31b1b20b3c
docs: add WeChat community plugin listing
...
Add @icesword760/openclaw-wechat to the community plugins page.
This plugin connects OpenClaw to WeChat personal accounts via
WeChatPadPro (iPad protocol) with support for text, image, and
file exchange.
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-24 08:41:28 -06:00
8cc841766c
docs(security): enumerate dangerous config parameters
2026-02-24 14:25:43 +00:00
4d124e4a9b
feat(security): warn on likely multi-user trust-model mismatch
2026-02-24 14:03:19 +00:00
2bad30b4d3
chore(release): bump version to 2026.2.24
2026-02-24 13:42:43 +00:00
8ea936cdda
docs: clarify prompt caching intro
2026-02-24 05:22:00 +00:00
8c5cf2d5b2
docs(subagents): document default runTimeoutSeconds config ( #24594 ) (thanks @mitchmcalister)
2026-02-24 04:22:43 +00:00
1fdaaaedd3
Docs: clarify Chrome extension relay port derivation (gateway + 3)
2026-02-24 04:16:08 +00:00
aea28e26fb
fix(auto-reply): expand standalone stop phrases
2026-02-24 04:02:43 +00:00
a67689a7e3
fix: harden allow-always shell multiplexer wrapper handling
2026-02-24 03:06:51 +00:00
1d28da55a5
fix(voice-call): block Twilio webhook replay and stale transitions
2026-02-24 02:37:24 +00:00
5239b55c0a
Config: expand Kilo catalog and persist selected Kilo models ( #24921 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f5a7e1a385
2026-02-23 21:17:37 -05:00
6c441ea797
fix: support legacy and beta prerelease version formats
2026-02-24 02:05:37 +00:00
223d7dc23d
feat(gateway)!: require explicit non-loopback control-ui origins
2026-02-24 01:57:11 +00:00
5eb72ab769
fix(security): harden browser SSRF defaults and migrate legacy key
2026-02-24 01:52:01 +00:00
f0f886ecc4
docs(security): clarify gateway-node trust boundary in docs
2026-02-24 01:35:44 +00:00
12cc754332
fix(acp): harden permission auto-approval policy
2026-02-24 01:03:30 +00:00
ddf93d9845
docs(security): add vps trust-boundary guidance
2026-02-24 01:02:11 +00:00
cfa44ea6b4
fix(security): make allowFrom id-only by default with dangerous name opt-in ( #24907 )
...
* fix(channels): default allowFrom to id-only; add dangerous name opt-in
* docs(security): align channel allowFrom docs with id-only default
2026-02-24 01:01:51 +00:00
41b0568b35
docs(security): clarify shared-agent trust boundaries
2026-02-24 01:00:05 +00:00
400220275c
docs: clarify multi-instance recommendations for user isolation
2026-02-24 00:40:08 +00:00
7d55277d72
docs: clarify operator trust boundary for shared gateways
2026-02-24 00:25:01 +00:00
3b8e33037a
fix(security): harden safeBins long-option validation
2026-02-23 23:58:58 +00:00
13f32e2f7d
feat: Add Kilo Gateway provider ( #20212 )
...
* feat: Add Kilo Gateway provider
Add support for Kilo Gateway as a model provider, similar to OpenRouter.
Kilo Gateway provides a unified API that routes requests to many models
behind a single endpoint and API key.
Changes:
- Add kilocode provider option to auth-choice and onboarding flows
- Add KILOCODE_API_KEY environment variable support
- Add kilocode/ model prefix handling in model-auth and extra-params
- Add provider documentation in docs/providers/kilocode.md
- Update model-providers.md with Kilo Gateway section
- Add design doc for the integration
* kilocode: add provider tests and normalize onboard auth-choice registration
* kilocode: register in resolveImplicitProviders so models appear in provider filter
* kilocode: update base URL from /api/openrouter/ to /api/gateway/
* docs: fix formatting in kilocode docs
* fix: address PR review — remove kilocode from cacheRetention, fix stale model refs and CLI name in docs, fix TS2742
* docs: fix stale refs in design doc — Moltbot to OpenClaw, MoltbotConfig to OpenClawConfig, remove extra-params section, fix doc path
* fix: use resolveAgentModelPrimaryValue for AgentModelConfig union type
---------
Co-authored-by: Mark IJbema <mark@kilocode.ai>
2026-02-23 23:29:27 +00:00
eff3c5c707
Session/Cron maintenance hardening and cleanup UX ( #24753 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7533b85156
2026-02-23 22:39:48 +00:00
9af3ec92a5
fix(gateway): add HSTS header hardening and docs
2026-02-23 19:47:29 +00:00
69b17a37e8
docs(reference): add cache trace diagnostics knobs to prompt-caching guide
2026-02-23 19:39:35 +00:00
46dee26600
docs(reference): add prompt-caching guide and knobs
...
Co-authored-by: Axel Svensson <svenssonaxel@users.noreply.github.com>
2026-02-23 19:19:45 +00:00
78e7f41d28
docs: detail per-agent prompt caching configuration
2026-02-23 18:46:40 +00:00
f03ff39754
Providers: skip context1m beta for Anthropic OAuth tokens ( #24620 )
...
* Providers: skip context1m beta for Anthropic OAuth tokens
* Tests: cover OAuth context1m beta skip behavior
* Docs: note context1m OAuth incompatibility
* Agents: add context1m-aware context token resolver
* Agents: cover context1m context-token resolver
* Commands: apply context1m-aware context tokens in session store
* Commands: apply context1m-aware context tokens in status summary
* Status: resolve context tokens with context1m model params
* Status: test context1m status context display
2026-02-23 12:29:09 -05:00
eb4ff6df81
Allow Claude model requests to route through Google Vertex AI ( #23985 )
...
* feat: add anthropic-vertex provider for Claude via GCP Vertex AI
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: sallyom <somalley@redhat.com>
* docs: add anthropic-vertex provider guide
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: sallyom <somalley@redhat.com>
* Agents: validate Anthropic Vertex project env
* Changelog: format update for Vertex entry
* Providers: rename Anthropic Vertex to Google Vertex Claude
* Providers: remove Vertex Claude provider path
* Models: normalize Vercel Claude shorthand refs
* Onboarding: default Vercel model to Claude shorthand
* Changelog: add @vincentkoc credit for #23985
* Onboarding: keep canonical Vercel default model ref
* Tests: expand Vercel model normalization coverage
---------
Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-23 11:04:31 -05:00
3a3c2da916
[Feature]: Add Gemini (Google Search grounding) as web_search provider ( #13075 )
...
* feat: add Gemini (Google Search grounding) as web_search provider
Add Gemini as a fourth web search provider alongside Brave, Perplexity,
and Grok. Uses Gemini's built-in Google Search grounding tool to return
search results with citations.
- Add runGeminiSearch() with Google Search grounding via tools API
- Resolve Gemini's grounding redirect URLs to direct URLs via parallel
HEAD requests (5s timeout, graceful fallback)
- Add Gemini config block (apiKey, model) with env var fallback
- Default model: gemini-2.5-flash (fast, cheap, grounding-capable)
- Strip API key from error messages for security
- Add config validation tests for Gemini provider
- Update docs/tools/web.md with Gemini provider documentation
Closes #13074
* feat: auto-detect search provider from available API keys
When no explicit provider is configured, resolveSearchProvider now
checks for available API keys in priority order (Brave → Gemini →
Perplexity → Grok) and selects the first provider with a valid key.
- Add auto-detection logic using existing resolve*ApiKey functions
- Export resolveSearchProvider via __testing_provider for tests
- Add 8 tests covering auto-detection, priority order, and explicit override
- Update docs/tools/web.md with auto-detection documentation
* fix: merge __testing exports, downgrade auto-detect log to debug
* fix: use defaultRuntime.log instead of .debug (not in RuntimeEnv type)
* fix: mark gemini apiKey as sensitive in zod schema
* fix: address Greptile review — add externalContent to Gemini payload, add Gemini/Grok entries to schema labels/help, remove dead schema-fields.ts
* fix(web-search): add JSON parse guard for Gemini API responses
Addresses Greptile review comment: add try/catch to handle non-JSON
responses from Gemini API gracefully, preventing runtime errors on
malformed responses.
Note: FIELD_HELP entries for gemini.apiKey and gemini.model were
already present in schema.help.ts, and gemini.apiKey was already
marked as sensitive in zod-schema.agent-runtime.ts (both fixed in
earlier commits).
* fix: use structured readResponseText result in Gemini error path
readResponseText returns { text, truncated, bytesRead }, not a string.
The Gemini error handler was using the result object directly, which
would always be truthy and never fall through to res.statusText.
Align with Perplexity/xAI/Brave error patterns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* style: fix import order and formatting after rebase onto main
* Web search: send Gemini API key via header
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-23 09:30:51 -05:00
c92c3ad224
Tests: isolate quick_validate stub and remove DS_Store
2026-02-23 03:25:37 -05:00
a4c373935f
fix(agents): fall back to agents.defaults.model when agent has no model config ( #24210 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 0f272b1027
2026-02-23 03:18:55 -05:00
9e1a13bf4c
Gateway/UI: data-driven agents tools catalog with provenance (openclaw#24199) thanks @Takhoffman
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- gh pr checks 24199 --watch --fail-fast
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 23:55:59 -06:00
77c3b142a9
Web UI: add full cron edit parity, all-jobs run history, and compact filters (openclaw#24155) thanks @Takhoffman
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 23:05:42 -06:00
558a0137bb
chore(release): bump versions to 2026.2.23
2026-02-23 05:13:46 +01:00
278331c49c
fix(exec): restore sandbox as implicit host default
2026-02-23 01:48:24 +01:00
1c2c7843a8
docs: add synology channel docs and fix unreleased changelog
2026-02-23 01:16:05 +01:00
d92ba4f8aa
feat: Provider/Mistral full support for Mistral on OpenClaw 🇫🇷 ( #23845 )
...
* Onboard: add Mistral auth choice and CLI flags
* Onboard/Auth: add Mistral provider config defaults
* Auth choice: wire Mistral API-key flow
* Onboard non-interactive: support --mistral-api-key
* Media understanding: add Mistral Voxtral audio provider
* Changelog: note Mistral onboarding and media support
* Docs: add Mistral provider and onboarding/media references
* Tests: cover Mistral media registry/defaults and auth mapping
* Memory: add Mistral embeddings provider support
* Onboarding: refresh Mistral model metadata
* Docs: document Mistral embeddings and endpoints
* Memory: persist Mistral embedding client state in managers
* Memory: add regressions for mistral provider wiring
* Gateway: add live tool probe retry helper
* Gateway: cover live tool probe retry helper
* Gateway: retry malformed live tool-read probe responses
* Memory: support plain-text batch error bodies
* Tests: add Mistral Voxtral live transcription smoke
* Docs: add Mistral live audio test command
* Revert: remove Mistral live voice test and docs entry
* Onboard: re-export Mistral default model ref from models
* Changelog: credit joeVenner for Mistral work
* fix: include Mistral in auto audio key fallback
* Update CHANGELOG.md
* Update CHANGELOG.md
---------
Co-authored-by: Shakker <shakkerdroid@gmail.com>
2026-02-23 00:03:56 +00:00
1d8968c8a8
fix(voice-call): harden media stream pre-start websocket handling
2026-02-22 23:25:32 +01:00
24c954d972
fix(security): harden allow-always wrapper persistence
2026-02-22 22:55:33 +01:00
64b273a71c
fix(exec): harden safe-bin trust and add explicit trusted dirs
2026-02-22 22:43:18 +01:00
e4d67137db
fix(node): default mac headless system.run to local host
...
Co-authored-by: aethnova <262512133+aethnova@users.noreply.github.com>
2026-02-22 22:24:28 +01:00
6817c0ec7b
fix(security): tighten elevated allowFrom sender matching
2026-02-22 22:00:08 +01:00
3a088c9f4f
docs: prune completed experiment plan notes
2026-02-22 21:56:01 +01:00
b0252ab90c
docs: fix canonical session doc path hint
2026-02-22 21:35:14 +01:00
acfbe158c6
docs: point pi extension paths to real source files
2026-02-22 21:32:28 +01:00
820d765553
docs: update outbound refactor test path
2026-02-22 21:28:08 +01:00
6ed08ddc24
docs: fix stale test file paths in experiment plans
2026-02-22 21:24:48 +01:00
c73837d269
docs: replace stale pi test file list with maintained patterns
2026-02-22 21:21:08 +01:00
dff9ead59a
docs: refresh gateway test references in testing guide
2026-02-22 21:16:53 +01:00
30e8f41cfc
docs: fix stale release checklist source paths
2026-02-22 21:15:09 +01:00
06b4baf67f
docs: remove internal hook import paths from examples
2026-02-22 21:12:49 +01:00
5dba7501c9
docs: update stale tsgo reference in pty plan
2026-02-22 21:10:14 +01:00
9c480d4dea
docs: replace removed pi test script with current commands
2026-02-22 21:07:34 +01:00
5547a2275c
fix(security): harden toolsBySender sender-key matching
2026-02-22 21:04:37 +01:00
3461dda880
docs: fix voicecall expose disable example
2026-02-22 20:58:28 +01:00
0d4c806406
docs: fix devices approve command in exe.dev guide
2026-02-22 20:52:46 +01:00
e0d4194869
docs: add missing summary/read_when metadata
2026-02-22 20:45:09 +01:00
371a7da9c8
docs: add missing summaries and read_when hints
2026-02-22 20:37:02 +01:00
f5814cc002
docs: add extension channels to Channels nav
2026-02-22 20:28:05 +01:00
290f375aa1
docs: fix Together provider env path
2026-02-22 20:23:40 +01:00
6fef318fda
docs: replace legacy chat examples in Venice provider guide
2026-02-22 20:15:07 +01:00
72446f419f
docs: align CLI docs and help surface
2026-02-22 20:05:01 +01:00
0c1f491a02
fix(gateway): clarify pairing and node auth guidance
2026-02-22 19:50:29 +01:00
89a1e99815
fix(slack): finalize replyToMode off threading behavior ( #23799 )
...
* fix: make replyToMode 'off' actually prevent threading in Slack
Three independent bugs caused Slack replies to always create threads
even when replyToMode was set to 'off':
1. Typing indicator created threads via statusThreadTs fallback (#16868 )
- resolveSlackThreadTargets fell back to messageTs for statusThreadTs
- 'is typing...' was posted as thread reply, creating a thread
- Fix: remove messageTs fallback, let statusThreadTs be undefined
2. [[reply_to_current]] tags bypassed replyToMode entirely (#16080 )
- Slack dock had allowExplicitReplyTagsWhenOff: true
- Reply tags from system prompt always threaded regardless of config
- Fix: set allowExplicitReplyTagsWhenOff to false for Slack
3. Contradictory replyToMode defaults in codebase (#20827 )
- monitor/provider.ts defaulted to 'all'
- accounts.ts defaulted to 'off' (matching docs)
- Fix: align provider.ts default to 'off' per documentation
Fixes : openclaw/openclaw#16868 , openclaw/openclaw#16080 , openclaw/openclaw#20827
* fix(slack): respect replyToMode in DMs even with typing indicator thread
When replyToMode is 'off' in DMs, replies should stay in the main
conversation even when the typing indicator creates a thread context.
Previously, when incomingThreadTs was set (from the typing indicator's
thread), replyToMode was forced to 'all', causing all replies to go
into the thread.
Now, for direct messages, the user's configured replyToMode is always
respected. For channels/groups, the existing behavior is preserved
(stay in thread if already in one).
This fix:
- Keeps the typing indicator working (statusThreadTs fallback preserved)
- Prevents DM replies from being forced into threads
- Maintains channel thread continuity
Fixes #16868
* refactor(slack): eliminate redundant resolveSlackThreadContext call
- Add isThreadReply to resolveSlackThreadTargets return value
- Remove duplicate call in dispatch.ts
- Addresses greptile review feedback with cleaner DRY approach
* docs(slack): add JSDoc to resolveSlackThreadTargets
Document return values including isThreadReply distinction between
genuine user thread replies vs bot status message thread context.
* docs(changelog): record Slack replyToMode off threading fixes
---------
Co-authored-by: James <jamesrp13@gmail.com>
Co-authored-by: theoseo <suhong.seo@gmail.com>
2026-02-22 13:27:50 -05:00
08431da5d5
refactor(gateway): unify credential precedence across entrypoints
2026-02-22 18:55:44 +01:00
e58054b85c
docs(telegram): align Node22 network defaults and setup guidance
2026-02-22 17:54:16 +01:00
f442a3539f
feat(update): add core auto-updater and dry-run preview
2026-02-22 17:11:36 +01:00
a5e2bd4eaa
docs: document verbose-gated tool error details
2026-02-22 15:26:48 +01:00
adfbbcf1f6
chore: merge origin/main into main
2026-02-22 13:42:52 +00:00
3308c86002
docs: keep channel names only in thread-support list
2026-02-22 14:39:40 +01:00
418e4e32c9
docs: clarify thread-bound subagents are Discord-only
2026-02-22 14:39:40 +01:00
c952334808
docs: list thread supporting channels in subagents guide
2026-02-22 14:39:40 +01:00
0b9b9d4301
docs: make subagents thread guidance channel-first
2026-02-22 14:39:40 +01:00
0d0f4c6992
refactor(exec): centralize safe-bin policy checks
2026-02-22 13:18:25 +01:00
47c3f742b6
fix(exec): require explicit safe-bin profiles
2026-02-22 12:58:55 +01:00
e80c803fa8
fix(security): block shell env allowlist bypass in system.run
2026-02-22 12:47:05 +01:00
6fda04e938
refactor: tighten onboarding dmScope typing and docs links
2026-02-22 12:46:09 +01:00
65dccbdb4b
fix: document onboarding dmScope default as breaking change ( #23468 ) (thanks @bmendonca3)
2026-02-22 12:36:49 +01:00
85e5ed3f78
refactor(channels): centralize runtime group policy handling
2026-02-22 12:35:41 +01:00
777817392d
fix: fail closed missing provider group policy across message channels ( #23367 ) (thanks @bmendonca3)
2026-02-22 12:21:04 +01:00
3700151ec0
Channels: fail closed when Slack/Discord config is missing
2026-02-22 12:18:43 +01:00
b98d3330f6
docs: update pty supervision test command paths
2026-02-22 10:48:37 +00:00
2739328508
fix(telegram): classify undici fetch errors as recoverable for retry ( #16699 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 67b5bce44f
2026-02-22 16:16:11 +05:30
c995f9be07
test: reclassify mocked announce and sandbox suites as unit tests
2026-02-22 10:28:43 +00:00
bc78b343ba
Security: expand audit checks for mDNS and real-IP fallback
2026-02-22 11:26:17 +01:00
98a03c490b
Feat/logger support log level validation0222 ( #23436 )
...
* 1、环境变量**:新增 `OPENCLAW_LOG_LEVEL`,可取值 `silent|fatal|error|warn|info|debug|trace`。设置后同时覆盖**文件日志**与**控制台**的级别,优先级高于配置文件。
2、启动参数**:在 `openclaw gateway run` 上新增 `--log-level <level>`,对该次进程同时生效于文件与控制台;未传时仍使用环境变量或配置文件。
* fix(logging): make log-level override global and precedence-safe
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-22 11:15:13 +01:00
1b327da6e3
fix: harden exec sandbox fallback semantics ( #23398 ) (thanks @bmendonca3)
2026-02-22 11:12:01 +01:00
c76a47cce2
Exec: fail closed when sandbox host is unavailable
2026-02-22 11:12:01 +01:00
8887f41d7d
refactor(gateway)!: remove legacy v1 device-auth handshake
2026-02-22 09:27:03 +01:00
008a8c9dc6
chore(docs): normalize security finding table formatting
2026-02-22 08:03:29 +00:00
265da4dd2a
fix(security): harden gateway command/audit guardrails
2026-02-22 08:45:48 +01:00
121d027229
chore: remove dead plugin hook loader
2026-02-22 08:45:24 +01:00
049b8b14bc
fix(security): flag open-group runtime/fs exposure in audit
2026-02-22 08:22:51 +01:00
817905f3a0
docs: document thread-bound subagent sessions and remove plan
2026-02-21 19:59:55 +01:00
2c14b0cf4c
refactor(config): unify streaming config across channels
2026-02-21 19:53:42 +01:00
f97c45c5b5
fix(security): warn on Discord name-based allowlists in audit
2026-02-21 19:45:17 +01:00
89aad7b922
refactor: tighten safe-bin policy model and docs parity
2026-02-21 19:24:23 +01:00
4c1dd9d068
fix(security): harden macos rawCommand allowlist resolution
2026-02-21 19:17:56 +01:00
57fbbaebca
fix: block safeBins sort --compress-program bypass
2026-02-21 19:13:53 +01:00
59c78c105a
docs: revert automated heading consistency edits ( #22743 )
2026-02-21 11:18:29 -05:00
8178ea472d
feat: thread-bound subagents on Discord ( #21805 )
...
* docs: thread-bound subagents plan
* docs: add exact thread-bound subagent implementation touchpoints
* Docs: prioritize auto thread-bound subagent flow
* Docs: add ACP harness thread-binding extensions
* Discord: add thread-bound session routing and auto-bind spawn flow
* Subagents: add focus commands and ACP/session binding lifecycle hooks
* Tests: cover thread bindings, focus commands, and ACP unbind hooks
* Docs: add plugin-hook appendix for thread-bound subagents
* Plugins: add subagent lifecycle hook events
* Core: emit subagent lifecycle hooks and decouple Discord bindings
* Discord: handle subagent bind lifecycle via plugin hooks
* Subagents: unify completion finalizer and split registry modules
* Add subagent lifecycle events module
* Hooks: fix subagent ended context key
* Discord: share thread bindings across ESM and Jiti
* Subagents: add persistent sessions_spawn mode for thread-bound sessions
* Subagents: clarify thread intro and persistent completion copy
* test(subagents): stabilize sessions_spawn lifecycle cleanup assertions
* Discord: add thread-bound session TTL with auto-unfocus
* Subagents: fail session spawns when thread bind fails
* Subagents: cover thread session failure cleanup paths
* Session: add thread binding TTL config and /session ttl controls
* Tests: align discord reaction expectations
* Agent: persist sessionFile for keyed subagent sessions
* Discord: normalize imports after conflict resolution
* Sessions: centralize sessionFile resolve/persist helper
* Discord: harden thread-bound subagent session routing
* Rebase: resolve upstream/main conflicts
* Subagents: move thread binding into hooks and split bindings modules
* Docs: add channel-agnostic subagent routing hook plan
* Agents: decouple subagent routing from Discord
* Discord: refactor thread-bound subagent flows
* Subagents: prevent duplicate end hooks and orphaned failed sessions
* Refactor: split subagent command and provider phases
* Subagents: honor hook delivery target overrides
* Discord: add thread binding kill switches and refresh plan doc
* Discord: fix thread bind channel resolution
* Routing: centralize account id normalization
* Discord: clean up thread bindings on startup failures
* Discord: add startup cleanup regression tests
* Docs: add long-term thread-bound subagent architecture
* Docs: split session binding plan and dedupe thread-bound doc
* Subagents: add channel-agnostic session binding routing
* Subagents: stabilize announce completion routing tests
* Subagents: cover multi-bound completion routing
* Subagents: suppress lifecycle hooks on failed thread bind
* tests: fix discord provider mock typing regressions
* docs/protocol: sync slash command aliases and delete param models
* fix: add changelog entry for Discord thread-bound subagents (#21805 ) (thanks @onutc)
---------
Co-authored-by: Shadow <hi@shadowing.dev>
2026-02-21 16:14:55 +01:00
166068dfbe
test: add byteplus coding-plan live test
2026-02-21 15:42:44 +01:00
581868365d
fix: finish volcengine/byteplus landing polish ( #7967 ) (thanks @funmore123)
2026-02-21 15:05:09 +01:00
559736a5a0
feat(volcengine): integrate Volcengine & Byteplus Provider
2026-02-21 15:05:09 +01:00
f48698a50b
fix(security): harden sandbox browser network defaults
2026-02-21 14:02:53 +01:00
8c1518f0f3
fix(sandbox): use one-time noVNC observer tokens
2026-02-21 13:56:58 +01:00
621d8e1312
fix(sandbox): require noVNC observer password auth
2026-02-21 13:44:24 +01:00
be7f825006
refactor(gateway): harden proxy client ip resolution
2026-02-21 13:36:23 +01:00
1835dec200
fix(security): force sandbox browser hash migration and audit stale labels
2026-02-21 13:25:41 +01:00
14b0d2b816
refactor: harden control-ui auth flow and add insecure-flag audit summary
2026-02-21 13:18:23 +01:00
f265d45840
fix(tts): make model provider overrides opt-in
2026-02-21 13:16:07 +01:00
356d61aacf
fix(gateway): scope tailscale tokenless auth to websocket
2026-02-21 13:03:13 +01:00
073651fb57
docs: add sponsors section to README
2026-02-21 13:00:02 +01:00
99048dbec2
fix(gateway): align insecure-auth toggle messaging
2026-02-21 12:57:22 +01:00
810218756d
docs(security): clarify trusted-host deployment assumptions
2026-02-21 12:53:12 +01:00
ede496fa1a
docs: clarify trusted-host assumption for tokenless tailscale
2026-02-21 12:52:49 +01:00
6b2f2811dc
fix(security): require BlueBubbles webhook auth
2026-02-21 11:41:50 +01:00
c6ee14d60e
fix(security): block grep safe-bin file-read bypass
2026-02-21 11:18:29 +01:00
9231d7d30f
chore: bump version to 2026.2.21
2026-02-21 11:02:30 +01:00
677384c519
refactor: simplify Telegram preview streaming to single boolean ( #22012 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: a4017d3b94
2026-02-21 15:19:13 +05:30
e1cb73cdeb
fix: unblock Docker build by aligning commands schema default ( #22558 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 1ad610176d
2026-02-21 14:47:28 +05:30
dcf2c6d7f1
docs: normalize Amazon Bedrock setup section labels ( #22549 )
...
* docs(channels): promote Signal option setups to onboarding sections
* docs(channels): rename Microsoft Teams minimal setup section
* docs(channels): standardize onboarding option headings for Zalo and Twitch
* docs(providers): normalize Amazon Bedrock onboarding section labels
2026-02-21 03:40:54 -05:00
e36245bd37
docs: finalize onboarding option heading normalization ( #22547 )
...
* docs(channels): promote Signal option setups to onboarding sections
* docs(channels): rename Microsoft Teams minimal setup section
* docs(channels): standardize onboarding option headings for Zalo and Twitch
2026-02-21 03:38:37 -05:00
ef42fe0094
docs: rename Tlon setup heading ( #22544 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
* docs(thinking): link reasoning section heading to in-page anchor
* docs(channels): normalize BlueBubbles configuration heading
* docs(channels): normalize Feishu configuration heading
* docs(channels): standardize Signal setup option headings
* docs(channels): refine Twitch setup heading clarity
* docs(channels): simplify Zalo setup heading phrasing
* docs(channels): trim Microsoft Teams minimal setup heading
* docs(channels): rename Tlon setup to onboarding
2026-02-21 03:37:27 -05:00
b5a77b9cb2
docs: finalize remaining setup heading phrasing ( #22543 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
* docs(thinking): link reasoning section heading to in-page anchor
* docs(channels): normalize BlueBubbles configuration heading
* docs(channels): normalize Feishu configuration heading
* docs(channels): standardize Signal setup option headings
* docs(channels): refine Twitch setup heading clarity
* docs(channels): simplify Zalo setup heading phrasing
* docs(channels): trim Microsoft Teams minimal setup heading
2026-02-21 03:36:39 -05:00
d7891badda
docs: more channel heading consistency updates ( #22541 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
* docs(thinking): link reasoning section heading to in-page anchor
* docs(channels): normalize BlueBubbles configuration heading
* docs(channels): normalize Feishu configuration heading
* docs(channels): standardize Signal setup option headings
2026-02-21 03:36:03 -05:00
e93e67bc8e
docs: fix thinking section heading link target ( #22539 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
* docs(thinking): link reasoning section heading to in-page anchor
2026-02-21 03:33:06 -05:00
7c593cd333
docs: finish onboarding/config heading consistency ( #22537 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
* docs(channels): normalize Discord configuration heading
* docs(channels): standardize Microsoft Teams onboarding heading
* docs(channels): rename Signal configuration reference heading
* docs(channels): rename Matrix configuration reference heading
* docs(channels): normalize WhatsApp configuration heading
2026-02-21 03:32:37 -05:00
79183852f9
docs: more channel onboarding naming cleanup ( #22536 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
* docs(channels): standardize Google Chat onboarding heading
* docs(channels): standardize Mattermost onboarding heading
* docs(channels): standardize Zalo Personal onboarding heading
2026-02-21 03:31:55 -05:00
4c4147fb0a
docs: continue onboarding terminology cleanup ( #22535 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
* docs(channels): standardize Nostr onboarding and configuration headings
* docs(channels): standardize Zalo onboarding and configuration headings
* docs(channels): standardize Twitch onboarding heading
2026-02-21 03:31:22 -05:00
12d75ff7f5
docs: continue channel onboarding/config naming cleanup ( #22533 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
* docs(channels): rename iMessage onboarding and configuration sections
* docs(channels): rename Slack onboarding and configuration sections
* docs(channels): rename Signal onboarding heading
2026-02-21 03:30:35 -05:00
436f79839b
docs: more channel onboarding heading consistency ( #22532 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
* docs(channels): standardize Discord onboarding heading
* docs(channels): standardize Telegram onboarding heading
* docs(channels): standardize WhatsApp onboarding heading
2026-02-21 03:29:42 -05:00
325992b777
docs: small docs sweep consistency updates ( #22531 )
...
* docs: fix thinking link and add reasoning anchor reference
* docs(channels): rename LINE setup heading to onboarding
* docs(channels): normalize Nextcloud Talk onboarding headings
* docs(channels): use onboarding heading for Matrix setup
2026-02-21 03:29:17 -05:00
3002be76e4
docs: add custom spellcheck dictionary and fix docs typos ( #22457 )
...
* docs: fix typos and add docs spellcheck workflow
* docs: add changelog entry for docs spellcheck updates
* docs: fix FAQ TOC fragment links for markdownlint
* docs: fix TOC nesting and spellcheck dictionary flags
2026-02-21 01:35:35 -05:00
122bdfa4e1
feat(discord): add configurable ephemeral option for slash commands
2026-02-20 21:19:21 -06:00
b7644d61a2
fix: restore Discord model picker UX ( #21458 ) (thanks @pejmanjohn)
2026-02-20 21:04:04 -06:00
f555835b09
Channels: add thread-aware model overrides
2026-02-20 19:26:25 -06:00
eedea6cf34
Discord: add trusted channel topics on new sessions
2026-02-20 18:22:13 -06:00
fe57bea088
Subagents: restore announce chain + fix nested retry/drop regressions ( #22223 )
...
* Subagents: restore announce flow and fix nested delivery retries
* fix: prep subagent announce + docs alignment (#22223 ) (thanks @tyler6204)
2026-02-20 15:39:09 -08:00
3e1ed0032d
Docs: add Discord forum thread docs
2026-02-20 17:20:24 -06:00
4ab946eebf
Discord VC: voice channels, transcription, and TTS ( #18774 )
2026-02-20 16:06:07 -06:00
09e6970386
Discord: implement stream preview mode ( #22111 )
...
* Discord: implement stream preview mode
* Changelog: note Discord stream preview mode
* Tests: type discord draft stream mocks
* Docs: document Discord stream preview
2026-02-20 12:37:15 -06:00
094dbdaf2b
fix(gateway): require loopback proxy IP for trusted-proxy + bind=loopback ( #22082 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 6ff3ca9b5d
2026-02-20 18:03:53 +00:00
8fa46d709a
fix(ios): force tls for non-loopback manual gateway hosts ( #21969 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 9fb39f566e
2026-02-20 16:28:47 +00:00
1b886e7378
docs(ui): add animated underline for nav tabs ( #21912 )
...
Add a responsive, animated underline indicator for navigation tabs to
improve visual focus and active-state feedback.
- Introduce CSS for .nav-tabs, .nav-tabs-item and a .nav-tabs-underline
element, including transitions, positioning, and dark mode color.
- Hide default first h1 in #content to keep header layout consistent.
- Add docs/nav-tabs-underline.js to create and manage the underline
element, observe DOM mutations, and update underline position/width on
changes, resize, and when fonts load.
- Preserve last known underline position/width across re-initializations
to avoid visual jumps.
This change makes active tab state visible with smooth movement and
ensures the underline stays synchronized with dynamic content.
2026-02-20 09:33:46 -05:00
5542a43623
Memory: share ENOENT helpers
2026-02-19 23:33:28 -08:00
d871ee91d0
fix(config-cli): correct misleading --json flag description ( #21332 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b6c8d1edfa
2026-02-19 20:09:17 -05:00
ae4907ce6e
fix(heartbeat): return false for zero-width active-hours window ( #21408 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 993860bd03
2026-02-19 20:03:57 -05:00
cf4ffff3e1
fix(heartbeat): run when HEARTBEAT.md is missing
2026-02-19 19:32:18 -05:00
7ce357ff8b
docs: add Vincent Koc to contributor credits
2026-02-19 15:13:38 -08:00
f66b23de75
chore(release): bump versions to 2026.2.20
2026-02-20 00:02:53 +01:00
ce1f0c0a10
ci: move workflows to blacksmith 16vcpu runners
2026-02-19 17:25:15 +01:00
2435499862
ci: move blacksmith runners to 8 vcpu
2026-02-19 16:50:22 +01:00
b0e55283d5
chore: bump release metadata to 2026.2.19
2026-02-19 16:17:34 +01:00
c45f3c5b00
fix(gateway): harden canvas auth with session capabilities
2026-02-19 15:51:22 +01:00
81b19aaa1a
fix(security): enforce plugin and hook path containment
2026-02-19 15:37:29 +01:00
b40821b068
fix: harden ACP secret handling and exec preflight boundaries
2026-02-19 15:34:20 +01:00
3561442a9f
fix(plugins): harden discovery trust checks
2026-02-19 15:14:12 +01:00
5dc50b8a3f
fix(security): harden npm plugin and hook install integrity flow
2026-02-19 15:11:25 +01:00
29118995ad
refactor(lobster): remove lobsterPath overrides
2026-02-19 14:58:13 +01:00
a40c10d3e2
fix: harden agent gateway authorization scopes
2026-02-19 14:37:56 +01:00
ff74d89e86
fix: harden gateway control-plane restart protections
2026-02-19 14:30:15 +01:00
e3e0ffd801
feat(security): audit gateway HTTP no-auth exposure
2026-02-19 14:25:56 +01:00
bafdbb6f11
fix(security): eliminate safeBins file-existence oracle
2026-02-19 14:18:11 +01:00
1316e57403
fix: enforce inbound attachment root policy across pipelines
2026-02-19 14:15:51 +01:00
cfe8457a0f
fix(security): harden safeBins stdin-only enforcement
2026-02-19 14:10:45 +01:00
3c419b7bd3
docs(security): document webhook hardening and changelog
2026-02-19 13:31:44 +01:00
49d0def6d1
fix(security): harden imessage remote scp/ssh handling
2026-02-19 11:08:23 +01:00
7255c20ddc
fix(docker): harden docker-setup mount validation
2026-02-19 10:44:46 +01:00
b4dbe03298
refactor: unify restart gating and update availability sync
2026-02-19 10:00:41 +01:00
9c2640a810
docs: clarify WhatsApp group allowlist and reply mention behavior
2026-02-19 09:19:34 +01:00
7e54b6c96f
fix(browser): unify extension relay auth on gateway token
2026-02-19 08:40:40 +01:00
c5698caca3
Security: default gateway auth bootstrap and explicit mode none ( #20686 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: be1b73182c
2026-02-19 02:35:50 -05:00
87d8331150
docs: warn against third-party 1-click marketplace images
2026-02-19 08:30:29 +01:00
f855d0be4f
fix: skip heartbeat when HEARTBEAT.md does not exist ( #20461 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f6e5f8172a
2026-02-19 01:09:33 -05:00
a0d904dc23
docs(discord): replace quick setup and add recommended guild setup ( #20088 )
...
Co-authored-by: Shadow <shadow@openclaw.ai>
2026-02-18 09:39:09 -06:00
d833dcd731
fix(telegram): cron and heartbeat messages land in wrong chat instead of target topic ( #19367 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: bf02bbf9ce
2026-02-18 15:31:01 +05:30
ac0db68235
refactor(security): extract safeBins trust resolver
2026-02-18 05:01:31 +01:00
28bac46c92
fix(security): harden safeBins path trust
2026-02-18 04:55:31 +01:00
4bf3338834
chore: bump version to 2026.2.18 unreleased
2026-02-18 04:40:06 +01:00
c90b09cb02
feat(agents): support Anthropic 1M context beta header
2026-02-18 03:29:48 +01:00
d1c00dbb7c
fix: harden include confinement edge cases ( #18652 ) (thanks @aether-ai-agent)
2026-02-18 03:27:16 +01:00
edf7d6af61
fix: harden subagent completion announce retries
2026-02-18 03:19:50 +01:00
985ec71c55
CLI: resolve parent/subcommand option collisions ( #18725 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b7e51cf909
2026-02-17 20:57:09 -05:00
fa4f66255c
fix(subagents): return completion message for manual session spawns
2026-02-18 02:52:35 +01:00
01672a8f25
Revert "Add mesh auto-planning with chat command UX and hardened auth/session behavior"
...
This reverts commit 16e59b26a6
2026-02-18 02:18:02 +01:00
2e91552f09
feat(agents): add generic provider api key rotation ( #19587 )
2026-02-18 01:31:11 +01:00
4c569ce246
docs(tokens): document image dimension token tradeoffs
2026-02-18 00:56:57 +01:00
b05e89e5e6
fix(agents): make image sanitization dimension configurable
2026-02-18 00:54:20 +01:00
bb9a539d1d
Merge remote-tracking branch 'prhead/feat/slack-text-streaming'
...
# Conflicts:
# docs/channels/slack.md
# src/config/types.slack.ts
# src/slack/monitor/message-handler/dispatch.ts
2026-02-18 00:49:30 +01:00
f07bb8e8fc
fix(hooks): backport internal message hook bridge with safe delivery semantics
2026-02-18 00:35:41 +01:00
ae2c8f2cf0
feat(models): support anthropic sonnet 4.6
2026-02-18 00:00:31 +01:00
a333d92013
docs(security): harden gateway security guidance
2026-02-17 23:48:49 +01:00
c26cf6aa83
feat(cron): add default stagger controls for scheduled jobs
2026-02-17 23:48:14 +01:00
9a2c39419e
chore(release): bump version to 2026.2.17
2026-02-17 23:08:55 +01:00
2cf82c357e
Docs: expand multi-agent routing
2026-02-17 14:28:08 -06:00
ab94295541
docs(slack): add assistant:write requirement for typing status
2026-02-18 02:22:54 +08:00
0978d63edd
docs: add community plugins guide
2026-02-17 17:42:37 +01:00
zzzz
Peter Steinberger
Kriz Poon
Gustavo Madeira Santana
Peter Steinberger
John Fawcett
Gustavo Madeira Santana
Vincent Koc
Sally O'Malley
AkosCz
边黎安
Tak Hoffman
Onur
Brian Mendonca
Glucksberg
maweibin
Onur
fanziqing
Ayaan Zaidi
Wei He
Shadow
Shadow
Tyler Yust
Mariano
Seb Slight
Vignesh Natarajan
adhitShet
vikpos
Pejman Pour-Moezzi
Taras Lukavyi