265367d99b
fix(gateway): land #28428 from @l0cka
...
Landed from contributor PR #28428 by @l0cka.
Co-authored-by: Daniel Alkurdi <danielalkurdi@gmail.com>
2026-03-07 22:51:08 +00:00
92f5a2e252
fix(models): refresh gpt/gemini alias defaults ( #38638 , thanks @ademczuk)
...
Co-authored-by: ademczuk <andrew.demczuk@gmail.com>
2026-03-07 21:10:58 +00:00
c35f529fac
refactor: share daemon install plan runtime scaffolding
2026-03-07 21:09:27 +00:00
b955ba1688
refactor: consolidate daemon runtime and start hints
2026-03-07 21:09:26 +00:00
a91731a831
refactor: centralize gateway auth env credential readers
2026-03-07 21:09:26 +00:00
0848a47c97
refactor: dedupe anthropic probe target test setup
2026-03-07 19:02:01 +00:00
2ada1b71b6
fix(models-auth): land #38951 from @MumuTW
...
Co-authored-by: MumuTW <MumuTW@users.noreply.github.com>
2026-03-07 18:51:17 +00:00
02f99c0ff3
docs: clarify agent owner trust defaults
2026-03-07 18:48:27 +00:00
fbb9bb08c5
style(test): format gateway auth token coverage
2026-03-07 18:33:30 +00:00
f966dde476
tests: fix detect-secrets false positives ( #39084 )
...
* Tests: rename gateway status env token fixture
* Tests: allowlist feishu onboarding fixtures
* Tests: allowlist Google Chat private key fixture
* Docs: allowlist Brave API key example
* Tests: allowlist pairing password env fixtures
* Chore: refresh detect-secrets baseline
2026-03-07 13:21:29 -05:00
3acf46ed45
Tests: fix doctor gateway auth token formatting
2026-03-07 10:18:52 -08:00
e4d80ed556
CI: restore main detect-secrets scan ( #38438 )
...
* Tests: stabilize detect-secrets fixtures
* Tests: fix rebased detect-secrets false positives
* Docs: keep snippets valid under detect-secrets
* Tests: finalize detect-secrets false-positive fixes
* Tests: reduce detect-secrets false positives
* Tests: keep detect-secrets pragmas inline
* Tests: remediate next detect-secrets batch
* Tests: tighten detect-secrets allowlists
* Tests: stabilize detect-secrets formatter drift
2026-03-07 10:06:35 -08:00
ce9719c654
refactor(test-utils): share direct channel plugin test fixture
2026-03-07 17:58:31 +00:00
5f56333016
refactor(commands): dedupe config-only channel status fixtures
2026-03-07 17:58:31 +00:00
bcb587a3bc
refactor(commands): dedupe channel plugin test fixture builders
2026-03-07 17:58:31 +00:00
c1a8f8150e
refactor(commands): dedupe gateway status token secret fixtures
2026-03-07 17:58:31 +00:00
8e20dd22d8
Secrets: harden SecretRef-safe models.json persistence ( #38955 )
2026-03-07 11:28:39 -06:00
6f3990ddca
refactor(commands): dedupe onboard search perplexity test setup
2026-03-07 17:05:23 +00:00
8e6acded82
refactor(commands): dedupe message command secret-config tests
2026-03-07 17:05:23 +00:00
d103918891
refactor(commands): dedupe model probe target test fixtures
2026-03-07 17:05:23 +00:00
134c1e23d3
refactor(commands): dedupe ACP stream test scaffolding
2026-03-07 17:05:23 +00:00
1dd4f92ea2
fix: default local onboarding tools profile to coding
2026-03-07 16:41:27 +00:00
33e7394861
fix(providers): make all models available in kilocode provider ( #32352 )
...
* kilocode: dynamic model discovery, kilo/auto default, cooldown exemption
- Replace 9-model hardcoded catalog with dynamic discovery from
GET /api/gateway/models (Venice-like pattern with static fallback)
- Default model changed from anthropic/claude-opus-4.6 to kilo/auto
(smart routing model)
- Add createKilocodeWrapper for X-KILOCODE-FEATURE header injection
and reasoning.effort handling (skip for kilo/auto)
- Add kilocode to cooldown-exempt providers (proxy like OpenRouter)
- Keep sync buildKilocodeProvider for onboarding, add async
buildKilocodeProviderWithDiscovery for implicit provider resolution
- Per-token gateway pricing converted to per-1M-token for cost fields
* kilocode: skip reasoning injection for x-ai models, harden discovery loop
* fix(kilocode): keep valid discovered duplicates (openclaw#32352, thanks @pandemicsyn)
* refactor(proxy): normalize reasoning payload guards (openclaw#32352, thanks @pandemicsyn)
* chore(changelog): note kilocode hardening (openclaw#32352, thanks @pandemicsyn and @vincentkoc)
* chore(changelog): fix kilocode note format (openclaw#32352, thanks @pandemicsyn and @vincentkoc)
* test(kilocode): support auto-model override cases (openclaw#32352, thanks @pandemicsyn)
* Update CHANGELOG.md
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-07 08:14:06 -08:00
2e31aead39
fix(gateway): invalidate bootstrap cache on session rollover (openclaw#38535)
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: yfge <1186273+yfge@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-06 23:46:02 -06:00
e309a15d73
fix: suppress ACP NO_REPLY fragments in console output ( #38436 )
2026-03-07 09:34:45 +05:30
42e3d8d693
Secrets: add inline allowlist review set ( #38314 )
...
* Secrets: add inline allowlist review set
* Secrets: narrow detect-secrets file exclusions
* Secrets: exclude Docker fingerprint false positive
* Secrets: allowlist test and docs false positives
* Secrets: refresh baseline after allowlist updates
* Secrets: fix gateway chat fixture pragma
* Secrets: format pre-commit config
* Android: keep talk mode fixture JSON valid
* Feishu: rely on client timeout injection
* Secrets: allowlist provider auth test fixtures
* Secrets: allowlist onboard search fixtures
* Secrets: allowlist onboard mode fixture
* Secrets: allowlist gateway auth mode fixture
* Secrets: allowlist APNS wake test key
* Secrets: allowlist gateway reload fixtures
* Secrets: allowlist moonshot video fixture
* Secrets: allowlist auto audio fixture
* Secrets: allowlist tiny audio fixture
* Secrets: allowlist embeddings fixtures
* Secrets: allowlist resolve fixtures
* Secrets: allowlist target registry pattern fixtures
* Secrets: allowlist gateway chat env fixture
* Secrets: refresh baseline after fixture allowlists
* Secrets: reapply gateway chat env allowlist
* Secrets: reapply gateway chat env allowlist
* Secrets: stabilize gateway chat env allowlist
* Secrets: allowlist runtime snapshot save fixture
* Secrets: allowlist oauth profile fixtures
* Secrets: allowlist compaction identifier fixture
* Secrets: allowlist model auth fixture
* Secrets: allowlist model status fixtures
* Secrets: allowlist custom onboarding fixture
* Secrets: allowlist mattermost token summary fixtures
* Secrets: allowlist gateway auth suite fixtures
* Secrets: allowlist channel summary fixture
* Secrets: allowlist provider usage auth fixtures
* Secrets: allowlist media proxy fixture
* Secrets: allowlist secrets audit fixtures
* Secrets: refresh baseline after final fixture allowlists
* Feishu: prefer explicit client timeout
* Feishu: test direct timeout precedence
2026-03-06 19:35:26 -05:00
3070fafec1
fix(venice): switch default model to kimi-k2-5 ( #38423 )
...
* Docs: refresh Venice default model guidance
* Venice: switch default model to Kimi K2.5
* Changelog: credit Venice default refresh
2026-03-06 19:31:07 -05:00
6e962d8b9e
fix(agents): handle overloaded failover separately ( #38301 )
...
* fix(agents): skip auth-profile failure on overload
* fix(agents): note overload auth-profile fallback fix
* fix(agents): classify overloaded failures separately
* fix(agents): back off before overload failover
* fix(agents): tighten overload probe and backoff state
* fix(agents): persist overloaded cooldown across runs
* fix(agents): tighten overloaded status handling
* test(agents): add overload regression coverage
* fix(agents): restore runner imports after rebase
* test(agents): add overload fallback integration coverage
* fix(agents): harden overloaded failover abort handling
* test(agents): tighten overload classifier coverage
* test(agents): cover all-overloaded fallback exhaustion
* fix(cron): retry overloaded fallback summaries
* fix(cron): treat HTTP 529 as overloaded retry
2026-03-07 01:42:11 +03:00
3d7bc5958d
feat(onboarding): add web search to onboarding flow ( #34009 )
...
* add web search to onboarding flow
* remove post onboarding step (now redundant)
* post-onboarding nudge if no web search set up
* address comments
* fix test mocking
* add enabled: false assertion to the no-key test
* --skip-search cli flag
* use provider that a user has a key for
* add assertions, replace the duplicated switch blocks
* test for quickstart fast-path with existing config key
* address comments
* cover quickstart falls through to key test
* bring back key source
* normalize secret inputs instead of direct string trimming
* preserve enabled: false if it's already set
* handle missing API keys in flow
* doc updates
* hasExistingKey to detect both plaintext strings and SecretRef objects
* preserve enabled state only on the "keep current" paths
* add test for preserving
* better gate flows
* guard against invalid provider values in config
* Update src/commands/configure.wizard.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* format fix
* only mentions env var when it's actually available
* search apiKey fields now typed as SecretInput
* if no provider check if any search provider key is detectable
* handle both kimi keys
* remove .filter(Boolean)
* do not disable web_search after user enables it
* update resolveSearchProvider
* fix(onboarding): skip search key prompt in ref mode
* fix: add onboarding web search step (#34009 ) (thanks @kesku)
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Shadow <hi@shadowing.dev>
2026-03-06 13:09:00 -06:00
bdd368533f
fix(auth): remove bogus codex oauth responses probe
2026-03-06 15:07:34 +05:30
a4a490bae7
fix(openai-codex-oauth): stop mutating authorize url scopes
2026-03-06 01:13:12 -08:00
c5828cbc08
fix(onboarding): guard daemon status probe on headless linux
2026-03-05 22:51:58 -08:00
0e4245063f
CLI: make read-only SecretRef status flows degrade safely ( #37023 )
...
* CLI: add read-only SecretRef inspection
* CLI: fix read-only SecretRef status regressions
* CLI: preserve read-only SecretRef status fallbacks
* Docs: document read-only channel inspection hook
* CLI: preserve audit coverage for read-only SecretRefs
* CLI: fix read-only status account selection
* CLI: fix targeted gateway fallback analysis
* CLI: fix Slack HTTP read-only inspection
* CLI: align audit credential status checks
* CLI: restore Telegram read-only fallback semantics
2026-03-05 23:07:13 -06:00
5d4b04040d
feat(openai): add gpt-5.4 support for API and Codex OAuth ( #36590 )
...
* feat(openai): add gpt-5.4 support and priority processing
* feat(openai-codex): add gpt-5.4 oauth support
* fix(openai): preserve provider overrides in gpt-5.4 fallback
* fix(openai-codex): keep xhigh for gpt-5.4 default
* fix(models): preserve configured overrides in list output
* fix(models): close gpt-5.4 integration gaps
* fix(openai): scope service tier to public api
* fix(openai): complete prep followups for gpt-5.4 support (#36590 ) (thanks @dorukardahan)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-03-05 21:01:37 -08:00
e5481ac79f
Doctor: warn on implicit heartbeat directPolicy ( #36789 )
...
* Changelog: note heartbeat directPolicy doctor warning
* Tests: cover heartbeat directPolicy doctor warning
* Doctor: warn on implicit heartbeat directPolicy
* Tests: cover per-agent heartbeat directPolicy warning
* Update CHANGELOG.md
2026-03-05 23:22:39 -05:00
d45353f95b
fix(agents): honor explicit rate-limit cooldown probes in fallback runs
2026-03-05 20:03:06 -08:00
8088218f46
fix(openai-codex): request required oauth api scopes ( #24720 )
2026-03-05 18:10:03 -08:00
fb289b7a79
Memory: handle SecretRef keys in doctor embeddings ( #36835 )
...
Merged via squash.
Prepared head SHA: c1a3d0caae
2026-03-05 20:05:59 -06:00
92b4892127
fix(auth): harden openai-codex oauth login path
2026-03-05 17:16:34 -08:00
d86a12eb62
fix(gateway): honor insecure ws override for remote hostnames
2026-03-05 17:04:26 -08:00
6dfd39c32f
Harden Telegram poll gating and schema consistency ( #36547 )
...
Merged via squash.
Prepared head SHA: f77824419e
2026-03-05 19:24:43 -05:00
72cf9253fc
Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails ( #35094 )
2026-03-05 12:53:56 -06:00
6a705a37f2
ACP: add persistent Discord channel and Telegram topic bindings ( #34873 )
...
* docs: add ACP persistent binding experiment plan
* docs: align ACP persistent binding spec to channel-local config
* docs: scope Telegram ACP bindings to forum topics only
* docs: lock bound /new and /reset behavior to in-place ACP reset
* ACP: add persistent discord/telegram conversation bindings
* ACP: fix persistent binding reuse and discord thread parent context
* docs: document channel-specific persistent ACP bindings
* ACP: split persistent bindings and share conversation id helpers
* ACP: defer configured binding init until preflight passes
* ACP: fix discord thread parent fallback and explicit disable inheritance
* ACP: keep bound /new and /reset in-place
* ACP: honor configured bindings in native command flows
* ACP: avoid configured fallback after runtime bind failure
* docs: refine ACP bindings experiment config examples
* acp: cut over to typed top-level persistent bindings
* ACP bindings: harden reset recovery and native command auth
* Docs: add ACP bound command auth proposal
* Tests: normalize i18n registry zh-CN assertion encoding
* ACP bindings: address review findings for reset and fallback routing
* ACP reset: gate hooks on success and preserve /new arguments
* ACP bindings: fix auth and binding-priority review findings
* Telegram ACP: gate ensure on auth and accepted messages
* ACP bindings: fix session-key precedence and unavailable handling
* ACP reset/native commands: honor fallback targets and abort on bootstrap failure
* Config schema: validate ACP binding channel and Telegram topic IDs
* Discord ACP: apply configured DM bindings to native commands
* ACP reset tails: dispatch through ACP after command handling
* ACP tails/native reset auth: fix target dispatch and restore full auth
* ACP reset detection: fallback to active ACP keys for DM contexts
* Tests: type runTurn mock input in ACP dispatch test
* ACP: dedup binding route bootstrap and reset target resolution
* reply: align ACP reset hooks with bound session key
* docs: replace personal discord ids with placeholders
* fix: add changelog entry for ACP persistent bindings (#34873 ) (thanks @dutifulbob)
---------
Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
2026-03-05 09:38:12 +01:00
646817dd80
fix(outbound): unify resolved cfg threading across send paths ( #33987 )
2026-03-04 00:20:44 -06:00
230fea1ca6
feat(web-search): switch Perplexity to native Search API ( #33822 )
...
* feat: Add Perplexity Search API as web_search provider
* docs fixes
* domain_filter validation
* address comments
* provider-specific options in cache key
* add validation for unsupported date filters
* legacy fields
* unsupported_language guard
* cache key matches the request's precedence order
* conflicting_time_filters guard
* unsupported_country guard
* invalid_date_range guard
* pplx validate for ISO 639-1 format
* docs: add Perplexity Search API changelog entry
* unsupported_domain_filter guard
---------
Co-authored-by: Shadow <hi@shadowing.dev>
2026-03-03 22:57:19 -06:00
1c200ca7ae
follow-up: align ingress, atomic paths, and channel tests with credential semantics ( #33733 )
...
Merged via squash.
Prepared head SHA: c290c2ab6a
2026-03-03 20:29:46 -06:00
caa748b969
fix(config): detect top-level heartbeat as invalid config path ( #30894 ) ( #32706 )
...
Merged via squash.
Prepared head SHA: 1714ffe6fc
2026-03-03 20:27:04 -05:00
e4b4486a96
Agent: unify bootstrap truncation warning handling ( #32769 )
...
Merged via squash.
Prepared head SHA: 5d6d4ddfa6
2026-03-03 16:28:38 -05:00
4ffe15c6b2
fix(telegram): warn when accounts.default is missing in multi-account setup ( #32544 )
...
Merged via squash.
Prepared head SHA: 7ebc3f65b2
2026-03-03 03:27:19 -05:00
a9ec75fe81
fix(gateway): flush throttled delta before emitChatFinal ( #24856 )
...
* fix(gateway): flush throttled delta before emitChatFinal
The 150ms throttle in emitChatDelta can suppress the last text chunk
before emitChatFinal fires, causing streaming clients (e.g. ACP) to
receive truncated responses. The final event carries the complete text,
but clients that build responses incrementally from deltas miss the
tail end.
Flush one last unthrottled delta with the complete buffered text
immediately before sending the final event. This ensures all streaming
consumers have the full response without needing to reconcile deltas
against the final payload.
* fix(gateway): avoid duplicate delta flush when buffer unchanged
Track the text length at the time of the last broadcast. The flush in
emitChatFinal now only sends a delta if the buffer has grown since the
last broadcast, preventing duplicate sends when the final delta passed
the 150ms throttle and was already broadcast.
* fix(gateway): honor heartbeat suppression in final delta flush
* test(gateway): add final delta flush and dedupe coverage
* fix(gateway): skip final flush for silent lead fragments
* docs(changelog): note gateway final-delta flush fix credits
---------
Co-authored-by: Jonathan Taylor <visionik@pobox.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-02 23:45:46 -05:00
Peter Steinberger
Vincent Koc
Josh Avant
Florian Hines
拐爷&&老拐瘦
ql-wade
Altay
Kesku
Ayaan Zaidi
Vignesh Natarajan
dorukardahan
Gustavo Madeira Santana
Bob
wan.xi
Sid
Viz