4ae8558288
Matrix: fix validated review comments
2026-03-12 16:47:18 +00:00
2048d5f668
Matrix: fix secrets scan false positives
2026-03-12 16:47:17 +00:00
229a897b93
Matrix: finish main sync follow-ups
2026-03-12 16:47:17 +00:00
723e347294
ACP: fix Matrix binding resolution
2026-03-12 16:47:17 +00:00
6a53c583e4
Matrix: show account-scoped onboarding paths
2026-03-12 16:47:14 +00:00
6bfbc4a3ff
Matrix: scope onboarding config to selected account
2026-03-12 16:47:14 +00:00
df6b6762c0
Matrix: fix verification client lifecycle and quiet CLI noise
2026-03-12 16:47:10 +00:00
21f1e903a4
Plugins: scope SDK imports and harden Matrix routing
2026-03-12 16:47:09 +00:00
e80483ff00
poll and profile fixes
2026-03-12 16:47:09 +00:00
50568f29d5
Matrix: tighten verification trust and expose profile updates
2026-03-12 16:47:09 +00:00
9101916e53
Matrix: improve migration startup warnings
2026-03-12 16:47:09 +00:00
0fdc404a2b
Matrix: keep default account device fields scoped
2026-03-12 16:47:08 +00:00
8e962668ce
Matrix: replace legacy plugin with new implementation
2026-03-12 16:47:08 +00:00
887e2aca79
matrix-js: require explicit thread-bound spawn config
2026-03-12 16:47:07 +00:00
94f3b1b57d
matrix-js: add account-aware bindings and ACP routing
2026-03-12 16:47:07 +00:00
d4e3a98613
matrix-js: add startup verification policy
2026-03-12 16:47:07 +00:00
3eb6c4c8ec
matrix-js: improve thread context and auto-threading
2026-03-12 16:47:06 +00:00
a670c21ab4
matrix-js: harden reaction handling
2026-03-12 16:47:06 +00:00
00019c73e4
move matrix-js helpers to be locally scoped
2026-03-12 16:47:06 +00:00
e07b6072b5
make matrix-js atomic and add poll voting support
2026-03-12 16:47:06 +00:00
082a1aedd5
Tests: restore matrix-js bind integration coverage
2026-03-12 16:47:05 +00:00
5fddbc1d9b
Matrix-js: sync with main plugin-loading standards
2026-03-12 16:47:05 +00:00
9f08af1f06
fix(ci): harden docker builds and unblock config docs
2026-03-12 16:45:29 +00:00
46f0bfc55b
Gateway: harden custom session-store discovery ( #44176 )
...
Merged via squash.
Prepared head SHA: 52ebbf5188
2026-03-12 16:44:46 +00:00
b77b7485e0
feat(push): add iOS APNs relay gateway ( #43369 )
...
* feat(push): add ios apns relay gateway
* fix(shared): avoid oslog string concatenation
# Conflicts:
# apps/shared/OpenClawKit/Sources/OpenClawKit/GatewayChannel.swift
* fix(push): harden relay validation and invalidation
* fix(push): persist app attest state before relay registration
* fix(push): harden relay invalidation and url handling
* feat(push): use scoped relay send grants
* feat(push): configure ios relay through gateway config
* feat(push): bind relay registration to gateway identity
* fix(push): tighten ios relay trust flow
* fix(push): bound APNs registration fields (#43369 ) (thanks @ngutman)
2026-03-12 18:15:35 +02:00
9342739d71
fix(providers): respect user-configured baseUrl for kimi-coding ( #36647 )
...
* fix(providers): respect user-configured baseUrl for kimi-coding
The kimi-coding provider was built exclusively from
`buildKimiCodingProvider()` defaults, ignoring any user-specified
`baseUrl` or other overrides in `openclaw.json` providers config.
This caused 404 errors when users configured a custom endpoint.
Now merge `explicitProviders["kimi-coding"]` on top of defaults,
matching the pattern used by ollama/vllm. User's `baseUrl`, `api`,
and `models` take precedence; env/profile API key still wins.
Fixes #36353
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Tests: use Kimi implicit provider harness
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-12 12:14:07 -04:00
3e28e10c2f
Plugins: require explicit trust for workspace-discovered plugins ( #44174 )
...
* Plugins: disable implicit workspace plugin auto-load
* Tests: cover workspace plugin trust gating
* Changelog: note workspace plugin trust hardening
* Plugins: keep workspace trust gate ahead of memory slot defaults
* Tests: cover workspace memory-slot trust bypass
2026-03-12 12:12:41 -04:00
0a8fa0e001
Moonshot: respect explicit baseUrl for CN endpoint so platform.moonshot.cn keys authenticate ( #33637 ) ( #33696 )
...
* Moonshot: respect explicit baseUrl for CN endpoint so platform.moonshot.cn keys authenticate (#33637 )
* Moonshot: address review - remove dead constant, import canonical URLs (#33696 )
2026-03-12 12:10:38 -04:00
3fa91cd69d
feat: add sessions_yield tool for cooperative turn-ending ( #36537 )
...
Merged via squash.
Prepared head SHA: 75d9204c86
2026-03-12 08:46:47 -07:00
e6897c800b
Plugins: fix env-aware root resolution and caching ( #44046 )
...
Merged via squash.
Prepared head SHA: 6e8852a188
2026-03-12 15:31:31 +00:00
688e3f0863
Compaction Runner: emit transcript updates post-compact ( #25558 )
...
Merged via squash.
Prepared head SHA: 8a858436ed
2026-03-12 08:22:12 -07:00
8ad0ca309e
Subagents: stop retrying external completion timeouts ( #41235 ) ( #43847 )
...
* Changelog: add subagent announce timeout note
* Tests: cover subagent completion timeout no-retry
* Subagents: stop retrying external completion timeouts
* Config: update subagent announce timeout default docs
* Tests: use fake timers for subagent timeout retry guard
2026-03-12 11:03:06 -04:00
7844bc89a1
Security: require Feishu webhook encrypt key ( #44087 )
...
* Feishu: require webhook encrypt key in schema
* Feishu: cover encrypt key webhook validation
* Feishu: enforce encrypt key at startup
* Feishu: add webhook forgery regression test
* Feishu: collect encrypt key during onboarding
* Docs: require Feishu webhook encrypt key
* Changelog: note Feishu webhook hardening
* Docs: clarify Feishu encrypt key screenshot
* Feishu: treat webhook encrypt key as secret input
* Feishu: resolve encrypt key only in webhook mode
2026-03-12 11:01:00 -04:00
99170e2408
Hardening: normalize Unicode command obfuscation detection ( #44091 )
...
* Exec: cover unicode obfuscation cases
* Exec: normalize unicode obfuscation detection
* Changelog: note exec detection hardening
* Exec: strip unicode tag character obfuscation
* Exec: harden unicode suppression and length guards
* Exec: require path boundaries for safe URL suppressions
2026-03-12 10:57:49 -04:00
eff0d5a947
Hardening: tighten preauth WebSocket handshake limits ( #44089 )
...
* Gateway: tighten preauth handshake limits
* Changelog: note WebSocket preauth hardening
* Gateway: count preauth frame bytes accurately
* Gateway: cap WebSocket payloads before auth
2026-03-12 10:55:41 -04:00
48cbfdfac0
Hardening: require LINE webhook signatures ( #44090 )
...
* LINE: require webhook signatures in express handler
* LINE: require webhook signatures in node handler
* LINE: update express signature tests
* LINE: update node signature tests
* Changelog: note LINE webhook hardening
* LINE: validate signatures before parsing webhook bodies
* LINE: reject missing signatures before body reads
2026-03-12 10:50:36 -04:00
c965049dc6
fix(mattermost): pass mediaLocalRoots through reply delivery ( #44021 )
...
Merged via squash.
Prepared head SHA: 856f11f129
2026-03-12 20:13:51 +05:30
b0f717aa02
build: align Node 22 guidance with 22.16 minimum
2026-03-12 20:07:44 +05:30
0a8d2b6200
build: raise Node 22 compatibility floor to 22.16
2026-03-12 20:07:44 +05:30
deada7edd3
build: default to Node 24 and keep Node 22 compat
2026-03-12 20:07:44 +05:30
2f037f0930
Agents: adapt pi-ai oauth and payload hooks
2026-03-12 10:19:14 -04:00
f3be1c828c
fix(status): resolve context window by provider-qualified key, prefer max on bare-id collision, solve #35976 ( #36389 )
...
Merged via squash.
Prepared head SHA: f8cf752c59
2026-03-12 07:00:36 -07:00
ff47876e61
fix: carry observed overflow token counts into compaction ( #40357 )
...
Merged via squash.
Prepared head SHA: b99eed4329
2026-03-12 06:58:42 -07:00
f2e28fc30f
fix(telegram): allow fallback models in /model validation ( #40105 )
...
Merged via squash.
Prepared head SHA: de07585e03
2026-03-12 13:55:51 +01:00
4f620bebe5
fix(doctor): canonicalize gateway service entrypoint paths ( #43882 )
...
Merged via squash.
Prepared head SHA: 9f530d2a86
2026-03-12 12:39:22 +02:00
5acf6cae8e
fix: stop main-session UI replies inheriting channel routes
2026-03-12 15:39:34 +05:30
8ea79b64d0
fix: preserve sandbox write payload stdin ( #43876 )
...
Merged via squash.
Prepared head SHA: a10fd4b21c
2026-03-12 12:42:57 +03:00
f640326e31
fix(failover): add missing network errno patterns to text-based timeout classifier ( #42830 )
...
Merged via squash.
Prepared head SHA: 91761487e8
2026-03-12 12:34:44 +03:00
7c889e7113
Refactor: trim duplicate gateway/onboarding helpers and dead utils ( #43871 )
...
* Gateway: share input provenance schema
* Onboarding: dedupe top-level channel patching
* Utils: remove unused path helpers
* Protocol: refresh generated gateway models
2026-03-12 05:04:31 -04:00
cb7b38105f
Merge remote-tracking branch 'origin/vincentkoc-code/fix-terminal-table-width'
...
* origin/vincentkoc-code/fix-terminal-table-width:
Terminal: consume unsupported escape bytes in tables
Skills: normalize emoji presentation across outputs
Changelog: note terminal skills table fixes
Skills: use Terminal-safe emoji in list output
Terminal: stop shrinking CLI tables by one column
Terminal: refine table wrapping and width handling
Update CHANGELOG.md
Deps: patch file-type and hono
Tests: cover emoji table alignment
Terminal: wrap table cells by grapheme width
Terminal: measure grapheme display width
Tests: cover grapheme terminal width
Changelog: add unreleased March 9 entries
# Conflicts:
# CHANGELOG.md
# package.json
# pnpm-lock.yaml
# src/cli/skills-cli.format.ts
# src/terminal/table.test.ts
2026-03-12 04:56:21 -04:00
Gustavo Madeira Santana
Peter Steinberger
Nimrod Gutman
2233admin
Vincent Koc
chengzhichao-xydt
Jacob Riff
Rodrigo Uroz
Lyle
Altay
0x4C33
rabsef-bicrym
avirweb
Ayaan Zaidi
glitch
jnMetaCode