2935ac5b82
fix: import pickFirstExistingAgentId + format config baseline
2026-03-15 22:49:18 +00:00
98aa0140e6
fix: preserve unknown telegram topic agentId
2026-03-15 18:54:18 +00:00
5a7b899706
fix: doc set_topic_name + clear archivedAt
2026-03-15 18:53:55 +00:00
5449b3b46a
fix: archive session behavior
2026-03-15 18:53:55 +00:00
5d0dbd3823
fix: harden set_topic_name label
2026-03-15 18:53:55 +00:00
7958c4a6da
fix: guard archive summary write
2026-03-15 18:53:55 +00:00
09063fad25
chore: clarify session filter reload
2026-03-15 18:53:55 +00:00
95defc2c29
chore: clarify archive filter + merge imports
2026-03-15 18:53:55 +00:00
26f95ef785
fix: update sessions UI types and protocol
2026-03-15 18:53:54 +00:00
f34ff1399d
feat: add session archiving
2026-03-15 18:53:54 +00:00
38e4414b7b
feat: add /set_topic_name for telegram topic labels
2026-03-15 18:53:54 +00:00
438991b6a4
Commands: lazy-load model picker provider runtime ( #47536 )
...
* Commands: lazy-load model picker provider runtime
* Tests: cover model picker runtime boundary
2026-03-15 10:54:46 -07:00
630958749c
Changelog: note CLI OOM startup fixes ( #47525 )
2026-03-15 10:54:21 -07:00
fc2d29ea92
Gateway: tighten forwarded client and pairing guards ( #46800 )
...
* Gateway: tighten forwarded client and pairing guards
* Gateway: make device approval scope checks atomic
* Gateway: preserve device approval baseDir compatibility
2026-03-15 10:50:49 -07:00
132e459009
fix(ci): config drift found and documented
2026-03-15 10:43:03 -07:00
756d9b5782
CLI: lazy-load auth choice provider fallback ( #47495 )
...
* CLI: lazy-load auth choice provider fallback
* CLI: cover lazy auth choice provider fallback
2026-03-15 10:29:31 -07:00
d88da9f5f8
fix(config): avoid failing startup on implicit memory slot ( #47494 )
...
* fix(config): avoid failing on implicit memory slot
* fix(config): satisfy build for memory slot guard
* docs(changelog): note implicit memory slot startup fix (#47494 )
2026-03-15 19:28:50 +02:00
f0202264d0
Gateway: scrub credentials from endpoint snapshots ( #46799 )
...
* Gateway: scrub credentials from endpoint snapshots
* Gateway: scrub raw endpoint credentials in snapshots
* Gateway: preserve config redaction round-trips
* Gateway: restore redacted endpoint URLs on apply
2026-03-15 10:28:15 -07:00
d37e3d582f
Scope Control UI sessions per gateway ( #47453 )
...
* Scope Control UI sessions per gateway
Signed-off-by: sallyom <somalley@redhat.com>
* Add changelog for Control UI session scoping
Signed-off-by: sallyom <somalley@redhat.com>
---------
Signed-off-by: sallyom <somalley@redhat.com>
2026-03-15 13:08:37 -04:00
13e256ac9d
CLI: trim onboarding provider startup imports ( #47467 )
2026-03-15 09:47:56 -07:00
8e97b752d0
Tools: revalidate workspace-only patch targets ( #46803 )
...
* Tools: revalidate workspace-only patch targets
* Tests: narrow apply-patch delete-path assertion
2026-03-15 09:45:58 -07:00
5e78c8bc95
Webhooks: tighten pre-auth body handling ( #46802 )
...
* Webhooks: tighten pre-auth body handling
* Webhooks: clean up request body guards
2026-03-15 09:45:18 -07:00
7679eb3752
Subagents: restrict follow-up messaging scope ( #46801 )
...
* Subagents: restrict follow-up messaging scope
* Subagents: cover foreign-session follow-up sends
* Update CHANGELOG.md
2026-03-15 09:44:51 -07:00
9e2eed211c
Changelog: add more unreleased PR numbers
2026-03-15 09:36:53 -07:00
a493f01a90
Changelog: add missing PR credits
2026-03-15 09:33:47 -07:00
229426a257
ACP: require admin scope for mutating internal actions ( #46789 )
...
* ACP: require admin scope for mutating internal actions
* ACP: cover operator admin mutating actions
* ACP: gate internal status behind admin scope
2026-03-15 09:28:44 -07:00
a47722de7e
Integrations: tighten inbound callback and allowlist checks ( #46787 )
...
* Integrations: harden inbound callback and allowlist handling
* Integrations: address review follow-ups
* Update CHANGELOG.md
* Mattermost: avoid command-gating open button callbacks
2026-03-15 09:24:24 -07:00
67b2d1b8e8
CLI: reduce channels add startup memory ( #46784 )
...
* CLI: lazy-load channel subcommand handlers
* Channels: defer add command dependencies
* CLI: skip status JSON plugin preload
* CLI: cover status JSON route preload
* Status: trim JSON security audit path
* Status: update JSON fast-path tests
* CLI: cover root help fast path
* CLI: fast-path root help
* Status: keep JSON security parity
* Status: restore JSON security tests
* CLI: document status plugin preload
* Channels: reuse Telegram account import
2026-03-15 09:10:40 -07:00
8d44b16b7c
Plugins: preserve scoped ids and reserve bundled duplicates ( #47413 )
...
* Plugins: preserve scoped ids and reserve bundled duplicates
* Changelog: add plugin scoped id note
* Plugins: harden scoped install ids
* Plugins: reserve scoped install dirs
* Plugins: migrate legacy scoped update ids
2026-03-15 09:07:10 -07:00
0c7ae04262
style: format imported model helpers
2026-03-15 09:05:45 -07:00
7c0a849ed7
fix: harden device token rotation denial paths
2026-03-15 09:05:45 -07:00
a60fd3feed
Nodes tests: prove pull-time policy revalidation
2026-03-15 09:05:22 -07:00
f5cd7c390d
added a fix for memory leak on 2gb ram ( #46522 )
2026-03-15 09:01:31 -07:00
87c4ae36b4
refactor: drop deprecated whatsapp mention pattern sdk helper
2026-03-15 08:50:31 -07:00
ec2c6d83b9
Nodes: recheck queued actions before delivery ( #46815 )
...
* Nodes: recheck queued actions before delivery
* Nodes tests: cover pull-time policy recheck
* Nodes tests: type node policy mocks explicitly
2026-03-15 08:47:17 -07:00
ff61343d76
fix: harden mention pattern regex compilation
2026-03-15 08:44:12 -07:00
e4c61723cd
ACP: fail closed on conflicting tool identity hints ( #46817 )
...
* ACP: fail closed on conflicting tool identity hints
* ACP: restore rawInput fallback for safe tool resolution
* ACP tests: cover rawInput-only safe tool approval
2026-03-15 08:39:49 -07:00
89e3969d64
feat(feishu): add ACP and subagent session binding ( #46819 )
...
* feat(feishu): add ACP session support
* fix(feishu): preserve sender-scoped ACP rebinding
* fix(feishu): recover sender scope from bound ACP sessions
* fix(feishu): support DM ACP binding placement
* feat(feishu): add current-conversation session binding
* fix(feishu): avoid DM parent binding fallback
* fix(feishu): require canonical topic sender ids
* fix(feishu): honor sender-scoped ACP bindings
* fix(feishu): allow user-id ACP DM bindings
* fix(feishu): recover user-id ACP DM bindings
2026-03-15 10:33:49 -05:00
a472f988d8
fix: harden remote cdp probes
2026-03-15 08:23:01 -07:00
53462b990d
chore(gateway): ignore `.test.ts` changes in `gateway:watch` ( #36211 )
2026-03-15 11:14:28 -04:00
b2e9221a8c
test(whatsapp): fix stale append inbox expectation
2026-03-15 07:57:26 -07:00
c4265a5f16
fix: preserve Telegram word boundaries when rechunking HTML ( #47274 )
...
* fix: preserve Telegram chunk word boundaries
* fix: address Telegram chunking review feedback
* fix: preserve Telegram retry separators
* fix: preserve Telegram chunking boundaries (#47274 )
2026-03-15 18:10:49 +05:30
26e0a3ee9a
fix(gateway): skip Control UI pairing when auth.mode=none ( closes #42931 ) ( #47148 )
...
When auth is completely disabled (mode=none), requiring device pairing
for Control UI operator sessions adds friction without security value
since any client can already connect without credentials.
Add authMode parameter to shouldSkipControlUiPairing so the bypass
fires only for Control UI + operator role + auth.mode=none. This avoids
the #43478 regression where a top-level OR disabled pairing for ALL
websocket clients.
2026-03-15 13:03:39 +01:00
5c5c64b612
Deduplicate repeated tool call IDs for OpenAI-compatible APIs ( #40996 )
...
Merged via squash.
Prepared head SHA: 38d8048359
2026-03-15 19:46:07 +08:00
9d3e653ec9
fix(web): handle 515 Stream Error during WhatsApp QR pairing ( #27910 )
...
* fix(web): handle 515 Stream Error during WhatsApp QR pairing
getStatusCode() never unwrapped the lastDisconnect wrapper object,
so login.errorStatus was always undefined and the 515 restart path
in restartLoginSocket was dead code.
- Add err.error?.output?.statusCode fallback to getStatusCode()
- Export waitForCredsSaveQueue() so callers can await pending creds
- Await creds flush in restartLoginSocket before creating new socket
Fixes #3942
* test: update session mock for getStatusCode unwrap + waitForCredsSaveQueue
Mirror the getStatusCode fix (err.error?.output?.statusCode fallback)
in the test mock and export waitForCredsSaveQueue so restartLoginSocket
tests work correctly.
* fix(web): scope creds save queue per-authDir to avoid cross-account blocking
The credential save queue was a single global promise chain shared by all
WhatsApp accounts. In multi-account setups, a slow save on one account
blocked credential writes and 515 restart recovery for unrelated accounts.
Replace the global queue with a per-authDir Map so each account's creds
serialize independently. waitForCredsSaveQueue() now accepts an optional
authDir to wait on a single account's queue, or waits on all when omitted.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test: use real Baileys v7 error shape in 515 restart test
The test was using { output: { statusCode: 515 } } which was already
handled before the fix. Updated to use the actual Baileys v7 shape
{ error: { output: { statusCode: 515 } } } to cover the new fallback
path in getStatusCode.
Co-Authored-By: Claude Code (Opus 4.6) <noreply@anthropic.com>
* fix(web): bound credential-queue wait during 515 restart
Prevents restartLoginSocket from blocking indefinitely if a queued
saveCreds() promise stalls (e.g. hung filesystem write).
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: clear flush timeout handle and assert creds queue in test
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: evict settled credsSaveQueues entries to prevent unbounded growth
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: share WhatsApp 515 creds flush handling (#27910 ) (thanks @asyncjason)
---------
Co-authored-by: Jason Separovic <jason@wilma.dog>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-03-15 17:00:07 +05:30
843e3c1efb
fix(whatsapp): restore append recency filter lost in extensions refactor, handle Long timestamps ( #42588 )
...
Merged via squash.
Prepared head SHA: 8ce59bb715
2026-03-15 03:03:31 -07:00
d7ac16788e
fix(android): support android node `calllog.search` ( #44073 )
...
* fix(android): support android node `calllog.search`
* fix(android): support android node calllog.search
* fix(android): wire callLog through shared surfaces
* fix: land Android callLog support (#44073 ) (thanks @lxk7280)
---------
Co-authored-by: lixuankai <lixuankai@oppo.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-03-15 14:54:32 +05:30
4bb8a65edd
fix: forward forceDocument through sendPayload path (follow-up to #45111 ) ( #47119 )
...
Merged via squash.
Prepared head SHA: d791190f83
2026-03-15 17:23:53 +08:00
9616d1e8ba
fix: Disable strict mode tools for non-native openai-completions compatible APIs ( #45497 )
...
Merged via squash.
Prepared head SHA: 20fe05fe74
2026-03-15 16:36:52 +08:00
a2d73be3a4
Docs: switch README logo to SVG assets ( #47049 )
2026-03-15 08:58:45 +01:00
clawdbot
Vincent Koc
Nimrod Gutman
Sally O'Malley
Peter Steinberger
Aditya Chaudhary
Tak Hoffman
Harold Hunt
Ayaan Zaidi
Andrew Demczuk
助爪
Jason
Ted Li
Ace Lee
Frank Yang
Sahan
Onur Solmaz