b795ba1d02
Merge branch 'main' of https://github.com/openclaw/openclaw
...
* 'main' of https://github.com/openclaw/openclaw :
Plugins: reserve context engine ownership (#47595 )
fix(release): block oversized npm packs that regress low-memory startup (#46850 )
Scripts: rebuild on extension and tsdown config changes (#47571 )
Docs: move release runbook to maintainer repo (#47532 )
docs(zalo): document current Marketplace bot behavior (openclaw#47552)
2026-03-15 13:42:21 -07:00
85dd0ab2f8
Plugins: reserve context engine ownership ( #47595 )
...
* Plugins: reserve context engine ownership
* Update src/context-engine/registry.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-15 13:33:37 -07:00
07f890fa45
fix(release): block oversized npm packs that regress low-memory startup ( #46850 )
...
* fix(release): guard npm pack size regressions
* fix(release): fail closed when npm omits pack size
2026-03-15 21:31:30 +01:00
594920f8cc
Scripts: rebuild on extension and tsdown config changes ( #47571 )
...
Merged via squash.
Prepared head SHA: edd8ed8254
2026-03-15 16:19:27 -04:00
a2080421a1
Docs: move release runbook to maintainer repo ( #47532 )
...
* Docs: redact private release setup
* Docs: tighten release order
* Docs: move release runbook to maintainer repo
* Docs: delete public mac release page
* Docs: remove zh-CN mac release page
* Docs: turn release checklist into release policy
* Docs: point release policy to private docs
* Docs: regenerate zh-CN release policy pages
* Docs: preserve Doctor in zh-CN hubs
* Docs: fix zh-CN polls label
* Docs: tighten docs i18n term guardrails
* Docs: enforce zh-CN glossary coverage
2026-03-15 20:42:39 +01:00
4a7fbe090a
docs(zalo): document current Marketplace bot behavior (openclaw#47552)
...
Verified:
- pnpm check:docs
Co-authored-by: Tomáš Dinh <82420070+No898@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-15 14:40:35 -05:00
51631e5797
Plugins: reserve context engine ownership
2026-03-15 12:27:29 -07:00
42837a04bf
fix(models): preserve stream usage compat opt-ins ( #45733 )
...
Preserves explicit `supportsUsageInStreaming` overrides from built-in provider
catalogs and user config instead of unconditionally forcing `false` on non-native
openai-completions endpoints.
Adds `applyNativeStreamingUsageCompat()` to set `supportsUsageInStreaming: true`
on ModelStudio (DashScope) and Moonshot models at config build time so their
native streaming usage works out of the box.
Closes #46142
Co-authored-by: pezy <peizhe.chen@vbot.cn>
2026-03-15 20:21:11 +01:00
e2dac5d5cb
fix(plugins): load bundled extensions from dist ( #47560 )
2026-03-15 21:16:27 +02:00
bbb0c3e5d7
CLI/completion: fix generator OOM and harden plugin registries ( #45537 )
...
* fix: avoid OOM during completion script generation
* CLI/completion: fix PowerShell nested command paths
* CLI/completion: cover generated shell scripts
* Changelog: note completion generator follow-up
* Plugins: reserve shared registry names
---------
Co-authored-by: Xiaoyi <xiaoyi@example.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-15 12:14:30 -07:00
dd2eb29038
Commands: split static onboard auth choice help ( #47545 )
...
* Commands: split static onboard auth choice help
* Tests: cover static onboard auth choice help
* Changelog: note static onboard auth choice help
2026-03-15 12:11:55 -07:00
c9a8b6f82f
chore(fmt): format changes and broken types
2026-03-15 12:03:35 -07:00
438991b6a4
Commands: lazy-load model picker provider runtime ( #47536 )
...
* Commands: lazy-load model picker provider runtime
* Tests: cover model picker runtime boundary
2026-03-15 10:54:46 -07:00
630958749c
Changelog: note CLI OOM startup fixes ( #47525 )
2026-03-15 10:54:21 -07:00
fc2d29ea92
Gateway: tighten forwarded client and pairing guards ( #46800 )
...
* Gateway: tighten forwarded client and pairing guards
* Gateway: make device approval scope checks atomic
* Gateway: preserve device approval baseDir compatibility
2026-03-15 10:50:49 -07:00
132e459009
fix(ci): config drift found and documented
2026-03-15 10:43:03 -07:00
756d9b5782
CLI: lazy-load auth choice provider fallback ( #47495 )
...
* CLI: lazy-load auth choice provider fallback
* CLI: cover lazy auth choice provider fallback
2026-03-15 10:29:31 -07:00
d88da9f5f8
fix(config): avoid failing startup on implicit memory slot ( #47494 )
...
* fix(config): avoid failing on implicit memory slot
* fix(config): satisfy build for memory slot guard
* docs(changelog): note implicit memory slot startup fix (#47494 )
2026-03-15 19:28:50 +02:00
f0202264d0
Gateway: scrub credentials from endpoint snapshots ( #46799 )
...
* Gateway: scrub credentials from endpoint snapshots
* Gateway: scrub raw endpoint credentials in snapshots
* Gateway: preserve config redaction round-trips
* Gateway: restore redacted endpoint URLs on apply
2026-03-15 10:28:15 -07:00
d37e3d582f
Scope Control UI sessions per gateway ( #47453 )
...
* Scope Control UI sessions per gateway
Signed-off-by: sallyom <somalley@redhat.com>
* Add changelog for Control UI session scoping
Signed-off-by: sallyom <somalley@redhat.com>
---------
Signed-off-by: sallyom <somalley@redhat.com>
2026-03-15 13:08:37 -04:00
13e256ac9d
CLI: trim onboarding provider startup imports ( #47467 )
2026-03-15 09:47:56 -07:00
8e97b752d0
Tools: revalidate workspace-only patch targets ( #46803 )
...
* Tools: revalidate workspace-only patch targets
* Tests: narrow apply-patch delete-path assertion
2026-03-15 09:45:58 -07:00
5e78c8bc95
Webhooks: tighten pre-auth body handling ( #46802 )
...
* Webhooks: tighten pre-auth body handling
* Webhooks: clean up request body guards
2026-03-15 09:45:18 -07:00
7679eb3752
Subagents: restrict follow-up messaging scope ( #46801 )
...
* Subagents: restrict follow-up messaging scope
* Subagents: cover foreign-session follow-up sends
* Update CHANGELOG.md
2026-03-15 09:44:51 -07:00
9e2eed211c
Changelog: add more unreleased PR numbers
2026-03-15 09:36:53 -07:00
a493f01a90
Changelog: add missing PR credits
2026-03-15 09:33:47 -07:00
229426a257
ACP: require admin scope for mutating internal actions ( #46789 )
...
* ACP: require admin scope for mutating internal actions
* ACP: cover operator admin mutating actions
* ACP: gate internal status behind admin scope
2026-03-15 09:28:44 -07:00
a47722de7e
Integrations: tighten inbound callback and allowlist checks ( #46787 )
...
* Integrations: harden inbound callback and allowlist handling
* Integrations: address review follow-ups
* Update CHANGELOG.md
* Mattermost: avoid command-gating open button callbacks
2026-03-15 09:24:24 -07:00
67b2d1b8e8
CLI: reduce channels add startup memory ( #46784 )
...
* CLI: lazy-load channel subcommand handlers
* Channels: defer add command dependencies
* CLI: skip status JSON plugin preload
* CLI: cover status JSON route preload
* Status: trim JSON security audit path
* Status: update JSON fast-path tests
* CLI: cover root help fast path
* CLI: fast-path root help
* Status: keep JSON security parity
* Status: restore JSON security tests
* CLI: document status plugin preload
* Channels: reuse Telegram account import
2026-03-15 09:10:40 -07:00
8d44b16b7c
Plugins: preserve scoped ids and reserve bundled duplicates ( #47413 )
...
* Plugins: preserve scoped ids and reserve bundled duplicates
* Changelog: add plugin scoped id note
* Plugins: harden scoped install ids
* Plugins: reserve scoped install dirs
* Plugins: migrate legacy scoped update ids
2026-03-15 09:07:10 -07:00
0c7ae04262
style: format imported model helpers
2026-03-15 09:05:45 -07:00
7c0a849ed7
fix: harden device token rotation denial paths
2026-03-15 09:05:45 -07:00
a60fd3feed
Nodes tests: prove pull-time policy revalidation
2026-03-15 09:05:22 -07:00
f5cd7c390d
added a fix for memory leak on 2gb ram ( #46522 )
2026-03-15 09:01:31 -07:00
87c4ae36b4
refactor: drop deprecated whatsapp mention pattern sdk helper
2026-03-15 08:50:31 -07:00
ec2c6d83b9
Nodes: recheck queued actions before delivery ( #46815 )
...
* Nodes: recheck queued actions before delivery
* Nodes tests: cover pull-time policy recheck
* Nodes tests: type node policy mocks explicitly
2026-03-15 08:47:17 -07:00
ff61343d76
fix: harden mention pattern regex compilation
2026-03-15 08:44:12 -07:00
e4c61723cd
ACP: fail closed on conflicting tool identity hints ( #46817 )
...
* ACP: fail closed on conflicting tool identity hints
* ACP: restore rawInput fallback for safe tool resolution
* ACP tests: cover rawInput-only safe tool approval
2026-03-15 08:39:49 -07:00
89e3969d64
feat(feishu): add ACP and subagent session binding ( #46819 )
...
* feat(feishu): add ACP session support
* fix(feishu): preserve sender-scoped ACP rebinding
* fix(feishu): recover sender scope from bound ACP sessions
* fix(feishu): support DM ACP binding placement
* feat(feishu): add current-conversation session binding
* fix(feishu): avoid DM parent binding fallback
* fix(feishu): require canonical topic sender ids
* fix(feishu): honor sender-scoped ACP bindings
* fix(feishu): allow user-id ACP DM bindings
* fix(feishu): recover user-id ACP DM bindings
2026-03-15 10:33:49 -05:00
a472f988d8
fix: harden remote cdp probes
2026-03-15 08:23:01 -07:00
53462b990d
chore(gateway): ignore `.test.ts` changes in `gateway:watch` ( #36211 )
2026-03-15 11:14:28 -04:00
b2e9221a8c
test(whatsapp): fix stale append inbox expectation
2026-03-15 07:57:26 -07:00
c4265a5f16
fix: preserve Telegram word boundaries when rechunking HTML ( #47274 )
...
* fix: preserve Telegram chunk word boundaries
* fix: address Telegram chunking review feedback
* fix: preserve Telegram retry separators
* fix: preserve Telegram chunking boundaries (#47274 )
2026-03-15 18:10:49 +05:30
26e0a3ee9a
fix(gateway): skip Control UI pairing when auth.mode=none ( closes #42931 ) ( #47148 )
...
When auth is completely disabled (mode=none), requiring device pairing
for Control UI operator sessions adds friction without security value
since any client can already connect without credentials.
Add authMode parameter to shouldSkipControlUiPairing so the bypass
fires only for Control UI + operator role + auth.mode=none. This avoids
the #43478 regression where a top-level OR disabled pairing for ALL
websocket clients.
2026-03-15 13:03:39 +01:00
5c5c64b612
Deduplicate repeated tool call IDs for OpenAI-compatible APIs ( #40996 )
...
Merged via squash.
Prepared head SHA: 38d8048359
2026-03-15 19:46:07 +08:00
9d3e653ec9
fix(web): handle 515 Stream Error during WhatsApp QR pairing ( #27910 )
...
* fix(web): handle 515 Stream Error during WhatsApp QR pairing
getStatusCode() never unwrapped the lastDisconnect wrapper object,
so login.errorStatus was always undefined and the 515 restart path
in restartLoginSocket was dead code.
- Add err.error?.output?.statusCode fallback to getStatusCode()
- Export waitForCredsSaveQueue() so callers can await pending creds
- Await creds flush in restartLoginSocket before creating new socket
Fixes #3942
* test: update session mock for getStatusCode unwrap + waitForCredsSaveQueue
Mirror the getStatusCode fix (err.error?.output?.statusCode fallback)
in the test mock and export waitForCredsSaveQueue so restartLoginSocket
tests work correctly.
* fix(web): scope creds save queue per-authDir to avoid cross-account blocking
The credential save queue was a single global promise chain shared by all
WhatsApp accounts. In multi-account setups, a slow save on one account
blocked credential writes and 515 restart recovery for unrelated accounts.
Replace the global queue with a per-authDir Map so each account's creds
serialize independently. waitForCredsSaveQueue() now accepts an optional
authDir to wait on a single account's queue, or waits on all when omitted.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test: use real Baileys v7 error shape in 515 restart test
The test was using { output: { statusCode: 515 } } which was already
handled before the fix. Updated to use the actual Baileys v7 shape
{ error: { output: { statusCode: 515 } } } to cover the new fallback
path in getStatusCode.
Co-Authored-By: Claude Code (Opus 4.6) <noreply@anthropic.com>
* fix(web): bound credential-queue wait during 515 restart
Prevents restartLoginSocket from blocking indefinitely if a queued
saveCreds() promise stalls (e.g. hung filesystem write).
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: clear flush timeout handle and assert creds queue in test
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: evict settled credsSaveQueues entries to prevent unbounded growth
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: share WhatsApp 515 creds flush handling (#27910 ) (thanks @asyncjason)
---------
Co-authored-by: Jason Separovic <jason@wilma.dog>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-03-15 17:00:07 +05:30
843e3c1efb
fix(whatsapp): restore append recency filter lost in extensions refactor, handle Long timestamps ( #42588 )
...
Merged via squash.
Prepared head SHA: 8ce59bb715
2026-03-15 03:03:31 -07:00
d7ac16788e
fix(android): support android node `calllog.search` ( #44073 )
...
* fix(android): support android node `calllog.search`
* fix(android): support android node calllog.search
* fix(android): wire callLog through shared surfaces
* fix: land Android callLog support (#44073 ) (thanks @lxk7280)
---------
Co-authored-by: lixuankai <lixuankai@oppo.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-03-15 14:54:32 +05:30
4bb8a65edd
fix: forward forceDocument through sendPayload path (follow-up to #45111 ) ( #47119 )
...
Merged via squash.
Prepared head SHA: d791190f83
2026-03-15 17:23:53 +08:00
9616d1e8ba
fix: Disable strict mode tools for non-native openai-completions compatible APIs ( #45497 )
...
Merged via squash.
Prepared head SHA: 20fe05fe74
2026-03-15 16:36:52 +08:00
Vincent Koc
Ted Li
Gustavo Madeira Santana
Onur Solmaz
Tomáš Dinh
peizhe.chen
Nimrod Gutman
xiaoyi
Sally O'Malley
Peter Steinberger
Aditya Chaudhary
Tak Hoffman
Harold Hunt
Ayaan Zaidi
Andrew Demczuk
助爪
Jason
Ace Lee
Frank Yang
Sahan