f07033ed3f
fix: address delivery dedupe review follow-ups ( #44666 )
...
Merged via squash.
Prepared head SHA: 8e6d254cc4
2026-03-13 16:18:01 +08:00
d40a4e343c
fix: add gateway session reset routing coverage ( #44773 ) (thanks @Lanfei)
2026-03-13 12:39:44 +05:30
93e7fcaa73
docs: move post-release changelog entries to Unreleased ( #44691 )
...
4 entries were added to the 2026.3.12 section after the v2026.3.12
tag was cut. Move them to ## Unreleased where they belong.
Verified: 2026.3.12 section now matches the 74 entries present at
the v2026.3.12 release tag (28d64c48e
2026-03-12 22:42:06 -07:00
32d8ec9482
fix: harden windows gateway fallback launch
2026-03-13 04:58:35 +00:00
6d0939d84e
fix: handle Discord gateway metadata fetch failures ( #44397 )
...
Merged via squash.
Prepared head SHA: edd17c0eff
2026-03-12 21:52:17 -07:00
8023f4c701
fix(telegram): thread media transport policy into SSRF ( #44639 )
...
* fix(telegram): preserve media download transport policy
* refactor(telegram): thread media transport policy
* fix(telegram): sync fallback media policy
* fix: note telegram media transport fix (#44639 )
2026-03-13 10:11:43 +05:30
771066d122
fix(compaction): use full-session token count for post-compaction sanity check ( #28347 )
...
Merged via squash.
Prepared head SHA: cf4eab1c51
2026-03-12 21:26:30 -07:00
61d219cb39
feat: show status reaction during context compaction ( #35474 )
...
Merged via squash.
Prepared head SHA: 145a7b7c4e
2026-03-12 21:06:15 -07:00
255414032f
changelog: move ACP final-snapshot entry to active 2026.3.12 section
2026-03-12 20:31:03 -07:00
17c954c46e
fix(acp): preserve final assistant message snapshot before end_turn ( #44597 )
...
Process messageData via handleDeltaEvent for both delta and final states
before resolving the turn, so ACP clients no longer drop the last visible
assistant text when the gateway sends the final message body on the
terminal chat event.
Closes #15377
Based on #17615
Co-authored-by: PJ Eby <3527052+pjeby@users.noreply.github.com>
2026-03-12 20:23:57 -07:00
42efd98ff8
Slack: support Block Kit payloads in agent replies ( #44592 )
...
* Slack: route reply blocks through outbound adapter
* Slack: cover Block Kit outbound payloads
* Changelog: add Slack Block Kit agent reply entry
2026-03-12 23:18:59 -04:00
433e65711f
fix: fall back to a startup entry for windows gateway install
2026-03-13 03:18:17 +00:00
ff2368af57
fix: stop false cron payload-kind warnings in doctor ( #44012 ) (thanks @shuicici)
2026-03-13 08:38:52 +05:30
b858d6c3a9
fix: clarify windows onboarding gateway health
2026-03-13 02:40:40 +00:00
23c7fc745f
refactor(agents): replace console.warn with SubsystemLogger in compaction-safeguard.ts ( #9974 )
...
Merged via squash.
Prepared head SHA: 35dcc5ba35
2026-03-12 19:34:55 -07:00
4fb3b88e57
docs: reorder latest release changelog
2026-03-13 02:11:50 +00:00
d6d01f853f
fix: align Ollama onboarding docs before landing ( #43473 ) (thanks @BruceMacD)
...
(cherry picked from commit 19fa274343a102ca85c7679ec28c5a3503a99f55)
2026-03-13 02:03:54 +00:00
0068f55dd8
fix(memory): fail closed for Windows qmd wrappers
2026-03-13 01:56:20 +00:00
ddeb423944
fix: quiet Telegram command overflow retry logs
2026-03-13 01:45:56 +00:00
de3e6a8c5b
fix(routing): require ids for slack and msteams allowlists
2026-03-13 01:44:42 +00:00
c25e46a433
chore: prepare 2026.3.12 release
2026-03-13 01:38:20 +00:00
e951a42bcb
fix(mac): adopt canonical session key and add reset triggers ( #10898 )
...
Add shared native chat handling for /new, /reset, and /clear.
This also aligns main session key handling in the shared chat UI and includes follow-up test and CI fixes needed to keep the branch mergeable.
Co-authored-by: Nachx639 <71144023+Nachx639@users.noreply.github.com>
Co-authored-by: Luke <92253590+ImLukeF@users.noreply.github.com>
2026-03-13 12:35:39 +11:00
b14a5c6713
fix(zalouser): require ids for group allowlist auth
2026-03-13 01:31:17 +00:00
d5b3f2ed71
fix(models): keep codex spark codex-only
2026-03-13 00:53:21 +00:00
d4f535b203
fix(hooks): fail closed on unreadable loader paths ( #44437 )
...
* Hooks: fail closed on unreadable loader paths
* Changelog: note hooks loader hardening
* Tests: cover sanitized hook loader logs
* Hooks: use realpath containment for legacy loaders
* Hooks: sanitize unreadable workspace log path
2026-03-12 20:47:30 -04:00
2649c03cdb
fix(hooks): dedupe repeated agent deliveries by idempotency key ( #44438 )
...
* Hooks: add hook idempotency key resolution
* Hooks: dedupe repeated agent deliveries by idempotency key
* Tests: cover hook idempotency dedupe
* Changelog: note hook idempotency dedupe
* Hooks: cap hook idempotency key length
* Gateway: hash hook replay cache keys
* Tests: cover hook replay key hardening
2026-03-12 20:43:38 -04:00
91b701e183
fix: harden windows native updates
2026-03-12 23:42:14 +00:00
35aafd7ca8
feat: add Anthropic fast mode support
2026-03-12 23:39:03 +00:00
d5bffcdeab
feat: add fast mode toggle for OpenAI models
2026-03-12 23:31:31 +00:00
ddcaec89e9
fix(node-host): fail closed on ruby approval preload flags
2026-03-12 23:23:54 +00:00
2c8f31135b
test: cover provider plugin boundaries
2026-03-12 22:43:55 +00:00
9692dc7668
fix(security): harden nodes owner-only tool gating
2026-03-12 22:27:52 +00:00
bf89947a8e
fix: switch pairing setup codes to bootstrap tokens
2026-03-12 22:23:07 +00:00
9cd54ea882
fix: skip cache-ttl append after compaction to prevent double compaction ( #28548 )
...
Merged via squash.
Prepared head SHA: a4114a52bc
2026-03-12 15:17:18 -07:00
7332e6d609
fix(failover): classify HTTP 422 as format and OpenRouter credits as billing ( #43823 )
...
Merged via squash.
Prepared head SHA: 4f48e977fe
2026-03-13 00:50:28 +03:00
904db27019
fix(security): audit unrestricted hook agent routing
2026-03-12 21:36:19 +00:00
143e593ab8
Compaction Runner: wire post-compaction memory sync ( #25561 )
...
Merged via squash.
Prepared head SHA: 6d2bc02cc1
2026-03-12 14:24:29 -07:00
fd568c4f74
fix(failover): classify ZenMux quota-refresh 402 as rate_limit ( #43917 )
...
Merged via squash.
Prepared head SHA: 1d58a36a77
2026-03-13 00:06:43 +03:00
d93db0fc13
fix(failover): classify z.ai network_error stop reason as retryable timeout ( #43884 )
...
Merged via squash.
Prepared head SHA: 9660f6cd5b
2026-03-13 00:00:44 +03:00
50cc375c11
feat(context-engine): plumb sessionKey into all ContextEngine methods ( #44157 )
...
Merged via squash.
Prepared head SHA: 0b341f6f4c
2026-03-12 12:43:36 -07:00
e525957b4f
fix(sandbox): restore spawned workspace handoff ( #44307 )
2026-03-12 16:12:08 -03:00
08aa57a3de
Commands: require owner for /config and /debug ( #44305 )
...
* Commands: add non-owner gate helper
* Commands: enforce owner-only config and debug
* Commands/test: cover owner-only config and debug
* Changelog: add owner-only config debug entry
* Commands/test: split config owner gating section
* Commands: redact sender ids in verbose command logs
* Commands: preserve internal read-only config access
* Commands/test: keep operator.write config show coverage non-owner
2026-03-12 14:58:14 -04:00
5e389d5e7c
Gateway/ws: clear unbound scopes for shared-token auth ( #44306 )
...
* Gateway/ws: clear unbound shared-auth scopes
* Gateway/auth: cover shared-token scope stripping
* Changelog: add shared-token scope stripping entry
* Gateway/ws: preserve allowed control-ui scopes
* Gateway/auth: assert control-ui admin scopes survive allowed device-less auth
* Gateway/auth: cover shared-password scope stripping
2026-03-12 14:52:24 -04:00
1492ad20a9
Ollama/Kimi: apply Moonshot payload compatibility ( #44274 )
...
* Runner: extend Moonshot payload compat to Ollama Kimi
* Changelog: note Ollama Kimi tool routing
* Tests: cover Ollama Kimi payload compat
* Runner: narrow Ollama Kimi payload compat
2026-03-12 14:17:01 -04:00
2d42588a18
chore(changelog): update CHANGELOG.md to include new features in dashboard-v2, highlighting the refreshed gateway dashboard with modular views and enhanced chat tools ( #41503 )
2026-03-12 12:56:24 -05:00
9cb0fa58c2
fix: restore protocol outputs and stabilize Windows path CI ( #44266 )
...
* fix(ci): restore protocol outputs and stabilize Windows path test
Regenerate the Swift protocol models so protocol:check stops failing on main.
Align the session target test helper with the sync production realpath behavior so Windows does not compare runneradmin and RUNNER~1 spellings for the same file.
Regeneration-Prompt: |
Investigate the failing checks from merged PR #34485 and confirm whether they still affect current main before changing code. Keep the fix tight: do not alter runtime behavior beyond what is required to clear the reproduced CI regressions. Commit the generated Swift protocol outputs for the PushTestResult transport field because protocol:check was failing from stale generated files on main. Also fix the Windows-only session target test by making its helper use the same synchronous realpath behavior as production discovery, so path spelling differences like runneradmin versus RUNNER~1 do not cause a false assertion failure.
* fix(ci): align session target realpath behavior on Windows
Use native realpath for sync session target discovery so it matches the async path on Windows, and update the session target test helper to assert against the same canonical path form.
Regeneration-Prompt: |
After opening the follow-up PR for the CI regressions from merged PR #34485 , inspect the new failing Windows shard instead of assuming the first fix covered every case. Keep scope limited to the session target path mismatch exposed by CI. Fix the inconsistency at the source by making sync session target discovery use the same native realpath canonicalization as the async discovery path on Windows, then update the test helper to match that shared behavior and verify the touched file with targeted tests and file-scoped lint/format checks.
* test: make merge config fixtures satisfy provider type
After rebasing the PR onto current origin/main, the merge helper test fixtures no longer satisfied ProviderConfig because the anthropic provider examples were missing required provider and model fields. Add a shared fully-typed model fixture and explicit anthropic baseUrl values so the test keeps full type coverage under tsgo.
Regeneration-Prompt: |
Rebase the PR branch for #44266 onto the current origin/main because the failing CI error only reproduced on the merge ref. Re-run the type-check path and inspect src/agents/models-config.merge.test.ts at the exact compiler lines instead of weakening types globally. Keep the fix test-only: make the anthropic ProviderConfig fixtures structurally valid by supplying the required baseUrl and full model definition fields, and keep the shared fixture typed so tsgo accepts it without unknown casts.
* fix: align Windows session store test expectations
2026-03-12 10:55:29 -07:00
86135d5889
Kimi Coding: set default subscription user agent ( #44248 )
...
* Providers: set default Kimi coding user agent
* Tests: cover Kimi coding header overrides
* Changelog: note Kimi coding user agent
* Tests: satisfy Kimi provider fixture type
* Update CHANGELOG.md
* Providers: preserve Kimi headers through models merge
2026-03-12 13:30:07 -04:00
33ba3ce951
fix(node-host): harden ambiguous approval operand binding ( #44247 )
...
* fix(node-host): harden approval operand binding
* test(node-host): cover approval parser hardening
* docs(changelog): note approval hardening GHSA cluster
* Update CHANGELOG.md
* fix(node-host): remove dead approval parser entries
* test(node-host): cover bunx approval wrapper
* fix(node-host): unwrap pnpm shim exec forms
* test(node-host): cover pnpm shim wrappers
2026-03-12 13:28:35 -04:00
136adb4c02
docs: reorder unreleased changelog
2026-03-12 17:11:31 +00:00
b3e6f92fd2
runner: infer names from malformed toolCallId variants ( #34485 )
...
Merged via squash.
Prepared head SHA: 150ea1a7c9
2026-03-12 09:58:23 -07:00
0b34671de3
fix: canonicalize openrouter native model keys
2026-03-12 16:51:00 +00:00
115f24819e
fix: make node-llama-cpp optional for npm installs
2026-03-12 16:45:59 +00:00
46f0bfc55b
Gateway: harden custom session-store discovery ( #44176 )
...
Merged via squash.
Prepared head SHA: 52ebbf5188
2026-03-12 16:44:46 +00:00
f96ba87f03
Zalo: rate limit invalid webhook secret guesses before auth ( #44173 )
...
* Zalo: rate limit webhook guesses before auth
* Tests: cover pre-auth Zalo webhook rate limiting
* Changelog: note Zalo pre-auth rate limiting
* Zalo: preserve auth-before-content-type response ordering
* Tests: cover auth-before-content-type webhook ordering
* Zalo: split auth and unauth webhook rate-limit buckets
* Tests: cover auth bucket split for Zalo webhook rate limiting
* Zalo: use trusted proxy client IP for webhook rate limiting
* Tests: cover trusted proxy client IP rate limiting for Zalo
2026-03-12 12:30:50 -04:00
b77b7485e0
feat(push): add iOS APNs relay gateway ( #43369 )
...
* feat(push): add ios apns relay gateway
* fix(shared): avoid oslog string concatenation
# Conflicts:
# apps/shared/OpenClawKit/Sources/OpenClawKit/GatewayChannel.swift
* fix(push): harden relay validation and invalidation
* fix(push): persist app attest state before relay registration
* fix(push): harden relay invalidation and url handling
* feat(push): use scoped relay send grants
* feat(push): configure ios relay through gateway config
* feat(push): bind relay registration to gateway identity
* fix(push): tighten ios relay trust flow
* fix(push): bound APNs registration fields (#43369 ) (thanks @ngutman)
2026-03-12 18:15:35 +02:00
9342739d71
fix(providers): respect user-configured baseUrl for kimi-coding ( #36647 )
...
* fix(providers): respect user-configured baseUrl for kimi-coding
The kimi-coding provider was built exclusively from
`buildKimiCodingProvider()` defaults, ignoring any user-specified
`baseUrl` or other overrides in `openclaw.json` providers config.
This caused 404 errors when users configured a custom endpoint.
Now merge `explicitProviders["kimi-coding"]` on top of defaults,
matching the pattern used by ollama/vllm. User's `baseUrl`, `api`,
and `models` take precedence; env/profile API key still wins.
Fixes #36353
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Tests: use Kimi implicit provider harness
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-12 12:14:07 -04:00
3e28e10c2f
Plugins: require explicit trust for workspace-discovered plugins ( #44174 )
...
* Plugins: disable implicit workspace plugin auto-load
* Tests: cover workspace plugin trust gating
* Changelog: note workspace plugin trust hardening
* Plugins: keep workspace trust gate ahead of memory slot defaults
* Tests: cover workspace memory-slot trust bypass
2026-03-12 12:12:41 -04:00
0a8fa0e001
Moonshot: respect explicit baseUrl for CN endpoint so platform.moonshot.cn keys authenticate ( #33637 ) ( #33696 )
...
* Moonshot: respect explicit baseUrl for CN endpoint so platform.moonshot.cn keys authenticate (#33637 )
* Moonshot: address review - remove dead constant, import canonical URLs (#33696 )
2026-03-12 12:10:38 -04:00
3fa91cd69d
feat: add sessions_yield tool for cooperative turn-ending ( #36537 )
...
Merged via squash.
Prepared head SHA: 75d9204c86
2026-03-12 08:46:47 -07:00
e6897c800b
Plugins: fix env-aware root resolution and caching ( #44046 )
...
Merged via squash.
Prepared head SHA: 6e8852a188
2026-03-12 15:31:31 +00:00
688e3f0863
Compaction Runner: emit transcript updates post-compact ( #25558 )
...
Merged via squash.
Prepared head SHA: 8a858436ed
2026-03-12 08:22:12 -07:00
8ad0ca309e
Subagents: stop retrying external completion timeouts ( #41235 ) ( #43847 )
...
* Changelog: add subagent announce timeout note
* Tests: cover subagent completion timeout no-retry
* Subagents: stop retrying external completion timeouts
* Config: update subagent announce timeout default docs
* Tests: use fake timers for subagent timeout retry guard
2026-03-12 11:03:06 -04:00
7844bc89a1
Security: require Feishu webhook encrypt key ( #44087 )
...
* Feishu: require webhook encrypt key in schema
* Feishu: cover encrypt key webhook validation
* Feishu: enforce encrypt key at startup
* Feishu: add webhook forgery regression test
* Feishu: collect encrypt key during onboarding
* Docs: require Feishu webhook encrypt key
* Changelog: note Feishu webhook hardening
* Docs: clarify Feishu encrypt key screenshot
* Feishu: treat webhook encrypt key as secret input
* Feishu: resolve encrypt key only in webhook mode
2026-03-12 11:01:00 -04:00
99170e2408
Hardening: normalize Unicode command obfuscation detection ( #44091 )
...
* Exec: cover unicode obfuscation cases
* Exec: normalize unicode obfuscation detection
* Changelog: note exec detection hardening
* Exec: strip unicode tag character obfuscation
* Exec: harden unicode suppression and length guards
* Exec: require path boundaries for safe URL suppressions
2026-03-12 10:57:49 -04:00
eff0d5a947
Hardening: tighten preauth WebSocket handshake limits ( #44089 )
...
* Gateway: tighten preauth handshake limits
* Changelog: note WebSocket preauth hardening
* Gateway: count preauth frame bytes accurately
* Gateway: cap WebSocket payloads before auth
2026-03-12 10:55:41 -04:00
3e730c0332
Security: preserve Feishu reaction chat type ( #44088 )
...
* Feishu: preserve looked-up chat type
* Feishu: fail closed on ambiguous reaction chats
* Feishu: cover reaction chat type fallback
* Changelog: note Feishu reaction hardening
* Feishu: fail closed without resolved chat type
* Feishu: normalize reaction chat type at runtime
2026-03-12 10:53:40 -04:00
48cbfdfac0
Hardening: require LINE webhook signatures ( #44090 )
...
* LINE: require webhook signatures in express handler
* LINE: require webhook signatures in node handler
* LINE: update express signature tests
* LINE: update node signature tests
* Changelog: note LINE webhook hardening
* LINE: validate signatures before parsing webhook bodies
* LINE: reject missing signatures before body reads
2026-03-12 10:50:36 -04:00
c965049dc6
fix(mattermost): pass mediaLocalRoots through reply delivery ( #44021 )
...
Merged via squash.
Prepared head SHA: 856f11f129
2026-03-12 20:13:51 +05:30
f3be1c828c
fix(status): resolve context window by provider-qualified key, prefer max on bare-id collision, solve #35976 ( #36389 )
...
Merged via squash.
Prepared head SHA: f8cf752c59
2026-03-12 07:00:36 -07:00
ff47876e61
fix: carry observed overflow token counts into compaction ( #40357 )
...
Merged via squash.
Prepared head SHA: b99eed4329
2026-03-12 06:58:42 -07:00
f2e28fc30f
fix(telegram): allow fallback models in /model validation ( #40105 )
...
Merged via squash.
Prepared head SHA: de07585e03
2026-03-12 13:55:51 +01:00
171d2df9e0
feat(mattermost): add replyToMode support (off | first | all) ( #29587 )
...
Merged via squash.
Prepared head SHA: 4a67791f53
2026-03-12 18:03:12 +05:30
8e0e4f736a
docs: add Kubernetes install guide, setup script, and manifests ( #34492 )
...
* add docs and manifests for k8s install
Signed-off-by: sallyom <somalley@redhat.com>
* changelog
Signed-off-by: sallyom <somalley@redhat.com>
---------
Signed-off-by: sallyom <somalley@redhat.com>
2026-03-12 07:28:21 -04:00
4f620bebe5
fix(doctor): canonicalize gateway service entrypoint paths ( #43882 )
...
Merged via squash.
Prepared head SHA: 9f530d2a86
2026-03-12 12:39:22 +02:00
8582cb08b5
fix: stop main-session UI replies inheriting channel routes ( #43918 )
2026-03-12 15:39:34 +05:30
8ea79b64d0
fix: preserve sandbox write payload stdin ( #43876 )
...
Merged via squash.
Prepared head SHA: a10fd4b21c
2026-03-12 12:42:57 +03:00
f640326e31
fix(failover): add missing network errno patterns to text-based timeout classifier ( #42830 )
...
Merged via squash.
Prepared head SHA: 91761487e8
2026-03-12 12:34:44 +03:00
658bd54ecf
feat(llm-task): add thinking override
...
Co-authored-by: Xaden Ryan <165437834+xadenryan@users.noreply.github.com>
2026-03-12 19:21:35 +11:00
f37815b323
Gateway: block profile mutations via browser.request ( #43800 )
...
* Gateway: block profile mutations via browser.request
* Changelog: note GHSA-vmhq browser request fix
* Gateway: normalize browser.request profile guard paths
2026-03-12 04:21:03 -04:00
46a332385d
Gateway: keep spawned workspace overrides internal ( #43801 )
...
* Gateway: keep spawned workspace overrides internal
* Changelog: note GHSA-2rqg agent boundary fix
* Gateway: persist spawned workspace inheritance in sessions
* Agents: clean failed lineage spawn state
* Tests: cover lineage attachment cleanup
* Tests: cover lineage thread cleanup
2026-03-12 04:20:00 -04:00
ed0ec57a7b
fix: scope telegram polling restart to telegram errors ( #43799 )
...
* fix: scope telegram polling restart to telegram errors
* fix: make telegram error tagging best-effort
* fix: scope telegram polling restart to telegram errors (#43799 )
2026-03-12 13:14:17 +05:30
82e3ac21ee
Infra: tighten exec allowlist glob matching ( #43798 )
...
* Infra: tighten exec allowlist glob matching
* Changelog: note GHSA-f8r2 exec allowlist fix
2026-03-12 03:33:50 -04:00
d8ee97c466
Agents: recover malformed Anthropic-compatible tool call args ( #42835 )
...
* Agents: recover malformed anthropic tool call args
* Agents: add malformed tool call regression test
* Changelog: note Kimi tool call arg recovery
* Agents: repair toolcall end message snapshots
* Agents: narrow Kimi tool call arg repair
2026-03-12 03:28:22 -04:00
0bcb95e8fa
Models: enforce source-managed SecretRef markers in models.json ( #43759 )
...
Merged via squash.
Prepared head SHA: 4a065ef5d8
2026-03-12 02:22:52 -05:00
e8a162d3d8
fix(mattermost): prevent duplicate messages when block streaming + threading are active ( #41362 )
...
* fix(mattermost): prevent duplicate messages when block streaming + threading are active
Remove replyToId from createBlockReplyPayloadKey so identical content is
deduplicated regardless of threading target. Add explicit threading dock
to the Mattermost plugin with resolveReplyToMode reading from config
(default "all"), and add replyToMode to the Mattermost config schema.
Fixes #41219
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(mattermost): address PR review — per-account replyToMode and test clarity
Read replyToMode from the merged per-account config via
resolveMattermostAccount so account-level overrides are honored in
multi-account setups. Add replyToMode to MattermostAccountConfig type.
Rename misleading test to clarify it exercises shouldDropFinalPayloads
short-circuit, not payload key dedup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Replies: keep block-pipeline reply targets distinct
* Tests: cover block reply target-aware dedupe
* Update CHANGELOG.md
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-12 03:15:17 -04:00
241e8cc553
fix(bluebubbles): dedupe reflected self-chat duplicates ( #38442 )
...
* BlueBubbles: drop reflected self-chat duplicates
* Changelog: add BlueBubbles self-chat echo dedupe entry
* BlueBubbles: gate self-chat cache and expand coverage
* BlueBubbles: require explicit sender ids for self-chat dedupe
* BlueBubbles: harden self-chat cache
* BlueBubbles: move self-chat cache identity into cache
* BlueBubbles: gate self-chat cache to confirmed outbound sends
* Update CHANGELOG.md
* BlueBubbles: bound self-chat cache input work
* Tests: cover BlueBubbles cache cap under cleanup throttle
* BlueBubbles: canonicalize self-chat DM scope
* Tests: cover BlueBubbles mixed self-chat scope aliases
2026-03-12 03:11:43 -04:00
6c196c913f
fix(cron): prevent duplicate proactive delivery on transient retry ( #40646 )
...
* fix(cron): prevent duplicate proactive delivery on transient retry
* refactor: scope skipQueue to retryTransient path only
Non-retrying direct delivery (structured content / thread) keeps the
write-ahead queue so recoverPendingDeliveries can replay after a crash.
Addresses review feedback from codex-connector.
* fix: preserve write-ahead queue on initial delivery attempt
The first call through retryTransientDirectCronDelivery now keeps the
write-ahead queue entry so recoverPendingDeliveries can replay after a
crash. Only subsequent retry attempts set skipQueue to prevent
duplicate sends.
Addresses second codex-connector review on ea5ae5c.
* ci: retrigger checks
* Cron: bypass write-ahead queue for direct isolated delivery
* Tests: assert isolated cron skipQueue invariants
* Changelog: add cron duplicate-delivery fix entry
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-12 03:01:19 -04:00
f3c00fce15
fix: prevent duplicate assistant messages in TUI ( fixes #35278 ) ( #35364 )
...
* fix: prevent duplicate assistant messages in TUI (fixes #35278 )
When startAssistant() is called multiple times with the same runId,
it was creating duplicate AssistantMessageComponent instances instead
of reusing the existing one. This caused messages to appear twice in
the terminal UI.
The fix checks if a component already exists for the runId before
creating a new one. If it exists, we update its text instead of
appending a duplicate component.
Test coverage includes verification that:
- Only one component is created when startAssistant is called twice
- The second text replaces the first
- Component count remains 1 (prevents regression)
Generated with [Claude Code](https://claude.ai/code )
via [Happy](https://happy.engineering )
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
* Changelog: add TUI duplicate-render fix entry
---------
Co-authored-by: 沐沐 <mumu@example.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Happy <yesreply@happy.engineering>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-12 02:59:42 -04:00
99ec687d7a
fix(agents): enforce sandboxed session_status visibility ( #43754 )
...
* agents: guard sandboxed session_status access
* test(agents): cover sandboxed session_status scope
* docs(changelog): credit session_status hardening
* agents: preflight sandboxed session_status checks
* test(agents): cover session_status existence oracle
* agents: preserve legacy session_status tree keys
* test(agents): cover legacy session_status tree keys
* Update CHANGELOG.md
2026-03-12 02:54:25 -04:00
12dc299cde
fix(imessage): dedupe reflected self-chat duplicates ( #38440 )
...
* iMessage: drop reflected self-chat duplicates
* Changelog: add iMessage self-chat echo dedupe entry
* iMessage: keep self-chat dedupe scoped to final group identity
* iMessage: harden self-chat cache
* iMessage: sanitize self-chat duplicate logs
* iMessage: scope group self-chat dedupe by sender
* iMessage: move self-chat cache identity into cache
* iMessage: hash full self-chat text
* Update CHANGELOG.md
2026-03-12 02:27:35 -04:00
8baf55d8ed
Changelog: note Reminders permission fix
2026-03-12 17:01:42 +11:00
f7416da905
style: format changelog
2026-03-12 11:28:27 +05:30
99a5a3c16a
Update CHANGELOG.md
2026-03-12 01:37:33 -04:00
672924b01e
Update CHANGELOG.md
2026-03-12 01:36:16 -04:00
4f462facda
Infra: cap device tokens to approved scopes ( #43686 )
...
* Infra: cap device tokens to approved scopes
* Changelog: note device token hardening
2026-03-12 01:25:52 -04:00
2504cb6a1e
Security: escape invisible exec approval format chars ( #43687 )
...
* Infra: escape invisible exec approval chars
* Gateway: sanitize exec approval display text
* Tests: cover sanitized exec approval payloads
* Tests: cover sanitized exec approval forwarding
* Changelog: note exec approval prompt hardening
2026-03-12 01:20:04 -04:00
1dcef7b644
Infra: block GIT_EXEC_PATH in host env sanitizer ( #43685 )
...
* Infra: block GIT_EXEC_PATH in host env sanitizer
* Changelog: note host env hardening
2026-03-12 01:16:03 -04:00
18f15850e6
fix(browser): restore proxy attachment media size cap ( #43684 )
...
* browser: honor shared proxy file size cap
* test(browser): cover proxy file size cap
* docs(changelog): note browser proxy size cap fix
2026-03-12 01:04:31 -04:00
29dc65403f
build: prepare 2026.3.11 release
2026-03-12 05:01:07 +00:00
fbc1bd6f8e
fix: clear telegram polling cleanup timers
2026-03-12 09:36:04 +05:30
ade748176f
OpenRouter: surface free Hunter and Healer stealth models for the next week ( #43642 )
...
* Models: add temporary Hunter and Healer alpha to OpenRouter catalog
* Add temporary OpenRouter stealth catalog entries
---------
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-11 22:58:48 -05:00
1fcee52a5c
docs: reorder unreleased changelog by user impact
2026-03-12 03:42:39 +00:00
f01c41b27a
fix(context-engine): guard compact() throw + fire hooks for ownsCompaction engines ( #41361 )
...
Merged via squash.
Prepared head SHA: 0957b32dc6
2026-03-11 20:19:20 -07:00
5231277163
fix(acp): rehydrate restarted main ACP sessions ( #43285 )
...
Merged via squash.
Prepared head SHA: f06318e58f
2026-03-12 11:05:09 +08:00
ebed3bbde1
fix(gateway): enforce browser origin check regardless of proxy headers
...
In trusted-proxy mode, enforceOriginCheckForAnyClient was set to false
whenever proxy headers were present. This allowed browser-originated
WebSocket connections from untrusted origins to bypass origin validation
entirely, as the check only ran for control-ui and webchat client types.
An attacker serving a page from an untrusted origin could connect through
a trusted reverse proxy, inherit proxy-injected identity, and obtain
operator.admin access via the sharedAuthOk / roleCanSkipDeviceIdentity
path without any origin restriction.
Remove the hasProxyHeaders exemption so origin validation runs for all
browser-originated connections regardless of how the request arrived.
Fixes GHSA-5wcw-8jjv-m286
2026-03-12 01:16:52 +01:00
3c0fd3dffe
fix(daemon): replace bootout with kickstart -k for launchd restarts on macOS
...
On macOS, launchctl bootout permanently unloads the LaunchAgent plist.
Even with KeepAlive: true, launchd cannot respawn a service whose plist
has been removed from its registry. This left users with a dead gateway
requiring manual 'openclaw gateway install' to recover.
Affected trigger paths:
- openclaw gateway restart from an agent session (#43311 )
- SIGTERM on config reload (#43406 )
- Gateway self-restart via SIGTERM (#43035 )
- Hot reload on channel config change (#43049 )
Switch restartLaunchAgent() to launchctl kickstart -k, which force-kills
and restarts the service without unloading the plist. When the restart
originates from inside the launchd-managed process tree, delegate to a
new detached handoff helper (launchd-restart-handoff.ts) to avoid the
caller being killed mid-command. Self-restart paths in process-respawn.ts
now schedule the detached start-after-exit handoff before exiting instead
of relying on exit/KeepAlive timing.
Fixes #43311 , #43406 , #43035 , #43049
2026-03-12 01:16:49 +01:00
b6d83749c8
fix(terminal): sanitize skills JSON and fallback on legacy Windows ( #43520 )
...
* Terminal: use ASCII borders on legacy Windows consoles
* Skills: sanitize JSON output for control bytes
* Changelog: credit terminal follow-up fixes
* Update CHANGELOG.md
* Update CHANGELOG.md
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Skills: strip remaining escape sequences from JSON output
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-11 19:53:07 -04:00
453c8d7c1b
fix(hooks): add missing trigger and channelId to agent_end, llm_input, and llm_output hook contexts ( #42362 )
...
Merged via squash.
Prepared head SHA: e6d7b7e31a
2026-03-11 23:40:13 +01:00
d79ca52960
Memory: add multimodal image and audio indexing ( #43460 )
...
Merged via squash.
Prepared head SHA: a994c07190
2026-03-11 22:28:34 +00:00
20d097ac2f
Gateway/Dashboard: surface config validation issues ( #42664 )
...
Merged via squash.
Prepared head SHA: 43f66cdcf0
2026-03-11 17:32:41 -04:00
9c81c31232
chore: refresh dependencies except carbon
2026-03-11 20:10:33 +00:00
128e5bc317
fix: recognize Venice 402 billing errors for model fallback ( #43205 )
...
Merged via squash.
Prepared head SHA: 1f6b10b9d9
2026-03-11 22:15:32 +03:00
01ffc5db24
memory: normalize Gemini embeddings ( #43409 )
...
Merged via squash.
Prepared head SHA: 70613e0225
2026-03-11 15:06:21 -04:00
2a18cbb110
fix(agents): prevent false billing error replacing valid response text ( #40616 )
...
Merged via squash.
Prepared head SHA: 05179362b4
2026-03-11 22:00:11 +03:00
78b9384aa7
fix(discord): add missing autoThread to DiscordGuildChannelConfig type ( #35608 )
...
Merged via squash.
Prepared head SHA: e62b88bb01
2026-03-11 21:54:49 +03:00
4473242b4f
fix: use unknown instead of rate_limit as default cooldown reason ( #42911 )
...
Merged via squash.
Prepared head SHA: bebf6704d7
2026-03-11 21:34:14 +03:00
60aed95346
feat(memory): add gemini-embedding-2-preview support ( #42501 )
...
Merged via squash.
Prepared head SHA: c57b1f8ba2
2026-03-11 14:28:53 -04:00
58634c9c65
fix(agents): check billing errors before context overflow heuristics ( #40409 )
...
Merged via squash.
Prepared head SHA: c88f89c462
2026-03-11 21:08:55 +03:00
f417d78eef
fix(config): add missing editMessage and createForumTopic to Telegram actions schema ( #35498 )
...
Merged via squash.
Prepared head SHA: 631fc14832
2026-03-11 20:59:27 +03:00
a84bcf734c
fix(signal): add missing accountUuid to Zod config schema ( #35578 )
...
Merged via squash.
Prepared head SHA: 39e8e9ad62
2026-03-11 20:57:07 +03:00
8618a711ff
fix(voice-call): add speed and instructions to OpenAI TTS config schema ( #39226 )
...
Merged via squash.
Prepared head SHA: 775e3063b5
2026-03-11 23:15:48 +05:30
daf8afc954
fix(telegram): clear stale retain before transient final fallback ( #41763 )
...
Merged via squash.
Prepared head SHA: c0940838bc
2026-03-11 21:36:43 +05:30
1435fce2de
fix: tighten Ollama onboarding cloud handling ( #41529 ) (thanks @BruceMacD)
2026-03-11 14:52:55 +00:00
62d5df28dc
fix(agents): add nodes to owner-only tool policy fallbacks
...
The nodes tool was missing from OWNER_ONLY_TOOL_NAME_FALLBACKS in
tool-policy.ts. applyOwnerOnlyToolPolicy() correctly removed gateway
and cron for non-owners but kept nodes, which internally issues
privileged gateway calls: node.pair.approve (operator.pairing) and
node.invoke (operator.write).
A non-owner sender could approve pending node pairings and invoke
arbitrary node commands, extending to system.run on paired nodes.
Add nodes to the fallback owner-only set. Non-owners no longer receive
the nodes tool after policy application; owners retain it.
Fixes GHSA-r26r-9hxr-r792
2026-03-11 14:17:03 +01:00
a1520d70ff
fix(gateway): propagate real gateway client into plugin subagent runtime
...
Plugin subagent dispatch used a hardcoded synthetic client carrying
operator.admin, operator.approvals, and operator.pairing for all
runtime.subagent.* calls. Plugin HTTP routes with auth:"plugin" require
no gateway auth by design, so an unauthenticated external request could
drive admin-only gateway methods (sessions.delete, agent.run) through
the subagent runtime.
Propagate the real gateway client into the plugin runtime request scope
when one is available. Plugin HTTP routes now run inside a scoped
runtime client: auth:"plugin" routes receive a non-admin synthetic
operator.write client; gateway-authenticated routes retain admin-capable
scopes. The security boundary is enforced at the HTTP handler level.
Fixes GHSA-xw77-45gv-p728
2026-03-11 14:17:01 +01:00
dafd61b5c1
fix(gateway): enforce caller-scope subsetting in device.token.rotate
...
device.token.rotate accepted attacker-controlled scopes and forwarded
them to rotateDeviceToken without verifying the caller held those
scopes. A pairing-scoped token could rotate up to operator.admin on
any already-paired device whose approvedScopes included admin.
Add a caller-scope subsetting check before rotateDeviceToken: the
requested scopes must be a subset of client.connect.scopes via the
existing roleScopesAllow helper. Reject with missing scope: <scope>
if not.
Also add server.device-token-rotate-authz.test.ts covering both the
priv-esc path and the admin-to-node-invoke chain.
Fixes GHSA-4jpw-hj22-2xmc
2026-03-11 14:16:59 +01:00
04e103d10e
fix(terminal): stabilize skills table width across Terminal.app and iTerm ( #42849 )
...
* Terminal: measure grapheme display width
* Tests: cover grapheme terminal width
* Terminal: wrap table cells by grapheme width
* Tests: cover emoji table alignment
* Terminal: refine table wrapping and width handling
* Terminal: stop shrinking CLI tables by one column
* Skills: use Terminal-safe emoji in list output
* Changelog: note terminal skills table fixes
* Skills: normalize emoji presentation across outputs
* Terminal: consume unsupported escape bytes in tables
2026-03-11 09:13:10 -04:00
10e6e27451
fix(models): guard optional model input capabilities ( #42096 )
...
Merged via squash.
Prepared head SHA: d398fa0222
2026-03-11 13:43:59 +01:00
144c1b802b
macOS/onboarding: prompt for remote gateway auth tokens ( #43100 )
...
Merged via squash.
Prepared head SHA: 00e2ad847b
2026-03-11 13:53:19 +02:00
f063e57d4b
fix(macos): use foundationValue when serializing browser proxy POST body ( #43069 )
...
Merged via squash.
Prepared head SHA: 04c33fa061
2026-03-11 19:14:01 +08:00
2d91284fdb
feat(ios): add local beta release flow ( #42991 )
...
Merged via squash.
Prepared head SHA: 82b38fe93b
2026-03-11 12:32:28 +02:00
665f677265
docs(changelog): update context pruning PR reference
2026-03-11 18:07:37 +08:00
d68d4362ee
fix(context-pruning): cover image-only tool-result pruning
2026-03-11 18:07:37 +08:00
dc4441322f
fix(agents): include azure-openai in Responses API store override ( #42934 )
...
Merged via squash.
Prepared head SHA: d3285fef41
2026-03-11 16:16:10 +08:00
a2e30824e6
fix(telegram): fall back on ambiguous first preview sends
2026-03-11 11:23:10 +05:30
e37e1ed24e
fix(telegram): prevent duplicate messages with slow LLM providers ( #41932 )
...
Merged via squash.
Prepared head SHA: 2f50c51d5a
2026-03-11 11:19:55 +05:30
7761e7626f
Providers: add Opencode Go support ( #42313 )
...
* feat(providers): add opencode-go provider support and onboarding
* Onboard: unify OpenCode auth handling openclaw#42313 thanks @ImLukeF
* Docs: merge OpenCode Zen and Go docs openclaw#42313 thanks @ImLukeF
* Update CHANGELOG.md
---------
Co-authored-by: Ubuntu <ubuntu@vps-90352893.vps.ovh.ca>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-11 01:31:06 -04:00
061b8258bc
macOS: add chat model selector and persist thinking ( #42314 )
...
* feat(macos): add chat model selector and thinking persistence UX
* Chat UI: carry session model providers
* Docs: add macOS model selector changelog
* macOS: persist extended thinking levels
* Chat UI: keep model picker state in sync
* Chat UI tests: cover model selection races
---------
Co-authored-by: Ubuntu <ubuntu@vps-90352893.vps.ovh.ca>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-11 00:43:04 -04:00
c91d1622d5
fix(gateway): split conversation reset from admin reset
2026-03-11 02:50:44 +00:00
0ab8d20917
docs(changelog): note interpreter approval hardening
2026-03-11 02:45:10 +00:00
0125ce1f44
Gateway: fail closed unresolved local auth SecretRefs ( #42672 )
...
* Gateway: fail closed unresolved local auth SecretRefs
* Docs: align node-host gateway auth precedence
* CI: resolve rebase breakages in checks lanes
* Tests: isolate LOCAL_REMOTE_FALLBACK_TOKEN env state
* Gateway: remove stale remote.enabled auth-surface semantics
* Changelog: note gateway SecretRef fail-closed fix
2026-03-10 21:41:56 -05:00
aad014c7c1
fix: harden subagent control boundaries
2026-03-11 01:44:38 +00:00
7289c19f1a
fix(security): bind system.run approvals to exact argv text
2026-03-11 01:25:31 +00:00
8eac939417
fix(security): enforce target account configWrites
2026-03-11 01:24:36 +00:00
11924a7026
fix(sandbox): pin fs-bridge staged writes
2026-03-11 01:15:47 +00:00
702f6f3305
fix: fail closed for unresolved local gateway auth refs
2026-03-11 01:14:06 +00:00
ecdbd8aa52
fix(security): restrict leaf subagent control scope
2026-03-11 01:12:22 +00:00
f604cbedf3
fix: remove stale allowlist matcher cache
2026-03-11 00:00:04 +00:00
36d2ae2a22
SecretRef: harden custom/provider secret persistence and reuse ( #42554 )
...
* Models: gate custom provider keys by usable secret semantics
* Config: project runtime writes onto source snapshot
* Models: prevent stale apiKey preservation for marker-managed providers
* Runner: strip SecretRef marker headers from resolved models
* Secrets: scan active agent models.json path in audit
* Config: guard runtime-source projection for unrelated configs
* Extensions: fix onboarding type errors in CI
* Tests: align setup helper account-enabled expectation
* Secrets audit: harden models.json file reads
* fix: harden SecretRef custom/provider secret persistence (#42554 ) (thanks @joshavant)
2026-03-10 23:55:10 +00:00
658cf4bd94
fix: harden archive extraction destinations
2026-03-10 23:49:35 +00:00
Frank Yang
Ayaan Zaidi
Josh Lehman
Peter Steinberger
Efe Büken
Cypherm
scoootscooob
scoootscooob
Vincent Koc
Dinakar Sarbada
Nachx639
ToToKr
jnMetaCode
Rodrigo Uroz
bwjoke
Wayne
Marcus Castro
Val Alexander
yuweuii
Gustavo Madeira Santana
Nimrod Gutman
2233admin
chengzhichao-xydt
Jacob Riff
Lyle
0x4C33
rabsef-bicrym
avirweb
Teconomix
Sally O'Malley
glitch
Xaden Ryan
Josh Avant
Mathias Nagler
wangchunyue(王春跃)
lisitan
Luke
Ayaan Zaidi
Toven
David Rudduck
Robin Waslander
zhoulf1006
Harold Hunt
Squabble9
ingyukoh
VibhorGautam
Bill Chirico
ademczuk
Andyliu
Nimrod Gutman
Luke