2622d2453b
fix(ci): restore generated protocol swift outputs ( #44411 )
...
Regenerate the Swift protocol models so PushTestResult keeps the transport field required by the current gateway schema, and update protocol:check to diff both generated Swift destinations because the generator writes both files.
Regeneration-Prompt: |
Investigate the protocol CI failure on current origin/main rather than assuming the earlier fix still held. Confirm whether the generated Swift outputs drifted from the TypeScript gateway schema, identify whether the regression was reintroduced by a later commit, and keep the patch minimal: restore the generated Swift outputs from the existing schema and tighten the protocol check so it verifies every Swift file the generator writes.
2026-03-12 15:25:38 -07:00
bf89947a8e
fix: switch pairing setup codes to bootstrap tokens
2026-03-12 22:23:07 +00:00
143e593ab8
Compaction Runner: wire post-compaction memory sync ( #25561 )
...
Merged via squash.
Prepared head SHA: 6d2bc02cc1
2026-03-12 14:24:29 -07:00
9cb0fa58c2
fix: restore protocol outputs and stabilize Windows path CI ( #44266 )
...
* fix(ci): restore protocol outputs and stabilize Windows path test
Regenerate the Swift protocol models so protocol:check stops failing on main.
Align the session target test helper with the sync production realpath behavior so Windows does not compare runneradmin and RUNNER~1 spellings for the same file.
Regeneration-Prompt: |
Investigate the failing checks from merged PR #34485 and confirm whether they still affect current main before changing code. Keep the fix tight: do not alter runtime behavior beyond what is required to clear the reproduced CI regressions. Commit the generated Swift protocol outputs for the PushTestResult transport field because protocol:check was failing from stale generated files on main. Also fix the Windows-only session target test by making its helper use the same synchronous realpath behavior as production discovery, so path spelling differences like runneradmin versus RUNNER~1 do not cause a false assertion failure.
* fix(ci): align session target realpath behavior on Windows
Use native realpath for sync session target discovery so it matches the async path on Windows, and update the session target test helper to assert against the same canonical path form.
Regeneration-Prompt: |
After opening the follow-up PR for the CI regressions from merged PR #34485 , inspect the new failing Windows shard instead of assuming the first fix covered every case. Keep scope limited to the session target path mismatch exposed by CI. Fix the inconsistency at the source by making sync session target discovery use the same native realpath canonicalization as the async discovery path on Windows, then update the test helper to match that shared behavior and verify the touched file with targeted tests and file-scoped lint/format checks.
* test: make merge config fixtures satisfy provider type
After rebasing the PR onto current origin/main, the merge helper test fixtures no longer satisfied ProviderConfig because the anthropic provider examples were missing required provider and model fields. Add a shared fully-typed model fixture and explicit anthropic baseUrl values so the test keeps full type coverage under tsgo.
Regeneration-Prompt: |
Rebase the PR branch for #44266 onto the current origin/main because the failing CI error only reproduced on the merge ref. Re-run the type-check path and inspect src/agents/models-config.merge.test.ts at the exact compiler lines instead of weakening types globally. Keep the fix test-only: make the anthropic ProviderConfig fixtures structurally valid by supplying the required baseUrl and full model definition fields, and keep the shared fixture typed so tsgo accepts it without unknown casts.
* fix: align Windows session store test expectations
2026-03-12 10:55:29 -07:00
7c889e7113
Refactor: trim duplicate gateway/onboarding helpers and dead utils ( #43871 )
...
* Gateway: share input provenance schema
* Onboarding: dedupe top-level channel patching
* Utils: remove unused path helpers
* Protocol: refresh generated gateway models
2026-03-12 05:04:31 -04:00
cee8717020
fix(macos): add NSRemindersUsageDescription for apple-reminders skill
...
Fixes #5090
Without this plist key, macOS silently denies Reminders access when
running through OpenClaw.app, preventing the apple-reminders skill
from requesting permission.
(cherry picked from commit e5774471c8
2026-03-12 17:01:38 +11:00
1dcef7b644
Infra: block GIT_EXEC_PATH in host env sanitizer ( #43685 )
...
* Infra: block GIT_EXEC_PATH in host env sanitizer
* Changelog: note host env hardening
2026-03-12 01:16:03 -04:00
29dc65403f
build: prepare 2026.3.11 release
2026-03-12 05:01:07 +00:00
b125c3ba06
build: bump openclaw to 2026.3.11-beta.1
2026-03-12 04:08:19 +00:00
ce5dd742f8
build: sync versions to 2026.3.11
2026-03-12 04:01:57 +00:00
0e397e62b7
chore: bump version to 2026.3.10
2026-03-11 23:29:53 +00:00
144c1b802b
macOS/onboarding: prompt for remote gateway auth tokens ( #43100 )
...
Merged via squash.
Prepared head SHA: 00e2ad847b
2026-03-11 13:53:19 +02:00
f063e57d4b
fix(macos): use foundationValue when serializing browser proxy POST body ( #43069 )
...
Merged via squash.
Prepared head SHA: 04c33fa061
2026-03-11 19:14:01 +08:00
061b8258bc
macOS: add chat model selector and persist thinking ( #42314 )
...
* feat(macos): add chat model selector and thinking persistence UX
* Chat UI: carry session model providers
* Docs: add macOS model selector changelog
* macOS: persist extended thinking levels
* Chat UI: keep model picker state in sync
* Chat UI tests: cover model selection races
---------
Co-authored-by: Ubuntu <ubuntu@vps-90352893.vps.ovh.ca>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-11 00:43:04 -04:00
0125ce1f44
Gateway: fail closed unresolved local auth SecretRefs ( #42672 )
...
* Gateway: fail closed unresolved local auth SecretRefs
* Docs: align node-host gateway auth precedence
* CI: resolve rebase breakages in checks lanes
* Tests: isolate LOCAL_REMOTE_FALLBACK_TOKEN env state
* Gateway: remove stale remote.enabled auth-surface semantics
* Changelog: note gateway SecretRef fail-closed fix
2026-03-10 21:41:56 -05:00
56f787e3c0
build(protocol): regenerate Swift models after pending node work schemas ( #41477 )
...
Merged via squash.
Prepared head SHA: cae0aaf1c2
2026-03-09 23:22:09 +01:00
f9706fde6a
build: bump unreleased version to 2026.3.9
2026-03-09 08:33:58 +00:00
8befd88119
build(protocol): sync generated swift models
2026-03-09 03:49:50 +00:00
e806c479f5
Gateway/iOS: replay queued foreground actions safely after resume ( #40281 )
...
Merged via squash.
- Local validation: `pnpm exec vitest run --config vitest.gateway.config.ts src/gateway/server-methods/nodes.invoke-wake.test.ts`
- Local validation: `pnpm build`
- mb-server validation: `pnpm exec vitest run --config vitest.gateway.config.ts src/gateway/server-methods/nodes.invoke-wake.test.ts`
- mb-server validation: `pnpm build`
- mb-server validation: `pnpm protocol:check`
2026-03-08 22:46:54 +01:00
a6131438ea
fix(macos): improve tailscale gateway discovery ( #40167 )
...
Sanitized test tailnet hostnames and re-ran the targeted macOS gateway discovery test suite before merge.
2026-03-08 21:49:42 +02:00
3d3e8fe78c
fix(macos): preserve unsupported remote gateway tokens
2026-03-08 21:28:17 +02:00
37e0b01684
macos: add mode-toggle remote token sync coverage
2026-03-08 21:28:17 +02:00
bd0e6a6efd
macos: clarify remote token placeholder text
2026-03-08 21:28:17 +02:00
6b338dd283
macos: add remote gateway token field for remote mode
2026-03-08 21:28:17 +02:00
16a5f0b006
refactor: split talk gateway config loaders
2026-03-08 16:22:48 +00:00
8d3d742c6a
refactor: require canonical talk resolved payload
2026-03-08 16:22:48 +00:00
b4c8950417
refactor: centralize talk silence timeout defaults
2026-03-08 14:58:29 +00:00
4f482d2a2b
refactor: share Apple talk config parsing
2026-03-08 14:58:29 +00:00
eba9dcc67a
Refactor release hardening follow-ups ( #39959 )
...
* build: fail fast on stale host-env swift policy
* build: sync generated host env swift policy
* build: guard bundled extension root dependency gaps
* refactor: centralize provider capability quirks
* test: table-drive provider regression coverage
* fix: block merge when prep branch has unpushed commits
* refactor: simplify models config merge preservation
2026-03-08 14:49:58 +00:00
6ff7e8f42e
talk: add configurable silence timeout
2026-03-08 14:30:25 +00:00
d5b305b250
fix: follow up #39321 and #38445 landings
2026-03-08 13:58:13 +00:00
d2347ed825
macOS: set speech recognition taskHint for Talk Mode mic capture
...
Add taskHint = .dictation to Talk Mode's SFSpeechAudioBufferRecognitionRequest,
matching what Voice Wake already sets. Without this hint the recognizer may not
properly initialize audio capture, causing Talk Mode to appear unresponsive.
Co-Authored-By: dmiv <dmiv@users.noreply.github.com>
2026-03-08 13:52:08 +00:00
58ae5582f4
macOS: fix VoiceWakeOverlayController exclusivity violation #39275
2026-03-08 13:47:27 +00:00
53fb317e7f
fix(macos): clean swiftformat pass and sendable warning
2026-03-08 13:22:46 +00:00
d15b6af77b
fix: land contributor PR #39516 from @Imhermes1
...
macOS app/chat/browser/cron/permissions fixes.
Co-authored-by: ImHermes1 <lukeforn@gmail.com>
2026-03-08 06:11:20 +00:00
05217845a7
build: bump version to 2026.3.8
2026-03-08 05:59:04 +00:00
25252ab5ab
gateway: harden shared auth resolution across systemd, discord, and node host
2026-03-07 18:28:32 -06:00
e27bbe4982
fix(exec): block dangerous override-only env pivots
2026-03-07 19:18:05 +00:00
10d0e3f3ca
fix(dashboard): keep gateway tokens out of URL storage
2026-03-07 18:33:30 +00:00
997a9f5b9e
chore: bump version to 2026.3.7
2026-03-07 10:09:02 +00:00
ee6f7b1bf0
fix(ci): restore protocol and schema checks ( #37470 )
2026-03-06 11:46:17 +03:00
4aa548cf7d
macOS: add tailscale serve discovery fallback for remote gateways ( #32860 )
...
* feat(macos): add tailscale serve gateway discovery fallback
* fix: add changelog note for tailscale serve discovery fallback (#32860 ) (thanks @ngutman)
2026-03-03 13:25:36 +02:00
46b62c53f0
fix(ci): restore scope-test require import and sync host policy
2026-03-03 03:18:45 +00:00
80efcb75c7
style(swift): apply lint and format cleanup
2026-03-03 03:07:55 +00:00
ba50dfaae3
refactor(macos): simplify pairing alert and host helper paths
2026-03-03 03:07:54 +00:00
04a8f97c57
fix(swift): align async helper callsites across iOS and macOS
2026-03-03 03:07:54 +00:00
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
f1cd3ea531
fix(app:macos): 【 OpenClaw ⇄ clawdbot 】- Peekaboo Bridge discovery after the OpenClaw rename ( #6033 )
...
* fix(mac): keep OpenClaw bridge socket and harden legacy symlink
* fix(mac): add clawdis legacy Peekaboo bridge symlink
* macos: include moltbot in PeekabooBridge legacy socket paths
* changelog: note peekaboo legacy socket compatibility paths
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-02 07:00:30 -08:00
87316e07d8
refactor(macos): share pairing and ui dedupe utilities
2026-03-02 12:13:45 +00:00
cf67e374c0
refactor(macos): dedupe UI, pairing, and runtime helpers
2026-03-02 11:32:20 +00:00
Josh Lehman
Peter Steinberger
Rodrigo Uroz
Vincent Koc
Dinakar Sarbada
Nimrod Gutman
Luke
Josh Avant
Mariano
Charles Dusek
Peter Steinberger
dano does design
Dmitri
Felix Hellström
Altay
Felix Lu