nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,365 Commits 905 Branches 94 Tags 6.2 GiB
Commit Graph

2007 Commits

Author SHA1 Message Date
Owen Wang 50cc28c559
fix: differentiate overloaded vs rate-limit user-facing error messages (#58562) 2026-03-31 21:10:38 -04:00
Andy Tien 6c3eea3ce9
fix(session): prevent heartbeat/cron/exec events from triggering session reset (#58605) 
Fixes #58409 - Heartbeat system causes silent session reset leading to user data loss.

The issue occurred when automated system events (heartbeat, cron-event, exec-event)
triggered the session initialization logic, which evaluated session freshness based on
idle/daily reset policies. Stale sessions were reset, causing complete context loss.

Changes:
- Detect system event providers (heartbeat, cron-event, exec-event) in initSessionState
- Force freshEntry=true for system events to skip reset policy evaluation
- Add comprehensive test coverage for heartbeat no-reset behavior

This ensures automated check-ins preserve session continuity and never cause
accidental data loss.
 2026-03-31 21:10:24 -04:00
Gustavo Madeira Santana bea53d7a3f
Fix: move bootstrap session grammar into plugin-owned session-key surfaces (#58400) 
Merged via squash.

Prepared head SHA: b062b18b03
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-31 19:41:01 -04:00
Peter Steinberger f21abb2151
fix: harden queue cleanup lane resolution 2026-03-31 23:20:24 +01:00
Vincent Koc 11318ef9b9 fix(status): align session_status with /status 2026-04-01 06:40:50 +09:00
Vincent Koc 94d72efedc fix(slack): accept bare approve fallback 2026-04-01 06:34:01 +09:00
Vincent Koc ee8baf6766 fix(reply): stop mention-wrapped status double replies 2026-04-01 06:32:34 +09:00
Vincent Koc e1d2b299f6 fix(reply): avoid double status replies 2026-04-01 06:12:47 +09:00
Vincent Koc fdad8ea3b0 fix(status): show agent-local task counts when session tasks are empty 2026-04-01 06:01:29 +09:00
Vincent Koc 58ee76fc84 feat(status): show session task counts in slash status 2026-04-01 05:09:37 +09:00
Vincent Koc 7cd0ff2d88
refactor(tasks): add owner-key task access boundaries (#58516) 
* refactor(tasks): add owner-key task access boundaries

* test(acp): update task owner-key assertion

* fix(tasks): align owner key checks and migration scope
 2026-04-01 03:12:33 +09:00
Peter Steinberger 759d37635d
Revert "refactor: move tasks behind plugin-sdk seam" 
This reverts commit da6e9bb76f.
 2026-04-01 01:30:22 +09:00
openperf 56b5ba0dcb fix: address security and review feedback 
- Fix CWE-209: use static safe message instead of raw provider error text
- Fix CWE-117: sanitize provider/model in logs via sanitizeForLog
- Hide CLI hints from external channels via shouldSurfaceToControlUi
- Move overload cap check before advanceAuthProfile to save setup latency
- Export MAX_LIVE_SWITCH_RETRIES as module-level constant
- Use exact toBe() assertions in tests
- Correct failover decision label to fallback_model
 2026-03-31 20:25:09 +05:30
openperf 1fcd179d8c fix(gateway): prevent session death loop on overloaded fallback 
- Add MAX_LIVE_SWITCH_RETRIES=2 guard in agent-runner-execution.ts
- Add MAX_OVERLOAD_PROFILE_ROTATIONS=1 cap in run.ts for overloaded errors
- Return kind:final with user-visible error on retry exhaustion
- Escalate to cross-provider fallback instead of exhausting same-provider profiles

Fixes #58348
 2026-03-31 20:25:09 +05:30
Peter Steinberger da6e9bb76f
refactor: move tasks behind plugin-sdk seam 2026-03-31 15:22:09 +01:00
Gabriel M. f7ced438f7
fix: restore Telegram forum-topic routing (#56060) (thanks @one27001) 
* feat(telegram): add child thread-binding placement via createForumTopic

Enable ACP subagent spawn on Telegram by adding "child" placement
support to the thread-bindings adapter. When a child binding is
requested, the adapter creates a new forum topic via the Telegram
Bot API and binds the subagent session to it using the canonical
chatId:topic:topicId conversation ID format.

When the ACP spawn context provides only a topic ID (not a full
group chat ID), the adapter resolves the group from the configured
Telegram groups in openclaw.json.

This mirrors the Discord adapter's child placement behavior
(thread creation + session binding) and unblocks the orchestrator
pattern on Telegram forum-enabled groups.

Closes #5737
Ref #23414

* fix(telegram): return null with warning instead of silent group fallback for bare topic IDs in child bind

* telegram: fix ACP child thread spawn with group chat ID from agentGroupId

* telegram: scope agentGroupId substitution to telegram channel only

* Telegram: fix forum topic replies routing to root chat instead of topic thread

* fix: clean up dead guard in child bind + add explicit threadId override test

- Simplify bare-topic-ID guards in thread-bindings.ts: split into
  separate !chatId and !chatId.startsWith("-") checks, removing
  unreachable second condition
- Add regression test confirming explicit turnSourceThreadId overrides
  session lastThreadId on same channel

* fix: guard threadId fallback against shared-session race

Codex review P1: when turnSourceTo differs from the session's stored
to, the session threadId may belong to a different chat/topic. Only
fall back to context.threadId when the destination also matches.

* fix(telegram): enable ACP spawn from forum topics without thread binding

extractExplicitGroupId returned topic-qualified IDs (-100...:topic:1264)
instead of bare group chat IDs, breaking agentGroupId resolution.
agentGroupId was also never wired in the inline actions path.

For Telegram forum topics, skip thread binding entirely — the delivery
plan already routes correctly via requester origin (to + threadId).
Creating new forum topics per child session is unnecessary; output goes
back to the same topic the user asked from.

* fix(acp): bind Telegram forum sessions to current topic

* fix: restore Telegram forum-topic routing (#56060) (thanks @one27001)

---------

Co-authored-by: openclaw <mgabrie.dev@gmail.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-31 10:18:09 +05:30
Josh Avant 44674525f2
feat(tts): add structured provider diagnostics and fallback attempt analytics (#57954) 
* feat(tts): add structured fallback diagnostics and attempt analytics

* docs(tts): document attempt-detail and provider error diagnostics

* TTS: harden fallback loops and share error helpers

* TTS: bound provider error-body reads

* tts: add double-prefix regression test and clean baseline drift

* tests(tts): satisfy error narrowing in double-prefix regression

* changelog

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>

---------

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
 2026-03-30 22:55:28 -05:00
Josh Avant c918ab4faf
fix(tts): restore 3.28 schema compatibility and fallback observability (#57953) 
* fix(tts): restore legacy config compatibility and fallback observability

* fix(tts): surface fallback attempts in status and telephony

* test(tts): cover /tts audio to /tts status fallback flow

* docs(tts): align migration and fallback observability guidance

* TTS: redact fallback logs and scope legacy plugin migration

* Infra: dedupe UV_EXTRA_INDEX_URL in host env policy

* Docs: scope doctor TTS migration to voice-call

* voice-call: restore strict known TTS provider validation
 2026-03-30 22:05:03 -05:00
Teconomix 697dddbeb6
feat(matrix): thread-isolated sessions and per-chat-type threadReplies (#57995) 
Merged via squash.

Prepared head SHA: 9ed96dd063
Co-authored-by: teconomix <6959299+teconomix@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-30 22:45:32 -04:00
Peter Steinberger 6b6ddcd2a6
test: speed up core runtime suites 2026-03-31 02:25:02 +01:00
Vincent Koc 1f6a964e57 fix(ci): handle missing native command capabilities 2026-03-31 10:16:06 +09:00
Vincent Koc 8bcaf1a147 fix(test): trim reply command plugin imports 2026-03-31 09:43:54 +09:00
Vincent Koc a30214a624
fix(heartbeat): block owner-only auth inheritance for exec events (#57652) 2026-03-31 09:06:51 +09:00
scoootscooob 9ff57ac479
refactor(exec): unify channel approvals and restore routing/auth (#57838) 
* fix(exec): add shared approval runtime

* fix(exec): harden shared approval runtime

* fix(exec): guard approval expiration callbacks

* fix(exec): handle approval runtime races

* fix(exec): clean up failed approval deliveries

* fix(exec): restore channel approval routing

* fix(exec): scope telegram legacy approval fallback

* refactor(exec): centralize native approval delivery

* fix(exec): harden approval auth and account routing

* test(exec): align telegram approval auth assertions

* fix(exec): align approval rebase followups

* fix(exec): clarify plugin approval not-found errors

* fix(exec): fall back to session-bound telegram accounts

* fix(exec): detect structured telegram approval misses

* test(exec): align discord approval auth coverage

* fix(exec): ignore discord dm origin channel routes

* fix(telegram): skip self-authored message echoes

* fix(exec): keep implicit approval auth non-explicit
 2026-03-30 15:49:02 -07:00
Shakker c22edbb8ee test: align ci regression stubs with production behavior 2026-03-30 17:11:06 +01:00
Shakker 4c45fc3575 test: remove telegram extension dependency from reply command tests 2026-03-30 17:11:06 +01:00
Jacob Tomlinson ae703ab0e7
infra: harden identifier entropy and delay jitter (#57744) 
* infra: harden identifier entropy and delay jitter

* test: make randomness hardening deterministic in CI
 2026-03-30 16:57:30 +01:00
pgondhi987 6d341cf366
fix(auto-reply): thread per-agent tools.exec defaults into reply directives (#57689) 
* fix(auto-reply): thread per-agent tools.exec defaults into exec overrides

* test(auto-reply): add session-override and inline-directive priority tests for exec agent defaults
 2026-03-30 16:46:54 +01:00
samzong 09bb93c6e0
fix(subagents): correct duration display showing 5-6x inflated runtime (#57739) 
Merged via squash.

Prepared head SHA: 018bbbca4d
Co-authored-by: samzong <13782141+samzong@users.noreply.github.com>
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Reviewed-by: @frankekn
 2026-03-30 23:44:36 +08:00
Sean c6f2db1506
fix: prevent gateway attachment offload regressions (#55513) (thanks @Syysean) 
* feat(gateway): implement claim check pattern to prevent OOM on large attachments

* fix: sanitize mediaId, refine trimEnd, remove warn log, add threshold and absolute path

* fix: enforce maxBytes before decoding and use dynamic path from saveMediaBuffer

* fix: enforce absolute maxBytes limit before Buffer allocation and preserve file extensions

* fix: align saveMediaBuffer arguments and satisfy oxfmt linter

* chore: strictly enforce linting rules (curly braces, unused vars, and error typing)

* fix: restrict offload to mainstream mimes to avoid extension-loss bug in store.ts for BMP/TIFF

* fix: restrict offload to mainstream mimes to bypass store.ts extension-loss bug

* chore: document bmp/tiff exclusion from offload whitelist in MIME_TO_EXT

* feat: implement agent-side resolver for opaque media URIs and finalize contract

* fix: support unicode media URIs and allow consecutive dots in safe IDs based on Codex review

* fix(gateway): enforce strict fail-fast for oversized media to prevent OOM bypass

* refactor(gateway): harden media offload with performance and security optimizations

This update refines the Claim Check pattern with industrial-grade guards:

- Performance: Implemented sampled Base64 validation for large payloads (>4KB) to prevent event loop blocking.
- Security: Added null-byte (\u0000) detection and reinforced path traversal guards.
- I18n: Updated media-uri regex to a blacklist-based character class for Unicode/Chinese filename support, with oxlint bypass for intentional control regex.
- Robustness: Enhanced error diagnostics with JSON-serialized IDs.

* fix: add HEIC/HEIF to offload allowlist and pass maxBytes to saveMediaBuffer

* fix(gateway): clean up offloaded media files on attachment parse failure

Address Codex review feedback: track saved media IDs and implement best-effort cleanup via deleteMediaBuffer if subsequent attachments fail validation, preventing orphaned files on disk.

* fix(gateway): enforce full base64 validation to prevent whitespace padding bypass

Address Codex review feedback: remove early return in isValidBase64 so padded payloads cannot bypass offload thresholds and reintroduce memory pressure. Updated related comments.

* fix(gateway): preserve offloaded media metadata and fix validation error mapping

Address Codex review feedback:
- Add \offloadedRefs\ to \ParsedMessageWithImages\ to expose structured metadata for offloaded attachments, preventing transcript media loss.
- Move \erifyDecodedSize\ outside the storage try-catch block to correctly surface client base64 validation failures as 4xx errors instead of 5xx \MediaOffloadError\.
- Add JSDoc TODOs indicating that upstream callers (chat.ts, agent.ts, server-node-events.ts) must explicitly pass the \supportsImages\ flag.

* fix(agents): explicitly allow media store dir when loading offloaded images

Address Codex review feedback: Pass getMediaDir() to loadWebMedia's localRoots for media-uri refs to prevent legacy path resolution mismatches from silently dropping large attachments.

* fix(gateway): resolve attachment offload regressions and error mapping

Address Codex review feedback:
- Pass \supportsImages\ dynamically in \chat.ts\ and \gent.ts\ based on model catalog, and explicitly in \server-node-events.ts\.
- Persist \offloadedRefs\ into the transcript pipeline in \chat.ts\ to preserve media metadata for >2MB attachments.
- Correctly map \MediaOffloadError\ to 5xx (UNAVAILABLE) to differentiate server storage faults from 4xx client validation errors.

* fix(gateway): dynamically compute supportsImages for overrides and node events

Address follow-up Codex review feedback:

- Use effective model (including overrides) to compute \supportsImages\ in \gent.ts\.

- Move session load earlier in \server-node-events.ts\ to dynamically compute \supportsImages\ rather than hardcoding true.

* fix(gateway): resolve capability edge cases reported by codex

Address final Codex edge cases:
- Refactor \gent.ts\ to compute \supportsImages\ even when no session key is present, ensuring text-only override requests without sessions safely drop attachments.
- Update catalog lookups in \chat.ts\, \gent.ts\, and \server-node-events.ts\ to strictly match both \id\ and \provider\ to prevent cross-provider model collisions.

* fix(agents): restore before_install hook for skill installs

Restore the plugin scanner security hook that was accidentally dropped during merge conflict resolution.

* fix: resolve attachment pathing, defer parsing after auth gates, and clean up node-event mocks

* fix: resolve syntax errors in test-env, fix missing helper imports, and optimize parsing sequence in node events

* fix(gateway): re-enforce message length limit after attachment parsing

Adds a secondary check to ensure the 20,000-char cap remains effective even after media markers are appended during the offload flow.

* fix(gateway): prevent dropping valid small images and clean up orphaned media on size rejection

* fix(gateway): share attachment image capability checks

* fix(gateway): preserve mixed attachment order

* fix: fail closed on unknown image capability (#55513) (thanks @Syysean)

* fix: classify offloaded attachment refs explicitly (#55513) (thanks @Syysean)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-30 20:54:40 +05:30
Shakker 3ad747e25f style: apply formatter cleanups 2026-03-30 16:20:27 +01:00
Jacob Tomlinson a77928b108
Gateway: harden node event trust boundaries (#57691) 
* Gateway: harden node event trust boundaries

* Gateway: preserve trusted summary prefixes

* Gateway: prefix multiline channel summaries
 2026-03-30 14:22:15 +01:00
Jacob Tomlinson 566fb73d9d
reply: enforce ACP attachment roots (#57690) 
* reply: enforce ACP attachment roots

* media: harden local attachment cache reads

* reply: clarify ACP attachment skip logs

* reply: keep ACP attachments path-only
 2026-03-30 14:04:02 +01:00
Vincent Koc 2fbd5e3f5f fix(test): trim telegram command registry imports 2026-03-30 19:34:47 +09:00
Vincent Koc 85f3136cfc fix(test): use plugin public surfaces in reply command tests 2026-03-30 19:28:10 +09:00
Vincent Koc 104f006916 fix(test): trim reply command registry imports 2026-03-30 19:02:40 +09:00
Vincent Koc 9670bd0823 fix(test): trim session binding registry imports 2026-03-30 17:46:44 +09:00
Vincent Koc 12ae4eee7e
fix(slack): complete interactive block delivery (#57473) 
* fix(slack): complete interactive block delivery

Related #12602
Related #49528

* docs(changelog): add Slack interactive delivery note

Related #12602

* fix(slack): add reply-blocks helper and tighten directives

Related #12602
Related #49528

* fix(slack): scope style parsing and recheck merged blocks

Related #12602
Related #49528
 2026-03-30 16:25:51 +09:00
Vincent Koc 0a014ca63a perf(tasks): optimize session lookups and sqlite upserts 2026-03-30 16:19:28 +09:00
Vincent Koc 1fd8164f01 fix(test): trim acp command registry imports 2026-03-30 14:08:48 +09:00
Vincent Koc 69793db948 fix(test): trim acp context registry imports 2026-03-30 13:39:29 +09:00
Yauheni Shauchenka a6bc51f944
feat(openai): forward text verbosity (#47106) 
* feat(openai): forward text verbosity across responses transports

* fix(openai): remove stale verbosity rebase artifact

* chore(changelog): add openai text verbosity entry

---------

Co-authored-by: Ubuntu <ubuntu@vps-1c82b947.vps.ovh.net>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-30 12:04:35 +09:00
Vincent Koc 3034adfdb3 fix(commands): harden fast status and Telegram callbacks 2026-03-30 09:32:53 +09:00
Peter Steinberger 63cbc097b5
refactor(channels): route core through registered plugin capabilities 2026-03-30 01:03:42 +01:00
Peter Steinberger 3b878e6b86
refactor: move approval auth and payload hooks to generic channel capabilities 2026-03-30 08:46:44 +09:00
Peter Steinberger 6d9a7224aa
refactor: unify approval command authorization 2026-03-30 07:06:29 +09:00
Peter Steinberger 3ec000b995
refactor: align same-chat approval routing 2026-03-30 06:52:28 +09:00
Peter Steinberger 276ccd2583
fix(exec): default implicit target to auto 2026-03-30 06:03:08 +09:00
Peter Steinberger f5f8ba6d35 fix: harden bundle MCP session runtime cache (#55090) (thanks @allan0509) 2026-03-30 05:10:32 +09:00
无忌 6477d783e8 Agents: cache bundle MCP runtime per session 2026-03-30 05:10:32 +09:00