a5f0f66427
refactor: share zalouser group auth setup
2026-03-13 20:19:38 +00:00
985be2a864
refactor: share acpx ensure install checks
2026-03-13 20:19:38 +00:00
41c9e3ead0
refactor: share cron and zalo monitor test helpers
2026-03-13 18:38:12 +00:00
6464149031
refactor: share feishu webhook monitor harness
2026-03-13 18:38:12 +00:00
369430f9ab
refactor: share tlon upload test mocks
2026-03-13 17:29:59 +00:00
e358d57fb5
refactor: share feishu reply fallback flow
2026-03-13 16:51:59 +00:00
a14a32695d
refactor: share feishu reaction client setup
2026-03-13 16:51:59 +00:00
acfb95e2c6
refactor: share tlon channel put requests
2026-03-13 16:51:59 +00:00
fb40b09157
refactor: share feishu media client setup
2026-03-13 16:51:59 +00:00
6b04ab1e35
refactor: share teams drive upload flow
2026-03-13 16:51:59 +00:00
a4525b721e
refactor: deduplicate nextcloud send context
2026-03-13 16:51:59 +00:00
6b07604d64
refactor: share nextcloud target normalization
2026-03-13 16:51:59 +00:00
ef8cc3d0fb
refactor: share tlon inline text rendering
2026-03-13 16:51:59 +00:00
261a40dae1
fix: narrow acpx health failure handling
2026-03-13 16:30:27 +00:00
3f37afd18c
refactor: extract acpx event builders
2026-03-13 16:30:27 +00:00
f4ed317083
refactor: deduplicate acpx availability checks
2026-03-13 16:30:27 +00:00
16ececf0a6
chore: bump version to 2026.3.13
2026-03-13 04:38:32 +00:00
496ca3a637
fix(feishu): fail closed on webhook signature checks
2026-03-13 03:13:56 +00:00
de3e6a8c5b
fix(routing): require ids for slack and msteams allowlists
2026-03-13 01:44:42 +00:00
88244c0942
refactor(zalouser): reuse shared name matching helper
2026-03-13 01:44:42 +00:00
c25e46a433
chore: prepare 2026.3.12 release
2026-03-13 01:38:20 +00:00
b14a5c6713
fix(zalouser): require ids for group allowlist auth
2026-03-13 01:31:17 +00:00
87ad1ce9b1
refactor: add non-interactive provider plugin setup
2026-03-13 01:19:35 +00:00
fed24a1311
build: sync bundled plugin versions
2026-03-12 21:06:12 -04:00
4dd4e36450
build: update deps and fix vitest 4 regressions
2026-03-13 01:02:00 +00:00
86a3149b2e
fix: harden windows npm runtime path
2026-03-12 23:03:19 +00:00
92191fcd68
deps: bump openclaw to 2026.3.11
...
Raise internal OpenClaw constraints to 2026.3.11 and regenerate pnpm lockfile to remove the vulnerable 2026.3.8 resolution.
2026-03-12 19:00:49 -04:00
212afb6950
refactor: clarify pairing setup auth labels
2026-03-12 22:46:28 +00:00
1c7ca391a8
refactor: trim bootstrap token metadata
2026-03-12 22:46:28 +00:00
d83491e751
feat: modularize provider plugin architecture
2026-03-12 22:24:35 +00:00
bf89947a8e
fix: switch pairing setup codes to bootstrap tokens
2026-03-12 22:23:07 +00:00
f96ba87f03
Zalo: rate limit invalid webhook secret guesses before auth ( #44173 )
...
* Zalo: rate limit webhook guesses before auth
* Tests: cover pre-auth Zalo webhook rate limiting
* Changelog: note Zalo pre-auth rate limiting
* Zalo: preserve auth-before-content-type response ordering
* Tests: cover auth-before-content-type webhook ordering
* Zalo: split auth and unauth webhook rate-limit buckets
* Tests: cover auth bucket split for Zalo webhook rate limiting
* Zalo: use trusted proxy client IP for webhook rate limiting
* Tests: cover trusted proxy client IP rate limiting for Zalo
2026-03-12 12:30:50 -04:00
7844bc89a1
Security: require Feishu webhook encrypt key ( #44087 )
...
* Feishu: require webhook encrypt key in schema
* Feishu: cover encrypt key webhook validation
* Feishu: enforce encrypt key at startup
* Feishu: add webhook forgery regression test
* Feishu: collect encrypt key during onboarding
* Docs: require Feishu webhook encrypt key
* Changelog: note Feishu webhook hardening
* Docs: clarify Feishu encrypt key screenshot
* Feishu: treat webhook encrypt key as secret input
* Feishu: resolve encrypt key only in webhook mode
2026-03-12 11:01:00 -04:00
3e730c0332
Security: preserve Feishu reaction chat type ( #44088 )
...
* Feishu: preserve looked-up chat type
* Feishu: fail closed on ambiguous reaction chats
* Feishu: cover reaction chat type fallback
* Changelog: note Feishu reaction hardening
* Feishu: fail closed without resolved chat type
* Feishu: normalize reaction chat type at runtime
2026-03-12 10:53:40 -04:00
c965049dc6
fix(mattermost): pass mediaLocalRoots through reply delivery ( #44021 )
...
Merged via squash.
Prepared head SHA: 856f11f129
2026-03-12 20:13:51 +05:30
171d2df9e0
feat(mattermost): add replyToMode support (off | first | all) ( #29587 )
...
Merged via squash.
Prepared head SHA: 4a67791f53
2026-03-12 18:03:12 +05:30
4f620bebe5
fix(doctor): canonicalize gateway service entrypoint paths ( #43882 )
...
Merged via squash.
Prepared head SHA: 9f530d2a86
2026-03-12 12:39:22 +02:00
783a0d540f
fix: add zalouser outbound chunker
2026-03-12 15:47:12 +05:30
a6711afdc2
feat(zalouser): add markdown-to-Zalo text style parsing ( #43324 )
...
* feat(zalouser): add markdown-to-Zalo text style parsing
Parse markdown formatting (bold, italic, strikethrough, headings, lists,
code blocks, blockquotes, custom color/style tags) into Zalo native
TextStyle ranges so outbound messages render with rich formatting.
- Add text-styles.ts with parseZalouserTextStyles() converter
- Wire markdown mode into send pipeline (sendMessageZalouser)
- Export TextStyle enum and Style type from zca-client
- Add textMode/textStyles to ZaloSendOptions
- Pass textStyles through sendZaloTextMessage to zca-js API
- Enable textMode:"markdown" in outbound sendText/sendMedia and monitor
- Add comprehensive tests for parsing, send, and channel integration
* fix(zalouser): harden markdown text parsing
* fix(zalouser): mirror zca-js text style types
* fix(zalouser): support tilde fenced code blocks
* fix(zalouser): handle quoted fenced code blocks
* fix(zalouser): preserve literal quote lines in code fences
* fix(zalouser): support indented quoted fences
* fix(zalouser): preserve quoted markdown blocks
* fix(zalouser): rechunk formatted messages
* fix(zalouser): preserve markdown structure across chunks
* fix(zalouser): honor chunk limits and CRLF fences
2026-03-12 16:24:15 +07:00
658bd54ecf
feat(llm-task): add thinking override
...
Co-authored-by: Xaden Ryan <165437834+xadenryan@users.noreply.github.com>
2026-03-12 19:21:35 +11:00
4dfd8eea90
BlueBubbles: require confirmed outbound for self-chat cache
2026-03-12 03:22:57 -04:00
e8a162d3d8
fix(mattermost): prevent duplicate messages when block streaming + threading are active ( #41362 )
...
* fix(mattermost): prevent duplicate messages when block streaming + threading are active
Remove replyToId from createBlockReplyPayloadKey so identical content is
deduplicated regardless of threading target. Add explicit threading dock
to the Mattermost plugin with resolveReplyToMode reading from config
(default "all"), and add replyToMode to the Mattermost config schema.
Fixes #41219
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(mattermost): address PR review — per-account replyToMode and test clarity
Read replyToMode from the merged per-account config via
resolveMattermostAccount so account-level overrides are honored in
multi-account setups. Add replyToMode to MattermostAccountConfig type.
Rename misleading test to clarify it exercises shouldDropFinalPayloads
short-circuit, not payload key dedup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Replies: keep block-pipeline reply targets distinct
* Tests: cover block reply target-aware dedupe
* Update CHANGELOG.md
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-12 03:15:17 -04:00
241e8cc553
fix(bluebubbles): dedupe reflected self-chat duplicates ( #38442 )
...
* BlueBubbles: drop reflected self-chat duplicates
* Changelog: add BlueBubbles self-chat echo dedupe entry
* BlueBubbles: gate self-chat cache and expand coverage
* BlueBubbles: require explicit sender ids for self-chat dedupe
* BlueBubbles: harden self-chat cache
* BlueBubbles: move self-chat cache identity into cache
* BlueBubbles: gate self-chat cache to confirmed outbound sends
* Update CHANGELOG.md
* BlueBubbles: bound self-chat cache input work
* Tests: cover BlueBubbles cache cap under cleanup throttle
* BlueBubbles: canonicalize self-chat DM scope
* Tests: cover BlueBubbles mixed self-chat scope aliases
2026-03-12 03:11:43 -04:00
ce5dd742f8
build: sync versions to 2026.3.11
2026-03-12 04:01:57 +00:00
0e397e62b7
chore: bump version to 2026.3.10
2026-03-11 23:29:53 +00:00
9c81c31232
chore: refresh dependencies except carbon
2026-03-11 20:10:33 +00:00
8618a711ff
fix(voice-call): add speed and instructions to OpenAI TTS config schema ( #39226 )
...
Merged via squash.
Prepared head SHA: 775e3063b5
2026-03-11 23:15:48 +05:30
bf70a333fa
fix: clear pnpm prod audit vulnerabilities
2026-03-11 09:33:45 +05:30
f4a4b50cd5
refactor: compile allowlist matchers
2026-03-11 00:07:47 +00:00
36d2ae2a22
SecretRef: harden custom/provider secret persistence and reuse ( #42554 )
...
* Models: gate custom provider keys by usable secret semantics
* Config: project runtime writes onto source snapshot
* Models: prevent stale apiKey preservation for marker-managed providers
* Runner: strip SecretRef marker headers from resolved models
* Secrets: scan active agent models.json path in audit
* Config: guard runtime-source projection for unrelated configs
* Extensions: fix onboarding type errors in CI
* Tests: align setup helper account-enabled expectation
* Secrets audit: harden models.json file reads
* fix: harden SecretRef custom/provider secret persistence (#42554 ) (thanks @joshavant)
2026-03-10 23:55:10 +00:00
Peter Steinberger
Vincent Koc
Lyle
Teconomix
Nimrod Gutman
Ayaan Zaidi
darkamenosa
Xaden Ryan
Mathias Nagler
ademczuk
Ayaan Zaidi
Josh Avant