39fa81dc96
chore: bump version to 2026.2.16
2026-02-16 06:08:47 +01:00
c62b90a2b7
fix(telegram): stop block streaming from splitting messages when streamMode is off ( #17704 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 847162caad
2026-02-16 09:57:29 +05:30
3e1986f119
chore (changelog): note qmd collection isolation fix
2026-02-15 20:15:12 -08:00
3fe22ea2fd
chore(release): align .15 changelog ordering and release notes
2026-02-16 04:50:24 +01:00
41ded303b4
fix(sandbox): preserve array order in config hashing
2026-02-16 04:32:03 +01:00
cbf58d2e1c
fix(memory): harden context window cache collisions
2026-02-15 19:31:52 -08:00
559c8d9930
fix: replace deprecated SHA-1 in sandbox config hash
2026-02-16 04:30:59 +01:00
18c6f40d32
chore (changelog): credit LINE webhook fail-closed hardening
2026-02-15 19:25:33 -08:00
d19b746928
feat(skills): add cross-platform install fallback for non-brew environments ( #17687 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 3ed4850838
2026-02-15 22:25:26 -05:00
9df21da129
chore (changelog): credit memory flush runtime date fix
2026-02-15 19:20:38 -08:00
a61c2dc4bd
Discord: add component v2 UI tool support ( #17419 )
2026-02-15 21:19:25 -06:00
7089885ac4
chore (changelog): credit unicode FTS tokenization fix
2026-02-15 19:17:06 -08:00
82631d225c
chore (changelog): credit sandbox prompt path guidance fix
2026-02-15 19:16:02 -08:00
0b3d4b8e57
chore (changelog): credit control-ui scope bypass fix
2026-02-15 19:12:10 -08:00
a203430aa3
chore (changelog): credit pairing account isolation fix
2026-02-15 19:10:06 -08:00
e1e46dc11b
docs: reorder 2026.2.15 changelog entries by impact
2026-02-16 04:06:46 +01:00
e7a053b4dd
chore (changelog): credit qmd session collection rebind fix
2026-02-15 19:03:59 -08:00
8e162d9319
chore (changelog): credit inbound metadata id fix
2026-02-15 19:01:08 -08:00
6802b155a8
fix: stop LLM retry loop when browser control service is unavailable ( #17673 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 90f47fe132
2026-02-15 21:53:49 -05:00
2363e1b085
fix(security): restrict skill download target paths
2026-02-16 03:47:28 +01:00
c6c53437f7
fix(security): scope session tools and webhook secret fallback
2026-02-16 03:47:10 +01:00
ddcc7a1a5d
fix(discord): dedupe native skill commands by skillName ( #17365 )
...
* fix(discord): dedupe native skill commands by skill name
* Changelog: credit Discord skill dedupe
---------
Co-authored-by: yume <yume@yumedeMacBook-Pro.local>
Co-authored-by: Shadow <hi@shadowing.dev>
2026-02-15 20:33:51 -06:00
cf69907015
fix(security): redact Telegram bot tokens in errors
2026-02-16 03:30:53 +01:00
09566b1693
fix(discord): preserve channel session keys via channel_id fallbacks ( #17622 )
...
* fix(discord): preserve channel session keys via channel_id fallbacks
* docs(changelog): add discord session continuity note
* Tests: cover discord channel_id fallback
---------
Co-authored-by: Shadow <hi@shadowing.dev>
2026-02-15 20:30:17 -06:00
ba84b12535
fix: harden pre-commit hook against option injection
2026-02-16 03:23:45 +01:00
cbc3de6c97
docs(changelog): fix conflict marker
2026-02-16 03:15:57 +01:00
01b1e350b2
docs: note Control UI XSS fix
2026-02-16 03:15:57 +01:00
887b209db4
fix(security): harden sandbox docker config validation
2026-02-16 03:04:06 +01:00
93b9f1ec5f
docs(changelog): note prompt path injection hardening
2026-02-16 02:53:40 +01:00
cd44a0d01e
fix: codex and similar processes keep dying on pty, solved by refactoring process spawning ( #14257 )
...
* exec: clean up PTY resources on timeout and exit
* cli: harden resume cleanup and watchdog stalled runs
* cli: productionize PTY and resume reliability paths
* docs: add PTY process supervision architecture plan
* docs: rewrite PTY supervision plan as pre-rewrite baseline
* docs: switch PTY supervision plan to one-go execution
* docs: add one-line root cause to PTY supervision plan
* docs: add OS contracts and test matrix to PTY supervision plan
* docs: define process-supervisor package placement and scope
* docs: tie supervisor plan to existing CI lanes
* docs: place PTY supervisor plan under src/process
* refactor(process): route exec and cli runs through supervisor
* docs(process): refresh PTY supervision plan
* wip
* fix(process): harden supervisor timeout and PTY termination
* fix(process): harden supervisor adapters env and wait handling
* ci: avoid failing formal conformance on comment permissions
* test(ui): fix cron request mock argument typing
* fix(ui): remove leftover conflict marker
* fix: supervise PTY processes (#14257 ) (openclaw#14257) (thanks @onutc)
2026-02-16 02:32:05 +01:00
14fb2c05b1
Gateway/Control UI: preserve partial output on abort ( #15026 )
...
* Gateway/Control UI: preserve partial output on abort
* fix: finalize abort partial handling and tests (#15026 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-02-15 16:55:28 -08:00
166cf6a3e0
fix(web_fetch): cap response body before parsing
2026-02-16 01:21:11 +01:00
115cfb4430
gateway: add cron finished-run webhook ( #14535 )
...
* gateway: add cron finished webhook delivery
* config: allow cron webhook in runtime schema
* cron: require notify flag for webhook posts
* ui/docs: add cron notify toggle and webhook docs
* fix: harden cron webhook auth and fill notify coverage (#14535 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-02-15 16:14:17 -08:00
e3445f59c9
docs(changelog): note inter-session provenance security fix
2026-02-16 00:31:51 +01:00
7c822d039b
feat(plugins): expose llm input/output hook payloads (openclaw#16724) thanks @SecondThread
...
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: SecondThread <18317476+SecondThread@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-15 16:01:00 -06:00
0c77851516
fix(agents): mark required-param tool errors as non-retryable ( #17533 )
...
* Agents: mark missing tool params as non-retryable
* Agents: include all missing required params in tool errors
* Agents: change required-param errors to retry guidance
* Docs: align changelog text for issue #14729 guidance wording
2026-02-15 15:50:44 -06:00
059573a48d
chore (changelog): attribute issues #17515 #17466 #17505 #17404
2026-02-15 13:12:10 -08:00
b4f14d6f7a
Gateway: hide BOOTSTRAP in agent files after onboarding completes ( #17491 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f95f6dd052
2026-02-15 15:42:43 -05:00
c682634188
fix(discord): role-based allowlist never matches (Carbon Role objects stringify to mentions) ( #16369 )
...
* fix(discord): role-based allowlist never matches because Carbon Role objects stringify to mentions
Carbon's GuildMember.roles getter returns Role[] objects, not raw ID strings.
String(Role) produces '<@&123456>' which never matches the plain role IDs
in the guild allowlist config.
Use data.rawMember.roles (raw Discord API string array) instead of
data.member.roles (Carbon Role[] objects) for role ID extraction.
Fixes #16207
* Docs: add discord role allowlist changelog entry
---------
Co-authored-by: Shadow <hi@shadowing.dev>
2026-02-15 13:05:46 -06:00
99caaef6cc
Revert "Docs: add discord role allowlist changelog entry"
...
This reverts commit 8678b10aef
2026-02-15 12:45:46 -06:00
8678b10aef
Docs: add discord role allowlist changelog entry
2026-02-15 12:33:31 -06:00
c6b3736fe7
fix: dedupe probe/token base types ( #16986 ) (thanks @iyoda)
2026-02-15 11:36:54 -06:00
b6069fc68c
feat: support per-channel ackReaction config ( #17092 ) (thanks @zerone0x)
2026-02-15 11:30:25 -06:00
9adcccadb1
Outbound: scope core send media roots by agent ( #17268 )
...
Merged with gates skipped by maintainer request.
Prepared head SHA: 663ac49b3a
2026-02-15 11:43:02 -05:00
9203a2fdb1
Discord: CV2! ( #16364 )
2026-02-15 10:24:53 -06:00
cc0bfa0f39
fix(telegram): restore thread_id=1 handling for DMs (regression from 19b8416a8) (openclaw#10942) thanks @garnetlyx
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm test:macmini
Co-authored-by: garnetlyx <12513503+garnetlyx@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-15 10:21:18 -06:00
e927fd1e35
fix: allow agent workspace directories in media local roots ( #17136 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7545ef1e19
2026-02-15 10:53:45 -05:00
df95ddc771
Fix/agent session key normalization (openclaw#15707) thanks @rodrigouroz
...
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-15 09:46:14 -06:00
ade11ec892
fix(announce): use deterministic idempotency keys to prevent duplicate subagent announces ( #17150 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 54bba3cea1
2026-02-15 10:34:34 -05:00
1911942363
fix: make sensitive field whitelist case-insensitive ( #16148 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: bb2d219e1f
2026-02-15 10:31:48 -05:00
Peter Steinberger
Varun Kruthiventi
Vignesh Natarajan
McRolly NWANGWU
Shadow
Tag
seewhy
Shakker
Onur
Advait Paliwal
David Harmeyer
Tak Hoffman
Gustavo Madeira Santana
Xinhua Gu
Shadow
Gustavo Madeira Santana
Garnet Liu
Mr. Guy
Rodrigo Uroz
Marcus Widing
Sk Akram