f7f0caa5c7
fix(ci): tighten type signatures in gateway params validation
2026-03-03 03:04:13 +00:00
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
b8181e5944
refactor(gateway): dedupe agents server-method handlers
2026-03-03 02:53:13 +00:00
d068fc9f9d
refactor(tests): dedupe agent handler test scaffolding
2026-03-03 02:53:13 +00:00
b8b8a5f314
fix(security): enforce explicit ingress owner context
2026-03-02 23:50:36 +00:00
0743463b88
fix(webchat): suppress NO_REPLY token in chat transcript rendering ( #32183 )
...
* fix(types): resolve pre-existing TS errors in agent-components and pairing-store
- agent-components.ts: normalizeDiscordAllowList returns {allowAll, ids, names},
not an array — use ids.values().next().value instead of [0] indexing
- pairing-store.ts: add non-null assertions for stat after cache-miss guard
(resolveAllowFromReadCacheOrMissing returns early when stat is null)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(webchat): suppress NO_REPLY token in chat transcript rendering
Filter assistant NO_REPLY-only entries from chat.history responses at
the gateway API boundary and add client-side defense-in-depth guards in
the UI chat controller so internal silent tokens never render as visible
chat bubbles.
Two-layer fix:
1. Gateway: extractAssistantTextForSilentCheck + isSilentReplyText
filter in sanitizeChatHistoryMessages (entry.text takes precedence
over entry.content to avoid dropping messages with real text)
2. UI: isAssistantSilentReply + isSilentReplyStream guards on all 5
message insertion points in handleChatEvent and loadChatHistory
Fixes #32015
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(webchat): align isAssistantSilentReply text/content precedence with gateway
* webchat: tighten NO_REPLY transcript and delta filtering
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 16:39:08 -06:00
5f0cbd0edc
refactor(gateway): dedupe auth and discord monitor suites
2026-03-02 21:31:36 +00:00
9d30159fcd
refactor: dedupe channel and gateway surfaces
2026-03-02 19:57:33 +00:00
b9e820b7ed
test(perf): cut exec approval metadata test timeout
2026-03-02 17:33:06 +00:00
050e928985
[codex] Fix main-session web UI reply routing to Telegram (openclaw#29328) thanks @BeeSting50
...
Verified:
- pnpm test src/auto-reply/reply/dispatch-from-config.test.ts src/gateway/server-methods/chat.directive-tags.test.ts
- pnpm exec oxfmt --check src/auto-reply/reply/dispatch-from-config.test.ts src/gateway/server-methods/chat.directive-tags.test.ts src/auto-reply/reply/dispatch-from-config.ts src/gateway/server-methods/chat.ts CHANGELOG.md
- CI note: non-required check "check" failed on unrelated src/slack/monitor/events/messages.ts TS errors outside this PR scope.
Co-authored-by: BeeSting50 <85285887+BeeSting50@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 07:54:16 -06:00
b02b94673f
refactor: dedupe runtime and helper flows
2026-03-02 12:55:47 +00:00
d358b3ac88
refactor(core): extract shared usage, auth, and display helpers
2026-03-02 08:54:20 +00:00
d3e0c0b29c
test(gateway): dedupe gateway and infra test scaffolds
2026-03-02 07:13:10 +00:00
0eebae44f6
fix: test browser.request profile body fallback ( #28852 ) (thanks @Sid-Qin)
2026-03-02 06:26:35 +00:00
fa875a6bf7
fix(gateway): honor browser profile from request body for node proxy calls
...
Gateway browser.request only read profile from query.profile before invoking
browser.proxy on nodes. Calls that passed profile in POST body silently fell
back to the default profile, which could switch users into chrome extension
mode even when they explicitly requested openclaw profile.
Use query profile first, then fall back to body.profile when present.
Closes #28687
2026-03-02 06:26:35 +00:00
264599cc1d
refactor(core): share JSON utf8 byte counting helper
2026-03-02 05:20:19 +00:00
0f2dce0483
fix(agents): prioritize per-model thinking defaults ( #30439 )
...
* fix(agents): honor per-model thinking defaults
* fix(agents): preserve thinking fallback with model defaults
---------
Co-authored-by: Mark L <73659136+markliuyuxiang@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-02 04:00:02 +00:00
710004e011
fix(security): harden root-scoped writes against symlink races
2026-03-02 01:27:46 +00:00
155118751f
refactor!: remove versioned system-run approval contract
2026-03-02 01:12:53 +00:00
58659b931b
fix(gateway): enforce owner boundary for agent runs
2026-03-02 00:27:44 +00:00
4c43fccb3e
feat(agents): use structured internal completion events
2026-03-01 23:11:48 +00:00
62a7683ce6
fix(cron): add audit logging for job create/update/remove (openclaw#25090) thanks @MoerAI
...
Verified:
- pnpm install --frozen-lockfile
- pnpm check
- pnpm test -- --run src/gateway/server-cron.test.ts src/gateway/server-methods/server-methods.test.ts src/gateway/protocol/cron-validators.test.ts
Co-authored-by: MoerAI <26067127+MoerAI@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 06:55:48 -06:00
0929c233d8
TUI: sync /model status immediately
2026-02-28 14:02:56 -08:00
9868d5cd8b
Gateway: allow control-ui session deletion
2026-02-28 13:01:10 -08:00
54eaf17327
feat(gateway): add node canvas capability refresh flow
2026-02-27 12:16:36 +05:30
df65ed7e9e
test(gateway): align outbound session assertion shape
2026-02-26 22:14:32 +01:00
4e690e09c7
refactor(gateway): centralize system.run approval context and errors
2026-02-26 22:01:16 +01:00
78a7ff2d50
fix(security): harden node exec approvals against symlink rebind
2026-02-26 21:47:45 +01:00
a1628d89ec
refactor: unify outbound session context wiring
2026-02-26 21:03:28 +01:00
10481097f8
refactor(security): enforce v1 node exec approval binding
2026-02-26 18:09:01 +01:00
6fd9ec97de
fix(gateway): preserve turn-origin messageChannel in agent runs
2026-02-26 17:25:56 +01:00
4894d907fa
refactor(exec-approvals): unify system.run binding and generate host env policy
2026-02-26 16:58:01 +01:00
9a4b2266cc
fix(security): bind node system.run approvals to env
2026-02-26 16:38:07 +01:00
fe56700026
Gateway: add manual secrets reload command
2026-02-26 14:47:22 +00:00
e3385a6578
fix(security): harden root file guards and host writes
2026-02-26 13:32:58 +01:00
46eba86b45
fix: harden workspace boundary path resolution
2026-02-26 13:19:59 +01:00
eac86c2081
refactor: unify boundary hardening for file reads
2026-02-26 13:04:37 +01:00
da0ba1b73a
fix(security): harden channel auth path checks and exec approval routing
2026-02-26 12:46:05 +01:00
a7d56e3554
feat: ACP thread-bound agents ( #23580 )
...
* docs: add ACP thread-bound agents plan doc
* docs: expand ACP implementation specification
* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup
* feat(acp): add /acp commands and Discord spawn gate
* ACP: add acpx runtime plugin backend
* fix(subagents): defer transient lifecycle errors before announce
* Agents: harden ACP sessions_spawn and tighten spawn guidance
* Agents: require explicit ACP target for runtime spawns
* docs: expand ACP control-plane implementation plan
* ACP: harden metadata seeding and spawn guidance
* ACP: centralize runtime control-plane manager and fail-closed dispatch
* ACP: harden runtime manager and unify spawn helpers
* Commands: route ACP sessions through ACP runtime in agent command
* ACP: require persisted metadata for runtime spawns
* Sessions: preserve ACP metadata when updating entries
* Plugins: harden ACP backend registry across loaders
* ACPX: make availability probe compatible with adapters
* E2E: add manual Discord ACP plain-language smoke script
* ACPX: preserve streamed spacing across Discord delivery
* Docs: add ACP Discord streaming strategy
* ACP: harden Discord stream buffering for thread replies
* ACP: reuse shared block reply pipeline for projector
* ACP: unify streaming config and adopt coalesceIdleMs
* Docs: add temporary ACP production hardening plan
* Docs: trim temporary ACP hardening plan goals
* Docs: gate ACP thread controls by backend capabilities
* ACP: add capability-gated runtime controls and /acp operator commands
* Docs: remove temporary ACP hardening plan
* ACP: fix spawn target validation and close cache cleanup
* ACP: harden runtime dispatch and recovery paths
* ACP: split ACP command/runtime internals and centralize policy
* ACP: harden runtime lifecycle, validation, and observability
* ACP: surface runtime and backend session IDs in thread bindings
* docs: add temp plan for binding-service migration
* ACP: migrate thread binding flows to SessionBindingService
* ACP: address review feedback and preserve prompt wording
* ACPX plugin: pin runtime dependency and prefer bundled CLI
* Discord: complete binding-service migration cleanup and restore ACP plan
* Docs: add standalone ACP agents guide
* ACP: route harness intents to thread-bound ACP sessions
* ACP: fix spawn thread routing and queue-owner stall
* ACP: harden startup reconciliation and command bypass handling
* ACP: fix dispatch bypass type narrowing
* ACP: align runtime metadata to agentSessionId
* ACP: normalize session identifier handling and labels
* ACP: mark thread banner session ids provisional until first reply
* ACP: stabilize session identity mapping and startup reconciliation
* ACP: add resolved session-id notices and cwd in thread intros
* Discord: prefix thread meta notices consistently
* Discord: unify ACP/thread meta notices with gear prefix
* Discord: split thread persona naming from meta formatting
* Extensions: bump acpx plugin dependency to 0.1.9
* Agents: gate ACP prompt guidance behind acp.enabled
* Docs: remove temp experiment plan docs
* Docs: scope streaming plan to holy grail refactor
* Docs: refactor ACP agents guide for human-first flow
* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow
* Docs/Skill: add OpenCode and Pi to ACP harness lists
* Docs/Skill: align ACP harness list with current acpx registry
* Dev/Test: move ACP plain-language smoke script and mark as keep
* Docs/Skill: reorder ACP harness lists with Pi first
* ACP: split control-plane manager into core/types/utils modules
* Docs: refresh ACP thread-bound agents plan
* ACP: extract dispatch lane and split manager domains
* ACP: centralize binding context and remove reverse deps
* Infra: unify system message formatting
* ACP: centralize error boundaries and session id rendering
* ACP: enforce init concurrency cap and strict meta clear
* Tests: fix ACP dispatch binding mock typing
* Tests: fix Discord thread-binding mock drift and ACP request id
* ACP: gate slash bypass and persist cleared overrides
* ACPX: await pre-abort cancel before runTurn return
* Extension: pin acpx runtime dependency to 0.1.11
* Docs: add pinned acpx install strategy for ACP extension
* Extensions/acpx: enforce strict local pinned startup
* Extensions/acpx: tighten acp-router install guidance
* ACPX: retry runtime test temp-dir cleanup
* Extensions/acpx: require proactive ACPX repair for thread spawns
* Extensions/acpx: require restart offer after acpx reinstall
* extensions/acpx: remove workspace protocol devDependency
* extensions/acpx: bump pinned acpx to 0.1.13
* extensions/acpx: sync lockfile after dependency bump
* ACPX: make runtime spawn Windows-safe
* fix: align doctor-config-flow repair tests with default-account migration (#23580 ) (thanks @osolmaz)
2026-02-26 11:00:09 +01:00
39a1c13635
chore(ci): fix cross-platform symlink path assertions in agents file tests
2026-02-26 00:39:18 -05:00
92eb3dfc9d
refactor(security): unify exec approval request matching
2026-02-26 03:54:37 +01:00
03e689fc89
fix(security): bind system.run approvals to argv identity
2026-02-26 03:41:31 +01:00
f312222159
test: preserve config exports in agent handler mock
2026-02-26 00:42:51 +00:00
aaeed3c4ea
test(agents): add missing announce delivery regressions
2026-02-26 00:38:34 +00:00
4258a3307f
refactor(agents): unify subagent announce delivery pipeline
...
Co-authored-by: Smith Labs <SmithLabsLLC@users.noreply.github.com>
Co-authored-by: Do Cao Hieu <docaohieu2808@users.noreply.github.com>
2026-02-26 00:30:44 +00:00
2011edc9e5
fix(gateway): preserve agentId through gateway send path
...
Landed from #23249 by @Sid-Qin.
Includes extra regression tests for agentId precedence + blank fallback.
Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com>
2026-02-25 23:31:35 +00:00
125f4071bc
fix(gateway): block agents.files symlink escapes
2026-02-26 00:31:08 +01:00
177386ed73
fix(tui): resolve wrong provider prefix when session has model without modelProvider ( #25874 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f0953a7284
2026-02-25 00:36:27 -05:00
885452f5c1
fix: fail-closed shared-session reply routing ( #24571 ) (thanks @brandonwise)
2026-02-25 02:11:34 +00:00
d58f71571a
feat(talk): add provider-agnostic config with legacy compatibility
2026-02-24 15:02:52 +00:00
Peter Steinberger
Josh Avant
ademczuk
Keenan
SidQin-cyber
Mark L
ToToKr
Vignesh Natarajan
Ayaan Zaidi
Onur Solmaz
Gustavo Madeira Santana
byungsker
Nimrod Gutman