f9e185887f
docs: restore onboard docs references
2026-03-16 05:50:57 +00:00
823039c000
docs: prefer setup wizard command
2026-03-15 22:01:04 -07:00
132e459009
fix(ci): config drift found and documented
2026-03-15 10:43:03 -07:00
ff61343d76
fix: harden mention pattern regex compilation
2026-03-15 08:44:12 -07:00
e986aa175f
docs: fix session key :dm: → :direct ( #26506 )
2026-03-13 14:28:33 +05:30
b77b7485e0
feat(push): add iOS APNs relay gateway ( #43369 )
...
* feat(push): add ios apns relay gateway
* fix(shared): avoid oslog string concatenation
# Conflicts:
# apps/shared/OpenClawKit/Sources/OpenClawKit/GatewayChannel.swift
* fix(push): harden relay validation and invalidation
* fix(push): persist app attest state before relay registration
* fix(push): harden relay invalidation and url handling
* feat(push): use scoped relay send grants
* feat(push): configure ios relay through gateway config
* feat(push): bind relay registration to gateway identity
* fix(push): tighten ios relay trust flow
* fix(push): bound APNs registration fields (#43369 ) (thanks @ngutman)
2026-03-12 18:15:35 +02:00
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
cf5702233c
docs(security)!: document messaging-only onboarding default and hook/model risk
2026-03-02 18:15:49 +00:00
a7929abad8
Discord: thread bindings idle + max-age lifecycle ( #27845 ) (thanks @osolmaz)
...
* refactor discord thread bindings to idle and max-age lifecycle
* fix: migrate legacy thread binding expiry and reduce hot-path disk writes
* refactor: remove remaining thread-binding ttl legacy paths
* fix: harden thread-binding lifecycle persistence
* Discord: fix thread binding types in message/reply paths
* Infra: handle win32 unknown inode in file identity checks
* Infra: relax win32 guarded-open identity checks
* Config: migrate threadBindings ttlHours to idleHours
* Revert "Infra: relax win32 guarded-open identity checks"
This reverts commit de9412677196fc5ddfb3#27845 ) (thanks @osolmaz)
---------
Co-authored-by: Onur Solmaz <onur@textcortex.com>
2026-02-27 10:02:39 +01:00
bde9cbb058
docs(secrets): align provider model and add exec resolver coverage
2026-02-26 14:47:22 +00:00
c0a3801086
Docs: document secrets refs runtime and migration
2026-02-26 14:47:22 +00:00
8a006a3260
feat(heartbeat): add directPolicy and restore default direct delivery
2026-02-26 03:57:03 +01:00
a805d6b439
fix(heartbeat): block dm targets and internalize blocked prompts
2026-02-25 02:05:45 +00:00
eff3c5c707
Session/Cron maintenance hardening and cleanup UX ( #24753 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7533b85156
2026-02-23 22:39:48 +00:00
817905f3a0
docs: document thread-bound subagent sessions and remove plan
2026-02-21 19:59:55 +01:00
ff74d89e86
fix: harden gateway control-plane restart protections
2026-02-19 14:30:15 +01:00
4c569ce246
docs(tokens): document image dimension token tradeoffs
2026-02-18 00:56:57 +01:00
b05e89e5e6
fix(agents): make image sanitization dimension configurable
2026-02-18 00:54:20 +01:00
13aface863
fix(config): accept $schema key in root config ( #15280 )
...
* fix(config): accept $schema key in root config (#14998 )
* fix: strip $schema via preprocess to avoid spurious UI section
* fix(config): allow root without zod preprocess wrapper
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 03:07:12 +01:00
3421b2ec1e
fix: harden hook session key routing defaults
2026-02-13 02:09:14 +01:00
3ed06c6f36
docs: modernize gateway configuration page (Phase 1) ( #14111 )
...
* docs(configuration): split into overview + full reference with Mintlify components
* docs(configuration): use tooltip for JSON5 format note
* docs(configuration): fix Accordion closing tags inside list contexts
* docs(configuration): expand intro to reflect full config surface
* docs(configuration): trim intro to three concise bullets
* docs(configuration-examples): revert all branch changes
* docs(configuration): improve hot-reload section with tabs and accordion
* docs(configuration): uncramp hot-reload — subheadings, bullet list, warning
* docs(configuration): restore hot-apply vs restart table
* docs(configuration): fix hot-reload table against codebase
* docs: add configuration-reference.md — full field-by-field reference
* docs(gateway): refresh runbook and align config reference
* docs: include pending docs updates and install graphic
2026-02-11 10:44:34 -05:00
ca629296c6
feat(hooks): add agentId support to webhook mappings ( #13672 )
...
* feat(hooks): add agentId support to webhook mappings
Allow webhook mappings to route hook runs to a specific agent via
the new `agentId` field. This enables lightweight agents with minimal
bootstrap files to handle webhooks, reducing token cost per hook run.
The agentId is threaded through:
- HookMappingConfig (config type + zod schema)
- HookMappingResolved + HookAction (mapping types)
- normalizeHookMapping + buildActionFromMapping (mapping logic)
- mergeAction (transform override support)
- HookAgentPayload + normalizeAgentPayload (direct /hooks/agent endpoint)
- dispatchAgentHook → CronJob.agentId (server dispatch)
The existing runCronIsolatedAgentTurn already supports agentId on
CronJob — this change simply wires it through from webhook mappings.
Usage in config:
hooks.mappings[].agentId = "my-agent"
Usage via POST /hooks/agent:
{ "message": "...", "agentId": "my-agent" }
Includes tests for mapping passthrough and payload normalization.
Includes doc updates for webhook.md.
* fix(hooks): enforce webhook agent routing policy + docs/changelog updates (#13672 ) (thanks @BillChirico)
* fix(hooks): harden explicit agent allowlist semantics (#13672 ) (thanks @BillChirico)
---------
Co-authored-by: Pip <pip@openclaw.ai>
Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com>
2026-02-10 19:23:58 -05:00
47f6bb4146
Commands: add commands.allowFrom config
2026-02-09 23:58:52 -06:00
e19a23520c
fix: unify session maintenance and cron run pruning ( #13083 )
...
* fix: prune stale session entries, cap entry count, and rotate sessions.json
The sessions.json file grows unbounded over time. Every heartbeat tick (default: 30m)
triggers multiple full rewrites, and session keys from groups, threads, and DMs
accumulate indefinitely with large embedded objects (skillsSnapshot,
systemPromptReport). At >50MB the synchronous JSON parse blocks the event loop,
causing Telegram webhook timeouts and effectively taking the bot down.
Three mitigations, all running inside saveSessionStoreUnlocked() on every write:
1. Prune stale entries: remove entries with updatedAt older than 30 days
(configurable via session.maintenance.pruneDays in openclaw.json)
2. Cap entry count: keep only the 500 most recently updated entries
(configurable via session.maintenance.maxEntries). Entries without updatedAt
are evicted first.
3. File rotation: if the existing sessions.json exceeds 10MB before a write,
rename it to sessions.json.bak.{timestamp} and keep only the 3 most recent
backups (configurable via session.maintenance.rotateBytes).
All three thresholds are configurable under session.maintenance in openclaw.json
with Zod validation. No env vars.
Existing tests updated to use Date.now() instead of epoch-relative timestamps
(1, 2, 3) that would be incorrectly pruned as stale.
27 new tests covering pruning, capping, rotation, and integration scenarios.
* feat: auto-prune expired cron run sessions (#12289 )
Add TTL-based reaper for isolated cron run sessions that accumulate
indefinitely in sessions.json.
New config option:
cron.sessionRetention: string | false (default: '24h')
The reaper runs piggy-backed on the cron timer tick, self-throttled
to sweep at most every 5 minutes. It removes session entries matching
the pattern cron:<jobId>:run:<uuid> whose updatedAt + retention < now.
Design follows the Kubernetes ttlSecondsAfterFinished pattern:
- Sessions are persisted normally (observability/debugging)
- A periodic reaper prunes expired entries
- Configurable retention with sensible default
- Set to false to disable pruning entirely
Files changed:
- src/config/types.cron.ts: Add sessionRetention to CronConfig
- src/config/zod-schema.ts: Add Zod validation for sessionRetention
- src/cron/session-reaper.ts: New reaper module (sweepCronRunSessions)
- src/cron/session-reaper.test.ts: 12 tests covering all paths
- src/cron/service/state.ts: Add cronConfig/sessionStorePath to deps
- src/cron/service/timer.ts: Wire reaper into onTimer tick
- src/gateway/server-cron.ts: Pass config and session store path to deps
Closes #12289
* fix: sweep cron session stores per agent
* docs: add changelog for session maintenance (#13083 ) (thanks @skyfallsin, @Glucksberg)
* fix: add warn-only session maintenance mode
* fix: warn-only maintenance defaults to active session
* fix: deliver maintenance warnings to active session
* docs: add session maintenance examples
* fix: accept duration and size maintenance thresholds
* refactor: share cron run session key check
* fix: format issues and replace defaultRuntime.warn with console.warn
---------
Co-authored-by: Pradeep Elankumaran <pradeepe@gmail.com>
Co-authored-by: Glucksberg <markuscontasul@gmail.com>
Co-authored-by: max <40643627+quotentiroler@users.noreply.github.com>
Co-authored-by: quotentiroler <max.nussbaumer@maxhealth.tech>
2026-02-09 20:42:35 -08:00
223eee0a20
refactor: unify peer kind to ChatType, rename dm to direct ( #11881 )
...
* fix: use .js extension for ESM imports of RoutePeerKind
The imports incorrectly used .ts extension which doesn't resolve
with moduleResolution: NodeNext. Changed to .js and added 'type'
import modifier.
* fix tsconfig
* refactor: unify peer kind to ChatType, rename dm to direct
- Replace RoutePeerKind with ChatType throughout codebase
- Change 'dm' literal values to 'direct' in routing/session keys
- Keep backward compat: normalizeChatType accepts 'dm' -> 'direct'
- Add ChatType export to plugin-sdk, deprecate RoutePeerKind
- Update session key parsing to accept both 'dm' and 'direct' markers
- Update all channel monitors and extensions to use ChatType
BREAKING CHANGE: Session keys now use 'direct' instead of 'dm'.
Existing 'dm' keys still work via backward compat layer.
* fix tests
* test: update session key expectations for dmdirect migration
- Fix test expectations to expect :direct: in generated output
- Add explicit backward compat test for normalizeChatType('dm')
- Keep input test data with :dm: keys to verify backward compat
* fix: accept legacy 'dm' in session key parsing for backward compat
getDmHistoryLimitFromSessionKey now accepts both :dm: and :direct:
to ensure old session keys continue to work correctly.
* test: add explicit backward compat tests for dmdirect migration
- session-key.test.ts: verify both :dm: and :direct: keys are valid
- getDmHistoryLimitFromSessionKey: verify both formats work
* feat: backward compat for resetByType.dm config key
* test: skip unix-path Nix tests on Windows
2026-02-09 09:20:52 +09:00
929a3725d3
docs: canonicalize docs paths and align zh navigation ( #11428 )
...
* docs(navigation): canonicalize paths and align zh nav
* chore(docs): remove stray .DS_Store
* docs(scripts): add non-mint docs link audit
* docs(nav): fix zh source paths and preserve legacy redirects (#11428 ) (thanks @sebslight)
* chore(docs): satisfy lint for docs link audit script (#11428 ) (thanks @sebslight)
2026-02-07 15:40:35 -05:00
a4d5c7f673
docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list ( #8105 )
...
* docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list
Fixes #7928
The documentation for skipBootstrap and workspace setup was missing
HEARTBEAT.md and MEMORY.md from the bootstrap files list.
Changes:
- docs/gateway/configuration.md: Add HEARTBEAT.md and MEMORY.md
- docs/zh-CN/gateway/configuration.md: Same for Chinese version
- docs/start/openclaw.md: Add HEARTBEAT.md, clarify MEMORY.md is optional
- docs/zh-CN/start/openclaw.md: Same for Chinese version
* fix: reference PR number instead of issue in CHANGELOG
* docs(workspace): align bootstrap file docs with runtime (#8105 )
---------
Co-authored-by: damaozi <1811866786@qq.com>
Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>
2026-02-07 10:51:44 -05:00
578a6e27aa
Docs: enable markdownlint autofixables except list numbering ( #10476 )
...
* docs(markdownlint): enable autofixable rules except list numbering
* docs(zalo): fix malformed bot platform link
2026-02-06 10:08:59 -05:00
0a1f4f666a
revert(docs): undo markdownlint autofix churn
2026-02-06 10:00:08 -05:00
c7aec0660e
docs(markdownlint): enable autofixable rules and normalize links
2026-02-06 09:55:12 -05:00
1bf9f237f7
docs: linting
2026-02-06 09:35:57 -05:00
717129f7f9
fix: silence unused hook token url param ( #9436 )
...
* fix: Gateway authentication token exposed in URL query parameters
* fix: silence unused hook token url param
* fix: remove gateway auth tokens from URLs (#9436 ) (thanks @coygeek)
* test: fix Windows path separators in audit test (#9436 )
---------
Co-authored-by: George Pickett <gpickett00@gmail.com>
2026-02-05 18:08:29 -08:00
4629054403
chore: apply local workspace updates ( #9911 )
...
* chore: apply local workspace updates
* fix: resolve prep findings after rebase (#9898 ) (thanks @gumadeiras)
* refactor: centralize model allowlist normalization (#9898 ) (thanks @gumadeiras)
* fix: guard model allowlist initialization (#9911 )
* docs: update changelog scope for #9911
* docs: remove model names from changelog entry (#9911 )
* fix: satisfy type-aware lint in model allowlist (#9911 )
2026-02-05 16:54:44 -05:00
5d82c82313
feat: per-channel responsePrefix override ( #9001 )
...
* feat: per-channel responsePrefix override
Add responsePrefix field to all channel config types and Zod schemas,
enabling per-channel and per-account outbound response prefix overrides.
Resolution cascade (most specific wins):
L1: channels.<ch>.accounts.<id>.responsePrefix
L2: channels.<ch>.responsePrefix
L3: (reserved for channels.defaults)
L4: messages.responsePrefix (existing global)
Semantics:
- undefined -> inherit from parent level
- empty string -> explicitly no prefix (stops cascade)
- "auto" -> derive [identity.name] from routed agent
Changes:
- Core logic: resolveResponsePrefix() in identity.ts accepts
optional channel/accountId and walks the cascade
- resolveEffectiveMessagesConfig() passes channel context through
- Types: responsePrefix added to WhatsApp, Telegram, Discord, Slack,
Signal, iMessage, Google Chat, MS Teams, Feishu, BlueBubbles configs
- Zod schemas: responsePrefix added for config validation
- All channel handlers wired: telegram, discord, slack, signal,
imessage, line, heartbeat runner, route-reply, native commands
- 23 new tests covering backward compat, channel/account levels,
full cascade, auto keyword, empty string stops, unknown fallthrough
Fully backward compatible - no existing config is affected.
Fixes #8857
* fix: address CI lint + review feedback
- Replace Record<string, any> with proper typed helpers (no-explicit-any)
- Add curly braces to single-line if returns (eslint curly)
- Fix JSDoc: 'Per-channel' → 'channel/account' on shared config types
- Extract getChannelConfig() helper for type-safe dynamic key access
* fix: finish responsePrefix overrides (#9001 ) (thanks @mudrii)
* fix: normalize prefix wiring and types (#9001 ) (thanks @mudrii)
---------
Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com>
2026-02-04 16:16:34 -05:00
6fdb136688
docs: document secure DM mode preset ( #7872 )
...
* docs: document secure DM mode preset
* fix: resolve merge conflict in resizable-divider
2026-02-04 06:55:13 +00:00
1c6b25ddbb
feat: add support for Moonshot API key for China endpoint
2026-02-03 21:58:51 -08:00
d3ba57b7d7
feat: add configurable web_fetch maxChars cap
2026-02-03 18:03:53 -08:00
5935c4d23d
fix(ui): fix web UI after tsdown migration and typing changes
2026-02-03 13:56:20 -05:00
ca92597e1f
Merge commit from fork
2026-02-01 10:43:54 +01:00
abcaa8c7a9
Docs: add nav titles across docs ( #5689 )
2026-01-31 15:04:03 -06:00
8cab78abbc
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
bf15d0a3f5
Auth: switch Kimi Coding to built-in provider
2026-01-31 06:04:10 +01:00
9a7160786a
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
b6a3a91edf
fix: wire per-account dm scope guidance ( #3095 ) (thanks @jarvis-sam)
2026-01-28 11:42:33 +05:30
394308076a
Update Moonshot Kimi model references from kimi-k2-0905-preview to the latest kimi-k2.5
2026-01-27 21:10:59 -06:00
6d16a658e5
refactor: rename clawdbot to moltbot with legacy compat
2026-01-27 12:21:02 +00:00
78f0bc3ec0
fix(browser): gate evaluate behind config flag
2026-01-27 05:00:39 +00:00
e7fdccce39
refactor: route browser control via gateway/node
2026-01-27 03:24:54 +00:00
b861a0bd73
Telegram: harden network retries and config
...
Co-authored-by: techboss <techboss@users.noreply.github.com>
2026-01-26 19:36:43 -05:00
0f8f0fb9d7
docs: clarify command authorization for exec directives
2026-01-26 22:18:41 +00:00
Peter Steinberger
Vincent Koc
Jealous
Nimrod Gutman
Josh Avant
Onur Solmaz
Gustavo Madeira Santana
大猫子
Seb Slight
Bill Chirico
Shadow
max
大猫子
Coy Geek
mudrii
Lucas Kim
Liu Weizhan
Gustavo Madeira Santana
Armin Ronacher
Seb Slight
cpojer
Mario Zechner
Ayaan Zaidi
Boran Cui