a7d56e3554
feat: ACP thread-bound agents ( #23580 )
...
* docs: add ACP thread-bound agents plan doc
* docs: expand ACP implementation specification
* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup
* feat(acp): add /acp commands and Discord spawn gate
* ACP: add acpx runtime plugin backend
* fix(subagents): defer transient lifecycle errors before announce
* Agents: harden ACP sessions_spawn and tighten spawn guidance
* Agents: require explicit ACP target for runtime spawns
* docs: expand ACP control-plane implementation plan
* ACP: harden metadata seeding and spawn guidance
* ACP: centralize runtime control-plane manager and fail-closed dispatch
* ACP: harden runtime manager and unify spawn helpers
* Commands: route ACP sessions through ACP runtime in agent command
* ACP: require persisted metadata for runtime spawns
* Sessions: preserve ACP metadata when updating entries
* Plugins: harden ACP backend registry across loaders
* ACPX: make availability probe compatible with adapters
* E2E: add manual Discord ACP plain-language smoke script
* ACPX: preserve streamed spacing across Discord delivery
* Docs: add ACP Discord streaming strategy
* ACP: harden Discord stream buffering for thread replies
* ACP: reuse shared block reply pipeline for projector
* ACP: unify streaming config and adopt coalesceIdleMs
* Docs: add temporary ACP production hardening plan
* Docs: trim temporary ACP hardening plan goals
* Docs: gate ACP thread controls by backend capabilities
* ACP: add capability-gated runtime controls and /acp operator commands
* Docs: remove temporary ACP hardening plan
* ACP: fix spawn target validation and close cache cleanup
* ACP: harden runtime dispatch and recovery paths
* ACP: split ACP command/runtime internals and centralize policy
* ACP: harden runtime lifecycle, validation, and observability
* ACP: surface runtime and backend session IDs in thread bindings
* docs: add temp plan for binding-service migration
* ACP: migrate thread binding flows to SessionBindingService
* ACP: address review feedback and preserve prompt wording
* ACPX plugin: pin runtime dependency and prefer bundled CLI
* Discord: complete binding-service migration cleanup and restore ACP plan
* Docs: add standalone ACP agents guide
* ACP: route harness intents to thread-bound ACP sessions
* ACP: fix spawn thread routing and queue-owner stall
* ACP: harden startup reconciliation and command bypass handling
* ACP: fix dispatch bypass type narrowing
* ACP: align runtime metadata to agentSessionId
* ACP: normalize session identifier handling and labels
* ACP: mark thread banner session ids provisional until first reply
* ACP: stabilize session identity mapping and startup reconciliation
* ACP: add resolved session-id notices and cwd in thread intros
* Discord: prefix thread meta notices consistently
* Discord: unify ACP/thread meta notices with gear prefix
* Discord: split thread persona naming from meta formatting
* Extensions: bump acpx plugin dependency to 0.1.9
* Agents: gate ACP prompt guidance behind acp.enabled
* Docs: remove temp experiment plan docs
* Docs: scope streaming plan to holy grail refactor
* Docs: refactor ACP agents guide for human-first flow
* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow
* Docs/Skill: add OpenCode and Pi to ACP harness lists
* Docs/Skill: align ACP harness list with current acpx registry
* Dev/Test: move ACP plain-language smoke script and mark as keep
* Docs/Skill: reorder ACP harness lists with Pi first
* ACP: split control-plane manager into core/types/utils modules
* Docs: refresh ACP thread-bound agents plan
* ACP: extract dispatch lane and split manager domains
* ACP: centralize binding context and remove reverse deps
* Infra: unify system message formatting
* ACP: centralize error boundaries and session id rendering
* ACP: enforce init concurrency cap and strict meta clear
* Tests: fix ACP dispatch binding mock typing
* Tests: fix Discord thread-binding mock drift and ACP request id
* ACP: gate slash bypass and persist cleared overrides
* ACPX: await pre-abort cancel before runTurn return
* Extension: pin acpx runtime dependency to 0.1.11
* Docs: add pinned acpx install strategy for ACP extension
* Extensions/acpx: enforce strict local pinned startup
* Extensions/acpx: tighten acp-router install guidance
* ACPX: retry runtime test temp-dir cleanup
* Extensions/acpx: require proactive ACPX repair for thread spawns
* Extensions/acpx: require restart offer after acpx reinstall
* extensions/acpx: remove workspace protocol devDependency
* extensions/acpx: bump pinned acpx to 0.1.13
* extensions/acpx: sync lockfile after dependency bump
* ACPX: make runtime spawn Windows-safe
* fix: align doctor-config-flow repair tests with default-account migration (#23580 ) (thanks @osolmaz)
2026-02-26 11:00:09 +01:00
8c5cf2d5b2
docs(subagents): document default runTimeoutSeconds config ( #24594 ) (thanks @mitchmcalister)
2026-02-24 04:22:43 +00:00
817905f3a0
docs: document thread-bound subagent sessions and remove plan
2026-02-21 19:59:55 +01:00
b4dbe03298
refactor: unify restart gating and update availability sync
2026-02-19 10:00:41 +01:00
edf7d6af61
fix: harden subagent completion announce retries
2026-02-18 03:19:50 +01:00
fa4f66255c
fix(subagents): return completion message for manual session spawns
2026-02-18 02:52:35 +01:00
076df941a3
feat: add configurable tool loop detection
2026-02-17 00:17:01 +01:00
c6c53437f7
fix(security): scope session tools and webhook secret fallback
2026-02-16 03:47:10 +01:00
4a44da7d91
fix(security): default apply_patch workspace containment
2026-02-15 03:19:27 +01:00
5e7c3250cb
fix(security): add optional workspace-only path guards for fs tools
2026-02-14 23:50:24 +01:00
0499656c59
Docs: fix cron.update param name id → jobId ( #11365 ) ( #11467 )
...
* Docs: fix cron.update param name id → jobId (#11365 )
* Docs: sync zh-CN cron.update param name id → jobId
* docs: revert manual zh-CN generated docs edit (#11467 ) (thanks @lailoo)
---------
Co-authored-by: damaozi <1811866786@qq.com>
Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>
2026-02-07 22:08:41 -05:00
929a3725d3
docs: canonicalize docs paths and align zh navigation ( #11428 )
...
* docs(navigation): canonicalize paths and align zh nav
* chore(docs): remove stray .DS_Store
* docs(scripts): add non-mint docs link audit
* docs(nav): fix zh source paths and preserve legacy redirects (#11428 ) (thanks @sebslight)
* chore(docs): satisfy lint for docs link audit script (#11428 ) (thanks @sebslight)
2026-02-07 15:40:35 -05:00
a13ff55bd9
Security: Prevent gateway credential exfiltration via URL override ( #9179 )
...
* Gateway: require explicit auth for url overrides
* Gateway: scope credential blocking to non-local URLs only
Address review feedback: the previous fix blocked credential fallback for
ALL URL overrides, which was overly strict and could break workflows that
use --url to switch between loopback/tailnet without passing credentials.
Now credential fallback is only blocked for non-local URLs (public IPs,
external hostnames). Local addresses (127.0.0.1, localhost, private IPs
like 192.168.x.x, 10.x.x.x, tailnet 100.x.x.x) still get credential
fallback as before.
This maintains the security fix (preventing credential exfiltration to
attacker-controlled URLs) while preserving backward compatibility for
legitimate local URL overrides.
* Security: require explicit credentials for gateway url overrides (#8113 ) (thanks @victormier)
* Gateway: reuse explicit auth helper for url overrides (#8113 ) (thanks @victormier)
* Tests: format gateway chat test (#8113 ) (thanks @victormier)
* Tests: require explicit auth for gateway url overrides (#8113 ) (thanks @victormier)
---------
Co-authored-by: Victor Mier <victormier@gmail.com>
2026-02-04 18:59:44 -05:00
d3ba57b7d7
feat: add configurable web_fetch maxChars cap
2026-02-03 18:03:53 -08:00
abcaa8c7a9
Docs: add nav titles across docs ( #5689 )
2026-01-31 15:04:03 -06:00
8cab78abbc
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
9a7160786a
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
6d16a658e5
refactor: rename clawdbot to moltbot with legacy compat
2026-01-27 12:21:02 +00:00
e7fdccce39
refactor: route browser control via gateway/node
2026-01-27 03:24:54 +00:00
8e159ab0b7
fix: follow up config.patch restarts/docs/tests ( #1653 )
...
* fix: land config.patch restarts/docs/tests (#1624 ) (thanks @Glucksberg)
* docs: update changelog entry for config.patch follow-up (#1653 ) (thanks @Glucksberg)
2026-01-24 23:33:13 +00:00
b76cd6695d
feat: add beta googlechat channel
2026-01-24 23:30:45 +00:00
ab000398be
fix: resolve session ids in session tools
2026-01-24 11:09:11 +00:00
15620b1092
fix: guard tool allowlists with warnings
2026-01-24 07:38:42 +00:00
309fcc5321
fix: publish llm-task docs and harden tool
2026-01-24 01:44:51 +00:00
00fd57b8f5
fix: honor wildcard tool allowlists
2026-01-24 01:30:44 +00:00
ecfddb7807
docs: fix lobster links
2026-01-23 02:51:33 +00:00
bc4d8ce398
docs: link Lobster and OpenProse
2026-01-23 01:29:17 +00:00
0f7f7bb95f
fix: msteams attachments + plugin prompt hints
...
Co-authored-by: Christof <10854026+Evizero@users.noreply.github.com>
2026-01-22 03:37:29 +00:00
57f3d209de
docs: expand lobster guides
2026-01-22 03:25:13 +00:00
39e24c9937
docs: update node CLI references
2026-01-21 16:48:42 +00:00
d802844bd6
fix: gate gateway restarts and discord abort reconnects
2026-01-19 00:15:45 +00:00
ae0b4c4990
feat: add exec host routing + node daemon
2026-01-18 07:46:00 +00:00
efdb33c975
feat: add exec host approvals flow
2026-01-18 04:27:41 +00:00
0674f1fa3c
feat: add exec approvals allowlists
2026-01-18 01:34:31 +00:00
c4ea25a509
feat: add exec pty support
2026-01-17 04:57:11 +00:00
c54c665f97
feat: enhance web_fetch fallbacks
2026-01-17 00:00:49 +00:00
4275ed68a2
fix(browser): default to chrome extension takeover
2026-01-15 09:02:42 +00:00
042b65dfcc
feat: add web tools config to configure
2026-01-15 05:08:56 +00:00
f275cc180b
feat: add web tools
2026-01-15 04:07:40 +00:00
574b6ab5b1
docs: document provider tool policies
2026-01-15 03:55:20 +00:00
3eb48cbea7
docs: complete channels rename sweep
2026-01-13 08:40:39 +00:00
780a43711f
feat(tools): add tool profiles and group shorthands
2026-01-13 06:30:20 +00:00
ffc465394e
fix: enforce message context isolation
2026-01-13 01:19:14 +00:00
8ff09f8337
feat(image): auto-pair image model
2026-01-12 17:50:47 +00:00
d0a78da54f
docs: update browser snapshot refs
2026-01-12 08:55:02 +00:00
8b4bdaa8a4
feat: add apply_patch tool (exec-gated)
2026-01-12 03:42:56 +00:00
98337a14b3
fix: rename bash tool to exec ( #748 ) (thanks @myfunc)
2026-01-12 02:49:55 +00:00
cf0c72a557
feat: add plugin architecture
2026-01-11 12:11:12 +00:00
20b4e2b859
fix: stabilize live probes and docs
2026-01-11 02:26:39 +00:00
bd10f3d3f1
feat: allow session_status in sandbox
2026-01-09 23:41:57 +00:00
Onur Solmaz
Peter Steinberger
大猫子
Seb Slight
Gustavo Madeira Santana
Seb Slight
cpojer
iHildy