9c79c2c2a7
Plugins: add inbound claim and Telegram interaction seams
2026-03-15 15:11:38 -07:00
14137bef22
Plugins: clean stale bundled skill outputs
2026-03-15 21:48:09 +00:00
50a6902a9a
Plugins: skip nested node_modules in bundled skills
2026-03-15 21:43:13 +00:00
1839bc0b1a
Plugins: relocate bundled skill assets
2026-03-15 21:42:02 +00:00
b810e94a17
Commands: lazy-load non-interactive plugin provider runtime ( #47593 )
...
* Commands: lazy-load non-interactive plugin provider runtime
* Tests: cover non-interactive plugin provider ordering
* Update src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.runtime.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-15 14:37:41 -07:00
50c8934231
fix(dev): align gateway watch with tsdown wrapper ( #47636 )
2026-03-15 23:28:57 +02:00
5a7aba94a2
CLI: support package-manager installs from GitHub main ( #47630 )
...
* CLI: resolve package-manager main install specs
* CLI: skip registry resolution for raw package specs
* CLI: support main package target updates
* CLI: document package update specs in help
* Tests: cover package install spec resolution
* Tests: cover npm main-package updates
* Tests: cover update --tag main
* Installer: support main package targets
* Installer: support main package targets on Windows
* Docs: document package-manager main updates
* Docs: document installer main targets
* Docs: document npm and pnpm main installs
* Docs: document update --tag main
* Changelog: note package-manager main installs
* Update src/infra/update-global.test.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-15 14:18:12 -07:00
47fd8558cd
fix(plugins): fix bundled plugin roots and skill assets ( #47601 )
...
* fix(acpx): resolve bundled plugin root correctly
* fix(plugins): copy bundled plugin skill assets
* fix(plugins): tolerate missing bundled skill paths
2026-03-15 23:00:30 +02:00
7931f06c00
Plugins: harden context engine ownership
2026-03-15 13:51:15 -07:00
4fb0160309
Gateway: sync runtime post-build artifacts
2026-03-15 20:44:15 +00:00
b795ba1d02
Merge branch 'main' of https://github.com/openclaw/openclaw
...
* 'main' of https://github.com/openclaw/openclaw :
Plugins: reserve context engine ownership (#47595 )
fix(release): block oversized npm packs that regress low-memory startup (#46850 )
Scripts: rebuild on extension and tsdown config changes (#47571 )
Docs: move release runbook to maintainer repo (#47532 )
docs(zalo): document current Marketplace bot behavior (openclaw#47552)
2026-03-15 13:42:21 -07:00
85dd0ab2f8
Plugins: reserve context engine ownership ( #47595 )
...
* Plugins: reserve context engine ownership
* Update src/context-engine/registry.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-15 13:33:37 -07:00
594920f8cc
Scripts: rebuild on extension and tsdown config changes ( #47571 )
...
Merged via squash.
Prepared head SHA: edd8ed8254
2026-03-15 16:19:27 -04:00
51631e5797
Plugins: reserve context engine ownership
2026-03-15 12:27:29 -07:00
42837a04bf
fix(models): preserve stream usage compat opt-ins ( #45733 )
...
Preserves explicit `supportsUsageInStreaming` overrides from built-in provider
catalogs and user config instead of unconditionally forcing `false` on non-native
openai-completions endpoints.
Adds `applyNativeStreamingUsageCompat()` to set `supportsUsageInStreaming: true`
on ModelStudio (DashScope) and Moonshot models at config build time so their
native streaming usage works out of the box.
Closes #46142
Co-authored-by: pezy <peizhe.chen@vbot.cn>
2026-03-15 20:21:11 +01:00
e2dac5d5cb
fix(plugins): load bundled extensions from dist ( #47560 )
2026-03-15 21:16:27 +02:00
bbb0c3e5d7
CLI/completion: fix generator OOM and harden plugin registries ( #45537 )
...
* fix: avoid OOM during completion script generation
* CLI/completion: fix PowerShell nested command paths
* CLI/completion: cover generated shell scripts
* Changelog: note completion generator follow-up
* Plugins: reserve shared registry names
---------
Co-authored-by: Xiaoyi <xiaoyi@example.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-15 12:14:30 -07:00
dd2eb29038
Commands: split static onboard auth choice help ( #47545 )
...
* Commands: split static onboard auth choice help
* Tests: cover static onboard auth choice help
* Changelog: note static onboard auth choice help
2026-03-15 12:11:55 -07:00
c9a8b6f82f
chore(fmt): format changes and broken types
2026-03-15 12:03:35 -07:00
438991b6a4
Commands: lazy-load model picker provider runtime ( #47536 )
...
* Commands: lazy-load model picker provider runtime
* Tests: cover model picker runtime boundary
2026-03-15 10:54:46 -07:00
fc2d29ea92
Gateway: tighten forwarded client and pairing guards ( #46800 )
...
* Gateway: tighten forwarded client and pairing guards
* Gateway: make device approval scope checks atomic
* Gateway: preserve device approval baseDir compatibility
2026-03-15 10:50:49 -07:00
756d9b5782
CLI: lazy-load auth choice provider fallback ( #47495 )
...
* CLI: lazy-load auth choice provider fallback
* CLI: cover lazy auth choice provider fallback
2026-03-15 10:29:31 -07:00
d88da9f5f8
fix(config): avoid failing startup on implicit memory slot ( #47494 )
...
* fix(config): avoid failing on implicit memory slot
* fix(config): satisfy build for memory slot guard
* docs(changelog): note implicit memory slot startup fix (#47494 )
2026-03-15 19:28:50 +02:00
f0202264d0
Gateway: scrub credentials from endpoint snapshots ( #46799 )
...
* Gateway: scrub credentials from endpoint snapshots
* Gateway: scrub raw endpoint credentials in snapshots
* Gateway: preserve config redaction round-trips
* Gateway: restore redacted endpoint URLs on apply
2026-03-15 10:28:15 -07:00
13e256ac9d
CLI: trim onboarding provider startup imports ( #47467 )
2026-03-15 09:47:56 -07:00
8e97b752d0
Tools: revalidate workspace-only patch targets ( #46803 )
...
* Tools: revalidate workspace-only patch targets
* Tests: narrow apply-patch delete-path assertion
2026-03-15 09:45:58 -07:00
5e78c8bc95
Webhooks: tighten pre-auth body handling ( #46802 )
...
* Webhooks: tighten pre-auth body handling
* Webhooks: clean up request body guards
2026-03-15 09:45:18 -07:00
7679eb3752
Subagents: restrict follow-up messaging scope ( #46801 )
...
* Subagents: restrict follow-up messaging scope
* Subagents: cover foreign-session follow-up sends
* Update CHANGELOG.md
2026-03-15 09:44:51 -07:00
229426a257
ACP: require admin scope for mutating internal actions ( #46789 )
...
* ACP: require admin scope for mutating internal actions
* ACP: cover operator admin mutating actions
* ACP: gate internal status behind admin scope
2026-03-15 09:28:44 -07:00
a47722de7e
Integrations: tighten inbound callback and allowlist checks ( #46787 )
...
* Integrations: harden inbound callback and allowlist handling
* Integrations: address review follow-ups
* Update CHANGELOG.md
* Mattermost: avoid command-gating open button callbacks
2026-03-15 09:24:24 -07:00
67b2d1b8e8
CLI: reduce channels add startup memory ( #46784 )
...
* CLI: lazy-load channel subcommand handlers
* Channels: defer add command dependencies
* CLI: skip status JSON plugin preload
* CLI: cover status JSON route preload
* Status: trim JSON security audit path
* Status: update JSON fast-path tests
* CLI: cover root help fast path
* CLI: fast-path root help
* Status: keep JSON security parity
* Status: restore JSON security tests
* CLI: document status plugin preload
* Channels: reuse Telegram account import
2026-03-15 09:10:40 -07:00
8d44b16b7c
Plugins: preserve scoped ids and reserve bundled duplicates ( #47413 )
...
* Plugins: preserve scoped ids and reserve bundled duplicates
* Changelog: add plugin scoped id note
* Plugins: harden scoped install ids
* Plugins: reserve scoped install dirs
* Plugins: migrate legacy scoped update ids
2026-03-15 09:07:10 -07:00
0c7ae04262
style: format imported model helpers
2026-03-15 09:05:45 -07:00
7c0a849ed7
fix: harden device token rotation denial paths
2026-03-15 09:05:45 -07:00
a60fd3feed
Nodes tests: prove pull-time policy revalidation
2026-03-15 09:05:22 -07:00
f5cd7c390d
added a fix for memory leak on 2gb ram ( #46522 )
2026-03-15 09:01:31 -07:00
87c4ae36b4
refactor: drop deprecated whatsapp mention pattern sdk helper
2026-03-15 08:50:31 -07:00
ec2c6d83b9
Nodes: recheck queued actions before delivery ( #46815 )
...
* Nodes: recheck queued actions before delivery
* Nodes tests: cover pull-time policy recheck
* Nodes tests: type node policy mocks explicitly
2026-03-15 08:47:17 -07:00
ff61343d76
fix: harden mention pattern regex compilation
2026-03-15 08:44:12 -07:00
e4c61723cd
ACP: fail closed on conflicting tool identity hints ( #46817 )
...
* ACP: fail closed on conflicting tool identity hints
* ACP: restore rawInput fallback for safe tool resolution
* ACP tests: cover rawInput-only safe tool approval
2026-03-15 08:39:49 -07:00
89e3969d64
feat(feishu): add ACP and subagent session binding ( #46819 )
...
* feat(feishu): add ACP session support
* fix(feishu): preserve sender-scoped ACP rebinding
* fix(feishu): recover sender scope from bound ACP sessions
* fix(feishu): support DM ACP binding placement
* feat(feishu): add current-conversation session binding
* fix(feishu): avoid DM parent binding fallback
* fix(feishu): require canonical topic sender ids
* fix(feishu): honor sender-scoped ACP bindings
* fix(feishu): allow user-id ACP DM bindings
* fix(feishu): recover user-id ACP DM bindings
2026-03-15 10:33:49 -05:00
a472f988d8
fix: harden remote cdp probes
2026-03-15 08:23:01 -07:00
53462b990d
chore(gateway): ignore `.test.ts` changes in `gateway:watch` ( #36211 )
2026-03-15 11:14:28 -04:00
26e0a3ee9a
fix(gateway): skip Control UI pairing when auth.mode=none ( closes #42931 ) ( #47148 )
...
When auth is completely disabled (mode=none), requiring device pairing
for Control UI operator sessions adds friction without security value
since any client can already connect without credentials.
Add authMode parameter to shouldSkipControlUiPairing so the bypass
fires only for Control UI + operator role + auth.mode=none. This avoids
the #43478 regression where a top-level OR disabled pairing for ALL
websocket clients.
2026-03-15 13:03:39 +01:00
5c5c64b612
Deduplicate repeated tool call IDs for OpenAI-compatible APIs ( #40996 )
...
Merged via squash.
Prepared head SHA: 38d8048359
2026-03-15 19:46:07 +08:00
d7ac16788e
fix(android): support android node `calllog.search` ( #44073 )
...
* fix(android): support android node `calllog.search`
* fix(android): support android node calllog.search
* fix(android): wire callLog through shared surfaces
* fix: land Android callLog support (#44073 ) (thanks @lxk7280)
---------
Co-authored-by: lixuankai <lixuankai@oppo.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-03-15 14:54:32 +05:30
4bb8a65edd
fix: forward forceDocument through sendPayload path (follow-up to #45111 ) ( #47119 )
...
Merged via squash.
Prepared head SHA: d791190f83
2026-03-15 17:23:53 +08:00
9616d1e8ba
fix: Disable strict mode tools for non-native openai-completions compatible APIs ( #45497 )
...
Merged via squash.
Prepared head SHA: 20fe05fe74
2026-03-15 16:36:52 +08:00
6a458ef29e
fix: harden compaction timeout follow-ups
2026-03-15 12:13:23 +05:30
f77a684131
feat: make compaction timeout configurable via agents.defaults.compaction.timeoutSeconds ( #46889 )
...
* feat: make compaction timeout configurable via agents.defaults.compaction.timeoutSeconds
The hardcoded 5-minute (300s) compaction timeout causes large sessions
to enter a death spiral where compaction repeatedly fails and the
session grows indefinitely. This adds agents.defaults.compaction.timeoutSeconds
to allow operators to override the compaction safety timeout.
Default raised to 900s (15min) which is sufficient for sessions up to
~400k tokens. The resolved timeout is also used for the session write
lock duration so locks don't expire before compaction completes.
Fixes #38233
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test: add resolveCompactionTimeoutMs tests
Cover config resolution edge cases: undefined config, missing
compaction section, valid seconds, fractional values, zero,
negative, NaN, and Infinity.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: add timeoutSeconds to compaction Zod schema
The compaction object schema uses .strict(), so setting the new
timeoutSeconds config option would fail validation at startup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: enforce integer constraint on compaction timeoutSeconds schema
Prevents sub-second values like 0.5 which would floor to 0ms and
cause immediate compaction timeout. Matches pattern of other
integer timeout fields in the schema.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: clamp compaction timeout to Node timer-safe maximum
Values above ~2.1B ms overflow Node's setTimeout to 1ms, causing
immediate timeout. Clamp to MAX_SAFE_TIMEOUT_MS matching the
pattern in agents/timeout.ts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: add FIELD_LABELS entry for compaction timeoutSeconds
Maintains label/help parity invariant enforced by
schema.help.quality.test.ts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: align compaction timeouts with abort handling
* fix: land compaction timeout handling (#46889 ) (thanks @asyncjason)
---------
Co-authored-by: Jason Separovic <jason@wilma.dog>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-03-15 12:04:48 +05:30
huntharo
Gustavo Madeira Santana
Vincent Koc
Nimrod Gutman
peizhe.chen
xiaoyi
Peter Steinberger
Aditya Chaudhary
Tak Hoffman
Andrew Demczuk
助爪
Ace Lee
Frank Yang
Sahan
Ayaan Zaidi
Jason