de3e6a8c5b
fix(routing): require ids for slack and msteams allowlists
2026-03-13 01:44:42 +00:00
4ca84acf24
fix(runtime): duplicate messages, share singleton state across bundled chunks ( #43683 )
...
* Tests: add fresh module import helper
* Process: share command queue runtime state
* Agents: share embedded run runtime state
* Reply: share followup queue runtime state
* Reply: share followup drain callback state
* Reply: share queued message dedupe state
* Reply: share inbound dedupe state
* Tests: cover shared command queue runtime state
* Tests: cover shared embedded run runtime state
* Tests: cover shared followup queue runtime state
* Tests: cover shared inbound dedupe state
* Tests: cover shared Slack thread participation state
* Slack: share sent thread participation state
* Tests: document fresh import helper
* Telegram: share draft stream runtime state
* Tests: cover shared Telegram draft stream state
* Telegram: share sent message cache state
* Tests: cover shared Telegram sent message cache
* Telegram: share thread binding runtime state
* Tests: cover shared Telegram thread binding state
* Tests: avoid duplicate shared queue reset
* refactor(runtime): centralize global singleton access
* refactor(runtime): preserve undefined global singleton values
* test(runtime): cover undefined global singleton values
---------
Co-authored-by: Nimrod Gutman <nimrod.gutman@gmail.com>
2026-03-12 14:59:27 -04:00
f4a4b50cd5
refactor: compile allowlist matchers
2026-03-11 00:07:47 +00:00
208fb1aa35
test: share runtime group policy fallback cases
2026-03-10 22:20:19 +00:00
e381ab630e
refactor(channels): share native command session targets
2026-03-08 01:27:05 +00:00
4956271da1
refactor: share provider allowlist input normalization
2026-03-07 23:27:51 +00:00
99d14a820a
refactor: share route policy evaluation in chat monitors
2026-03-07 23:27:51 +00:00
804d989b29
refactor: share slack allowlist resolver scaffolding
2026-03-07 21:09:27 +00:00
52e7d4295e
fix(gateway): clear stale Slack socket state after disconnect ( #39083 )
...
* fix(gateway): restore stale-socket recovery
* test(slack): cover clean socket disconnect status
2026-03-07 12:37:32 -06:00
e4d80ed556
CI: restore main detect-secrets scan ( #38438 )
...
* Tests: stabilize detect-secrets fixtures
* Tests: fix rebased detect-secrets false positives
* Docs: keep snippets valid under detect-secrets
* Tests: finalize detect-secrets false-positive fixes
* Tests: reduce detect-secrets false positives
* Tests: keep detect-secrets pragmas inline
* Tests: remediate next detect-secrets batch
* Tests: tighten detect-secrets allowlists
* Tests: stabilize detect-secrets formatter drift
2026-03-07 10:06:35 -08:00
949beca0c2
refactor(slack): dedupe app mention in-flight race setup
2026-03-07 17:05:23 +00:00
d33efeef10
refactor(slack): reuse shared prepare test scaffolding
2026-03-07 17:05:23 +00:00
969b9029c0
refactor(slack): dedupe app mention race test setup
2026-03-07 17:05:23 +00:00
f7fef07725
refactor(slack): share account surface field types
2026-03-07 17:05:23 +00:00
398bf51659
refactor(slack): reuse shared account merge helper
2026-03-07 17:05:23 +00:00
3c71e2bd48
refactor(core): extract shared dedup helpers
2026-03-07 10:41:05 +00:00
8873e13f1e
fix(gateway): stop stale-socket restarts before first event ( #38643 )
...
* fix(gateway): guard stale-socket restarts by event liveness
* fix(gateway): centralize connect-time liveness tracking
* fix(web): apply connected status patch atomically
* fix(gateway): require active socket for stale checks
* fix(gateway): ignore inherited stale event timestamps
2026-03-07 00:58:08 -06:00
0e4245063f
CLI: make read-only SecretRef status flows degrade safely ( #37023 )
...
* CLI: add read-only SecretRef inspection
* CLI: fix read-only SecretRef status regressions
* CLI: preserve read-only SecretRef status fallbacks
* Docs: document read-only channel inspection hook
* CLI: preserve audit coverage for read-only SecretRefs
* CLI: fix read-only status account selection
* CLI: fix targeted gateway fallback analysis
* CLI: fix Slack HTTP read-only inspection
* CLI: align audit credential status checks
* CLI: restore Telegram read-only fallback semantics
2026-03-05 23:07:13 -06:00
ce71fac7d6
fix(slack): record app_mention retry key before dedupe check ( #37033 )
...
- Prime app_mention retry allowance before dedupe so near-simultaneous message/app_mention races do not drop valid mentions.
- Prevent duplicate dispatch when app_mention wins the race and message prepare later succeeds.
- Prune dispatched mention keys and add regression coverage for both dropped and successful in-flight message outcomes.
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-05 21:47:52 -06:00
1efa7a88c4
fix(slack): thread channel ID through inbound context for reactions ( #34831 )
...
Slack reaction/thread context routing fixes via canonical synthesis of #34831 .
Co-authored-by: Tak <tak@users.noreply.github.com>
2026-03-05 20:47:31 -06:00
b39ca7eccb
fix(slack): remove double mrkdwn conversion in native streaming path
...
Remove redundant text normalization from Slack native streaming markdown_text flow so Markdown formatting is preserved.
Synthesis context: overlaps reviewed from #34931 , #34759 , #34716 , #34682 , #34814 .
Co-authored-by: littleben <1573829+littleben@users.noreply.github.com>
Co-authored-by: dunamismax <dunamismax@tutamail.com>
Co-authored-by: Octane <wdznb1@gmail.com>
Co-authored-by: Mitsuyuki Osabe <24588751+carrotRakko@users.noreply.github.com>
Co-authored-by: Kai <me@kaiyi.cool>
Co-authored-by: OpenClaw Agent <agent@openclaw.ai>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-05 20:34:43 -06:00
b9a20dc97f
fix(slack): preserve dedupe while recovering dropped app_mention ( #34937 )
...
This PR fixes Slack mention loss without reintroducing duplicate dispatches.
- Preserve seen-message dedupe at ingress to prevent duplicate processing.
- Allow a one-time app_mention retry only when the paired message event was previously dropped before dispatch.
- Add targeted race tests for both recovery and duplicate-prevention paths.
Co-authored-by: littleben <1573829+littleben@users.noreply.github.com>
Co-authored-by: OpenClaw Agent <agent@openclaw.ai>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-05 17:00:05 -06:00
7830366f3c
fix(slack): propagate mediaLocalRoots through Slack send path
...
Restore Slack local file upload parity with CVE-era local media allowlist enforcement by threading `mediaLocalRoots` through the Slack send call chain.
- pass `ctx.mediaLocalRoots` from Slack channel action adapter into `handleSlackAction`
- add and forward `mediaLocalRoots` in Slack action context/send path
- pass `mediaLocalRoots` into `sendMessageSlack` for upload allowlist enforcement
- add changelog entry with attribution for this behavior fix
Co-authored-by: 2233admin <1497479966@qq.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-05 16:52:49 -06:00
c1bb07bd16
fix(slack): route system events to bound agent sessions ( #34045 )
...
* fix(slack): route system events via binding-aware session keys
* fix(slack): pass sender to system event session resolver
* fix(slack): include sender context for interaction session routing
* fix(slack): include modal submitter in session routing
* test(slack): cover binding-aware system event routing
* test(slack): update interaction session key assertions
* test(slack): assert reaction session routing carries sender
* docs(changelog): note slack system event routing fix
* Update CHANGELOG.md
2026-03-04 08:44:07 -05:00
646817dd80
fix(outbound): unify resolved cfg threading across send paths ( #33987 )
2026-03-04 00:20:44 -06:00
a95a0be133
feat(slack): add typingReaction config for DM typing indicator fallback ( #19816 )
...
* feat(slack): add typingReaction config for DM typing indicator fallback
Adds a reaction-based typing indicator for Slack DMs that works without
assistant mode. When `channels.slack.typingReaction` is set (e.g.
"hourglass_flowing_sand"), the emoji is added to the user's message when
processing starts and removed when the reply is sent.
Addresses #19809
* test(slack): add typingReaction to createSlackMonitorContext test callers
* test(slack): add typingReaction to test context callers
* test(slack): add typingReaction to context fixture
* docs(changelog): credit Slack typingReaction feature
* test(slack): align existing-thread history expectation
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-03 21:07:17 -08:00
21e8d88c1d
build: fix ineffective dynamic imports with lazy boundaries ( #33690 )
...
Merged via squash.
Prepared head SHA: 38b3c23d6f
2026-03-03 20:14:41 -05:00
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
1dd77e4106
refactor(slack): extract socket reconnect policy helpers
2026-03-03 02:19:34 +00:00
c7ec237089
fix: fail fast on non-recoverable slack auth errors ( #32377 ) (thanks @scoootscooob)
2026-03-03 01:59:47 +00:00
1ae82be55a
fix(slack): fail fast on non-recoverable auth errors instead of retry loop
...
When a Slack bot is removed from a workspace while still configured in
OpenClaw, the gateway enters an infinite retry loop on account_inactive
or invalid_auth errors, making the entire gateway unresponsive.
Add isNonRecoverableSlackAuthError() to detect permanent credential
failures (account_inactive, invalid_auth, token_revoked, etc.) and
throw immediately instead of retrying. This mirrors how the Telegram
provider already distinguishes recoverable network errors from fatal
auth errors via isRecoverableTelegramNetworkError().
The check is applied in both the startup catch block and the disconnect
reconnect path so stale credentials always fail fast with a clear error
message.
Closes #32366
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 01:59:47 +00:00
d7bafae387
perf(test): trim fixture and serialization overhead in integration suites
2026-03-03 01:09:07 +00:00
ef920f2f39
refactor(channels): dedupe monitor message test flows
2026-03-03 01:06:00 +00:00
a44843507f
fix(slack): restore persistent per-channel session routing ( #32320 )
...
Top-level channel messages were creating isolated per-message sessions because roomThreadId fell through to threadContext.messageTs whenever replyToMode was not off.
Introduced in #10686 , every new channel message got its own session key (agent:...🧵 <messageTs>), breaking conversation continuity.
Fix: only derive thread-specific session keys for actual thread replies. Top-level channel messages stay on the per-channel session key regardless of replyToMode.
Fixes #32285
2026-03-03 01:00:49 +00:00
47083460ea
refactor: unify inbound debounce policy and split gateway/models helpers
2026-03-03 00:54:33 +00:00
9657ded2e1
test(perf): trim slack, hook, and plugin-validation test overhead
2026-03-03 00:43:01 +00:00
d7dda4dd1a
refactor: dedupe channel outbound and monitor tests
2026-03-03 00:15:15 +00:00
7eda632324
refactor: split slack/discord/session maintenance helpers
2026-03-02 23:07:20 +00:00
f9cbcfca0d
refactor: modularize slack/config/cron/daemon internals
2026-03-02 22:30:21 +00:00
a1ee605494
fix(slack): prevent duplicate DM processing from app_mention events
...
Fixes duplicate message processing in Slack DMs where both message.im
and app_mention events fire for the same message, causing:
- 2x token/credit usage per message
- 2x API calls
- Duplicate agent invocations with same runId
Root cause: app_mention events should only fire for channel mentions,
not DMs. Added channel_type check to skip im/mpim in app_mention handler.
Evidence of bug (from production logs):
- Same runId firing twice within 200-300ms
- Example: runId 13cd482c... at 20:32:42.699Z and 20:32:42.954Z
After fix:
- One message = one runId = one processing run
- 50% reduction in duplicate processing
2026-03-02 22:12:45 +00:00
923ff17ff3
fix(slack): filter inherited parent files from thread replies ( #32203 )
...
Slack's Events API includes the parent message's files array in every
thread reply event payload. This caused OpenClaw to re-download and
attach the parent's files to every text-only thread reply, creating
ghost media attachments.
The fix filters out files that belong to the thread starter by comparing
file IDs. The resolveSlackThreadStarter result is already cached, so
this adds no extra API calls.
Closes #32203
2026-03-02 22:11:07 +00:00
2c39731846
fix: keep slack off-mode top-level turns in one session ( #32193 ) (thanks @bmendonca3)
2026-03-02 22:05:25 +00:00
29342c37b5
slack: keep top-level off-mode channel turns in one session
2026-03-02 22:05:25 +00:00
9bde7f4fde
perf: cache allowlist and account-id normalization
2026-03-02 21:58:35 +00:00
55a2d12f40
refactor: split inbound and reload pipelines into staged modules
2026-03-02 21:55:01 +00:00
6a425d189e
refactor(channels): dedupe slack telegram and web monitor tests
2026-03-02 21:32:11 +00:00
2438fde6d9
fix: trim repeated slack thread context payloads ( #32133 ) (thanks @sourman)
2026-03-02 21:29:36 +00:00
7a99027ef6
fix(slack): reduce token bloat by skipping thread context on existing sessions
...
Thread history and thread starter were being fetched and included on
every message in a Slack thread, causing unnecessary token bloat. The
session transcript already contains the full conversation history, so
re-fetching and re-injecting thread history on each turn is redundant.
Now thread history is only fetched for new thread sessions
(!threadSessionPreviousTimestamp). Existing sessions rely on their
transcript for context.
Fixes #32121
2026-03-02 21:29:36 +00:00
b782ecb7eb
refactor: harden plugin install flow and main DM route pinning
2026-03-02 21:22:38 +00:00
5a32a66aa8
perf(core): speed up routing, pairing, slack, and security scans
2026-03-02 21:07:52 +00:00
Peter Steinberger
Vincent Koc
Tak Hoffman
Josh Avant
dunamismax
littleben
2233admin
Dale Yarborough
Gustavo Madeira Santana
scoootscooob
AytuncYildizli
Zico
OliYeet
bmendonca3
Ahmed Mansour