6a19654c4a
refactor(core): dedupe browser route signatures and cli watchdog schema
2026-02-18 14:15:20 +00:00
514e318df9
test(config): dedupe io write config test setup
2026-02-18 12:20:56 +00:00
d833dcd731
fix(telegram): cron and heartbeat messages land in wrong chat instead of target topic ( #19367 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: bf02bbf9ce
2026-02-18 15:31:01 +05:30
112f8250fc
test: dedupe registry/session tests and add install source coverage
2026-02-18 05:05:04 +00:00
e57628165a
test: dedupe shared setup in channel and doctor config tests
2026-02-18 04:04:14 +00:00
8407eeb33c
refactor: extract shared string normalization helpers
2026-02-18 03:17:54 +00:00
d1c00dbb7c
fix: harden include confinement edge cases ( #18652 ) (thanks @aether-ai-agent)
2026-02-18 03:27:16 +01:00
b5f551d716
fix(security): OC-06 prevent path traversal in config includes
...
Fixed CWE-22 path traversal vulnerability allowing arbitrary file reads
through the $include directive in OpenClaw configuration files.
Security Impact:
- CVSS 8.6 (High) - Arbitrary file read vulnerability
- Attack vector: Malicious config files with path traversal sequences
- Impact: Exposure of /etc/passwd, SSH keys, cloud credentials, secrets
Implementation:
- Added path boundary validation in resolvePath() (lines 169-198)
- Implemented symlink resolution to prevent bypass attacks
- Restrict includes to config directory only
- Throw ConfigIncludeError for escaping paths
Testing:
- Added 23 comprehensive security tests
- 48/48 includes.test.ts tests passing
- 5,063/5,063 full suite tests passing
- 95.55% coverage on includes.ts
- Zero regressions, zero breaking changes
Attack Vectors Blocked:
✓ Absolute paths (/etc/passwd, /etc/shadow)
✓ Relative traversal (../../etc/passwd)
✓ Symlink bypass attempts
✓ Home directory access (~/.ssh/id_rsa)
Legitimate Use Cases Preserved:
✓ Same directory includes (./config.json)
✓ Subdirectory includes (./clients/config.json)
✓ Deep nesting (./a/b/c/config.json)
Aether AI Agent Security Research
2026-02-18 03:27:16 +01:00
b8b43175c5
style: align formatting with oxfmt 0.33
2026-02-18 01:34:35 +00:00
31f9be126c
style: run oxfmt and fix gate failures
2026-02-18 01:29:02 +00:00
6dcc052bb4
fix: stabilize model catalog and pi discovery auth storage compatibility
2026-02-18 02:09:40 +01:00
f42e13c17c
feat(telegram): add forum topic creation support ( #17035 )
...
* Revert "fix(gateway): set explicit chat timeouts for mesh gateway calls"
This reverts commit c529e6005a8b14052ebe53af9f7437b6d934c2c7717caa97fb2ab6313d9932c66aff4959e0e7e4ffb91e43714bd4a142fd8f06b961b037d6acd7157634b18ea9db#18601
* fix(ui): preserve locale bootstrap and trusted-proxy overview behavior
* fix(scripts): harden Windows UI spawn behavior
* fix(slack): validate interaction payloads and handle malformed actions
* fix(mattermost): harden react remove flag parsing
* docs(changelog): record PR 18608 fixups
* fix(heartbeat): bound responsePrefix strip for ack detection
* chore: Fix types in tests 3/N.
* chore: chore: Fix types in tests 4/N.
* chore: Fix types in tests 5/N.
* chore: Fix types in tests 6/N.
* chore: Format files.
* chore: Fix types that were broken due to reverts.
* chore: Cleanup unused vars that were leftover from the reverts.
* fix(actions): layer per-account gate fallback
* fix(subagents): pass group context in /subagents spawn
* fix(failover): align abort timeout detection and regressions
* fix(models): sync auth-profiles before availability checks
* fix(ui): correct usage range totals and muted styles
* Revert "feat: show transcript file size in session status"
This reverts commit 15dd2cda20#18591
* fix(agents): align session lock hold budget with run timeouts
* Revert "fix: resolve #12770 - update Antigravity default model and trim leading whitespace in BlueBubbles replies"
This reverts commit e179d453c7#18584
* revert(tools): finish rollback of PR #18584
* chore: Fix Slack test.
* revert: remove accidentally merged video-quote-finder skill (#18550 )
* revert: accidental merge of OC-09 sandbox env sanitization change
* fix(doctor): move forced exit to top-level command
* chore: Fix types in tests 7/N.
* chore: Fix types in tests 8/N.
* chore: Fix types in tests 9/N.
* chore: Fix types in tests 10/N.
* chore: Fix types in tests 11/N.
* chore: chore: Fix types in tests 12/N.
* chore: Fix type errors from reverts.
* fix(gateway): remove watch-mode build/start race (#18782 )
* fix(doctor): repair googlechat open dm wildcard auto-fix
* test(extensions): cast fetch mocks to satisfy tsgo
* fix(gateway): harden channel health monitor recovery
* fix(reply): track messaging media aliases for dedupe
* refactor(plugins): split before-agent hooks by model and prompt phases
* revert(telegram): undo accidental merge of PR #18564
* fix(agents): restore multi-image image tool schema contract
* chore: Format files.
* fix(ui): gate sessions refresh on successful delete
* revert(docs): undo accidental merge of #18516
* revert(exec): undo accidental merge of PR #18521
* docs(cron): clarify webhook posting summary condition
* fix(gateway): preserve chat.history context under hard caps
* chore: Fix types in tests 13/N.
* chore: Fix types in tests 14/N.
* chore: Fix types in tests 15/N.
* chore: Fix types in tests 16/N.
* chore: Fix types in tests 17/N.
* chore: Fix types in tests 18/N.
* chore: Format files.
* revert(sandbox): revert SHA-1 slug restoration
* test(session): cover stale threadId fallback
* test(status): cover token summary variants
* test(telegram): cover getFile file-too-big errors
* test(voice-call): cover stream disconnect auto-end
* chore(format): fix test import order
* test(agents): cover tool result media placeholders
* chore: chore: Fix types in tests 19/N.
* chore: Fix types in tests 20/N.
* chore: Fix types in tests 21/N.
* chore: Fix types in tests 22/N.
* chore: Fix types in tests 23/N.
* docs(voice-call): document stale call reaper config
* fix(doctor): audit env-only gateway tokens
* fix(sessions): purge deleted transcript archives
* test(docker): cover browser install build arg
* revert(gateway): restore loopback auth setup
* revert(voice-call): undo cached greeting note
* revert(voice-call): undo oxfmt formatting
* revert(voice-call): undo oxfmt formatting pass
* revert(voice-call): remove cached inbound greeting
* test: stabilize infra tests
* fix(subagents): harden announce retry guards
* Revert "fix(whatsapp): allow per-message link preview override\n\nWhatsApp messages default to enabling link previews for URLs. This adds\nsupport for overriding this behavior per-message via the \nparameter (e.g. from tool options), consistent with Telegram.\n\nFix: Updated internal WhatsApp Web API layers to pass option\ndown to Baileys ."
This reverts commit 1bef2fc68bd24340d75b#18147 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 5e2285b6a0#18956 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: cf4eca71d4#16852 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 6269d617f3c43e95e011556b531a145cbfaf5cc7#16977 )"
This reverts commit 7bb9a7dcfc#19007 )
* fix: preserve telegram dm topic thread ids
* style: drop aidev-note prefix in telegram comments
* test: pass extensionContext in abort dedupe e2e
* fix: align tool execute arg parsing for hooks
* test: type telegram action mock passthrough args
* Configure: make model picker allowlist searchable
* Configure: improve searchable model picker token matching
* Docs: add screenshot showing model picker usability issue
* fix: searchable model picker in configure (#19010 ) (thanks @bjesuiter)
* fix(extensions): revert openai codex auth plugin (PR #18009 )
* feat(telegram): add channel_post support for bot-to-bot communication (#17857 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 27a343cd4d#17980 )"
This reverts commit e20b87f1ba#17974 README change
* voice-call: harden closed-loop turn loop and transcript routing (#19140 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 14a3edb005#19153 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: a38ec42bdd#17974 zh-cn UI README
* chore(subagents): add regression coverage and changelog
* fix(daemon): scope token drift warnings
* test(web): fix baileys mock typing
* test(cron): cover webhook session rollover overrides
* docs(changelog): note webhook session reuse fix
* fix(discord): normalize command allowFrom prefixes
* fix(cli): honor update restart overrides
* fix(cron): add spin-loop regression coverage
* test(gateway): cover trusted proxy trimming
* test(discord): cover audioAsVoice replies
* test(feishu): cover post mentions for other users
* fix(discord): preserve DM lastRoute user target
* Revert "fix(browser): track original port mapping for EADDRINUSE fallback"
This reverts commit 8e55503d770e6daa2e6e#17986 templates
* test: add fetch mock helper and reaction coverage
* CLI: approve latest pending device request
* docs(readme): remove Android install link
* revert(agents): remove llms.txt discovery prompt (#19192 )
* fix(ui): revert PR #18093 directive tags (#19188 )
* test(discord): cover auto-thread skip types
* test(update): cover restart gating
* docs(zai): document tool_stream defaults
* revert: per-model thinkingDefault override (#19195 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: fe2c59e222#19194 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7e3b2ff7af#19221 )
* docs(cli): add components send example
* test(sessions): add delivery info regression coverage
* fix(daemon): guard preferred node selection
* test(auto-reply): cover sender_id metadata
* revert: PR 18288 accidental merge (#19224 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 3cda31578c#19320 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 0753b3a1a2#19257 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b608be3488#18421 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: bbb9c3aa48#19424 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 0a7ab8589ab381029ede#19508 )
* fix(gateway): avoid premature agent.wait completion on transient errors
* fix(agent): preemptively guard tool results against context overflow
* fix: harden tool-result context guard and add message_id metadata
* fix: use importOriginal in session-key mock to include DEFAULT_ACCOUNT_ID
The run.skill-filter test was mocking ../../routing/session-key.js with only
buildAgentMainSessionKey and normalizeAgentId, but the module also exports
DEFAULT_ACCOUNT_ID which is required transitively by src/web/auth-store.ts.
Switch to importOriginal pattern so all real exports are preserved alongside
the mocked functions.
* pi-runner: guard accumulated tool-result overflow in transformContext
* PI runner: compact overflowing tool-result context
* Subagent: harden tool-result context recovery
* Enhance tool-result context handling by adding support for legacy tool outputs and improving character estimation for message truncation. This includes a new function to create legacy tool results and updates to existing functions to better manage context overflow scenarios.
* Enhance iMessage handling by adding reply tag support in send functions and tests. This includes modifications to prepend or rewrite reply tags based on provided replyToId, ensuring proper message formatting for replies.
* Enhance message delivery across multiple channels by implementing sticky reply context for chunked messages. This includes preserving reply references in Discord, Telegram, and iMessage, ensuring that follow-up messages maintain their intended reply targets. Additionally, improve handling of reply tags in system prompts and tests to support consistent reply behavior.
* Enhance read tool functionality by implementing auto-paging across chunks when no explicit limit is provided, scaling output budget based on model context window. Additionally, add tests for adaptive reading behavior and capped continuation guidance for large outputs. Update related functions to support these features.
* Refine tool-result context management by stripping oversized read-tool details payloads during compaction, ensuring repeated read calls do not bypass context limits. Introduce new utility functions for handling truncation content and enhance character estimation for tool results. Add tests to validate the removal of excessive details in context overflow scenarios.
* Refine message delivery logic in Matrix and Telegram by introducing a flag to track if a text chunk was sent. This ensures that replies are only marked as delivered when a text chunk has been successfully sent, improving the accuracy of reply handling in both channels.
* fix: tighten reply threading coverage and prep fixes (#19508 ) (thanks @tyler6204)
* fix(hooks): backport internal message hook bridge with safe delivery semantics
* fix(subagent): update SUBAGENT_SPAWN_ACCEPTED_NOTE for clarity on auto-announcement behavior
* fix: follow-up slack streaming routing/tests (#9972 ) (thanks @natedenh)
* fix: reduce default image dimension from 2000px to 1200px
Large images (2000px) consume excessive context tokens when sent to LLMs.
1200px provides sufficient detail for most use cases while significantly
reducing token usage.
The 5MB byte limit remains unchanged as JPEG compression at 1200px
naturally produces smaller files.
(cherry picked from commit 40182123dd#19345 )
* test(whatsapp): add resolveWhatsAppOutboundTarget test suite
* style: auto-format files
* fix(test): correct mock order for invalid allowList entry test
* feat(skills): Add 'Use when / Don't use when' routing blocks (#14521 )
* feat(skills): add 'Use when / Don't use when' blocks to skill descriptions
Based on OpenAI's Shell + Skills + Compaction best practices article.
Key changes:
- Added clear routing logic to skill descriptions
- Added negative examples to prevent misfires
- Added templates/examples to github skill
- Included Blake's specific setup notes for openhue
Skills updated:
- apple-reminders: Clarify vs Clawdbot cron
- github: Clarify vs local git operations
- imsg: Clarify vs other messaging channels
- openhue: Add device inventory, room layout
- tmux: Clarify vs exec tool
- weather: Add location defaults, format codes
Reference: https://developers.openai.com/blog/skills-shell-tips
* fix(skills): restore metadata and generic CLI examples
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* feat(agents): add generic provider api key rotation (#19587 )
* feat(skills): improve descriptions with routing logic (#14577 )
* feat(skills): improve descriptions with routing logic
Apply OpenAI's recommended pattern for skill descriptions:
- Add 'Use when' conditions for clear triggering
- Add 'NOT for' negative examples to reduce misfires
- Make descriptions act as routing logic, not marketing copy
Based on: https://developers.openai.com/blog/skills-shell-tips/
Skills updated:
- coding-agent: clarify when to delegate vs direct edit
- github: add boundaries vs browser/scripting
- weather: add scope limitations
Glean reported 20% drop in skill triggering without negative
examples, recovering after adding them. This change brings
Clawdbot skills in line with that pattern.
* docs(skills): clarify routing boundaries (openclaw#14577) (thanks @DylanWoodAkers)
* docs(changelog): add PR 14577 release note (openclaw#14577) (thanks @DylanWoodAkers)
---------
Co-authored-by: ClawdBotWolf <clawdbotwolf@proton.me>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* Add frontend-design skill
* feat(telegram): add forum topic creation support (#10427 )
Add `topic-create` action to the Telegram message adapter, enabling
programmatic creation of forum topics in supergroups.
Changes:
- Add `createForumTopicTelegram()` to `src/telegram/send.ts`
- Add `createForumTopic` handler in `telegram-actions.ts`
- Wire `topic-create` action in Telegram adapter
- Register `topic-create` in message action names and spec
The bot requires `can_manage_topics` permission in the target group.
Supports optional `iconColor` and `iconCustomEmojiId` parameters.
Closes #10427
* chore: fix formatting in frontend-design SKILL.md
* fix: add action gate check and config type for createForumTopic
Address review feedback:
- Add isActionEnabled() gate in telegram-actions.ts
- Add gate() check in telegram adapter listActions
- Add createForumTopic to TelegramActionConfig type
* fix(telegram): normalize topic-create targets and add regression tests
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com>
Co-authored-by: cpojer <christoph.pojer@gmail.com>
Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>
Co-authored-by: Josh Avant <830519+joshavant@users.noreply.github.com>
Co-authored-by: Shadow <hi@shadowing.dev>
Co-authored-by: Hongwei Ma <Marvae@users.noreply.github.com>
Co-authored-by: Marvae <11957602+Marvae@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: Ayaan Zaidi <zaidi@uplause.io>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
Co-authored-by: Sascha Reuter <s.reuter@geek-it.de>
Co-authored-by: sreuter <550246+sreuter@users.noreply.github.com>
Co-authored-by: Nimrod Gutman <nimrod.g@singular.net>
Co-authored-by: Vignesh <mailvgnsh@gmail.com>
Co-authored-by: Benjamin Jesuiter <bjesuiter@gmail.com>
Co-authored-by: Sam Padilla <35386211+theSamPadilla@users.noreply.github.com>
Co-authored-by: Muhammed Mukhthar CM <mukhtharcm@gmail.com>
Co-authored-by: Mariano <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: Shakker <shakkerdroid@gmail.com>
Co-authored-by: Mariano Belinky <mbelinky@gmail.com>
Co-authored-by: Shadow <shadow@openclaw.ai>
Co-authored-by: Sk Akram <skcodewizard786@gmail.com>
Co-authored-by: akramcodez <179671552+akramcodez@users.noreply.github.com>
Co-authored-by: Onur <onur@textcortex.com>
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Co-authored-by: Pablo Nunez <pnunfe@gmail.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Tyler Yust <64381258+tyler6204@users.noreply.github.com>
Co-authored-by: Han Xiao <han.xiao@jina.ai>
Co-authored-by: Verite Igiraneza <69280208+VeriteIgiraneza@users.noreply.github.com>
Co-authored-by: Blakeshannon <blake@blakeshannon.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
Co-authored-by: DylanWoodAkers <dylan@lec.com>
Co-authored-by: ClawdBotWolf <clawdbotwolf@proton.me>
Co-authored-by: Claw <claw@openclaw.ai>
2026-02-18 01:38:44 +01:00
b05e89e5e6
fix(agents): make image sanitization dimension configurable
2026-02-18 00:54:20 +01:00
bb9a539d1d
Merge remote-tracking branch 'prhead/feat/slack-text-streaming'
...
# Conflicts:
# docs/channels/slack.md
# src/config/types.slack.ts
# src/slack/monitor/message-handler/dispatch.ts
2026-02-18 00:49:30 +01:00
ae2c8f2cf0
feat(models): support anthropic sonnet 4.6
2026-02-18 00:00:31 +01:00
c4e9bb3b99
fix: sanitize native command names for Telegram API ( #19257 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b608be3488
2026-02-17 23:20:36 +05:30
3f66280c3c
test(sessions): add delivery info regression coverage
2026-02-17 10:00:08 -05:00
3211280bed
revert: per-model thinkingDefault override ( #19195 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: fe2c59e222
2026-02-17 09:25:18 -05:00
92de4031a3
Revert "fix(telegram): wire sendPollTelegram into channel action handler ( #16977 )"
...
This reverts commit 7bb9a7dcfc
2026-02-17 09:45:08 +02:00
e727bca2dc
Revert "Add Telegram polls action to config typing"
...
This reverts commit 5cbfaf5cc7
2026-02-17 09:44:36 +02:00
c4bd82d81d
chore: Fix types in tests 39/N.
2026-02-17 15:50:07 +09:00
ecf1c955a1
chore: Fix types in tests 29/N.
2026-02-17 14:32:43 +09:00
d0cb8c19b2
chore: wtf.
2026-02-17 13:36:48 +09:00
ed11e93cf2
chore(format)
2026-02-16 23:20:16 -05:00
826e62a3bc
fix(sessions): purge deleted transcript archives
2026-02-16 22:35:27 -05:00
7bc783cb03
chore: Fix types in tests 16/N.
2026-02-17 12:00:29 +09:00
1f850374f6
fix(gateway): harden channel health monitor recovery
2026-02-17 03:26:26 +01:00
f924ab40d8
revert(tools): undo accidental merge of PR #18584
2026-02-16 21:13:48 -05:00
616c0bd4c7
chore: Cleanup unused vars that were leftover from the reverts.
2026-02-17 10:57:31 +09:00
7b172d61cd
Revert "fix: respect OPENCLAW_HOME for isolated gateway instances"
...
This reverts commit 34b18ea9db
2026-02-16 20:36:01 -05:00
2992639f88
Revert "feat: add Linq channel — real iMessage via API, no Mac required"
...
This reverts commit d4a142fd8f
2026-02-17 02:30:55 +01:00
0cf443afe8
chore: Fix types in tests 1/N.
2026-02-17 10:26:49 +09:00
563df56389
Revert "config: align memory hybrid UI metadata with schema labels/help"
...
This reverts commit 7d8d8c338b
2026-02-17 02:24:48 +01:00
5115f6fdf3
style: normalize imports for oxfmt 0.33
2026-02-17 00:59:54 +00:00
ddef3cadba
refactor: replace memory manager prototype mixing
2026-02-17 01:50:04 +01:00
5195179150
refactor: centralize plugin allowlist mutation
2026-02-17 00:45:02 +00:00
90ef2d6bdf
chore: Update formatting.
2026-02-17 09:18:40 +09:00
12a947223b
fix(ci): restore main checks after bulk merges
2026-02-16 23:47:27 +00:00
eaa2f7a7bf
fix(ci): restore main lint/typecheck after direct merges
2026-02-16 23:26:11 +00:00
076df941a3
feat: add configurable tool loop detection
2026-02-17 00:17:01 +01:00
e997545d4b
fix(discord): apply proxy to app-id and allowlist REST lookups
2026-02-17 00:02:09 +01:00
5b3873add4
fix(skills): guard against skills prompt bloat
2026-02-17 00:01:34 +01:00
7bb9a7dcfc
fix(telegram): wire sendPollTelegram into channel action handler ( #16977 )
...
The Telegram channel adapter listed no 'poll' action, so agents could
not create polls via the unified action interface. The underlying
sendPollTelegram function was already implemented but unreachable.
Changes:
- telegram.ts: add 'poll' to listActions (enabled by default via gate),
add handleAction branch that reads pollQuestion/pollOption params and
delegates to handleTelegramAction with action 'sendPoll'.
- telegram-actions.ts: add 'sendPoll' handler that validates question,
options (≥2), and forwards to sendPollTelegram with threading, silent,
and anonymous options.
- actions.test.ts: add test verifying poll action routes correctly.
Fixes #16977
2026-02-17 00:01:07 +01:00
3c3a39d165
fix(test): use path.resolve for cross-platform Windows compatibility
2026-02-17 00:00:54 +01:00
90774c098a
fix(sessions): allow cross-agent session file paths in multi-agent setups
...
When OPENCLAW_STATE_DIR changes between session creation and resolution
(e.g., after reinstall or config change), absolute session file paths
pointing to other agents' sessions directories were rejected even though
they structurally match the valid .../agents/<agentId>/sessions/... pattern.
The existing fallback logic in resolvePathWithinSessionsDir extracts the
agent ID from the path and tries to resolve it via the current env's
state directory. When those directories differ, the containment check
fails. Now, if the path structurally matches the agent sessions pattern
(validated by extractAgentIdFromAbsoluteSessionPath), we accept it
directly as a final fallback.
Fixes #15410 , Fixes #15565 , Fixes #15468
2026-02-17 00:00:54 +01:00
7d8d8c338b
config: align memory hybrid UI metadata with schema labels/help
2026-02-16 23:59:19 +01:00
6b3e0710f4
feat(memory): Add opt-in temporal decay for hybrid search scoring
...
Exponential decay (half-life configurable, default 30 days) applied
before MMR re-ranking. Dated daily files (memory/YYYY-MM-DD.md) use
filename date; evergreen files (MEMORY.md, topic files) are not
decayed; other sources fall back to file mtime.
Config: memorySearch.query.hybrid.temporalDecay.{enabled, halfLifeDays}
Default: disabled (backwards compatible, opt-in).
2026-02-16 23:59:19 +01:00
94eecaa446
fix: atomic session store writes to prevent context loss on Windows
...
On Windows, fs.promises.writeFile truncates the target file to 0 bytes
before writing. Since loadSessionStore reads the file synchronously
without holding the write lock, a concurrent read can observe the empty
file, fail to parse it, and fall through to an empty store — causing the
agent to lose its session context.
Changes:
- saveSessionStoreUnlocked (Windows path): write to a temp file first,
then rename it onto the target. If rename fails due to file locking,
retry 3 times with backoff, then fall back to copyFile (which
overwrites in-place without truncating to 0 bytes).
- loadSessionStore: on Windows, retry up to 3 times with 50ms
synchronous backoff (via Atomics.wait) when the file is empty or
unparseable, giving the writer time to finish. SharedArrayBuffer is
allocated once and reused across retry attempts.
2026-02-16 23:57:21 +01:00
5cbfaf5cc7
Add Telegram polls action to config typing
2026-02-16 23:54:56 +01:00
671f913123
feat: support per-model thinkingDefault override in models config
...
The global `agents.defaults.thinkingDefault` forces a single thinking
level for all models. Users running multiple models with different
reasoning capabilities (e.g. Claude with extended thinking, GPT-4o
without, Gemini Flash with lightweight reasoning) cannot optimise the
thinking level per model.
Add an optional `thinkingDefault` field to `AgentModelEntryConfig` so
each entry under `agents.defaults.models` can declare its own default.
Resolution priority: per-model → global → catalog auto-detect.
Example config:
"models": {
"anthropic/claude-sonnet-4-20250514": { "thinkingDefault": "high" },
"openai/gpt-4o": { "thinkingDefault": "off" }
}
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-16 23:54:45 +01:00
Peter Steinberger
Taras Lukavyi
aether-ai-agent
Nick Lamb
Sk Akram
Sebastian
Nimrod Gutman
cpojer
Gustavo Madeira Santana
尹凯
Elie Habib
artale
Xinhua Gu
Rodrigo Uroz
Winston
Krish
wu-tian807