c0c3c4824d
fix: checkpoint gate fixes before rebase
2026-03-18 15:36:18 +00:00
3cecbcf8b6
docs: fix curly quotes, non-breaking hyphens, and remaining apostrophes in headings
2026-03-18 01:31:38 -07:00
da2289869d
docs: remove experiments/ and design/ directories
...
Delete all experiment plans, proposals, research docs, and the
kilo-gateway-integration design doc. These are internal planning
docs that do not belong on the public docs site.
- 12 English experiment files
- 5 zh-CN experiment translations
- 1 design doc (kilo-gateway-integration)
- Remove nav groups from docs.json (English + zh-CN)
- Remove 3 redirects pointing to deleted experiment pages
- Remove dead experiment links from hubs.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 00:55:55 -07:00
bde4c7995f
docs: remove docs/refactor/ directory
...
Delete all 7 refactor design docs and the zh-CN translations.
Remove the zh-CN nav group from docs.json.
These were orphaned from English nav and accessible only by
direct URL. Internal design docs do not belong on the public
docs site.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 00:45:39 -07:00
466510b6d8
refactor: replace "seam" terminology across codebase
...
Replace "seam" with clearer terms throughout:
- "surface" for public API/extension boundaries
- "boundary" for plugin/module interfaces
- "interface" for runtime connection points
- "hook" for test injection points
- "palette" for the lobster palette reference
Also delete experiments/acp-pluginification-architecture-plan.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 00:20:15 -07:00
3a28bc7d8f
docs(plugins): rewrite compatibility signals for clarity
...
Replace robotic prose with a scannable table and plain-language
summary. Same information, less stiff.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 00:14:20 -07:00
198ed08a38
docs: fix redirect chains and disambiguate duplicate titles
...
Redirects:
- /cron now goes directly to /automation/cron-jobs (was chaining via /cron-jobs)
- /model and /model/ now go directly to /concepts/models (was chaining via /models)
Duplicate titles disambiguated (6 of 7 - Logging is orphaned):
- Health Checks (macOS), Skills (macOS), Voice Wake (macOS), WebChat (macOS)
- General Troubleshooting (help/ vs gateway/)
- Provider Directory (providers/index vs concepts/model-providers)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 00:13:25 -07:00
e17d10f7cd
Plugin SDK: restore lobster and voice-call exports
2026-03-18 00:09:22 -07:00
21c2ba480a
Image generation: native provider migration and explicit capabilities ( #49551 )
...
* Docs: retire nano-banana skill wrapper
* Doctor: migrate nano-banana to native image generation
* Image generation: align fal aspect ratio behavior
* Image generation: make provider capabilities explicit
2026-03-18 00:04:03 -07:00
79f2173cd2
docs: add missing frontmatter and title fields
...
- Add full frontmatter (title, summary, read_when) to 4 files that
had none: auth-credential-semantics.md, kilo-gateway-integration.md,
CONTRIBUTING-THREAT-MODEL.md, THREAT-MODEL-ATLAS.md
- Add missing title field to 3 provider docs: kilocode.md, litellm.md,
together.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 00:02:43 -07:00
1cbfd53ed1
docs: remove apostrophes from headings (breaks Mintlify anchors)
...
Replace contractions and possessives in doc headings with expanded
forms so Mintlify generates stable anchor links. Updates matching
TOC entries and internal cross-references in faq.md.
Affected: faq.md (18 headings + 16 TOC links + 2 body refs),
twitch.md, ansible.md, render.mdx, macos-vm.md, digitalocean.md,
oracle.md, raspberry-pi.md, lore.md, AGENTS.dev.md, SOUL.dev.md,
BOOTSTRAP.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 00:02:42 -07:00
0dda3e66b5
Plugin SDK: align docs and fix runtime imports
2026-03-17 23:57:38 -07:00
8ac4b09fa4
docs: fix em-dash headings and broken links across docs
...
- Replace em-dashes in headings with hyphens/parens (breaks Mintlify anchors)
- Fix broken /testing link in pi-dev.md to /help/testing
- Convert absolute docs URLs to root-relative in pi-dev.md
Files: migrating.md, images.md, audio.md, media-understanding.md,
venice.md, minimax.md, AGENTS.default.md, security/index.md, pi-dev.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 23:55:46 -07:00
c36a493e80
Docs: clarify plugin compatibility signals
2026-03-17 23:27:23 -07:00
7b27f8a9ae
docs(refactor): replace seam terminology with capability/surface
...
Align refactor docs with the public capability model vocabulary.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 22:55:32 -07:00
7f0f8dd268
feat: expose context-engine compaction delegate helper ( #49061 )
...
* ContextEngine: add runtime compaction delegate helper
* plugin-sdk: expose compaction delegate through compat
* docs: clarify delegated plugin compaction
* docs: use scoped compaction delegate import
2026-03-17 22:54:18 -07:00
0354d49a82
docs update web search config guidance
2026-03-18 00:00:17 -05:00
9932d2984c
Docs: clarify plugin target resolution and directories
2026-03-18 04:36:27 +00:00
a8907d80dd
feat: finish xai provider integration
2026-03-17 21:31:20 -07:00
0ffcc308f2
Secrets: gate exec dry-run and preflight resolution behind --allow-exec ( #49417 )
...
* Secrets: gate exec dry-run resolution behind --allow-exec
* Secrets: fix dry-run completeness and skipped exec audit semantics
* Secrets: require --allow-exec for exec-containing apply writes
* Docs: align secrets exec consent behavior
* Changelog: note secrets exec consent gating
2026-03-17 23:24:34 -05:00
bf470b711b
docs(plugins): dedup in-process trust refs and add manifest cross-references
...
- Replace redundant in-process trust statements with cross-references
to the Execution model section (lines 573, 2436)
- Add CLI reference link from plugin.md CLI section
- Add configuration reference link from manifest.md validation section
- Add provider runtime hooks link from manifest.md providerAuthChoices
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 21:23:56 -07:00
2c35faf437
docs: fix "a OpenClaw" → "an OpenClaw" grammar across docs
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 20:43:18 -07:00
d2ef865073
docs(plugins): deduplicate and cross-reference plugin capability docs
...
- Merge hook order + which-hook-to-use into single reference table
- Deduplicate npm spec restrictions (link to CLI reference)
- Deduplicate plugin shapes in cli/plugins.md (link to main definition)
- Add capability-cookbook to docs.json navigation
- Add cross-references: Architecture→Load pipeline, Config→configuration
reference, Plugin slots→manifest kind, Adding capability→cookbook
- Add missing cursor bundle subtype in 3 locations
- Fix verbose/info→verbose/inspect references
- Remove duplicate "info is alias for inspect" note
- Add missing install command to CLI command summary
- Replace premature "shape" jargon with "pattern" before definition
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 20:43:18 -07:00
56066dccb0
docs(ui): harden legacy query token guidance ( #49053 )
2026-03-17 22:18:42 -05:00
cd5c2f4cb2
refactor: dedupe channel plugin shared assembly
2026-03-17 20:13:52 -07:00
6b9b32a160
Docs: require unified message discovery
2026-03-18 03:02:17 +00:00
5b2c5ee2bc
refactor: remove remaining extension src imports
2026-03-17 19:53:32 -07:00
01ae160108
chore: checkpoint ci triage
2026-03-18 02:41:06 +00:00
fa73f5aeb5
Polls: defer shared parsing until plugin fallback
2026-03-18 02:34:25 +00:00
fb0d04c834
Tests: migrate channel action discovery to describeMessageTool
2026-03-18 02:17:47 +00:00
b5c38b1095
Docs: point message runtime docs and tests at plugin-owned code
2026-03-18 02:08:08 +00:00
2d3bcbfe08
CLI: skip exec SecretRef dry-run resolution unless explicitly allowed ( #49322 )
...
* CLI: gate exec SecretRef dry-run resolution behind opt-in
* Docs: clarify config dry-run exec opt-in behavior
* CLI: preserve static exec dry-run validation
2026-03-17 20:20:11 -05:00
f2de673130
Docs: clarify plugin-owned message discovery
2026-03-18 00:49:02 +00:00
e99963100d
CLI: expand config set with SecretRef/provider builders and dry-run ( #49296 )
...
* CLI: expand config set ref/provider builder and dry-run
* Docs: revert README Discord token example
2026-03-17 18:15:49 -05:00
e7422716bb
docs(plugins): rename plugins info to plugins inspect across all docs
...
Update all references from `plugins info` to `plugins inspect` in bundles,
plugin system, and CLI index docs to match the renamed command.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 15:33:42 -07:00
681d16a892
docs(manifest): cross-reference public capability model
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 15:00:33 -07:00
6981922254
docs(plugins): replace seam terminology with capability language
...
Align with the decided convention: use capabilities, entry points,
and extension surfaces instead of seams.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 15:00:33 -07:00
dd7b5dc46f
docs(providers): clarify provider capabilities vs public capability model
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 10:59:49 -07:00
de564689da
docs(refactor): align plugin SDK plan with public capability model
...
Add capability plan alignment section with key decisions and required test
matrix. Rename seams to capabilities for consistency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 10:59:49 -07:00
025bdc7e8f
docs(cli): add plugins inspect command reference
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 10:59:49 -07:00
464f3da53f
docs(plugins): document public capability model, plugin shapes, and inspection
...
Add the public capability model section documenting the six capability types,
plugin shape classification, capability labels, legacy hook guidance, export
boundary rules, and the new plugins inspect command.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 10:59:49 -07:00
272d6ed24b
Plugins: add binding resolution callbacks ( #48678 )
...
Merged via squash.
Prepared head SHA: 6d7b32b184
2026-03-17 13:11:08 -04:00
6d9bf6de93
refactor: narrow extension public seams
2026-03-17 09:58:33 -07:00
6636ca87f4
docs(hooks): clarify trust model and audit guidance
2026-03-17 09:54:30 -07:00
2145eb5908
feat(mattermost): add retry logic and timeout handling for DM channel creation ( #42398 )
...
Merged via squash.
Prepared head SHA: 3db47be907
2026-03-17 22:16:56 +05:30
4d8106eece
docs(security): clarify wildcard Control UI origins
2026-03-17 09:36:51 -07:00
39a8dab0da
refactor: dedupe plugin lazy runtime helpers
2026-03-17 09:24:22 -07:00
c94beb03b2
docs(image-generation): document implicit tool enablement
2026-03-17 09:23:35 -07:00
9f8cf7f71a
test: stabilize full gate
2026-03-17 16:21:59 +00:00
1399ca5fcb
fix(plugins): forward plugin subagent overrides ( #48277 )
...
Merged via squash.
Prepared head SHA: ffa45893e0
2026-03-17 07:20:27 -07:00
6101c023bb
fix(ui): restore control-ui query token compatibility ( #43979 )
...
* fix(ui): restore control-ui query token imports
* chore(changelog): add entry for openclaw#43979 thanks @stim64045-spec
---------
Co-authored-by: 大禹 <dayu@dayudeMac-mini.local>
Co-authored-by: Val Alexander <bunsthedev@gmail.com>
Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com>
2026-03-17 04:03:35 -05:00
990d0d7261
docs(image-generation): remove nano banana stock docs
2026-03-17 01:09:58 -07:00
449127b474
fix: restore full gate
2026-03-17 07:47:28 +00:00
ff0481ad65
docs: fix context engine review notes
2026-03-17 00:14:51 -07:00
9887311de3
docs: address review feedback on context-engine page
...
- Rename 'Method' column to 'Member' with explicit Kind column since
info is a property, not a callable method
- Document AssembleResult fields (estimatedTokens, systemPromptAddition)
with types and optionality
- Add lifecycle timing notes for bootstrap, ingestBatch, and dispose
so plugin authors know when each is invoked
2026-03-17 00:14:51 -07:00
315cee96b9
docs: add plugin installation steps to context engine page
...
Show the full workflow: install via openclaw plugins install,
enable in plugins.entries, then select in plugins.slots.contextEngine.
Uses lossless-claw as the concrete example.
2026-03-17 00:14:51 -07:00
228448e6b3
docs: add context engine documentation
...
Add dedicated docs page for the pluggable context engine system:
- Full lifecycle explanation (ingest, assemble, compact, afterTurn)
- Legacy engine behavior documentation
- Plugin engine authoring guide with code examples
- ContextEngine interface reference table
- ownsCompaction semantics
- Subagent lifecycle hooks (prepareSubagentSpawn, onSubagentEnded)
- systemPromptAddition mechanism
- Relationship to compaction, memory plugins, and session pruning
- Configuration reference and tips
Also:
- Add context-engine to docs nav (Agents > Fundamentals, after Context)
- Add /context-engine redirect
- Cross-link from context.md and compaction.md
2026-03-17 00:14:51 -07:00
026d8ea534
fix: unblock full gate
2026-03-17 07:06:24 +00:00
e5919bc524
docs(gateway): clarify URL allowlist semantics
2026-03-17 00:03:27 -07:00
c601dda389
docs(image-generation): document google provider
2026-03-16 23:21:16 -07:00
c79ade10e6
docs(plugins): add capability cookbook
2026-03-16 22:58:55 -07:00
cc88b4a72d
Commands: add /plugins chat command ( #48765 )
...
* Tests: stabilize MCP config merge follow-ups
* Commands: add /plugins chat command
* Docs: add /plugins slash command guide
2026-03-16 22:57:44 -07:00
f2bd76cd1a
refactor: finalize plugin sdk legacy boundary cleanup
2026-03-16 22:51:46 -07:00
2bbf33a9ec
docs(plugins): add multi-capability ownership example
2026-03-16 22:21:18 -07:00
da34f81ce2
fix(secrets): scope message SecretRef resolution and harden doctor/status paths ( #48728 )
...
* fix(secrets): scope message runtime resolution and harden doctor/status
* docs: align message/doctor/status SecretRef behavior notes
* test(cli): accept scoped targetIds wiring in secret-resolution coverage
* fix(secrets): keep scoped allowedPaths isolation and tighten coverage gate
* fix(secrets): avoid default-account coercion in scoped target selection
* test(doctor): cover inactive telegram secretref inspect path
* docs
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
* changelog
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
---------
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-03-17 00:01:34 -05:00
06459ca0df
Agents: run bundle MCP tools in embedded Pi ( #48611 )
...
* Agents: run bundle MCP tools in embedded Pi
* Plugins: fix bundle MCP path resolution
* Plugins: warn on unsupported bundle MCP transports
* Commands: add embedded Pi MCP management
* Config: move MCP management to top-level config
2026-03-16 21:46:05 -07:00
4bba2888e7
feat(plugins): add web search runtime capability
2026-03-16 21:31:00 -07:00
afc0172cb1
docs(plugins): add capability checklist template
2026-03-16 21:13:52 -07:00
71a79bdf5c
docs(plugins): document media understanding runtime
2026-03-16 20:58:34 -07:00
3566e88c08
docs(plugins): document media capability ownership
2026-03-16 20:42:08 -07:00
14907d3de0
docs(plugins): note richer voice metadata
2026-03-16 20:27:34 -07:00
5602973b5d
docs(plugins): add capability contract example
2026-03-16 20:24:13 -07:00
1ffe8fde84
fix: stabilize docker test suite
2026-03-17 03:02:03 +00:00
ed248c76c7
docs(plugins): document speech runtime ownership
2026-03-16 20:01:24 -07:00
6da9ba3267
docs(plugins): document capability ownership model
2026-03-16 18:50:09 -07:00
4863b651c6
docs: rename onboarding user-facing wizard copy
...
Co-authored-by: Tak <contact-redacted@example.com>
2026-03-16 19:50:31 -05:00
1f1a93a1dc
Docs: document deferred channel startup opt-in
2026-03-16 14:03:25 +00:00
4337b1eba5
docs(config): refresh generated baseline
2026-03-16 18:58:32 +05:30
7deb543624
Browser: support non-Chrome existing-session profiles via userDataDir ( #48170 )
...
Merged via squash.
Prepared head SHA: e490035a24
2026-03-16 14:21:22 +01:00
1447e2e384
Release: trim generated docs from npm pack
2026-03-16 02:10:04 -07:00
3832f938fd
Docs: use placeholders for marketplace plugin examples
2026-03-16 02:09:20 -07:00
d896d8e0cd
Docs: add Claude marketplace plugin install guidance
2026-03-16 02:04:05 -07:00
c9423dce1e
Docs: refresh generated config baseline
2026-03-16 01:49:41 -07:00
7e74adef91
refactor: shrink public channel plugin sdk surfaces
2026-03-16 01:34:22 -07:00
0ed64f124d
fix: mount CLI auth dirs in docker live tests
2026-03-16 07:44:15 +00:00
b3025e6d8e
refactor(plugin-sdk): clean shared core imports
2026-03-16 00:25:32 -07:00
cec10703dc
fix: unblock ci gates
2026-03-16 07:19:54 +00:00
00ef214d59
docs: regenerate zh-CN onboarding references
2026-03-16 07:03:19 +00:00
3c6a49b27e
feishu: harden media support and align capability docs ( #47968 )
...
* feishu: harden media support and action surface
* feishu: format media action changes
* feishu: fix review follow-ups
* fix: scope Feishu target aliases to Feishu (#47968 ) (thanks @Takhoffman)
2026-03-16 02:02:48 -05:00
476d948732
!refactor(browser): remove Chrome extension path and add MCP doctor migration ( #47893 )
...
* Browser: replace extension path with Chrome MCP
* Browser: clarify relay stub and doctor checks
* Docs: mark browser MCP migration as breaking
* Browser: reject unsupported profile drivers
* Browser: accept clawd alias on profile create
* Doctor: narrow legacy browser driver migration
2026-03-15 23:56:08 -07:00
ae60094fb5
refactor(plugins): move onboarding auth metadata to manifests
2026-03-15 23:47:16 -07:00
f0f934556e
build: remove land gate script
2026-03-16 06:08:41 +00:00
aa97368f7d
test: add openshell sandbox e2e smoke
2026-03-15 23:02:36 -07:00
ddd34b6cc3
refactor(plugins): simplify provider auth choice metadata
2026-03-15 23:01:12 -07:00
0a6f22a694
docs: sync config baseline
2026-03-16 05:54:58 +00:00
2852eab323
build: add land gate parity script
2026-03-16 05:54:16 +00:00
2580b81bd2
refactor: move channel capability diagnostics into plugins
2026-03-15 22:53:03 -07:00
f9e185887f
docs: restore onboard docs references
2026-03-16 05:50:57 +00:00
ad97c581e2
refactor: move channel messaging hooks into plugins
2026-03-15 22:39:00 -07:00
e627a5069f
refactor(plugins): move auth profile hooks into providers
2026-03-15 22:23:55 -07:00
823039c000
docs: prefer setup wizard command
2026-03-15 22:01:04 -07:00
7a6be3d531
refactor(plugins): move auth and model policy to providers
2026-03-15 21:52:29 -07:00
3d8c29cc53
Build: unbundle LanceDB from published package
2026-03-15 21:51:42 -07:00
922ce15c65
Docs: refresh generated config baseline
2026-03-15 21:41:38 -07:00
5287ae3c06
docs: update setup wizard wording
2026-03-15 21:40:31 -07:00
0a2f95916b
test: expand ssh sandbox coverage and docs
2026-03-15 21:38:22 -07:00
b8bb8510a2
feat: move ssh sandboxing into core
2026-03-15 21:35:30 -07:00
c4a5fd8465
docs: update channel setup wording
2026-03-15 21:07:18 -07:00
522dda1971
Docs: refresh generated config baseline
2026-03-15 21:00:03 -07:00
a33caab280
refactor(plugins): move auth and model policy to providers
2026-03-15 20:59:06 -07:00
dfc237c319
docs: update channel setup docs
2026-03-15 20:44:26 -07:00
aa28d1c711
feat: add firecrawl onboarding search plugin
2026-03-16 03:38:58 +00:00
be8fef3840
docs: expand openshell sandbox docs
2026-03-15 20:35:56 -07:00
ae7f18e503
feat: add remote openshell sandbox mode
2026-03-15 20:28:19 -07:00
8ab01c5c93
refactor(core): land plugin auth and startup cleanup
2026-03-15 20:12:37 -07:00
46482a283a
feat: add nostr setup and unify channel setup discovery
2026-03-15 19:58:22 -07:00
a2cb81199e
secrets: harden read-only SecretRef command paths and diagnostics ( #47794 )
...
* secrets: harden read-only SecretRef resolution for status and audit
* CLI: add SecretRef degrade-safe regression coverage
* Docs: align SecretRef status and daemon probe semantics
* Security audit: close SecretRef review gaps
* Security audit: preserve source auth SecretRef configuredness
* changelog
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
---------
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-03-15 21:55:24 -05:00
acae0b60c2
perf(plugins): lazy-load channel setup entrypoints
2026-03-15 19:27:55 -07:00
bcdbd03579
docs: refresh zh-CN model providers
2026-03-16 02:26:45 +00:00
47a9c1a893
refactor: merge minimax bundled plugins
2026-03-16 02:26:45 +00:00
60bf58ddbc
refactor: trim onboarding sdk exports
2026-03-15 19:14:36 -07:00
10f4a03de8
docs(google): remove stale plugin references
2026-03-16 02:11:19 +00:00
6987a3c8b5
docs(i18n): sync zh-CN google plugin references
2026-03-16 02:11:18 +00:00
fb991e6f31
perf(plugins): lazy-load setup surfaces
2026-03-15 18:46:54 -07:00
26a8aee01c
refactor: drop channel onboarding fallback
2026-03-15 18:24:39 -07:00
b54e37c71f
feat(plugins): merge openai vendor seams into one plugin
2026-03-15 18:20:52 -07:00
bc5054ce68
refactor(google): merge gemini auth into google plugin
2026-03-16 01:19:32 +00:00
ee7ecb2dd4
feat(plugins): move anthropic and openai vendors to plugins
2026-03-15 17:07:28 -07:00
e42d86afa9
docs: document richer setup wizard prompts
2026-03-15 17:06:42 -07:00
1f68e6e89c
docs(plugins): unify bundle format explainer
2026-03-15 16:58:28 -07:00
c05cfccc17
docs(plugins): document provider runtime usage hooks
2026-03-15 16:57:32 -07:00
c3ed3ba310
docs: update setup wizard capabilities
2026-03-15 16:48:43 -07:00
d040d48af4
docs: describe channel setup wizard surface
2026-03-15 16:26:09 -07:00
4adcfa3256
feat(plugins): move provider runtimes into bundled plugins
2026-03-15 16:09:40 -07:00
dd40741e18
feat(plugins): add compatible bundle support
2026-03-15 16:08:50 -07:00
4a0f72866b
feat(plugins): move provider runtimes into bundled plugins
2026-03-15 15:18:32 -07:00
5a7aba94a2
CLI: support package-manager installs from GitHub main ( #47630 )
...
* CLI: resolve package-manager main install specs
* CLI: skip registry resolution for raw package specs
* CLI: support main package target updates
* CLI: document package update specs in help
* Tests: cover package install spec resolution
* Tests: cover npm main-package updates
* Tests: cover update --tag main
* Installer: support main package targets
* Installer: support main package targets on Windows
* Docs: document package-manager main updates
* Docs: document installer main targets
* Docs: document npm and pnpm main installs
* Docs: document update --tag main
* Changelog: note package-manager main installs
* Update src/infra/update-global.test.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-15 14:18:12 -07:00
3735156766
fix(ci): restore config baseline release-check output ( #47629 )
...
* Docs: regenerate config baseline
* Chore: ignore generated config baseline
* Update .prettierignore
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-15 14:14:30 -07:00
594920f8cc
Scripts: rebuild on extension and tsdown config changes ( #47571 )
...
Merged via squash.
Prepared head SHA: edd8ed8254
2026-03-15 16:19:27 -04:00
a2080421a1
Docs: move release runbook to maintainer repo ( #47532 )
...
* Docs: redact private release setup
* Docs: tighten release order
* Docs: move release runbook to maintainer repo
* Docs: delete public mac release page
* Docs: remove zh-CN mac release page
* Docs: turn release checklist into release policy
* Docs: point release policy to private docs
* Docs: regenerate zh-CN release policy pages
* Docs: preserve Doctor in zh-CN hubs
* Docs: fix zh-CN polls label
* Docs: tighten docs i18n term guardrails
* Docs: enforce zh-CN glossary coverage
2026-03-15 20:42:39 +01:00
4a7fbe090a
docs(zalo): document current Marketplace bot behavior (openclaw#47552)
...
Verified:
- pnpm check:docs
Co-authored-by: Tomáš Dinh <82420070+No898@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-15 14:40:35 -05:00
c9a8b6f82f
chore(fmt): format changes and broken types
2026-03-15 12:03:35 -07:00
132e459009
fix(ci): config drift found and documented
2026-03-15 10:43:03 -07:00
ff61343d76
fix: harden mention pattern regex compilation
2026-03-15 08:44:12 -07:00
89e3969d64
feat(feishu): add ACP and subagent session binding ( #46819 )
...
* feat(feishu): add ACP session support
* fix(feishu): preserve sender-scoped ACP rebinding
* fix(feishu): recover sender scope from bound ACP sessions
* fix(feishu): support DM ACP binding placement
* feat(feishu): add current-conversation session binding
* fix(feishu): avoid DM parent binding fallback
* fix(feishu): require canonical topic sender ids
* fix(feishu): honor sender-scoped ACP bindings
* fix(feishu): allow user-id ACP DM bindings
* fix(feishu): recover user-id ACP DM bindings
2026-03-15 10:33:49 -05:00
a472f988d8
fix: harden remote cdp probes
2026-03-15 08:23:01 -07:00
d7ac16788e
fix(android): support android node `calllog.search` ( #44073 )
...
* fix(android): support android node `calllog.search`
* fix(android): support android node calllog.search
* fix(android): wire callLog through shared surfaces
* fix: land Android callLog support (#44073 ) (thanks @lxk7280)
---------
Co-authored-by: lixuankai <lixuankai@oppo.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-03-15 14:54:32 +05:30
a2d73be3a4
Docs: switch README logo to SVG assets ( #47049 )
2026-03-15 08:58:45 +01:00
e3b7ff2f1f
Docs: fix MDX markers blocking page refreshes ( #46695 )
...
Merged via squash.
Prepared head SHA: 56b25a9fb3
2026-03-15 02:58:59 +01:00
f4dbd78afd
Add Feishu reactions and card action support ( #46692 )
...
* Add Feishu reactions and card action support
* Tighten Feishu action handling
2026-03-14 20:25:02 -05:00
4c6a7f84a4
docs: remove dead security README nav entry ( #46675 )
...
Merged via squash.
Prepared head SHA: 63331a54b8
2026-03-15 01:40:00 +01:00
2806f2b878
Heartbeat: add isolatedSession option for fresh session per heartbeat run ( #46634 )
...
Reuses the cron isolated session pattern (resolveCronSession with forceNew)
to give each heartbeat a fresh session with no prior conversation history.
Reduces per-heartbeat token cost from ~100K to ~2-5K tokens.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-14 16:28:01 -07:00
3704293e6f
browser: drop headless/remote MCP attach modes, simplify existing-session to autoConnect-only ( #46628 )
2026-03-14 15:54:22 -07:00
2f7e548a57
chore: regenerate config baseline ( #46598 )
2026-03-14 15:44:13 -07:00
b1d8737017
browser: drop chrome-relay auto-creation, simplify to user profile only ( #46596 )
...
Merged via squash.
Prepared head SHA: 74becc8f7d
2026-03-14 15:40:02 -07:00
173fe3cb54
feat(browser): add headless existing-session MCP support esp for Linux/Docker/VPS ( #45769 )
...
* fix(browser): prefer managed default profile in headless mode
* test(browser): cover headless default profile fallback
* feat(browser): support headless MCP profile resolution
* feat(browser): add headless and target-url Chrome MCP modes
* feat(browser): allow MCP target URLs in profile creation
* docs(browser): document headless MCP existing-session flows
* fix(browser): restore playwright browser act helpers
* fix(browser): preserve strict selector actions
* docs(changelog): add existing-session MCP note
2026-03-14 14:59:30 -07:00
cbec476b6b
Docs: add config drift baseline statefile ( #45891 )
...
* Docs: add config drift statefile generator
* Docs: generate config drift baseline
* CI: move config docs drift runner into workflow sanity
* Docs: emit config drift baseline json
* Docs: commit config drift baseline json
* Docs: wire config baseline into release checks
* Config: fix baseline drift walker coverage
* Docs: regenerate config drift baselines
2026-03-14 14:23:30 -07:00
d33f3f843a
ci: allow fallback npm correction tags ( #46486 )
2026-03-14 19:38:14 +01:00
c30cabcca4
Docs: sweep recent user-facing updates ( #46424 )
...
* Docs: document Telegram force-document sends
* Docs: note Telegram document send behavior
* Docs: clarify memory file precedence
* Docs: align default AGENTS memory guidance
* Docs: update workspace FAQ memory note
* Docs: document gateway status require-rpc
* Docs: add require-rpc to gateway CLI index
2026-03-14 10:20:44 -07:00
0e893347f6
docs(nav): move btw to end of built-in tools ( #46416 )
2026-03-14 19:16:57 +02:00
133cce23ce
fix(btw): stop persisting side questions ( #46328 )
...
* fix(btw): stop persisting side questions
* docs(btw): document side-question behavior
2026-03-14 19:01:13 +02:00
9aac55d306
Add /btw side questions ( #45444 )
...
* feat(agent): add /btw side questions
* fix(agent): gate and log /btw reviews
* feat(btw): isolate side-question delivery
* test(reply): update route reply runtime mocks
* fix(btw): complete side-result delivery across clients
* fix(gateway): handle streamed btw side results
* fix(telegram): unblock btw side questions
* fix(reply): make external btw replies explicit
* fix(chat): keep btw side results ephemeral in internal history
* fix(btw): address remaining review feedback
* fix(chat): preserve btw history on mobile refresh
* fix(acp): keep btw replies out of prompt history
* refactor(btw): narrow side questions to live channels
* fix(btw): preserve channel typing indicators
* fix(btw): keep side questions isolated in chat
* fix(outbound): restore typed channel send deps
* fix(btw): avoid blocking replies on transcript persistence
* fix(btw): keep side questions fast
* docs(commands): document btw slash command
* docs(changelog): add btw side questions entry
* test(outbound): align session transcript mocks
2026-03-14 17:27:54 +02:00
c08317203d
ci: enforce calver freshness on npm publish
2026-03-14 13:45:40 +01:00
00891dee90
ci: switch npm release workflow to trusted publishing
2026-03-14 13:45:40 +01:00
61a7f2e7c3
docs: clarify npm release preview and publish flow
2026-03-14 13:45:40 +01:00
02a86da23a
ci: preserve manual npm release approval delays
2026-03-14 13:45:40 +01:00
c79c4ffbfb
fix(zai): align explicit coding endpoint setup with detected model defaults ( #45969 )
...
* fix: align Z.AI coding onboarding with endpoint docs
* fix: align Z.AI coding onboarding with endpoint docs (#45969 )
2026-03-14 16:20:37 +05:30
e7d9648fba
feat(cron): support custom session IDs and auto-bind to current session ( #16511 )
...
feat(cron): support persistent session targets for cron jobs (#9765 )
Add support for `sessionTarget: "current"` and `session:<id>` so cron jobs can
bind to the creating session or a persistent named session instead of only
`main` or ephemeral `isolated` sessions.
Also:
- preserve custom session targets across reloads and restarts
- update gateway validation and normalization for the new target forms
- add cron coverage for current/custom session targets and fallback behavior
- fix merged CI regressions in Discord and diffs tests
- add a changelog entry for the new cron session behavior
Co-authored-by: kkhomej33-netizen <kkhomej33-netizen@users.noreply.github.com>
Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
2026-03-14 16:48:46 +11:00
b6d1d0d72d
fix(browser): prefer user profile over chrome relay
2026-03-14 04:15:34 +00:00
f4fef64fc1
Gateway: treat scope-limited probe RPC as degraded reachability ( #45622 )
...
* Gateway: treat scope-limited probe RPC as degraded
* Docs: clarify gateway probe degraded scope output
* test: fix CI type regressions in gateway and outbound suites
* Tests: fix Node24 diffs theme loading and Windows assertions
* Tests: fix extension typing after main rebase
* Tests: fix Windows CI regressions after rebase
* Tests: normalize executable path assertions on Windows
* Tests: remove duplicate gateway daemon result alias
* Tests: stabilize Windows approval path assertions
* Tests: fix Discord rate-limit startup fixture typing
* Tests: use Windows-friendly relative exec fixtures
---------
Co-authored-by: Mainframe <mainframe@MainfraacStudio.localdomain>
2026-03-13 23:13:33 -05:00
5c40c1c78a
fix(browser): add browser session selection
2026-03-14 03:46:44 +00:00
4357cf4e37
fix: harden browser existing-session flows
2026-03-13 23:56:48 +00:00
1ef0aa443b
docs(android): note that app is not publicly released yet ( #23051 )
...
Co-authored-by: Eyal <eyal.engad@gmail.com>
2026-03-13 15:14:53 -07:00
8c7bdbe4d1
Docs: describe Slack interactive replies ( #45463 )
2026-03-13 17:16:14 -04:00
75c7c169e1
test: re-enable Node 24 vmForks fast lane
2026-03-13 20:38:24 +00:00
5c07207dd1
ci: trim PR critical path
2026-03-13 20:38:24 +00:00
1ea97fddd7
docs: share docker vm runtime guidance
2026-03-13 20:19:39 +00:00
5225667e25
docs: trim duplicated wizard and gateway api examples
2026-03-13 20:19:39 +00:00
dbef3dfef0
docs(voice-call): clarify allowlist caller ID limits
2026-03-13 20:11:42 +00:00
593964560b
feat(browser): add chrome MCP existing-session support
2026-03-13 20:10:08 +00:00
d17490ff54
ci: speed up scoped workflow lanes
2026-03-13 19:53:40 +00:00
fc408bba37
Fix incorrect rendering of brave costs in docs ( #44989 )
...
Merged via squash.
Prepared head SHA: 8c69de8222
2026-03-13 21:37:39 +03:00
3cf06f7939
docs(plugins): clarify workspace shadowing
2026-03-13 13:15:46 +00:00
2f03de029c
fix(node-host): harden pnpm approval binding
2026-03-13 12:59:55 +00:00
61429230b2
fix(signal): add groups config to Signal channel schema ( #27199 )
...
Merged via squash.
Prepared head SHA: 4ba4a39ddf
2026-03-13 15:14:30 +03:00
a3eed2b70f
fix(agents): avoid injecting memory file twice on case-insensitive mounts ( #26054 )
...
* fix(agents): avoid injecting memory file twice on case-insensitive mounts
On case-insensitive file systems mounted into Docker from macOS, both
MEMORY.md and memory.md pass fs.access() even when they are the same
underlying file. The previous dedup via fs.realpath() failed in this
scenario because realpath does not normalise case through the Docker
mount layer, so both paths were treated as distinct entries and the
same content was injected into the bootstrap context twice, wasting
tokens.
Fix by replacing the collect-then-dedup approach with an early-exit:
try MEMORY.md first; fall back to memory.md only when MEMORY.md is
absent. This makes the function return at most one entry regardless
of filesystem case-sensitivity.
* docs: clarify singular memory bootstrap fallback
* fix: note memory bootstrap fallback docs and changelog (#26054 ) (thanks @Lanfei)
---------
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-03-13 14:39:51 +05:30
e986aa175f
docs: fix session key :dm: → :direct ( #26506 )
2026-03-13 14:28:33 +05:30
32d8ec9482
fix: harden windows gateway fallback launch
2026-03-13 04:58:35 +00:00
16ececf0a6
chore: bump version to 2026.3.13
2026-03-13 04:38:32 +00:00
433e65711f
fix: fall back to a startup entry for windows gateway install
2026-03-13 03:18:17 +00:00
b858d6c3a9
fix: clarify windows onboarding gateway health
2026-03-13 02:40:40 +00:00
d6d01f853f
fix: align Ollama onboarding docs before landing ( #43473 ) (thanks @BruceMacD)
...
(cherry picked from commit 19fa274343a102ca85c7679ec28c5a3503a99f55)
2026-03-13 02:03:54 +00:00
f906bf58db
docs(ollama): update onboarding flow
...
Co-Authored-By: Jeffrey Morgan <jmorganca@gmail.com>
(cherry picked from commit e8ca2ff4e522f2d971801a537b3c4fdfecde0711)
2026-03-13 02:03:54 +00:00
ddeb423944
fix: quiet Telegram command overflow retry logs
2026-03-13 01:45:56 +00:00
de3e6a8c5b
fix(routing): require ids for slack and msteams allowlists
2026-03-13 01:44:42 +00:00
c25e46a433
chore: prepare 2026.3.12 release
2026-03-13 01:38:20 +00:00
b14a5c6713
fix(zalouser): require ids for group allowlist auth
2026-03-13 01:31:17 +00:00
c80da4e72f
refactor: validate provider plugin metadata
2026-03-13 01:19:35 +00:00
d5b3f2ed71
fix(models): keep codex spark codex-only
2026-03-13 00:53:21 +00:00
35aafd7ca8
feat: add Anthropic fast mode support
2026-03-12 23:39:03 +00:00
d5bffcdeab
feat: add fast mode toggle for OpenAI models
2026-03-12 23:31:31 +00:00
319766639a
docs: explain plugin architecture
2026-03-12 22:24:35 +00:00
bf89947a8e
fix: switch pairing setup codes to bootstrap tokens
2026-03-12 22:23:07 +00:00
55f47e5ce6
onboard(minimax): flatten auth to 4 direct choices, unify CN/Global under single provider ( #44284 )
...
Replace the multi-step MiniMax onboarding wizard with 4 flat options:
- MiniMax Global — OAuth (minimax.io)
- MiniMax Global — API Key (minimax.io)
- MiniMax CN — OAuth (minimaxi.com)
- MiniMax CN — API Key (minimaxi.com)
Storage changes:
- Unify CN and Global under provider "minimax" (baseUrl distinguishes region)
- Profiles: minimax:global / minimax:cn (both regions can coexist)
- Model ref: minimax/MiniMax-M2.5 (no more minimax-cn/ prefix)
- Remove LM Studio local mode and Lightning/Highspeed choice
Backward compatibility:
- Keep minimax-cn in provider-env-vars for existing configs
- Accept minimax-cn as legacy tokenProvider in CI pipelines
- Error with migration hint for removed auth choices in non-interactive mode
- Warn when dual-profile overwrites shared provider baseUrl
Made-with: Cursor
2026-03-12 11:23:42 -07:00
9f08af1f06
fix(ci): harden docker builds and unblock config docs
2026-03-12 16:45:29 +00:00
46f0bfc55b
Gateway: harden custom session-store discovery ( #44176 )
...
Merged via squash.
Prepared head SHA: 52ebbf5188
2026-03-12 16:44:46 +00:00
b77b7485e0
feat(push): add iOS APNs relay gateway ( #43369 )
...
* feat(push): add ios apns relay gateway
* fix(shared): avoid oslog string concatenation
# Conflicts:
# apps/shared/OpenClawKit/Sources/OpenClawKit/GatewayChannel.swift
* fix(push): harden relay validation and invalidation
* fix(push): persist app attest state before relay registration
* fix(push): harden relay invalidation and url handling
* feat(push): use scoped relay send grants
* feat(push): configure ios relay through gateway config
* feat(push): bind relay registration to gateway identity
* fix(push): tighten ios relay trust flow
* fix(push): bound APNs registration fields (#43369 ) (thanks @ngutman)
2026-03-12 18:15:35 +02:00
8525fd94ea
docs: sync Feishu secretref credential matrix
...
## Summary
- Problem: `src/secrets/target-registry.test.ts` fails on latest `main` because the runtime registry includes Feishu `encryptKey` paths that the docs matrix and surface reference omit.
- Why it matters: the docs/runtime sync guard currently blocks prep and merge work for unrelated PRs, including `#25558`.
- What changed: regenerated the secretref credential matrix and updated the surface reference to include both Feishu `encryptKey` paths.
- What did NOT change (scope boundary): no runtime registry behavior, config semantics, or channel handling changed.
## Change Type (select all)
- [x] Bug fix
- [ ] Feature
- [ ] Refactor
- [x] Docs
- [ ] Security hardening
- [ ] Chore/infra
## Scope (select all touched areas)
- [ ] Gateway / orchestration
- [ ] Skills / tool execution
- [ ] Auth / tokens
- [ ] Memory / storage
- [x] Integrations
- [ ] API / contracts
- [ ] UI / DX
- [ ] CI/CD / infra
## Linked Issue/PR
- Closes #
- Related #25558
## User-visible / Behavior Changes
None.
## Security Impact (required)
- New permissions/capabilities? `No`
- Secrets/tokens handling changed? `No`
- New/changed network calls? `No`
- Command/tool execution surface changed? `No`
- Data access scope changed? `No`
- If any `Yes`, explain risk + mitigation:
## Repro + Verification
### Environment
- OS: macOS
- Runtime/container: Node.js repo checkout
- Model/provider: N/A
- Integration/channel (if any): Feishu docs/runtime registry sync
- Relevant config (redacted): none
### Steps
1. Check out latest `main` before this change.
2. Run `./node_modules/.bin/vitest run --config vitest.unit.config.ts src/secrets/target-registry.test.ts`.
3. Apply this docs-only sync change and rerun the same command.
### Expected
- The target registry stays in sync with the generated docs matrix and the test passes.
### Actual
- Before this change, the test failed because `channels.feishu.encryptKey` and `channels.feishu.accounts.*.encryptKey` were missing from the docs artifacts.
## Evidence
Attach at least one:
- [x] Failing test/log before + passing after
- [ ] Trace/log snippets
- [ ] Screenshot/recording
- [ ] Perf numbers (if relevant)
## Human Verification (required)
What you personally verified (not just CI), and how:
- Verified scenarios: confirmed the failure on plain latest `main`, applied only these docs entries in a clean bootstrapped worktree, and reran `./node_modules/.bin/vitest run --config vitest.unit.config.ts src/secrets/target-registry.test.ts` to green.
- Edge cases checked: verified both top-level Feishu `encryptKey` and account-scoped `encryptKey` paths are present in the matrix and surface reference.
- What you did **not** verify: full repo test suite and CI beyond the targeted regression.
## Review Conversations
- [x] I replied to or resolved every bot review conversation I addressed in this PR.
- [x] I left unresolved only the conversations that still need reviewer or maintainer judgment.
If a bot review conversation is addressed by this PR, resolve that conversation yourself. Do not leave bot review conversation cleanup for maintainers.
## Compatibility / Migration
- Backward compatible? `Yes`
- Config/env changes? `No`
- Migration needed? `No`
- If yes, exact upgrade steps:
## Failure Recovery (if this breaks)
- How to disable/revert this change quickly: revert this commit.
- Files/config to restore: `docs/reference/secretref-user-supplied-credentials-matrix.json` and `docs/reference/secretref-credential-surface.md`
- Known bad symptoms reviewers should watch for: the target-registry docs sync test failing again for missing Feishu `encryptKey` entries.
## Risks and Mitigations
- Risk: the markdown surface reference could drift from the generated matrix again in a later credential-shape change.
- Mitigation: `src/secrets/target-registry.test.ts` continues to guard docs/runtime sync.
2026-03-12 08:18:13 -07:00
7844bc89a1
Security: require Feishu webhook encrypt key ( #44087 )
...
* Feishu: require webhook encrypt key in schema
* Feishu: cover encrypt key webhook validation
* Feishu: enforce encrypt key at startup
* Feishu: add webhook forgery regression test
* Feishu: collect encrypt key during onboarding
* Docs: require Feishu webhook encrypt key
* Changelog: note Feishu webhook hardening
* Docs: clarify Feishu encrypt key screenshot
* Feishu: treat webhook encrypt key as secret input
* Feishu: resolve encrypt key only in webhook mode
2026-03-12 11:01:00 -04:00
b0f717aa02
build: align Node 22 guidance with 22.16 minimum
2026-03-12 20:07:44 +05:30
0a8d2b6200
build: raise Node 22 compatibility floor to 22.16
2026-03-12 20:07:44 +05:30
deada7edd3
build: default to Node 24 and keep Node 22 compat
2026-03-12 20:07:44 +05:30
171d2df9e0
feat(mattermost): add replyToMode support (off | first | all) ( #29587 )
...
Merged via squash.
Prepared head SHA: 4a67791f53
2026-03-12 18:03:12 +05:30
8e0e4f736a
docs: add Kubernetes install guide, setup script, and manifests ( #34492 )
...
* add docs and manifests for k8s install
Signed-off-by: sallyom <somalley@redhat.com>
* changelog
Signed-off-by: sallyom <somalley@redhat.com>
---------
Signed-off-by: sallyom <somalley@redhat.com>
2026-03-12 07:28:21 -04:00
62a71361a9
Docs: clarify llm-task thinking presets
2026-03-12 19:27:07 +11:00
658bd54ecf
feat(llm-task): add thinking override
...
Co-authored-by: Xaden Ryan <165437834+xadenryan@users.noreply.github.com>
2026-03-12 19:21:35 +11:00
0bcb95e8fa
Models: enforce source-managed SecretRef markers in models.json ( #43759 )
...
Merged via squash.
Prepared head SHA: 4a065ef5d8
2026-03-12 02:22:52 -05:00
c65390cbde
docs: update Raspberry Pi dashboard access instructions ( #43584 )
...
* docs(pi): update dashboard access instructions
* docs(i18n): refresh raspberry pi source hash
* docs: clarify Raspberry Pi dashboard access
* fix: clarify Raspberry Pi dashboard access (#43584 ) (thanks @neeravmakwana)
---------
Co-authored-by: Neerav Makwana <261249544+neeravmakwana@users.noreply.github.com>
Co-authored-by: Ayaan Zaidi <zaidi@uplause.io>
2026-03-12 10:04:44 +05:30
96485701a7
docs: update 2026.3.11 release examples
2026-03-12 04:01:56 +00:00
0e397e62b7
chore: bump version to 2026.3.10
2026-03-11 23:29:53 +00:00
d79ca52960
Memory: add multimodal image and audio indexing ( #43460 )
...
Merged via squash.
Prepared head SHA: a994c07190
2026-03-11 22:28:34 +00:00
5e324cf785
docs(ollama): align onboarding guidance with code
2026-03-11 20:11:51 +00:00
60aed95346
feat(memory): add gemini-embedding-2-preview support ( #42501 )
...
Merged via squash.
Prepared head SHA: c57b1f8ba2
2026-03-11 14:28:53 -04:00
7761e7626f
Providers: add Opencode Go support ( #42313 )
...
* feat(providers): add opencode-go provider support and onboarding
* Onboard: unify OpenCode auth handling openclaw#42313 thanks @ImLukeF
* Docs: merge OpenCode Zen and Go docs openclaw#42313 thanks @ImLukeF
* Update CHANGELOG.md
---------
Co-authored-by: Ubuntu <ubuntu@vps-90352893.vps.ovh.ca>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-11 01:31:06 -04:00
0125ce1f44
Gateway: fail closed unresolved local auth SecretRefs ( #42672 )
...
* Gateway: fail closed unresolved local auth SecretRefs
* Docs: align node-host gateway auth precedence
* CI: resolve rebase breakages in checks lanes
* Tests: isolate LOCAL_REMOTE_FALLBACK_TOKEN env state
* Gateway: remove stale remote.enabled auth-surface semantics
* Changelog: note gateway SecretRef fail-closed fix
2026-03-10 21:41:56 -05:00
daaf211e20
fix(node-host): fail closed on unbound interpreter approvals
2026-03-11 02:36:38 +00:00
aad014c7c1
fix: harden subagent control boundaries
2026-03-11 01:44:38 +00:00
8eac939417
fix(security): enforce target account configWrites
2026-03-11 01:24:36 +00:00
201420a7ee
fix: harden secret-file readers
2026-03-10 23:40:10 +00:00
a76e810193
fix(gateway): harden token fallback/reconnect behavior and docs ( #42507 )
...
* fix(gateway): harden token fallback and auth reconnect handling
* docs(gateway): clarify auth retry and token-drift recovery
* fix(gateway): tighten auth reconnect gating across clients
* fix: harden gateway token retry (#42507 ) (thanks @joshavant)
2026-03-10 17:05:57 -05:00
8ba1b6eff1
ci: add npm release workflow and CalVer checks ( #42414 ) (thanks @onutc)
2026-03-10 20:09:25 +01:00
0ff184397d
docs(telegram): clarify group and sender allowlists ( #42451 )
...
Merged via squash.
Prepared head SHA: f30cacafb3
2026-03-10 21:56:30 +03:00
d30dc28b8c
Secrets: reject exec SecretRef traversal ids across schema/runtime/gateway ( #42370 )
...
* Secrets: harden exec SecretRef validation and reload LKG coverage
* Tests: harden exec fast-exit stdin regression case
* Tests: align lifecycle daemon test formatting with oxfmt 0.36
2026-03-10 13:45:37 -05:00
0687e04760
fix: thread runtime config through Discord/Telegram sends ( #42352 ) (thanks @joshavant) ( #42352 )
2026-03-10 13:30:57 -05:00
466cc816a8
docs(acp): document resumeSessionId for session resume ( #42280 )
...
* docs(acp): document resumeSessionId for session resume
* docs: clarify ACP resumeSessionId thread/mode behavior (#42280 ) (thanks @pejmanjohn)
---------
Co-authored-by: Onur <onur@textcortex.com>
2026-03-10 18:06:09 +01:00
6d0547dc2e
mattermost: fix DM media upload for unprefixed user IDs ( #29925 )
...
Merged via squash.
Prepared head SHA: 5cffcb072c
2026-03-10 14:22:24 +05:30
f0eb67923c
fix(secrets): resolve web tool SecretRefs atomically at runtime
2026-03-09 22:57:03 -05:00
de49a8b72c
Telegram: exec approvals for OpenCode/Codex ( #37233 )
...
Merged via squash.
Prepared head SHA: f243379094
2026-03-09 23:04:35 -04:00
0c7f07818f
acp: add regression coverage and smoke-test docs ( #41456 )
...
Merged via squash.
Prepared head SHA: 514d587352
2026-03-09 22:40:14 +01:00
8e3f3bc3cf
acp: enrich streaming updates for ide clients ( #41442 )
...
Merged via squash.
Prepared head SHA: 0764368e80
2026-03-09 22:26:46 +01:00
d346f2d9ce
acp: restore session context and controls ( #41425 )
...
Merged via squash.
Prepared head SHA: fcabdf7c31
2026-03-09 22:17:19 +01:00
e6e4169e82
acp: fail honestly in bridge mode ( #41424 )
...
Merged via squash.
Prepared head SHA: b5e6e13afe
2026-03-09 22:01:30 +01:00
d4e59a3666
Cron: enforce cron-owned delivery contract ( #40998 )
...
Merged via squash.
Prepared head SHA: 5877389e33
2026-03-09 20:12:37 +01:00
f2f561fab1
fix(ui): preserve control-ui auth across refresh ( #40892 )
...
Merged via squash.
Prepared head SHA: f9b2375892
2026-03-09 12:50:47 +01:00
f9706fde6a
build: bump unreleased version to 2026.3.9
2026-03-09 08:33:58 +00:00
adec8b28bb
alphabetize web search providers ( #40259 )
...
Merged via squash.
Prepared head SHA: be6350e5ae
2026-03-09 08:54:54 +05:30
e3df94365b
ACP: add optional ingress provenance receipts ( #40473 )
...
Merged via squash.
Prepared head SHA: b63e46dd94
2026-03-09 04:19:03 +01:00
13bd3db307
chore(docs): drop refactor cleanup tracker
2026-03-09 00:26:20 +00:00
ff4745fc3f
refactor(models): split provider discovery helpers
2026-03-09 00:26:20 +00:00
c29b098744
refactor(models): split models.json planning from writes
2026-03-09 00:26:20 +00:00
24b53fcf47
refactor(agents): extract provider model normalization
2026-03-09 00:26:20 +00:00
dfc18b7a2b
refactor(models): extract list row builders
2026-03-09 00:26:20 +00:00
3e70109cb2
docs: add refactor cluster backlog
2026-03-08 23:38:24 +00:00
a3dc4b5a57
fix(tui): improve color contrast for light-background terminals ( #40345 )
...
* fix(tui): improve colour contrast for light-background terminals (#38636 )
Detect light terminal backgrounds via COLORFGBG and apply a WCAG
AA-compliant light palette. Adds OPENCLAW_THEME=light|dark env var
override for terminals without auto-detection.
Uses proper sRGB linearisation and WCAG 2.1 contrast ratios to pick
whichever text palette (dark or light) has higher contrast against
the detected background colour.
Co-authored-by: ademczuk <ademczuk@users.noreply.github.com>
* Update CHANGELOG.md
---------
Co-authored-by: ademczuk <andrew.demczuk@gmail.com>
Co-authored-by: ademczuk <ademczuk@users.noreply.github.com>
2026-03-08 16:17:28 -07:00
38543d8196
fix(cron): consolidate announce delivery, fire-and-forget trigger, and minimal prompt mode ( #40204 )
...
* fix(cron): consolidate announce delivery and detach manual runs
* fix: queue detached cron runs (#40204 )
2026-03-08 14:46:33 -07:00
0ecfd37b44
feat: add local backup CLI ( #40163 )
...
Merged via squash.
Prepared head SHA: ed46625ae2
2026-03-08 16:21:20 -04:00
9d467d1620
docs: add WSL2 + Windows remote Chrome CDP troubleshooting ( #39407 ) (thanks @Owlock)
2026-03-08 19:21:42 +00:00
d3111fbbcb
fix: make browser relay bind address configurable ( #39364 ) (thanks @mvanhorn)
2026-03-08 19:15:21 +00:00
f9c220e261
test+docs: comprehensive coverage and generic framing
...
- Add 12 new tests covering: isWebSocketUrl detection, parseHttpUrl WSS
acceptance/rejection, direct WS target creation with query params,
SSRF enforcement on WS URLs, WS reachability probing bypasses HTTP
- Reframe docs section as generic "Direct WebSocket CDP providers" with
Browserbase as one example — any WSS-based provider works
- Update security tips to mention WSS alongside HTTPS
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
75602014db
feat(browser): support direct WebSocket CDP URLs for Browserbase
...
Browserbase uses direct WebSocket connections (wss://) rather than the
standard HTTP-based /json/version CDP discovery flow used by Browserless.
This change teaches the browser tool to accept ws:// and wss:// URLs as
cdpUrl values: when a WebSocket URL is detected, OpenClaw connects
directly instead of attempting HTTP discovery.
Changes:
- config.ts: accept ws:// and wss:// in cdpUrl validation
- cdp.helpers.ts: add isWebSocketUrl() helper
- cdp.ts: skip /json/version when cdpUrl is already a WebSocket URL
- chrome.ts: probe WSS endpoints via WebSocket handshake instead of HTTP
- cdp.test.ts: add test for direct WebSocket target creation
- docs/tools/browser.md: update Browserbase section with correct URL
format and notes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
3cf75f760c
docs: simplify Browserbase section, drop pricing details
...
Restore platform-level feature description (CAPTCHA solving, stealth
mode, proxies) without plan-specific pricing gating. Keep free tier
note brief.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
ae39a152d8
docs: fact-check Browserbase section against official docs
...
- Fix CAPTCHA/stealth/proxy claims: these are Developer plan+ only,
not available on free tier
- Fix free tier limits: 1 browser hour, 15-min session duration
(not "60 minutes of monthly usage")
- Add link to pricing page for paid plan details
- Simplify structure to match Browserless section format
- Remove sub-headings to match Browserless section style
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
efa1204183
docs: restore direct wss://connect.browserbase.com URL
...
Browserbase exposes a direct WebSocket connect endpoint that
auto-creates a session, similar to how Browserless works. Simplified
the section to use this static URL pattern instead of requiring
manual session creation via the API.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
9a4610c641
docs: fix Browserbase section to match official docs
...
Browserbase requires creating a session via their API to get a CDP
connect URL, unlike Browserless which uses a static endpoint. Updated
to show the correct curl-based session creation flow, removed
unverified static WebSocket URL, and added the 5-minute connect
timeout note from official docs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
c0a988f692
docs: fix duplicate heading lint error
...
Rename "Configuration" sub-heading to "Profile setup" to avoid
MD024/no-duplicate-heading conflict with the existing top-level
"Configuration" heading.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
641e1bacb4
docs: add Browserbase as hosted remote CDP option
...
Add Browserbase documentation section alongside the existing Browserless
section in the browser docs. Includes signup instructions, CDP connection
configuration, and environment variable setup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
0252bdc837
Revert "docs: add Browserbase as hosted remote CDP option"
...
This reverts commit c469657c97848c7a3e1e5135bf4ce735d07d6614.
2026-03-08 18:48:10 +00:00
885199dcaa
docs: add Browserbase as hosted remote CDP option
...
Add Browserbase documentation section alongside the existing Browserless
section in the browser docs. Includes signup instructions, CDP connection
configuration, and environment variable setup for both English and Chinese
(zh-CN) translations.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-08 18:48:10 +00:00
55465d86d9
Docs: use placeholder OpenRouter key in web tool docs
2026-03-08 11:16:03 -07:00
615466bdf4
Docs: use placeholder OpenRouter key in Perplexity guide
2026-03-08 11:16:03 -07:00
2970d72554
docs: update Brave Search API docs for Feb 2026 plan restructuring ( #40111 )
...
Merged via squash.
Prepared head SHA: c651f07855
2026-03-08 14:06:21 -04:00
caf1b84822
feat: allow compaction model override via config ( #38753 )
...
Merged via squash.
Prepared head SHA: a3d6d6c845
2026-03-08 10:47:34 -07:00
d4ab731746
fix(telegram): use message previews in DMs
2026-03-08 21:59:43 +05:30
fa83010b17
fix(plugins): ship Feishu bundled runtime dependency ( #39990 )
...
* fix: ship feishu bundled runtime dependency
* test: align feishu bundled dependency specs
2026-03-08 10:36:41 -05:00
28e46d04e5
fix(web-search): restore OpenRouter compatibility for Perplexity ( #39937 ) ( #39937 )
2026-03-08 20:37:54 +05:30
b4c8950417
refactor: centralize talk silence timeout defaults
2026-03-08 14:58:29 +00:00
6ff7e8f42e
talk: add configurable silence timeout
2026-03-08 14:30:25 +00:00
1a364cd066
Docs: clarify notarization handoff in mac release flow
2026-03-08 14:14:36 +00:00
9ce79bba34
Docs: mark basic mac dist example as non-notarized
2026-03-08 14:14:36 +00:00
047f4acacf
Docs: clarify release build arch defaults for mac packaging
2026-03-08 14:14:36 +00:00
64760614aa
macOS: default release app builds to universal binaries
2026-03-08 14:14:36 +00:00
6dadfaa18c
docs: use alphabetical provider ordering
2026-03-08 14:10:36 +00:00
acac7e3132
fix: land Brave llm-context gaps ( #33383 ) (thanks @thirumaleshp)
2026-03-08 13:57:12 +00:00
eebee84093
fix(models): discover Vercel AI Gateway catalog
2026-03-08 13:44:10 +00:00
46145fde19
fix(android): remove mic and screen foreground services
2026-03-08 16:25:49 +05:30
1230cefe25
fix(android): remove background location mode
2026-03-08 16:25:49 +05:30
0f9566b0b5
fix(android): remove self-update install flow
2026-03-08 16:25:49 +05:30
492fe679a7
feat(tui): infer workspace agent when launching TUI ( #39591 )
...
Merged via squash.
Prepared head SHA: 23533e24c4
2026-03-08 13:31:11 +03:00
05217845a7
build: bump version to 2026.3.8
2026-03-08 05:59:04 +00:00
59102a1ff7
fix: add gemini 3.1 flash-lite support
2026-03-08 05:12:48 +00:00
fcdc1a13e1
fix: land #33992 from @darkamenosa
...
Co-authored-by: Tom <hxtxmu@gmail.com>
2026-03-08 04:49:04 +00:00
a035a3ce48
fix: drop removed minimax lightning model
2026-03-08 04:06:26 +00:00
21df014d56
fix: stage docker live tests from mounted source
2026-03-08 04:06:26 +00:00
5759b93dda
fix(ci): pin multi-arch docker base digests
2026-03-08 02:55:15 +00:00
a8c67affd8
test: cover gemini flash compat normalization
2026-03-08 02:34:49 +00:00
100da9f45c
fix: correct gemini flash model id
2026-03-08 02:32:58 +00:00
4062aa5e5d
Gateway: add safer password-file input for gateway run ( #39067 )
...
* CLI: add gateway password-file option
* Docs: document safer gateway password input
* Update src/cli/gateway-cli/run.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Tests: clean up gateway password temp dirs
* CLI: restore gateway password warning flow
* Security: harden secret file reads
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-07 18:20:17 -08:00
25252ab5ab
gateway: harden shared auth resolution across systemd, discord, and node host
2026-03-07 18:28:32 -06:00
61000b8e4d
fix(acp): block sandboxed slash spawns
2026-03-08 00:23:07 +00:00
c76d29208b
fix(node-host): bind approved script operands
2026-03-07 23:04:00 +00:00
be9ea991de
fix(discord): avoid native plugin command collisions
2026-03-07 21:59:44 +00:00
ac86deccee
fix(gateway): harden plugin HTTP route auth
2026-03-07 19:55:06 +00:00
5f8f58ae25
fix(gateway): require admin for chat config writes
2026-03-07 19:38:49 +00:00
499c1ee6e3
reduce image size, offer slim image ( #38479 )
...
Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 14:26:29 -05:00
253e159700
fix: harden workspace skill path containment
2026-03-07 18:56:15 +00:00
729ee165ed
docs(gateway): clarify trusted operator HTTP endpoints
2026-03-07 18:48:17 +00:00
10d0e3f3ca
fix(dashboard): keep gateway tokens out of URL storage
2026-03-07 18:33:30 +00:00
f966dde476
tests: fix detect-secrets false positives ( #39084 )
...
* Tests: rename gateway status env token fixture
* Tests: allowlist feishu onboarding fixtures
* Tests: allowlist Google Chat private key fixture
* Docs: allowlist Brave API key example
* Tests: allowlist pairing password env fixtures
* Chore: refresh detect-secrets baseline
2026-03-07 13:21:29 -05:00
5290d97574
Docs: fix web tools MDX links
2026-03-07 10:15:22 -08:00
61273c072c
Docs: remove MDX-breaking secret markers
2026-03-07 10:09:00 -08:00
e4d80ed556
CI: restore main detect-secrets scan ( #38438 )
...
* Tests: stabilize detect-secrets fixtures
* Tests: fix rebased detect-secrets false positives
* Docs: keep snippets valid under detect-secrets
* Tests: finalize detect-secrets false-positive fixes
* Tests: reduce detect-secrets false positives
* Tests: keep detect-secrets pragmas inline
* Tests: remediate next detect-secrets batch
* Tests: tighten detect-secrets allowlists
* Tests: stabilize detect-secrets formatter drift
2026-03-07 10:06:35 -08:00
8e20dd22d8
Secrets: harden SecretRef-safe models.json persistence ( #38955 )
2026-03-07 11:28:39 -06:00
1dd4f92ea2
fix: default local onboarding tools profile to coding
2026-03-07 16:41:27 +00:00
33e7394861
fix(providers): make all models available in kilocode provider ( #32352 )
...
* kilocode: dynamic model discovery, kilo/auto default, cooldown exemption
- Replace 9-model hardcoded catalog with dynamic discovery from
GET /api/gateway/models (Venice-like pattern with static fallback)
- Default model changed from anthropic/claude-opus-4.6 to kilo/auto
(smart routing model)
- Add createKilocodeWrapper for X-KILOCODE-FEATURE header injection
and reasoning.effort handling (skip for kilo/auto)
- Add kilocode to cooldown-exempt providers (proxy like OpenRouter)
- Keep sync buildKilocodeProvider for onboarding, add async
buildKilocodeProviderWithDiscovery for implicit provider resolution
- Per-token gateway pricing converted to per-1M-token for cost fields
* kilocode: skip reasoning injection for x-ai models, harden discovery loop
* fix(kilocode): keep valid discovered duplicates (openclaw#32352, thanks @pandemicsyn)
* refactor(proxy): normalize reasoning payload guards (openclaw#32352, thanks @pandemicsyn)
* chore(changelog): note kilocode hardening (openclaw#32352, thanks @pandemicsyn and @vincentkoc)
* chore(changelog): fix kilocode note format (openclaw#32352, thanks @pandemicsyn and @vincentkoc)
* test(kilocode): support auto-model override cases (openclaw#32352, thanks @pandemicsyn)
* Update CHANGELOG.md
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-07 08:14:06 -08:00
786ec21b5a
docs(cli): improve memory command examples ( #31803 )
...
Merged via squash.
Prepared head SHA: 15dcda3027
2026-03-07 19:03:23 +03:00
997a9f5b9e
chore: bump version to 2026.3.7
2026-03-07 10:09:02 +00:00
6017b738b1
Web: add HEIC media regression and doc fix ( #38294 )
...
* Web: add HEIC media normalization regression
* Docs: list HEIC input_image MIME types
* Update src/web/media.test.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-06 22:49:38 -05:00
2d52c88dad
fix(podman): stop assuming /tmp is disk-backed ( #38296 )
...
* Podman: avoid hardcoding /tmp for image staging
* Docs: clarify container storage paths
* Podman: secure staged image import
* Podman: clarify streamed image handoff
2026-03-06 19:55:26 -05:00
42e3d8d693
Secrets: add inline allowlist review set ( #38314 )
...
* Secrets: add inline allowlist review set
* Secrets: narrow detect-secrets file exclusions
* Secrets: exclude Docker fingerprint false positive
* Secrets: allowlist test and docs false positives
* Secrets: refresh baseline after allowlist updates
* Secrets: fix gateway chat fixture pragma
* Secrets: format pre-commit config
* Android: keep talk mode fixture JSON valid
* Feishu: rely on client timeout injection
* Secrets: allowlist provider auth test fixtures
* Secrets: allowlist onboard search fixtures
* Secrets: allowlist onboard mode fixture
* Secrets: allowlist gateway auth mode fixture
* Secrets: allowlist APNS wake test key
* Secrets: allowlist gateway reload fixtures
* Secrets: allowlist moonshot video fixture
* Secrets: allowlist auto audio fixture
* Secrets: allowlist tiny audio fixture
* Secrets: allowlist embeddings fixtures
* Secrets: allowlist resolve fixtures
* Secrets: allowlist target registry pattern fixtures
* Secrets: allowlist gateway chat env fixture
* Secrets: refresh baseline after fixture allowlists
* Secrets: reapply gateway chat env allowlist
* Secrets: reapply gateway chat env allowlist
* Secrets: stabilize gateway chat env allowlist
* Secrets: allowlist runtime snapshot save fixture
* Secrets: allowlist oauth profile fixtures
* Secrets: allowlist compaction identifier fixture
* Secrets: allowlist model auth fixture
* Secrets: allowlist model status fixtures
* Secrets: allowlist custom onboarding fixture
* Secrets: allowlist mattermost token summary fixtures
* Secrets: allowlist gateway auth suite fixtures
* Secrets: allowlist channel summary fixture
* Secrets: allowlist provider usage auth fixtures
* Secrets: allowlist media proxy fixture
* Secrets: allowlist secrets audit fixtures
* Secrets: refresh baseline after final fixture allowlists
* Feishu: prefer explicit client timeout
* Feishu: test direct timeout precedence
2026-03-06 19:35:26 -05:00
3070fafec1
fix(venice): switch default model to kimi-k2-5 ( #38423 )
...
* Docs: refresh Venice default model guidance
* Venice: switch default model to Kimi K2.5
* Changelog: credit Venice default refresh
2026-03-06 19:31:07 -05:00
03b9abab84
feat(compaction): make post-compaction context sections configurable ( #34556 )
...
Merged via squash.
Prepared head SHA: 491bb28544
2026-03-06 14:57:15 -08:00
6e962d8b9e
fix(agents): handle overloaded failover separately ( #38301 )
...
* fix(agents): skip auth-profile failure on overload
* fix(agents): note overload auth-profile fallback fix
* fix(agents): classify overloaded failures separately
* fix(agents): back off before overload failover
* fix(agents): tighten overload probe and backoff state
* fix(agents): persist overloaded cooldown across runs
* fix(agents): tighten overloaded status handling
* test(agents): add overload regression coverage
* fix(agents): restore runner imports after rebase
* test(agents): add overload fallback integration coverage
* fix(agents): harden overloaded failover abort handling
* test(agents): tighten overload classifier coverage
* test(agents): cover all-overloaded fallback exhaustion
* fix(cron): retry overloaded fallback summaries
* fix(cron): treat HTTP 529 as overloaded retry
2026-03-07 01:42:11 +03:00
7ce79c8972
docs: fix broken dashboard image on i18n pages ( #38031 )
...
The dashboard screenshot uses a relative path `src="whatsapp-openclaw.jpg"`
which resolves correctly on the English root page but produces 404 on
zh-CN and ja-JP pages because Mintlify prepends the language subdirectory
to the CDN path.
Change to absolute path `/whatsapp-openclaw.jpg` in all three index files,
consistent with other images on the same page that already use absolute
paths (e.g. `/assets/openclaw-logo-text-dark.png`).
2026-03-07 00:22:19 +03:00
ab5fcfcc01
feat(gateway): add channel-backed readiness probes ( #38285 )
...
* Changelog: add channel-backed readiness probe entry
* Gateway: add channel-backed readiness probes
* Docs: describe readiness probe behavior
* Gateway: add readiness probe regression tests
* Changelog: dedupe gateway probe entries
* Docs: fix readiness startup grace description
* Changelog: remove stale readiness entry
* Gateway: cover readiness hardening
* Gateway: harden readiness probes
2026-03-06 15:15:23 -05:00
042b2c867d
Docs: clarify main secret scan behavior
2026-03-06 14:41:23 -05:00
b529b7c6b7
Docs: update secret scan reproduction steps
2026-03-06 14:34:46 -05:00
3d7bc5958d
feat(onboarding): add web search to onboarding flow ( #34009 )
...
* add web search to onboarding flow
* remove post onboarding step (now redundant)
* post-onboarding nudge if no web search set up
* address comments
* fix test mocking
* add enabled: false assertion to the no-key test
* --skip-search cli flag
* use provider that a user has a key for
* add assertions, replace the duplicated switch blocks
* test for quickstart fast-path with existing config key
* address comments
* cover quickstart falls through to key test
* bring back key source
* normalize secret inputs instead of direct string trimming
* preserve enabled: false if it's already set
* handle missing API keys in flow
* doc updates
* hasExistingKey to detect both plaintext strings and SecretRef objects
* preserve enabled state only on the "keep current" paths
* add test for preserving
* better gate flows
* guard against invalid provider values in config
* Update src/commands/configure.wizard.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* format fix
* only mentions env var when it's actually available
* search apiKey fields now typed as SecretInput
* if no provider check if any search provider key is detectable
* handle both kimi keys
* remove .filter(Boolean)
* do not disable web_search after user enables it
* update resolveSearchProvider
* fix(onboarding): skip search key prompt in ref mode
* fix: add onboarding web search step (#34009 ) (thanks @kesku)
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Shadow <hi@shadowing.dev>
2026-03-06 13:09:00 -06:00
57f19f0d5c
container builds: opt-in extension deps via OPENCLAW_EXTENSIONS build arg ( #32223 )
...
* Docker: opt-in extension deps via OPENCLAW_EXTENSIONS build arg
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: sallyom <somalley@redhat.com>
* CI: clarify extension smoke scope
* Tests: allow digest-pinned multi-stage FROM lines
* Changelog: note container extension preinstall option
---------
Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-06 12:18:42 -05:00
9aceb51379
Gateway: normalize HEIC input_image sources ( #38122 )
...
* Media: normalize HEIC input images
* Gateway: accept HEIC image input schema
* Media: add HEIC input normalization tests
* Gateway: cover HEIC input schema parity
* Docs: document HEIC input image support
* Changelog: note HEIC input image fix
2026-03-06 11:19:36 -05:00
f392b81e95
Infra: require explicit opt-in for prerelease npm installs ( #38117 )
...
* Infra: tighten npm registry spec parsing
* Infra: block implicit prerelease npm installs
* Plugins: cover prerelease install policy
* Infra: add npm registry spec tests
* Hooks: cover prerelease install policy
* Docs: clarify plugin guide version policy
* Docs: clarify plugin install version policy
* Docs: clarify hooks install version policy
* Docs: clarify hook pack version policy
2026-03-06 11:13:30 -05:00
222d635aee
WhatsApp: honor outbound mediaMaxMb ( #38097 )
...
* WhatsApp: add media cap helper
* WhatsApp: cap outbound media loads
* WhatsApp: align auto-reply media caps
* WhatsApp: add outbound media cap test
* WhatsApp: update auto-reply cap tests
* Docs: update WhatsApp media caps
* Changelog: note WhatsApp media cap fix
2026-03-06 11:08:15 -05:00
7c45d918bf
Docs: align BlueBubbles media cap wording
2026-03-06 10:59:05 -05:00
9c1786bdd6
Telegram/Discord: honor outbound mediaMaxMb uploads ( #38065 )
...
* Telegram: default media cap to 100MB
* Telegram: honor outbound mediaMaxMb
* Discord: add shared media upload cap
* Discord: pass mediaMaxMb to outbound sends
* Telegram: cover outbound media cap sends
* Discord: cover media upload cap config
* Docs: update Telegram media cap guide
* Docs: update Telegram config reference
* Changelog: note media upload cap fix
* Docs: note Discord upload cap behavior
2026-03-06 10:53:06 -05:00
151f26070b
docs: context engine
2026-03-06 08:55:58 -05:00
5470337b1c
docs(config): list the context engine plugin slot
2026-03-06 08:53:30 -05:00
7cc3376f07
docs(plugins): add context-engine manifest kind example
2026-03-06 08:53:30 -05:00
eb2eebae22
docs(plugins): document context engine slots and registration
2026-03-06 08:53:30 -05:00
f788ba142a
docs(protocol): document slash-delimited schema lookup plugin ids
2026-03-06 08:53:29 -05:00
e88f6605ec
docs(tools): document slash-delimited config schema lookup paths
2026-03-06 08:53:29 -05:00
4a80d48ea9
fix(mattermost): allow reachable interaction callback URLs ( #37543 )
...
Merged via squash.
Prepared head SHA: 4d593731be
2026-03-06 15:27:47 +05:30
ff97195500
Gateway: add path-scoped config schema lookup ( #37266 )
...
Merged via squash.
Prepared head SHA: 0c4d187f6f
2026-03-06 02:50:48 -05:00
0e4245063f
CLI: make read-only SecretRef status flows degrade safely ( #37023 )
...
* CLI: add read-only SecretRef inspection
* CLI: fix read-only SecretRef status regressions
* CLI: preserve read-only SecretRef status fallbacks
* Docs: document read-only channel inspection hook
* CLI: preserve audit coverage for read-only SecretRefs
* CLI: fix read-only status account selection
* CLI: fix targeted gateway fallback analysis
* CLI: fix Slack HTTP read-only inspection
* CLI: align audit credential status checks
* CLI: restore Telegram read-only fallback semantics
2026-03-05 23:07:13 -06:00
5d4b04040d
feat(openai): add gpt-5.4 support for API and Codex OAuth ( #36590 )
...
* feat(openai): add gpt-5.4 support and priority processing
* feat(openai-codex): add gpt-5.4 oauth support
* fix(openai): preserve provider overrides in gpt-5.4 fallback
* fix(openai-codex): keep xhigh for gpt-5.4 default
* fix(models): preserve configured overrides in list output
* fix(models): close gpt-5.4 integration gaps
* fix(openai): scope service tier to public api
* fix(openai): complete prep followups for gpt-5.4 support (#36590 ) (thanks @dorukardahan)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-03-05 21:01:37 -08:00
8c85ad540a
fix: remove config.schema from agent gateway tool ( #7382 )
...
Merged via squash.
Prepared head SHA: f34a778069
2026-03-05 23:53:08 -05:00
81b93b9ce0
fix(subagents): announce delivery with descendant gating, frozen result refresh, and cron retry ( #35080 )
...
Thanks @tyler6204
2026-03-05 19:20:24 -08:00
71ec42127d
feat(hooks): emit compaction lifecycle hooks ( #16788 )
2026-03-05 19:08:26 -08:00
d58dafae88
feat(telegram/acp): Topic Binding, Pin Binding Message, Fix Spawn Param Parsing ( #36683 )
...
* fix(acp): normalize unicode flags and Telegram topic binding
* feat(telegram/acp): restore topic-bound ACP and session bindings
* fix(acpx): clarify permission-denied guidance
* feat(telegram/acp): pin spawn bind notice in topics
* docs(telegram): document ACP topic thread binding behavior
* refactor(reply): share Telegram conversation-id resolver
* fix(telegram/acp): preserve bound session routing semantics
* fix(telegram): respect binding persistence and expiry reporting
* refactor(telegram): simplify binding lifecycle persistence
* fix(telegram): bind acp spawns in direct messages
* fix: document telegram ACP topic binding changelog (#36683 ) (thanks @huntharo)
---------
Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
2026-03-06 02:17:50 +01:00
1a67cf57e3
Diffs: restore system prompt guidance ( #36904 )
...
Merged via squash.
Prepared head SHA: 1b3be3c879
2026-03-05 19:46:39 -05:00
6dfd39c32f
Harden Telegram poll gating and schema consistency ( #36547 )
...
Merged via squash.
Prepared head SHA: f77824419e
2026-03-05 19:24:43 -05:00
688b72e158
plugins: enforce prompt hook policy with runtime validation ( #36567 )
...
Merged via squash.
Prepared head SHA: 6b9d883b6a
2026-03-05 18:15:54 -05:00
Peter Steinberger
Vincent Koc
Josh Lehman
Tak Hoffman
Gustavo Madeira Santana
Josh Avant
Val Alexander
Harold Hunt
Jonathan Jing
stim64045-spec
Ayaan Zaidi
Radek Sienkiewicz
Onur Solmaz
Tomáš Dinh
Ace Lee
George Zhang
Onur
Nimrod Gutman
kkhomej33-netizen
Eyal En Gad
Keelan Fadden-Hopper
Alex Zaytsev
Jealous
Bruce MacDonald
liyuan97
Altay
Teconomix
Sally O'Malley
Luke
Xaden Ryan
Neerav Makwana
Bill Chirico
Pejman Pour-Moezzi
Mariano
Mariano
Kesku
Tyler Yust
shichangs
shrey150
Rémi
GitBuck
Ayaan Zaidi
dano does design
Charles Dusek
arceus77-7
Florian Hines
Jason
Efe Büken
AngryBird
Muhammed Mukhthar CM
dorukardahan
Hinata Kaga (samon)