c0e0115b31
CI: add CLI startup memory regression check
2026-03-15 17:42:48 -07:00
c156f7c7e3
fix: reduce plugin and discord warning noise
2026-03-16 00:24:44 +00:00
a058bf918d
feat(plugins): test bundle MCP end to end
2026-03-15 16:51:13 -07:00
14137bef22
Plugins: clean stale bundled skill outputs
2026-03-15 21:48:09 +00:00
50a6902a9a
Plugins: skip nested node_modules in bundled skills
2026-03-15 21:43:13 +00:00
1839bc0b1a
Plugins: relocate bundled skill assets
2026-03-15 21:42:02 +00:00
50c8934231
fix(dev): align gateway watch with tsdown wrapper ( #47636 )
2026-03-15 23:28:57 +02:00
5a7aba94a2
CLI: support package-manager installs from GitHub main ( #47630 )
...
* CLI: resolve package-manager main install specs
* CLI: skip registry resolution for raw package specs
* CLI: support main package target updates
* CLI: document package update specs in help
* Tests: cover package install spec resolution
* Tests: cover npm main-package updates
* Tests: cover update --tag main
* Installer: support main package targets
* Installer: support main package targets on Windows
* Docs: document package-manager main updates
* Docs: document installer main targets
* Docs: document npm and pnpm main installs
* Docs: document update --tag main
* Changelog: note package-manager main installs
* Update src/infra/update-global.test.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-15 14:18:12 -07:00
47fd8558cd
fix(plugins): fix bundled plugin roots and skill assets ( #47601 )
...
* fix(acpx): resolve bundled plugin root correctly
* fix(plugins): copy bundled plugin skill assets
* fix(plugins): tolerate missing bundled skill paths
2026-03-15 23:00:30 +02:00
4fb0160309
Gateway: sync runtime post-build artifacts
2026-03-15 20:44:15 +00:00
07f890fa45
fix(release): block oversized npm packs that regress low-memory startup ( #46850 )
...
* fix(release): guard npm pack size regressions
* fix(release): fail closed when npm omits pack size
2026-03-15 21:31:30 +01:00
594920f8cc
Scripts: rebuild on extension and tsdown config changes ( #47571 )
...
Merged via squash.
Prepared head SHA: edd8ed8254
2026-03-15 16:19:27 -04:00
a2080421a1
Docs: move release runbook to maintainer repo ( #47532 )
...
* Docs: redact private release setup
* Docs: tighten release order
* Docs: move release runbook to maintainer repo
* Docs: delete public mac release page
* Docs: remove zh-CN mac release page
* Docs: turn release checklist into release policy
* Docs: point release policy to private docs
* Docs: regenerate zh-CN release policy pages
* Docs: preserve Doctor in zh-CN hubs
* Docs: fix zh-CN polls label
* Docs: tighten docs i18n term guardrails
* Docs: enforce zh-CN glossary coverage
2026-03-15 20:42:39 +01:00
e2dac5d5cb
fix(plugins): load bundled extensions from dist ( #47560 )
2026-03-15 21:16:27 +02:00
53462b990d
chore(gateway): ignore `.test.ts` changes in `gateway:watch` ( #36211 )
2026-03-15 11:14:28 -04:00
e3b7ff2f1f
Docs: fix MDX markers blocking page refreshes ( #46695 )
...
Merged via squash.
Prepared head SHA: 56b25a9fb3
2026-03-15 02:58:59 +01:00
4c6a7f84a4
docs: remove dead security README nav entry ( #46675 )
...
Merged via squash.
Prepared head SHA: 63331a54b8
2026-03-15 01:40:00 +01:00
8a607d7553
fix(feishu): fetch thread context so AI can see bot replies in topic threads ( #45254 )
...
* fix(feishu): fetch thread context so AI can see bot replies in topic threads
When a user replies in a Feishu topic thread, the AI previously could only
see the quoted parent message but not the bot's own prior replies in the
thread. This made multi-turn conversations in threads feel broken.
- Add `threadId` (omt_xxx) to `FeishuMessageInfo` and `getMessageFeishu`
- Add `listFeishuThreadMessages()` using `container_id_type=thread` API
to fetch all messages in a thread including bot replies
- In `handleFeishuMessage`, fetch ThreadStarterBody and ThreadHistoryBody
for topic session modes and pass them to the AI context
- Reuse quoted message result when rootId === parentId to avoid redundant
API calls; exclude root message from thread history to prevent duplication
- Fall back to inbound ctx.threadId when rootId is absent or API fails
- Fetch newest messages first (ByCreateTimeDesc + reverse) so long threads
keep the most recent turns instead of the oldest
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(feishu): skip redundant thread context injection on subsequent turns
Only inject ThreadHistoryBody on the first turn of a thread session.
On subsequent turns the session already contains prior context, so
re-injecting thread history (and starter) would waste tokens.
The heuristic checks whether the current user has already sent a
non-root message in the thread — if so, the session has prior turns
and thread context injection is skipped entirely.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(feishu): handle thread_id-only events in prior-turn detection
When ctx.rootId is undefined (thread_id-only events), the starter
message exclusion check `msg.messageId !== ctx.rootId` was always
true, causing the first follow-up to be misclassified as a prior
turn. Fall back to the first message in the chronologically-sorted
thread history as the starter.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(feishu): bootstrap topic thread context via session state
* test(memory): pin remote embedding hostnames in offline suites
* fix(feishu): use plugin-safe session runtime for thread bootstrap
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-14 18:01:59 -05:00
cbec476b6b
Docs: add config drift baseline statefile ( #45891 )
...
* Docs: add config drift statefile generator
* Docs: generate config drift baseline
* CI: move config docs drift runner into workflow sanity
* Docs: emit config drift baseline json
* Docs: commit config drift baseline json
* Docs: wire config baseline into release checks
* Config: fix baseline drift walker coverage
* Docs: regenerate config drift baselines
2026-03-14 14:23:30 -07:00
e81442ac80
Fix full local gate on main
2026-03-14 15:52:11 -05:00
d33f3f843a
ci: allow fallback npm correction tags ( #46486 )
2026-03-14 19:38:14 +01:00
ac29edf6c3
fix(ci): update vitest configs after channel move to extensions/ (openclaw#46066)
...
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-14 13:23:25 -05:00
c08317203d
ci: enforce calver freshness on npm publish
2026-03-14 13:45:40 +01:00
00891dee90
ci: switch npm release workflow to trusted publishing
2026-03-14 13:45:40 +01:00
02a86da23a
ci: preserve manual npm release approval delays
2026-03-14 13:45:40 +01:00
2eea93982f
ci: make npm release preview more verbose
2026-03-14 13:45:40 +01:00
78d2bfc4d8
ci: add dry-run gate to npm release workflow
2026-03-14 13:45:40 +01:00
439c21e078
refactor: remove channel shim directories, point all imports to extensions ( #45967 )
...
* refactor: remove channel shim directories, point all imports to extensions
Delete the 6 backward-compat shim directories (src/telegram, src/discord,
src/slack, src/signal, src/imessage, src/web) that were re-exporting from
extensions. Update all 112+ source files to import directly from
extensions/{channel}/src/ instead of through the shims.
Also:
- Move src/channels/telegram/ (allow-from, api) to extensions/telegram/src/
- Fix outbound adapters to use resolveOutboundSendDep (fixes 5 pre-existing TS errors)
- Update cross-extension imports (src/web/media.js → extensions/whatsapp/src/media.js)
- Update vitest, tsdown, knip, labeler, and script configs for new paths
- Update guard test allowlists for extension paths
After this, src/ has zero channel-specific implementation code — only the
generic plugin framework remains.
* fix: update raw-fetch guard allowlist line numbers after shim removal
* refactor: document direct extension channel imports
* test: mock transcript module in delivery helpers
2026-03-14 03:43:07 -07:00
16505718e8
refactor: move WhatsApp channel implementation to extensions/ ( #45725 )
...
* refactor: move WhatsApp channel from src/web/ to extensions/whatsapp/
Move all WhatsApp implementation code (77 source/test files + 9 channel
plugin files) from src/web/ and src/channels/plugins/*/whatsapp* to
extensions/whatsapp/src/.
- Leave thin re-export shims at all original locations so cross-cutting
imports continue to resolve
- Update plugin-sdk/whatsapp.ts to only re-export generic framework
utilities; channel-specific functions imported locally by the extension
- Update vi.mock paths in 15 cross-cutting test files
- Rename outbound.ts -> send.ts to match extension naming conventions
and avoid false positive in cfg-threading guard test
- Widen tsconfig.plugin-sdk.dts.json rootDir to support shim->extension
cross-directory references
Part of the core-channels-to-extensions migration (PR 6/10).
* style: format WhatsApp extension files
* fix: correct stale import paths in WhatsApp extension tests
Fix vi.importActual, test mock, and hardcoded source paths that weren't
updated during the file move:
- media.test.ts: vi.importActual path
- onboarding.test.ts: vi.importActual path
- test-helpers.ts: test/mocks/baileys.js path
- monitor-inbox.test-harness.ts: incomplete media/store mock
- login.test.ts: hardcoded source file path
- message-action-runner.media.test.ts: vi.mock/importActual path
2026-03-14 02:44:55 -07:00
6e251dcf68
test: harden parallels beta smoke flows
2026-03-14 05:54:49 +00:00
7e41ba4cbb
test: harden parallels all-os smoke harness
2026-03-14 04:46:47 +00:00
d925b0113f
test: add parallels linux smoke harness
2026-03-14 01:56:24 +00:00
4dbab064f0
test: add parallels windows smoke harness
2026-03-14 00:33:39 +00:00
bff340c1ca
test: preserve wrapper behavior for targeted runs FIX OOM issues( #45518 )
...
* test: preserve wrapper behavior for targeted runs
* test: tighten targeted wrapper routing
2026-03-13 18:36:38 -05:00
63802c1112
docker: add apt-get upgrade to all Dockerfiles ( #45384 )
...
* docker: add apt-get upgrade to patch base-image vulnerabilities
Closes #45159
* docker: add DEBIAN_FRONTEND and --no-install-recommends to apt-get upgrade
Prevents debconf hangs during Docker builds and avoids pulling in
recommended packages that silently grow the image.
Co-Authored-By: Claude <noreply@anthropic.com>
* Revert "docker: add DEBIAN_FRONTEND and --no-install-recommends to apt-get upgrade"
This reverts commit 6fc3839cb5
2026-03-13 16:23:02 -07:00
e7863d7fdd
test: add parallels macos smoke harness
2026-03-13 21:44:29 +00:00
c659f6c959
fix: improve onboarding install diagnostics
2026-03-13 21:44:29 +00:00
75c7c169e1
test: re-enable Node 24 vmForks fast lane
2026-03-13 20:38:24 +00:00
d17490ff54
ci: speed up scoped workflow lanes
2026-03-13 19:53:40 +00:00
16ececf0a6
chore: bump version to 2026.3.13
2026-03-13 04:38:32 +00:00
08da1b47ba
fix: use build-stage image for docker live tests
2026-03-13 02:59:36 +00:00
c25e46a433
chore: prepare 2026.3.12 release
2026-03-13 01:38:20 +00:00
52e2a7747a
Revert "feat: add --no-test flag to prepare-gates"
...
This reverts commit ee6bdb3bab
2026-03-12 16:37:50 -07:00
ee6bdb3bab
feat: add --no-test flag to prepare-gates
...
Allows skipping the full test suite during prepare phase.
Testing is deferred to the dedicated Test phase in the pipeline.
2026-03-12 16:22:37 -07:00
86a3149b2e
fix: harden windows npm runtime path
2026-03-12 23:03:19 +00:00
115f24819e
fix: make node-llama-cpp optional for npm installs
2026-03-12 16:45:59 +00:00
b77b7485e0
feat(push): add iOS APNs relay gateway ( #43369 )
...
* feat(push): add ios apns relay gateway
* fix(shared): avoid oslog string concatenation
# Conflicts:
# apps/shared/OpenClawKit/Sources/OpenClawKit/GatewayChannel.swift
* fix(push): harden relay validation and invalidation
* fix(push): persist app attest state before relay registration
* fix(push): harden relay invalidation and url handling
* feat(push): use scoped relay send grants
* feat(push): configure ios relay through gateway config
* feat(push): bind relay registration to gateway identity
* fix(push): tighten ios relay trust flow
* fix(push): bound APNs registration fields (#43369 ) (thanks @ngutman)
2026-03-12 18:15:35 +02:00
3fa91cd69d
feat: add sessions_yield tool for cooperative turn-ending ( #36537 )
...
Merged via squash.
Prepared head SHA: 75d9204c86
2026-03-12 08:46:47 -07:00
b0f717aa02
build: align Node 22 guidance with 22.16 minimum
2026-03-12 20:07:44 +05:30
0a8d2b6200
build: raise Node 22 compatibility floor to 22.16
2026-03-12 20:07:44 +05:30
deada7edd3
build: default to Node 24 and keep Node 22 compat
2026-03-12 20:07:44 +05:30
8e0e4f736a
docs: add Kubernetes install guide, setup script, and manifests ( #34492 )
...
* add docs and manifests for k8s install
Signed-off-by: sallyom <somalley@redhat.com>
* changelog
Signed-off-by: sallyom <somalley@redhat.com>
---------
Signed-off-by: sallyom <somalley@redhat.com>
2026-03-12 07:28:21 -04:00
ce5dd742f8
build: sync versions to 2026.3.11
2026-03-12 04:01:57 +00:00
0e397e62b7
chore: bump version to 2026.3.10
2026-03-11 23:29:53 +00:00
2d91284fdb
feat(ios): add local beta release flow ( #42991 )
...
Merged via squash.
Prepared head SHA: 82b38fe93b
2026-03-11 12:32:28 +02:00
0aa79fc4d3
fix(build): restore full gate
2026-03-11 02:52:55 +00:00
8ba1b6eff1
ci: add npm release workflow and CalVer checks ( #42414 ) (thanks @onutc)
2026-03-10 20:09:25 +01:00
8d2d6db9ad
test: fix Node 24+ test runner and subagent registry mocks
2026-03-09 06:45:13 +00:00
6d5e142b93
Docker: improve build cache reuse ( #40351 )
...
* Docker: improve build cache reuse
* Tests: cover Docker build cache layout
* Docker: fix sandbox cache mount continuations
* Docker: document qr-import manifest scope
* Docker: narrow e2e install inputs
* CI: cache Docker builds in workflows
* CI: route sandbox smoke through setup script
* CI: keep sandbox smoke on script path
2026-03-08 17:57:46 -07:00
3f3f66a5f7
Docker: trim runtime image payload ( #40307 )
...
* Docker: shrink runtime image payload
* Docker: add runtime pnpm opt-in
* Docker: collapse helper entrypoint chmod layers
* Docker: restore bundled pnpm runtime
* Update CHANGELOG.md
2026-03-08 16:07:04 -07:00
bd1fe4d8b4
fix(run-openclaw-podman): add SELinux :Z mount option on enforcing/permissive hosts ( #39449 )
...
* fix(run-openclaw-podman): add SELinux :Z mount option on Linux with enforcing/permissive SELinux
* fix(quadlet): add SELinux :Z label to openclaw.container.in volume mount
* fix(podman): add SELinux :Z mount option for Fedora/RHEL hosts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: sallyom <somalley@redhat.com>
---------
Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: sallyom <somalley@redhat.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 18:53:09 -04:00
3ada30e670
fix: restore gate after rebase
2026-03-08 18:40:15 +00:00
d307a7ca1a
refactor: extract bundled extension manifest parser
2026-03-08 18:26:36 +00:00
f493b03202
refactor: validate bundled extension release metadata
2026-03-08 18:26:36 +00:00
64d4d9aabb
refactor: move bundled extension gap allowlists into manifests
2026-03-08 18:26:35 +00:00
6c9b49a10b
fix(sessions): clear stale contextTokens on model switch ( #38044 )
...
Merged via squash.
Prepared head SHA: bac2df4b7f
2026-03-08 10:59:16 -07:00
caf1b84822
feat: allow compaction model override via config ( #38753 )
...
Merged via squash.
Prepared head SHA: a3d6d6c845
2026-03-08 10:47:34 -07:00
1ec1f0f1f2
refactor: scope prep push results to env artifacts
2026-03-08 16:22:52 +00:00
fa00b1d0ca
refactor: dedupe prep branch push flow
2026-03-08 16:22:52 +00:00
032778fb2e
refactor: avoid checkout during prep head verification
2026-03-08 16:22:52 +00:00
ca5e352c53
CLI: include commit hash in --version output ( #39712 )
...
* CLI: include commit hash in --version output
* fix(version): harden commit SHA resolution and keep output consistent
* CLI: keep install checks compatible with commit-tagged version output
* fix(cli): include commit hash in root version fast path
* test(cli): allow null commit-hash mocks
* Installer: share version parser across install scripts
* Installer: avoid sourcing helpers from stdin cwd
* CLI: note commit-tagged version output
* CLI: anchor commit hash resolution to module root
* CLI: harden commit hash resolution
* CLI: fix commit hash lookup edge cases
* CLI: prefer live git metadata in dev builds
* CLI: keep git lookup inside package root
* Infra: tolerate invalid moduleUrl hints
* CLI: cache baked commit metadata fallbacks
* CLI: align changelog attribution with prep gate
* CLI: restore changelog contributor credit
---------
Co-authored-by: echoVic <echovic@163.com>
Co-authored-by: echoVic <echoVic@users.noreply.github.com>
2026-03-08 19:10:48 +03:00
eba9dcc67a
Refactor release hardening follow-ups ( #39959 )
...
* build: fail fast on stale host-env swift policy
* build: sync generated host env swift policy
* build: guard bundled extension root dependency gaps
* refactor: centralize provider capability quirks
* test: table-drive provider regression coverage
* fix: block merge when prep branch has unpushed commits
* refactor: simplify models config merge preservation
2026-03-08 14:49:58 +00:00
64760614aa
macOS: default release app builds to universal binaries
2026-03-08 14:14:36 +00:00
dd8fd98ad4
build: reduce build log noise
2026-03-08 04:12:32 +00:00
21df014d56
fix: stage docker live tests from mounted source
2026-03-08 04:06:26 +00:00
79e3d1f956
fix: retry git lock in committer
2026-03-08 00:28:37 +00:00
9856d8432d
chore(scripts): remove changelog fragment workflow helpers
2026-03-08 00:24:49 +00:00
efdff9c738
fix(scripts): enforce changelog.md and post clickable SHA links
2026-03-08 00:23:45 +00:00
168e4159ad
fix(podman): honor OPENCLAW_GATEWAY_BIND env-file override ( #38785 , thanks @majinyu666)
...
Co-authored-by: majinyu666 <majy14miles@gmail.com>
2026-03-07 21:08:15 +00:00
e27bbe4982
fix(exec): block dangerous override-only env pivots
2026-03-07 19:18:05 +00:00
43ab4f33ad
feat(ios): prepare app store connect release assets
2026-03-07 17:21:07 +02:00
a190220967
Tests: serialize low-memory test runner lanes
2026-03-06 17:45:44 -05:00
60d20f9daf
Install Smoke: allow reusing prebuilt test images
2026-03-06 14:23:00 -05:00
6a9deb21b8
CI: cover skill and extension tests
2026-03-06 11:21:03 -05:00
60849f3335
chore(pr): enforce changelog placement and reduce merge sync churn
2026-03-05 06:37:53 +00:00
5d5fa0dac8
fix(pr): make review claim step required
2026-03-05 04:53:32 +00:00
4cc293d084
fix(review): enforce behavioral sweep validation
2026-03-04 18:49:36 +00:00
7a2f5a0098
Plugin SDK: add full bundled subpath wiring
2026-03-04 02:35:12 -05:00
802b9f6b19
Plugins: add root-alias shim and cache/docs updates
2026-03-04 01:20:48 -05:00
1278ee9248
plugin-sdk: add channel subpaths and migrate bundled plugins
2026-03-03 22:07:03 -05:00
a4850b1b8f
fix(plugins): lazily initialize runtime and split plugin-sdk startup imports ( #28620 )
...
Merged via squash.
Prepared head SHA: 8bd7d6c13b
2026-03-03 19:58:48 -05:00
b02a07655d
fix: harden pr review artifact validation
2026-03-03 21:14:37 +00:00
3b3738e41e
fix(discord): use fetch for voice upload slots
2026-03-03 10:22:28 -06:00
b52c9f2575
fix(ci): handle disabled systemd units in docker doctor flow
2026-03-03 05:52:14 +00:00
f175a5d6d3
fix(ci): avoid shell interpolation in changed-scope git diff
2026-03-03 03:34:46 +00:00
2c6616b830
CI: gate Windows checks by windows-relevant scope ( #32456 )
...
* CI: add windows scope output for changed-scope
* Test: cover windows scope gating in changed-scope
* CI: gate checks-windows by windows scope
* Docs: update CI windows scope and runner label
* CI: move checks-windows to 32 vCPU runner
* Docs: align CI windows runner with workflow
2026-03-02 19:10:58 -08:00
da6e6fb900
test: fix strict runtime mock types in channel tests
2026-03-03 03:06:22 +00:00
7fd4328854
fix(e2e): include shared tool display resource in onboard docker build
2026-03-03 03:02:27 +00:00
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
3a8133d587
fix(scripts/pr): SSH-first prhead remote with GraphQL fallback for fork PRs ( #32126 )
...
Co-authored-by: Shakker <shakkerdroid@gmail.com>
2026-03-03 02:46:01 +00:00
Vincent Koc
Peter Steinberger
Gustavo Madeira Santana
Nimrod Gutman
Ted Li
Onur Solmaz
Harold Hunt
Radek Sienkiewicz
Brian Qu
Tak Hoffman
Onur
scoootscooob
Jacob Tomlinson
Josh Lehman
Jacob Riff
Altay
Sally O'Malley
Nimrod Gutman
langdon
yuweuii
GitBuck
Peter Steinberger
Charles Dusek
Shakker
Igal Tabachnik
Shadow
Josh Avant