de49a8b72c
Telegram: exec approvals for OpenCode/Codex ( #37233 )
...
Merged via squash.
Prepared head SHA: f243379094
2026-03-09 23:04:35 -04:00
0c7f07818f
acp: add regression coverage and smoke-test docs ( #41456 )
...
Merged via squash.
Prepared head SHA: 514d587352
2026-03-09 22:40:14 +01:00
adec8b28bb
alphabetize web search providers ( #40259 )
...
Merged via squash.
Prepared head SHA: be6350e5ae
2026-03-09 08:54:54 +05:30
9d467d1620
docs: add WSL2 + Windows remote Chrome CDP troubleshooting ( #39407 ) (thanks @Owlock)
2026-03-08 19:21:42 +00:00
d3111fbbcb
fix: make browser relay bind address configurable ( #39364 ) (thanks @mvanhorn)
2026-03-08 19:15:21 +00:00
f9c220e261
test+docs: comprehensive coverage and generic framing
...
- Add 12 new tests covering: isWebSocketUrl detection, parseHttpUrl WSS
acceptance/rejection, direct WS target creation with query params,
SSRF enforcement on WS URLs, WS reachability probing bypasses HTTP
- Reframe docs section as generic "Direct WebSocket CDP providers" with
Browserbase as one example — any WSS-based provider works
- Update security tips to mention WSS alongside HTTPS
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
75602014db
feat(browser): support direct WebSocket CDP URLs for Browserbase
...
Browserbase uses direct WebSocket connections (wss://) rather than the
standard HTTP-based /json/version CDP discovery flow used by Browserless.
This change teaches the browser tool to accept ws:// and wss:// URLs as
cdpUrl values: when a WebSocket URL is detected, OpenClaw connects
directly instead of attempting HTTP discovery.
Changes:
- config.ts: accept ws:// and wss:// in cdpUrl validation
- cdp.helpers.ts: add isWebSocketUrl() helper
- cdp.ts: skip /json/version when cdpUrl is already a WebSocket URL
- chrome.ts: probe WSS endpoints via WebSocket handshake instead of HTTP
- cdp.test.ts: add test for direct WebSocket target creation
- docs/tools/browser.md: update Browserbase section with correct URL
format and notes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
3cf75f760c
docs: simplify Browserbase section, drop pricing details
...
Restore platform-level feature description (CAPTCHA solving, stealth
mode, proxies) without plan-specific pricing gating. Keep free tier
note brief.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
ae39a152d8
docs: fact-check Browserbase section against official docs
...
- Fix CAPTCHA/stealth/proxy claims: these are Developer plan+ only,
not available on free tier
- Fix free tier limits: 1 browser hour, 15-min session duration
(not "60 minutes of monthly usage")
- Add link to pricing page for paid plan details
- Simplify structure to match Browserless section format
- Remove sub-headings to match Browserless section style
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
efa1204183
docs: restore direct wss://connect.browserbase.com URL
...
Browserbase exposes a direct WebSocket connect endpoint that
auto-creates a session, similar to how Browserless works. Simplified
the section to use this static URL pattern instead of requiring
manual session creation via the API.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
9a4610c641
docs: fix Browserbase section to match official docs
...
Browserbase requires creating a session via their API to get a CDP
connect URL, unlike Browserless which uses a static endpoint. Updated
to show the correct curl-based session creation flow, removed
unverified static WebSocket URL, and added the 5-minute connect
timeout note from official docs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
c0a988f692
docs: fix duplicate heading lint error
...
Rename "Configuration" sub-heading to "Profile setup" to avoid
MD024/no-duplicate-heading conflict with the existing top-level
"Configuration" heading.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
641e1bacb4
docs: add Browserbase as hosted remote CDP option
...
Add Browserbase documentation section alongside the existing Browserless
section in the browser docs. Includes signup instructions, CDP connection
configuration, and environment variable setup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
0252bdc837
Revert "docs: add Browserbase as hosted remote CDP option"
...
This reverts commit c469657c97848c7a3e1e5135bf4ce735d07d6614.
2026-03-08 18:48:10 +00:00
885199dcaa
docs: add Browserbase as hosted remote CDP option
...
Add Browserbase documentation section alongside the existing Browserless
section in the browser docs. Includes signup instructions, CDP connection
configuration, and environment variable setup for both English and Chinese
(zh-CN) translations.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
55465d86d9
Docs: use placeholder OpenRouter key in web tool docs
2026-03-08 11:16:03 -07:00
2970d72554
docs: update Brave Search API docs for Feb 2026 plan restructuring ( #40111 )
...
Merged via squash.
Prepared head SHA: c651f07855
2026-03-08 14:06:21 -04:00
28e46d04e5
fix(web-search): restore OpenRouter compatibility for Perplexity ( #39937 ) ( #39937 )
2026-03-08 20:37:54 +05:30
6dadfaa18c
docs: use alphabetical provider ordering
2026-03-08 14:10:36 +00:00
acac7e3132
fix: land Brave llm-context gaps ( #33383 ) (thanks @thirumaleshp)
2026-03-08 13:57:12 +00:00
61000b8e4d
fix(acp): block sandboxed slash spawns
2026-03-08 00:23:07 +00:00
c76d29208b
fix(node-host): bind approved script operands
2026-03-07 23:04:00 +00:00
be9ea991de
fix(discord): avoid native plugin command collisions
2026-03-07 21:59:44 +00:00
ac86deccee
fix(gateway): harden plugin HTTP route auth
2026-03-07 19:55:06 +00:00
253e159700
fix: harden workspace skill path containment
2026-03-07 18:56:15 +00:00
f966dde476
tests: fix detect-secrets false positives ( #39084 )
...
* Tests: rename gateway status env token fixture
* Tests: allowlist feishu onboarding fixtures
* Tests: allowlist Google Chat private key fixture
* Docs: allowlist Brave API key example
* Tests: allowlist pairing password env fixtures
* Chore: refresh detect-secrets baseline
2026-03-07 13:21:29 -05:00
5290d97574
Docs: fix web tools MDX links
2026-03-07 10:15:22 -08:00
61273c072c
Docs: remove MDX-breaking secret markers
2026-03-07 10:09:00 -08:00
e4d80ed556
CI: restore main detect-secrets scan ( #38438 )
...
* Tests: stabilize detect-secrets fixtures
* Tests: fix rebased detect-secrets false positives
* Docs: keep snippets valid under detect-secrets
* Tests: finalize detect-secrets false-positive fixes
* Tests: reduce detect-secrets false positives
* Tests: keep detect-secrets pragmas inline
* Tests: remediate next detect-secrets batch
* Tests: tighten detect-secrets allowlists
* Tests: stabilize detect-secrets formatter drift
2026-03-07 10:06:35 -08:00
3d7bc5958d
feat(onboarding): add web search to onboarding flow ( #34009 )
...
* add web search to onboarding flow
* remove post onboarding step (now redundant)
* post-onboarding nudge if no web search set up
* address comments
* fix test mocking
* add enabled: false assertion to the no-key test
* --skip-search cli flag
* use provider that a user has a key for
* add assertions, replace the duplicated switch blocks
* test for quickstart fast-path with existing config key
* address comments
* cover quickstart falls through to key test
* bring back key source
* normalize secret inputs instead of direct string trimming
* preserve enabled: false if it's already set
* handle missing API keys in flow
* doc updates
* hasExistingKey to detect both plaintext strings and SecretRef objects
* preserve enabled state only on the "keep current" paths
* add test for preserving
* better gate flows
* guard against invalid provider values in config
* Update src/commands/configure.wizard.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* format fix
* only mentions env var when it's actually available
* search apiKey fields now typed as SecretInput
* if no provider check if any search provider key is detectable
* handle both kimi keys
* remove .filter(Boolean)
* do not disable web_search after user enables it
* update resolveSearchProvider
* fix(onboarding): skip search key prompt in ref mode
* fix: add onboarding web search step (#34009 ) (thanks @kesku)
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Shadow <hi@shadowing.dev>
2026-03-06 13:09:00 -06:00
f392b81e95
Infra: require explicit opt-in for prerelease npm installs ( #38117 )
...
* Infra: tighten npm registry spec parsing
* Infra: block implicit prerelease npm installs
* Plugins: cover prerelease install policy
* Infra: add npm registry spec tests
* Hooks: cover prerelease install policy
* Docs: clarify plugin guide version policy
* Docs: clarify plugin install version policy
* Docs: clarify hooks install version policy
* Docs: clarify hook pack version policy
2026-03-06 11:13:30 -05:00
151f26070b
docs: context engine
2026-03-06 08:55:58 -05:00
eb2eebae22
docs(plugins): document context engine slots and registration
2026-03-06 08:53:30 -05:00
e88f6605ec
docs(tools): document slash-delimited config schema lookup paths
2026-03-06 08:53:29 -05:00
ff97195500
Gateway: add path-scoped config schema lookup ( #37266 )
...
Merged via squash.
Prepared head SHA: 0c4d187f6f
2026-03-06 02:50:48 -05:00
0e4245063f
CLI: make read-only SecretRef status flows degrade safely ( #37023 )
...
* CLI: add read-only SecretRef inspection
* CLI: fix read-only SecretRef status regressions
* CLI: preserve read-only SecretRef status fallbacks
* Docs: document read-only channel inspection hook
* CLI: preserve audit coverage for read-only SecretRefs
* CLI: fix read-only status account selection
* CLI: fix targeted gateway fallback analysis
* CLI: fix Slack HTTP read-only inspection
* CLI: align audit credential status checks
* CLI: restore Telegram read-only fallback semantics
2026-03-05 23:07:13 -06:00
5d4b04040d
feat(openai): add gpt-5.4 support for API and Codex OAuth ( #36590 )
...
* feat(openai): add gpt-5.4 support and priority processing
* feat(openai-codex): add gpt-5.4 oauth support
* fix(openai): preserve provider overrides in gpt-5.4 fallback
* fix(openai-codex): keep xhigh for gpt-5.4 default
* fix(models): preserve configured overrides in list output
* fix(models): close gpt-5.4 integration gaps
* fix(openai): scope service tier to public api
* fix(openai): complete prep followups for gpt-5.4 support (#36590 ) (thanks @dorukardahan)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-03-05 21:01:37 -08:00
8c85ad540a
fix: remove config.schema from agent gateway tool ( #7382 )
...
Merged via squash.
Prepared head SHA: f34a778069
2026-03-05 23:53:08 -05:00
81b93b9ce0
fix(subagents): announce delivery with descendant gating, frozen result refresh, and cron retry ( #35080 )
...
Thanks @tyler6204
2026-03-05 19:20:24 -08:00
d58dafae88
feat(telegram/acp): Topic Binding, Pin Binding Message, Fix Spawn Param Parsing ( #36683 )
...
* fix(acp): normalize unicode flags and Telegram topic binding
* feat(telegram/acp): restore topic-bound ACP and session bindings
* fix(acpx): clarify permission-denied guidance
* feat(telegram/acp): pin spawn bind notice in topics
* docs(telegram): document ACP topic thread binding behavior
* refactor(reply): share Telegram conversation-id resolver
* fix(telegram/acp): preserve bound session routing semantics
* fix(telegram): respect binding persistence and expiry reporting
* refactor(telegram): simplify binding lifecycle persistence
* fix(telegram): bind acp spawns in direct messages
* fix: document telegram ACP topic binding changelog (#36683 ) (thanks @huntharo)
---------
Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
2026-03-06 02:17:50 +01:00
1a67cf57e3
Diffs: restore system prompt guidance ( #36904 )
...
Merged via squash.
Prepared head SHA: 1b3be3c879
2026-03-05 19:46:39 -05:00
688b72e158
plugins: enforce prompt hook policy with runtime validation ( #36567 )
...
Merged via squash.
Prepared head SHA: 6b9d883b6a
2026-03-05 18:15:54 -05:00
98aecab7bd
Docs: cover heartbeat, cron, and plugin route updates
2026-03-05 17:05:21 -05:00
09c68f8f0e
add prependSystemContext and appendSystemContext to before_prompt_build ( fixes #35131 ) ( #35177 )
...
Merged via squash.
Prepared head SHA: d9a2869ad6
2026-03-05 13:06:59 -05:00
6a705a37f2
ACP: add persistent Discord channel and Telegram topic bindings ( #34873 )
...
* docs: add ACP persistent binding experiment plan
* docs: align ACP persistent binding spec to channel-local config
* docs: scope Telegram ACP bindings to forum topics only
* docs: lock bound /new and /reset behavior to in-place ACP reset
* ACP: add persistent discord/telegram conversation bindings
* ACP: fix persistent binding reuse and discord thread parent context
* docs: document channel-specific persistent ACP bindings
* ACP: split persistent bindings and share conversation id helpers
* ACP: defer configured binding init until preflight passes
* ACP: fix discord thread parent fallback and explicit disable inheritance
* ACP: keep bound /new and /reset in-place
* ACP: honor configured bindings in native command flows
* ACP: avoid configured fallback after runtime bind failure
* docs: refine ACP bindings experiment config examples
* acp: cut over to typed top-level persistent bindings
* ACP bindings: harden reset recovery and native command auth
* Docs: add ACP bound command auth proposal
* Tests: normalize i18n registry zh-CN assertion encoding
* ACP bindings: address review findings for reset and fallback routing
* ACP reset: gate hooks on success and preserve /new arguments
* ACP bindings: fix auth and binding-priority review findings
* Telegram ACP: gate ensure on auth and accepted messages
* ACP bindings: fix session-key precedence and unavailable handling
* ACP reset/native commands: honor fallback targets and abort on bootstrap failure
* Config schema: validate ACP binding channel and Telegram topic IDs
* Discord ACP: apply configured DM bindings to native commands
* ACP reset tails: dispatch through ACP after command handling
* ACP tails/native reset auth: fix target dispatch and restore full auth
* ACP reset detection: fallback to active ACP keys for DM contexts
* Tests: type runTurn mock input in ACP dispatch test
* ACP: dedup binding route bootstrap and reset target resolution
* reply: align ACP reset hooks with bound session key
* docs: replace personal discord ids with placeholders
* fix: add changelog entry for ACP persistent bindings (#34873 ) (thanks @dutifulbob)
---------
Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
2026-03-05 09:38:12 +01:00
257e2f5338
fix: relay ACP sessions_spawn parent streaming ( #34310 ) (thanks @vincentkoc) ( #34310 )
...
Co-authored-by: Onur Solmaz <2453968+osolmaz@users.noreply.github.com>
2026-03-04 11:44:20 +01:00
7a2f5a0098
Plugin SDK: add full bundled subpath wiring
2026-03-04 02:35:12 -05:00
802b9f6b19
Plugins: add root-alias shim and cache/docs updates
2026-03-04 01:20:48 -05:00
230fea1ca6
feat(web-search): switch Perplexity to native Search API ( #33822 )
...
* feat: Add Perplexity Search API as web_search provider
* docs fixes
* domain_filter validation
* address comments
* provider-specific options in cache key
* add validation for unsupported date filters
* legacy fields
* unsupported_language guard
* cache key matches the request's precedence order
* conflicting_time_filters guard
* unsupported_country guard
* invalid_date_range guard
* pplx validate for ISO 639-1 format
* docs: add Perplexity Search API changelog entry
* unsupported_domain_filter guard
---------
Co-authored-by: Shadow <hi@shadowing.dev>
2026-03-03 22:57:19 -06:00
1278ee9248
plugin-sdk: add channel subpaths and migrate bundled plugins
2026-03-03 22:07:03 -05:00
d89e1e40f9
docs(loop-detection): fix config keys to match schema ( #33182 )
...
Merged via squash.
Prepared head SHA: 612ecc00d3
2026-03-03 11:02:30 -05:00
5341b5c71c
Diffs: Migrate tool usage guidance from before_prompt_build to a plugin skill ( #32630 )
...
Merged via squash.
Prepared head SHA: 585697a4e1
2026-03-03 01:50:59 -05:00
75775f2fe6
chore: Updated Brave documentation ( #26860 )
...
Merged via squash.
Prepared head SHA: f8fc4bf01e
2026-03-03 01:34:15 -05:00
d9d604c6ad
docs: add dedicated pdf tool docs page
2026-03-03 04:07:04 +00:00
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
fa4ff5f3d2
refactor(acp): extract install hint resolver
2026-03-03 02:51:24 +00:00
04ac688dff
fix(acp): use publishable acpx install hint
2026-03-03 02:34:07 +00:00
42626648d7
docs(models): clarify moonshot thinking and failover stop-reason errors
2026-03-03 01:11:29 +00:00
287606e445
feat(acp): add kimi harness support surfaces
2026-03-03 01:05:24 +00:00
7de4204e57
docs(acp): document sandbox limitation
2026-03-03 00:52:09 +00:00
36dfd462a8
feat(acp): enable dispatch by default
2026-03-03 00:47:35 +00:00
f9025c3f55
feat(zalouser): add reactions, group context, and receipt acks
2026-03-02 22:08:11 +00:00
a183656f8f
fix: apply missed media/runtime follow-ups from merged PRs
2026-03-02 21:45:39 +00:00
1727279598
fix(browser): default to openclaw profile when unspecified ( #32031 )
2026-03-02 18:34:37 +00:00
be65dc8acc
docs(diffs): clarify file size limitations
2026-03-02 11:34:12 -05:00
5f49a5da3c
Diffs: extend image quality configs and add PDF as a format option ( #31342 )
...
Merged via squash.
Prepared head SHA: cc12097851
2026-03-02 04:38:50 -05:00
d0ac1b0195
feat: add PDF analysis tool with native provider support ( #31319 )
...
* feat: add PDF analysis tool with native provider support
New `pdf` tool for analyzing PDF documents with model-powered analysis.
Architecture:
- Native PDF path: sends raw PDF bytes directly to providers that support
inline document input (Anthropic via DocumentBlockParam, Google Gemini
via inlineData with application/pdf MIME type)
- Extraction fallback: for providers without native PDF support, extracts
text via pdfjs-dist and rasterizes pages to images via @napi-rs/canvas,
then sends through the standard vision/text completion path
Key features:
- Single PDF (`pdf` param) or multiple PDFs (`pdfs` array, up to 10)
- Page range selection (`pages` param, e.g. "1-5", "1,3,7-9")
- Model override (`model` param) and file size limits (`maxBytesMb`)
- Auto-detects provider capability and falls back gracefully
- Same security patterns as image tool (SSRF guards, sandbox support,
local path roots, workspace-only policy)
Config (agents.defaults):
- pdfModel: primary/fallbacks (defaults to imageModel, then session model)
- pdfMaxBytesMb: max PDF file size (default: 10)
- pdfMaxPages: max pages to process (default: 20)
Model catalog:
- Extended ModelInputType to include "document" alongside "text"/"image"
- Added modelSupportsDocument() capability check
Files:
- src/agents/tools/pdf-tool.ts - main tool factory
- src/agents/tools/pdf-tool.helpers.ts - helpers (page range, config, etc.)
- src/agents/tools/pdf-native-providers.ts - direct API calls for Anthropic/Google
- src/agents/tools/pdf-tool.test.ts - 43 tests covering all paths
- Modified: model-catalog.ts, openclaw-tools.ts, config schema/types/labels/help
* fix: prepare pdf tool for merge (#31319 ) (thanks @tyler6204)
2026-03-01 22:39:12 -08:00
bc0288bcfb
docs: clarify adaptive thinking and openai websocket docs
2026-03-02 05:46:57 +00:00
a9f1188785
sessions_spawn: inline attachments with redaction, lifecycle cleanup, and docs ( #16761 )
...
Add inline file attachment support for sessions_spawn (subagent runtime only):
- Schema: attachments[] (name, content, encoding, mimeType) and attachAs.mountPath hint
- Materialization: files written to .openclaw/attachments/<uuid>/ with manifest.json
- Validation: strict base64 decode, filename checks, size limits, duplicate detection
- Transcript redaction: sanitizeToolCallInputs redacts attachment content from persisted transcripts
- Lifecycle cleanup: safeRemoveAttachmentsDir with symlink-safe path containment check
- Config: tools.sessions_spawn.attachments (enabled, maxFiles, maxFileBytes, maxTotalBytes, retainOnSessionKeep)
- Registry: attachmentsDir/attachmentsRootDir/retainAttachmentsOnKeep on SubagentRunRecord
- ACP rejection: attachments rejected for runtime=acp with clear error message
- Docs: updated tools/index.md, concepts/session-tool.md, configuration-reference.md
- Tests: 85 new/updated tests across 5 test files
Fixes:
- Guard fs.rm in materialization catch block with try/catch (review concern #1 )
- Remove unreachable fallback in safeRemoveAttachmentsDir (review concern #7 )
- Move attachment cleanup out of retry path to avoid timing issues with announce loop
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
Co-authored-by: napetrov <napetrov@users.noreply.github.com>
2026-03-01 21:33:51 -08:00
4a1be98254
fix(diffs): harden viewer security and docs
2026-03-02 05:07:09 +00:00
b7615e0ce3
Exec/ACP: inject OPENCLAW_SHELL into child shell env ( #31271 )
...
* exec: mark runtime shell context in exec env
* tests(exec): cover OPENCLAW_SHELL in gateway exec
* tests(exec): cover OPENCLAW_SHELL in pty mode
* acpx: mark runtime shell context for spawned process
* tests(acpx): log OPENCLAW_SHELL in runtime fixture
* tests(acpx): assert OPENCLAW_SHELL in runtime prompt
* docs(env): document OPENCLAW_SHELL runtime markers
* docs(exec): describe OPENCLAW_SHELL exec marker
* docs(acp): document OPENCLAW_SHELL acp marker
* docs(gateway): note OPENCLAW_SHELL for background exec
* tui: tag local shell runs with OPENCLAW_SHELL
* tests(tui): assert OPENCLAW_SHELL in local shell runner
* acp client: tag spawned bridge env with OPENCLAW_SHELL
* tests(acp): cover acp client OPENCLAW_SHELL env helper
* docs(env): include acp-client and tui-local shell markers
* docs(acp): document acp-client OPENCLAW_SHELL marker
* docs(tui): document tui-local OPENCLAW_SHELL marker
* exec: keep shell runtime env string-only for docker args
* changelog: note OPENCLAW_SHELL runtime markers
2026-03-01 20:31:06 -08:00
6532757cdf
Diffs: add viewer payload validation and presentation defaults
2026-03-01 22:38:14 -05:00
b0c7f1ebe2
fix: harden sessions_spawn delivery params and telegram account routing ( #31000 , #31110 )
2026-03-02 02:35:48 +00:00
bfeadb80b6
feat(agents): add sessions_spawn sandbox require mode
2026-03-02 01:27:34 +00:00
155118751f
refactor!: remove versioned system-run approval contract
2026-03-02 01:12:53 +00:00
b9aa2d436b
fix(security): enforce sandbox inheritance for sessions_spawn
2026-03-02 01:11:13 +00:00
085c23ce5a
fix(security): block private-network web_search citation redirects
2026-03-02 01:05:20 +00:00
ccb415b69a
fix: align ACP permission docs defaults ( #31044 ) (thanks @barronlroth)
2026-03-01 23:30:39 +00:00
bed1cb9600
docs(acp): add permission configuration section and troubleshooting entries
...
Document permissionMode and nonInteractivePermissions plugin config
keys for the acpx backend. Add troubleshooting entries for:
- Permission prompt errors in non-interactive ACP sessions
- Silent session failures from swallowed permission errors
- Stalled ACP sessions that never report completion
Relates to #29195
AI-assisted (lightly tested)
2026-03-01 23:30:39 +00:00
4c43fccb3e
feat(agents): use structured internal completion events
2026-03-01 23:11:48 +00:00
921ebfb25e
ACPX plugin: allow configurable command and expected version
2026-03-01 20:39:24 +01:00
39e09273ca
docs(diffs): update docs for diffs plugin
2026-02-28 20:40:30 -05:00
8bc80fad47
fix(slack): land #29032 /agentstatus alias from @maloqab
...
Land contributor PR #29032 by @maloqab with Slack native alias docs, integration tests, and changelog entry.
Co-authored-by: maloqab <mitebaloqab@gmail.com>
2026-02-27 19:09:38 +00:00
a7929abad8
Discord: thread bindings idle + max-age lifecycle ( #27845 ) (thanks @osolmaz)
...
* refactor discord thread bindings to idle and max-age lifecycle
* fix: migrate legacy thread binding expiry and reduce hot-path disk writes
* refactor: remove remaining thread-binding ttl legacy paths
* fix: harden thread-binding lifecycle persistence
* Discord: fix thread binding types in message/reply paths
* Infra: handle win32 unknown inode in file identity checks
* Infra: relax win32 guarded-open identity checks
* Config: migrate threadBindings ttlHours to idleHours
* Revert "Infra: relax win32 guarded-open identity checks"
This reverts commit de9412677196fc5ddfb3#27845 ) (thanks @osolmaz)
---------
Co-authored-by: Onur Solmaz <onur@textcortex.com>
2026-02-27 10:02:39 +01:00
29f5da5b2a
feat(nodes): expose device diagnostics and notification actions
2026-02-27 10:15:21 +05:30
c1e0f8cfb1
docs(nodes): document android camera list and device actions
2026-02-27 10:15:21 +05:30
d320b30b9b
Docs: expand ACP first-use naming and link protocol site
2026-02-27 00:33:58 +01:00
9f154efa8d
docs(acp): expand /acp operator playbook
2026-02-26 16:49:20 +00:00
bde9cbb058
docs(secrets): align provider model and add exec resolver coverage
2026-02-26 14:47:22 +00:00
c0a3801086
Docs: document secrets refs runtime and migration
2026-02-26 14:47:22 +00:00
a7d56e3554
feat: ACP thread-bound agents ( #23580 )
...
* docs: add ACP thread-bound agents plan doc
* docs: expand ACP implementation specification
* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup
* feat(acp): add /acp commands and Discord spawn gate
* ACP: add acpx runtime plugin backend
* fix(subagents): defer transient lifecycle errors before announce
* Agents: harden ACP sessions_spawn and tighten spawn guidance
* Agents: require explicit ACP target for runtime spawns
* docs: expand ACP control-plane implementation plan
* ACP: harden metadata seeding and spawn guidance
* ACP: centralize runtime control-plane manager and fail-closed dispatch
* ACP: harden runtime manager and unify spawn helpers
* Commands: route ACP sessions through ACP runtime in agent command
* ACP: require persisted metadata for runtime spawns
* Sessions: preserve ACP metadata when updating entries
* Plugins: harden ACP backend registry across loaders
* ACPX: make availability probe compatible with adapters
* E2E: add manual Discord ACP plain-language smoke script
* ACPX: preserve streamed spacing across Discord delivery
* Docs: add ACP Discord streaming strategy
* ACP: harden Discord stream buffering for thread replies
* ACP: reuse shared block reply pipeline for projector
* ACP: unify streaming config and adopt coalesceIdleMs
* Docs: add temporary ACP production hardening plan
* Docs: trim temporary ACP hardening plan goals
* Docs: gate ACP thread controls by backend capabilities
* ACP: add capability-gated runtime controls and /acp operator commands
* Docs: remove temporary ACP hardening plan
* ACP: fix spawn target validation and close cache cleanup
* ACP: harden runtime dispatch and recovery paths
* ACP: split ACP command/runtime internals and centralize policy
* ACP: harden runtime lifecycle, validation, and observability
* ACP: surface runtime and backend session IDs in thread bindings
* docs: add temp plan for binding-service migration
* ACP: migrate thread binding flows to SessionBindingService
* ACP: address review feedback and preserve prompt wording
* ACPX plugin: pin runtime dependency and prefer bundled CLI
* Discord: complete binding-service migration cleanup and restore ACP plan
* Docs: add standalone ACP agents guide
* ACP: route harness intents to thread-bound ACP sessions
* ACP: fix spawn thread routing and queue-owner stall
* ACP: harden startup reconciliation and command bypass handling
* ACP: fix dispatch bypass type narrowing
* ACP: align runtime metadata to agentSessionId
* ACP: normalize session identifier handling and labels
* ACP: mark thread banner session ids provisional until first reply
* ACP: stabilize session identity mapping and startup reconciliation
* ACP: add resolved session-id notices and cwd in thread intros
* Discord: prefix thread meta notices consistently
* Discord: unify ACP/thread meta notices with gear prefix
* Discord: split thread persona naming from meta formatting
* Extensions: bump acpx plugin dependency to 0.1.9
* Agents: gate ACP prompt guidance behind acp.enabled
* Docs: remove temp experiment plan docs
* Docs: scope streaming plan to holy grail refactor
* Docs: refactor ACP agents guide for human-first flow
* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow
* Docs/Skill: add OpenCode and Pi to ACP harness lists
* Docs/Skill: align ACP harness list with current acpx registry
* Dev/Test: move ACP plain-language smoke script and mark as keep
* Docs/Skill: reorder ACP harness lists with Pi first
* ACP: split control-plane manager into core/types/utils modules
* Docs: refresh ACP thread-bound agents plan
* ACP: extract dispatch lane and split manager domains
* ACP: centralize binding context and remove reverse deps
* Infra: unify system message formatting
* ACP: centralize error boundaries and session id rendering
* ACP: enforce init concurrency cap and strict meta clear
* Tests: fix ACP dispatch binding mock typing
* Tests: fix Discord thread-binding mock drift and ACP request id
* ACP: gate slash bypass and persist cleared overrides
* ACPX: await pre-abort cancel before runTurn return
* Extension: pin acpx runtime dependency to 0.1.11
* Docs: add pinned acpx install strategy for ACP extension
* Extensions/acpx: enforce strict local pinned startup
* Extensions/acpx: tighten acp-router install guidance
* ACPX: retry runtime test temp-dir cleanup
* Extensions/acpx: require proactive ACPX repair for thread spawns
* Extensions/acpx: require restart offer after acpx reinstall
* extensions/acpx: remove workspace protocol devDependency
* extensions/acpx: bump pinned acpx to 0.1.13
* extensions/acpx: sync lockfile after dependency bump
* ACPX: make runtime spawn Windows-safe
* fix: align doctor-config-flow repair tests with default-account migration (#23580 ) (thanks @osolmaz)
2026-02-26 11:00:09 +01:00
f08fe02a1b
Onboarding: support plugin-owned interactive channel flows ( #27191 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 53872cf8e7
2026-02-26 01:14:57 -05:00
a12cbf8994
docs: refresh CLI and trusted-proxy docs
2026-02-25 02:40:12 +00:00
b67e600bff
fix(security): restrict default safe-bin trusted dirs
2026-02-24 23:13:37 +00:00
8c5cf2d5b2
docs(subagents): document default runTimeoutSeconds config ( #24594 ) (thanks @mitchmcalister)
2026-02-24 04:22:43 +00:00
1fdaaaedd3
Docs: clarify Chrome extension relay port derivation (gateway + 3)
2026-02-24 04:16:08 +00:00
a67689a7e3
fix: harden allow-always shell multiplexer wrapper handling
2026-02-24 03:06:51 +00:00
5eb72ab769
fix(security): harden browser SSRF defaults and migrate legacy key
2026-02-24 01:52:01 +00:00
f0f886ecc4
docs(security): clarify gateway-node trust boundary in docs
2026-02-24 01:35:44 +00:00
3b8e33037a
fix(security): harden safeBins long-option validation
2026-02-23 23:58:58 +00:00
Harold Hunt
Mariano
Kesku
Peter Steinberger
shrey150
Vincent Koc
Rémi
Ayaan Zaidi
Gustavo Madeira Santana
Josh Avant
dorukardahan
Hinata Kaga (samon)
Tyler Yust
maweibin
Bob
Mylszd
Eugene
Henry Loenwind
john
Mark L
Nikolay Petrov
Barron Roth
Onur
Ayaan Zaidi
Philipp Spiess
Kriz Poon