nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,962 Commits 905 Branches 94 Tags 6.2 GiB
Commit Graph

1988 Commits

Author SHA1 Message Date
Peter Steinberger 6b6ddcd2a6
test: speed up core runtime suites 2026-03-31 02:25:02 +01:00
Vincent Koc 1f6a964e57 fix(ci): handle missing native command capabilities 2026-03-31 10:16:06 +09:00
Vincent Koc 8bcaf1a147 fix(test): trim reply command plugin imports 2026-03-31 09:43:54 +09:00
Vincent Koc a30214a624
fix(heartbeat): block owner-only auth inheritance for exec events (#57652) 2026-03-31 09:06:51 +09:00
scoootscooob 9ff57ac479
refactor(exec): unify channel approvals and restore routing/auth (#57838) 
* fix(exec): add shared approval runtime

* fix(exec): harden shared approval runtime

* fix(exec): guard approval expiration callbacks

* fix(exec): handle approval runtime races

* fix(exec): clean up failed approval deliveries

* fix(exec): restore channel approval routing

* fix(exec): scope telegram legacy approval fallback

* refactor(exec): centralize native approval delivery

* fix(exec): harden approval auth and account routing

* test(exec): align telegram approval auth assertions

* fix(exec): align approval rebase followups

* fix(exec): clarify plugin approval not-found errors

* fix(exec): fall back to session-bound telegram accounts

* fix(exec): detect structured telegram approval misses

* test(exec): align discord approval auth coverage

* fix(exec): ignore discord dm origin channel routes

* fix(telegram): skip self-authored message echoes

* fix(exec): keep implicit approval auth non-explicit
 2026-03-30 15:49:02 -07:00
Shakker c22edbb8ee test: align ci regression stubs with production behavior 2026-03-30 17:11:06 +01:00
Shakker 4c45fc3575 test: remove telegram extension dependency from reply command tests 2026-03-30 17:11:06 +01:00
Jacob Tomlinson ae703ab0e7
infra: harden identifier entropy and delay jitter (#57744) 
* infra: harden identifier entropy and delay jitter

* test: make randomness hardening deterministic in CI
 2026-03-30 16:57:30 +01:00
pgondhi987 6d341cf366
fix(auto-reply): thread per-agent tools.exec defaults into reply directives (#57689) 
* fix(auto-reply): thread per-agent tools.exec defaults into exec overrides

* test(auto-reply): add session-override and inline-directive priority tests for exec agent defaults
 2026-03-30 16:46:54 +01:00
samzong 09bb93c6e0
fix(subagents): correct duration display showing 5-6x inflated runtime (#57739) 
Merged via squash.

Prepared head SHA: 018bbbca4d
Co-authored-by: samzong <13782141+samzong@users.noreply.github.com>
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Reviewed-by: @frankekn
 2026-03-30 23:44:36 +08:00
Sean c6f2db1506
fix: prevent gateway attachment offload regressions (#55513) (thanks @Syysean) 
* feat(gateway): implement claim check pattern to prevent OOM on large attachments

* fix: sanitize mediaId, refine trimEnd, remove warn log, add threshold and absolute path

* fix: enforce maxBytes before decoding and use dynamic path from saveMediaBuffer

* fix: enforce absolute maxBytes limit before Buffer allocation and preserve file extensions

* fix: align saveMediaBuffer arguments and satisfy oxfmt linter

* chore: strictly enforce linting rules (curly braces, unused vars, and error typing)

* fix: restrict offload to mainstream mimes to avoid extension-loss bug in store.ts for BMP/TIFF

* fix: restrict offload to mainstream mimes to bypass store.ts extension-loss bug

* chore: document bmp/tiff exclusion from offload whitelist in MIME_TO_EXT

* feat: implement agent-side resolver for opaque media URIs and finalize contract

* fix: support unicode media URIs and allow consecutive dots in safe IDs based on Codex review

* fix(gateway): enforce strict fail-fast for oversized media to prevent OOM bypass

* refactor(gateway): harden media offload with performance and security optimizations

This update refines the Claim Check pattern with industrial-grade guards:

- Performance: Implemented sampled Base64 validation for large payloads (>4KB) to prevent event loop blocking.
- Security: Added null-byte (\u0000) detection and reinforced path traversal guards.
- I18n: Updated media-uri regex to a blacklist-based character class for Unicode/Chinese filename support, with oxlint bypass for intentional control regex.
- Robustness: Enhanced error diagnostics with JSON-serialized IDs.

* fix: add HEIC/HEIF to offload allowlist and pass maxBytes to saveMediaBuffer

* fix(gateway): clean up offloaded media files on attachment parse failure

Address Codex review feedback: track saved media IDs and implement best-effort cleanup via deleteMediaBuffer if subsequent attachments fail validation, preventing orphaned files on disk.

* fix(gateway): enforce full base64 validation to prevent whitespace padding bypass

Address Codex review feedback: remove early return in isValidBase64 so padded payloads cannot bypass offload thresholds and reintroduce memory pressure. Updated related comments.

* fix(gateway): preserve offloaded media metadata and fix validation error mapping

Address Codex review feedback:
- Add \offloadedRefs\ to \ParsedMessageWithImages\ to expose structured metadata for offloaded attachments, preventing transcript media loss.
- Move \erifyDecodedSize\ outside the storage try-catch block to correctly surface client base64 validation failures as 4xx errors instead of 5xx \MediaOffloadError\.
- Add JSDoc TODOs indicating that upstream callers (chat.ts, agent.ts, server-node-events.ts) must explicitly pass the \supportsImages\ flag.

* fix(agents): explicitly allow media store dir when loading offloaded images

Address Codex review feedback: Pass getMediaDir() to loadWebMedia's localRoots for media-uri refs to prevent legacy path resolution mismatches from silently dropping large attachments.

* fix(gateway): resolve attachment offload regressions and error mapping

Address Codex review feedback:
- Pass \supportsImages\ dynamically in \chat.ts\ and \gent.ts\ based on model catalog, and explicitly in \server-node-events.ts\.
- Persist \offloadedRefs\ into the transcript pipeline in \chat.ts\ to preserve media metadata for >2MB attachments.
- Correctly map \MediaOffloadError\ to 5xx (UNAVAILABLE) to differentiate server storage faults from 4xx client validation errors.

* fix(gateway): dynamically compute supportsImages for overrides and node events

Address follow-up Codex review feedback:

- Use effective model (including overrides) to compute \supportsImages\ in \gent.ts\.

- Move session load earlier in \server-node-events.ts\ to dynamically compute \supportsImages\ rather than hardcoding true.

* fix(gateway): resolve capability edge cases reported by codex

Address final Codex edge cases:
- Refactor \gent.ts\ to compute \supportsImages\ even when no session key is present, ensuring text-only override requests without sessions safely drop attachments.
- Update catalog lookups in \chat.ts\, \gent.ts\, and \server-node-events.ts\ to strictly match both \id\ and \provider\ to prevent cross-provider model collisions.

* fix(agents): restore before_install hook for skill installs

Restore the plugin scanner security hook that was accidentally dropped during merge conflict resolution.

* fix: resolve attachment pathing, defer parsing after auth gates, and clean up node-event mocks

* fix: resolve syntax errors in test-env, fix missing helper imports, and optimize parsing sequence in node events

* fix(gateway): re-enforce message length limit after attachment parsing

Adds a secondary check to ensure the 20,000-char cap remains effective even after media markers are appended during the offload flow.

* fix(gateway): prevent dropping valid small images and clean up orphaned media on size rejection

* fix(gateway): share attachment image capability checks

* fix(gateway): preserve mixed attachment order

* fix: fail closed on unknown image capability (#55513) (thanks @Syysean)

* fix: classify offloaded attachment refs explicitly (#55513) (thanks @Syysean)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-30 20:54:40 +05:30
Shakker 3ad747e25f style: apply formatter cleanups 2026-03-30 16:20:27 +01:00
Jacob Tomlinson a77928b108
Gateway: harden node event trust boundaries (#57691) 
* Gateway: harden node event trust boundaries

* Gateway: preserve trusted summary prefixes

* Gateway: prefix multiline channel summaries
 2026-03-30 14:22:15 +01:00
Jacob Tomlinson 566fb73d9d
reply: enforce ACP attachment roots (#57690) 
* reply: enforce ACP attachment roots

* media: harden local attachment cache reads

* reply: clarify ACP attachment skip logs

* reply: keep ACP attachments path-only
 2026-03-30 14:04:02 +01:00
Vincent Koc 2fbd5e3f5f fix(test): trim telegram command registry imports 2026-03-30 19:34:47 +09:00
Vincent Koc 85f3136cfc fix(test): use plugin public surfaces in reply command tests 2026-03-30 19:28:10 +09:00
Vincent Koc 104f006916 fix(test): trim reply command registry imports 2026-03-30 19:02:40 +09:00
Vincent Koc 9670bd0823 fix(test): trim session binding registry imports 2026-03-30 17:46:44 +09:00
Vincent Koc 12ae4eee7e
fix(slack): complete interactive block delivery (#57473) 
* fix(slack): complete interactive block delivery

Related #12602
Related #49528

* docs(changelog): add Slack interactive delivery note

Related #12602

* fix(slack): add reply-blocks helper and tighten directives

Related #12602
Related #49528

* fix(slack): scope style parsing and recheck merged blocks

Related #12602
Related #49528
 2026-03-30 16:25:51 +09:00
Vincent Koc 0a014ca63a perf(tasks): optimize session lookups and sqlite upserts 2026-03-30 16:19:28 +09:00
Vincent Koc 1fd8164f01 fix(test): trim acp command registry imports 2026-03-30 14:08:48 +09:00
Vincent Koc 69793db948 fix(test): trim acp context registry imports 2026-03-30 13:39:29 +09:00
Yauheni Shauchenka a6bc51f944
feat(openai): forward text verbosity (#47106) 
* feat(openai): forward text verbosity across responses transports

* fix(openai): remove stale verbosity rebase artifact

* chore(changelog): add openai text verbosity entry

---------

Co-authored-by: Ubuntu <ubuntu@vps-1c82b947.vps.ovh.net>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-30 12:04:35 +09:00
Vincent Koc 3034adfdb3 fix(commands): harden fast status and Telegram callbacks 2026-03-30 09:32:53 +09:00
Peter Steinberger 63cbc097b5
refactor(channels): route core through registered plugin capabilities 2026-03-30 01:03:42 +01:00
Peter Steinberger 3b878e6b86
refactor: move approval auth and payload hooks to generic channel capabilities 2026-03-30 08:46:44 +09:00
Peter Steinberger 6d9a7224aa
refactor: unify approval command authorization 2026-03-30 07:06:29 +09:00
Peter Steinberger 3ec000b995
refactor: align same-chat approval routing 2026-03-30 06:52:28 +09:00
Peter Steinberger 276ccd2583
fix(exec): default implicit target to auto 2026-03-30 06:03:08 +09:00
Peter Steinberger f5f8ba6d35 fix: harden bundle MCP session runtime cache (#55090) (thanks @allan0509) 2026-03-30 05:10:32 +09:00
无忌 6477d783e8 Agents: cache bundle MCP runtime per session 2026-03-30 05:10:32 +09:00
Thomas M 0a01386756
fix: canonicalize session keys at write time (#30654) (thanks @thomasxm) 
* fix: canonicalize session keys at write time to prevent orphaned sessions (#29683)

resolveSessionKey() uses hardcoded DEFAULT_AGENT_ID="main", but all read
paths canonicalize via cfg. When the configured default agent differs
(e.g. "ops" with mainKey "work"), writes produce "agent:main:main" while
reads look up "agent:ops:work", orphaning transcripts on every restart.

Fix all three write-path call sites by wrapping with
canonicalizeMainSessionAlias:
- initSessionState (auto-reply/reply/session.ts)
- runWebHeartbeatOnce (web/auto-reply/heartbeat-runner.ts)
- resolveCronAgentSessionKey (cron/isolated-agent/session-key.ts)

Add startup migration (migrateOrphanedSessionKeys) to rename existing
orphaned keys to canonical form, merging by most-recent updatedAt.

* fix: address review — track agent IDs in migration map, align snapshot key

P1: migrateOrphanedSessionKeys now tracks agentId alongside each store
path in a Map instead of inferring from the filesystem path. This
correctly handles custom session.store templates outside the default
agents/<id>/ layout.

P2: Pass the already-canonicalized sessionKey to getSessionSnapshot so
the heartbeat snapshot reads/restores use the same key as the write path.

* fix: log migration results at all early return points

migrateOrphanedSessionKeys runs before detectLegacyStateMigrations, so
it can canonicalize legacy keys (e.g. "main" → "agent:main:main") before
the legacy detector sees them. This caused the early return path to skip
logging, breaking doctor-state-migrations tests that assert log.info was
called.

Extract logMigrationResults helper and call it at every return point.

* fix: handle shared stores and ~ expansion in migration

P1: When session.store has no {agentId}, all agents resolve to the same
file. Track all agentIds per store path (Map<path, Set<id>>) and run
canonicalization once per agent. Skip cross-agent "agent:main:*"
remapping when "main" is a legitimate configured agent sharing the store,
to avoid merging its data into another agent's namespace.

P2: Use expandHomePrefix (environment-aware ~ resolution) instead of
os.homedir() in resolveStorePathFromTemplate, matching the runtime
resolveStorePath behavior for OPENCLAW_HOME/HOME overrides.

* fix: narrow cross-agent remap to provable orphan aliases only

Only remap agent:main:* keys where the suffix is a main session alias
("main" or the configured mainKey). Other agent:main:* keys — hooks,
subagents, cron sessions, per-sender keys — may be intentional
cross-agent references and must not be silently moved into another
agent's namespace.

* fix: run orphan-key session migration at gateway startup (#29683)

* fix: canonicalize cross-agent legacy main aliases in session keys (#29683)

* fix: guard shared-store migration against cross-agent legacy alias remap (#29683)

* refactor: split session-key migration out of pr 30654

---------

Co-authored-by: Your Name <your_email@example.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-29 18:59:25 +05:30
Mariano 17c36b5093
Gateway: track background task lifecycle (#52518) 
Merged via squash.

Prepared head SHA: 7c4554204e
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-29 12:48:02 +02:00
助爪 443295448c
Track ACP sessions_spawn runs and emit ACP lifecycle events (#40885) 
* Fix ACP sessions_spawn lifecycle tracking

* fix(tests): resolve leftover merge markers in sessions spawn lifecycle test

* fix(agents): clarify acp spawn cleanup semantics

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-29 18:20:10 +09:00
Vincent Koc af694def5b
fix(agents): fail closed on silent turns (#52593) 
* fix(agents): fail closed on silent turns

* fix(agents): suppress all silent turn emissions

* fix(agents): pass silent turns into embedded subscribe
 2026-03-29 17:40:20 +09:00
Peter Steinberger 8e0ab35b0e
refactor(plugins): decouple bundled plugin runtime loading 2026-03-29 09:10:38 +01:00
Vincent Koc 9777781001
fix(subagents): preserve requester agent for inline announces (#55998) 
* fix(subagents): preserve requester agent on inline announce

* docs(changelog): remove maintainer follow-up entry
 2026-03-29 17:00:05 +09:00
Ayaan Zaidi d5e59621a7 fix: keep telegram plugin fallback explicit (#45911) (thanks @suboss87) 2026-03-29 10:45:57 +05:30
Ayaan Zaidi 1791c7c304 fix: unify telegram exec approval auth 2026-03-29 10:45:57 +05:30
Subash Natarajan aee7992629 fix(telegram): accept approval callbacks from forwarding target recipients 
When approvals.exec.targets routes to a Telegram DM, the recipient
receives inline approval buttons but may not have explicit
channels.telegram.execApprovals configured. This adds a fallback
isTelegramExecApprovalTargetRecipient check so those DM recipients
can act on the buttons they were sent.

Includes accountId scoping for multi-bot deployments and 9 new tests.
 2026-03-29 10:45:57 +05:30
Tak Hoffman f1970b8aef
fix(line): normalize canonical ACP targets (#56713) 2026-03-28 21:05:34 -05:00
Tak Hoffman 6f7ff545dd
fix(line): add ACP binding parity (#56700) 
* fix(line): support ACP current-conversation binding

* fix(line): add ACP binding routing parity

* docs(changelog): note LINE ACP parity

* fix(line): accept canonical ACP binding targets
 2026-03-28 20:52:31 -05:00
AaronLuo00 971ecabe80 fix(memory): account for CJK characters in QMD memory chunking 
The QMD memory system uses a fixed 4:1 chars-to-tokens ratio for chunk
sizing, which severely underestimates CJK (Chinese/Japanese/Korean) text
where each character is roughly 1 token. This causes oversized chunks for
CJK users, degrading vector search quality and wasting context window space.

Changes:
- Add shared src/utils/cjk-chars.ts module with CJK-aware character
  counting (estimateStringChars) and token estimation helpers
- Update chunkMarkdown() in src/memory/internal.ts to use weighted
  character lengths for chunk boundary decisions and overlap calculation
- Replace hardcoded estimateTokensFromChars in the context report
  command with the shared utility
- Add 13 unit tests for the CJK estimation module and 5 new tests for
  CJK-aware memory chunking behavior

Backward compatible: pure ASCII/Latin text behavior is unchanged.

Closes #39965
Related: #40216
 2026-03-29 10:22:43 +09:00
Gustavo Madeira Santana 2afc655bd5
ACP: document Matrix bind-here support 2026-03-28 21:07:58 -04:00
Robin Waslander 17479ceb43
fix(auto-reply): suppress JSON-wrapped NO_REPLY payloads before channel delivery (#56612) 
Add shared isSilentReplyPayloadText() detector that catches both bare
NO_REPLY tokens and JSON {"action":"NO_REPLY"} envelopes. Apply at the
reply directive parser, reply normalizer, and embedded agent payload
builder so the control payload is stripped before any channel sees it.

Preserves media when text is only a silent control envelope.

Fixes #37727
 2026-03-28 22:07:24 +01:00
Frank Yang c14b169a1b
fix(acp): repair stale bindings after runtime exits (#56476) 
* fix(acp): repair stale bindings after runtime exits

* fix(acp): narrow stale binding recovery

* fix(acp): preserve policy gating for stale sessions

* fix(acp): handle signal exits and canonical unbinds

* fix(acp): harden canonical stale-session recovery
 2026-03-29 01:15:16 +08:00
Saurabh Mishra 90e82fabb3
fix: display model name instead of ID in Telegram model selector (#56165) (#56175) 
* fix: display model name instead of ID in Telegram model selector (#56165)

* fix(telegram): scope model display names by provider

Signed-off-by: sallyom <somalley@redhat.com>

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: sallyom <somalley@redhat.com>
 2026-03-28 09:23:09 -04:00
Peter Steinberger dec91c400d fix: keep status display on sync model metadata 2026-03-28 11:37:43 +00:00
Peter Steinberger 84d1781a3a fix: avoid status-time provider normalization recursion 2026-03-28 11:35:33 +00:00
Peter Steinberger 0e11072b84 fix: avoid speech runtime import in status output 2026-03-28 11:35:33 +00:00