7d8aeaaf06
fix(gateway): pin paired reconnect metadata for node policy
2026-02-26 14:11:04 +01:00
cf311978ea
fix(plugins): fallback bundled channel specs when npm install returns 404 ( #12849 )
...
* plugins: add bundled source resolver
* plugins: add bundled source resolver tests
* cli: fallback npm 404 plugin installs to bundled sources
* plugins: use bundled source resolver during updates
* protocol: regenerate macos gateway swift models
* protocol: regenerate shared swift models
* Revert "protocol: regenerate shared swift models"
This reverts commit 6a2b08c47d27c03010c6
2026-02-26 08:06:54 -05:00
7b5153f214
refactor: dedupe boundary-path canonical checks
2026-02-26 14:04:47 +01:00
b402770f63
refactor(reply): split abort cutoff and timeout policy modules
2026-02-26 14:00:35 +01:00
c397a02c9a
fix(queue): harden drain/abort/timeout race handling
...
- reject new lane enqueues once gateway drain begins
- always reset lane draining state and isolate onWait callback failures
- persist per-session abort cutoff and skip stale queued messages
- avoid false 600s agentTurn timeout in isolated cron jobs
Fixes #27407
Fixes #27332
Fixes #27427
Co-authored-by: Kevin Shenghui <shenghuikevin@github.com>
Co-authored-by: zjmy <zhangjunmengyang@gmail.com>
Co-authored-by: suko <miha.sukic@gmail.com>
2026-02-26 13:43:39 +01:00
1aef45bc06
fix: harden boundary-path canonical alias handling
2026-02-26 13:43:29 +01:00
4b71de384c
fix(core): unify session-key normalization and plugin boundary checks
2026-02-26 12:41:23 +00:00
e3385a6578
fix(security): harden root file guards and host writes
2026-02-26 13:32:58 +01:00
4fd29a35bb
fix: block broken-symlink sandbox path escapes
2026-02-26 13:30:45 +01:00
8b5ebff67b
fix(cron): prevent isolated hook session-key double-prefixing (land #27333 , @MaheshBhushan)
...
Co-authored-by: MaheshBhushan <mkoduri73@gmail.com>
2026-02-26 12:29:10 +00:00
f692288301
feat(cron): add --session-key option to cron add/edit CLI commands
...
Expose the existing CronJob.sessionKey field through the CLI so users
can target cron jobs at specific named sessions without needing an
external shell script + system crontab workaround.
The backend already fully supports sessionKey on cron jobs - this
change wires it to the CLI surface with --session-key on cron add,
and --session-key / --clear-session-key on cron edit.
Closes #27158
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 12:28:49 +00:00
452a8c9db9
fix: use canonical cron session detection for spawn note
2026-02-26 17:54:27 +05:30
69590de276
fix: suppress SUBAGENT_SPAWN_ACCEPTED_NOTE for cron isolated sessions
...
The 'do not poll/sleep' note added to sessions_spawn tool results causes
cron isolated agents to immediately end their turn, since the note tells
them not to wait for subagent results. In cron isolated sessions, the
agent turn IS the entire run, so ending early means subagent results
are never collected.
Fix: detect cron sessions via includes(':cron:') in agentSessionKey
and suppress the note, allowing the agent to poll/wait naturally.
Note: PR #27330 used startsWith('cron:') which never matches because
the session key format is 'agent:main:cron:...' (starts with 'agent:').
Fixes #27308
Fixes #25069
2026-02-26 17:54:27 +05:30
46eba86b45
fix: harden workspace boundary path resolution
2026-02-26 13:19:59 +01:00
a288f3066f
fix(gateway): warn on non-loopback bind at startup (land #25397 , thanks @let5sne)
...
Co-authored-by: let5sne <let5sne@users.noreply.github.com>
2026-02-26 12:13:20 +00:00
327f0526d1
fix(gateway): use loopback for CLI status probe when bind=lan (land #26997 , thanks @chikko80)
...
Co-authored-by: Manuel Seitz <seitzmanuel0@gmail.com>
2026-02-26 12:13:20 +00:00
da53015ef5
fix(onboard): seed Control UI origins for non-loopback binds (land #26157 , thanks @stakeswky)
...
Co-authored-by: 不做了睡大觉 <stakeswky@users.noreply.github.com>
2026-02-26 12:13:20 +00:00
a97cec0018
refactor: harden remaining plugin manifest reads
2026-02-26 13:12:44 +01:00
892a9c24b0
refactor(security): centralize channel allowlist auth policy
2026-02-26 13:06:33 +01:00
eac86c2081
refactor: unify boundary hardening for file reads
2026-02-26 13:04:37 +01:00
6632fd1ea9
refactor(security): extract protected-route path policy helpers
2026-02-26 13:01:22 +01:00
8bdda7a651
fix(security): keep DM pairing allowlists out of group auth
2026-02-26 12:58:18 +01:00
0ed675b1df
fix(security): harden canonical auth matching for plugin channel routes
2026-02-26 12:55:33 +01:00
0231cac957
feat(typing): add TTL safety-net for stuck indicators (land #27428 , thanks @Crpdim)
...
Co-authored-by: Crpdim <crpdim@users.noreply.github.com>
2026-02-26 11:48:50 +00:00
3d30ba18a2
fix(slack): gate member and message subtype system events
2026-02-26 12:48:20 +01:00
da0ba1b73a
fix(security): harden channel auth path checks and exec approval routing
2026-02-26 12:46:05 +01:00
b096ad267e
fix(telegram): add sendChatAction 401 backoff guard (land #27415 , thanks @widingmarcus-cyber)
...
Co-authored-by: Marcus Widing <widing.marcus@gmail.com>
2026-02-26 11:45:57 +00:00
b74be2577f
refactor(web): unify proxy-guarded fetch path for web tools
2026-02-26 12:44:18 +01:00
8bf1c9a23a
fix(typing): stop keepalive restarts after run completion (land #27413 , thanks @widingmarcus-cyber)
...
Co-authored-by: Marcus Widing <widing.marcus@gmail.com>
2026-02-26 11:42:38 +00:00
242188b7b1
refactor: unify boundary-safe reads for bootstrap and includes
2026-02-26 12:42:14 +01:00
199ef9f8ea
fix(typing): add main-run dispatch idle safety net (land #27250 , thanks @Sid-Qin)
...
Co-authored-by: Sid Qin <s3734389@gmail.com>
2026-02-26 11:36:08 +00:00
46003e85bf
fix: unify web tool proxy path ( #27430 ) (thanks @kevinWangSheng)
2026-02-26 11:32:43 +00:00
d8e2030d47
fix(web-search): honor HTTP_PROXY environment variable for Brave Search API
...
The web_search tool was not respecting HTTP_PROXY/HTTPS_PROXY environment
variables, causing 'fetch failed' errors when running behind a proxy.
This fix adds ProxyAgent support for the Brave Search API, similar to how
other tools in OpenClaw handle proxy configuration.
Fixes #27405
2026-02-26 11:32:43 +00:00
9925ac6a2d
fix(config): harden include file loading path checks
2026-02-26 12:23:31 +01:00
d9ed2c425a
fix(telegram): prime final preview before stop flush
2026-02-26 16:24:31 +05:30
e273b9851e
Tests: tighten discord work account type in doctor config flow
2026-02-26 05:38:53 -05:00
1ffc319831
Doctor: keep allowFrom account-scoped in multi-account configs
2026-02-26 05:34:58 -05:00
133f14c0af
docs(auto-reply): align silent token comment with regex
2026-02-26 16:04:48 +05:30
e64d72299e
fix(auto-reply): tighten silent token semantics and prefix streaming
2026-02-26 16:04:48 +05:30
2f2110a32c
fix: tighten isSilentReplyText to match whole-text only
...
The suffix regex matched NO_REPLY at the end of any response,
suppressing substantive replies when models (e.g. Gemini 3 Pro)
appended NO_REPLY to real content.
Replace prefix+suffix regexes with a single whole-string match.
Only responses that are entirely the silent token (with optional
whitespace) are now suppressed.
Add unit tests for the fix.
Fixes #19537
2026-02-26 16:04:48 +05:30
a7d56e3554
feat: ACP thread-bound agents ( #23580 )
...
* docs: add ACP thread-bound agents plan doc
* docs: expand ACP implementation specification
* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup
* feat(acp): add /acp commands and Discord spawn gate
* ACP: add acpx runtime plugin backend
* fix(subagents): defer transient lifecycle errors before announce
* Agents: harden ACP sessions_spawn and tighten spawn guidance
* Agents: require explicit ACP target for runtime spawns
* docs: expand ACP control-plane implementation plan
* ACP: harden metadata seeding and spawn guidance
* ACP: centralize runtime control-plane manager and fail-closed dispatch
* ACP: harden runtime manager and unify spawn helpers
* Commands: route ACP sessions through ACP runtime in agent command
* ACP: require persisted metadata for runtime spawns
* Sessions: preserve ACP metadata when updating entries
* Plugins: harden ACP backend registry across loaders
* ACPX: make availability probe compatible with adapters
* E2E: add manual Discord ACP plain-language smoke script
* ACPX: preserve streamed spacing across Discord delivery
* Docs: add ACP Discord streaming strategy
* ACP: harden Discord stream buffering for thread replies
* ACP: reuse shared block reply pipeline for projector
* ACP: unify streaming config and adopt coalesceIdleMs
* Docs: add temporary ACP production hardening plan
* Docs: trim temporary ACP hardening plan goals
* Docs: gate ACP thread controls by backend capabilities
* ACP: add capability-gated runtime controls and /acp operator commands
* Docs: remove temporary ACP hardening plan
* ACP: fix spawn target validation and close cache cleanup
* ACP: harden runtime dispatch and recovery paths
* ACP: split ACP command/runtime internals and centralize policy
* ACP: harden runtime lifecycle, validation, and observability
* ACP: surface runtime and backend session IDs in thread bindings
* docs: add temp plan for binding-service migration
* ACP: migrate thread binding flows to SessionBindingService
* ACP: address review feedback and preserve prompt wording
* ACPX plugin: pin runtime dependency and prefer bundled CLI
* Discord: complete binding-service migration cleanup and restore ACP plan
* Docs: add standalone ACP agents guide
* ACP: route harness intents to thread-bound ACP sessions
* ACP: fix spawn thread routing and queue-owner stall
* ACP: harden startup reconciliation and command bypass handling
* ACP: fix dispatch bypass type narrowing
* ACP: align runtime metadata to agentSessionId
* ACP: normalize session identifier handling and labels
* ACP: mark thread banner session ids provisional until first reply
* ACP: stabilize session identity mapping and startup reconciliation
* ACP: add resolved session-id notices and cwd in thread intros
* Discord: prefix thread meta notices consistently
* Discord: unify ACP/thread meta notices with gear prefix
* Discord: split thread persona naming from meta formatting
* Extensions: bump acpx plugin dependency to 0.1.9
* Agents: gate ACP prompt guidance behind acp.enabled
* Docs: remove temp experiment plan docs
* Docs: scope streaming plan to holy grail refactor
* Docs: refactor ACP agents guide for human-first flow
* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow
* Docs/Skill: add OpenCode and Pi to ACP harness lists
* Docs/Skill: align ACP harness list with current acpx registry
* Dev/Test: move ACP plain-language smoke script and mark as keep
* Docs/Skill: reorder ACP harness lists with Pi first
* ACP: split control-plane manager into core/types/utils modules
* Docs: refresh ACP thread-bound agents plan
* ACP: extract dispatch lane and split manager domains
* ACP: centralize binding context and remove reverse deps
* Infra: unify system message formatting
* ACP: centralize error boundaries and session id rendering
* ACP: enforce init concurrency cap and strict meta clear
* Tests: fix ACP dispatch binding mock typing
* Tests: fix Discord thread-binding mock drift and ACP request id
* ACP: gate slash bypass and persist cleared overrides
* ACPX: await pre-abort cancel before runTurn return
* Extension: pin acpx runtime dependency to 0.1.11
* Docs: add pinned acpx install strategy for ACP extension
* Extensions/acpx: enforce strict local pinned startup
* Extensions/acpx: tighten acp-router install guidance
* ACPX: retry runtime test temp-dir cleanup
* Extensions/acpx: require proactive ACPX repair for thread spawns
* Extensions/acpx: require restart offer after acpx reinstall
* extensions/acpx: remove workspace protocol devDependency
* extensions/acpx: bump pinned acpx to 0.1.13
* extensions/acpx: sync lockfile after dependency bump
* ACPX: make runtime spawn Windows-safe
* fix: align doctor-config-flow repair tests with default-account migration (#23580 ) (thanks @osolmaz)
2026-02-26 11:00:09 +01:00
a690b62391
Doctor: ignore slash sessions in transcript integrity check
...
Merged via deterministic merge flow.
Prepared head SHA: e5cee7a2ec
2026-02-26 04:35:08 -05:00
30fd2bbe19
fix(ssrf): honor global family policy for pinned dispatcher
2026-02-26 14:57:15 +05:30
58fef1d703
fix(telegram): allow inline button callbacks in groups when command was authorized ( #27309 )
2026-02-26 14:43:11 +05:30
dfa0b5b4fc
Channels: move single-account config into accounts.default ( #27334 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 50b5771808
2026-02-26 04:06:03 -05:00
a0cf753b2e
refactor(agents): dedupe node read invoke commands
2026-02-26 14:33:14 +05:30
c0073b3d47
feat(agents): add nodes notifications_list action
2026-02-26 14:33:14 +05:30
e6a5d5784c
feat(gateway): allow notifications.list for android nodes
2026-02-26 14:33:14 +05:30
c289b5ff9f
fix(config): preserve agent-level apiKey/baseUrl during models.json merge ( #27293 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 6b4b37b03d
2026-02-26 03:46:36 -05:00
39d725f4d3
Daemon tests: guard undefined runtime status
2026-02-26 03:24:48 -05:00
Peter Steinberger
Vincent Koc
Matt Hulme
Ayaan Zaidi
Taras Lukavyi
Kevin Shenghui
Gustavo Madeira Santana
HAL
Onur Solmaz
GodsBoy
Sid