f0eb67923c
fix(secrets): resolve web tool SecretRefs atomically at runtime
2026-03-09 22:57:03 -05:00
de49a8b72c
Telegram: exec approvals for OpenCode/Codex ( #37233 )
...
Merged via squash.
Prepared head SHA: f243379094
2026-03-09 23:04:35 -04:00
51bae75120
fix(kimi-coding): fix kimi tool format: use native Anthropic tool schema instead of OpenAI … (openclaw#40008)
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: opriz <51957849+opriz@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-09 08:28:47 -05:00
adec8b28bb
alphabetize web search providers ( #40259 )
...
Merged via squash.
Prepared head SHA: be6350e5ae
2026-03-09 08:54:54 +05:30
4ff4ed7ec9
fix(config): refresh runtime snapshot from disk after write. Fixes #37175 ( #37313 )
...
Merged via squash.
Prepared head SHA: 69e1861abf
2026-03-08 19:49:15 -04:00
d3111fbbcb
fix: make browser relay bind address configurable ( #39364 ) (thanks @mvanhorn)
2026-03-08 19:15:21 +00:00
e883d0b556
fix(browser): add IP validation, fix upgrade handler for non-loopback bind
...
- Zod schema: validate relayBindHost with ipv4/ipv6 instead of bare string
- Upgrade handler: allow non-loopback connections when bindHost is explicitly
non-loopback (e.g. 0.0.0.0 for WSL2), keeping loopback-only default
- Test: verify actual bind address via relay.bindHost instead of just checking
reachability on 127.0.0.1 which passes regardless
- Expose bindHost on ChromeExtensionRelayServer type for inspection
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 19:15:21 +00:00
436ae8a07c
fix(infra): make browser relay bind address configurable
...
Add browser.relayBindHost config option so the Chrome extension relay
server can bind to a non-loopback address (e.g. 0.0.0.0 for WSL2).
Defaults to 127.0.0.1 when unset, preserving current behavior.
Closes #39214
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 19:15:21 +00:00
404b1527e6
fix(acp): persist spawned child session history ( #40137 )
...
Merged via squash.
Prepared head SHA: 62de5d5669
2026-03-08 19:37:00 +01:00
749eb4efea
refactor: thread config runtime env through models config
2026-03-08 18:26:35 +00:00
e5c06dd64a
refactor: use model compat for anthropic tool payload normalization
2026-03-08 18:26:35 +00:00
caf1b84822
feat: allow compaction model override via config ( #38753 )
...
Merged via squash.
Prepared head SHA: a3d6d6c845
2026-03-08 10:47:34 -07:00
b7ad8fd661
fix: fail closed talk provider selection
2026-03-08 16:22:48 +00:00
28e46d04e5
fix(web-search): restore OpenRouter compatibility for Perplexity ( #39937 ) ( #39937 )
2026-03-08 20:37:54 +05:30
d9e8e8ac15
fix: resolve live config paths in status and gateway metadata ( #39952 )
...
* fix: resolve live config paths in status and gateway metadata
* fix: resolve remaining runtime config path references
* test: cover gateway config.set config path response
2026-03-08 09:59:32 -05:00
e8ad80afc7
test: cover invalid talk config inputs
2026-03-08 14:58:29 +00:00
b4c8950417
refactor: centralize talk silence timeout defaults
2026-03-08 14:58:29 +00:00
4e2290b841
refactor: add canonical talk config payload
2026-03-08 14:58:29 +00:00
6ff7e8f42e
talk: add configurable silence timeout
2026-03-08 14:30:25 +00:00
acac7e3132
fix: land Brave llm-context gaps ( #33383 ) (thanks @thirumaleshp)
2026-03-08 13:57:12 +00:00
8a1015f1aa
feat: add Brave Search LLM Context API mode for web_search
...
Add support for Brave's LLM Context API endpoint (/res/v1/llm/context)
as an optional mode for the web_search tool. When configured with
tools.web.search.brave.mode set to llm-context, the tool returns
pre-extracted page content optimized for LLM grounding instead of
standard URL/snippet results.
The llm-context cache key excludes count and ui_lang parameters that
the LLM Context API does not accept, preventing unnecessary cache
misses.
Closes #14992
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 13:57:12 +00:00
e5fdfec9dc
fix(config): accept "openclaw" as browser profile driver in Zod schema ( #39374 )
...
Merged via squash.
Prepared head SHA: 0eba5ab939
2026-03-08 12:04:49 +03:00
59102a1ff7
fix: add gemini 3.1 flash-lite support
2026-03-08 05:12:48 +00:00
d902bae554
fix(discord): validate agentComponents config
2026-03-07 21:08:36 -06:00
2646739d23
refactor: centralize strict numeric parsing
2026-03-08 03:02:25 +00:00
100da9f45c
fix: correct gemini flash model id
2026-03-08 02:32:58 +00:00
9d7d961db8
fix: restore Telegram webhook-mode health after restarts
...
Landed from contributor PR #39313 by @fellanH.
Co-authored-by: Felix Hellström <30758862+fellanH@users.noreply.github.com>
2026-03-08 02:27:18 +00:00
2c7fb54956
Config: fail closed invalid config loads ( #39071 )
...
* Config: fail closed invalid config loads
* CLI: keep diagnostics on explicit best-effort config
* Tests: cover invalid config best-effort diagnostics
* Changelog: note invalid config fail-closed fix
* Status: pass best-effort config through status-all gateway RPCs
* CLI: pass config through gateway secret RPC
* CLI: skip plugin loading from invalid config
* Tests: align daemon token drift env precedence
2026-03-07 17:48:13 -08:00
8cc477b873
refactor(sessions): simplify provider normalizer matching
2026-03-08 01:27:05 +00:00
ad7399b6e6
refactor(sessions): add provider key normalizers
2026-03-08 01:17:06 +00:00
74e3c071b2
refactor(discord): extract session key normalization
2026-03-08 01:15:29 +00:00
cf1c2cc208
fix(discord): normalize DM session keys
2026-03-08 01:06:09 +00:00
f53e10e3fd
fix(config): fail closed on invalid config load ( #9040 , thanks @joetomasone)
...
Land #9040 by @joetomasone. Add fail-closed config loading, compat coverage, and changelog entry for #5052 .
Co-authored-by: Joe Tomasone <joe@tomasone.com>
2026-03-07 22:39:26 +00:00
7649712356
fix(config): degrade gracefully on missing env vars ( #39050 , thanks @akz142857)
...
Co-authored-by: ziy <ziyang.liu@wahool.com>
2026-03-07 21:12:26 +00:00
92f5a2e252
fix(models): refresh gpt/gemini alias defaults ( #38638 , thanks @ademczuk)
...
Co-authored-by: ademczuk <andrew.demczuk@gmail.com>
2026-03-07 21:10:58 +00:00
cf290e31bd
fix(voice-call): align plugin manifest schema with runtime config fields ( #38892 )
...
Co-authored-by: giumex <giuliano.messina@gmail.com>
2026-03-07 19:49:58 +00:00
4c2cb73055
fix(config): sanitize validation log output to prevent control character injection ( #39116 )
...
Co-authored-by: Bill <gsamzn@gmail.com>
2026-03-07 19:41:59 +00:00
143eca8e86
refactor: dedupe runtime snapshot test fixtures
2026-03-07 19:02:01 +00:00
e4d80ed556
CI: restore main detect-secrets scan ( #38438 )
...
* Tests: stabilize detect-secrets fixtures
* Tests: fix rebased detect-secrets false positives
* Docs: keep snippets valid under detect-secrets
* Tests: finalize detect-secrets false-positive fixes
* Tests: reduce detect-secrets false positives
* Tests: keep detect-secrets pragmas inline
* Tests: remediate next detect-secrets batch
* Tests: tighten detect-secrets allowlists
* Tests: stabilize detect-secrets formatter drift
2026-03-07 10:06:35 -08:00
8e20dd22d8
Secrets: harden SecretRef-safe models.json persistence ( #38955 )
2026-03-07 11:28:39 -06:00
4c0b873a4d
Config/Compaction: expose safeguard preserve and quality settings ( #25557 )
...
Merged via squash.
Prepared head SHA: ea9904039a
2026-03-07 07:13:13 -08:00
9e1de97a69
fix(telegram): route native topic commands to the active session ( #38871 )
...
* fix(telegram): resolve session entry for /stop in forum topics
Fixes #38675
- Export normalizeStoreSessionKey from store.ts for reuse
- Use it in resolveSessionEntryForKey so topic session keys (lowercase
in store) are found when handling /stop
- Add test for forum topic session key lookup
* fix(telegram): share native topic routing with inbound messages
* fix: land telegram topic routing follow-up (#38871 )
---------
Co-authored-by: xialonglee <li.xialong@xydigit.com>
2026-03-07 19:01:16 +05:30
3c71e2bd48
refactor(core): extract shared dedup helpers
2026-03-07 10:41:05 +00:00
ba9eaf2ee2
fix(media): retain inbound media with recursive cleanup TTL ( #38292 )
...
* Config: add media retention TTL setting
* Media: recurse persisted media cleanup
* Gateway: add persisted media cleanup timer
* Media: harden retention cleanup sweep
* Media: make recursive retention cleanup opt-in
* Media: retry writes after empty-dir cleanup race
2026-03-06 22:06:09 -05:00
42e3d8d693
Secrets: add inline allowlist review set ( #38314 )
...
* Secrets: add inline allowlist review set
* Secrets: narrow detect-secrets file exclusions
* Secrets: exclude Docker fingerprint false positive
* Secrets: allowlist test and docs false positives
* Secrets: refresh baseline after allowlist updates
* Secrets: fix gateway chat fixture pragma
* Secrets: format pre-commit config
* Android: keep talk mode fixture JSON valid
* Feishu: rely on client timeout injection
* Secrets: allowlist provider auth test fixtures
* Secrets: allowlist onboard search fixtures
* Secrets: allowlist onboard mode fixture
* Secrets: allowlist gateway auth mode fixture
* Secrets: allowlist APNS wake test key
* Secrets: allowlist gateway reload fixtures
* Secrets: allowlist moonshot video fixture
* Secrets: allowlist auto audio fixture
* Secrets: allowlist tiny audio fixture
* Secrets: allowlist embeddings fixtures
* Secrets: allowlist resolve fixtures
* Secrets: allowlist target registry pattern fixtures
* Secrets: allowlist gateway chat env fixture
* Secrets: refresh baseline after fixture allowlists
* Secrets: reapply gateway chat env allowlist
* Secrets: reapply gateway chat env allowlist
* Secrets: stabilize gateway chat env allowlist
* Secrets: allowlist runtime snapshot save fixture
* Secrets: allowlist oauth profile fixtures
* Secrets: allowlist compaction identifier fixture
* Secrets: allowlist model auth fixture
* Secrets: allowlist model status fixtures
* Secrets: allowlist custom onboarding fixture
* Secrets: allowlist mattermost token summary fixtures
* Secrets: allowlist gateway auth suite fixtures
* Secrets: allowlist channel summary fixture
* Secrets: allowlist provider usage auth fixtures
* Secrets: allowlist media proxy fixture
* Secrets: allowlist secrets audit fixtures
* Secrets: refresh baseline after final fixture allowlists
* Feishu: prefer explicit client timeout
* Feishu: test direct timeout precedence
2026-03-06 19:35:26 -05:00
5320ee7731
fix(venice): harden discovery limits and tool support ( #38306 )
...
* Config: add supportsTools compat flag
* Agents: add model tool support helper
* Venice: sync discovery and fallback metadata
* Agents: skip tools for unsupported models
* Changelog: note Venice provider hardening
* Update CHANGELOG.md
* Venice: cap degraded discovery metadata
* Apply suggestion from @greptile-apps[bot]
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Venice: tolerate partial discovery capabilities
* Venice: tolerate missing discovery specs
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-06 19:07:11 -05:00
03b9abab84
feat(compaction): make post-compaction context sections configurable ( #34556 )
...
Merged via squash.
Prepared head SHA: 491bb28544
2026-03-06 14:57:15 -08:00
455430a6f8
Dead code: remove unused helper modules ( #38318 )
...
* Dead code: remove unused provider runtime policy helper
* Dead code: remove unused shared env writer
* Dead code: remove unused auth store path collector
2026-03-06 17:53:02 -05:00
6e962d8b9e
fix(agents): handle overloaded failover separately ( #38301 )
...
* fix(agents): skip auth-profile failure on overload
* fix(agents): note overload auth-profile fallback fix
* fix(agents): classify overloaded failures separately
* fix(agents): back off before overload failover
* fix(agents): tighten overload probe and backoff state
* fix(agents): persist overloaded cooldown across runs
* fix(agents): tighten overloaded status handling
* test(agents): add overload regression coverage
* fix(agents): restore runner imports after rebase
* test(agents): add overload fallback integration coverage
* fix(agents): harden overloaded failover abort handling
* test(agents): tighten overload classifier coverage
* test(agents): cover all-overloaded fallback exhaustion
* fix(cron): retry overloaded fallback summaries
* fix(cron): treat HTTP 529 as overloaded retry
2026-03-07 01:42:11 +03:00
3d7bc5958d
feat(onboarding): add web search to onboarding flow ( #34009 )
...
* add web search to onboarding flow
* remove post onboarding step (now redundant)
* post-onboarding nudge if no web search set up
* address comments
* fix test mocking
* add enabled: false assertion to the no-key test
* --skip-search cli flag
* use provider that a user has a key for
* add assertions, replace the duplicated switch blocks
* test for quickstart fast-path with existing config key
* address comments
* cover quickstart falls through to key test
* bring back key source
* normalize secret inputs instead of direct string trimming
* preserve enabled: false if it's already set
* handle missing API keys in flow
* doc updates
* hasExistingKey to detect both plaintext strings and SecretRef objects
* preserve enabled state only on the "keep current" paths
* add test for preserving
* better gate flows
* guard against invalid provider values in config
* Update src/commands/configure.wizard.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* format fix
* only mentions env var when it's actually available
* search apiKey fields now typed as SecretInput
* if no provider check if any search provider key is detectable
* handle both kimi keys
* remove .filter(Boolean)
* do not disable web_search after user enables it
* update resolveSearchProvider
* fix(onboarding): skip search key prompt in ref mode
* fix: add onboarding web search step (#34009 ) (thanks @kesku)
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Shadow <hi@shadowing.dev>
2026-03-06 13:09:00 -06:00
Josh Avant
Harold Hunt
opriz
Kesku
bbblending
Peter Steinberger
Matt Van Horn
Mariano
GitBuck
Ayaan Zaidi
Tak Hoffman
dano does design
Thirumalesh
gambletan
Shadow
Vincent Koc
Rodrigo Uroz
Efe Büken
Altay