f9e185887f
docs: restore onboard docs references
2026-03-16 05:50:57 +00:00
823039c000
docs: prefer setup wizard command
2026-03-15 22:01:04 -07:00
0a2f95916b
test: expand ssh sandbox coverage and docs
2026-03-15 21:38:22 -07:00
b8bb8510a2
feat: move ssh sandboxing into core
2026-03-15 21:35:30 -07:00
be8fef3840
docs: expand openshell sandbox docs
2026-03-15 20:35:56 -07:00
ae7f18e503
feat: add remote openshell sandbox mode
2026-03-15 20:28:19 -07:00
dd40741e18
feat(plugins): add compatible bundle support
2026-03-15 16:08:50 -07:00
132e459009
fix(ci): config drift found and documented
2026-03-15 10:43:03 -07:00
ff61343d76
fix: harden mention pattern regex compilation
2026-03-15 08:44:12 -07:00
a472f988d8
fix: harden remote cdp probes
2026-03-15 08:23:01 -07:00
2806f2b878
Heartbeat: add isolatedSession option for fresh session per heartbeat run ( #46634 )
...
Reuses the cron isolated session pattern (resolveCronSession with forceNew)
to give each heartbeat a fresh session with no prior conversation history.
Reduces per-heartbeat token cost from ~100K to ~2-5K tokens.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-14 16:28:01 -07:00
b6d1d0d72d
fix(browser): prefer user profile over chrome relay
2026-03-14 04:15:34 +00:00
55f47e5ce6
onboard(minimax): flatten auth to 4 direct choices, unify CN/Global under single provider ( #44284 )
...
Replace the multi-step MiniMax onboarding wizard with 4 flat options:
- MiniMax Global — OAuth (minimax.io)
- MiniMax Global — API Key (minimax.io)
- MiniMax CN — OAuth (minimaxi.com)
- MiniMax CN — API Key (minimaxi.com)
Storage changes:
- Unify CN and Global under provider "minimax" (baseUrl distinguishes region)
- Profiles: minimax:global / minimax:cn (both regions can coexist)
- Model ref: minimax/MiniMax-M2.5 (no more minimax-cn/ prefix)
- Remove LM Studio local mode and Lightning/Highspeed choice
Backward compatibility:
- Keep minimax-cn in provider-env-vars for existing configs
- Accept minimax-cn as legacy tokenProvider in CI pipelines
- Error with migration hint for removed auth choices in non-interactive mode
- Warn when dual-profile overwrites shared provider baseUrl
Made-with: Cursor
2026-03-12 11:23:42 -07:00
b77b7485e0
feat(push): add iOS APNs relay gateway ( #43369 )
...
* feat(push): add ios apns relay gateway
* fix(shared): avoid oslog string concatenation
# Conflicts:
# apps/shared/OpenClawKit/Sources/OpenClawKit/GatewayChannel.swift
* fix(push): harden relay validation and invalidation
* fix(push): persist app attest state before relay registration
* fix(push): harden relay invalidation and url handling
* feat(push): use scoped relay send grants
* feat(push): configure ios relay through gateway config
* feat(push): bind relay registration to gateway identity
* fix(push): tighten ios relay trust flow
* fix(push): bound APNs registration fields (#43369 ) (thanks @ngutman)
2026-03-12 18:15:35 +02:00
0bcb95e8fa
Models: enforce source-managed SecretRef markers in models.json ( #43759 )
...
Merged via squash.
Prepared head SHA: 4a065ef5d8
2026-03-12 02:22:52 -05:00
7761e7626f
Providers: add Opencode Go support ( #42313 )
...
* feat(providers): add opencode-go provider support and onboarding
* Onboard: unify OpenCode auth handling openclaw#42313 thanks @ImLukeF
* Docs: merge OpenCode Zen and Go docs openclaw#42313 thanks @ImLukeF
* Update CHANGELOG.md
---------
Co-authored-by: Ubuntu <ubuntu@vps-90352893.vps.ovh.ca>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-11 01:31:06 -04:00
0125ce1f44
Gateway: fail closed unresolved local auth SecretRefs ( #42672 )
...
* Gateway: fail closed unresolved local auth SecretRefs
* Docs: align node-host gateway auth precedence
* CI: resolve rebase breakages in checks lanes
* Tests: isolate LOCAL_REMOTE_FALLBACK_TOKEN env state
* Gateway: remove stale remote.enabled auth-surface semantics
* Changelog: note gateway SecretRef fail-closed fix
2026-03-10 21:41:56 -05:00
8eac939417
fix(security): enforce target account configWrites
2026-03-11 01:24:36 +00:00
201420a7ee
fix: harden secret-file readers
2026-03-10 23:40:10 +00:00
d30dc28b8c
Secrets: reject exec SecretRef traversal ids across schema/runtime/gateway ( #42370 )
...
* Secrets: harden exec SecretRef validation and reload LKG coverage
* Tests: harden exec fast-exit stdin regression case
* Tests: align lifecycle daemon test formatting with oxfmt 0.36
2026-03-10 13:45:37 -05:00
0687e04760
fix: thread runtime config through Discord/Telegram sends ( #42352 ) (thanks @joshavant) ( #42352 )
2026-03-10 13:30:57 -05:00
d3111fbbcb
fix: make browser relay bind address configurable ( #39364 ) (thanks @mvanhorn)
2026-03-08 19:15:21 +00:00
caf1b84822
feat: allow compaction model override via config ( #38753 )
...
Merged via squash.
Prepared head SHA: a3d6d6c845
2026-03-08 10:47:34 -07:00
b4c8950417
refactor: centralize talk silence timeout defaults
2026-03-08 14:58:29 +00:00
6ff7e8f42e
talk: add configurable silence timeout
2026-03-08 14:30:25 +00:00
59102a1ff7
fix: add gemini 3.1 flash-lite support
2026-03-08 05:12:48 +00:00
100da9f45c
fix: correct gemini flash model id
2026-03-08 02:32:58 +00:00
5f8f58ae25
fix(gateway): require admin for chat config writes
2026-03-07 19:38:49 +00:00
8e20dd22d8
Secrets: harden SecretRef-safe models.json persistence ( #38955 )
2026-03-07 11:28:39 -06:00
1dd4f92ea2
fix: default local onboarding tools profile to coding
2026-03-07 16:41:27 +00:00
03b9abab84
feat(compaction): make post-compaction context sections configurable ( #34556 )
...
Merged via squash.
Prepared head SHA: 491bb28544
2026-03-06 14:57:15 -08:00
9c1786bdd6
Telegram/Discord: honor outbound mediaMaxMb uploads ( #38065 )
...
* Telegram: default media cap to 100MB
* Telegram: honor outbound mediaMaxMb
* Discord: add shared media upload cap
* Discord: pass mediaMaxMb to outbound sends
* Telegram: cover outbound media cap sends
* Discord: cover media upload cap config
* Docs: update Telegram media cap guide
* Docs: update Telegram config reference
* Changelog: note media upload cap fix
* Docs: note Discord upload cap behavior
2026-03-06 10:53:06 -05:00
5470337b1c
docs(config): list the context engine plugin slot
2026-03-06 08:53:30 -05:00
688b72e158
plugins: enforce prompt hook policy with runtime validation ( #36567 )
...
Merged via squash.
Prepared head SHA: 6b9d883b6a
2026-03-05 18:15:54 -05:00
98aecab7bd
Docs: cover heartbeat, cron, and plugin route updates
2026-03-05 17:05:21 -05:00
1d3962a000
Docs: update gateway config reference for Slack and TTS
2026-03-05 16:57:40 -05:00
72cf9253fc
Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails ( #35094 )
2026-03-05 12:53:56 -06:00
6a705a37f2
ACP: add persistent Discord channel and Telegram topic bindings ( #34873 )
...
* docs: add ACP persistent binding experiment plan
* docs: align ACP persistent binding spec to channel-local config
* docs: scope Telegram ACP bindings to forum topics only
* docs: lock bound /new and /reset behavior to in-place ACP reset
* ACP: add persistent discord/telegram conversation bindings
* ACP: fix persistent binding reuse and discord thread parent context
* docs: document channel-specific persistent ACP bindings
* ACP: split persistent bindings and share conversation id helpers
* ACP: defer configured binding init until preflight passes
* ACP: fix discord thread parent fallback and explicit disable inheritance
* ACP: keep bound /new and /reset in-place
* ACP: honor configured bindings in native command flows
* ACP: avoid configured fallback after runtime bind failure
* docs: refine ACP bindings experiment config examples
* acp: cut over to typed top-level persistent bindings
* ACP bindings: harden reset recovery and native command auth
* Docs: add ACP bound command auth proposal
* Tests: normalize i18n registry zh-CN assertion encoding
* ACP bindings: address review findings for reset and fallback routing
* ACP reset: gate hooks on success and preserve /new arguments
* ACP bindings: fix auth and binding-priority review findings
* Telegram ACP: gate ensure on auth and accepted messages
* ACP bindings: fix session-key precedence and unavailable handling
* ACP reset/native commands: honor fallback targets and abort on bootstrap failure
* Config schema: validate ACP binding channel and Telegram topic IDs
* Discord ACP: apply configured DM bindings to native commands
* ACP reset tails: dispatch through ACP after command handling
* ACP tails/native reset auth: fix target dispatch and restore full auth
* ACP reset detection: fallback to active ACP keys for DM contexts
* Tests: type runTurn mock input in ACP dispatch test
* ACP: dedup binding route bootstrap and reset target resolution
* reply: align ACP reset hooks with bound session key
* docs: replace personal discord ids with placeholders
* fix: add changelog entry for ACP persistent bindings (#34873 ) (thanks @dutifulbob)
---------
Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
2026-03-05 09:38:12 +01:00
e4b4486a96
Agent: unify bootstrap truncation warning handling ( #32769 )
...
Merged via squash.
Prepared head SHA: 5d6d4ddfa6
2026-03-03 16:28:38 -05:00
65816657c2
feat(discord): add allowBots mention gating
2026-03-03 12:47:25 -06:00
05446d6b6b
docs: document discord ignoreOtherMentions
2026-03-03 11:26:20 -06:00
e28ff1215c
fix: discord auto presence health signal ( #33277 ) (thanks @thewilloftheshadow) ( #33277 )
2026-03-03 11:20:59 -06:00
4ffe15c6b2
fix(telegram): warn when accounts.default is missing in multi-account setup ( #32544 )
...
Merged via squash.
Prepared head SHA: 7ebc3f65b2
2026-03-03 03:27:19 -05:00
b1b41eb443
feat(mattermost): add native slash command support (refresh) ( #32467 )
...
Merged via squash.
Prepared head SHA: 989126574e
2026-03-03 12:39:18 +05:30
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
bd8c3230e8
fix: force supportsDeveloperRole=false for non-native OpenAI endpoints ( #29479 )
...
Merged via squash.
Prepared head SHA: 1416c584ac
2026-03-02 20:43:49 -05:00
1b5ac8b0b1
feat(cli): add configurable banner tagline mode
2026-03-03 00:31:51 +00:00
6b85ec3022
docs: tighten subscription guidance and update MiniMax M2.5 refs
2026-03-03 00:02:37 +00:00
a19a7f5e6e
feat(security): Harden Docker browser container chromium flags ( #23889 ) ( #31504 )
...
* Gateway: honor OPENCLAW_GATEWAY_URL override for remote/local calls
* Agents: fix sandbox sessionKey usage for PI embedded subagent calls
* Sandbox: tighten browser container Chromium runtime flags
* fix: add sandbox browser defaults for container hardening
* docs: expand sandbox browser default flags list
* fix: make sandbox browser flags optional and preserve gateway env auth overrides
* docs: scope PR 31504 changelog entry
* style: format gateway call override handling
* fix: dedupe sandbox browser chrome args
* fix: preserve remote tls fingerprint for env gateway override
* fix: enforce auth for env gateway URL override
* chore: document gateway override auth security expectations
2026-03-02 11:28:27 -08:00
cf5702233c
docs(security)!: document messaging-only onboarding default and hook/model risk
2026-03-02 18:15:49 +00:00
Peter Steinberger
Vincent Koc
George Zhang
liyuan97
Nimrod Gutman
Josh Avant
Luke
GitBuck
dano does design
Efe Büken
Gustavo Madeira Santana
Bob
Shadow
Shadow
Sid
Muhammed Mukhthar CM
Sk Akram