ee68fa86b5
fix: harden plugin command registration + telegram menu guard ( #31997 ) (thanks @liuxiaopai-ai)
2026-03-02 19:04:56 +00:00
82f01d6081
perf(runtime): reduce startup import overhead in logging and schema validation
2026-03-02 18:21:13 +00:00
d4bf07d075
refactor(security): unify hardened install and fs write flows
2026-03-02 17:23:29 +00:00
104d32bb64
fix(security): unify root-bound write hardening
2026-03-02 17:12:33 +00:00
7a7eee920a
refactor(gateway): harden plugin http route contracts
2026-03-02 16:48:00 +00:00
8611fd67b5
test(perf): remove duplicate bundled memory slot loader case
2026-03-02 16:46:17 +00:00
2fd8264ab0
refactor(gateway): hard-break plugin wildcard http handlers
2026-03-02 16:24:06 +00:00
60b8d645de
test(perf): standardize loader fixtures to cjs
2026-03-02 13:43:55 +00:00
02bd7a2249
test(perf): use CJS fixtures in plugin loader tests
2026-03-02 13:36:17 +00:00
43bffe7bdc
test(perf): cache plugin fixtures and streamline shell tests
2026-03-02 11:35:13 +00:00
3dd01c3361
test(perf): reuse shared temp root in plugin install tests
2026-03-02 11:27:04 +00:00
04030ddf68
test(runtime): trim timer-heavy regression suites
2026-03-02 09:47:29 +00:00
45888276a3
test(integration): dedupe messaging, secrets, and plugin test suites
2026-03-02 07:13:11 +00:00
a13586619b
test: move integration-heavy suites to e2e lane
2026-03-02 05:33:07 +00:00
c0bf42f2a8
refactor: centralize delivery/path/media/version lifecycle
2026-03-02 04:04:36 +00:00
bbab94c1fe
security(feishu): bind doc create grants to trusted requester context ( #31184 )
...
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 20:51:45 -06:00
577becf1ad
fix(plugins): prioritize bundled duplicates in auto-discovery
...
Landed from contributor PR #29710 by @Sid-Qin.
Co-authored-by: SidQin-cyber <sidqin0410@gmail.com>
2026-03-01 23:48:30 +00:00
e618794a96
test: align compaction hook usage expectation
2026-02-26 22:03:26 +00:00
c03adfb41a
test: align compaction hook usage expectation
2026-02-26 22:00:31 +00:00
bce643a0bd
refactor(security): enforce account-scoped pairing APIs
2026-02-26 21:57:52 +01:00
f7041fbee3
fix(windows): normalize namespaced path containment checks
2026-02-26 18:49:48 +00:00
53e30475e2
test(agents): add compaction and workspace reset regressions
2026-02-26 17:41:25 +01:00
0ec7711bc2
fix(agents): harden compaction and reset safety
...
Co-authored-by: jaden-clovervnd <91520439+jaden-clovervnd@users.noreply.github.com>
Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: Marcus Widing <245375637+widingmarcus-cyber@users.noreply.github.com>
2026-02-26 17:41:24 +01:00
273973d374
refactor: unify typing dispatch lifecycle and policy boundaries
2026-02-26 17:36:16 +01:00
cf311978ea
fix(plugins): fallback bundled channel specs when npm install returns 404 ( #12849 )
...
* plugins: add bundled source resolver
* plugins: add bundled source resolver tests
* cli: fallback npm 404 plugin installs to bundled sources
* plugins: use bundled source resolver during updates
* protocol: regenerate macos gateway swift models
* protocol: regenerate shared swift models
* Revert "protocol: regenerate shared swift models"
This reverts commit 6a2b08c47d27c03010c6
2026-02-26 08:06:54 -05:00
4b71de384c
fix(core): unify session-key normalization and plugin boundary checks
2026-02-26 12:41:23 +00:00
a97cec0018
refactor: harden remaining plugin manifest reads
2026-02-26 13:12:44 +01:00
eac86c2081
refactor: unify boundary hardening for file reads
2026-02-26 13:04:37 +01:00
a7d56e3554
feat: ACP thread-bound agents ( #23580 )
...
* docs: add ACP thread-bound agents plan doc
* docs: expand ACP implementation specification
* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup
* feat(acp): add /acp commands and Discord spawn gate
* ACP: add acpx runtime plugin backend
* fix(subagents): defer transient lifecycle errors before announce
* Agents: harden ACP sessions_spawn and tighten spawn guidance
* Agents: require explicit ACP target for runtime spawns
* docs: expand ACP control-plane implementation plan
* ACP: harden metadata seeding and spawn guidance
* ACP: centralize runtime control-plane manager and fail-closed dispatch
* ACP: harden runtime manager and unify spawn helpers
* Commands: route ACP sessions through ACP runtime in agent command
* ACP: require persisted metadata for runtime spawns
* Sessions: preserve ACP metadata when updating entries
* Plugins: harden ACP backend registry across loaders
* ACPX: make availability probe compatible with adapters
* E2E: add manual Discord ACP plain-language smoke script
* ACPX: preserve streamed spacing across Discord delivery
* Docs: add ACP Discord streaming strategy
* ACP: harden Discord stream buffering for thread replies
* ACP: reuse shared block reply pipeline for projector
* ACP: unify streaming config and adopt coalesceIdleMs
* Docs: add temporary ACP production hardening plan
* Docs: trim temporary ACP hardening plan goals
* Docs: gate ACP thread controls by backend capabilities
* ACP: add capability-gated runtime controls and /acp operator commands
* Docs: remove temporary ACP hardening plan
* ACP: fix spawn target validation and close cache cleanup
* ACP: harden runtime dispatch and recovery paths
* ACP: split ACP command/runtime internals and centralize policy
* ACP: harden runtime lifecycle, validation, and observability
* ACP: surface runtime and backend session IDs in thread bindings
* docs: add temp plan for binding-service migration
* ACP: migrate thread binding flows to SessionBindingService
* ACP: address review feedback and preserve prompt wording
* ACPX plugin: pin runtime dependency and prefer bundled CLI
* Discord: complete binding-service migration cleanup and restore ACP plan
* Docs: add standalone ACP agents guide
* ACP: route harness intents to thread-bound ACP sessions
* ACP: fix spawn thread routing and queue-owner stall
* ACP: harden startup reconciliation and command bypass handling
* ACP: fix dispatch bypass type narrowing
* ACP: align runtime metadata to agentSessionId
* ACP: normalize session identifier handling and labels
* ACP: mark thread banner session ids provisional until first reply
* ACP: stabilize session identity mapping and startup reconciliation
* ACP: add resolved session-id notices and cwd in thread intros
* Discord: prefix thread meta notices consistently
* Discord: unify ACP/thread meta notices with gear prefix
* Discord: split thread persona naming from meta formatting
* Extensions: bump acpx plugin dependency to 0.1.9
* Agents: gate ACP prompt guidance behind acp.enabled
* Docs: remove temp experiment plan docs
* Docs: scope streaming plan to holy grail refactor
* Docs: refactor ACP agents guide for human-first flow
* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow
* Docs/Skill: add OpenCode and Pi to ACP harness lists
* Docs/Skill: align ACP harness list with current acpx registry
* Dev/Test: move ACP plain-language smoke script and mark as keep
* Docs/Skill: reorder ACP harness lists with Pi first
* ACP: split control-plane manager into core/types/utils modules
* Docs: refresh ACP thread-bound agents plan
* ACP: extract dispatch lane and split manager domains
* ACP: centralize binding context and remove reverse deps
* Infra: unify system message formatting
* ACP: centralize error boundaries and session id rendering
* ACP: enforce init concurrency cap and strict meta clear
* Tests: fix ACP dispatch binding mock typing
* Tests: fix Discord thread-binding mock drift and ACP request id
* ACP: gate slash bypass and persist cleared overrides
* ACPX: await pre-abort cancel before runTurn return
* Extension: pin acpx runtime dependency to 0.1.11
* Docs: add pinned acpx install strategy for ACP extension
* Extensions/acpx: enforce strict local pinned startup
* Extensions/acpx: tighten acp-router install guidance
* ACPX: retry runtime test temp-dir cleanup
* Extensions/acpx: require proactive ACPX repair for thread spawns
* Extensions/acpx: require restart offer after acpx reinstall
* extensions/acpx: remove workspace protocol devDependency
* extensions/acpx: bump pinned acpx to 0.1.13
* extensions/acpx: sync lockfile after dependency bump
* ACPX: make runtime spawn Windows-safe
* fix: align doctor-config-flow repair tests with default-account migration (#23580 ) (thanks @osolmaz)
2026-02-26 11:00:09 +01:00
75969ed5c4
fix(plugins): pass session context to before_compaction hook in subscribe handler
...
The handleAutoCompactionStart handler was calling runBeforeCompaction with
only messageCount and an empty hook context. Plugins receiving this hook
could not identify the session or snapshot the transcript during
auto-compaction.
The other call site in compact.ts already passes the full payload
(messages, sessionFile, sessionKey). This aligns the subscribe handler
to do the same using ctx.params.session and ctx.params.sessionKey.
(cherry picked from commit 318a19d1a1
2026-02-24 04:33:50 +00:00
588a188d6f
fix: replace stale plugin webhook routes on re-registration
2026-02-24 04:01:41 +00:00
d76742ff88
fix: normalize manifest plugin ids during install
2026-02-24 03:56:34 +00:00
6c1ed9493c
fix: harden queue retry debounce and add regression tests
2026-02-24 03:52:49 +00:00
bf91b347c1
fix(plugins): use manifest id as config entry key instead of npm package name ( #24796 )
...
* fix(plugins): use manifest id as config key instead of npm package name
Plugin manifests (openclaw.plugin.json) define a canonical 'id' field that
is used as the authoritative plugin identifier by the manifest registry.
However, the install command was deriving the config entry key from the npm
package name (e.g. 'cognee-openclaw') rather than the manifest id (e.g.
'memory-cognee'), causing a latent mismatch.
On the next gateway reload the plugin could not be found under the config key
derived from the npm package name, causing 'plugin not found' errors and
potentially shutting the gateway down.
Fix: after extracting the package directory, read openclaw.plugin.json and
prefer its 'id' field over the npm package name when registering the config
entry. Falls back to the npm-derived id if the manifest file is absent or
has no valid id. A diagnostic info message is emitted when the two values
differ so the mismatch is visible in the install log.
The update path (src/plugins/update.ts) already correctly reads the manifest
id and is unaffected.
Fixes #24429
* fix: format plugin install manifest-id path (#24796 )
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-24 03:33:51 +00:00
75423a00d6
refactor: deduplicate shared helpers and test setup
2026-02-23 20:40:44 +00:00
87603b5c45
fix: sync built-in channel enablement across config paths
2026-02-23 19:40:42 +00:00
3cadc3eed1
fix(plugins): honor channels.<id>.enabled for bundled channels
2026-02-23 18:16:58 +00:00
35fbf26d24
Gateway: suppress tools.catalog plugin conflict diagnostics
2026-02-23 00:05:57 -06:00
382fe8009a
refactor!: remove google-antigravity provider support
2026-02-23 05:20:14 +01:00
2081b3a3c4
refactor(channels): dedupe hook and monitor execution paths
2026-02-22 21:19:09 +00:00
f8171ffcdc
Config UI: tag filters and complete schema help/labels coverage ( #23796 )
...
* Config UI: add tag filters and complete schema help/labels
* Config UI: finalize tags/help polish and unblock test suite
* Protocol: regenerate Swift gateway models
2026-02-22 15:17:07 -06:00
8af6d1a186
refactor(test): dedupe repeated fixture setup helpers
2026-02-22 20:04:51 +00:00
12635de1c7
test: cover shared installer flow helpers
2026-02-22 18:37:25 +00:00
07888bee34
refactor: share install flows across hooks and plugins
2026-02-22 18:37:25 +00:00
40680432b4
fix(config): allowlist auto-enabled built-in channels when restricted
...
Co-authored-by: 4rev <4rev@users.noreply.github.com>
2026-02-22 19:31:18 +01:00
9da5f9819b
fix(plugins): ignore archived extension dirs during discovery
...
Co-authored-by: chenzhuoms <chenzhuoms@users.noreply.github.com>
2026-02-22 19:23:34 +01:00
8839162b97
fix(config): persist built-in channel enable state in channels
...
Co-authored-by: HirokiKobayashi-R <HirokiKobayashi-R@users.noreply.github.com>
2026-02-22 19:23:34 +01:00
1bd79add8f
fix(plugins): sanitize workspace deps before plugin install
...
Co-authored-by: guanyu-zhang <guanyu-zhang@users.noreply.github.com>
2026-02-22 19:23:34 +01:00
407f7017ec
test: cache plugin install archive fixtures
2026-02-22 17:06:35 +00:00
ec0081ce9a
test: move hooks and plugin local suites out of e2e
2026-02-22 11:05:53 +00:00
d6d73d0ed9
test(core): trim redundant test resets and use mockClear
2026-02-22 08:12:55 +00:00
e893157600
test(core): use lightweight clears in runtime and telegram setup
2026-02-22 08:09:14 +00:00
4ddaafee68
test(plugins): use lightweight clears in wired hooks setup
2026-02-22 08:01:16 +00:00
185fba1d22
refactor(agents): dedupe plugin hooks and test helpers
2026-02-22 07:44:57 +00:00
8920e281cc
Plugins: allowlist plugins when enabling from CLI
2026-02-21 19:37:26 -08:00
5c8f0b5a77
test: tighten plugin e2e matrix coverage
2026-02-21 21:44:50 +00:00
8178ea472d
feat: thread-bound subagents on Discord ( #21805 )
...
* docs: thread-bound subagents plan
* docs: add exact thread-bound subagent implementation touchpoints
* Docs: prioritize auto thread-bound subagent flow
* Docs: add ACP harness thread-binding extensions
* Discord: add thread-bound session routing and auto-bind spawn flow
* Subagents: add focus commands and ACP/session binding lifecycle hooks
* Tests: cover thread bindings, focus commands, and ACP unbind hooks
* Docs: add plugin-hook appendix for thread-bound subagents
* Plugins: add subagent lifecycle hook events
* Core: emit subagent lifecycle hooks and decouple Discord bindings
* Discord: handle subagent bind lifecycle via plugin hooks
* Subagents: unify completion finalizer and split registry modules
* Add subagent lifecycle events module
* Hooks: fix subagent ended context key
* Discord: share thread bindings across ESM and Jiti
* Subagents: add persistent sessions_spawn mode for thread-bound sessions
* Subagents: clarify thread intro and persistent completion copy
* test(subagents): stabilize sessions_spawn lifecycle cleanup assertions
* Discord: add thread-bound session TTL with auto-unfocus
* Subagents: fail session spawns when thread bind fails
* Subagents: cover thread session failure cleanup paths
* Session: add thread binding TTL config and /session ttl controls
* Tests: align discord reaction expectations
* Agent: persist sessionFile for keyed subagent sessions
* Discord: normalize imports after conflict resolution
* Sessions: centralize sessionFile resolve/persist helper
* Discord: harden thread-bound subagent session routing
* Rebase: resolve upstream/main conflicts
* Subagents: move thread binding into hooks and split bindings modules
* Docs: add channel-agnostic subagent routing hook plan
* Agents: decouple subagent routing from Discord
* Discord: refactor thread-bound subagent flows
* Subagents: prevent duplicate end hooks and orphaned failed sessions
* Refactor: split subagent command and provider phases
* Subagents: honor hook delivery target overrides
* Discord: add thread binding kill switches and refresh plan doc
* Discord: fix thread bind channel resolution
* Routing: centralize account id normalization
* Discord: clean up thread bindings on startup failures
* Discord: add startup cleanup regression tests
* Docs: add long-term thread-bound subagent architecture
* Docs: split session binding plan and dedupe thread-bound doc
* Subagents: add channel-agnostic session binding routing
* Subagents: stabilize announce completion routing tests
* Subagents: cover multi-bound completion routing
* Subagents: suppress lifecycle hooks on failed thread bind
* tests: fix discord provider mock typing regressions
* docs/protocol: sync slash command aliases and delete param models
* fix: add changelog entry for Discord thread-bound subagents (#21805 ) (thanks @onutc)
---------
Co-authored-by: Shadow <hi@shadowing.dev>
2026-02-21 16:14:55 +01:00
7a27e2648a
refactor(test): dedupe plugin env overrides via env helpers
2026-02-21 13:03:41 +00:00
a1cb700a05
test: dedupe and optimize test suites
2026-02-19 15:19:38 +00:00
bc6f983f85
fix(ci): resolve format drift and acp mock typing
2026-02-19 15:11:27 +00:00
cc9be84b9c
refactor(runtime): split runtime builders and stabilize cron tool seam
2026-02-19 16:09:56 +01:00
dcd592a601
refactor: eliminate jscpd clones and boost tests
2026-02-19 15:08:54 +00:00
edf92f1cb0
refactor: share npm integrity drift handling
2026-02-19 15:08:14 +00:00
2e421f32df
fix(security): restore trusted plugin runtime exec default
2026-02-19 16:01:29 +01:00
f76f98b268
chore: fix formatting drift and stabilize cron tool mocks
2026-02-19 15:41:38 +01:00
81b19aaa1a
fix(security): enforce plugin and hook path containment
2026-02-19 15:37:29 +01:00
77c748304b
refactor(plugins): extract safety and provenance helpers
2026-02-19 15:24:14 +01:00
3561442a9f
fix(plugins): harden discovery trust checks
2026-02-19 15:14:12 +01:00
5dc50b8a3f
fix(security): harden npm plugin and hook install integrity flow
2026-02-19 15:11:25 +01:00
db73402235
Security: add explicit opt-in for deprecated plugin runtime exec ( #20874 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: de69f81725
2026-02-19 11:30:36 +00:00
45db2aa0cd
Security: disable plugin runtime command execution primitive ( #20828 )
...
Co-authored-by: mbelinky <mbelinky@users.noreply.github.com>
2026-02-19 10:17:29 +00:00
5e7cffc568
test: merge duplicate plugin memory-none cases
2026-02-19 08:51:38 +00:00
aa8f87a3bf
refactor(plugins): reuse plugin loader logger adapter
2026-02-18 23:48:32 +00:00
5ae4595bb9
refactor(plugins): reuse plugin service runtime context
2026-02-18 17:23:44 +00:00
f05395ae00
refactor(test): share internal hook and npm pack assertions
2026-02-18 17:01:22 +00:00
112f8250fc
test: dedupe registry/session tests and add install source coverage
2026-02-18 05:05:04 +00:00
a69e7682c1
refactor(test): dedupe channel and monitor action suites
2026-02-18 04:49:22 +00:00
31f83c86b2
refactor(test): dedupe agent harnesses and routing fixtures
2026-02-18 04:49:22 +00:00
8a9fddedc9
refactor: extract shared install and embedding utilities
2026-02-18 04:49:22 +00:00
262472ba20
test: remove duplicated scenario scaffolding across runtime tests
2026-02-18 04:04:14 +00:00
b8b43175c5
style: align formatting with oxfmt 0.33
2026-02-18 01:34:35 +00:00
31f9be126c
style: run oxfmt and fix gate failures
2026-02-18 01:29:02 +00:00
210bc37971
chore(subagents): add regression coverage and changelog
2026-02-17 08:40:36 -05:00
0c87dbdcfc
voice-call: harden closed-loop turn loop and transcript routing ( #19140 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 14a3edb005
2026-02-17 13:02:38 +00:00
7b31e8fc59
chore: Fix types in tests 36/N.
2026-02-17 15:50:07 +09:00
6e5df1dc0f
chore: Fix types in tests 25/N.
2026-02-17 14:31:02 +09:00
d0cb8c19b2
chore: wtf.
2026-02-17 13:36:48 +09:00
ed11e93cf2
chore(format)
2026-02-16 23:20:16 -05:00
cf6cdc74d0
chore: Fix types in tests 23/N.
2026-02-17 12:24:03 +09:00
9c5f08244e
chore: Format files.
2026-02-17 11:37:11 +09:00
0c1c34c950
refactor(plugins): split before-agent hooks by model and prompt phases
2026-02-17 03:28:20 +01:00
a75e95be02
fix(reply): track messaging media aliases for dedupe
2026-02-17 03:27:23 +01:00
01ea808876
chore: Format files.
2026-02-17 10:57:31 +09:00
2992639f88
Revert "feat: add Linq channel — real iMessage via API, no Mac required"
...
This reverts commit d4a142fd8f
2026-02-17 02:30:55 +01:00
5195179150
refactor: centralize plugin allowlist mutation
2026-02-17 00:45:02 +00:00
90ef2d6bdf
chore: Update formatting.
2026-02-17 09:18:40 +09:00
eaa2f7a7bf
fix(ci): restore main lint/typecheck after direct merges
2026-02-16 23:26:11 +00:00
15fe87e6b7
feat: add before_message_write plugin hook
...
Synchronous hook that lets plugins inspect and optionally block messages
before they are written to the session JSONL file. Primary use case is
private mode... when enabled, the plugin returns { block: true } and the
message never gets persisted.
The hook runs on the hot path (synchronous, like tool_result_persist).
Handlers execute sequentially in priority order. If any handler returns
{ block: true }, the write is skipped immediately. Handlers can also
return a modified message to write instead of the original.
Changes:
- src/plugins/types.ts: add hook name, event/result types, handler map entry
- src/plugins/hooks.ts: add runBeforeMessageWrite() following tool_result_persist pattern
- src/agents/session-tool-result-guard.ts: invoke hook before every originalAppend() call
- src/agents/session-tool-result-guard-wrapper.ts: wire hook runner to the guard
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 23:58:12 +01:00
d4a142fd8f
feat: add Linq channel — real iMessage via API, no Mac required
...
Adds a complete Linq iMessage channel adapter that replaces the existing
iMessage channel's Mac Mini + dedicated Apple ID + SSH wrapper + Full Disk
Access setup with a single API key and phone number.
Core implementation (src/linq/):
- types.ts: Linq webhook event and message types
- accounts.ts: Multi-account resolution from config (env/file/inline token)
- send.ts: REST outbound via Linq Blue V3 API (messages, typing, reactions)
- probe.ts: Health check via GET /v3/phonenumbers
- monitor.ts: Webhook HTTP server with HMAC-SHA256 signature verification,
replay protection, inbound debouncing, and full dispatch pipeline integration
Extension plugin (extensions/linq/):
- ChannelPlugin implementation with config, security, setup, outbound,
gateway, and status adapters
- Supports direct and group chats, reactions, and media
Wiring:
- Channel registry, dock, config schema, plugin-sdk exports, and plugin
runtime all updated to include the new linq channel
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 23:52:56 +01:00
a02bcb3620
fix(test): add missing media dedup state fields to mock contexts
...
Pre-existing test mocks lacked pendingMessagingMediaUrls and
messagingToolSentMediaUrls fields added by the media dedup feature,
causing runtime errors in handleToolExecutionEnd.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 23:51:51 +01:00
Peter Steinberger
Tak Hoffman
Shakker
Vincent Koc
Onur Solmaz
Marc Gratch
zerone0x
chilu18
Vignesh Natarajan
Onur
Mariano
Sebastian
cpojer
Parker Todd Brooks
George McCain
Yaroslav Boiko