nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,894 Commits 812 Branches 84 Tags 6 GiB
Commit Graph

13981 Commits

Author SHA1 Message Date
Peter Steinberger 725a2cc2ca test: expand gemini live transcript stripping 2026-03-23 23:01:22 +00:00
Peter Steinberger 67dbb1ad42 test: update command coverage 2026-03-23 23:01:22 +00:00
Peter Steinberger d67efbfbd3 test: stabilize test isolation 2026-03-23 23:01:22 +00:00
Sally O'Malley ae336d1602
Doctor: prune stale plugin allowlist and entry refs (#53187) 
Signed-off-by: sallyom <somalley@redhat.com>
 2026-03-23 18:58:54 -04:00
Vincent Koc 03231c0633
fix(auth): prevent stale auth store reverts (#53211) 2026-03-23 15:56:46 -07:00
Peter Steinberger 47bdc36831 test: make update-cli checkout path assertion platform-safe 2026-03-23 22:54:32 +00:00
Robin Waslander fb6588cb99
fix(diagnostics): redact credentials from cache-trace diagnostic output 
Refs #53103
 2026-03-23 22:59:09 +01:00
George Zhang ade0182ae0
feat(modelstudio): add standard (pay-as-you-go) DashScope endpoints for Qwen (#43878) 
Add Standard API Key auth methods for China (dashscope.aliyuncs.com)
and Global/Intl (dashscope-intl.aliyuncs.com) pay-as-you-go endpoints
alongside the existing Coding Plan (subscription) endpoints.

Also updates group label to 'Qwen (Alibaba Cloud Model Studio)' and
fixes glm-4.7 -> glm-5 in Coding Plan note messages.

Co-authored-by: wenmeng zhou <wenmengzhou@users.noreply.github.com>
 2026-03-23 14:35:19 -07:00
Ayush Ojha 64f4df1886
fix: generalize api_error detection for fallback model triggering (#49611) 
Co-authored-by: Ayush Ojha <7945279+ayushozha@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
 2026-03-24 00:34:27 +03:00
Vincent Koc 3814f956d1
Infra: tighten shell-wrapper positional-argv allowlist matching (#53133) 
* Infra: tighten shell carrier allowlist matching

* fix(security): tighten shell carrier allowlist matcher
 2026-03-23 14:11:38 -07:00
theo674 dbe7da7684
fix: prevent delivery-mirror re-delivery and raise Slack chunk limit (#45489) 
Merged via squash.

Prepared head SHA: c7664c7b6e
Co-authored-by: theo674 <261068216+theo674@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-24 00:11:19 +03:00
Altay a53715e9d0
test(auth): align device scope expectations (#53151) 2026-03-23 23:56:02 +03:00
Vincent Koc c1131ba7e0 fix(plugins): accept clawhub uninstall specs 2026-03-23 13:52:27 -07:00
Vincent Koc 34c57487b4
fix(subagents): recheck timed-out announce waits (#53127) 
Recheck timed-out subagent announce waits against the latest runtime snapshot before announcing timeout, and keep that recheck best-effort so transient gateway failures do not suppress the announcement.

Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com>
 2026-03-23 15:36:49 -05:00
Nimrod Gutman b98f3634c4
fix(memory): bootstrap lancedb runtime on demand (#53111) 
Bootstrap LanceDB into plugin runtime state on first use for packaged/global installs, keep @lancedb/lancedb plugin-local, and add regression coverage for bundled, cached, retry, and Nix fail-fast runtime paths.

Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com>
 2026-03-23 15:07:24 -05:00
Vincent Koc 13e81870bb fix(agents): prefer runtime snapshot for skill secrets 2026-03-23 13:04:12 -07:00
Peter Steinberger 6c58277577
build: prepare 2026.3.23 2026-03-23 12:58:00 -07:00
Val Alexander 3e2b3bd2c5
Fix Control UI operator.read scope handling (#53110) 
Preserve Control UI scopes through the device-auth bypass path, normalize implied operator device-auth scopes, ignore cached under-scoped operator tokens, and degrade read-backed main pages gracefully when a connection truly lacks operator.read.

Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com>
 2026-03-23 14:57:21 -05:00
Peter Steinberger e599c66277
test: harden canvas host undici isolation 2026-03-23 11:54:49 -07:00
Peter Steinberger 870b0d216a
build: prepare 2026.3.23-beta.1 2026-03-23 11:54:49 -07:00
Vincent Koc 8fa91d283b fix(cli): preserve posix default git dir 2026-03-23 11:49:55 -07:00
Val Alexander 7a459045de
fix packaged control ui asset lookup (#53081) 2026-03-23 13:45:04 -05:00
Peter Steinberger 323ae73b30
fix: bound tracked debounce key accounting 2026-03-23 11:33:06 -07:00
scoootscooob cdc8bac466
fix(discord): reply on native command auth failures (#53072) 2026-03-23 11:20:58 -07:00
Peter Steinberger 1b69d9ee1a fix: preserve debounce and followup ordering (#52998) (thanks @osolmaz) 2026-03-23 11:11:06 -07:00
Vincent Koc 9b7cfd0bea fix(inbound): bound tracked debounce keys 2026-03-23 11:11:06 -07:00
Vincent Koc 02e07a157d fix(reply): clear idle followup callbacks 2026-03-23 11:11:06 -07:00
Vincent Koc 3de42e946a fix(reply): preserve no-debounce inbound concurrency 2026-03-23 11:11:06 -07:00
Vincent Koc a35dcf608e fix(reply): refresh followup drain callbacks 2026-03-23 11:11:06 -07:00
Onur Solmaz bcaadc39ea Telegram: fix fire-and-forget debounce order 2026-03-23 11:11:06 -07:00
Onur Solmaz 9a34a602bd Telegram: preserve inbound debounce order 2026-03-23 11:11:06 -07:00
Vincent Koc b15462ebaf Revert "fix(plugins): enable bundled Brave web search plugin by default (#52072)" 
This reverts commit 0ea3c4d5d8.
 2026-03-23 11:04:02 -07:00
Quinn H. 0ea3c4d5d8
fix(plugins): enable bundled Brave web search plugin by default (#52072) 
Brave is a bundled web search plugin but was missing from
BUNDLED_ENABLED_BY_DEFAULT, causing it to be filtered out during
provider resolution. This made web_search unavailable even when
plugins.entries.brave.enabled was configured.

Fixes #51937

Co-authored-by: Ubuntu <ubuntu@ip-172-26-10-234.us-west-2.compute.internal>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-23 11:01:02 -07:00
Vincent Koc dd586d59ed
fix(mistral): repair max-token defaults and doctor migration (#53054) 
* fix(mistral): repair max-token defaults and doctor migration

* fix(mistral): add missing small-model repair cap
 2026-03-23 10:57:56 -07:00
Peter Steinberger ffb287e1de
fix: harden update dev switch and refresh changelog 2026-03-23 10:56:35 -07:00
Peter Steinberger f9a7427e8e
test: refresh thread-safe agent fixtures 2026-03-23 10:47:02 -07:00
Vincent Koc 2592eb0796
fix(gateway): guard openrouter auto pricing recursion (#53055) 2026-03-23 10:43:01 -07:00
Vincent Koc 3fe2f0a550 docs: fix CLI command tree, SDK import path, and tool group listing 
- Remove non-existent 'secrets migrate' from CLI command tree
- Add actual secrets subcommands: audit, configure, apply
- Add missing plugin subcommands: inspect, uninstall, update, marketplace list
- Fix plugins info -> inspect (actual command name)
- Add message send and broadcast subcommands to command tree
- Remove misleading deprecated import from sdk-overview
- Add sessions_yield and subagents to group:sessions tool group docs
- Fix formatting
 2026-03-23 10:40:41 -07:00
Jamil Zakirov 921a147196
Agents: fix runtime web_search provider selection (#53020) 
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-23 10:30:45 -07:00
scoootscooob df18063260 fix(clawhub): preserve XDG auth path on macOS 2026-03-23 10:21:28 -07:00
scoootscooob 5b09463bc3
fix(clawhub): honor macOS auth config path (#53034) 2026-03-23 10:14:23 -07:00
Vincent Koc b4dd600b37 fix(browser): reuse running loopback browser after probe miss 2026-03-23 10:05:26 -07:00
Vincent Koc a1df10caac fix(config): ignore stale plugin allow entries 2026-03-23 09:57:46 -07:00
Luke d98e3a1ea9
Tests: fix fresh-main regressions (#53011) 
* Tests: fix fresh-main regressions

* Tests: avoid chat notice cache priming

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-23 09:54:50 -07:00
Vincent Koc 071de383ff
fix(clawhub): resolve auth token for skill browsing (#53017) 
* fix(clawhub): resolve auth token for skill browsing

* docs(changelog): note clawhub skill auth fix
 2026-03-23 09:53:40 -07:00
Vincent Koc d5dc6b6573 fix(gateway): require auth for canvas routes 2026-03-23 09:31:40 -07:00
Vincent Koc 50f6a2f136 fix(gateway): require admin for agent session reset 2026-03-23 09:31:39 -07:00
Nimrod Gutman 041c47419f
fix(channels): preserve external catalog overrides (#52988) 
* fix(channels): preserve external catalog overrides

* fix(channels): clarify catalog precedence

* fix(channels): respect overridden install specs
 2026-03-23 18:08:17 +02:00
Vincent Koc 93df5f613e fix(gateway): avoid probe false negatives after connect 2026-03-23 08:49:31 -07:00
Vincent Koc beadd4c553 fix(gateway): harden supervised lock and browser attach readiness 2026-03-23 08:42:00 -07:00
Nimrod Gutman b84a130788
fix(release): preserve shipped channel surfaces in npm tar (#52913) 
* fix(channels): ship official channel catalog (#52838)

* fix(release): keep shipped bundles in npm tar (#52838)

* build(release): fix rebased release-check helpers (#52838)
 2026-03-23 17:39:22 +02:00
Vincent Koc 7299b42e2a fix(config): keep built-in auto-enable idempotent 2026-03-23 08:34:37 -07:00
Vincent Koc e68cbea5b4
fix(config): keep built-in channels out of plugin allowlists (#52964) 
* fix(config): keep built-in channels out of plugin allowlists

* docs(changelog): note doctor whatsapp allowlist fix

* docs(changelog): move doctor whatsapp fix to top
 2026-03-23 08:26:51 -07:00
Vincent Koc 70b235f312 fix(release): ship bundled plugins in pack artifacts 2026-03-23 08:22:00 -07:00
Vincent Koc 31675d65d4
fix(agents): preserve anthropic thinking block order (#52961) 2026-03-23 08:18:15 -07:00
Sathvik Veerapaneni d2e8ed3632
fix: keep session transcript pointers fresh after compaction (#50688) 
Co-authored-by: Frank Yang <frank.ekn@gmail.com>
 2026-03-23 22:58:07 +08:00
Peter Steinberger 05e31eb9ff test: stabilize channel ci gate 2026-03-23 14:32:10 +00:00
wangchunyue 4e849ac127
fix: ensure env proxy dispatcher before MiniMax and OpenAI Codex OAuth flows (openclaw#52228) 
Verified:
- pnpm install --frozen-lockfile
- NPM_CONFIG_CACHE=/tmp/openclaw-npm-cache-52228 pnpm build
- pnpm check
- pnpm test:macmini (failed on inherited pre-existing plugin contract test: src/plugins/contracts/registry.contract.test.ts missing deepseek in bundled provider contract registry outside this PR surface)

Co-authored-by: openperf <80630709+openperf@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-23 09:26:34 -05:00
Peter Steinberger b393effba6 test: harden channel suite isolation 2026-03-23 12:57:43 +00:00
Peter Steinberger 949d6be1d1
test: fix status plugin pagination expectation 2026-03-23 05:51:19 -07:00
Peter Steinberger 383c61e305
test: stabilize gateway thread harness 2026-03-23 05:44:34 -07:00
Peter Steinberger 41850c3880
refactor: isolate attempt context engine thread helpers 2026-03-23 05:27:44 -07:00
Peter Steinberger 76dc854963
test: remove replaced spawn-workspace monolith 2026-03-23 05:21:59 -07:00
Peter Steinberger 4e661d5c4b
test: split attempt spawn-workspace thread fixtures 2026-03-23 05:21:59 -07:00
Peter Steinberger 9f2330363e fix: refactor deepseek bundled plugin (#48762) (thanks @07akioni) 2026-03-23 05:06:07 -07:00
Bakhtier Sizhaev a0cb443aa3
fix: document Telegram asDocument alias (#52461) (thanks @bakhtiersizhaev) 
* feat(telegram): add asDocument param to message tool

Adds `asDocument` as a user-facing alias for the existing `forceDocument`
parameter in the message tool. When set to `true`, media files (images,
videos, GIFs) are sent via `sendDocument` instead of `sendPhoto`/
`sendVideo`/`sendAnimation`, preserving the original file quality
without Telegram compression.

This is useful when agents need to deliver high-resolution images or
uncompressed files to users via Telegram.

`asDocument` is intentionally an alias rather than a replacement — the
existing `forceDocument` continues to work unchanged.

Changes:
- src/agents/tools/message-tool.ts: add asDocument to send schema
- src/agents/tools/telegram-actions.ts: OR asDocument into forceDocument
- src/infra/outbound/message-action-runner.ts: same OR logic for outbound path
- extensions/telegram/src/channel-actions.ts: read and forward asDocument
- src/channels/plugins/actions/actions.test.ts: add test case

* fix: restore channel-actions.ts to main version (rebase conflict fix)

* fix(test): match asDocument test payload to actual params structure

* fix(telegram): preserve forceDocument alias semantics

* fix: document Telegram asDocument alias (#52461) (thanks @bakhtiersizhaev)

---------

Co-authored-by: Бахтиер Сижаев <bkh@MacBook-Air.local>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-23 17:32:46 +05:30
Peter Steinberger 47db5abece
test: inject thread-safe base seams 2026-03-23 04:59:15 -07:00
Peter Steinberger e84ca730a3 test: stabilize e2e module isolation 2026-03-23 11:46:54 +00:00
Peter Steinberger 4f92eaad37
test: inject image-tool provider deps for raw threads 2026-03-23 04:40:58 -07:00
Peter Steinberger a6c7ad84ba
build: prepare 2026.3.23 2026-03-23 04:40:13 -07:00
Peter Steinberger 6a3d4f9fad
test: isolate pi model and reset-model thread fixtures 2026-03-23 04:36:06 -07:00
Peter Steinberger 6bcd9a801a
test: inject thread-safe gateway and ACP seams 2026-03-23 04:34:42 -07:00
Peter Steinberger d841d02439 ci: stabilize windows and bun unit lanes 2026-03-23 11:28:25 +00:00
Peter Steinberger adf63eba9f test: raise timeout for slow provider auth normalization 2026-03-23 11:19:26 +00:00
Peter Steinberger f182c3a292
test: inject thread-safe deps for agent tools 2026-03-23 04:16:53 -07:00
Peter Steinberger fc9739313c test: harden channel suite isolation 2026-03-23 11:09:12 +00:00
Peter Steinberger e7d11f6c33
build: prepare 2026.3.22 2026-03-23 04:08:15 -07:00
Peter Steinberger 6f048f59cb test: stabilize trigger handling and hook e2e tests 2026-03-23 11:06:24 +00:00
Peter Steinberger b9efba1faf test: target gemini 3.1 flash alias 2026-03-23 10:59:12 +00:00
Peter Steinberger 4dcc39c25c test: snapshot ci timeout investigation 2026-03-23 10:44:34 +00:00
Peter Steinberger 6e012d7feb
test: inject model runtime hooks for thread-safe tests 2026-03-23 03:25:42 -07:00
Peter Steinberger 2df10e81c8
test: isolate server-context browser harness imports 2026-03-23 03:23:30 -07:00
Peter Steinberger a0ad47440a test: stabilize live provider docker probes 2026-03-23 10:16:06 +00:00
Peter Steinberger 3ff2f85bad
fix: stop browser server tests from launching real chrome 2026-03-23 03:15:02 -07:00
Peter Steinberger 203eebec2f
test: split pi embedded model thread fixtures 2026-03-23 02:54:10 -07:00
Peter Steinberger 8067ae50fa fix: restore provider runtime lazy boundary 2026-03-23 09:35:18 +00:00
Peter Steinberger d8d545bac1
build: prepare 2026.3.22-beta.1 2026-03-23 02:34:30 -07:00
Julia Bush e94ebfa084
fix: harden gateway SIGTERM shutdown (#51242) (thanks @juliabush) 
* fix: increase shutdown timeout to avoid SIGTERM hang

* fix(telegram): abort polling fetch on shutdown to prevent SIGTERM hang

* fix(gateway): enforce hard exit on shutdown timeout for SIGTERM

* fix: tighten gateway shutdown watchdog

* fix: harden gateway SIGTERM shutdown (#51242) (thanks @juliabush)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-23 15:01:42 +05:30
Peter Steinberger 75b65c2a35 fix: restore provider runtime lazy boundary 2026-03-23 09:24:20 +00:00
Peter Steinberger 7a92d43d9a
test: isolate pi embedded model thread fixtures 2026-03-23 02:22:31 -07:00
Peter Steinberger 7ba28d6dba fix: repair runtime seams after rebase 2026-03-23 09:14:17 +00:00
Peter Steinberger 2a06097184
test: update codex test fixtures to gpt-5.4 2026-03-23 02:14:00 -07:00
RichardCao a835c200f3
fix(status): recompute fallback context window (#51795) 
* fix(status): recompute fallback context window

* fix(status): keep live context token caps on fallback

* fix(status): preserve fallback runtime context windows

* fix(status): preserve configured fallback context caps

* fix(status): keep provider-aware transcript context lookups

* fix(status): preserve explicit fallback context caps

* fix(status): clamp fallback configured context caps

* fix(status): keep raw runtime slash ids

* fix(status): refresh plugin-sdk api baseline

* fix(status): preserve fallback context lookup

* test(status): refresh plugin-sdk api baseline

* fix(status): keep runtime slash-id context lookup

---------

Co-authored-by: create <create@createdeMacBook-Pro.local>
Co-authored-by: Frank Yang <frank.ekn@gmail.com>
Co-authored-by: RichardCao <RichardCao@users.noreply.github.com>
 2026-03-23 17:08:48 +08:00
Frank Yang b186d9847c
fix(memory-core): register memory tools independently to prevent coupled failure (#52668) 
Merged via admin squash because current required CI failures are inherited from base and match latest `main` failures outside this PR's `memory-core` surface.

Prepared head SHA: df7f968581
Co-authored-by: artwalker <44759507+artwalker@users.noreply.github.com>
Reviewed-by: @frankekn
 2026-03-23 17:05:37 +08:00
Peter Steinberger a381e0d115 style: format image-generation runtime tests 2026-03-23 09:04:36 +00:00
Peter Steinberger a4367eb656
test: finish no-isolate suite hardening 2026-03-23 02:02:03 -07:00
Peter Steinberger 4ea014d581 fix: align websocket stream fallback types 2026-03-23 08:59:16 +00:00
Peter Steinberger fb602c9b02 test: harden ci isolated mocks 2026-03-23 08:53:35 +00:00
Peter Steinberger d44a399ae0
fix: alphabetize web search provider listings 2026-03-23 01:46:47 -07:00
Peter Steinberger 7cee097df9
test: harden no-isolate mocked module resets 2026-03-23 01:33:47 -07:00
Peter Steinberger abf2157b18
fix: sync agent and autoreply e2e updates 2026-03-23 01:33:40 -07:00
Peter Steinberger f64f3fdb53
test: isolate base vitest thread blockers 2026-03-23 01:26:31 -07:00
Peter Steinberger 94f397bc5f
test: stop leaking image workspace temp dirs 2026-03-23 01:23:10 -07:00
Onur Solmaz fe459c9084
ACPX: align pinned runtime version (#52730) 
* ACPX: align pinned runtime version

* ACPX: drop version example from help text
 2026-03-23 09:21:57 +01:00
Vincent Koc 6c60a3773a chore(plugins): remove opik investigation checkpoints 2026-03-23 01:21:19 -07:00
Peter Steinberger db5369f5f9
test: harden isolated test mocks 2026-03-23 01:13:08 -07:00
Peter Steinberger a60672b708 test: fix channel summary registry setup 2026-03-23 08:07:44 +00:00
Vincent Koc d22279d2e8 fix(plugins): preserve live hook registry during gateway runs 2026-03-23 01:05:13 -07:00
Peter Steinberger 9105b3723d
test: harden no-isolate test module resets 2026-03-23 01:02:16 -07:00
Peter Steinberger 771a78cc77 test: stabilize ci test harnesses 2026-03-23 07:58:34 +00:00
Peter Steinberger dc90d3b1d3
refactor(media): share local file access guards 2026-03-23 00:58:23 -07:00
Peter Steinberger eac93507c3
fix(browser): enforce node browser proxy allowProfiles 2026-03-23 00:56:44 -07:00
Peter Steinberger 3fd5d13315 test: fix ci docs drift and bun qr exit handling 2026-03-23 07:41:23 +00:00
Peter Steinberger ff54c02b7d test: narrow live transcript scaffolding strip 2026-03-23 07:41:18 +00:00
Peter Steinberger fe5819887b
refactor(gateway): centralize discovery target handling 2026-03-23 00:38:31 -07:00
Peter Steinberger 5f05c92922
test: harden no-isolate reply teardown 2026-03-23 00:37:32 -07:00
Peter Steinberger 93880717f1
fix(media): harden secondary local path seams 2026-03-23 00:29:46 -07:00
Peter Steinberger 4fd7feb0fd
fix(media): block remote-host file URLs in loaders 2026-03-23 00:29:46 -07:00
Peter Steinberger abbd1b6b8a
feat: add slash plugin installs 2026-03-23 00:29:20 -07:00
Peter Steinberger deecf68b59
fix(gateway): fail closed on unresolved discovery endpoints 2026-03-23 00:27:37 -07:00
Vincent Koc 83e715cdaa fix(plugin-sdk): normalize hashed diagnostic event exports 2026-03-23 00:24:47 -07:00
Vincent Koc b23e9c577d fix(plugin-sdk): resolve hashed diagnostic events chunks 2026-03-23 00:18:19 -07:00
Peter Steinberger 04c69ea3a0
refactor: reuse canonical setup bootstrap profile 2026-03-23 00:15:55 -07:00
Peter Steinberger 6686f1cb2c
refactor: centralize bootstrap profile handling 2026-03-23 00:15:55 -07:00
scoootscooob 43557668d2 Infra: support shell carrier allow-always approvals 2026-03-23 00:14:58 -07:00
Peter Steinberger fe3663a9fe
refactor: remove embedded runner cwd mutation 2026-03-23 00:11:55 -07:00
Peter Steinberger 4a26f10f68
docs: sync minimax m2.7 references 2026-03-23 00:02:35 -07:00
Peter Steinberger 80cd8cd6be
refactor: unify minimax model and failover live policies 2026-03-23 00:02:35 -07:00
Peter Steinberger a600c72ed7
fix: bind bootstrap setup codes to node profile 2026-03-22 23:57:15 -07:00
scoootscooob 4580d585ff Gateway: resolve fallback plugin context lazily 2026-03-22 23:52:21 -07:00
Peter Steinberger 47186c50a2 fix(ci): restore stale guardrails and baselines 2026-03-23 06:50:23 +00:00
Peter Steinberger 202b588db5
fix: harden plugin docker e2e 2026-03-22 23:42:34 -07:00
Peter Steinberger d2a1b24b83 test: honor env auth in gateway live probes 2026-03-23 06:42:09 +00:00
Peter Steinberger 37c2166f52
test: finish base vitest thread fixture fixes 2026-03-22 23:37:31 -07:00
Peter Steinberger 3fac0d11fa
test: fix base vitest thread regressions 2026-03-22 23:37:31 -07:00
Peter Steinberger c42cb1ca66
refactor: audit synology dangerous name matching 2026-03-22 23:32:22 -07:00
Peter Steinberger 677a821a2f
refactor: centralize synology dangerous name matching 2026-03-22 23:32:21 -07:00
Peter Steinberger cef7d14861
refactor(exec): rename wrapper plans for trust semantics 2026-03-22 23:18:54 -07:00
Peter Steinberger 0b40ec38ab
refactor(exec): share wrapper trust planning 2026-03-22 23:18:54 -07:00
Peter Steinberger 6ba5595004
refactor(exec): make dispatch wrapper semantics spec-driven 2026-03-22 23:18:54 -07:00
Peter Steinberger c041f8587b
refactor(exec): split wrapper resolution modules 2026-03-22 23:18:54 -07:00
Peter Steinberger 55ad5d7bd7
fix(security): harden explicit-proxy SSRF pinning 2026-03-22 23:05:42 -07:00
Peter Steinberger f52eb934d6
fix(security): unify dispatch wrapper approval hardening 2026-03-22 23:01:49 -07:00
Peter Steinberger 72e58ca260
test(models): refresh example model fixtures 2026-03-22 23:00:18 -07:00
Peter Steinberger 4d50084c6e
fix(exec): escape invisible approval filler chars 2026-03-22 22:52:14 -07:00
Peter Steinberger c036e4d176
fix: restrict remote marketplace plugin sources 2026-03-22 22:47:08 -07:00
Peter Steinberger 09faed6bd8
fix(gateway): gate internal command persistence mutations 2026-03-22 22:46:49 -07:00
Peter Steinberger 81445a9010
fix(media): bound remote error-body snippet reads 2026-03-22 22:43:42 -07:00
Vincent Koc fd5555d5be fix(runtime): make dist-runtime staging idempotent 2026-03-22 22:41:27 -07:00
Peter Steinberger a55f371cc5 fix(ci): skip docs-only preflight pnpm audit 2026-03-23 05:29:27 +00:00
Vincent Koc be3a2e2eb6 fix(plugin-sdk): fall back to src root alias files 2026-03-22 22:26:18 -07:00
Peter Steinberger 39409b6a6d
fix(security): unwrap time dispatch wrappers 2026-03-22 22:25:57 -07:00
Peter Steinberger af9de86286 perf: trim vitest hot imports and refresh manifests 2026-03-23 05:25:05 +00:00
Peter Steinberger 7fcbf383d8
fix(ci): write dist build stamp after builds 2026-03-22 22:23:25 -07:00
Peter Steinberger ea579ef858
fix(gateway): preserve async hook ingress provenance 2026-03-22 22:21:49 -07:00
Peter Steinberger c5a941a506
refactor!: remove moltbot state-dir migration fallback 2026-03-22 22:19:35 -07:00
Peter Steinberger 6b9915a106
refactor!: drop legacy CLAWDBOT env compatibility 2026-03-22 22:13:39 -07:00
oliviareid-svg 5ff60cc39f
fix(build): add stable memory-cli dist entry (#51759) 
Co-authored-by: oliviareid-svg <269669958+oliviareid-svg@users.noreply.github.com>
Co-authored-by: Frank <vibespecs@gmail.com>
 2026-03-23 13:11:06 +08:00
Rick_Xu 2fe1ff8ea8
Usage: include reset and deleted session archives (#43215) 
Merged via squash.

Prepared head SHA: 49ed6c2fa3
Co-authored-by: rcrick <23069968+rcrick@users.noreply.github.com>
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Reviewed-by: @frankekn
 2026-03-23 13:10:26 +08:00
Peter Steinberger 30ed4342b3
fix(agents): deny local MEDIA paths for MCP results 2026-03-22 22:10:13 -07:00
Vincent Koc d43e26e399 fix(web-search): mark DuckDuckGo experimental 2026-03-22 22:07:53 -07:00
Peter Steinberger 8791aaae2b
refactor: extract gateway install token helpers 2026-03-22 22:05:56 -07:00
Peter Steinberger c15282062f
refactor: split durable service env helpers 2026-03-22 22:05:56 -07:00
Vincent Koc c6ca11e5a5
feat(web-search): add DuckDuckGo bundled plugin (#52629) 
* feat(web-search): add DuckDuckGo bundled plugin

* chore(changelog): restore main changelog

* fix(web-search): harden DuckDuckGo challenge detection
 2026-03-22 22:05:33 -07:00
Peter Steinberger dc6c22b812 fix: narrow exec exit failure kind typing 2026-03-23 04:58:46 +00:00
Kevin ONeill dd860e76aa fix: normalize env var keys and isolate tests from real .env 
- Apply normalizeEnvVarKey({ portable: true }) before security
  filtering, matching the established pattern in env-vars.ts.
  Rejects non-portable key names (spaces, special chars) that
  would produce invalid plist/systemd syntax.

- Isolate existing tests from the developer's real ~/.openclaw/.env
  by providing a temp HOME directory, preventing flaky failures
  when the test machine has a populated .env file.
 2026-03-22 21:55:58 -07:00
Kevin ONeill 77ec7b4adf fix: include .env file vars in gateway service environment on install 
When building the gateway install plan, read and parse
~/.openclaw/.env (or $OPENCLAW_STATE_DIR/.env) and merge those
key-value pairs into the service environment at the lowest
priority — below config env vars, auth-profile refs, and the
core service environment (HOME, PATH, OPENCLAW_*).

This ensures that user-defined secrets stored in .env (e.g.
BRAVE_API_KEY, OPENROUTER_API_KEY, DISCORD_BOT_TOKEN) are
embedded in the LaunchAgent plist (macOS), systemd unit (Linux),
and Scheduled Task (Windows) at install time, rather than
relying solely on the gateway process loading them via
dotenv.config() at startup.

Previously, on macOS the LaunchAgent plist never included .env
vars, which meant:
- launchctl print did not show user secrets (hard to debug)
- Child processes spawned before dotenv loaded had no access
- If the same key existed in both .env and the plist, the stale
  plist value won via dotenv override:false semantics

Dangerous host env vars (NODE_OPTIONS, LD_PRELOAD, etc.) are
filtered using the same security policy applied to config env
vars.

Fixes #37101
Relates to #22663
 2026-03-22 21:55:58 -07:00
Vincent Koc 3afb6a2b95 fix(exec): accept runtime failure kind in formatter 2026-03-22 21:54:02 -07:00
Peter Steinberger 97e4f37171 fix: keep status --json stdout clean (#52449) (thanks @cgdusek) 2026-03-22 21:51:08 -07:00
Charles Dusek 03c4bacbfb fix(cli): route deferred plugin logs to stderr in status --json 2026-03-22 21:51:08 -07:00
Charles Dusek 0e1da034c2 fix(cli): route plugin logs to stderr during --json output 2026-03-22 21:51:08 -07:00
Peter Steinberger e001e8f2f8 test: isolate exec foreground failure coverage 2026-03-23 04:47:12 +00:00
Peter Steinberger 8e568142f6 refactor: extract exec outcome and tool result helpers 2026-03-23 04:47:12 +00:00
Vincent Koc 5f746422aa fix(plugin-sdk): fast-path root diagnostic subscriptions 2026-03-22 21:07:11 -07:00
Vincent Koc faae3e155d fix(whatsapp): remove outbound runtime cycle 2026-03-22 21:04:14 -07:00
Vincent Koc 1042b59471
feat(web-search): add bundled Exa plugin (#52617) 2026-03-22 20:57:33 -07:00
Vincent Koc f69062c16e fix(plugin-sdk): export line runtime subpath 2026-03-22 20:39:16 -07:00
Vincent Koc 8b667cbe44 fix(build): repair stale plugin sdk surfaces 2026-03-22 20:36:28 -07:00
Vincent Koc 1354f37c88
fix(plugins): route keyed queue imports through core (#52608) 2026-03-22 20:35:28 -07:00
Vincent Koc 04cd389ef8 fix(ci): repair voice-call typing and provider contracts 2026-03-22 20:17:01 -07:00
Vincent Koc d949dffc6e fix(ci): repair tts and matrix refactor fallout 2026-03-22 20:12:01 -07:00
Vincent Koc 59105fd614 fix(ci): restore plugin manifests and boundary tests 2026-03-22 20:01:25 -07:00
Vincent Koc ac0fd26e16 fix(ci): resync generated baselines and line runtime seam 2026-03-22 19:53:26 -07:00
Vincent Koc 32fdd21c80 fix(acp): preserve hidden thought replay on session load 2026-03-22 19:48:19 -07:00
Vincent Koc 742c005ac8 fix(acp): preserve hidden thought chunks from gateway chat 2026-03-22 19:43:19 -07:00
Vincent Koc a83b7bca15 refactor(plugin-sdk): route core provider and telegram seams through sdk barrels 2026-03-22 19:43:19 -07:00
Vincent Koc 02f8a86e5c refactor(kilocode): route shared model constants through core seam 2026-03-22 19:43:19 -07:00
Vincent Koc 3ad652fa9e fix(build): restore plugin-sdk and line compat after refactor 2026-03-22 19:37:27 -07:00
Vincent Koc c0933e2fc8 perf(reply): lazy-load session store writes 2026-03-22 19:32:24 -07:00
Peter Steinberger f8731b3d9d fix: finish exec tool failure landing (#52508) (thanks @martingarramon) 2026-03-22 19:19:07 -07:00
Martin Garramon 22c75a55b0 fix(exec): return plain-text tool result on failure instead of raw JSON 
When an exec command fails (e.g. timeout), the tool previously rejected
with an Error, which the tool adapter caught and wrapped in a JSON object
({ status, tool, error }). The model then received this raw JSON as the
tool result and could parrot it verbatim to the user.

Now exec failures resolve with a proper tool result containing the error
as human-readable text in content[], matching the success path structure.
The model sees plain text it can naturally incorporate into its reply.

Also fixes a pre-existing format issue in update-cli.test.ts.

Fixes #52484

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:19:07 -07:00
Peter Steinberger 24f77d7457 fix: finish gateway probe auth landing (#52513) (thanks @CodeForgeNet) 2026-03-22 19:14:44 -07:00
Peter Steinberger a02499b335 fix: finish gateway probe auth landing (#52513) (thanks @CodeForgeNet) 2026-03-22 19:14:44 -07:00
CodeForgeNet b2107d3503 fix(status): await resolveGatewayProbeAuthResolution in scan.shared 
Function is now async after switching to resolveGatewayProbeAuthSafeWithSecretInputs.
Missing await caused TS error: Property 'auth' does not exist on type 'Promise<...>'.
 2026-03-22 19:14:44 -07:00
CodeForgeNet 52acc57a61 fix(status): resolve only selected probe-auth branch and fix plain status path 
Address two Codex P1/P2 issues:

1. (P1) Plain 'openclaw status' and 'openclaw status --json' still went
   through the sync resolveGatewayProbeAuthSafe path in
   status.gateway-probe.ts, which cannot expand SecretRef objects.
   Switched to async resolveGatewayProbeAuthSafeWithSecretInputs.

2. (P2) status-all.ts was eagerly resolving both local and remote probe
   auth before deciding which to use. A stale SecretRef in the unused
   branch could abort the command. Collapsed to a single resolution
   call using the correct mode upfront.

Updated status.scan.test.ts to use mockResolvedValue since
resolveGatewayProbeAuthResolution is now async.
 2026-03-22 19:14:44 -07:00
CodeForgeNet 3595ecba45 fix(gateway): pass process.env in status command probe auth to resolve SecretRef 
Fixes #52360

resolveGatewayProbeAuthSafe was called from status-all.ts without an
env argument, causing the credential resolution chain to fall back to
an empty object instead of process.env. This made env-backed SecretRef
tokens (gateway.auth.token, Telegram botToken, etc.) appear unresolved
in the status command path even when the runtime was healthy.

Added process.env as default fallback in buildGatewayProbeCredentialPolicy
and passed env explicitly from status-all.ts callers.

Related: #33070, #38973, #39415, #46014, #49730
 2026-03-22 19:14:44 -07:00
Vincent Koc 042669d8c8 refactor(plugins): finish provider and whatsapp cleanup 2026-03-22 19:13:25 -07:00
Vincent Koc 2131981230 refactor(plugins): move remaining channel and provider ownership out of src 2026-03-22 19:13:25 -07:00
Vincent Koc 7bfa261c42 perf(reply): lazy-load media path normalization 2026-03-22 19:12:44 -07:00
Peter Steinberger f04b49ee3e
test: fix provider config typing drift 2026-03-22 19:10:43 -07:00