6740cdf160
fix(gateway): catch startup failure in run loop to prevent process exit ( #35862 )
...
When an in-process restart (SIGUSR1) triggers a config-triggered restart
and the new config is invalid, params.start() throws and the while loop
exits, killing the process. On macOS this loses TCC permissions.
Wrap params.start() in try/catch: on failure, set server=null, log the
error, and wait for the next SIGUSR1 instead of crashing.
2026-03-09 05:53:52 +00:00
eea925b12b
fix(gateway): validate config before restart to prevent crash + macOS permission loss ( #35862 )
...
When 'openclaw gateway restart' is run with an invalid config, the new
process crashes on startup due to config validation failure. On macOS,
this causes Full Disk Access (TCC) permissions to be lost because the
respawned process has a different PID.
Add getConfigValidationError() helper and pre-flight config validation
in both runServiceRestart() and runServiceStart(). If config is invalid,
abort with a clear error message instead of crashing.
The config watcher's hot-reload path already had this guard
(handleInvalidSnapshot), but the CLI restart/start commands did not.
AI-assisted (OpenClaw agent, fully tested)
2026-03-09 05:53:52 +00:00
1d6a2d0165
fix(gateway): exit non-zero on restart shutdown timeout
...
When a config-change restart hits the force-exit timeout, exit with
code 1 instead of 0 so launchd/systemd treats it as a failure and
triggers a clean process restart. Stop-timeout stays at exit(0)
since graceful stops should not cause supervisor recovery.
Closes #36822
2026-03-09 05:38:54 +00:00
e3df94365b
ACP: add optional ingress provenance receipts ( #40473 )
...
Merged via squash.
Prepared head SHA: b63e46dd94
2026-03-09 04:19:03 +01:00
4d501e4ccf
fix(telegram): add download timeout to prevent polling loop hang ( #40098 )
...
Merged via squash.
Prepared head SHA: abdfa1a35f
2026-03-09 08:29:21 +05:30
f6243916b5
fix(models): use 1M context for openai-codex gpt-5.4 ( #37876 )
...
Merged via squash.
Prepared head SHA: c41020779e
2026-03-08 18:23:49 -07:00
4f42c03a49
gateway: fix global Control UI 404s for symlinked wrappers and bundled package roots ( #40385 )
...
Merged via squash.
Prepared head SHA: 567b3ed684
2026-03-09 01:50:42 +01:00
4ff4ed7ec9
fix(config): refresh runtime snapshot from disk after write. Fixes #37175 ( #37313 )
...
Merged via squash.
Prepared head SHA: 69e1861abf
2026-03-08 19:49:15 -04:00
3f2f007c9a
refactor: extract gateway port diagnostics helper
2026-03-08 23:38:24 +00:00
32a6eae576
refactor: share gateway argv parsing
2026-03-08 23:38:24 +00:00
38543d8196
fix(cron): consolidate announce delivery, fire-and-forget trigger, and minimal prompt mode ( #40204 )
...
* fix(cron): consolidate announce delivery and detach manual runs
* fix: queue detached cron runs (#40204 )
2026-03-08 14:46:33 -07:00
0ecfd37b44
feat: add local backup CLI ( #40163 )
...
Merged via squash.
Prepared head SHA: ed46625ae2
2026-03-08 16:21:20 -04:00
efcca3d2ea
Tests: format daemon lifecycle CLI coverage
2026-03-08 11:22:41 -07:00
74624e619d
fix: prefer bundled channel plugins over npm duplicates ( #40094 )
...
* fix: prefer bundled channel plugins over npm duplicates
* fix: tighten bundled plugin review follow-ups
* fix: address check gate follow-ups
* docs: add changelog for bundled plugin install fix
* fix: align lifecycle test formatting with CI oxfmt
2026-03-08 13:00:24 -05:00
6c9b49a10b
fix(sessions): clear stale contextTokens on model switch ( #38044 )
...
Merged via squash.
Prepared head SHA: bac2df4b7f
2026-03-08 10:59:16 -07:00
ca5e352c53
CLI: include commit hash in --version output ( #39712 )
...
* CLI: include commit hash in --version output
* fix(version): harden commit SHA resolution and keep output consistent
* CLI: keep install checks compatible with commit-tagged version output
* fix(cli): include commit hash in root version fast path
* test(cli): allow null commit-hash mocks
* Installer: share version parser across install scripts
* Installer: avoid sourcing helpers from stdin cwd
* CLI: note commit-tagged version output
* CLI: anchor commit hash resolution to module root
* CLI: harden commit hash resolution
* CLI: fix commit hash lookup edge cases
* CLI: prefer live git metadata in dev builds
* CLI: keep git lookup inside package root
* Infra: tolerate invalid moduleUrl hints
* CLI: cache baked commit metadata fallbacks
* CLI: align changelog attribution with prep gate
* CLI: restore changelog contributor credit
---------
Co-authored-by: echoVic <echovic@163.com>
Co-authored-by: echoVic <echoVic@users.noreply.github.com>
2026-03-08 19:10:48 +03:00
c217237a36
style(daemon-cli): format lifecycle test
2026-03-08 11:22:57 +05:30
c3810346f9
CLI: avoid false update restart failures without listener attribution ( #39508 )
2026-03-07 21:42:25 -08:00
59102a1ff7
fix: add gemini 3.1 flash-lite support
2026-03-08 05:12:48 +00:00
5214859c52
chore: add changelog and format fix for #39414
2026-03-08 09:17:02 +05:30
f2a4bdf069
fix(ci): resolve current gate regressions
2026-03-08 03:34:36 +00:00
7d2b146d8d
test: cover daemon probe auth seam
2026-03-08 03:02:25 +00:00
380eb1c072
refactor: reuse shared gateway probe auth
2026-03-08 03:02:25 +00:00
fd1e481624
refactor: split daemon status gathering
2026-03-08 03:02:25 +00:00
2646739d23
refactor: centralize strict numeric parsing
2026-03-08 03:02:25 +00:00
56cd0084d9
test: fix gate regressions
2026-03-08 02:45:08 +00:00
76a028a50a
Gateway CLI: allowlist password-file fixture
2026-03-07 18:28:18 -08:00
1ef8d6a01b
test: accept ACP token-file inspect errors
2026-03-08 02:27:18 +00:00
bf9c362129
Gateway: stop and restart unmanaged listeners ( #39355 )
...
* Daemon: allow unmanaged gateway lifecycle fallback
* Status: fix service summary formatting
* Changelog: note unmanaged gateway lifecycle fallback
* Tests: cover unmanaged gateway lifecycle fallback
* Daemon: split unmanaged restart health checks
* Daemon: harden unmanaged gateway signaling
* Daemon: reject unmanaged restarts when disabled
2026-03-07 18:20:29 -08:00
4062aa5e5d
Gateway: add safer password-file input for gateway run ( #39067 )
...
* CLI: add gateway password-file option
* Docs: document safer gateway password input
* Update src/cli/gateway-cli/run.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Tests: clean up gateway password temp dirs
* CLI: restore gateway password warning flow
* Security: harden secret file reads
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-07 18:20:17 -08:00
ae15e3fd60
Daemon CLI: format lifecycle core imports
2026-03-07 18:00:13 -08:00
1b9e4800eb
test: fix gateway register option collision mock
2026-03-08 01:58:33 +00:00
2c7fb54956
Config: fail closed invalid config loads ( #39071 )
...
* Config: fail closed invalid config loads
* CLI: keep diagnostics on explicit best-effort config
* Tests: cover invalid config best-effort diagnostics
* Changelog: note invalid config fail-closed fix
* Status: pass best-effort config through status-all gateway RPCs
* CLI: pass config through gateway secret RPC
* CLI: skip plugin loading from invalid config
* Tests: align daemon token drift env precedence
2026-03-07 17:48:13 -08:00
7ac7b39eff
refactor(daemon): extract gateway token drift helper
2026-03-08 00:48:56 +00:00
0d66834f94
Daemon: scope relaxed systemd probes to install flows
2026-03-07 16:45:18 -08:00
c6575891c7
fix(exec): inherit ask from exec-approvals.json when tools.exec.ask unset
...
Landed from contributor PR #29187 by @Bartok9.
Co-authored-by: Bartok9 <259807879+Bartok9@users.noreply.github.com>
2026-03-08 00:35:50 +00:00
25252ab5ab
gateway: harden shared auth resolution across systemd, discord, and node host
2026-03-07 18:28:32 -06:00
4e07bdbdfd
fix(cron): restore isolated delivery defaults
2026-03-08 00:18:45 +00:00
029fdd4208
Daemon CLI: type-safe install plan assertions
2026-03-07 16:02:27 -08:00
c5fb661742
Daemon CLI: resolve token drift from gateway credentials
2026-03-07 16:02:18 -08:00
fecca6fd8d
refactor: unify gateway SecretRef auth resolution paths
2026-03-07 23:27:50 +00:00
265367d99b
fix(gateway): land #28428 from @l0cka
...
Landed from contributor PR #28428 by @l0cka.
Co-authored-by: Daniel Alkurdi <danielalkurdi@gmail.com>
2026-03-07 22:51:08 +00:00
cc7e61612a
fix(gateway): harden service-mode stale process cleanup ( #38463 , thanks @spirittechie)
...
Co-authored-by: Jesse Paul <drzin69@gmail.com>
2026-03-07 21:36:24 +00:00
b955ba1688
refactor: consolidate daemon runtime and start hints
2026-03-07 21:09:26 +00:00
a91731a831
refactor: centralize gateway auth env credential readers
2026-03-07 21:09:26 +00:00
e4d80ed556
CI: restore main detect-secrets scan ( #38438 )
...
* Tests: stabilize detect-secrets fixtures
* Tests: fix rebased detect-secrets false positives
* Docs: keep snippets valid under detect-secrets
* Tests: finalize detect-secrets false-positive fixes
* Tests: reduce detect-secrets false positives
* Tests: keep detect-secrets pragmas inline
* Tests: remediate next detect-secrets batch
* Tests: tighten detect-secrets allowlists
* Tests: stabilize detect-secrets formatter drift
2026-03-07 10:06:35 -08:00
4e8fcc1d3d
refactor(cli): dedupe command secret gateway env fixtures
2026-03-07 17:58:31 +00:00
0a73328053
refactor(cli): dedupe restart health probe setup tests
2026-03-07 17:05:23 +00:00
786ec21b5a
docs(cli): improve memory command examples ( #31803 )
...
Merged via squash.
Prepared head SHA: 15dcda3027
2026-03-07 19:03:23 +03:00
05c240fad6
fix: restart Windows gateway via Scheduled Task ( #38825 ) ( #38825 )
2026-03-07 18:00:38 +05:30
addd290f88
fix(ci): stabilize tests and detect-secrets after dep updates
2026-03-07 11:14:04 +00:00
8db5d67768
chore: update dependencies except carbon
2026-03-07 10:55:18 +00:00
3c71e2bd48
refactor(core): extract shared dedup helpers
2026-03-07 10:41:05 +00:00
997a9f5b9e
chore: bump version to 2026.3.7
2026-03-07 10:09:02 +00:00
42e3d8d693
Secrets: add inline allowlist review set ( #38314 )
...
* Secrets: add inline allowlist review set
* Secrets: narrow detect-secrets file exclusions
* Secrets: exclude Docker fingerprint false positive
* Secrets: allowlist test and docs false positives
* Secrets: refresh baseline after allowlist updates
* Secrets: fix gateway chat fixture pragma
* Secrets: format pre-commit config
* Android: keep talk mode fixture JSON valid
* Feishu: rely on client timeout injection
* Secrets: allowlist provider auth test fixtures
* Secrets: allowlist onboard search fixtures
* Secrets: allowlist onboard mode fixture
* Secrets: allowlist gateway auth mode fixture
* Secrets: allowlist APNS wake test key
* Secrets: allowlist gateway reload fixtures
* Secrets: allowlist moonshot video fixture
* Secrets: allowlist auto audio fixture
* Secrets: allowlist tiny audio fixture
* Secrets: allowlist embeddings fixtures
* Secrets: allowlist resolve fixtures
* Secrets: allowlist target registry pattern fixtures
* Secrets: allowlist gateway chat env fixture
* Secrets: refresh baseline after fixture allowlists
* Secrets: reapply gateway chat env allowlist
* Secrets: reapply gateway chat env allowlist
* Secrets: stabilize gateway chat env allowlist
* Secrets: allowlist runtime snapshot save fixture
* Secrets: allowlist oauth profile fixtures
* Secrets: allowlist compaction identifier fixture
* Secrets: allowlist model auth fixture
* Secrets: allowlist model status fixtures
* Secrets: allowlist custom onboarding fixture
* Secrets: allowlist mattermost token summary fixtures
* Secrets: allowlist gateway auth suite fixtures
* Secrets: allowlist channel summary fixture
* Secrets: allowlist provider usage auth fixtures
* Secrets: allowlist media proxy fixture
* Secrets: allowlist secrets audit fixtures
* Secrets: refresh baseline after final fixture allowlists
* Feishu: prefer explicit client timeout
* Feishu: test direct timeout precedence
2026-03-06 19:35:26 -05:00
38f46e80b0
chore: code/dead tests cleanup ( #38286 )
...
* Discord: assert bot-self filter queue guard
* Tests: remove dead gateway SIGTERM placeholder
2026-03-06 14:27:02 -05:00
3d7bc5958d
feat(onboarding): add web search to onboarding flow ( #34009 )
...
* add web search to onboarding flow
* remove post onboarding step (now redundant)
* post-onboarding nudge if no web search set up
* address comments
* fix test mocking
* add enabled: false assertion to the no-key test
* --skip-search cli flag
* use provider that a user has a key for
* add assertions, replace the duplicated switch blocks
* test for quickstart fast-path with existing config key
* address comments
* cover quickstart falls through to key test
* bring back key source
* normalize secret inputs instead of direct string trimming
* preserve enabled: false if it's already set
* handle missing API keys in flow
* doc updates
* hasExistingKey to detect both plaintext strings and SecretRef objects
* preserve enabled state only on the "keep current" paths
* add test for preserving
* better gate flows
* guard against invalid provider values in config
* Update src/commands/configure.wizard.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* format fix
* only mentions env var when it's actually available
* search apiKey fields now typed as SecretInput
* if no provider check if any search provider key is detectable
* handle both kimi keys
* remove .filter(Boolean)
* do not disable web_search after user enables it
* update resolveSearchProvider
* fix(onboarding): skip search key prompt in ref mode
* fix: add onboarding web search step (#34009 ) (thanks @kesku)
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Shadow <hi@shadowing.dev>
2026-03-06 13:09:00 -06:00
0e4245063f
CLI: make read-only SecretRef status flows degrade safely ( #37023 )
...
* CLI: add read-only SecretRef inspection
* CLI: fix read-only SecretRef status regressions
* CLI: preserve read-only SecretRef status fallbacks
* Docs: document read-only channel inspection hook
* CLI: preserve audit coverage for read-only SecretRefs
* CLI: fix read-only status account selection
* CLI: fix targeted gateway fallback analysis
* CLI: fix Slack HTTP read-only inspection
* CLI: align audit credential status checks
* CLI: restore Telegram read-only fallback semantics
2026-03-05 23:07:13 -06:00
94fdee2eac
fix(memory-flush): ban timestamped variant files in default flush prompt ( #34951 )
...
Merged via squash.
Prepared head SHA: efadda4988
2026-03-05 18:15:13 -08:00
72cf9253fc
Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails ( #35094 )
2026-03-05 12:53:56 -06:00
2b98cb6d8b
Fix gateway restart false timeouts on Debian/systemd ( #34874 )
...
* daemon(systemd): target sudo caller user scope
* test(systemd): cover sudo user scope commands
* infra(ports): fall back to ss when lsof missing
* test(ports): verify ss fallback listener detection
* cli(gateway): use probe fallback for restart health
* test(gateway): cover restart-health probe fallback
2026-03-04 10:52:33 -08:00
1be39d4250
fix(gateway): synthesize lifecycle robustness for restart and startup probes ( #33831 )
...
* fix(gateway): correct launchctl command sequence for gateway restart (closes #20030 )
* fix(restart): expand HOME and escape label in launchctl plist path
* fix(restart): poll port free after SIGKILL to prevent EADDRINUSE restart loop
When cleanStaleGatewayProcessesSync() kills a stale gateway process,
the kernel may not immediately release the TCP port. Previously the
function returned after a fixed 500ms sleep (300ms SIGTERM + 200ms
SIGKILL), allowing triggerOpenClawRestart() to hand off to systemd
before the port was actually free. The new systemd process then raced
the dying socket for port 18789, hit EADDRINUSE, and exited with
status 1, causing systemd to retry indefinitely — the zombie restart
loop reported in #33103 .
Fix: add waitForPortFreeSync() that polls lsof at 50ms intervals for
up to 2 seconds after SIGKILL. cleanStaleGatewayProcessesSync() now
blocks until the port is confirmed free (or the budget expires with a
warning) before returning. The increased SIGTERM/SIGKILL wait budgets
(600ms / 400ms) also give slow processes more time to exit cleanly.
Fixes #33103
Related: #28134
* fix: add EADDRINUSE retry and TIME_WAIT port-bind checks for gateway startup
* fix(ports): treat EADDRNOTAVAIL as non-retryable and fix flaky test
* fix(gateway): hot-reload agents.defaults.models allowlist changes
The reload plan had a rule for `agents.defaults.model` (singular) but
not `agents.defaults.models` (plural — the allowlist array). Because
`agents.defaults.models` does not prefix-match `agents.defaults.model.`,
it fell through to the catch-all `agents` tail rule (kind=none), so
allowlist edits in openclaw.json were silently ignored at runtime.
Add a dedicated reload rule so changes to the models allowlist trigger
a heartbeat restart, which re-reads the config and serves the updated
list to clients.
Fixes #33600
Co-authored-by: HCL <chenglunhu@gmail.com>
Signed-off-by: HCL <chenglunhu@gmail.com>
* test(restart): 100% branch coverage — audit round 2
Audit findings fixed:
- remove dead guard: terminateStaleProcessesSync pids.length===0 check was
unreachable (only caller cleanStaleGatewayProcessesSync already guards)
- expose __testing.callSleepSyncRaw so sleepSync's real Atomics.wait path
can be unit-tested directly without going through the override
- fix broken sleepSync Atomics.wait test: previous test set override=null
but cleanStaleGatewayProcessesSync returned before calling sleepSync —
replaced with direct callSleepSyncRaw calls that actually exercise L36/L42-47
- fix pid collision: two tests used process.pid+304 (EPERM + dead-at-SIGTERM);
EPERM test changed to process.pid+305
- fix misindented tests: 'deduplicates pids' and 'lsof status 1 container
edge case' were outside their intended describe blocks; moved to correct
scopes (findGatewayPidsOnPortSync and pollPortOnce respectively)
- add missing branch tests:
- status 1 + non-empty stdout with zero openclaw pids → free:true (L145)
- mid-loop non-openclaw cmd in &&-chain (L67)
- consecutive p-lines without c-line between them (L67)
- invalid PID in p-line (p0 / pNaN) — ternary false branch (L67)
- unknown lsof output line (else-if false branch L69)
Coverage: 100% stmts / 100% branch / 100% funcs / 100% lines (36 tests)
* test(restart): fix stale-pid test typing for tsgo
* fix(gateway): address lifecycle review findings
* test(update): make restart-helper path assertions windows-safe
---------
Signed-off-by: HCL <chenglunhu@gmail.com>
Co-authored-by: Glucksberg <markuscontasul@gmail.com>
Co-authored-by: Efe Büken <efe@arven.digital>
Co-authored-by: Riccardo Marino <rmarino@apple.com>
Co-authored-by: HCL <chenglunhu@gmail.com>
2026-03-03 21:31:12 -06:00
21e8d88c1d
build: fix ineffective dynamic imports with lazy boundaries ( #33690 )
...
Merged via squash.
Prepared head SHA: 38b3c23d6f
2026-03-03 20:14:41 -05:00
b0bcea03db
fix: drop discord opus dependency
2026-03-03 12:23:19 -06:00
4ffe15c6b2
fix(telegram): warn when accounts.default is missing in multi-account setup ( #32544 )
...
Merged via squash.
Prepared head SHA: 7ebc3f65b2
2026-03-03 03:27:19 -05:00
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
c85bd2646a
refactor(cli): extract plugin install plan helper
2026-03-03 02:51:11 +00:00
15a0455d04
CLI: unify routed config positional parsing
2026-03-02 21:11:53 -05:00
67e3eb85d7
refactor(tests): dedupe browser and config cli test setup
2026-03-03 01:15:09 +00:00
f26853f14c
CLI: dedupe config validate errors and expose allowed values
2026-03-02 20:05:12 -05:00
1b5ac8b0b1
feat(cli): add configurable banner tagline mode
2026-03-03 00:31:51 +00:00
8824565c2a
chore(cli): refresh tagline set
2026-03-03 00:17:18 +00:00
fd3ca8a34c
refactor: dedupe agent and browser cli helpers
2026-03-03 00:15:00 +00:00
bb60687b89
refactor(nodes): dedupe camera payload and node resolve helpers
2026-03-02 23:32:41 +00:00
3bf19d6f40
fix(security): fail-close node camera URL downloads
2026-03-02 23:23:39 +00:00
2287d1ec13
test: micro-optimize slow suites and CLI command setup
2026-03-02 23:00:49 +00:00
067855e623
refactor(browser): dedupe browser and cli command wiring
2026-03-02 21:31:36 +00:00
b782ecb7eb
refactor: harden plugin install flow and main DM route pinning
2026-03-02 21:22:38 +00:00
ad12d1fbce
fix(plugins): prefer bundled plugin ids over bare npm specs
2026-03-02 20:49:50 +00:00
bfb6c6290f
fix: distinguish warning message for non-OpenClaw vs missing npm package
...
Address Greptile review: show "not a valid OpenClaw plugin" when the
npm package was found but lacks openclaw.extensions, instead of the
misleading "npm package unavailable" message.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 20:49:50 +00:00
da8a17d8de
fix(plugins): fall back to bundled plugin when npm spec resolves to non-OpenClaw package ( #32019 )
...
When `openclaw plugins install diffs` downloads the unrelated npm
package `diffs@0.1.1` (which lacks `openclaw.extensions`), the install
fails without trying the bundled `@openclaw/diffs` plugin.
Two fixes:
1. Broaden the bundled-fallback trigger to also fire on
"missing openclaw.extensions" errors (not just npm 404s)
2. Match bundled plugins by pluginId in addition to npmSpec so
unscoped names like "diffs" resolve to `@openclaw/diffs`
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 20:49:50 +00:00
b1c30f0ba9
refactor: dedupe cli config cron and install flows
2026-03-02 19:57:33 +00:00
8b27582509
fix(cli): apply --profile before dotenv bootstrap in runCli ( #31950 )
...
Co-authored-by: bmendonca3 <bmendonca3@users.noreply.github.com>
2026-03-02 18:09:45 +00:00
1ea42ebe98
fix(tsgo): unblock baseline type errors ( #31873 )
2026-03-02 10:09:49 -06:00
d01e82d54a
test(perf): avoid module reload churn in config guard tests
2026-03-02 15:56:30 +00:00
db3d8d82c1
test(perf): avoid module reset churn in daemon lifecycle tests
2026-03-02 15:43:20 +00:00
4b4ea5df8b
feat(cron): add failure destination support to failed cron jobs ( #31059 )
...
* feat(cron): add failure destination support with webhook mode and bestEffort handling
Extends PR #24789 failure alerts with features from PR #29145 :
- Add webhook delivery mode for failure alerts (mode: 'webhook')
- Add accountId support for multi-account channel configurations
- Add bestEffort handling to skip alerts when job has bestEffort=true
- Add separate failureDestination config (global + per-job in delivery)
- Add duplicate prevention (prevents sending to same as primary delivery)
- Add CLI flags: --failure-alert-mode, --failure-alert-account-id
- Add UI fields for new options in web cron editor
* fix(cron): merge failureAlert mode/accountId and preserve failureDestination on updates
- Fix mergeCronFailureAlert to merge mode and accountId fields
- Fix mergeCronDelivery to preserve failureDestination on updates
- Fix isSameDeliveryTarget to use 'announce' as default instead of 'none'
to properly detect duplicates when delivery.mode is undefined
* fix(cron): validate webhook mode requires URL in resolveFailureDestination
When mode is 'webhook' but no 'to' URL is provided, return null
instead of creating an invalid plan that silently fails later.
* fix(cron): fail closed on webhook mode without URL and make failureDestination fields clearable
- sendCronFailureAlert: fail closed when mode is webhook but URL is missing
- mergeCronDelivery: use per-key presence checks so callers can clear
nested failureDestination fields via cron.update
Note: protocol:check shows missing internalEvents in Swift models - this is
a pre-existing issue unrelated to these changes (upstream sync needed).
* fix(cron): use separate schema for failureDestination and fix type cast
- Create CronFailureDestinationSchema excluding after/cooldownMs fields
- Fix type cast in sendFailureNotificationAnnounce to use CronMessageChannel
* fix(cron): merge global failureDestination with partial job overrides
When job has partial failureDestination config, fall back to global
config for unset fields instead of treating it as a full override.
* fix(cron): avoid forcing announce mode and clear inherited to on mode change
- UI: only include mode in patch if explicitly set to non-default
- delivery.ts: clear inherited 'to' when job overrides mode, since URL
semantics differ between announce and webhook modes
* fix(cron): preserve explicit to on mode override and always include mode in UI patches
- delivery.ts: preserve job-level explicit 'to' when overriding mode
- UI: always include mode in failureAlert patch so users can switch between announce/webhook
* fix(cron): allow clearing accountId and treat undefined global mode as announce
- UI: always include accountId in patch so users can clear it
- delivery.ts: treat undefined global mode as announce when comparing for clearing inherited 'to'
* Cron: harden failure destination routing and add regression coverage
* Cron: resolve failure destination review feedback
* Cron: drop unrelated timeout assertions from conflict resolution
* Cron: format cron CLI regression test
* Cron: align gateway cron test mock types
---------
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 09:27:41 -06:00
87bd6226bd
test(perf): merge overlapping preaction hook scenarios
2026-03-02 14:52:38 +00:00
9f98d2766a
fix(logs): respect TZ env var for timestamp display, fix Windows timezone ( #21859 )
2026-03-02 08:44:37 -06:00
e23b6fb2ba
fix(gateway): add Windows-compatible port detection using netstat fallback (openclaw#29239) thanks @ajay99511
...
Verified:
- pnpm vitest src/cli/program.force.test.ts
- pnpm check
- pnpm build
Co-authored-by: ajay99511 <73169130+ajay99511@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 08:33:59 -06:00
d145518f94
fix(cli): wait for process exit before restarting gateway on Windows (openclaw#27913) thanks @tda1017
...
Verified:
- pnpm vitest src/cli/update-cli/restart-helper.test.ts
- pnpm check
- pnpm build
Co-authored-by: tda1017 <95275462+tda1017@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 08:31:03 -06:00
c2d41dc473
fix(daemon): recover Windows restarts from unknown stale listeners (openclaw#24734) thanks @chilu18
...
Verified:
- pnpm vitest src/cli/daemon-cli/restart-health.test.ts src/cli/gateway-cli.coverage.test.ts
- pnpm oxfmt --check src/cli/daemon-cli/restart-health.ts src/cli/daemon-cli/restart-health.test.ts
- pnpm check (fails on unrelated repo baseline tsgo errors in extensions/* and src/process/exec.windows.test.ts)
Co-authored-by: chilu18 <7957943+chilu18@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 08:24:25 -06:00
38bdb0d271
test(perf): prune redundant preaction command-path cases
2026-03-02 14:14:02 +00:00
98e5851d8a
test(perf): collapse overlapping preaction scenarios
2026-03-02 14:07:06 +00:00
534f436d4e
test(perf): reduce repeated cli program setup overhead
2026-03-02 14:02:47 +00:00
0d620a56e2
test(refactor): reuse shared program setup in preaction tests
2026-03-02 13:53:10 +00:00
16e85360a1
perf(cli): cache preaction lazy module imports
2026-03-02 13:26:54 +00:00
b40d5817a2
fix(cron): avoid 30s timeout for cron run --expect-final ( #29942 )
...
* fix(cron): use longer default timeout for cron run --expect-final
* test(cron-cli): stabilize cron run timeout assertions with explicit run exits
---------
Co-authored-by: Kelly Baker <kelly@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 07:24:42 -06:00
848ade07da
test(cli): fix gateway coverage mock signature
2026-03-02 13:00:21 +00:00
b02b94673f
refactor: dedupe runtime and helper flows
2026-03-02 12:55:47 +00:00
7b38e8231e
test(perf): stub expensive cli coverage integration paths
2026-03-02 12:41:45 +00:00
ba3957ad77
test(perf): bypass daemon install token-generation path in coverage test
2026-03-02 12:24:03 +00:00
bdfd3bae6f
test(perf): reuse cli programs in coverage tests
2026-03-02 12:00:28 +00:00
94e480f64a
test(refactor): dedupe preaction command coverage
2026-03-02 11:41:40 +00:00
0c2d85529a
test(refactor): dedupe cli and ios script scenarios
2026-03-02 11:16:33 +00:00
96ef6ea3cf
test(perf): dedupe setup in cli/security script suites
2026-03-02 10:53:21 +00:00
fcb956a0a2
test(cli): reduce update/program suite overhead
2026-03-02 09:46:27 +00:00
db28dda120
fix(cli): let browser start honor --timeout ( #31365 )
...
* fix(cli): respect browser start timeout option
* test(cli): cover browser start timeout propagation
* changelog: note browser start timeout propagation fix
2026-03-01 23:16:23 -08:00
cded1b960a
test(commands): dedupe command and onboarding test cases
2026-03-02 07:13:10 +00:00
3002f13ca7
feat(config): add `openclaw config validate` and improve startup error messages ( #31220 )
...
Merged via squash.
Prepared head SHA: 4598f2a541
2026-03-02 00:45:51 -05:00
a13586619b
test: move integration-heavy suites to e2e lane
2026-03-02 05:33:07 +00:00
96ffbb5aaf
CLI: add config path subcommand to print active config file path ( #26256 )
...
Merged via squash.
Prepared head SHA: b11c593a34
2026-03-01 23:33:20 -05:00
dc2290aeb1
fix(ci): drop redundant env assertions in daemon status
2026-03-02 04:32:35 +00:00
342bf4838e
fix(cli): preserve json stdout while keeping doctor migration ( #24368 ) (thanks @altaywtf)
2026-03-02 03:10:02 +00:00
67b98139b9
test(cli): avoid brittle mock call indexing in json-mode checks
2026-03-02 03:10:02 +00:00
9e4a366ee6
fix(cli): keep json preflight stdout machine-readable
2026-03-02 03:10:02 +00:00
0c8fa63b93
feat: lightweight bootstrap context mode for heartbeat/cron runs (openclaw#26064) thanks @jose-velez
...
Verified:
- pnpm build
- pnpm check (fails on pre-existing unrelated repo issues in extensions/diffs and src/agents/tools/nodes-tool.test.ts)
- pnpm vitest run src/agents/bootstrap-files.test.ts src/infra/heartbeat-runner.model-override.test.ts src/cli/cron-cli.test.ts
- pnpm test:macmini (fails on pre-existing extensions/diffs import errors; touched suites pass)
Co-authored-by: jose-velez <10926182+jose-velez@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 20:13:24 -06:00
ffe1937b92
fix(cli): set cron run exit code from run outcome (land #31121 by @Sid-Qin)
...
Landed-from: #31121
Contributor: @Sid-Qin
Co-authored-by: Sid <sidqin0410@gmail.com>
2026-03-02 01:58:39 +00:00
e07c51b045
CLI: avoid plugin preload for health --json route ( #31108 )
...
* CLI routes: skip plugin preload for health --json
* CLI routes tests: cover health --json plugin preload
2026-03-01 17:13:58 -08:00
155118751f
refactor!: remove versioned system-run approval contract
2026-03-02 01:12:53 +00:00
38da2d076c
CLI: add root --help fast path and lazy channel option resolution ( #30975 )
...
* CLI argv: add strict root help invocation guard
* Entry: add root help fast-path bootstrap bypass
* CLI context: lazily resolve channel options
* CLI context tests: cover lazy channel option resolution
* CLI argv tests: cover root help invocation detection
* Changelog: note additional startup path optimizations
* Changelog: split startup follow-up into #30975 entry
* CLI channel options: load precomputed startup metadata
* CLI channel options tests: cover precomputed metadata path
* Build: generate CLI startup metadata during build
* Build script: invoke CLI startup metadata generator
* CLI routes: preload plugins for routed health
* CLI routes tests: assert health plugin preload
* CLI: add experimental bundled entry and snapshot helper
* Tools: compare CLI startup entries in benchmark script
* Docs: add startup tuning notes for Pi and VM hosts
* CLI: drop bundled entry runtime toggle
* Build: remove bundled and snapshot scripts
* Tools: remove bundled-entry benchmark shortcut
* Docs: remove bundled startup bench examples
* Docs: remove Pi bundled entry mention
* Docs: remove VM bundled entry mention
* Changelog: remove bundled startup follow-up claims
* Build: remove snapshot helper script
* Build: remove CLI bundle tsdown config
* Doctor: add low-power startup optimization hints
* Doctor: run startup optimization hint checks
* Doctor tests: cover startup optimization host targeting
* Doctor tests: mock startup optimization note export
* CLI argv: require strict root-only help fast path
* CLI argv tests: cover mixed root-help invocations
* CLI channel options: merge metadata with runtime catalog
* CLI channel options tests: assert dynamic catalog merge
* Changelog: align #30975 startup follow-up scope
* Docs tests: remove secondary-entry startup bench note
* Docs Pi: add systemd recovery reference link
* Docs VPS: add systemd recovery reference link
2026-03-01 14:23:46 -08:00
125ea585dd
CLI routes tests: assert status plugin preload
2026-03-01 12:56:56 -08:00
266084f4c8
CLI routes: preload plugins for status security parity
2026-03-01 12:56:56 -08:00
07da843378
CLI argv: test root version fast-path detection
2026-03-01 12:56:56 -08:00
86a91cc01a
CLI argv: detect root-only version invocation
2026-03-01 12:56:56 -08:00
3c4cdf72c9
CLI routes: test conditional plugin preload behavior
2026-03-01 12:56:56 -08:00
af12e7bdec
CLI route: support argv-aware plugin preloading
2026-03-01 12:56:56 -08:00
5e061fd8b9
CLI routes: skip plugin preload for health
2026-03-01 12:56:56 -08:00
4637b90c07
feat(cron): configurable failure alerts for repeated job errors (openclaw#24789) thanks @0xbrak
...
Verified:
- pnpm install --frozen-lockfile
- pnpm check
- pnpm test -- --run src/cron/service.failure-alert.test.ts src/cli/cron-cli.test.ts src/gateway/protocol/cron-validators.test.ts
Co-authored-by: 0xbrak <181251288+0xbrak@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 08:18:15 -06:00
cb6f993b4c
fix(cli): cron list Agent column shows agentId not model — add Model column (openclaw#26259) thanks @openperf
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: openperf <80630709+openperf@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 07:47:32 -06:00
5e2ef0e883
feat(cron): add --account flag for multi-account delivery routing ( #26284 )
...
* feat(cron): add --account flag for multi-account delivery routing
Add support for explicit delivery account routing in cron jobs across CLI, normalization, delivery planning, and isolated delivery target resolution.
Highlights:
- Add --account <id> to cron add and cron edit
- Add optional delivery.accountId to cron types and delivery plan
- Normalize and trim delivery.accountId in cron create/update normalization
- Prefer explicit accountId over session lastAccountId and bindings fallback
- Thread accountId through isolated cron run delivery resolution
- Preserve cron edit --best-effort-deliver/--no-best-effort-deliver behavior by keeping implicit announce mode
- Expand tests for account passthrough/merge/precedence and CLI account flows
* cron: resolve rebase duplicate accountId fields
---------
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-28 10:57:49 -06:00
b297bae027
fix(cli): allow Ollama apiKey config set without predeclared provider ( #29299 )
...
* CLI: seed Ollama provider on apiKey set
* Tests: cover Ollama apiKey config set path
2026-02-27 23:35:57 -08:00
b8373eaddc
fix(nodes): reject facing=both when camera deviceId is set
2026-02-27 10:15:21 +05:30
7bbfb9de5e
fix(update): fallback to --omit=optional when global npm update fails ( #24896 )
...
* fix(update): fallback to --omit=optional when global npm update fails
* fix(update): add recovery hints and fallback for npm global update failures
* chore(update): align fallback progress step index ordering
* chore(update): label omit-optional retry step in progress output
* chore(update): avoid showing 1/2 when fallback path is not used
* chore(ci): retrigger after unrelated test OOM
* fix(update): scope recovery hints to npm failures
* test(update): cover non-npm hint suppression
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-26 21:35:13 -05:00
39f7dbfe02
fix(cli): make gateway --force resilient to lsof EACCES
2026-02-26 23:02:58 +01:00
5dd264d2fb
refactor(daemon): unify runtime binary detection
2026-02-26 22:39:05 +01:00
ca2ae342db
fix(cli): accept node24 executable names in argv reparse
2026-02-26 22:35:04 +01:00
c53b11dccd
test: fix pairing/daemon assertion drift
2026-02-26 21:24:50 +00:00
eaa9e1c661
refactor(browser): unify fill field normalization
2026-02-26 22:17:58 +01:00
2ed9d633b3
fix: browser fill default type parity ( #27662 ) (thanks @Uface11)
2026-02-26 21:14:28 +00:00
4b4718c8df
refactor(cli): decompose nodes run approval flow
2026-02-26 22:01:27 +01:00
78a7ff2d50
fix(security): harden node exec approvals against symlink rebind
2026-02-26 21:47:45 +01:00
d92fc85555
refactor(cli): dedupe gateway run mode parsing
2026-02-26 19:50:49 +01:00
a909019078
fix: align gateway run auth modes ( #27469 ) (thanks @s1korrrr)
2026-02-26 18:20:27 +00:00
1087033abd
fix(cli): list all supported auth modes in gateway run --auth help
...
Made-with: Cursor
2026-02-26 18:20:27 +00:00
47f52cd233
test(cli): tighten daemon status TLS mock typings
2026-02-26 18:13:33 +00:00
bed69339c1
fix(cli): scope daemon status TLS fingerprint to local probes
2026-02-26 18:13:33 +00:00
b788616d9c
fix(cli): add TLS daemon-status probe regression coverage
2026-02-26 18:13:33 +00:00
90d426f9ad
fix(cli): gateway status probe with TLS when bind=lan
...
- Use wss:// scheme when TLS is enabled (specifically for bind=lan)
- Load TLS runtime to get certificate fingerprint
- Pass fingerprint to probeGatewayStatus for self-signed cert trust
2026-02-26 18:13:33 +00:00
0ec7711bc2
fix(agents): harden compaction and reset safety
...
Co-authored-by: jaden-clovervnd <91520439+jaden-clovervnd@users.noreply.github.com>
Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: Marcus Widing <245375637+widingmarcus-cyber@users.noreply.github.com>
2026-02-26 17:41:24 +01:00
14897e8de7
docs(secrets): clarify partial migration guidance
2026-02-26 14:47:22 +00:00
06290b49b2
feat(secrets): finalize mode rename and validated exec docs
2026-02-26 14:47:22 +00:00
f413e314b9
feat(secrets): replace migrate flow with audit/configure/apply
2026-02-26 14:47:22 +00:00
4e7a833a24
feat(security): add provider-based external secrets management
2026-02-26 14:47:22 +00:00
0e69660c41
feat(secrets): finalize external secrets runtime and migration hardening
2026-02-26 14:47:22 +00:00
04aa856fc0
Onboard: require explicit mode for env secret refs
2026-02-26 14:47:22 +00:00
f6a854bd37
Secrets: add migrate rollback and skill ref support
2026-02-26 14:47:22 +00:00
fe56700026
Gateway: add manual secrets reload command
2026-02-26 14:47:22 +00:00
71e45ceecc
fix(sessions): add fix-missing cleanup path for orphaned store entries
...
Introduce a sessions cleanup flag to prune entries whose transcript files are missing and surface the exact remediation command from doctor to resolve missing-transcript deadlocks.
Made-with: Cursor
(cherry picked from commit 690d3d596b
2026-02-26 13:40:58 +00:00
cf311978ea
fix(plugins): fallback bundled channel specs when npm install returns 404 ( #12849 )
...
* plugins: add bundled source resolver
* plugins: add bundled source resolver tests
* cli: fallback npm 404 plugin installs to bundled sources
* plugins: use bundled source resolver during updates
* protocol: regenerate macos gateway swift models
* protocol: regenerate shared swift models
* Revert "protocol: regenerate shared swift models"
This reverts commit 6a2b08c47d27c03010c6
2026-02-26 08:06:54 -05:00
c397a02c9a
fix(queue): harden drain/abort/timeout race handling
...
- reject new lane enqueues once gateway drain begins
- always reset lane draining state and isolate onWait callback failures
- persist per-session abort cutoff and skip stale queued messages
- avoid false 600s agentTurn timeout in isolated cron jobs
Fixes #27407
Fixes #27332
Fixes #27427
Co-authored-by: Kevin Shenghui <shenghuikevin@github.com>
Co-authored-by: zjmy <zhangjunmengyang@gmail.com>
Co-authored-by: suko <miha.sukic@gmail.com>
2026-02-26 13:43:39 +01:00
f692288301
feat(cron): add --session-key option to cron add/edit CLI commands
...
Expose the existing CronJob.sessionKey field through the CLI so users
can target cron jobs at specific named sessions without needing an
external shell script + system crontab workaround.
The backend already fully supports sessionKey on cron jobs - this
change wires it to the CLI surface with --session-key on cron add,
and --session-key / --clear-session-key on cron edit.
Closes #27158
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 12:28:49 +00:00
327f0526d1
fix(gateway): use loopback for CLI status probe when bind=lan (land #26997 , thanks @chikko80)
...
Co-authored-by: Manuel Seitz <seitzmanuel0@gmail.com>
2026-02-26 12:13:20 +00:00
96c7702526
Agents: add account-scoped bind and routing commands ( #27195 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: ad35a458a5
2026-02-26 02:36:56 -05:00
f789f880c9
fix(security): harden approval-bound node exec cwd handling
2026-02-26 04:14:11 +01:00
52d933b3a9
refactor: replace bot.molt identifiers with ai.openclaw
2026-02-25 05:03:24 +00:00
559b5eab71
fix(cli): support --query in memory search command ( #25904 )
2026-02-25 01:41:56 +00:00
097a6a83a0
fix(cli): replace stale doctor/restart command hints ( #24485 )
...
* fix(cli): replace stale doctor and restart hints
* fix: add changelog for CLI hint updates (#24485 ) (thanks @chilu18)
---------
Co-authored-by: Muhammed Mukhthar CM <mukhtharcm@gmail.com>
2026-02-24 14:49:59 +05:30
31f2bf9519
test: fix gate regressions
2026-02-24 04:39:53 +00:00
2d6d6797d8
test: fix post-merge config and tui command-handler tests
2026-02-24 04:38:21 +00:00
58ce0a89ec
fix(cli): load plugin registry for configure and onboard commands ( #17266 )
...
(cherry picked from commit 644badd40d
2026-02-24 04:33:50 +00:00
24e52f53e4
fix(cli): resolve --url option collision in browser cookies set
...
When addGatewayClientOptions registers --url on the parent browser
command, Commander.js captures it before the cookies set subcommand
can receive it. Switch from requiredOption to option and resolve
via inheritOptionFromParent, matching the existing pattern used
for --target-id.
Fixes #24811
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
(cherry picked from commit 96fcb963ec
2026-02-24 04:33:50 +00:00
4a3f8438e5
fix(gateway): bind node exec approvals to nodeId
2026-02-24 03:05:58 +00:00
663f784e4e
test(core): trim redundant setup and tighten waits
2026-02-24 00:31:58 +00:00
f52a0228ca
test: optimize auth and audit test runtime
2026-02-23 23:31:52 +00:00
13f32e2f7d
feat: Add Kilo Gateway provider ( #20212 )
...
* feat: Add Kilo Gateway provider
Add support for Kilo Gateway as a model provider, similar to OpenRouter.
Kilo Gateway provides a unified API that routes requests to many models
behind a single endpoint and API key.
Changes:
- Add kilocode provider option to auth-choice and onboarding flows
- Add KILOCODE_API_KEY environment variable support
- Add kilocode/ model prefix handling in model-auth and extra-params
- Add provider documentation in docs/providers/kilocode.md
- Update model-providers.md with Kilo Gateway section
- Add design doc for the integration
* kilocode: add provider tests and normalize onboard auth-choice registration
* kilocode: register in resolveImplicitProviders so models appear in provider filter
* kilocode: update base URL from /api/openrouter/ to /api/gateway/
* docs: fix formatting in kilocode docs
* fix: address PR review — remove kilocode from cacheRetention, fix stale model refs and CLI name in docs, fix TS2742
* docs: fix stale refs in design doc — Moltbot to OpenClaw, MoltbotConfig to OpenClawConfig, remove extra-params section, fix doc path
* fix: use resolveAgentModelPrimaryValue for AgentModelConfig union type
---------
Co-authored-by: Mark IJbema <mark@kilocode.ai>
2026-02-23 23:29:27 +00:00
eff3c5c707
Session/Cron maintenance hardening and cleanup UX ( #24753 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7533b85156
2026-02-23 22:39:48 +00:00
87603b5c45
fix: sync built-in channel enablement across config paths
2026-02-23 19:40:42 +00:00
5de1f540e7
CLI: fix gateway restart health ownership for child listener pids ( #24696 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: d6d4b43f7e
2026-02-23 13:53:10 -05:00
f208518cb9
fix(config): keep write inputs immutable when using unsetPaths ( #24134 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 951f8480c3
2026-02-23 02:51:13 -05:00
80f430c2be
fix(daemon): extend restart health timeout and improve restart errors
2026-02-23 01:50:02 +01:00
9c87b53c8e
security(cli): redact sensitive values in config get output ( #23654 )
...
* security(cli): redact sensitive values in config get output
`runConfigGet()` reads raw config values but never applies redaction
before printing. When a user runs `openclaw config get gateway.token`
the real credential is printed to the terminal, leaking it into shell
history, scrollback buffers, and screenshots.
Use the existing `redactConfigObject()` (from redact-snapshot.ts,
already used by the Web UI path) to scrub sensitive fields before
`getAtPath()` resolves the requested key.
Fixes #13683
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* CLI/Config: add redaction regression test and changelog
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-22 19:37:33 -05:00
60c494c024
test: tighten mistral media and onboarding coverage
2026-02-23 00:19:05 +00:00
d92ba4f8aa
feat: Provider/Mistral full support for Mistral on OpenClaw 🇫🇷 ( #23845 )
...
* Onboard: add Mistral auth choice and CLI flags
* Onboard/Auth: add Mistral provider config defaults
* Auth choice: wire Mistral API-key flow
* Onboard non-interactive: support --mistral-api-key
* Media understanding: add Mistral Voxtral audio provider
* Changelog: note Mistral onboarding and media support
* Docs: add Mistral provider and onboarding/media references
* Tests: cover Mistral media registry/defaults and auth mapping
* Memory: add Mistral embeddings provider support
* Onboarding: refresh Mistral model metadata
* Docs: document Mistral embeddings and endpoints
* Memory: persist Mistral embedding client state in managers
* Memory: add regressions for mistral provider wiring
* Gateway: add live tool probe retry helper
* Gateway: cover live tool probe retry helper
* Gateway: retry malformed live tool-read probe responses
* Memory: support plain-text batch error bodies
* Tests: add Mistral Voxtral live transcription smoke
* Docs: add Mistral live audio test command
* Revert: remove Mistral live voice test and docs entry
* Onboard: re-export Mistral default model ref from models
* Changelog: credit joeVenner for Mistral work
* fix: include Mistral in auto audio key fallback
* Update CHANGELOG.md
* Update CHANGELOG.md
---------
Co-authored-by: Shakker <shakkerdroid@gmail.com>
2026-02-23 00:03:56 +00:00
2f8c68ae4d
refactor(test): dedupe run-loop signal harness setup
2026-02-22 21:19:09 +00:00
e6383a2c13
fix(gateway): probe port liveness for stale lock recovery
...
Co-authored-by: Operative-001 <261882263+Operative-001@users.noreply.github.com>
2026-02-22 22:11:51 +01:00
72446f419f
docs: align CLI docs and help surface
2026-02-22 20:05:01 +01:00
53ed7a0f5c
test: dedupe repeated test fixtures and assertions
2026-02-22 18:37:25 +00:00
08431da5d5
refactor(gateway): unify credential precedence across entrypoints
2026-02-22 18:55:44 +01:00
4493f7325d
perf(test): run nodes program tests on focused nodes-cli harness
2026-02-22 17:51:38 +00:00
d1836df714
test: trim duplicate plain nodes list smoke
2026-02-22 17:51:38 +00:00
3e819f0af5
test: drop duplicate nodes media parser coverage
2026-02-22 17:51:38 +00:00
296b19e413
test: dedupe gateway browser discord and channel coverage
2026-02-22 17:11:54 +00:00
35fecc4bee
test: remove redundant runner ordering checks
2026-02-22 17:06:35 +00:00
e38196d42c
test: trim duplicate program smoke onboarding coverage
2026-02-22 17:06:35 +00:00
bd6be417e4
test: trim duplicate smoke and embedded runner cases
2026-02-22 17:06:35 +00:00
ee7a43b895
test: replace slow gateway SIGTERM integration coverage
2026-02-22 17:06:35 +00:00
992fc9cf4e
test: trim cli program test bootstrap overhead
2026-02-22 17:06:35 +00:00
6cdeb62a01
test: trim gateway sigterm bootstrap imports
2026-02-22 17:06:35 +00:00
f442a3539f
feat(update): add core auto-updater and dry-run preview
2026-02-22 17:11:36 +01:00
9e868dcf5a
test: remove redundant channels smoke parse case
2026-02-22 12:56:18 +00:00
5e62d0105b
test: trim smoke duplicates and reuse telegram bot setup
2026-02-22 12:55:27 +00:00
99f05ba258
test: move gateway sigterm suite out of e2e
2026-02-22 11:53:03 +00:00
5636e6257c
test: make gateway sigterm e2e node25-compatible
2026-02-22 11:51:43 +00:00
3f0ab76422
test: stabilize remaining e2e gateway suites
2026-02-22 11:48:53 +00:00
7fdf54f078
test: move cli local suites out of e2e
2026-02-22 11:30:29 +00:00
1ad284a85f
test: move local cli and config scenario suites out of e2e
2026-02-22 10:58:04 +00:00
1cd3b30907
fix: stop hardcoded channel fallback and auto-pick sole configured channel ( #23357 ) (thanks @lbo728)
...
Co-authored-by: lbo728 <extreme0728@gmail.com>
2026-02-22 11:21:43 +01:00
98a03c490b
Feat/logger support log level validation0222 ( #23436 )
...
* 1、环境变量**:新增 `OPENCLAW_LOG_LEVEL`,可取值 `silent|fatal|error|warn|info|debug|trace`。设置后同时覆盖**文件日志**与**控制台**的级别,优先级高于配置文件。
2、启动参数**:在 `openclaw gateway run` 上新增 `--log-level <level>`,对该次进程同时生效于文件与控制台;未传时仍使用环境变量或配置文件。
* fix(logging): make log-level override global and precedence-safe
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-22 11:15:13 +01:00
edaa5ef7a5
refactor(gateway): simplify restart flow and expand lock tests
2026-02-22 10:44:47 +01:00
dd07c06d00
fix: tighten gateway restart loop handling ( #23416 ) (thanks @jeffwnli)
2026-02-22 10:38:32 +01:00
9c30243c8f
fix: release gateway lock before spawning restart child
...
Move lock.release() before restartGatewayProcessWithFreshPid() so the
spawned child can immediately acquire the lock without racing against
a zombie parent. This eliminates the root cause of the restart loop
where the child times out waiting for a lock held by its now-dead parent.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 10:38:32 +01:00
01bd83d644
fix: release gateway lock before process.exit in run-loop
...
process.exit() called from inside an async IIFE bypasses the outer
try/finally block that releases the gateway lock. This leaves a stale
lock file pointing to a zombie PID, preventing the spawned child or
systemctl restart from acquiring the lock. Release the lock explicitly
before calling exit in both the restart-spawned and stop code paths.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 10:38:32 +01:00
ccc00d874c
test(core): reduce mock reset overhead in targeted suites
2026-02-22 08:40:29 +00:00
8a0a28763e
test(core): reduce mock reset overhead across unit and e2e specs
2026-02-22 08:22:58 +00:00
0c1a52307c
fix: align draft/outbound typings and tests
2026-02-22 08:03:29 +00:00
4f7032fbd9
test(utils): share temp-dir helper across cli and web tests
2026-02-22 07:44:57 +00:00
9d17a30643
refactor(cli): share pinned npm install record helper
2026-02-22 07:44:56 +00:00
2d4e4e2288
refactor(cli): share npm install metadata helpers
2026-02-22 07:44:56 +00:00
d6ad647f56
test(cli): share nodes ios fixture helpers
2026-02-22 07:44:56 +00:00
fb73c0034e
refactor(cli): extract fish completion line builders
2026-02-22 07:44:56 +00:00
fc54e3eabd
test(cli): dedupe cron shared test fixtures
2026-02-22 07:44:56 +00:00
ae07d3fa0f
test(cli): dedupe update restart fallback scenario setup
2026-02-22 07:44:56 +00:00
266b3a356d
refactor(cli): dedupe allowlist command wiring
2026-02-22 07:44:56 +00:00
7c9e1bada0
refactor(cli): dedupe channel auth resolution flow
2026-02-22 07:44:56 +00:00
c21792f5a0
refactor(cli): dedupe skills command report loading
2026-02-22 07:44:56 +00:00
e729c992a7
test(cli): use lightweight clears in daemon lifecycle setup
2026-02-22 07:35:55 +00:00
f28fcf243a
test(cli): use lightweight clears in message helper and gateway chat setup
2026-02-22 07:35:54 +00:00
c2600c5d75
test(cli): use lightweight clear for gateway discover beacon mock
2026-02-22 07:35:54 +00:00
42f27ca39d
test(cli): seed stable defaults while replacing setup resets
2026-02-22 07:35:54 +00:00
391d32d461
test(cli): use lightweight clear for cron gateway mock
2026-02-22 07:35:54 +00:00
cea5bcc4ac
test(cli): use lightweight clear for memory manager mock
2026-02-22 07:35:54 +00:00
0858512abd
test(cli): use lightweight clear for logs gateway mock
2026-02-22 07:35:54 +00:00
ab159a68c9
test(cli): use lightweight clears for browser extension runtime spies
2026-02-22 07:35:54 +00:00
a038ad29f9
test(cli): keep pairing notify mock on clear with default resolve
2026-02-22 07:35:54 +00:00
e36f857e46
test(cli): seed restart and doctor defaults with lightweight clears
2026-02-22 07:35:54 +00:00
142e8cb383
test(cli): use lightweight clears for devices runtime/detail mocks
2026-02-22 07:35:54 +00:00
67aef31187
test(cli): replace setup mock resets with clears in update suite
2026-02-22 07:35:54 +00:00
73b4330d4c
CLI/Config: keep explicitly unset keys removed
2026-02-21 21:08:04 -08:00
8920e281cc
Plugins: allowlist plugins when enabling from CLI
2026-02-21 19:37:26 -08:00
548c227411
test: fix nodes camera case typing for CI
2026-02-22 00:38:36 +01:00
8af676edb3
test: tighten web and cron cli timeout budgets
2026-02-21 23:36:24 +00:00
4ab85cee0b
test(cli): table-drive repeated argv and byte-size checks
2026-02-21 23:28:07 +00:00
dd4e8f8098
test(cli): table-drive camera url failure cases
2026-02-21 23:28:07 +00:00
0e1aa77928
chore(tsgo/format): fix CI errors
2026-02-21 17:51:56 -05:00
861718e4dc
test: group remaining suite cleanups
2026-02-21 21:44:57 +00:00
a1ccd03da0
refactor(cli): share outbound send dependency mapping
2026-02-21 21:40:39 +00:00
84686db850
refactor(cli): dedupe system gateway action handling
2026-02-21 21:40:39 +00:00
a04cdc0390
refactor(cli): share update global command runner adapter
2026-02-21 21:40:39 +00:00
944913fc98
refactor(cli): extract shared command-removal and timeout action helpers
2026-02-21 21:40:39 +00:00
merlin
Daniel dos Santos Reis
Mariano
Tyson Cung
yuweuii
Radek Sienkiewicz
bbblending
Peter Steinberger
Tyler Yust
shichangs
Vincent Koc
Tak Hoffman
Altay
Ayaan Zaidi
Josh Avant
Jason
Ayaan Zaidi
Kesku
zerone0x
Gustavo Madeira Santana
Shadow
Sid
scoootscooob
bmendonca3
Evgeny Zislis
Robin Waslander
Ajay Elika
tda
Peter Machona
kleebaker
cyb1278588254
Altay
Jose E Velez
0xbrak
wangchunyue
Marvin
Xinhua Gu
Rafal
Shakker
Liu Yuan
Matt Hulme
Marcus Castro
HCL
John Fawcett
Gustavo Madeira Santana
Frank Yang
SleuthCo.AI
maweibin
jeffr
Vignesh Natarajan