01:29:02 +00:00
c4bd82d81d
chore: Fix types in tests 39/N.
2026-02-17 15:50:07 +09:00
d0cb8c19b2
chore: wtf.
2026-02-17 13:36:48 +09:00
ed11e93cf2
chore(format)
2026-02-16 23:20:16 -05:00
90ef2d6bdf
chore: Update formatting.
2026-02-17 09:18:40 +09:00
02124094bf
perf(test): fold acp event mapper tests into client suite
2026-02-16 02:45:00 +00:00
3830a4b58e
perf(test): fold acp session store assertions into mapper suite
2026-02-16 00:18:27 +00:00
013e8f6b3b
fix: harden exec PATH handling
2026-02-14 19:53:04 +01:00
233483d2b9
refactor(security): centralize dangerous tool lists
2026-02-14 13:27:05 +01:00
153a7644ea
fix(acp): tighten safe kind inference
2026-02-14 13:18:49 +01:00
bb1c3dfe10
fix(acp): prompt for non-read/search permissions
2026-02-14 12:53:27 +01:00
874ff7089c
fix: ensure CLI exits after command completion ( #12906 )
...
* fix: ensure CLI exits after command completion
The CLI process would hang indefinitely after commands like
`openclaw gateway restart` completed successfully. Two root causes:
1. `runCli()` returned without calling `process.exit()` after
`program.parseAsync()` resolved, and Commander.js does not
force-exit the process.
2. `daemon-cli/register.ts` eagerly called `createDefaultDeps()`
which imported all messaging-provider modules, creating persistent
event-loop handles that prevented natural Node exit.
Changes:
- Add `flushAndExit()` helper that drains stdout/stderr before calling
`process.exit()`, preventing truncated piped output in CI/scripts.
- Call `flushAndExit()` after both `tryRouteCli()` and
`program.parseAsync()` resolve.
- Remove unnecessary `void createDefaultDeps()` from daemon-cli
registration — daemon lifecycle commands never use messaging deps.
- Make `serveAcpGateway()` return a promise that resolves on
intentional shutdown (SIGINT/SIGTERM), so `openclaw acp` blocks
`parseAsync` for the bridge lifetime and exits cleanly on signal.
- Handle the returned promise in the standalone main-module entry
point to avoid unhandled rejections.
Fixes #12904
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: refactor CLI lifecycle and lazy outbound deps (#12906 ) (thanks @DrCrinkle)
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 00:34:33 +01:00
ee31cd47b4
fix: close OC-02 gaps in ACP permission + gateway HTTP deny config ( #15390 ) (thanks @aether-ai-agent)
2026-02-13 14:30:06 +01:00
Bob
Viz
Josh Avant
Peter Steinberger
Tak Hoffman
Vincent Koc
Onur
janckerchen
Aether AI Agent
cpojer
Sebastian
Taylor Asplund